Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SpotBugs3.1.xの現状と
内部実装が抱える問題

Kengo TODA
May 26, 2018
Technology
0
2.7k

 SpotBugs3.1.xの現状と
内部実装が抱える問題

http://www.java-users.jp/ccc2018spring/#/session/8cfd00b7-6366-4107-be9c-df58cc57de2f

Kengo TODA

May 26, 2018
Tweet

More Decks by Kengo TODA

See All by Kengo TODA
医療機関向けシステムの信頼性 / Reliability of systems for medical institutions
eller86
0
91
Server-side Kotlinを使うスタートアップでどんなDetektルールが育ったか / Detekt rules made in start-up working with Server-side Kotlin
eller86
0
390
Java開発者向けのKotlin Gradleビルドスクリプト入門 / Gradle Build Script in Kotlin 101
eller86
0
640
Goodbye JSR305, Hello JSpecify!
eller86
2
3.7k
Java8〜16におけるバイトコード生成の変化 / Changes of Bytecode Generation from Java 8 to 16
eller86
4
3.5k
Javaプログラミングの体験向上に関する活動 / DX enhancement around Java programming
eller86
0
3.4k
静的解析ツールで生産性向上
eller86
1
650
Building Java App in 2019
eller86
0
74
Project Reactor
eller86
1
110

Other Decks in Technology

See All in Technology
ローコードで実現するDevOps ~継続的テスト編~
odasho
1
110
CSS-in-JS は本当にもうだめなのか?
you5805
1
1.9k
6G/テラヘルツの取り組み
sbtechnight
PRO
0
450
人生がときめく自宅ネットワークの魔法
tatematsu_san
0
200
竹芝地区のデジタルツイン開発と3D人流シミュレーション開発
sbtechnight
PRO
0
350
赤裸々図解!新卒3年目でマネジメントもこなすフルスタックエンジニアになるまで
mizunohiroaki
0
290
可読性を高めるためのコードレビューテクニック
sbtechnight
PRO
0
460
エラーログをAlertで引っ掛けるときにEventTimer使ってみた話
sparty
0
150
ペタバイト、30プロダクトを超えて成長を続けるデータ基盤の歴史
dena_tech
PRO
0
130
NIST SP800-63-4 IPD 63A: Identity Proofing 概要紹介
kthrtty
0
390
売上と開発環境を同時に改善するためにPerl Webアプリケーションをどのようにリプレイスするか
masashi_sutou
0
220
量子コンピュータ時代のプログラミングセミナー / 20230316_Amplify_seminar _route_planning_optimization
fixstars
0
140

Featured

See All Featured
VelocityConf: Rendering Performance Case Studies
addyosmani
317
22k
Automating Front-end Workflow
addyosmani
1351
200k
The Web Native Designer (August 2011)
paulrobertlloyd
77
2.3k
Design by the Numbers
sachag
271
18k
Build your cross-platform service in a week with App Engine
jlugia
221
17k
Building a Scalable Design System with Sketch
lauravandoore
451
31k
Visualization
eitanlees
129
12k
What's in a price? How to price your products and services
michaelherold
233
9.8k
The Invisible Side of Design
smashingmag
292
49k
Robots, Beer and Maslow
schacon
154
7.4k
Building Flexible Design Systems
yeseniaperezcruz
314
35k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
121
29k

Transcript

  1. SpotBugs3.1.xͷݱঢ়ͱ

    ಺෦࣮૷๊͕͑Δ໰୊
    JJUG CCC 2018 SPRING
    1

    View Slide

  2. #ccc_l3
    SUDDENLY SURVEY
    ಥવͰ͕͢ΞϯέʔτͰ͢
    2
    ΧςΰϦ ਓ਺ʢෳ਺ճ౴Մʣ
    ։ൃͰSpotBugsΛ࢖͓ͬͯΓɺ

    ࠷৽ͷಈ޲Λ௫Έ͍ͨ
    9
    ར༻Λݕ౼தͰ͋Γɺ࠷৽ͷಈ޲Λ௫Έ͍ͨ 10
    །Ұͷ্ڃऀ޲͚ηογϣϯ͔ͩΒ 2
    FOSSϓϩδΣΫτϝϯόʔͷ
    ࿩Λฉ͍ͯΈ͔ͨͬͨ
    3
    SpotBugsϓϩδΣΫτࣗମʹؔ৺͕͋Δ 13
    ϕͬɺผʹՋ͔ͩͬͨΒ
    དྷ͚ͨͩͳΜ͔ͩΒͶʂ
    2

