Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SpotBugs3.1.xの現状と 内部実装が抱える問題
Search
Kengo TODA
May 26, 2018
Technology
0
3.1k
SpotBugs3.1.xの現状と 内部実装が抱える問題
http://www.java-users.jp/ccc2018spring/#/session/8cfd00b7-6366-4107-be9c-df58cc57de2f
Kengo TODA
May 26, 2018
Tweet
Share
More Decks by Kengo TODA
See All by Kengo TODA
生成AI 業務応用向けガイドライン 斜め読み / Overview of Generative AI Business Application Guidelines
eller86
0
60
KotlinユーザのためのJSpecify入門 / JSpecify 101 for Kotlin Devs
eller86
0
1.1k
JavaとGroovyで書かれたGradleプラグインをKotlinで書き直した話 / Converted a Gradle plugin from Groovy&Java to Kotlin
eller86
0
1.3k
ヒューマンスキル / The Humanskills
eller86
0
610
医療機関向けシステムの信頼性 / Reliability of systems for medical institutions
eller86
0
340
Server-side Kotlinを使うスタートアップでどんなDetektルールが育ったか / Detekt rules made in start-up working with Server-side Kotlin
eller86
0
1.4k
Java開発者向けのKotlin Gradleビルドスクリプト入門 / Gradle Build Script in Kotlin 101
eller86
1
1.7k
Goodbye JSR305, Hello JSpecify!
eller86
2
5k
Java8〜16におけるバイトコード生成の変化 / Changes of Bytecode Generation from Java 8 to 16
eller86
4
4.3k
Other Decks in Technology
See All in Technology
【内製開発Summit 2025】イオンスマートテクノロジーの内製化組織の作り方/In-house-development-summit-AST
aeonpeople
2
1.1k
Ruby on Railsで持続可能な開発を行うために取り組んでいること
am1157154
3
160
MIMEと文字コードの闇
hirachan
2
1.5k
目標と時間軸 〜ベイビーステップでケイパビリティを高めよう〜
kakehashi
PRO
8
1k
[OpsJAWS Meetup33 AIOps] Amazon Bedrockガードレールで守る安全なAI運用
akiratameto
1
140
Amazon Aurora のバージョンアップ手法について
smt7174
2
190
Охота на косуль у древних
ashapiro
0
130
遷移の高速化 ヤフートップの試行錯誤
narirou
6
1.9k
データエンジニアリング領域におけるDuckDBのユースケース
chanyou0311
9
2.6k
Snowflake ML モデルを dbt データパイプラインに組み込む
estie
0
110
JAWS FESTA 2024「バスロケ」GPS×サーバーレスの開発と運用の舞台裏/jawsfesta2024-bus-gps-serverless
ma2shita
3
340
開発者体験を定量的に把握する手法と活用事例
ham0215
0
130
Featured
See All Featured
