Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SpotBugs3.1.xの現状と 内部実装が抱える問題
Search
Kengo TODA
May 26, 2018
Technology
0
3.3k
SpotBugs3.1.xの現状と 内部実装が抱える問題
http://www.java-users.jp/ccc2018spring/#/session/8cfd00b7-6366-4107-be9c-df58cc57de2f
Kengo TODA
May 26, 2018
Tweet
Share
More Decks by Kengo TODA
See All by Kengo TODA
生成AI 業務応用向けガイドライン 斜め読み / Overview of Generative AI Business Application Guidelines
eller86
0
160
KotlinユーザのためのJSpecify入門 / JSpecify 101 for Kotlin Devs
eller86
0
1.9k
JavaとGroovyで書かれたGradleプラグインをKotlinで書き直した話 / Converted a Gradle plugin from Groovy&Java to Kotlin
eller86
0
1.7k
ヒューマンスキル / The Humanskills
eller86
0
730
医療機関向けシステムの信頼性 / Reliability of systems for medical institutions
eller86
0
480
Server-side Kotlinを使うスタートアップでどんなDetektルールが育ったか / Detekt rules made in start-up working with Server-side Kotlin
eller86
0
1.6k
Java開発者向けのKotlin Gradleビルドスクリプト入門 / Gradle Build Script in Kotlin 101
eller86
1
2k
Goodbye JSR305, Hello JSpecify!
eller86
2
5.4k
Java8〜16におけるバイトコード生成の変化 / Changes of Bytecode Generation from Java 8 to 16
eller86
4
4.6k
Other Decks in Technology
See All in Technology
We Built for Predictability; The Workloads Didn’t Care
stahnma
0
130
IaaS/SaaS管理における SREの実践 - SRE Kaigi 2026
bbqallstars
4
1.5k
15 years with Rails and DDD (AI Edition)
andrzejkrzywda
0
160
セキュリティ はじめの一歩
nikinusu
0
1.5k
サイボウズ 開発本部採用ピッチ / Cybozu Engineer Recruit
cybozuinsideout
PRO
10
73k
ZOZOにおけるAI活用の現在 ~開発組織全体での取り組みと試行錯誤~
zozotech
PRO
4
4.7k
制約が導く迷わない設計 〜 信頼性と運用性を両立するマイナンバー管理システムの実践 〜
bwkw
2
810
toCプロダクトにおけるAI機能開発のしくじりと学び / ai-product-failures-and-learnings
rince
6
5.5k
Azure Durable Functions で作った NL2SQL Agent の精度向上に取り組んだ話/jat08
thara0402
0
130
Bill One 開発エンジニア 紹介資料
sansan33
PRO
4
17k
外部キー制約の知っておいて欲しいこと - RDBMSを正しく使うために必要なこと / FOREIGN KEY Night
soudai
PRO
11
4.2k
CDK対応したAWS DevOps Agentを試そう_20260201
masakiokuda
1
160
Featured
See All Featured
How to Think Like a Performance Engineer
