Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SpotBugs3.1.xの現状と 内部実装が抱える問題
Search
Kengo TODA
May 26, 2018
Technology
0
2.9k
SpotBugs3.1.xの現状と 内部実装が抱える問題
http://www.java-users.jp/ccc2018spring/#/session/8cfd00b7-6366-4107-be9c-df58cc57de2f
Kengo TODA
May 26, 2018
Tweet
Share
More Decks by Kengo TODA
See All by Kengo TODA
JavaとGroovyで書かれたGradleプラグインをKotlinで書き直した話 / Converted a Gradle plugin from Groovy&Java to Kotlin
eller86
0
630
ヒューマンスキル / The Humanskills
eller86
0
480
医療機関向けシステムの信頼性 / Reliability of systems for medical institutions
eller86
0
250
Server-side Kotlinを使うスタートアップでどんなDetektルールが育ったか / Detekt rules made in start-up working with Server-side Kotlin
eller86
0
960
Java開発者向けのKotlin Gradleビルドスクリプト入門 / Gradle Build Script in Kotlin 101
eller86
1
1.3k
Goodbye JSR305, Hello JSpecify!
eller86
2
4.3k
Java8〜16におけるバイトコード生成の変化 / Changes of Bytecode Generation from Java 8 to 16
eller86
4
3.8k
Javaプログラミングの体験向上に関する活動 / DX enhancement around Java programming
eller86
0
3.6k
静的解析ツールで生産性向上
eller86
1
780
Other Decks in Technology
See All in Technology
Google Cloud Next '24 Recap(Cloud Run/k8s)
mokocm
0
240
On Your Data を超えていく!
hirotomotaguchi
2
690
Azure犬駆動開発の記録/GlobalAzureFukuoka2024_20240420
nina01
1
220
アクセス制御にまつわる改善 / Improving access control
itkq
0
550
Azureの基本的な権限管理の勉強会
yhana
0
590
ゼロから始めるVue.jsコミュニティ貢献 / first-vuejs-community-contribution-link-and-motivation
lmi
1
130
Gitlab本から学んだこと - そーだいなるプレイバック / gitlab-book
soudai
4
440
今年のRubyKaigiはProfiler Year🤘
osyoyu
0
170
ServiceNow Knowledge 24の歩き方 EYストラテジー・アンド・コンサルティング
manarobot
0
200
データベース02: データベースの概念
trycycle
0
160
Tellus の衛星データを見てみよう #mf_fukuoka
kongmingstrap
0
210
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
0
330
Featured
See All Featured
Web Components: a chance to create the future
zenorocha
305
41k
