SpotBugs3.1.xの現状と
内部実装が抱える問題

4ccf6c02807d06f043a71435c48ce86a?s=47 Kengo TODA
May 26, 2018
Technology
0
2.3k

 SpotBugs3.1.xの現状と
内部実装が抱える問題

http://www.java-users.jp/ccc2018spring/#/session/8cfd00b7-6366-4107-be9c-df58cc57de2f

4ccf6c02807d06f043a71435c48ce86a?s=128

Kengo TODA

May 26, 2018
Tweet

More Decks by Kengo TODA

See All by Kengo TODA
4ccf6c02807d06f043a71435c48ce86a?s=48 eller86
0
43
4ccf6c02807d06f043a71435c48ce86a?s=48 eller86
1
87
4ccf6c02807d06f043a71435c48ce86a?s=48 eller86
0
18
4ccf6c02807d06f043a71435c48ce86a?s=48 eller86
0
11
4ccf6c02807d06f043a71435c48ce86a?s=48 eller86
0
1.5k
4ccf6c02807d06f043a71435c48ce86a?s=48 eller86
0
130
4ccf6c02807d06f043a71435c48ce86a?s=48 eller86
0
1.8k
4ccf6c02807d06f043a71435c48ce86a?s=48 eller86
0
1.6k
4ccf6c02807d06f043a71435c48ce86a?s=48 eller86
1
2k

Other Decks in Technology

See All in Technology
Dc3f88b2c2c4210e3068d94ce7c25bf2?s=48 terkel
17
4.4k
97a7f7899e0df28c3636b8d44bbe6578?s=48 korodroid
3
1.3k
98234c645fe8c935edc0fec0186d28b8?s=48 garethr
1
710
0620564f0125b8b3b7f4fe40c10b8b4e?s=48 tattn
4
870
1820130315ee3f2e970aeeef918b264a?s=48 yuzoshigematsu
2
1.4k
2102a6b8760bd6f57f672805723dd83a?s=48 line_developers_tw
0
750
0102ef8594b9d3a74f45dfd5daa5ede4?s=48 yskmjp
0
210
D5554c0703d71b3f813e658020267954?s=48 masudas75
1
320
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
180
953fe5f1a04d8944ead78db3991cfa6a?s=48 anoriqq
0
230
2102a6b8760bd6f57f672805723dd83a?s=48 line_developers_tw
0
860
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
200

Featured

See All Featured
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
236
23k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
85
8.4k
D67fff74178013024d833b3eec6cf27f?s=48 lynnandtonic
267
16k
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
339
26k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
8
1.1k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
497
130k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
185
14k
651dcfe41723207fbb0aa044a4f7c07f?s=48 dotmariusz
94
5.1k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
392
60k
7cbd3f5f922d798cc312eaf596de7ae6?s=48 iamctodd
12
1.6k
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
241
20k
E195ae45320d9202eaa01c9f1d31a416?s=48 marktimemedia
5
200

Transcript

  1. SpotBugs3.1.xͷݱঢ়ͱ
 ಺෦࣮૷๊͕͑Δ໰୊ JJUG CCC 2018 SPRING 1

  2. #ccc_l3 SUDDENLY SURVEY ಥવͰ͕͢ΞϯέʔτͰ͢ 2 ΧςΰϦ ਓ਺ʢෳ਺ճ౴Մʣ ։ൃͰSpotBugsΛ࢖͓ͬͯΓɺ
 ࠷৽ͷಈ޲Λ௫Έ͍ͨ 9

    ར༻Λݕ౼தͰ͋Γɺ࠷৽ͷಈ޲Λ௫Έ͍ͨ 10 །Ұͷ্ڃऀ޲͚ηογϣϯ͔ͩΒ 2 FOSSϓϩδΣΫτϝϯόʔͷ ࿩Λฉ͍ͯΈ͔ͨͬͨ 3 SpotBugsϓϩδΣΫτࣗମʹؔ৺͕͋Δ 13 ϕͬɺผʹՋ͔ͩͬͨΒ དྷ͚ͨͩͳΜ͔ͩΒͶʂ 2