csswizardry
28
2.4k
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
110
Six Lessons from altMBA
skipperchong
29
4.1k
A designer walks into a library…
pauljervisheath
210
24k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
1.9k
Optimizing for Happiness
mojombo
379
71k
Odyssey Design
rkendrick25
PRO
1
490
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
0
130
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
170
sira's awesome portfolio website redesign presentation
elsirapls
0
140
Accessibility Awareness
sabderemane
0
47
How to Talk to Developers About Accessibility
jct
2
120
Transcript
SpotBugs3.1.xͷݱঢ়ͱ ෦๊࣮͕͑Δ JJUG CCC 2018 SPRING 1
#ccc_l3 SUDDENLY SURVEY ಥવͰ͕͢ΞϯέʔτͰ͢ 2 ΧςΰϦ ਓʢෳճՄʣ ։ൃͰSpotBugsΛ͓ͬͯΓɺ ࠷৽ͷಈΛ௫Έ͍ͨ 9
ར༻Λݕ౼தͰ͋Γɺ࠷৽ͷಈΛ௫Έ͍ͨ 10 །Ұͷ্ڃऀ͚ηογϣϯ͔ͩΒ 2 FOSSϓϩδΣΫτϝϯόʔͷ Λฉ͍ͯΈ͔ͨͬͨ 3 SpotBugsϓϩδΣΫτࣗମʹؔ৺͕͋Δ 13 ϕͬɺผʹՋ͔ͩͬͨΒ དྷ͚ͨͩͳΜ͔ͩΒͶʂ 2
#ccc_l3 ONE MORE SUDDENLY SURVEY ͞ΒʹಥવͰ͕͢ΞϯέʔτͰ͢ 3 ΧςΰϦ ਓʢෳճෆՄʣ FindBugs2.xΛ
͍ͬͯΔ 4 FindBugs3.0Λ ͍ͬͯΔ 11 SpotBugs3.1Λ ͍ͬͯΔ 3 ͲΕͬͯͳ͍͚Ͳ ਂΛ͖ʹདྷͨ 4
#ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷత • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔͷհ • ੩తղੳπʔϧͷߋͳΔਂʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ
• ͍ͭ·ͰͨͬͯJava9/10ରԠ͕͞Εͳ͍ࣄͷղઆ • ͋ΘΑ͘ίϯτϦϏϡʔλΛ୳͍ͨ͠ 4
#ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷత • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔͷհ • ੩తղੳπʔϧͷߋͳΔਂʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ
• ͍ͭ·ͰͨͬͯJava9/10ରԠ͕͞Εͳ͍ࣄͷղઆ • ͋ΘΑ͘ίϯτϦϏϡʔλΛ୳͍ͨ͠ 5 TWEET͢Δ࣌ʹ ͬͯͶʂ
#ccc_l3 FOR WHO IS CONSIDERING TO USE SpotBugs… SpotBugsͷར༻Λݕ౼͞Ε͍ͯΔํʹ…… •
ڈͷηογϣϯཱ͕͔ͭ͠Ε·ͤΜ • SpotBugs(FindBugs)ʹΑΔ େنERPͷίʔυ࣭վળ • ࠓͷʮ࠷৽ͷJavaʹద༻Ͱ͖͍ͯͳ͍෦͕͋ΔΜͩͳʔʯ ͘Β͍ͰѲͰ͖ΕେৎͰ͢ • Speaker DeckͰεϥΠυΛެ։༧ఆ 6
#ccc_l3 ABOUT SPEAKER εϐʔΧʔʹ͍ͭͯ • https://github.com/ KengoTODA/ • VP of
Dev at worksap.com • ήʔϜ͕࡞Γͨͯ͘HSP2ʹख Λग़͠ɺϑϦʔιϑτΣΞ ࡞ՈΛܦͯR&D • SpotBugsͷதͷਓ 7
#ccc_l3 ABOUT SpotBugs SpotBugsͱ • JavaքͰஶ໊ͩͬͨ੩తղੳπʔ ϧFindBugsͷޙܧϓϩδΣΫτ • FindBugsίϛϡχςΟʹ͓͚ Δྫͷ݅ͷహɺͦͯ͠
