This PR is based on (and contains) https://github.com/amaembo/huntbugs/pull/16 to demonstrate development of custom detector and their usage in sample project:

• multiple messages.xml are read and merged
• Java SPI mechanism for discovering 3-rd party detectors
• default detector package is still needs to be used
• huntbugs maven plugin is not affected (to configure it standard tag 'dependencies' inside tag 'plugin' could be used)
• removed redundant public modifiers at interface nested classes (public by default)
• plugin currently supports single package for detectors
• introducing helper class to test detectors (to be reused)
• custom detectors can be located in custom packages
• minor refactoring
• added license agreement headers
• demonstrating development of custom detector
• sample project for custom detectors
• detectors are automatically tested with sample code in test scope
• sample project with HuntBugs maven plugin with custom detectors
• production code in sample project is not annotated with @AssertWarning
• sample project might be used for demonstration of project configuration without custom detectors as well

We would like to write our own project specific rules. So, this is currently a working solution for Maven. I didn't tested Ant or Gradle, but should be as simple as adding your artifact (with custom detectors) to (HuntBugs plugin) classpath.

• multiple messages.xml are read and merged
• Java SPI mechanism for discovering 3-rd party detectors
• default detector package is still needs to be used
• huntbugs maven plugin is not affected (to configure it standard tag 'dependencies' inside tag 'plugin' could be used)
• removed redundant public modifiers at interface nested classes (public by default)

What do you think?

• traversing dependencies tree
• collecting compile time dependencies
• understanding POM type dependencies
• understanding other transitive dependencies
• understanding excluded transitive dependencies
• new dependency org.apache.maven.shared:maven-dependency-tree is required
• @Component annotation is used for Mojo injection (since May, 2012)

This code assigns a new value to the local variable field and this value is never
used subsequently. Probably something else was meant or the assignment could be removed.

This one is odd because the field is used in the happy path.

Field field = null;
try {
  // try OpenJDK field name
  field = Unsafe.class.getDeclaredField(openJdk);
} catch (NoSuchFieldException e) {
  try {
    // try Android field name...
  } catch (NoSuchFieldException e2) {
    // try to create a new instance...
  }
  field.setAccessible(true);
  return (Unsafe) field.get(null);
}

If in pom.xml you have dependency of pom type, then those types are not resolved. I.e. TypeDefinition td = typeReference.resolve(); // td = null;

(Replacing pom type dependency to regular jar dependency solves the issue)

I hit into problem when I am trying to run huntbugs

sergei-rudenkov@EPBYMINW4306:~/IdeaProjects/spring_training/theatre_service$ mvn -e one.util:huntbugs-maven-plugin:huntbugs
+ Error stacktraces are turned on.
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Building Spring Core Hometask Skeleton
[INFO]    task-segment: [one.util:huntbugs-maven-plugin:huntbugs]
[INFO] ------------------------------------------------------------------------
[INFO] [huntbugs:huntbugs {execution: default-cli}]
[INFO] HuntBugs: +dir /home/sergei-rudenkov/IdeaProjects/spring_training/theatre_service/target/classes
[INFO] ------------------------------------------------------------------------
[ERROR] BUILD ERROR
[INFO] ------------------------------------------------------------------------
[INFO] Failed to run HuntBugs

[INFO] ------------------------------------------------------------------------
[INFO] Trace
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to run HuntBugs
    at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoals(DefaultLifecycleExecutor.java:719)
    at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeStandaloneGoal(DefaultLifecycleExecutor.java:569)
    at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoal(DefaultLifecycleExecutor.java:539)
    at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoalAndHandleFailures(DefaultLifecycleExecutor.java:387)
    at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeTaskSegments(DefaultLifecycleExecutor.java:348)
    at org.apache.maven.lifecycle.DefaultLifecycleExecutor.execute(DefaultLifecycleExecutor.java:180)
    at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:328)
    at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:138)
    at org.apache.maven.cli.MavenCli.main(MavenCli.java:362)
    at org.apache.maven.cli.compat.CompatibleMain.main(CompatibleMain.java:60)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
    at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
    at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
    at org.codehaus.classworlds.Launcher.main(Launcher.java:375)
Caused by: org.apache.maven.plugin.MojoExecutionException: Failed to run HuntBugs
    at one.util.huntbugs.maven.plugin.HuntBugsMojo.execute(HuntBugsMojo.java:100)
    at org.apache.maven.plugin.DefaultPluginManager.executeMojo(DefaultPluginManager.java:490)
    at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoals(DefaultLifecycleExecutor.java:694)
    ... 17 more
Caused by: java.lang.NullPointerException
    at one.util.huntbugs.maven.plugin.HuntBugsMojo.constructRepository(HuntBugsMojo.java:114)
    at one.util.huntbugs.maven.plugin.HuntBugsMojo.execute(HuntBugsMojo.java:91)
    ... 19 more
[INFO] ------------------------------------------------------------------------
[INFO] Total time: < 1 second
[INFO] Finished at: Fri May 27 17:59:45 MSK 2016
[INFO] Final Memory: 8M/150M
[INFO] ------------------------------------------------------------------------

Could you please point me out what is can be wrong with my project?

The method SingleConsumerQueue.LinearizableNode.await() seems to do nothing useful.
Analysis discovers that void method SingleConsumerQueue.LinearizableNode.await() has non-trivial body, yet does nothing useful. Probably there's some mistake.

This is a spin loop watching a volatile field. This would be true if the field was non-volatile, as the JVM could optimize it away as dead code. The volatile introduces a load barrier so that the signal is observed.

volatile boolean done;

void await() {
  while (!done) {}
}

Hi,

We use pom dependencies and need the fix "HuntBugsMojo: art.getType() checked" to be released.

Do you think you could release current version 0.0.10 (before 0.1.0 which might take more time) in observable future? :)

amaembo/huntbugs now has a Chat Room on Gitter

@amaembo has just created a chat room. You can visit it here: https://gitter.im/amaembo/huntbugs.

This pull-request adds this badge to your README.md:

If my aim is a little off, please let me know.

Happy chatting.

PS: Click here if you would prefer not to receive automatic pull-requests from Gitter in future.

Bumps ant from 1.7.1 to 1.9.15.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Hi! It is possible to implement TeamCity integration for HuntBugs? May be I could contribute this feature if I will get initial explanation where to start.

Fixes #31

I'm not sure how to add a test. I tried to add

    @AssertNoWarning("UncalledPrivateMethod")
    private static class SerializedClass implements Serializable {
        private int foo;

        private Runnable foo() {
            return () -> {
                System.out.println(foo);
            };
        }
    }

but that's passing even without the patch. I guess I'd need to annotate the $deserializeLambda$ method, but the method is generated by Java compiler.

The method CaffeineConfiguration.$deserializeLambda$() is private and never called.
The private method CaffeineConfiguration.$deserializeLambda$() is never explicitly called
and probably should be removed. If it's designed to be called via reflection or via method
handles API, it's a good practice to annotate it by some annotation which will explicitly
signal that the method is necessary.

Seems to not recognize Java serialization yet. Unfortunately required due to the JSR's interface.

The Map.put() is unsupported.
This code calls Map.put(). However analysis found that this method as well as 
and its overrides (if applicable) unconditionally throw UnsupportedOperationException,
so it's likely that this call will fail.

This makes little sense to me as it is calling into a HashMap. It must be observing that AbstractMap#put() throws an UOE but the subclass does not.

Map<K, V> result = new HashMap<>(loaded.size());
loaded.forEach((key, value) -> {
  if ((key == null) || (value == null)) {
    nullBulkLoad.set(true);
  } else {
    result.put(key, value);
  }
});