SpotBugs3.1.xͷݱঢ়ͱ
 ಺෦࣮૷๊͕͑Δ໰୊ JJUG CCC 2018 SPRING 1

#ccc_l3 SUDDENLY SURVEY ಥવͰ͕͢ΞϯέʔτͰ͢ 2 ΧςΰϦ ਓ਺ʢෳ਺ճ౴Մʣ ։ൃͰSpotBugsΛ࢖͓ͬͯΓɺ
 ࠷৽ͷಈ޲Λ௫Έ͍ͨ 9 ར༻Λݕ౼தͰ͋Γɺ࠷৽ͷಈ޲Λ௫Έ͍ͨ 10 །Ұͷ্ڃऀ޲͚ηογϣϯ͔ͩΒ 2 FOSSϓϩδΣΫτϝϯόʔͷ ࿩Λฉ͍ͯΈ͔ͨͬͨ 3 SpotBugsϓϩδΣΫτࣗମʹؔ৺͕͋Δ 13 ϕͬɺผʹՋ͔ͩͬͨΒ དྷ͚ͨͩͳΜ͔ͩΒͶʂ 2

#ccc_l3 ONE MORE SUDDENLY SURVEY ͞ΒʹಥવͰ͕͢ΞϯέʔτͰ͢ 3 ΧςΰϦ ਓ਺ʢෳ਺ճ౴ෆՄʣ FindBugs2.xΛ ࢖͍ͬͯΔ 4 FindBugs3.0Λ ࢖͍ͬͯΔ 11 SpotBugs3.1Λ ࢖͍ͬͯΔ 3 ͲΕ΋࢖ͬͯͳ͍͚Ͳ ਂ෵Λ೷͖ʹདྷͨ 4

#ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷ໨త • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔ໰୊ͷ঺հ • ੩తղੳπʔϧͷߋͳΔਂ෵ʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ • ͍ͭ·Ͱͨͬͯ΋Java9/10ରԠ͕͞Εͳ͍ࣄ৅ͷղઆ • ͋ΘΑ͘͹ίϯτϦϏϡʔλΛ୳͍ͨ͠ 4

#ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷ໨త • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔ໰୊ͷ঺հ • ੩తղੳπʔϧͷߋͳΔਂ෵ʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ • ͍ͭ·Ͱͨͬͯ΋Java9/10ରԠ͕͞Εͳ͍ࣄ৅ͷղઆ • ͋ΘΑ͘͹ίϯτϦϏϡʔλΛ୳͍ͨ͠ 5 TWEET͢Δ࣌ʹ ࢖ͬͯͶʂ

#ccc_l3 FOR WHO IS CONSIDERING TO USE SpotBugs… SpotBugsͷར༻Λݕ౼͞Ε͍ͯΔํʹ͸…… • ڈ೥ͷηογϣϯ͕໾ཱ͔ͭ΋͠Ε·ͤΜ • SpotBugs(FindBugs)ʹΑΔ େن໛ERPͷίʔυ඼࣭վળ
 • ࠓ೔ͷ࿩͸ʮ࠷৽ͷJavaʹద༻Ͱ͖͍ͯͳ͍෦෼͕͋ΔΜͩͳʔʯ ͘Β͍Ͱ೺ѲͰ͖Ε͹େৎ෉Ͱ͢ • Speaker DeckͰεϥΠυΛެ։༧ఆ 6

#ccc_l3 ABOUT SPEAKER εϐʔΧʔʹ͍ͭͯ • https://github.com/ KengoTODA/ • VP of Dev at worksap.com • ήʔϜ͕࡞Γͨͯ͘HSP2ʹख Λग़͠ɺϑϦʔιϑτ΢ΣΞ ࡞ՈΛܦͯR&D΁ • SpotBugsͷதͷਓ 7

#ccc_l3 ABOUT SpotBugs SpotBugsͱ͸ • JavaքͰஶ໊ͩͬͨ੩తղੳπʔ ϧFindBugsͷޙܧϓϩδΣΫτ • FindBugsίϛϡχςΟʹ͓͚ Δྫͷ݅ͷహ຤ɺͦͯ͠ SpotBugsͱ͸Կ͔ • FindBugsͷޙܧͱͯ͠ͷ SpotBugsͷ঺հ • 2016೥11݄ʹൃ଍ • 2017೥10݄ʹ3.1.0ΛϦϦʔε 8

#ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ৘ • 3.1.0ϦϦʔεޙ΋ܧଓͯ҆͠ఆ൛ΛϦϦʔε • 3.1.3Λ2018೥4݄ʹϦϦʔεࡁΈ • Maven, Gradle, SonarQubeͷϓϥάΠϯ΋ಉ༷ʹߋ৽த • Maven Central AnalysisʹΑΔͱɺ2018೥3݄ͷؒʹFindBugs͕ ໿178,000 DLɺSpotBugs͸໿22,500 DL • ࠷৽ͷ৘ใ͸GitHub IssueͰެ։த 9

#ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ৘ • ҰํͰɺ4.0.0։ൃ͸ਐΜͰ͍ͳ͍͠Java9ରԠ΋์ஔؾຯ • ຊ೔͸͜ͷ͋ͨΓΛ۷ΓԼ͛ͯղઆ͠·͢ 10

#ccc_l3 WHY SUPPORT FOR NEW JAVA IS SO SLOW ৽JAVAରԠ͕஗͘ͳΔϫέ • ΫϥεϑΝΠϧղੳʹ࢖͍ͬͯΔApache BCELͱObjectWeb ASMͷ ߋ৽Λ଴ͭඞཁ͕͋Δ • ಛʹBCEL͸ߋ৽͕஗͘ɺBCELىҼͷ໰୊Λൃݟ͔ͯ͠Βमਖ਼൛ ͷϦϦʔε·Ͱʹ9ϲ݄͔͔͍ۙͬͯ͘Δɻ • ϨΨγʔͳ࣮૷͕ଟ͘ɺࠜຊղܾʹSpotBugs಺෦࣮૷ͷେ͖ͳมߋ Λ൐͏͜ͱ͕ଟ͍ɻ 11

#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • #493: Try-with-resources and java9 shows bugs • Java9Ͱtry-with-resourcesͷ࣮૷ʹ৽͍͠࠷దԽ͕ೖͬͨ • $closeResourceͱ͍͏private staticϝιουΛࣗಈੜ੒͢Δ͜ͱ ͰɺόΠτίʔυΛ࠶ར༻ɻ2ͭҎ্ͷϦιʔεΛclose͢Δࡍʹ ར༻͞ΕΔɻ • ͜ͷϝιου͸ThrowableͱAutoCloseableΛҾ਺ʹͱΔɻ • ͜ͷ࠷దԽ͕OBL_UNSATISFIED_OBLIGATIONͷޡݕ஌ΛҾ͖ى ͨ͜͠ɻ 12

#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ 13

#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • 2ͭͷAutoCloseableͳม਺Λ ࣋ͭtry-with-resources͸ӈه ͷΑ͏ʹల։͞ΕΔ • $closeResourceͷҾ਺ʹ͸
 ˏWillCloseΞϊςʔγϣϯ͕ ແ͍ • ˏWillCloseΞϊςʔγϣϯ͕ ͋Δ͜ͱʹ͢Ε͹ղܾʁ 14

#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • Closeable͸Java 1.5͔ΒɺAutoCloseable͸Java 1.7͔Β • SpotBugs͸͜͏ͨ͠ΠϯλϑΣʔεͷଘࡏΛલఏʹ͠ͳ͍ʂ • ΜʁͲ͏͍͏͜ͱʁ 15

#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • SpotBugs͸Ϋϥε͝ͱʹঢ়ଶΛ؅ཧ͢Δ • java.io.Writer͕࡞ΒΕͨΒɺjava.io.Writer#close()͕ݺ͹Εͳ͚Ε͹ͳ Βͳ͍ʢ͋Δ͍͸ࢠΫϥεͷ࣮૷Ͱ΋ྑ͍ʣ • java.io.Reader͕࡞ΒΕͨΒɺjava.io.Reader#close()͕ݺ͹Εͳ͚Ε͹ͳ Βͳ͍ʢಉ্ʣ • java.io.Writerʹରͯ͠java.lang.AutoCloseable#close()ΛݺΜͰ΋Ϧιʔ εΛดͨ͜͡ͱʹͳΒͳ͍ʂ • Writer΍Readerͷ਌Ϋϥεɺ͋Δ͍͸ΠϯλϑΣʔεʹclose()Λ࣋ͬ ͍ͯΔՄೳੑΛߟ͑ͯͳ͍ʂ 16

#ccc_l3 • ͭ·ΓɺCommons IOͷ࣌୅ͳΒ໰୊ͳ͔ͬͨ • IOUtils.closeQuietly(java.io.Writer) • IOUtils.closeQuietly(java.io.Reader) • JavaͷਐԽʹ͍ͭͯߦ͚ͯͳ͍ྑ͍ࣄྫ 17 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)

