Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SpotBugs3.1.xの現状と
内部実装が抱える問題

 SpotBugs3.1.xの現状と
内部実装が抱える問題

Avatar for Kengo TODA

Kengo TODA

May 26, 2018
Tweet

More Decks by Kengo TODA

Other Decks in Technology

Transcript

  1. #ccc_l3 SUDDENLY SURVEY ಥવͰ͕͢ΞϯέʔτͰ͢ 2 ΧςΰϦ ਓ਺ʢෳ਺ճ౴Մʣ ։ൃͰSpotBugsΛ࢖͓ͬͯΓɺ
 ࠷৽ͷಈ޲Λ௫Έ͍ͨ 9

    ར༻Λݕ౼தͰ͋Γɺ࠷৽ͷಈ޲Λ௫Έ͍ͨ 10 །Ұͷ্ڃऀ޲͚ηογϣϯ͔ͩΒ 2 FOSSϓϩδΣΫτϝϯόʔͷ ࿩Λฉ͍ͯΈ͔ͨͬͨ 3 SpotBugsϓϩδΣΫτࣗମʹؔ৺͕͋Δ 13 ϕͬɺผʹՋ͔ͩͬͨΒ དྷ͚ͨͩͳΜ͔ͩΒͶʂ 2
  2. #ccc_l3 ONE MORE SUDDENLY SURVEY ͞ΒʹಥવͰ͕͢ΞϯέʔτͰ͢ 3 ΧςΰϦ ਓ਺ʢෳ਺ճ౴ෆՄʣ FindBugs2.xΛ

    ࢖͍ͬͯΔ 4 FindBugs3.0Λ ࢖͍ͬͯΔ 11 SpotBugs3.1Λ ࢖͍ͬͯΔ 3 ͲΕ΋࢖ͬͯͳ͍͚Ͳ ਂ෵Λ೷͖ʹདྷͨ 4
  3. #ccc_l3 OBJECTIVE OF THIS SESSION ͜ͷηογϣϯͷ໨త • ੩తղੳπʔϧ͕࣮ࡍʹ๊͍͑ͯΔ໰୊ͷ঺հ • ੩తղੳπʔϧͷߋͳΔਂ෵ʹ౿ΈࠐΈ͍ͨํʹػձΛఏڙ

    • ͍ͭ·Ͱͨͬͯ΋Java9/10ରԠ͕͞Εͳ͍ࣄ৅ͷղઆ • ͋ΘΑ͘͹ίϯτϦϏϡʔλΛ୳͍ͨ͠ 5 TWEET͢Δ࣌ʹ ࢖ͬͯͶʂ
  4. #ccc_l3 FOR WHO IS CONSIDERING TO USE SpotBugs… SpotBugsͷར༻Λݕ౼͞Ε͍ͯΔํʹ͸…… •

    ڈ೥ͷηογϣϯ͕໾ཱ͔ͭ΋͠Ε·ͤΜ • SpotBugs(FindBugs)ʹΑΔ େن໛ERPͷίʔυ඼࣭վળ
 • ࠓ೔ͷ࿩͸ʮ࠷৽ͷJavaʹద༻Ͱ͖͍ͯͳ͍෦෼͕͋ΔΜͩͳʔʯ ͘Β͍Ͱ೺ѲͰ͖Ε͹େৎ෉Ͱ͢ • Speaker DeckͰεϥΠυΛެ։༧ఆ 6
  5. #ccc_l3 ABOUT SPEAKER εϐʔΧʔʹ͍ͭͯ • https://github.com/ KengoTODA/ • VP of

    Dev at worksap.com • ήʔϜ͕࡞Γͨͯ͘HSP2ʹख Λग़͠ɺϑϦʔιϑτ΢ΣΞ ࡞ՈΛܦͯR&D΁ • SpotBugsͷதͷਓ 7
  6. #ccc_l3 ABOUT SpotBugs SpotBugsͱ͸ • JavaքͰஶ໊ͩͬͨ੩తղੳπʔ ϧFindBugsͷޙܧϓϩδΣΫτ • FindBugsίϛϡχςΟʹ͓͚ Δྫͷ݅ͷహ຤ɺͦͯ͠

    SpotBugsͱ͸Կ͔ • FindBugsͷޙܧͱͯ͠ͷ SpotBugsͷ঺հ • 2016೥11݄ʹൃ଍ • 2017೥10݄ʹ3.1.0ΛϦϦʔε 8
  7. #ccc_l3 RECENT STATUS OF STABLE RELEASE ࠷ۙͷ҆ఆ൛ࣄ৘ • 3.1.0ϦϦʔεޙ΋ܧଓͯ҆͠ఆ൛ΛϦϦʔε •

    3.1.3Λ2018೥4݄ʹϦϦʔεࡁΈ • Maven, Gradle, SonarQubeͷϓϥάΠϯ΋ಉ༷ʹߋ৽த • Maven Central AnalysisʹΑΔͱɺ2018೥3݄ͷؒʹFindBugs͕ ໿178,000 DLɺSpotBugs͸໿22,500 DL • ࠷৽ͷ৘ใ͸GitHub IssueͰެ։த 9
  8. #ccc_l3 WHY SUPPORT FOR NEW JAVA IS SO SLOW ৽JAVAରԠ͕஗͘ͳΔϫέ

    • ΫϥεϑΝΠϧղੳʹ࢖͍ͬͯΔApache BCELͱObjectWeb ASMͷ ߋ৽Λ଴ͭඞཁ͕͋Δ • ಛʹBCEL͸ߋ৽͕஗͘ɺBCELىҼͷ໰୊Λൃݟ͔ͯ͠Βमਖ਼൛ ͷϦϦʔε·Ͱʹ9ϲ݄͔͔͍ۙͬͯ͘Δɻ • ϨΨγʔͳ࣮૷͕ଟ͘ɺࠜຊղܾʹSpotBugs಺෦࣮૷ͷେ͖ͳมߋ Λ൐͏͜ͱ͕ଟ͍ɻ 11
  9. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • #493:

    Try-with-resources and java9 shows bugs • Java9Ͱtry-with-resourcesͷ࣮૷ʹ৽͍͠࠷దԽ͕ೖͬͨ • $closeResourceͱ͍͏private staticϝιουΛࣗಈੜ੒͢Δ͜ͱ ͰɺόΠτίʔυΛ࠶ར༻ɻ2ͭҎ্ͷϦιʔεΛclose͢Δࡍʹ ར༻͞ΕΔɻ • ͜ͷϝιου͸ThrowableͱAutoCloseableΛҾ਺ʹͱΔɻ • ͜ͷ࠷దԽ͕OBL_UNSATISFIED_OBLIGATIONͷޡݕ஌ΛҾ͖ى ͨ͜͠ɻ 12
  10. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • 2ͭͷAutoCloseableͳม਺Λ

    ࣋ͭtry-with-resources͸ӈه ͷΑ͏ʹల։͞ΕΔ • $closeResourceͷҾ਺ʹ͸
 ˏWillCloseΞϊςʔγϣϯ͕ ແ͍ • ˏWillCloseΞϊςʔγϣϯ͕ ͋Δ͜ͱʹ͢Ε͹ղܾʁ 14
  11. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • Closeable͸Java

    1.5͔ΒɺAutoCloseable͸Java 1.7͔Β • SpotBugs͸͜͏ͨ͠ΠϯλϑΣʔεͷଘࡏΛલఏʹ͠ͳ͍ʂ • ΜʁͲ͏͍͏͜ͱʁ 15
  12. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • SpotBugs͸Ϋϥε͝ͱʹঢ়ଶΛ؅ཧ͢Δ

    • java.io.Writer͕࡞ΒΕͨΒɺjava.io.Writer#close()͕ݺ͹Εͳ͚Ε͹ͳ Βͳ͍ʢ͋Δ͍͸ࢠΫϥεͷ࣮૷Ͱ΋ྑ͍ʣ • java.io.Reader͕࡞ΒΕͨΒɺjava.io.Reader#close()͕ݺ͹Εͳ͚Ε͹ͳ Βͳ͍ʢಉ্ʣ • java.io.Writerʹରͯ͠java.lang.AutoCloseable#close()ΛݺΜͰ΋Ϧιʔ εΛดͨ͜͡ͱʹͳΒͳ͍ʂ • Writer΍Readerͷ਌Ϋϥεɺ͋Δ͍͸ΠϯλϑΣʔεʹclose()Λ࣋ͬ ͍ͯΔՄೳੑΛߟ͑ͯͳ͍ʂ 16
  13. #ccc_l3 PROBLEM CAUSED BY LEGACY IMPLEMENTATION (1) ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̍ • ଞʹ΋͋Δঢ়ଶ؅ཧͷ᠘

    • #79: StatementΛดͨ͡ΒResultSet΋ด͡ΒΕͨͱͯ͠ѻ͏΂͖ • #552: Lambda͔ΒLambda֎ͷม਺Λࢀর͢Δͱ͖ʹNullable νΣοΫ͕ಇ͔ͳ͍ • #603: this.foo = Objects.requireNonNull(foo); ͕ EI_EXPOSE_REP2ʢ಺෦ঢ়ଶͷΫϥε֎࿐ग़ʣʹͳΒͳ͍ 18
  14. #ccc_l3 • #470: @NonNull,@NullableʹTYPE_USE,TYPE_PARAMETERΛ௥Ճ • List<@NonNull String> ͱॻ͚ΔΑ͏ʹͳΔ • Ξϊςʔγϣϯͷมߋ͚ͩͳΒ؆୯͕ͩ……

    • ͦ΋ͦ΋SpotBugsࣗମ͕ܕύϥϝʔλͷͳ͍࣌୅ͷ࢈෺ͳͷ Ͱɺج൫෦෼ʹมߋ͕ඞཁͱࢥΘΕΔ 20 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
  15. #ccc_l3 • #421: JSR305΁ͷґଘΛஅͭ • SpotBugsͷΞϊςʔγϣϯ͸JSR305Ξϊςʔγϣϯʹର͢Δ TypeQualifierNicknameͱ࣮ͯ͠૷͞Ε͍ͯΔ • javax.annotation.meta.When౳΁ͷґଘ͕֤ॴʹࢄΒ͹͍ͬͯΔ •

    InconsistentAnnotations, FindNullDerefͳͲ • େ޻ࣄʹͳΔ͜ͱඞఆ 21 ϨΨγʔ࣮૷ىҼͷ໰୊ɹͦͷ̎ PROBLEM CAUSED BY LEGACY IMPLEMENTATION (2)
  16. #ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝୊ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #249: Performance improvements

    • ϚϧνεϨουԽ͍͕ͨ͠BCEL͕ωοΫ • SpotBugsͷ֤ΠϯελϯεʢಛʹIAnalysisCacheؔ࿈ʣͷϥΠϑ αΠΫϧ΋஫ҙ͕ඞཁ 23
  17. #ccc_l3 OTHER PROBLEMS IN SpotBugs ͦͷଞʹ՝୊ͱͯ͠ೝ͍ࣝͯ͠Δ͜ͱ • #591: Resource Leak

    • ϑΝΠϧϋϯυϥ͕ϦʔΫ͢ΔՄೳੑ͕͋Δ • MavenϚϧνϞδϡʔϧͳͲͰக໋తʹͳΓಘΔ 24