Web development in the modern age
philhawksworth
202
10k
Mobile First: as difficult as doing things right
swwweet
216
8.6k
Large-scale JavaScript Application Architecture
addyosmani
504
110k
The Language of Interfaces
destraynor
151
23k
Clear Off the Table
cherdarchuk
84
310k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
Navigating Team Friction
lara
178
13k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
322
20k
Automating Front-end Workflow
addyosmani
1356
200k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.9k
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3.1k
Transcript
SpotBugs3.1.xͷݱঢ়ͱ ෦๊࣮͕͑Δ JJUG CCC 2018 SPRING 1
#ccc_l3 SUDDENLY SURVEY ಥવͰ͕͢ΞϯέʔτͰ͢ 2 ΧςΰϦ ਓʢෳճՄʣ ։ൃͰSpotBugsΛ͓ͬͯΓɺ ࠷৽ͷಈΛ௫Έ͍ͨ 9
ར༻Λݕ౼தͰ͋Γɺ࠷৽ͷಈΛ௫Έ͍ͨ 10 །Ұͷ্ڃऀ͚ηογϣϯ͔ͩΒ 2 FOSSϓϩδΣΫτϝϯόʔͷ Λฉ͍ͯΈ͔ͨͬͨ 3 SpotBugsϓϩδΣΫτࣗମʹؔ৺͕͋Δ 13 ϕͬɺผʹՋ͔ͩͬͨΒ དྷ͚ͨͩͳΜ͔ͩΒͶʂ 2
#ccc_l3 ONE MORE SUDDENLY SURVEY ͞ΒʹಥવͰ͕͢ΞϯέʔτͰ͢ 3 ΧςΰϦ ਓʢෳճෆՄʣ FindBugs2.xΛ
͍ͬͯΔ 4 FindBugs3.0Λ ͍ͬͯΔ 11 SpotBugs3.1Λ ͍ͬͯΔ 3 ͲΕͬͯͳ͍͚Ͳ ਂΛ͖ʹདྷͨ 4
#ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷత • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔͷհ • ੩తղੳπʔϧͷߋͳΔਂʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ
• ͍ͭ·ͰͨͬͯJava9/10ରԠ͕͞Εͳ͍ࣄͷղઆ • ͋ΘΑ͘ίϯτϦϏϡʔλΛ୳͍ͨ͠ 4
#ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷత • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔͷհ • ੩తղੳπʔϧͷߋͳΔਂʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ
• ͍ͭ·ͰͨͬͯJava9/10ରԠ͕͞Εͳ͍ࣄͷղઆ • ͋ΘΑ͘ίϯτϦϏϡʔλΛ୳͍ͨ͠ 5 TWEET͢Δ࣌ʹ ͬͯͶʂ
#ccc_l3 FOR WHO IS CONSIDERING TO USE SpotBugs… SpotBugsͷར༻Λݕ౼͞Ε͍ͯΔํʹ…… •
ڈͷηογϣϯཱ͕͔ͭ͠Ε·ͤΜ • SpotBugs(FindBugs)ʹΑΔ େنERPͷίʔυ࣭վળ • ࠓͷʮ࠷৽ͷJavaʹద༻Ͱ͖͍ͯͳ͍෦͕͋ΔΜͩͳʔʯ ͘Β͍ͰѲͰ͖ΕେৎͰ͢ • Speaker DeckͰεϥΠυΛެ։༧ఆ 6
#ccc_l3 ABOUT SPEAKER εϐʔΧʔʹ͍ͭͯ • https://github.com/ KengoTODA/ • VP of
Dev at worksap.com • ήʔϜ͕࡞Γͨͯ͘HSP2ʹख Λग़͠ɺϑϦʔιϑτΣΞ ࡞ՈΛܦͯR&D • SpotBugsͷதͷਓ 7