  3. #ccc_l3 ONE MORE SUDDENLY SURVEY ͞ΒʹಥવͰ͕͢ΞϯέʔτͰ͢ 3 ΧςΰϦ ਓ਺ʢෳ਺ճ౴ෆՄʣ FindBugs2.xΛ

    ࢖͍ͬͯΔ 4 FindBugs3.0Λ ࢖͍ͬͯΔ 11 SpotBugs3.1Λ ࢖͍ͬͯΔ 3 ͲΕ΋࢖ͬͯͳ͍͚Ͳ ਂ෵Λ೷͖ʹདྷͨ 4

  4. #ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷ໨త • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔ໰୊ͷ঺հ • ੩తղੳπʔϧͷߋͳΔਂ෵ʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ

    • ͍ͭ·Ͱͨͬͯ΋Java9/10ରԠ͕͞Εͳ͍ࣄ৅ͷղઆ • ͋ΘΑ͘͹ίϯτϦϏϡʔλΛ୳͍ͨ͠ 4

  5. #ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷ໨త • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔ໰୊ͷ঺հ • ੩తղੳπʔϧͷߋͳΔਂ෵ʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ

    • ͍ͭ·Ͱͨͬͯ΋Java9/10ରԠ͕͞Εͳ͍ࣄ৅ͷղઆ • ͋ΘΑ͘͹ίϯτϦϏϡʔλΛ୳͍ͨ͠ 5 TWEET͢Δ࣌ʹ ࢖ͬͯͶʂ

  6. #ccc_l3 FOR WHO IS CONSIDERING TO USE SpotBugs… SpotBugsͷར༻Λݕ౼͞Ε͍ͯΔํʹ͸…… •

    ڈ೥ͷηογϣϯ͕໾ཱ͔ͭ΋͠Ε·ͤΜ • SpotBugs(FindBugs)ʹΑΔ େن໛ERPͷίʔυ඼࣭վળ
 • ࠓ೔ͷ࿩͸ʮ࠷৽ͷJavaʹద༻Ͱ͖͍ͯͳ͍෦෼͕͋ΔΜͩͳʔʯ ͘Β͍Ͱ೺ѲͰ͖Ε͹େৎ෉Ͱ͢ • Speaker DeckͰεϥΠυΛެ։༧ఆ 6

  7. #ccc_l3 ABOUT SPEAKER εϐʔΧʔʹ͍ͭͯ • https://github.com/ KengoTODA/ • VP of

    Dev at worksap.com • ήʔϜ͕࡞Γͨͯ͘HSP2ʹख Λग़͠ɺϑϦʔιϑτ΢ΣΞ ࡞ՈΛܦͯR&D΁ • SpotBugsͷதͷਓ 7

  8. #ccc_l3 ABOUT SpotBugs SpotBugsͱ͸ • JavaքͰஶ໊ͩͬͨ੩తղੳπʔ ϧFindBugsͷޙܧϓϩδΣΫτ • FindBugsίϛϡχςΟʹ͓͚ Δྫͷ݅ͷహ຤ɺͦͯ͠

    SpotBugsͱ͸Կ͔ • FindBugsͷޙܧͱͯ͠ͷ SpotBugsͷ঺հ • 2016೥11݄ʹൃ଍ • 2017೥10݄ʹ3.1.0ΛϦϦʔε 8

  9. #ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ৘ • 3.1.0ϦϦʔεޙ΋ܧଓͯ҆͠ఆ൛ΛϦϦʔε •

    3.1.3Λ2018೥4݄ʹϦϦʔεࡁΈ • Maven, Gradle, SonarQubeͷϓϥάΠϯ΋ಉ༷ʹߋ৽த • Maven Central AnalysisʹΑΔͱɺ2018೥3݄ͷؒʹFindBugs͕ ໿178,000 DLɺSpotBugs͸໿22,500 DL • ࠷৽ͷ৘ใ͸GitHub IssueͰެ։த 9

  10. #ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ৘ • ҰํͰɺ4.0.0։ൃ͸ਐΜͰ͍ͳ͍͠Java9ରԠ΋์ஔؾຯ •

