Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
SpotBugs3.1.xの現状と 内部実装が抱える問題
Kengo TODA
May 26, 2018
Technology
0
2.6k
SpotBugs3.1.xの現状と 内部実装が抱える問題
http://www.java-users.jp/ccc2018spring/#/session/8cfd00b7-6366-4107-be9c-df58cc57de2f
Kengo TODA
May 26, 2018
Tweet
Share
More Decks by Kengo TODA
See All by Kengo TODA
Goodbye JSR305, Hello JSpecify!
eller86
2
3.4k
Java8〜16におけるバイトコード生成の変化 / Changes of Bytecode Generation from Java 8 to 16
eller86
4
3.3k
Javaプログラミングの体験向上に関する活動 / DX enhancement around Java programming
eller86
0
3.3k
静的解析ツールで生産性向上
eller86
1
510
Building Java App in 2019
eller86
0
62
Project Reactor
eller86
1
110
JJUG_CCC_2017_Spring2.pdf
eller86
0
42
JJUG_CCC_2017_Spring_to_upload.pdf
eller86
0
25
集えFindBugsマスター! ~ SpotBugs 3.1.0 RC2 のご紹介 ~
eller86
0
1.7k
Other Decks in Technology
See All in Technology
CloudWatchアラームによるサービス継続のための監視入門 / Introduction to Monitoring for Service Continuity with CloudWatch Alarms
inomasosan
1
410
テクニカルライティングの検定を受けてみた話 / "My Story About Taking the Technical Writing Exam
line_developers
PRO
1
200
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
10
19k
psql, my favorite tool!
nuko_yokohama
1
180
Djangoで組織とユーザーの権限管理をやってみよう #devio2022
seiichi1101
0
370
IBM Cloud Festa Online 2022 Summer
1ftseabass
PRO
0
190
DevelopersIO 2022 俺のTerraform Pipeline
takakuni
0
430
ソフトウェアアーキテクチャの基礎: Software Architecture in a Nutshell
snoozer05
28
8.4k
ロボットの実行すらメンドクサイ!?
kou12092
0
120
AutoMLを利用した機械学習モデル構築時に意識すること
sbtechnight
0
150
JAWS-UG 朝会 #36 登壇資料
takakuni
1
530
疎ベクトル検索と密ベクトル検索: 第68回 Machine Learning 15minutes! Broadcast
keyakkie
1
240
Featured
See All Featured
Designing with Data
zakiwarfel
91
4k
Building an army of robots
kneath
298
40k
GraphQLとの向き合い方2022年版
quramy
16
8.4k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_i
25
15k