    View Slide

  3. #ccc_l3
    ONE MORE SUDDENLY SURVEY
    ͞ΒʹಥવͰ͕͢ΞϯέʔτͰ͢
    3
    ΧςΰϦ ਓ਺ʢෳ਺ճ౴ෆՄʣ
    FindBugs2.xΛ
    ࢖͍ͬͯΔ
    4
    FindBugs3.0Λ
    ࢖͍ͬͯΔ
    11
    SpotBugs3.1Λ
    ࢖͍ͬͯΔ
    3
    ͲΕ΋࢖ͬͯͳ͍͚Ͳ
    ਂ෵Λ೷͖ʹདྷͨ
    4

    View Slide

  4. #ccc_l3
    OBJECTIVE OF THIS SESSION
    ͜ͷηογϣϯͷ໨త
    • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔ໰୊ͷ঺հ
    • ੩తղੳπʔϧͷߋͳΔਂ෵ʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ
    • ͍ͭ·Ͱͨͬͯ΋Java9/10ରԠ͕͞Εͳ͍ࣄ৅ͷղઆ
    • ͋ΘΑ͘͹ίϯτϦϏϡʔλΛ୳͍ͨ͠
    4

    View Slide

  5. #ccc_l3
    OBJECTIVE OF THIS SESSION
    ͜ͷηογϣϯͷ໨త
    • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔ໰୊ͷ঺հ
    • ੩తղੳπʔϧͷߋͳΔਂ෵ʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ
    • ͍ͭ·Ͱͨͬͯ΋Java9/10ରԠ͕͞Εͳ͍ࣄ৅ͷղઆ
    • ͋ΘΑ͘͹ίϯτϦϏϡʔλΛ୳͍ͨ͠
    5
    TWEET͢Δ࣌ʹ
    ࢖ͬͯͶʂ

    View Slide

  6. #ccc_l3
    FOR WHO IS CONSIDERING TO USE SpotBugs…
    SpotBugsͷར༻Λݕ౼͞Ε͍ͯΔํʹ͸……
    • ڈ೥ͷηογϣϯ͕໾ཱ͔ͭ΋͠Ε·ͤΜ
    • SpotBugs(FindBugs)ʹΑΔ େن໛ERPͷίʔυ඼࣭վળ

    • ࠓ೔ͷ࿩͸ʮ࠷৽ͷJavaʹద༻Ͱ͖͍ͯͳ͍෦෼͕͋ΔΜͩͳʔʯ
    ͘Β͍Ͱ೺ѲͰ͖Ε͹େৎ෉Ͱ͢
    • Speaker DeckͰεϥΠυΛެ։༧ఆ
    6

    View Slide

  7. #ccc_l3
    ABOUT SPEAKER
    εϐʔΧʔʹ͍ͭͯ
    • https://github.com/
    KengoTODA/
    • VP of Dev at worksap.com
    • ήʔϜ͕࡞Γͨͯ͘HSP2ʹख
    Λग़͠ɺϑϦʔιϑτ΢ΣΞ
    ࡞ՈΛܦͯR&D΁
    • SpotBugsͷதͷਓ
    7

    View Slide

  8. #ccc_l3
    ABOUT SpotBugs
    SpotBugsͱ͸
    • JavaքͰஶ໊ͩͬͨ੩తղੳπʔ
    ϧFindBugsͷޙܧϓϩδΣΫτ
    • FindBugsίϛϡχςΟʹ͓͚
    Δྫͷ݅ͷహ຤ɺͦͯ͠
    SpotBugsͱ͸Կ͔
    • FindBugsͷޙܧͱͯ͠ͷ
    SpotBugsͷ঺հ
    • 2016೥11݄ʹൃ଍
    • 2017೥10݄ʹ3.1.0ΛϦϦʔε
    8

    View Slide

  9. #ccc_l3
    RECENT STATUS OF STABLE RELEASE
    ࠷ۙͷ҆ఆ൛ࣄ৘
    • 3.1.0ϦϦʔεޙ΋ܧଓͯ҆͠ఆ൛ΛϦϦʔε
    • 3.1.3Λ2018೥4݄ʹϦϦʔεࡁΈ
    • Maven, Gradle, SonarQubeͷϓϥάΠϯ΋ಉ༷ʹߋ৽த
    • Maven Central AnalysisʹΑΔͱɺ2018೥3݄ͷؒʹFindBugs͕
    ໿178,000 DLɺSpotBugs͸໿22,500 DL
    • ࠷৽ͷ৘ใ͸GitHub IssueͰެ։த
    9

    View Slide

  10. #ccc_l3
    RECENT STATUS OF STABLE RELEASE
    ࠷ۙͷ҆ఆ൛ࣄ৘
    • ҰํͰɺ4.0.0։ൃ͸ਐΜͰ͍ͳ͍͠Java9ରԠ΋์ஔؾຯ
    • ຊ೔͸͜ͷ͋ͨΓΛ۷ΓԼ͛ͯղઆ͠·͢
    10