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Designing for Performance
lara
605
68k
Code Reviewing Like a Champion
maltzj
521
39k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
4
440
Building Applications with DynamoDB
mza
93
6.2k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.3k
Thoughts on Productivity
jonyablonski
69
4.5k
Gamification - CAS2011
davidbonilla
80
5.2k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
11
1.3k
The Cult of Friendly URLs
andyhume
78
6.2k
Documentation Writing (for coders)
carmenintech
68
4.6k
Into the Great Unknown - MozCon
thekraken
35
1.6k
Transcript
SpotBugs3.1.xͷݱঢ়ͱ ෦๊࣮͕͑Δ JJUG CCC 2018 SPRING 1
#ccc_l3 SUDDENLY SURVEY ಥવͰ͕͢ΞϯέʔτͰ͢ 2 ΧςΰϦ ਓʢෳճՄʣ ։ൃͰSpotBugsΛ͓ͬͯΓɺ ࠷৽ͷಈΛ௫Έ͍ͨ 9
ར༻Λݕ౼தͰ͋Γɺ࠷৽ͷಈΛ௫Έ͍ͨ 10 །Ұͷ্ڃऀ͚ηογϣϯ͔ͩΒ 2 FOSSϓϩδΣΫτϝϯόʔͷ Λฉ͍ͯΈ͔ͨͬͨ 3 SpotBugsϓϩδΣΫτࣗମʹؔ৺͕͋Δ 13 ϕͬɺผʹՋ͔ͩͬͨΒ དྷ͚ͨͩͳΜ͔ͩΒͶʂ 2
#ccc_l3 ONE MORE SUDDENLY SURVEY ͞ΒʹಥવͰ͕͢ΞϯέʔτͰ͢ 3 ΧςΰϦ ਓʢෳճෆՄʣ FindBugs2.xΛ
͍ͬͯΔ 4 FindBugs3.0Λ ͍ͬͯΔ 11 SpotBugs3.1Λ ͍ͬͯΔ 3 ͲΕͬͯͳ͍͚Ͳ ਂΛ͖ʹདྷͨ 4
#ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷత • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔͷհ • ੩తղੳπʔϧͷߋͳΔਂʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ
• ͍ͭ·ͰͨͬͯJava9/10ରԠ͕͞Εͳ͍ࣄͷղઆ • ͋ΘΑ͘ίϯτϦϏϡʔλΛ୳͍ͨ͠ 4
#ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷత • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔͷհ • ੩తղੳπʔϧͷߋͳΔਂʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ
• ͍ͭ·ͰͨͬͯJava9/10ରԠ͕͞Εͳ͍ࣄͷղઆ • ͋ΘΑ͘ίϯτϦϏϡʔλΛ୳͍ͨ͠ 5 TWEET͢Δ࣌ʹ ͬͯͶʂ
#ccc_l3 FOR WHO IS CONSIDERING TO USE SpotBugs… SpotBugsͷར༻Λݕ౼͞Ε͍ͯΔํʹ…… •
ڈͷηογϣϯཱ͕͔ͭ͠Ε·ͤΜ • SpotBugs(FindBugs)ʹΑΔ େنERPͷίʔυ࣭վળ • ࠓͷʮ࠷৽ͷJavaʹద༻Ͱ͖͍ͯͳ͍෦͕͋ΔΜͩͳʔʯ ͘Β͍ͰѲͰ͖ΕେৎͰ͢ • Speaker DeckͰεϥΠυΛެ։༧ఆ 6
#ccc_l3 ABOUT SPEAKER εϐʔΧʔʹ͍ͭͯ • https://github.com/ KengoTODA/ • VP of
Dev at worksap.com • ήʔϜ͕࡞Γͨͯ͘HSP2ʹख Λग़͠ɺϑϦʔιϑτΣΞ ࡞ՈΛܦͯR&D • SpotBugsͷதͷਓ 7