Clear Off the Table
cherdarchuk
79
290k
Practical Orchestrator
shlominoach
178
8.7k
Art, The Web, and Tiny UX
lynnandtonic
280
18k
Building a Scalable Design System with Sketch
lauravandoore
448
30k
Three Pipe Problems
jasonvnalue
89
8.7k
Rails Girls Zürich Keynote
gr2m
87
12k
Adopting Sorbet at Scale
ufuk
63
7.6k
A Philosophy of Restraint
colly
192
15k
Transcript
SpotBugs3.1.xͷݱঢ়ͱ ෦๊࣮͕͑Δ JJUG CCC 2018 SPRING 1
#ccc_l3 SUDDENLY SURVEY ಥવͰ͕͢ΞϯέʔτͰ͢ 2 ΧςΰϦ ਓʢෳճՄʣ ։ൃͰSpotBugsΛ͓ͬͯΓɺ ࠷৽ͷಈΛ௫Έ͍ͨ 9
ར༻Λݕ౼தͰ͋Γɺ࠷৽ͷಈΛ௫Έ͍ͨ 10 །Ұͷ্ڃऀ͚ηογϣϯ͔ͩΒ 2 FOSSϓϩδΣΫτϝϯόʔͷ Λฉ͍ͯΈ͔ͨͬͨ 3 SpotBugsϓϩδΣΫτࣗମʹؔ৺͕͋Δ 13 ϕͬɺผʹՋ͔ͩͬͨΒ དྷ͚ͨͩͳΜ͔ͩΒͶʂ 2
#ccc_l3 ONE MORE SUDDENLY SURVEY ͞ΒʹಥવͰ͕͢ΞϯέʔτͰ͢ 3 ΧςΰϦ ਓʢෳճෆՄʣ FindBugs2.xΛ
͍ͬͯΔ 4 FindBugs3.0Λ ͍ͬͯΔ 11 SpotBugs3.1Λ ͍ͬͯΔ 3 ͲΕͬͯͳ͍͚Ͳ ਂΛ͖ʹདྷͨ 4
#ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷత • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔͷհ • ੩తղੳπʔϧͷߋͳΔਂʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ
• ͍ͭ·ͰͨͬͯJava9/10ରԠ͕͞Εͳ͍ࣄͷղઆ • ͋ΘΑ͘ίϯτϦϏϡʔλΛ୳͍ͨ͠ 4
#ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷత • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔͷհ • ੩తղੳπʔϧͷߋͳΔਂʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ
• ͍ͭ·ͰͨͬͯJava9/10ରԠ͕͞Εͳ͍ࣄͷղઆ • ͋ΘΑ͘ίϯτϦϏϡʔλΛ୳͍ͨ͠ 5 TWEET͢Δ࣌ʹ ͬͯͶʂ
#ccc_l3 FOR WHO IS CONSIDERING TO USE SpotBugs… SpotBugsͷར༻Λݕ౼͞Ε͍ͯΔํʹ…… •
ڈͷηογϣϯཱ͕͔ͭ͠Ε·ͤΜ • SpotBugs(FindBugs)ʹΑΔ େنERPͷίʔυ࣭վળ • ࠓͷʮ࠷৽ͷJavaʹద༻Ͱ͖͍ͯͳ͍෦͕͋ΔΜͩͳʔʯ ͘Β͍ͰѲͰ͖ΕେৎͰ͢ • Speaker DeckͰεϥΠυΛެ։༧ఆ 6
#ccc_l3 ABOUT SPEAKER εϐʔΧʔʹ͍ͭͯ • https://github.com/ KengoTODA/ • VP of
Dev at worksap.com • ήʔϜ͕࡞Γͨͯ͘HSP2ʹख Λग़͠ɺϑϦʔιϑτΣΞ ࡞ՈΛܦͯR&D • SpotBugsͷதͷਓ 7
#ccc_l3 ABOUT SpotBugs SpotBugsͱ • JavaքͰஶ໊ͩͬͨ੩తղੳπʔ ϧFindBugsͷޙܧϓϩδΣΫτ • FindBugsίϛϡχςΟʹ͓͚ Δྫͷ݅ͷహɺͦͯ͠
SpotBugsͱԿ͔ • FindBugsͷޙܧͱͯ͠ͷ SpotBugsͷհ • 201611݄ʹൃ • 201710݄ʹ3.1.0ΛϦϦʔε 8
#ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ • 3.1.0ϦϦʔεޙܧଓͯ҆͠ఆ൛ΛϦϦʔε •
3.1.3Λ20184݄ʹϦϦʔεࡁΈ • Maven, Gradle, SonarQubeͷϓϥάΠϯಉ༷ʹߋ৽த • Maven Central AnalysisʹΑΔͱɺ20183݄ͷؒʹFindBugs͕ 178,000 DLɺSpotBugs22,500 DL • ࠷৽ͷใGitHub IssueͰެ։த 9
#ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ • ҰํͰɺ4.0.0։ൃਐΜͰ͍ͳ͍͠Java9ରԠ์ஔؾຯ •
ຊ͜ͷ͋ͨΓΛ۷ΓԼ͛ͯղઆ͠·͢ 10
#ccc_l3 WHY SUPPORT FOR NEW JAVA IS SO SLOW ৽JAVAରԠ͕͘ͳΔϫέ
• ΫϥεϑΝΠϧղੳʹ͍ͬͯΔApache BCELͱObjectWeb ASMͷ ߋ৽Λͭඞཁ͕͋Δ • ಛʹBCELߋ৽͕͘ɺBCELىҼͷΛൃݟ͔ͯ͠Βमਖ਼൛ ͷϦϦʔε·Ͱʹ9ϲ݄͔͔͍ۙͬͯ͘Δɻ • ϨΨγʔͳ࣮͕ଟ͘ɺࠜຊղܾʹSpotBugs෦࣮ͷେ͖ͳมߋ Λ͏͜ͱ͕ଟ͍ɻ 11
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • #493:
Try-with-resources and java9 shows bugs • Java9Ͱtry-with-resourcesͷ࣮ʹ৽͍͠࠷దԽ͕ೖͬͨ • $closeResourceͱ͍͏private staticϝιουΛࣗಈੜ͢Δ͜ͱ ͰɺόΠτίʔυΛ࠶ར༻ɻ2ͭҎ্ͷϦιʔεΛclose͢Δࡍʹ ར༻͞ΕΔɻ • ͜ͷϝιουThrowableͱAutoCloseableΛҾʹͱΔɻ • ͜ͷ࠷దԽ͕OBL_UNSATISFIED_OBLIGATIONͷޡݕΛҾ͖ى ͨ͜͠ɻ 12
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ 13
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • 2ͭͷAutoCloseableͳมΛ
࣋ͭtry-with-resourcesӈه ͷΑ͏ʹల։͞ΕΔ • $closeResourceͷҾʹ ˏWillCloseΞϊςʔγϣϯ͕ ແ͍ • ˏWillCloseΞϊςʔγϣϯ͕ ͋Δ͜ͱʹ͢Εղܾʁ 14
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • CloseableJava
1.5͔ΒɺAutoCloseableJava 1.7͔Β • SpotBugs͜͏ͨ͠ΠϯλϑΣʔεͷଘࡏΛલఏʹ͠ͳ͍ʂ • ΜʁͲ͏͍͏͜ͱʁ 15
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • SpotBugsΫϥε͝ͱʹঢ়ଶΛཧ͢Δ
• java.io.Writer͕࡞ΒΕͨΒɺjava.io.Writer#close()͕ݺΕͳ͚Εͳ Βͳ͍ʢ͋Δ͍ࢠΫϥεͷ࣮Ͱྑ͍ʣ • java.io.Reader͕࡞ΒΕͨΒɺjava.io.Reader#close()͕ݺΕͳ͚Εͳ Βͳ͍ʢಉ্ʣ • java.io.Writerʹରͯ͠java.lang.AutoCloseable#close()ΛݺΜͰϦιʔ εΛดͨ͜͡ͱʹͳΒͳ͍ʂ • WriterReaderͷΫϥεɺ͋Δ͍ΠϯλϑΣʔεʹclose()Λ࣋ͬ ͍ͯΔՄೳੑΛߟ͑ͯͳ͍ʂ 16
#ccc_l3 • ͭ·ΓɺCommons IOͷ࣌ͳΒͳ͔ͬͨ • IOUtils.closeQuietly(java.io.Writer) • IOUtils.closeQuietly(java.io.Reader) • JavaͷਐԽʹ͍ͭͯߦ͚ͯͳ͍ྑ͍ࣄྫ
17 ϨΨγʔ࣮ىҼͷɹͦͷ̍ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • ଞʹ͋Δঢ়ଶཧͷ᠘