    View Slide

  11. #ccc_l3
    WHY SUPPORT FOR NEW JAVA IS SO SLOW
    ৽JAVAରԠ͕஗͘ͳΔϫέ
    • ΫϥεϑΝΠϧղੳʹ࢖͍ͬͯΔApache BCELͱObjectWeb ASMͷ
    ߋ৽Λ଴ͭඞཁ͕͋Δ
    • ಛʹBCEL͸ߋ৽͕஗͘ɺBCELىҼͷ໰୊Λൃݟ͔ͯ͠Βमਖ਼൛
    ͷϦϦʔε·Ͱʹ9ϲ݄͔͔͍ۙͬͯ͘Δɻ
    • ϨΨγʔͳ࣮૷͕ଟ͘ɺࠜຊղܾʹSpotBugs಺෦࣮૷ͷେ͖ͳมߋ
    Λ൐͏͜ͱ͕ଟ͍ɻ
    11

    View Slide

  12. #ccc_l3
    PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)
    ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍
    • #493: Try-with-resources and java9 shows bugs
    • Java9Ͱtry-with-resourcesͷ࣮૷ʹ৽͍͠࠷దԽ͕ೖͬͨ
    • $closeResourceͱ͍͏private staticϝιουΛࣗಈੜ੒͢Δ͜ͱ
    ͰɺόΠτίʔυΛ࠶ར༻ɻ2ͭҎ্ͷϦιʔεΛclose͢Δࡍʹ
    ར༻͞ΕΔɻ
    • ͜ͷϝιου͸ThrowableͱAutoCloseableΛҾ਺ʹͱΔɻ
    • ͜ͷ࠷దԽ͕OBL_UNSATISFIED_OBLIGATIONͷޡݕ஌ΛҾ͖ى
    ͨ͜͠ɻ
    12

    View Slide

  13. #ccc_l3
    PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)
    ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍
    13

    View Slide

  14. #ccc_l3
    PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)
    ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍
    • 2ͭͷAutoCloseableͳม਺Λ
    ࣋ͭtry-with-resources͸ӈه
    ͷΑ͏ʹల։͞ΕΔ
    • $closeResourceͷҾ਺ʹ͸

    ˏWillCloseΞϊςʔγϣϯ͕
    ແ͍
    • ˏWillCloseΞϊςʔγϣϯ͕
    ͋Δ͜ͱʹ͢Ε͹ղܾʁ
    14

    View Slide

  15. #ccc_l3
    PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)
    ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍
    • Closeable͸Java 1.5͔ΒɺAutoCloseable͸Java 1.7͔Β
    • SpotBugs͸͜͏ͨ͠ΠϯλϑΣʔεͷଘࡏΛલఏʹ͠ͳ͍ʂ
    • ΜʁͲ͏͍͏͜ͱʁ
    15

    View Slide

  16. #ccc_l3
    PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)
    ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍
    • SpotBugs͸Ϋϥε͝ͱʹঢ়ଶΛ؅ཧ͢Δ
    • java.io.Writer͕࡞ΒΕͨΒɺjava.io.Writer#close()͕ݺ͹Εͳ͚Ε͹ͳ
    Βͳ͍ʢ͋Δ͍͸ࢠΫϥεͷ࣮૷Ͱ΋ྑ͍ʣ
    • java.io.Reader͕࡞ΒΕͨΒɺjava.io.Reader#close()͕ݺ͹Εͳ͚Ε͹ͳ
    Βͳ͍ʢಉ্ʣ
    • java.io.Writerʹରͯ͠java.lang.AutoCloseable#close()ΛݺΜͰ΋Ϧιʔ
    εΛดͨ͜͡ͱʹͳΒͳ͍ʂ
    • Writer΍Readerͷ਌Ϋϥεɺ͋Δ͍͸ΠϯλϑΣʔεʹclose()Λ࣋ͬ
    ͍ͯΔՄೳੑΛߟ͑ͯͳ͍ʂ
    16

    View Slide

  17. #ccc_l3
    • ͭ·ΓɺCommons IOͷ࣌୅ͳΒ໰୊ͳ͔ͬͨ
    • IOUtils.closeQuietly(java.io.Writer)
    • IOUtils.closeQuietly(java.io.Reader)
    • JavaͷਐԽʹ͍ͭͯߦ͚ͯͳ͍ྑ͍ࣄྫ
    17
    ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍
    PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)

    View Slide

  18. #ccc_l3
    PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)
    ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍
    • ଞʹ΋͋Δঢ়ଶ؅ཧͷ᠘
    • #79: StatementΛดͨ͡ΒResultSet΋ด͡ΒΕͨͱͯ͠ѻ͏΂͖
    • #552: Lambda͔ΒLambda֎ͷม਺Λࢀর͢Δͱ͖ʹNullable
    νΣοΫ͕ಇ͔ͳ͍
    • #603: this.foo = Objects.requireNonNull(foo); ͕
    EI_EXPOSE_REP2ʢ಺෦ঢ়ଶͷΫϥε֎࿐ग़ʣʹͳΒͳ͍
    18