    ຊ೔͸͜ͷ͋ͨΓΛ۷ΓԼ͛ͯղઆ͠·͢ 10

  11. #ccc_l3 WHY SUPPORT FOR NEW JAVA IS SO SLOW ৽JAVAରԠ͕஗͘ͳΔϫέ

    • ΫϥεϑΝΠϧղੳʹ࢖͍ͬͯΔApache BCELͱObjectWeb ASMͷ ߋ৽Λ଴ͭඞཁ͕͋Δ • ಛʹBCEL͸ߋ৽͕஗͘ɺBCELىҼͷ໰୊Λൃݟ͔ͯ͠Βमਖ਼൛ ͷϦϦʔε·Ͱʹ9ϲ݄͔͔͍ۙͬͯ͘Δɻ • ϨΨγʔͳ࣮૷͕ଟ͘ɺࠜຊղܾʹSpotBugs಺෦࣮૷ͷେ͖ͳมߋ Λ൐͏͜ͱ͕ଟ͍ɻ 11

  12. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • #493:

    Try-with-resources and java9 shows bugs • Java9Ͱtry-with-resourcesͷ࣮૷ʹ৽͍͠࠷దԽ͕ೖͬͨ • $closeResourceͱ͍͏private staticϝιουΛࣗಈੜ੒͢Δ͜ͱ ͰɺόΠτίʔυΛ࠶ར༻ɻ2ͭҎ্ͷϦιʔεΛclose͢Δࡍʹ ར༻͞ΕΔɻ • ͜ͷϝιου͸ThrowableͱAutoCloseableΛҾ਺ʹͱΔɻ • ͜ͷ࠷దԽ͕OBL_UNSATISFIED_OBLIGATIONͷޡݕ஌ΛҾ͖ى ͨ͜͠ɻ 12

  13. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ 13

  14. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • 2ͭͷAutoCloseableͳม਺Λ

    ࣋ͭtry-with-resources͸ӈه ͷΑ͏ʹల։͞ΕΔ • $closeResourceͷҾ਺ʹ͸
 ˏWillCloseΞϊςʔγϣϯ͕ ແ͍ • ˏWillCloseΞϊςʔγϣϯ͕ ͋Δ͜ͱʹ͢Ε͹ղܾʁ 14

  15. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • Closeable͸Java

    1.5͔ΒɺAutoCloseable͸Java 1.7͔Β • SpotBugs͸͜͏ͨ͠ΠϯλϑΣʔεͷଘࡏΛલఏʹ͠ͳ͍ʂ • ΜʁͲ͏͍͏͜ͱʁ 15

  16. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • SpotBugs͸Ϋϥε͝ͱʹঢ়ଶΛ؅ཧ͢Δ

    • java.io.Writer͕࡞ΒΕͨΒɺjava.io.Writer#close()͕ݺ͹Εͳ͚Ε͹ͳ Βͳ͍ʢ͋Δ͍͸ࢠΫϥεͷ࣮૷Ͱ΋ྑ͍ʣ • java.io.Reader͕࡞ΒΕͨΒɺjava.io.Reader#close()͕ݺ͹Εͳ͚Ε͹ͳ Βͳ͍ʢಉ্ʣ • java.io.Writerʹରͯ͠java.lang.AutoCloseable#close()ΛݺΜͰ΋Ϧιʔ εΛดͨ͜͡ͱʹͳΒͳ͍ʂ • Writer΍Readerͷ਌Ϋϥεɺ͋Δ͍͸ΠϯλϑΣʔεʹclose()Λ࣋ͬ ͍ͯΔՄೳੑΛߟ͑ͯͳ͍ʂ 16

  17. #ccc_l3 • ͭ·ΓɺCommons IOͷ࣌୅ͳΒ໰୊ͳ͔ͬͨ • IOUtils.closeQuietly(java.io.Writer) • IOUtils.closeQuietly(java.io.Reader) • JavaͷਐԽʹ͍ͭͯߦ͚ͯͳ͍ྑ͍ࣄྫ

    17 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)

  18. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • ଞʹ΋͋Δঢ়ଶ؅ཧͷ᠘

    • #79: StatementΛดͨ͡ΒResultSet΋ด͡ΒΕͨͱͯ͠ѻ͏΂͖ • #552: Lambda͔ΒLambda֎ͷม਺Λࢀর͢Δͱ͖ʹNullable νΣοΫ͕ಇ͔ͳ͍ • #603: this.foo = Objects.requireNonNull(foo); ͕ EI_EXPOSE_REP2ʢ಺෦ঢ়ଶͷΫϥε֎࿐ग़ʣʹͳΒͳ͍ 18