• #79: StatementΛดͨ͡ΒResultSetด͡ΒΕͨͱͯ͠ѻ͏͖ • #552: Lambda͔ΒLambda֎ͷมΛࢀর͢Δͱ͖ʹNullable νΣοΫ͕ಇ͔ͳ͍ • #603: this.foo = Objects.requireNonNull(foo); ͕ EI_EXPOSE_REP2ʢ෦ঢ়ଶͷΫϥε֎࿐ग़ʣʹͳΒͳ͍ 18
#ccc_l3 • SpotBugs Annotationͷ • Java 1.8 ܕύϥϝʔλʹର͢Δαϙʔτ͕ͳ͍ • JSR305ʢDormant=ٳࢭঢ়ଶʣͷґଘ
19 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • #470: @NonNull,@NullableʹTYPE_USE,TYPE_PARAMETERΛՃ • List<@NonNull String> ͱॻ͚ΔΑ͏ʹͳΔ • Ξϊςʔγϣϯͷมߋ͚ͩͳΒ؆୯͕ͩ……
• ͦͦSpotBugsࣗମ͕ܕύϥϝʔλͷͳ͍࣌ͷ࢈ͳͷ Ͱɺج൫෦ʹมߋ͕ඞཁͱࢥΘΕΔ 20 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • #421: JSR305ͷґଘΛஅͭ • SpotBugsͷΞϊςʔγϣϯJSR305Ξϊςʔγϣϯʹର͢Δ TypeQualifierNicknameͱ࣮ͯ͠͞Ε͍ͯΔ • javax.annotation.meta.Whenͷґଘ͕֤ॴʹࢄΒ͍ͬͯΔ •
InconsistentAnnotations, FindNullDerefͳͲ • େࣄʹͳΔ͜ͱඞఆ 21 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • ସͱͳΔιϦϡʔγϣϯ • Checkerframeworkͷ@NullableDeclͳͲ • Google error-proneͷ@CheckReturnValueͳͲ 22 ϨΨγʔ࣮ىҼͷɹͦͷ̎
PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #249: Performance improvements
• ϚϧνεϨουԽ͍͕ͨ͠BCEL͕ωοΫ • SpotBugsͷ֤ΠϯελϯεʢಛʹIAnalysisCacheؔ࿈ʣͷϥΠϑ αΠΫϧҙ͕ඞཁ 23
#ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #591: Resource Leak
• ϑΝΠϧϋϯυϥ͕ϦʔΫ͢ΔՄೳੑ͕͋Δ • MavenϚϧνϞδϡʔϧͳͲͰக໋తʹͳΓಘΔ 24
·ͱΊ 25 #ccc_l3
#ccc_l3 FOR USERS… Ϣʔβ͚·ͱΊ • OBL_UNSATISFIED_OBLIGATIONʹطͷޡݕόά͋Γɺ Java9Ҏ߱Ͱ͏߹ཁҙ • @NullableΞϊςʔγϣϯLambdaͱΈ߹ΘͤΔͱޡݕΛ Ҿ͖ى͍͜͢͠ͱࢥΘΕΔ
• ෆఆظʹύονϦϦʔεΛग़͍ͯ͠ΔͷͰɺGitHubϓϩδΣΫτͷ ͜·Ίͳ֬ೝΛਪ 26
#ccc_l3 FOR CONTRIBUTORS… ίϯτϦϏϡʔλ͚·ͱΊ • طଘͷབྷ·ΓΛղ͖΄͙͢ͷ͕͖ͳΒΦεεϝʂ • طʹଟͷϢʔβ͕͍͍ͭͯͯɺଧͯڹ͘ڥ • ίʔυϕʔε͋·Γେ͖͘ͳ͍ʢAntͱMavenফ͠͞Γ·ͨ͠ʣ
• ՝ͳΒࢁͷΑ͏ʹ͋Γ·͢ • ӳޠͷਖ਼֬ੑ͋Μ·Γؾʹ͠ͳ͍Ͱ͍͍Αʂ • ࢲͣͬͱKendoͱݺΕͯ·͢ 27
Q&A 28 #ccc_l3
eller86
inomasosan
line_developers
oracle4engineer
nuko_yokohama
seiichi1101
1ftseabass
takakuni
snoozer05
kou12092
sbtechnight
keyakkie
zakiwarfel
kneath
quramy
aki_i
cherdarchuk
shlominoach
lynnandtonic
lauravandoore
jasonvnalue
gr2m
ufuk
colly