    View Slide

  19. #ccc_l3
    • SpotBugs Annotationͷ໰୊
    • Java 1.8 ܕύϥϝʔλʹର͢Δαϙʔτ͕ͳ͍
    • JSR305ʢDormant=ٳࢭঢ়ଶʣ΁ͷґଘ
    19
    ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎
    PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

    View Slide

  20. #ccc_l3
    • #470: @NonNull,@NullableʹTYPE_USE,TYPE_PARAMETERΛ௥Ճ
    • List ͱॻ͚ΔΑ͏ʹͳΔ
    • Ξϊςʔγϣϯͷมߋ͚ͩͳΒ؆୯͕ͩ……
    • ͦ΋ͦ΋SpotBugsࣗମ͕ܕύϥϝʔλͷͳ͍࣌୅ͷ࢈෺ͳͷ
    Ͱɺج൫෦෼ʹมߋ͕ඞཁͱࢥΘΕΔ
    20
    ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎
    PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

    View Slide

  21. #ccc_l3
    • #421: JSR305΁ͷґଘΛஅͭ
    • SpotBugsͷΞϊςʔγϣϯ͸JSR305Ξϊςʔγϣϯʹର͢Δ
    TypeQualifierNicknameͱ࣮ͯ͠૷͞Ε͍ͯΔ
    • javax.annotation.meta.When౳΁ͷґଘ͕֤ॴʹࢄΒ͹͍ͬͯΔ
    • InconsistentAnnotations, FindNullDerefͳͲ
    • େ޻ࣄʹͳΔ͜ͱඞఆ
    21
    ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎
    PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

    View Slide

  22. #ccc_l3
    • ୅ସͱͳΔιϦϡʔγϣϯ
    • Checkerframeworkͷ@NullableDeclͳͲ
    • Google error-proneͷ@CheckReturnValueͳͲ
    22
    ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎
    PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)

    View Slide

  23. #ccc_l3
    OTHER PROBLEMS IN SpotBugs
    ͦͷଞʹ՝୊ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ
    • #249: Performance improvements
    • ϚϧνεϨουԽ͍͕ͨ͠BCEL͕ωοΫ
    • SpotBugsͷ֤ΠϯελϯεʢಛʹIAnalysisCacheؔ࿈ʣͷϥΠϑ
    αΠΫϧ΋஫ҙ͕ඞཁ
    23

    View Slide

  24. #ccc_l3
    OTHER PROBLEMS IN SpotBugs
    ͦͷଞʹ՝୊ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ
    • #591: Resource Leak
    • ϑΝΠϧϋϯυϥ͕ϦʔΫ͢ΔՄೳੑ͕͋Δ
    • MavenϚϧνϞδϡʔϧͳͲͰக໋తʹͳΓಘΔ
    24

    View Slide

  25. ·ͱΊ
    25
    #ccc_l3

    View Slide

  26. #ccc_l3
    FOR USERS…
    Ϣʔβ޲͚·ͱΊ
    • OBL_UNSATISFIED_OBLIGATIONʹ͸ط஌ͷޡݕ஌όά͋Γɺ
    Java9Ҏ߱Ͱ࢖͏৔߹͸ཁ஫ҙ
    • @NullableΞϊςʔγϣϯ౳͸Lambdaͱ૊Έ߹ΘͤΔͱޡݕ஌Λ

    Ҿ͖ى͜͠΍͍͢ͱࢥΘΕΔ
    • ෆఆظʹύονϦϦʔεΛग़͍ͯ͠ΔͷͰɺGitHubϓϩδΣΫτͷ
    ͜·Ίͳ֬ೝΛਪ঑
    26

    View Slide

  27. #ccc_l3
    FOR CONTRIBUTORS…
    ίϯτϦϏϡʔλ޲͚·ͱΊ
    • طଘ੡඼ͷབྷ·ΓΛղ͖΄͙͢ͷ͕޷͖ͳΒΦεεϝʂ
    • طʹଟ਺ͷϢʔβ͕͍͍ͭͯͯɺଧͯ͹ڹ͘؀ڥ
    • ίʔυϕʔε͋·Γେ͖͘ͳ͍ʢAntͱMaven͸ফ͠͞Γ·ͨ͠ʣ
    • ՝୊ͳΒࢁͷΑ͏ʹ͋Γ·͢
    • ӳޠͷਖ਼֬ੑ͸͋Μ·Γؾʹ͠ͳ͍Ͱ͍͍Αʂ
    • ࢲ΋ͣͬͱKendoͱݺ͹Εͯ·͢
    27

    View Slide

  28. Q&A
    28
    #ccc_l3

    View Slide