  19. #ccc_l3 • SpotBugs Annotationͷ໰୊ • Java 1.8 ܕύϥϝʔλʹର͢Δαϙʔτ͕ͳ͍ • JSR305ʢDormant=ٳࢭঢ়ଶʣ΁ͷґଘ

    19 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

  20. #ccc_l3 • #470: @NonNull,@NullableʹTYPE_USE,TYPE_PARAMETERΛ௥Ճ • List<@NonNull String> ͱॻ͚ΔΑ͏ʹͳΔ • Ξϊςʔγϣϯͷมߋ͚ͩͳΒ؆୯͕ͩ……

    • ͦ΋ͦ΋SpotBugsࣗମ͕ܕύϥϝʔλͷͳ͍࣌୅ͷ࢈෺ͳͷ Ͱɺج൫෦෼ʹมߋ͕ඞཁͱࢥΘΕΔ 20 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

  21. #ccc_l3 • #421: JSR305΁ͷґଘΛஅͭ • SpotBugsͷΞϊςʔγϣϯ͸JSR305Ξϊςʔγϣϯʹର͢Δ TypeQualifierNicknameͱ࣮ͯ͠૷͞Ε͍ͯΔ • javax.annotation.meta.When౳΁ͷґଘ͕֤ॴʹࢄΒ͹͍ͬͯΔ •

    InconsistentAnnotations, FindNullDerefͳͲ • େ޻ࣄʹͳΔ͜ͱඞఆ 21 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

  22. #ccc_l3 • ୅ସͱͳΔιϦϡʔγϣϯ • Checkerframeworkͷ@NullableDeclͳͲ • Google error-proneͷ@CheckReturnValueͳͲ 22 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎

    PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

  23. #ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝୊ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #249: Performance improvements

    • ϚϧνεϨουԽ͍͕ͨ͠BCEL͕ωοΫ • SpotBugsͷ֤ΠϯελϯεʢಛʹIAnalysisCacheؔ࿈ʣͷϥΠϑ αΠΫϧ΋஫ҙ͕ඞཁ 23

  24. #ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝୊ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #591: Resource Leak

    • ϑΝΠϧϋϯυϥ͕ϦʔΫ͢ΔՄೳੑ͕͋Δ • MavenϚϧνϞδϡʔϧͳͲͰக໋తʹͳΓಘΔ 24

  25. ·ͱΊ 25 #ccc_l3

  26. #ccc_l3 FOR USERS… Ϣʔβ޲͚·ͱΊ • OBL_UNSATISFIED_OBLIGATIONʹ͸ط஌ͷޡݕ஌όά͋Γɺ Java9Ҏ߱Ͱ࢖͏৔߹͸ཁ஫ҙ • @NullableΞϊςʔγϣϯ౳͸Lambdaͱ૊Έ߹ΘͤΔͱޡݕ஌Λ
 Ҿ͖ى͜͠΍͍͢ͱࢥΘΕΔ

    • ෆఆظʹύονϦϦʔεΛग़͍ͯ͠ΔͷͰɺGitHubϓϩδΣΫτͷ ͜·Ίͳ֬ೝΛਪ঑ 26

  27. #ccc_l3 FOR CONTRIBUTORS… ίϯτϦϏϡʔλ޲͚·ͱΊ • طଘ੡඼ͷབྷ·ΓΛղ͖΄͙͢ͷ͕޷͖ͳΒΦεεϝʂ • طʹଟ਺ͷϢʔβ͕͍͍ͭͯͯɺଧͯ͹ڹ͘؀ڥ • ίʔυϕʔε͋·Γେ͖͘ͳ͍ʢAntͱMaven͸ফ͠͞Γ·ͨ͠ʣ

    • ՝୊ͳΒࢁͷΑ͏ʹ͋Γ·͢ • ӳޠͷਖ਼֬ੑ͸͋Μ·Γؾʹ͠ͳ͍Ͱ͍͍Αʂ • ࢲ΋ͣͬͱKendoͱݺ͹Εͯ·͢ 27

  28. Q&A 28 #ccc_l3