SpotBugs3.1.xの現状と
内部実装が抱える問題

Transcript

1. SpotBugs3.1.xͷݱঢ়ͱ
 ಺෦࣮૷๊͕͑Δ໰୊ JJUG CCC 2018 SPRING 1

2. #ccc_l3 SUDDENLY SURVEY ಥવͰ͕͢ΞϯέʔτͰ͢ 2 ΧςΰϦ ਓ਺ʢෳ਺ճ౴Մʣ ։ൃͰSpotBugsΛ࢖͓ͬͯΓɺ
 ࠷৽ͷಈ޲Λ௫Έ͍ͨ 9

   ར༻Λݕ౼தͰ͋Γɺ࠷৽ͷಈ޲Λ௫Έ͍ͨ 10 །Ұͷ্ڃऀ޲͚ηογϣϯ͔ͩΒ 2 FOSSϓϩδΣΫτϝϯόʔͷ ࿩Λฉ͍ͯΈ͔ͨͬͨ 3 SpotBugsϓϩδΣΫτࣗମʹؔ৺͕͋Δ 13 ϕͬɺผʹՋ͔ͩͬͨΒ དྷ͚ͨͩͳΜ͔ͩΒͶʂ 2

3. #ccc_l3 ONE MORE SUDDENLY SURVEY ͞ΒʹಥવͰ͕͢ΞϯέʔτͰ͢ 3 ΧςΰϦ ਓ਺ʢෳ਺ճ౴ෆՄʣ FindBugs2.xΛ

   ࢖͍ͬͯΔ 4 FindBugs3.0Λ ࢖͍ͬͯΔ 11 SpotBugs3.1Λ ࢖͍ͬͯΔ 3 ͲΕ΋࢖ͬͯͳ͍͚Ͳ ਂ෵Λ೷͖ʹདྷͨ 4

4. #ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷ໨త • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔ໰୊ͷ঺հ • ੩తղੳπʔϧͷߋͳΔਂ෵ʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ

   • ͍ͭ·Ͱͨͬͯ΋Java9/10ରԠ͕͞Εͳ͍ࣄ৅ͷղઆ • ͋ΘΑ͘͹ίϯτϦϏϡʔλΛ୳͍ͨ͠ 4

5. #ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷ໨త • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔ໰୊ͷ঺հ • ੩తղੳπʔϧͷߋͳΔਂ෵ʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ

   • ͍ͭ·Ͱͨͬͯ΋Java9/10ରԠ͕͞Εͳ͍ࣄ৅ͷղઆ • ͋ΘΑ͘͹ίϯτϦϏϡʔλΛ୳͍ͨ͠ 5 TWEET͢Δ࣌ʹ ࢖ͬͯͶʂ

6. #ccc_l3 FOR WHO IS CONSIDERING TO USE SpotBugs… SpotBugsͷར༻Λݕ౼͞Ε͍ͯΔํʹ͸…… •

   ڈ೥ͷηογϣϯ͕໾ཱ͔ͭ΋͠Ε·ͤΜ • SpotBugs(FindBugs)ʹΑΔ େن໛ERPͷίʔυ඼࣭վળ
 • ࠓ೔ͷ࿩͸ʮ࠷৽ͷJavaʹద༻Ͱ͖͍ͯͳ͍෦෼͕͋ΔΜͩͳʔʯ ͘Β͍Ͱ೺ѲͰ͖Ε͹େৎ෉Ͱ͢ • Speaker DeckͰεϥΠυΛެ։༧ఆ 6

7. #ccc_l3 ABOUT SPEAKER εϐʔΧʔʹ͍ͭͯ • https://github.com/ KengoTODA/ • VP of

   Dev at worksap.com • ήʔϜ͕࡞Γͨͯ͘HSP2ʹख Λग़͠ɺϑϦʔιϑτ΢ΣΞ ࡞ՈΛܦͯR&D΁ • SpotBugsͷதͷਓ 7

8. #ccc_l3 ABOUT SpotBugs SpotBugsͱ͸ • JavaքͰஶ໊ͩͬͨ੩తղੳπʔ ϧFindBugsͷޙܧϓϩδΣΫτ • FindBugsίϛϡχςΟʹ͓͚ Δྫͷ݅ͷహ຤ɺͦͯ͠

   SpotBugsͱ͸Կ͔ • FindBugsͷޙܧͱͯ͠ͷ SpotBugsͷ঺հ • 2016೥11݄ʹൃ଍ • 2017೥10݄ʹ3.1.0ΛϦϦʔε 8

9. #ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ৘ • 3.1.0ϦϦʔεޙ΋ܧଓͯ҆͠ఆ൛ΛϦϦʔε •

