Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SpotBugs3.1.xの現状と 内部実装が抱える問題
Search
Kengo TODA
May 26, 2018
Technology
0
3.2k
SpotBugs3.1.xの現状と 内部実装が抱える問題
http://www.java-users.jp/ccc2018spring/#/session/8cfd00b7-6366-4107-be9c-df58cc57de2f
Kengo TODA
May 26, 2018
Tweet
Share
More Decks by Kengo TODA
See All by Kengo TODA
生成AI 業務応用向けガイドライン 斜め読み / Overview of Generative AI Business Application Guidelines
eller86
0
110
KotlinユーザのためのJSpecify入門 / JSpecify 101 for Kotlin Devs
eller86
0
1.4k
JavaとGroovyで書かれたGradleプラグインをKotlinで書き直した話 / Converted a Gradle plugin from Groovy&Java to Kotlin
eller86
0
1.4k
ヒューマンスキル / The Humanskills
eller86
0
690
医療機関向けシステムの信頼性 / Reliability of systems for medical institutions
eller86
0
390
Server-side Kotlinを使うスタートアップでどんなDetektルールが育ったか / Detekt rules made in start-up working with Server-side Kotlin
eller86
0
1.5k
Java開発者向けのKotlin Gradleビルドスクリプト入門 / Gradle Build Script in Kotlin 101
eller86
1
1.8k
Goodbye JSR305, Hello JSpecify!
eller86
2
5.1k
Java8〜16におけるバイトコード生成の変化 / Changes of Bytecode Generation from Java 8 to 16
eller86
4
4.4k
Other Decks in Technology
See All in Technology
AIエージェント最前線! Amazon Bedrock、Amazon Q、そしてMCPを使いこなそう
minorun365
PRO
14
5.1k
HiMoR: Monocular Deformable Gaussian Reconstruction with Hierarchical Motion Representation
spatial_ai_network
0
110
変化する開発、進化する体系時代に適応するソフトウェアエンジニアの知識と考え方(JaSST'25 Kansai)
mizunori
1
210
Github Copilot エージェントモードで試してみた
ochtum
0
100
AWS CDK 実践的アプローチ N選 / aws-cdk-practical-approaches
gotok365
6
740
Amazon ECS & AWS Fargate 運用アーキテクチャ2025 / Amazon ECS and AWS Fargate Ops Architecture 2025
iselegant
16
5.5k
ひとり情シスなCTOがLLMと始めるオペレーション最適化 / CTO's LLM-Powered Ops
yamitzky
0
430
Postman AI エージェントビルダー最新情報
nagix
0
110
生成AI時代 文字コードを学ぶ意義を見出せるか?
hrsued
1
300
Welcome to the LLM Club
koic
0
170
セキュリティの民主化は何故必要なのか_AWS WAF 運用の 10 の苦悩から学ぶ
yoh
1
140
Oracle Cloud Infrastructure:2025年6月度サービス・アップデート
oracle4engineer
PRO
2
240
Featured
See All Featured
Making the Leap to Tech Lead
cromwellryan
134
9.3k
We Have a Design System, Now What?