#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • ଞʹ΋͋Δঢ়ଶ؅ཧͷ᠘ • #79: StatementΛดͨ͡ΒResultSet΋ด͡ΒΕͨͱͯ͠ѻ͏΂͖ • #552: Lambda͔ΒLambda֎ͷม਺Λࢀর͢Δͱ͖ʹNullable νΣοΫ͕ಇ͔ͳ͍ • #603: this.foo = Objects.requireNonNull(foo); ͕ EI_EXPOSE_REP2ʢ಺෦ঢ়ଶͷΫϥε֎࿐ग़ʣʹͳΒͳ͍ 18

#ccc_l3 • SpotBugs Annotationͷ໰୊ • Java 1.8 ܕύϥϝʔλʹର͢Δαϙʔτ͕ͳ͍ • JSR305ʢDormant=ٳࢭঢ়ଶʣ΁ͷґଘ 19 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

#ccc_l3 • #470: @NonNull,@NullableʹTYPE_USE,TYPE_PARAMETERΛ௥Ճ • List<@NonNull String> ͱॻ͚ΔΑ͏ʹͳΔ • Ξϊςʔγϣϯͷมߋ͚ͩͳΒ؆୯͕ͩ…… • ͦ΋ͦ΋SpotBugsࣗମ͕ܕύϥϝʔλͷͳ͍࣌୅ͷ࢈෺ͳͷ Ͱɺج൫෦෼ʹมߋ͕ඞཁͱࢥΘΕΔ 20 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

#ccc_l3 • #421: JSR305΁ͷґଘΛஅͭ • SpotBugsͷΞϊςʔγϣϯ͸JSR305Ξϊςʔγϣϯʹର͢Δ TypeQualifierNicknameͱ࣮ͯ͠૷͞Ε͍ͯΔ • javax.annotation.meta.When౳΁ͷґଘ͕֤ॴʹࢄΒ͹͍ͬͯΔ • InconsistentAnnotations, FindNullDerefͳͲ • େ޻ࣄʹͳΔ͜ͱඞఆ 21 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

#ccc_l3 • ୅ସͱͳΔιϦϡʔγϣϯ • Checkerframeworkͷ@NullableDeclͳͲ • Google error-proneͷ@CheckReturnValueͳͲ 22 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

#ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝୊ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #249: Performance improvements • ϚϧνεϨουԽ͍͕ͨ͠BCEL͕ωοΫ • SpotBugsͷ֤ΠϯελϯεʢಛʹIAnalysisCacheؔ࿈ʣͷϥΠϑ αΠΫϧ΋஫ҙ͕ඞཁ 23

#ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝୊ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #591: Resource Leak • ϑΝΠϧϋϯυϥ͕ϦʔΫ͢ΔՄೳੑ͕͋Δ • MavenϚϧνϞδϡʔϧͳͲͰக໋తʹͳΓಘΔ 24

·ͱΊ 25 #ccc_l3

#ccc_l3 FOR USERS… Ϣʔβ޲͚·ͱΊ • OBL_UNSATISFIED_OBLIGATIONʹ͸ط஌ͷޡݕ஌όά͋Γɺ Java9Ҏ߱Ͱ࢖͏৔߹͸ཁ஫ҙ • @NullableΞϊςʔγϣϯ౳͸Lambdaͱ૊Έ߹ΘͤΔͱޡݕ஌Λ
 Ҿ͖ى͜͠΍͍͢ͱࢥΘΕΔ • ෆఆظʹύονϦϦʔεΛग़͍ͯ͠ΔͷͰɺGitHubϓϩδΣΫτͷ ͜·Ίͳ֬ೝΛਪ঑ 26

#ccc_l3 FOR CONTRIBUTORS… ίϯτϦϏϡʔλ޲͚·ͱΊ • طଘ੡඼ͷབྷ·ΓΛղ͖΄͙͢ͷ͕޷͖ͳΒΦεεϝʂ • طʹଟ਺ͷϢʔβ͕͍͍ͭͯͯɺଧͯ͹ڹ͘؀ڥ • ίʔυϕʔε͋·Γେ͖͘ͳ͍ʢAntͱMaven͸ফ͠͞Γ·ͨ͠ʣ • ՝୊ͳΒࢁͷΑ͏ʹ͋Γ·͢ • ӳޠͷਖ਼֬ੑ͸͋Μ·Γؾʹ͠ͳ͍Ͱ͍͍Αʂ • ࢲ΋ͣͬͱKendoͱݺ͹Εͯ·͢ 27

Q&A 28 #ccc_l3