#ccc_l3 ABOUT SpotBugs SpotBugsͱ • JavaքͰஶ໊ͩͬͨ੩తղੳπʔ ϧFindBugsͷޙܧϓϩδΣΫτ • FindBugsίϛϡχςΟʹ͓͚ Δྫͷ݅ͷహɺͦͯ͠
SpotBugsͱԿ͔ • FindBugsͷޙܧͱͯ͠ͷ SpotBugsͷհ • 201611݄ʹൃ • 201710݄ʹ3.1.0ΛϦϦʔε 8
#ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ • 3.1.0ϦϦʔεޙܧଓͯ҆͠ఆ൛ΛϦϦʔε •
3.1.3Λ20184݄ʹϦϦʔεࡁΈ • Maven, Gradle, SonarQubeͷϓϥάΠϯಉ༷ʹߋ৽த • Maven Central AnalysisʹΑΔͱɺ20183݄ͷؒʹFindBugs͕ 178,000 DLɺSpotBugs22,500 DL • ࠷৽ͷใGitHub IssueͰެ։த 9
#ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ • ҰํͰɺ4.0.0։ൃਐΜͰ͍ͳ͍͠Java9ରԠ์ஔؾຯ •
ຊ͜ͷ͋ͨΓΛ۷ΓԼ͛ͯղઆ͠·͢ 10
#ccc_l3 WHY SUPPORT FOR NEW JAVA IS SO SLOW ৽JAVAରԠ͕͘ͳΔϫέ
• ΫϥεϑΝΠϧղੳʹ͍ͬͯΔApache BCELͱObjectWeb ASMͷ ߋ৽Λͭඞཁ͕͋Δ • ಛʹBCELߋ৽͕͘ɺBCELىҼͷΛൃݟ͔ͯ͠Βमਖ਼൛ ͷϦϦʔε·Ͱʹ9ϲ݄͔͔͍ۙͬͯ͘Δɻ • ϨΨγʔͳ࣮͕ଟ͘ɺࠜຊղܾʹSpotBugs෦࣮ͷେ͖ͳมߋ Λ͏͜ͱ͕ଟ͍ɻ 11
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • #493:
Try-with-resources and java9 shows bugs • Java9Ͱtry-with-resourcesͷ࣮ʹ৽͍͠࠷దԽ͕ೖͬͨ • $closeResourceͱ͍͏private staticϝιουΛࣗಈੜ͢Δ͜ͱ ͰɺόΠτίʔυΛ࠶ར༻ɻ2ͭҎ্ͷϦιʔεΛclose͢Δࡍʹ ར༻͞ΕΔɻ • ͜ͷϝιουThrowableͱAutoCloseableΛҾʹͱΔɻ • ͜ͷ࠷దԽ͕OBL_UNSATISFIED_OBLIGATIONͷޡݕΛҾ͖ى ͨ͜͠ɻ 12
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ 13
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • 2ͭͷAutoCloseableͳมΛ
࣋ͭtry-with-resourcesӈه ͷΑ͏ʹల։͞ΕΔ • $closeResourceͷҾʹ ˏWillCloseΞϊςʔγϣϯ͕ ແ͍ • ˏWillCloseΞϊςʔγϣϯ͕ ͋Δ͜ͱʹ͢Εղܾʁ 14
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • CloseableJava
1.5͔ΒɺAutoCloseableJava 1.7͔Β • SpotBugs͜͏ͨ͠ΠϯλϑΣʔεͷଘࡏΛલఏʹ͠ͳ͍ʂ • ΜʁͲ͏͍͏͜ͱʁ 15
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • SpotBugsΫϥε͝ͱʹঢ়ଶΛཧ͢Δ
• java.io.Writer͕࡞ΒΕͨΒɺjava.io.Writer#close()͕ݺΕͳ͚Εͳ Βͳ͍ʢ͋Δ͍ࢠΫϥεͷ࣮Ͱྑ͍ʣ • java.io.Reader͕࡞ΒΕͨΒɺjava.io.Reader#close()͕ݺΕͳ͚Εͳ Βͳ͍ʢಉ্ʣ • java.io.Writerʹରͯ͠java.lang.AutoCloseable#close()ΛݺΜͰϦιʔ εΛดͨ͜͡ͱʹͳΒͳ͍ʂ • WriterReaderͷΫϥεɺ͋Δ͍ΠϯλϑΣʔεʹclose()Λ࣋ͬ ͍ͯΔՄೳੑΛߟ͑ͯͳ͍ʂ 16