#ccc_l3 ABOUT SpotBugs SpotBugsͱ • JavaքͰஶ໊ͩͬͨ੩తղੳπʔ ϧFindBugsͷޙܧϓϩδΣΫτ • FindBugsίϛϡχςΟʹ͓͚ Δྫͷ݅ͷహɺͦͯ͠
SpotBugsͱԿ͔ • FindBugsͷޙܧͱͯ͠ͷ SpotBugsͷհ • 201611݄ʹൃ • 201710݄ʹ3.1.0ΛϦϦʔε 8
#ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ • 3.1.0ϦϦʔεޙܧଓͯ҆͠ఆ൛ΛϦϦʔε •
3.1.3Λ20184݄ʹϦϦʔεࡁΈ • Maven, Gradle, SonarQubeͷϓϥάΠϯಉ༷ʹߋ৽த • Maven Central AnalysisʹΑΔͱɺ20183݄ͷؒʹFindBugs͕ 178,000 DLɺSpotBugs22,500 DL • ࠷৽ͷใGitHub IssueͰެ։த 9
#ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ • ҰํͰɺ4.0.0։ൃਐΜͰ͍ͳ͍͠Java9ରԠ์ஔؾຯ •
ຊ͜ͷ͋ͨΓΛ۷ΓԼ͛ͯղઆ͠·͢ 10
#ccc_l3 WHY SUPPORT FOR NEW JAVA IS SO SLOW ৽JAVAରԠ͕͘ͳΔϫέ
• ΫϥεϑΝΠϧղੳʹ͍ͬͯΔApache BCELͱObjectWeb ASMͷ ߋ৽Λͭඞཁ͕͋Δ • ಛʹBCELߋ৽͕͘ɺBCELىҼͷΛൃݟ͔ͯ͠Βमਖ਼൛ ͷϦϦʔε·Ͱʹ9ϲ݄͔͔͍ۙͬͯ͘Δɻ • ϨΨγʔͳ࣮͕ଟ͘ɺࠜຊղܾʹSpotBugs෦࣮ͷେ͖ͳมߋ Λ͏͜ͱ͕ଟ͍ɻ 11
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • #493:
Try-with-resources and java9 shows bugs • Java9Ͱtry-with-resourcesͷ࣮ʹ৽͍͠࠷దԽ͕ೖͬͨ • $closeResourceͱ͍͏private staticϝιουΛࣗಈੜ͢Δ͜ͱ ͰɺόΠτίʔυΛ࠶ར༻ɻ2ͭҎ্ͷϦιʔεΛclose͢Δࡍʹ ར༻͞ΕΔɻ • ͜ͷϝιουThrowableͱAutoCloseableΛҾʹͱΔɻ • ͜ͷ࠷దԽ͕OBL_UNSATISFIED_OBLIGATIONͷޡݕΛҾ͖ى ͨ͜͠ɻ 12
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ 13
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • 2ͭͷAutoCloseableͳมΛ
࣋ͭtry-with-resourcesӈه ͷΑ͏ʹల։͞ΕΔ • $closeResourceͷҾʹ ˏWillCloseΞϊςʔγϣϯ͕ ແ͍ • ˏWillCloseΞϊςʔγϣϯ͕ ͋Δ͜ͱʹ͢Εղܾʁ 14
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • CloseableJava
1.5͔ΒɺAutoCloseableJava 1.7͔Β • SpotBugs͜͏ͨ͠ΠϯλϑΣʔεͷଘࡏΛલఏʹ͠ͳ͍ʂ • ΜʁͲ͏͍͏͜ͱʁ 15
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • SpotBugsΫϥε͝ͱʹঢ়ଶΛཧ͢Δ
• java.io.Writer͕࡞ΒΕͨΒɺjava.io.Writer#close()͕ݺΕͳ͚Εͳ Βͳ͍ʢ͋Δ͍ࢠΫϥεͷ࣮Ͱྑ͍ʣ • java.io.Reader͕࡞ΒΕͨΒɺjava.io.Reader#close()͕ݺΕͳ͚Εͳ Βͳ͍ʢಉ্ʣ • java.io.Writerʹରͯ͠java.lang.AutoCloseable#close()ΛݺΜͰϦιʔ εΛดͨ͜͡ͱʹͳΒͳ͍ʂ • WriterReaderͷΫϥεɺ͋Δ͍ΠϯλϑΣʔεʹclose()Λ࣋ͬ ͍ͯΔՄೳੑΛߟ͑ͯͳ͍ʂ 16