morganepeng
53
7.7k
Large-scale JavaScript Application Architecture
addyosmani
512
110k
Unsuck your backbone
ammeep
671
58k
The World Runs on Bad Software
bkeepers
PRO
69
11k
Building an army of robots
kneath
306
45k
Music & Morning Musume
bryan
46
6.6k
Optimising Largest Contentful Paint
csswizardry
37
3.3k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
53k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
Transcript
SpotBugs3.1.xͷݱঢ়ͱ ෦๊࣮͕͑Δ JJUG CCC 2018 SPRING 1
#ccc_l3 SUDDENLY SURVEY ಥવͰ͕͢ΞϯέʔτͰ͢ 2 ΧςΰϦ ਓʢෳճՄʣ ։ൃͰSpotBugsΛ͓ͬͯΓɺ ࠷৽ͷಈΛ௫Έ͍ͨ 9
ར༻Λݕ౼தͰ͋Γɺ࠷৽ͷಈΛ௫Έ͍ͨ 10 །Ұͷ্ڃऀ͚ηογϣϯ͔ͩΒ 2 FOSSϓϩδΣΫτϝϯόʔͷ Λฉ͍ͯΈ͔ͨͬͨ 3 SpotBugsϓϩδΣΫτࣗମʹؔ৺͕͋Δ 13 ϕͬɺผʹՋ͔ͩͬͨΒ དྷ͚ͨͩͳΜ͔ͩΒͶʂ 2
#ccc_l3 ONE MORE SUDDENLY SURVEY ͞ΒʹಥવͰ͕͢ΞϯέʔτͰ͢ 3 ΧςΰϦ ਓʢෳճෆՄʣ FindBugs2.xΛ
͍ͬͯΔ 4 FindBugs3.0Λ ͍ͬͯΔ 11 SpotBugs3.1Λ ͍ͬͯΔ 3 ͲΕͬͯͳ͍͚Ͳ ਂΛ͖ʹདྷͨ 4
#ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷత • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔͷհ • ੩తղੳπʔϧͷߋͳΔਂʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ
• ͍ͭ·ͰͨͬͯJava9/10ରԠ͕͞Εͳ͍ࣄͷղઆ • ͋ΘΑ͘ίϯτϦϏϡʔλΛ୳͍ͨ͠ 4
#ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷత • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔͷհ • ੩తղੳπʔϧͷߋͳΔਂʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ
• ͍ͭ·ͰͨͬͯJava9/10ରԠ͕͞Εͳ͍ࣄͷղઆ • ͋ΘΑ͘ίϯτϦϏϡʔλΛ୳͍ͨ͠ 5 TWEET͢Δ࣌ʹ ͬͯͶʂ
#ccc_l3 FOR WHO IS CONSIDERING TO USE SpotBugs… SpotBugsͷར༻Λݕ౼͞Ε͍ͯΔํʹ…… •
ڈͷηογϣϯཱ͕͔ͭ͠Ε·ͤΜ • SpotBugs(FindBugs)ʹΑΔ େنERPͷίʔυ࣭վળ • ࠓͷʮ࠷৽ͷJavaʹద༻Ͱ͖͍ͯͳ͍෦͕͋ΔΜͩͳʔʯ ͘Β͍ͰѲͰ͖ΕେৎͰ͢ • Speaker DeckͰεϥΠυΛެ։༧ఆ 6
#ccc_l3 ABOUT SPEAKER εϐʔΧʔʹ͍ͭͯ • https://github.com/ KengoTODA/ • VP of
Dev at worksap.com • ήʔϜ͕࡞Γͨͯ͘HSP2ʹख Λग़͠ɺϑϦʔιϑτΣΞ ࡞ՈΛܦͯR&D • SpotBugsͷதͷਓ 7
#ccc_l3 ABOUT SpotBugs SpotBugsͱ • JavaքͰஶ໊ͩͬͨ੩తղੳπʔ ϧFindBugsͷޙܧϓϩδΣΫτ • FindBugsίϛϡχςΟʹ͓͚ Δྫͷ݅ͷహɺͦͯ͠