#ccc_l3 • ͭ·ΓɺCommons IOͷ࣌ͳΒͳ͔ͬͨ • IOUtils.closeQuietly(java.io.Writer) • IOUtils.closeQuietly(java.io.Reader) • JavaͷਐԽʹ͍ͭͯߦ͚ͯͳ͍ྑ͍ࣄྫ
17 ϨΨγʔ࣮ىҼͷɹͦͷ̍ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • ଞʹ͋Δঢ়ଶཧͷ᠘
• #79: StatementΛดͨ͡ΒResultSetด͡ΒΕͨͱͯ͠ѻ͏͖ • #552: Lambda͔ΒLambda֎ͷมΛࢀর͢Δͱ͖ʹNullable νΣοΫ͕ಇ͔ͳ͍ • #603: this.foo = Objects.requireNonNull(foo); ͕ EI_EXPOSE_REP2ʢ෦ঢ়ଶͷΫϥε֎࿐ग़ʣʹͳΒͳ͍ 18
#ccc_l3 • SpotBugs Annotationͷ • Java 1.8 ܕύϥϝʔλʹର͢Δαϙʔτ͕ͳ͍ • JSR305ʢDormant=ٳࢭঢ়ଶʣͷґଘ
19 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • #470: @NonNull,@NullableʹTYPE_USE,TYPE_PARAMETERΛՃ • List<@NonNull String> ͱॻ͚ΔΑ͏ʹͳΔ • Ξϊςʔγϣϯͷมߋ͚ͩͳΒ؆୯͕ͩ……
• ͦͦSpotBugsࣗମ͕ܕύϥϝʔλͷͳ͍࣌ͷ࢈ͳͷ Ͱɺج൫෦ʹมߋ͕ඞཁͱࢥΘΕΔ 20 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • #421: JSR305ͷґଘΛஅͭ • SpotBugsͷΞϊςʔγϣϯJSR305Ξϊςʔγϣϯʹର͢Δ TypeQualifierNicknameͱ࣮ͯ͠͞Ε͍ͯΔ • javax.annotation.meta.Whenͷґଘ͕֤ॴʹࢄΒ͍ͬͯΔ •
InconsistentAnnotations, FindNullDerefͳͲ • େࣄʹͳΔ͜ͱඞఆ 21 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • ସͱͳΔιϦϡʔγϣϯ • Checkerframeworkͷ@NullableDeclͳͲ • Google error-proneͷ@CheckReturnValueͳͲ 22 ϨΨγʔ࣮ىҼͷɹͦͷ̎
PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #249: Performance improvements
• ϚϧνεϨουԽ͍͕ͨ͠BCEL͕ωοΫ • SpotBugsͷ֤ΠϯελϯεʢಛʹIAnalysisCacheؔ࿈ʣͷϥΠϑ αΠΫϧҙ͕ඞཁ 23
#ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #591: Resource Leak
• ϑΝΠϧϋϯυϥ͕ϦʔΫ͢ΔՄೳੑ͕͋Δ • MavenϚϧνϞδϡʔϧͳͲͰக໋తʹͳΓಘΔ 24
·ͱΊ 25 #ccc_l3
#ccc_l3 FOR USERS… Ϣʔβ͚·ͱΊ • OBL_UNSATISFIED_OBLIGATIONʹطͷޡݕόά͋Γɺ Java9Ҏ߱Ͱ͏߹ཁҙ • @NullableΞϊςʔγϣϯLambdaͱΈ߹ΘͤΔͱޡݕΛ Ҿ͖ى͍͜͢͠ͱࢥΘΕΔ
• ෆఆظʹύονϦϦʔεΛग़͍ͯ͠ΔͷͰɺGitHubϓϩδΣΫτͷ ͜·Ίͳ֬ೝΛਪ 26
#ccc_l3 FOR CONTRIBUTORS… ίϯτϦϏϡʔλ͚·ͱΊ • طଘͷབྷ·ΓΛղ͖΄͙͢ͷ͕͖ͳΒΦεεϝʂ • طʹଟͷϢʔβ͕͍͍ͭͯͯɺଧͯڹ͘ڥ • ίʔυϕʔε͋·Γେ͖͘ͳ͍ʢAntͱMavenফ͠͞Γ·ͨ͠ʣ
• ՝ͳΒࢁͷΑ͏ʹ͋Γ·͢ • ӳޠͷਖ਼֬ੑ͋Μ·Γؾʹ͠ͳ͍Ͱ͍͍Αʂ • ࢲͣͬͱKendoͱݺΕͯ·͢ 27
Q&A 28 #ccc_l3