#ccc_l3 • ͭ·ΓɺCommons IOͷ࣌ͳΒͳ͔ͬͨ • IOUtils.closeQuietly(java.io.Writer) • IOUtils.closeQuietly(java.io.Reader) • JavaͷਐԽʹ͍ͭͯߦ͚ͯͳ͍ྑ͍ࣄྫ
17 ϨΨγʔ࣮ىҼͷɹͦͷ̍ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • ଞʹ͋Δঢ়ଶཧͷ᠘
• #79: StatementΛดͨ͡ΒResultSetด͡ΒΕͨͱͯ͠ѻ͏͖ • #552: Lambda͔ΒLambda֎ͷมΛࢀর͢Δͱ͖ʹNullable νΣοΫ͕ಇ͔ͳ͍ • #603: this.foo = Objects.requireNonNull(foo); ͕ EI_EXPOSE_REP2ʢ෦ঢ়ଶͷΫϥε֎࿐ग़ʣʹͳΒͳ͍ 18
#ccc_l3 • SpotBugs Annotationͷ • Java 1.8 ܕύϥϝʔλʹର͢Δαϙʔτ͕ͳ͍ • JSR305ʢDormant=ٳࢭঢ়ଶʣͷґଘ
19 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • #470: @NonNull,@NullableʹTYPE_USE,TYPE_PARAMETERΛՃ • List<@NonNull String> ͱॻ͚ΔΑ͏ʹͳΔ • Ξϊςʔγϣϯͷมߋ͚ͩͳΒ؆୯͕ͩ……
• ͦͦSpotBugsࣗମ͕ܕύϥϝʔλͷͳ͍࣌ͷ࢈ͳͷ Ͱɺج൫෦ʹมߋ͕ඞཁͱࢥΘΕΔ 20 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • #421: JSR305ͷґଘΛஅͭ • SpotBugsͷΞϊςʔγϣϯJSR305Ξϊςʔγϣϯʹର͢Δ TypeQualifierNicknameͱ࣮ͯ͠͞Ε͍ͯΔ • javax.annotation.meta.Whenͷґଘ͕֤ॴʹࢄΒ͍ͬͯΔ •
InconsistentAnnotations, FindNullDerefͳͲ • େࣄʹͳΔ͜ͱඞఆ 21 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • ସͱͳΔιϦϡʔγϣϯ • Checkerframeworkͷ@NullableDeclͳͲ • Google error-proneͷ@CheckReturnValueͳͲ 22 ϨΨγʔ࣮ىҼͷɹͦͷ̎
PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #249: Performance improvements
• ϚϧνεϨουԽ͍͕ͨ͠BCEL͕ωοΫ • SpotBugsͷ֤ΠϯελϯεʢಛʹIAnalysisCacheؔ࿈ʣͷϥΠϑ αΠΫϧҙ͕ඞཁ 23
#ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #591: Resource Leak
• ϑΝΠϧϋϯυϥ͕ϦʔΫ͢ΔՄೳੑ͕͋Δ • MavenϚϧνϞδϡʔϧͳͲͰக໋తʹͳΓಘΔ 24
·ͱΊ 25 #ccc_l3
#ccc_l3 FOR USERS… Ϣʔβ͚·ͱΊ • OBL_UNSATISFIED_OBLIGATIONʹطͷޡݕόά͋Γɺ Java9Ҏ߱Ͱ͏߹ཁҙ • @NullableΞϊςʔγϣϯLambdaͱΈ߹ΘͤΔͱޡݕΛ Ҿ͖ى͍͜͢͠ͱࢥΘΕΔ
• ෆఆظʹύονϦϦʔεΛग़͍ͯ͠ΔͷͰɺGitHubϓϩδΣΫτͷ ͜·Ίͳ֬ೝΛਪ 26
#ccc_l3 FOR CONTRIBUTORS… ίϯτϦϏϡʔλ͚·ͱΊ • طଘͷབྷ·ΓΛղ͖΄͙͢ͷ͕͖ͳΒΦεεϝʂ • طʹଟͷϢʔβ͕͍͍ͭͯͯɺଧͯڹ͘ڥ • ίʔυϕʔε͋·Γେ͖͘ͳ͍ʢAntͱMavenফ͠͞Γ·ͨ͠ʣ
• ՝ͳΒࢁͷΑ͏ʹ͋Γ·͢ • ӳޠͷਖ਼֬ੑ͋Μ·Γؾʹ͠ͳ͍Ͱ͍͍Αʂ • ࢲͣͬͱKendoͱݺΕͯ·͢ 27
Q&A 28 #ccc_l3