SpotBugsͱԿ͔ • FindBugsͷޙܧͱͯ͠ͷ SpotBugsͷհ • 201611݄ʹൃ • 201710݄ʹ3.1.0ΛϦϦʔε 8
#ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ • 3.1.0ϦϦʔεޙܧଓͯ҆͠ఆ൛ΛϦϦʔε •
3.1.3Λ20184݄ʹϦϦʔεࡁΈ • Maven, Gradle, SonarQubeͷϓϥάΠϯಉ༷ʹߋ৽த • Maven Central AnalysisʹΑΔͱɺ20183݄ͷؒʹFindBugs͕ 178,000 DLɺSpotBugs22,500 DL • ࠷৽ͷใGitHub IssueͰެ։த 9
#ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ • ҰํͰɺ4.0.0։ൃਐΜͰ͍ͳ͍͠Java9ରԠ์ஔؾຯ •
ຊ͜ͷ͋ͨΓΛ۷ΓԼ͛ͯղઆ͠·͢ 10
#ccc_l3 WHY SUPPORT FOR NEW JAVA IS SO SLOW ৽JAVAରԠ͕͘ͳΔϫέ
• ΫϥεϑΝΠϧղੳʹ͍ͬͯΔApache BCELͱObjectWeb ASMͷ ߋ৽Λͭඞཁ͕͋Δ • ಛʹBCELߋ৽͕͘ɺBCELىҼͷΛൃݟ͔ͯ͠Βमਖ਼൛ ͷϦϦʔε·Ͱʹ9ϲ݄͔͔͍ۙͬͯ͘Δɻ • ϨΨγʔͳ࣮͕ଟ͘ɺࠜຊղܾʹSpotBugs෦࣮ͷେ͖ͳมߋ Λ͏͜ͱ͕ଟ͍ɻ 11
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • #493:
Try-with-resources and java9 shows bugs • Java9Ͱtry-with-resourcesͷ࣮ʹ৽͍͠࠷దԽ͕ೖͬͨ • $closeResourceͱ͍͏private staticϝιουΛࣗಈੜ͢Δ͜ͱ ͰɺόΠτίʔυΛ࠶ར༻ɻ2ͭҎ্ͷϦιʔεΛclose͢Δࡍʹ ར༻͞ΕΔɻ • ͜ͷϝιουThrowableͱAutoCloseableΛҾʹͱΔɻ • ͜ͷ࠷దԽ͕OBL_UNSATISFIED_OBLIGATIONͷޡݕΛҾ͖ى ͨ͜͠ɻ 12
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ 13
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • 2ͭͷAutoCloseableͳมΛ
࣋ͭtry-with-resourcesӈه ͷΑ͏ʹల։͞ΕΔ • $closeResourceͷҾʹ ˏWillCloseΞϊςʔγϣϯ͕ ແ͍ • ˏWillCloseΞϊςʔγϣϯ͕ ͋Δ͜ͱʹ͢Εղܾʁ 14
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • CloseableJava
1.5͔ΒɺAutoCloseableJava 1.7͔Β • SpotBugs͜͏ͨ͠ΠϯλϑΣʔεͷଘࡏΛલఏʹ͠ͳ͍ʂ • ΜʁͲ͏͍͏͜ͱʁ 15
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • SpotBugsΫϥε͝ͱʹঢ়ଶΛཧ͢Δ
• java.io.Writer͕࡞ΒΕͨΒɺjava.io.Writer#close()͕ݺΕͳ͚Εͳ Βͳ͍ʢ͋Δ͍ࢠΫϥεͷ࣮Ͱྑ͍ʣ • java.io.Reader͕࡞ΒΕͨΒɺjava.io.Reader#close()͕ݺΕͳ͚Εͳ Βͳ͍ʢಉ্ʣ • java.io.Writerʹରͯ͠java.lang.AutoCloseable#close()ΛݺΜͰϦιʔ εΛดͨ͜͡ͱʹͳΒͳ͍ʂ • WriterReaderͷΫϥεɺ͋Δ͍ΠϯλϑΣʔεʹclose()Λ࣋ͬ ͍ͯΔՄೳੑΛߟ͑ͯͳ͍ʂ 16