   3.1.3Λ2018೥4݄ʹϦϦʔεࡁΈ • Maven, Gradle, SonarQubeͷϓϥάΠϯ΋ಉ༷ʹߋ৽த • Maven Central AnalysisʹΑΔͱɺ2018೥3݄ͷؒʹFindBugs͕ ໿178,000 DLɺSpotBugs͸໿22,500 DL • ࠷৽ͷ৘ใ͸GitHub IssueͰެ։த 9

10. #ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ৘ • ҰํͰɺ4.0.0։ൃ͸ਐΜͰ͍ͳ͍͠Java9ରԠ΋์ஔؾຯ •

    ຊ೔͸͜ͷ͋ͨΓΛ۷ΓԼ͛ͯղઆ͠·͢ 10

11. #ccc_l3 WHY SUPPORT FOR NEW JAVA IS SO SLOW ৽JAVAରԠ͕஗͘ͳΔϫέ

    • ΫϥεϑΝΠϧղੳʹ࢖͍ͬͯΔApache BCELͱObjectWeb ASMͷ ߋ৽Λ଴ͭඞཁ͕͋Δ • ಛʹBCEL͸ߋ৽͕஗͘ɺBCELىҼͷ໰୊Λൃݟ͔ͯ͠Βमਖ਼൛ ͷϦϦʔε·Ͱʹ9ϲ݄͔͔͍ۙͬͯ͘Δɻ • ϨΨγʔͳ࣮૷͕ଟ͘ɺࠜຊղܾʹSpotBugs಺෦࣮૷ͷେ͖ͳมߋ Λ൐͏͜ͱ͕ଟ͍ɻ 11

12. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • #493:

    Try-with-resources and java9 shows bugs • Java9Ͱtry-with-resourcesͷ࣮૷ʹ৽͍͠࠷దԽ͕ೖͬͨ • $closeResourceͱ͍͏private staticϝιουΛࣗಈੜ੒͢Δ͜ͱ ͰɺόΠτίʔυΛ࠶ར༻ɻ2ͭҎ্ͷϦιʔεΛclose͢Δࡍʹ ར༻͞ΕΔɻ • ͜ͷϝιου͸ThrowableͱAutoCloseableΛҾ਺ʹͱΔɻ • ͜ͷ࠷దԽ͕OBL_UNSATISFIED_OBLIGATIONͷޡݕ஌ΛҾ͖ى ͨ͜͠ɻ 12

13. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ 13

14. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • 2ͭͷAutoCloseableͳม਺Λ

    ࣋ͭtry-with-resources͸ӈه ͷΑ͏ʹల։͞ΕΔ • $closeResourceͷҾ਺ʹ͸
 ˏWillCloseΞϊςʔγϣϯ͕ ແ͍ • ˏWillCloseΞϊςʔγϣϯ͕ ͋Δ͜ͱʹ͢Ε͹ղܾʁ 14

15. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • Closeable͸Java

    1.5͔ΒɺAutoCloseable͸Java 1.7͔Β • SpotBugs͸͜͏ͨ͠ΠϯλϑΣʔεͷଘࡏΛલఏʹ͠ͳ͍ʂ • ΜʁͲ͏͍͏͜ͱʁ 15

16. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • SpotBugs͸Ϋϥε͝ͱʹঢ়ଶΛ؅ཧ͢Δ

    • java.io.Writer͕࡞ΒΕͨΒɺjava.io.Writer#close()͕ݺ͹Εͳ͚Ε͹ͳ Βͳ͍ʢ͋Δ͍͸ࢠΫϥεͷ࣮૷Ͱ΋ྑ͍ʣ • java.io.Reader͕࡞ΒΕͨΒɺjava.io.Reader#close()͕ݺ͹Εͳ͚Ε͹ͳ Βͳ͍ʢಉ্ʣ • java.io.Writerʹରͯ͠java.lang.AutoCloseable#close()ΛݺΜͰ΋Ϧιʔ εΛดͨ͜͡ͱʹͳΒͳ͍ʂ • Writer΍Readerͷ਌Ϋϥεɺ͋Δ͍͸ΠϯλϑΣʔεʹclose()Λ࣋ͬ ͍ͯΔՄೳੑΛߟ͑ͯͳ͍ʂ 16

17. #ccc_l3 • ͭ·ΓɺCommons IOͷ࣌୅ͳΒ໰୊ͳ͔ͬͨ • IOUtils.closeQuietly(java.io.Writer) • IOUtils.closeQuietly(java.io.Reader) • JavaͷਐԽʹ͍ͭͯߦ͚ͯͳ͍ྑ͍ࣄྫ

    17 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)

18. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • ଞʹ΋͋Δঢ়ଶ؅ཧͷ᠘

    • #79: StatementΛดͨ͡ΒResultSet΋ด͡ΒΕͨͱͯ͠ѻ͏΂͖ • #552: Lambda͔ΒLambda֎ͷม਺Λࢀর͢Δͱ͖ʹNullable νΣοΫ͕ಇ͔ͳ͍ • #603: this.foo = Objects.requireNonNull(foo); ͕ EI_EXPOSE_REP2ʢ಺෦ঢ়ଶͷΫϥε֎࿐ग़ʣʹͳΒͳ͍ 18

19. #ccc_l3 • SpotBugs Annotationͷ໰୊ • Java 1.8 ܕύϥϝʔλʹର͢Δαϙʔτ͕ͳ͍ • JSR305ʢDormant=ٳࢭঢ়ଶʣ΁ͷґଘ

    19 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

20. #ccc_l3 • #470: @NonNull,@NullableʹTYPE_USE,TYPE_PARAMETERΛ௥Ճ • List<@NonNull String> ͱॻ͚ΔΑ͏ʹͳΔ • Ξϊςʔγϣϯͷมߋ͚ͩͳΒ؆୯͕ͩ……

    • ͦ΋ͦ΋SpotBugsࣗମ͕ܕύϥϝʔλͷͳ͍࣌୅ͷ࢈෺ͳͷ Ͱɺج൫෦෼ʹมߋ͕ඞཁͱࢥΘΕΔ 20 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

21. #ccc_l3 • #421: JSR305΁ͷґଘΛஅͭ • SpotBugsͷΞϊςʔγϣϯ͸JSR305Ξϊςʔγϣϯʹର͢Δ TypeQualifierNicknameͱ࣮ͯ͠૷͞Ε͍ͯΔ • javax.annotation.meta.When౳΁ͷґଘ͕֤ॴʹࢄΒ͹͍ͬͯΔ •

    InconsistentAnnotations, FindNullDerefͳͲ • େ޻ࣄʹͳΔ͜ͱඞఆ 21 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

22. #ccc_l3 • ୅ସͱͳΔιϦϡʔγϣϯ • Checkerframeworkͷ@NullableDeclͳͲ • Google error-proneͷ@CheckReturnValueͳͲ 22 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎

    PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

23. #ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝୊ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #249: Performance improvements

    • ϚϧνεϨουԽ͍͕ͨ͠BCEL͕ωοΫ • SpotBugsͷ֤ΠϯελϯεʢಛʹIAnalysisCacheؔ࿈ʣͷϥΠϑ αΠΫϧ΋஫ҙ͕ඞཁ 23

24. #ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝୊ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #591: Resource Leak

    • ϑΝΠϧϋϯυϥ͕ϦʔΫ͢ΔՄೳੑ͕͋Δ • MavenϚϧνϞδϡʔϧͳͲͰக໋తʹͳΓಘΔ 24

25. ·ͱΊ 25 #ccc_l3

26. #ccc_l3 FOR USERS… Ϣʔβ޲͚·ͱΊ • OBL_UNSATISFIED_OBLIGATIONʹ͸ط஌ͷޡݕ஌όά͋Γɺ Java9Ҏ߱Ͱ࢖͏৔߹͸ཁ஫ҙ • @NullableΞϊςʔγϣϯ౳͸Lambdaͱ૊Έ߹ΘͤΔͱޡݕ஌Λ
 Ҿ͖ى͜͠΍͍͢ͱࢥΘΕΔ

    • ෆఆظʹύονϦϦʔεΛग़͍ͯ͠ΔͷͰɺGitHubϓϩδΣΫτͷ ͜·Ίͳ֬ೝΛਪ঑ 26

27. #ccc_l3 FOR CONTRIBUTORS… ίϯτϦϏϡʔλ޲͚·ͱΊ • طଘ੡඼ͷབྷ·ΓΛղ͖΄͙͢ͷ͕޷͖ͳΒΦεεϝʂ • طʹଟ਺ͷϢʔβ͕͍͍ͭͯͯɺଧͯ͹ڹ͘؀ڥ • ίʔυϕʔε͋·Γେ͖͘ͳ͍ʢAntͱMaven͸ফ͠͞Γ·ͨ͠ʣ

    • ՝୊ͳΒࢁͷΑ͏ʹ͋Γ·͢ • ӳޠͷਖ਼֬ੑ͸͋Μ·Γؾʹ͠ͳ͍Ͱ͍͍Αʂ • ࢲ΋ͣͬͱKendoͱݺ͹Εͯ·͢ 27

28. Q&A 28 #ccc_l3