SpotBugsͱԿ͔ • FindBugsͷޙܧͱͯ͠ͷ SpotBugsͷհ • 201611݄ʹൃ • 201710݄ʹ3.1.0ΛϦϦʔε 8
#ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ • 3.1.0ϦϦʔεޙܧଓͯ҆͠ఆ൛ΛϦϦʔε •
3.1.3Λ20184݄ʹϦϦʔεࡁΈ • Maven, Gradle, SonarQubeͷϓϥάΠϯಉ༷ʹߋ৽த • Maven Central AnalysisʹΑΔͱɺ20183݄ͷؒʹFindBugs͕ 178,000 DLɺSpotBugs22,500 DL • ࠷৽ͷใGitHub IssueͰެ։த 9
#ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ • ҰํͰɺ4.0.0։ൃਐΜͰ͍ͳ͍͠Java9ରԠ์ஔؾຯ •
ຊ͜ͷ͋ͨΓΛ۷ΓԼ͛ͯղઆ͠·͢ 10
#ccc_l3 WHY SUPPORT FOR NEW JAVA IS SO SLOW ৽JAVAରԠ͕͘ͳΔϫέ
• ΫϥεϑΝΠϧղੳʹ͍ͬͯΔApache BCELͱObjectWeb ASMͷ ߋ৽Λͭඞཁ͕͋Δ • ಛʹBCELߋ৽͕͘ɺBCELىҼͷΛൃݟ͔ͯ͠Βमਖ਼൛ ͷϦϦʔε·Ͱʹ9ϲ݄͔͔͍ۙͬͯ͘Δɻ • ϨΨγʔͳ࣮͕ଟ͘ɺࠜຊղܾʹSpotBugs෦࣮ͷେ͖ͳมߋ Λ͏͜ͱ͕ଟ͍ɻ 11
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • #493:
Try-with-resources and java9 shows bugs • Java9Ͱtry-with-resourcesͷ࣮ʹ৽͍͠࠷దԽ͕ೖͬͨ • $closeResourceͱ͍͏private staticϝιουΛࣗಈੜ͢Δ͜ͱ ͰɺόΠτίʔυΛ࠶ར༻ɻ2ͭҎ্ͷϦιʔεΛclose͢Δࡍʹ ར༻͞ΕΔɻ • ͜ͷϝιουThrowableͱAutoCloseableΛҾʹͱΔɻ • ͜ͷ࠷దԽ͕OBL_UNSATISFIED_OBLIGATIONͷޡݕΛҾ͖ى ͨ͜͠ɻ 12
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ 13
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • 2ͭͷAutoCloseableͳมΛ
࣋ͭtry-with-resourcesӈه ͷΑ͏ʹల։͞ΕΔ • $closeResourceͷҾʹ ˏWillCloseΞϊςʔγϣϯ͕ ແ͍ • ˏWillCloseΞϊςʔγϣϯ͕ ͋Δ͜ͱʹ͢Εղܾʁ 14
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • CloseableJava
1.5͔ΒɺAutoCloseableJava 1.7͔Β • SpotBugs͜͏ͨ͠ΠϯλϑΣʔεͷଘࡏΛલఏʹ͠ͳ͍ʂ • ΜʁͲ͏͍͏͜ͱʁ 15
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • SpotBugsΫϥε͝ͱʹঢ়ଶΛཧ͢Δ
• java.io.Writer͕࡞ΒΕͨΒɺjava.io.Writer#close()͕ݺΕͳ͚Εͳ Βͳ͍ʢ͋Δ͍ࢠΫϥεͷ࣮Ͱྑ͍ʣ • java.io.Reader͕࡞ΒΕͨΒɺjava.io.Reader#close()͕ݺΕͳ͚Εͳ Βͳ͍ʢಉ্ʣ • java.io.Writerʹରͯ͠java.lang.AutoCloseable#close()ΛݺΜͰϦιʔ εΛดͨ͜͡ͱʹͳΒͳ͍ʂ • WriterReaderͷΫϥεɺ͋Δ͍ΠϯλϑΣʔεʹclose()Λ࣋ͬ ͍ͯΔՄೳੑΛߟ͑ͯͳ͍ʂ 16
#ccc_l3 • ͭ·ΓɺCommons IOͷ࣌ͳΒͳ͔ͬͨ • IOUtils.closeQuietly(java.io.Writer) • IOUtils.closeQuietly(java.io.Reader) • JavaͷਐԽʹ͍ͭͯߦ͚ͯͳ͍ྑ͍ࣄྫ
17 ϨΨγʔ࣮ىҼͷɹͦͷ̍ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1)
#ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮ىҼͷɹͦͷ̍ • ଞʹ͋Δঢ়ଶཧͷ᠘
• #79: StatementΛดͨ͡ΒResultSetด͡ΒΕͨͱͯ͠ѻ͏͖ • #552: Lambda͔ΒLambda֎ͷมΛࢀর͢Δͱ͖ʹNullable νΣοΫ͕ಇ͔ͳ͍ • #603: this.foo = Objects.requireNonNull(foo); ͕ EI_EXPOSE_REP2ʢ෦ঢ়ଶͷΫϥε֎࿐ग़ʣʹͳΒͳ͍ 18
#ccc_l3 • SpotBugs Annotationͷ • Java 1.8 ܕύϥϝʔλʹର͢Δαϙʔτ͕ͳ͍ • JSR305ʢDormant=ٳࢭঢ়ଶʣͷґଘ
19 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • #470: @NonNull,@NullableʹTYPE_USE,TYPE_PARAMETERΛՃ • List<@NonNull String> ͱॻ͚ΔΑ͏ʹͳΔ • Ξϊςʔγϣϯͷมߋ͚ͩͳΒ؆୯͕ͩ……
• ͦͦSpotBugsࣗମ͕ܕύϥϝʔλͷͳ͍࣌ͷ࢈ͳͷ Ͱɺج൫෦ʹมߋ͕ඞཁͱࢥΘΕΔ 20 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • #421: JSR305ͷґଘΛஅͭ • SpotBugsͷΞϊςʔγϣϯJSR305Ξϊςʔγϣϯʹର͢Δ TypeQualifierNicknameͱ࣮ͯ͠͞Ε͍ͯΔ • javax.annotation.meta.Whenͷґଘ͕֤ॴʹࢄΒ͍ͬͯΔ •
InconsistentAnnotations, FindNullDerefͳͲ • େࣄʹͳΔ͜ͱඞఆ 21 ϨΨγʔ࣮ىҼͷɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 • ସͱͳΔιϦϡʔγϣϯ • Checkerframeworkͷ@NullableDeclͳͲ • Google error-proneͷ@CheckReturnValueͳͲ 22 ϨΨγʔ࣮ىҼͷɹͦͷ̎
PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
#ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #249: Performance improvements
• ϚϧνεϨουԽ͍͕ͨ͠BCEL͕ωοΫ • SpotBugsͷ֤ΠϯελϯεʢಛʹIAnalysisCacheؔ࿈ʣͷϥΠϑ αΠΫϧҙ͕ඞཁ 23
#ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #591: Resource Leak
• ϑΝΠϧϋϯυϥ͕ϦʔΫ͢ΔՄೳੑ͕͋Δ • MavenϚϧνϞδϡʔϧͳͲͰக໋తʹͳΓಘΔ 24
·ͱΊ 25 #ccc_l3
#ccc_l3 FOR USERS… Ϣʔβ͚·ͱΊ • OBL_UNSATISFIED_OBLIGATIONʹطͷޡݕόά͋Γɺ Java9Ҏ߱Ͱ͏߹ཁҙ • @NullableΞϊςʔγϣϯLambdaͱΈ߹ΘͤΔͱޡݕΛ Ҿ͖ى͍͜͢͠ͱࢥΘΕΔ
• ෆఆظʹύονϦϦʔεΛग़͍ͯ͠ΔͷͰɺGitHubϓϩδΣΫτͷ ͜·Ίͳ֬ೝΛਪ 26
#ccc_l3 FOR CONTRIBUTORS… ίϯτϦϏϡʔλ͚·ͱΊ • طଘͷབྷ·ΓΛղ͖΄͙͢ͷ͕͖ͳΒΦεεϝʂ • طʹଟͷϢʔβ͕͍͍ͭͯͯɺଧͯڹ͘ڥ • ίʔυϕʔε͋·Γେ͖͘ͳ͍ʢAntͱMavenফ͠͞Γ·ͨ͠ʣ
• ՝ͳΒࢁͷΑ͏ʹ͋Γ·͢ • ӳޠͷਖ਼֬ੑ͋Μ·Γؾʹ͠ͳ͍Ͱ͍͍Αʂ • ࢲͣͬͱKendoͱݺΕͯ·͢ 27
Q&A 28 #ccc_l3
eller86
stahnma
bbqallstars
andrzejkrzywda
nikinusu
cybozuinsideout
zozotech
bwkw
rince
thara0402
sansan33
soudai
masakiokuda
csswizardry
sabderemane
skipperchong
pauljervisheath
aleyda
mojombo
rkendrick25
minecr
axbom
elsirapls
jct