#ccc_l3 • ͭ·ΓɺCommons IOͷ࣌ͳΒͳ͔ͬͨ • IOUtils.closeQuietly(java.io.Writer) • IOUtils.closeQuietly(java.io.Reader) • JavaͷਐԽʹ͍ͭͯߦ͚ͯͳ͍ྑ͍ࣄྫ
17 ϨΨγʔ࣮ىҼͷɹͦͷ̍ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • ଞʹ͋Δঢ়ଶཧͷ᠘
• #79: StatementΛดͨ͡ΒResultSetด͡ΒΕͨͱͯ͠ѻ͏͖ • #552: Lambda͔ΒLambda֎ͷมΛࢀর͢Δͱ͖ʹNullable νΣοΫ͕ಇ͔ͳ͍ • #603: this.foo = Objects.requireNonNull(foo); ͕ EI_EXPOSE_REP2ʢ෦ঢ়ଶͷΫϥε֎࿐ग़ʣʹͳΒͳ͍ 18
#ccc_l3 • SpotBugs Annotationͷ • Java 1.8 ܕύϥϝʔλʹର͢Δαϙʔτ͕ͳ͍ • JSR305ʢDormant=ٳࢭঢ়ଶʣͷґଘ
19 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • #470: @NonNull,@NullableʹTYPE_USE,TYPE_PARAMETERΛՃ • List<@NonNull String> ͱॻ͚ΔΑ͏ʹͳΔ • Ξϊςʔγϣϯͷมߋ͚ͩͳΒ؆୯͕ͩ……
• ͦͦSpotBugsࣗମ͕ܕύϥϝʔλͷͳ͍࣌ͷ࢈ͳͷ Ͱɺج൫෦ʹมߋ͕ඞཁͱࢥΘΕΔ 20 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • #421: JSR305ͷґଘΛஅͭ • SpotBugsͷΞϊςʔγϣϯJSR305Ξϊςʔγϣϯʹର͢Δ TypeQualifierNicknameͱ࣮ͯ͠͞Ε͍ͯΔ • javax.annotation.meta.Whenͷґଘ͕֤ॴʹࢄΒ͍ͬͯΔ •
InconsistentAnnotations, FindNullDerefͳͲ • େࣄʹͳΔ͜ͱඞఆ 21 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • ସͱͳΔιϦϡʔγϣϯ • Checkerframeworkͷ@NullableDeclͳͲ • Google error-proneͷ@CheckReturnValueͳͲ 22 ϨΨγʔ࣮ىҼͷɹͦͷ̎
PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #249: Performance improvements
• ϚϧνεϨουԽ͍͕ͨ͠BCEL͕ωοΫ • SpotBugsͷ֤ΠϯελϯεʢಛʹIAnalysisCacheؔ࿈ʣͷϥΠϑ αΠΫϧҙ͕ඞཁ 23
#ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #591: Resource Leak
• ϑΝΠϧϋϯυϥ͕ϦʔΫ͢ΔՄೳੑ͕͋Δ • MavenϚϧνϞδϡʔϧͳͲͰக໋తʹͳΓಘΔ 24
·ͱΊ 25 #ccc_l3
#ccc_l3 FOR USERS… Ϣʔβ͚·ͱΊ • OBL_UNSATISFIED_OBLIGATIONʹطͷޡݕόά͋Γɺ Java9Ҏ߱Ͱ͏߹ཁҙ • @NullableΞϊςʔγϣϯLambdaͱΈ߹ΘͤΔͱޡݕΛ Ҿ͖ى͍͜͢͠ͱࢥΘΕΔ
• ෆఆظʹύονϦϦʔεΛग़͍ͯ͠ΔͷͰɺGitHubϓϩδΣΫτͷ ͜·Ίͳ֬ೝΛਪ 26
#ccc_l3 FOR CONTRIBUTORS… ίϯτϦϏϡʔλ͚·ͱΊ • طଘͷབྷ·ΓΛղ͖΄͙͢ͷ͕͖ͳΒΦεεϝʂ • طʹଟͷϢʔβ͕͍͍ͭͯͯɺଧͯڹ͘ڥ • ίʔυϕʔε͋·Γେ͖͘ͳ͍ʢAntͱMavenফ͠͞Γ·ͨ͠ʣ
• ՝ͳΒࢁͷΑ͏ʹ͋Γ·͢ • ӳޠͷਖ਼֬ੑ͋Μ·Γؾʹ͠ͳ͍Ͱ͍͍Αʂ • ࢲͣͬͱKendoͱݺΕͯ·͢ 27
Q&A 28 #ccc_l3