'An illegal reflective access operation has occurred' warnings

[zimmi]

The warning:

Changes detected - recompiling the module!
Compiling 8 source files to /home/my_stuff/target/classes
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.errorprone.bugpatterns.FutureReturnValueIgnored (file:/my_home/.m2/repository/com/google/errorprone/error_prone_core/2.3.2/error_prone_core-2.3.2.jar) to field com.sun.tools.javac.code.Type$StructuralTypeMapping$4.this$0
WARNING: Please consider reporting this to the maintainers of com.google.errorprone.bugpatterns.FutureReturnValueIgnored
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

$ java --version
openjdk 11.0.1 2018-10-16
OpenJDK Runtime Environment 18.9 (build 11.0.1+13)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.1+13, mixed mode)

Java code that (rightfully) triggers the warning:

@SuppressWarnings("FutureReturnValueIgnored")
private void schedule(Runnable runnable, long delayMs) {
    try {
        scheduledExecutorService.schedule(runnable, delayMs, TimeUnit.MILLISECONDS);
    } catch (RejectedExecutionException ex) {
        // shutting down, no more checks
    }
}

I'm using the maven plugin as such:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-compiler-plugin</artifactId>
    <version>3.8.0</version>
    <configuration>
        <release>11</release>
        <debug>true</debug>
        <showDeprecation>true</showDeprecation>
        <showWarnings>true</showWarnings>
        <compilerArgument>-parameters</compilerArgument>
        <compilerArgs>
            <arg>-Xlint:all</arg>
            <arg>-Xlint:-processing</arg>
            <arg>-Werror</arg>
            <arg>-XDcompilePolicy=simple</arg>
            <arg>-Xplugin:ErrorProne</arg> 
        </compilerArgs>
        <annotationProcessorPaths>
            <path>
                <groupId>com.google.errorprone</groupId>
                <artifactId>error_prone_core</artifactId>
                <version>2.3.2</version>
            </path>
        </annotationProcessorPaths> 
    </configuration>
</plugin>

[chanseokoh]

Related: #1158

[PhilippWendler]

The warning can be suppressed with -J--add-opens=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED.

[fprochazka]

I have the same problem, not sure how to get rid of the warning, the -J--add-opens doesn't work for me :(

[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ core ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 324 source files to core/target/test-classes
WARNING: Illegal reflective access by com.google.errorprone.bugpatterns.FutureReturnValueIgnored (file:.m2/repository/com/google/errorprone/error_prone_core/2.3.3/error_prone_core-2.3.3.jar) to field com.sun.tools.javac.code.Type$StructuralTypeMapping$4.this$0
	at com.google.errorprone.bugpatterns.FutureReturnValueIgnored.getSubst(FutureReturnValueIgnored.java:278)
	at com.google.errorprone.bugpatterns.FutureReturnValueIgnored.getResolvedGenerics(FutureReturnValueIgnored.java:261)
	at com.google.errorprone.bugpatterns.FutureReturnValueIgnored.checkLostType(FutureReturnValueIgnored.java:213)
	at com.google.errorprone.bugpatterns.FutureReturnValueIgnored.matchMethodInvocation(FutureReturnValueIgnored.java:154)
	at com.google.errorprone.scanner.ErrorProneScanner.processMatchers(ErrorProneScanner.java:433)
	at com.google.errorprone.scanner.ErrorProneScanner.visitMethodInvocation(ErrorProneScanner.java:732)
	at com.google.errorprone.scanner.ErrorProneScanner.visitMethodInvocation(ErrorProneScanner.java:150)
	at jdk.compiler/com.sun.tools.javac.tree.JCTree$JCMethodInvocation.accept(JCTree.java:1650)
	at jdk.compiler/com.sun.source.util.TreePathScanner.scan(TreePathScanner.java:82)
	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:71)
	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:45)
	at jdk.compiler/com.sun.source.util.TreeScanner.visitReturn(TreeScanner.java:469)
	at com.google.errorprone.scanner.ErrorProneScanner.visitReturn(ErrorProneScanner.java:803)
	at com.google.errorprone.scanner.ErrorProneScanner.visitReturn(ErrorProneScanner.java:150)
	at jdk.compiler/com.sun.tools.javac.tree.JCTree$JCReturn.accept(JCTree.java:1554)
	at jdk.compiler/com.sun.source.util.TreePathScanner.scan(TreePathScanner.java:82)
	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:71)
	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:45)
	at jdk.compiler/com.sun.source.util.TreeScanner.scan(TreeScanner.java:105)
	at jdk.compiler/com.sun.source.util.TreeScanner.visitBlock(TreeScanner.java:248)
	at com.google.errorprone.scanner.ErrorProneScanner.visitBlock(ErrorProneScanner.java:507)
	at com.google.errorprone.scanner.ErrorProneScanner.visitBlock(ErrorProneScanner.java:150)
	at jdk.compiler/com.sun.tools.javac.tree.JCTree$JCBlock.accept(JCTree.java:1032)
	at jdk.compiler/com.sun.source.util.TreePathScanner.scan(TreePathScanner.java:82)
	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:71)
	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:45)
	at jdk.compiler/com.sun.source.util.TreeScanner.scanAndReduce(TreeScanner.java:90)
	at jdk.compiler/com.sun.source.util.TreeScanner.visitMethod(TreeScanner.java:206)
	at com.google.errorprone.scanner.ErrorProneScanner.visitMethod(ErrorProneScanner.java:726)
	at com.google.errorprone.scanner.ErrorProneScanner.visitMethod(ErrorProneScanner.java:150)
	at jdk.compiler/com.sun.tools.javac.tree.JCTree$JCMethodDecl.accept(JCTree.java:898)
	at jdk.compiler/com.sun.source.util.TreePathScanner.scan(TreePathScanner.java:82)

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-compiler-plugin</artifactId>
    <version>3.8.1</version>
    <configuration combine.self="append">
        <release>11</release>
        <compilerArgs combine.self="override">
            <arg>-Werror</arg>
            <arg>-Xlint:all,-fallthrough,-processing,-serial,-classfile</arg>
            <arg>-parameters</arg>
            <arg>-XDcompilePolicy=simple</arg>
            <arg>-J--illegal-access=debug</arg>
            <arg>-J--add-opens=java.base/java.lang=ALL-UNNAMED</arg>
            <arg>-J--add-opens=java.base/java.lang.reflect=ALL-UNNAMED</arg>
            <arg>-J--add-opens=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED</arg>
            <arg>-Xplugin:ErrorProne
                -XepOpt:Immutable:KnownImmutable=javax.money.CurrencyUnit
                -XepDisableWarningsInGeneratedCode
                -Xep:ConstantField:WARN
                -Xep:ClassName:WARN
                -Xep:DivZero:WARN
                -Xep:EmptyIf:WARN
                -Xep:IterablePathParameter:WARN
                -Xep:LongLiteralLowerCaseSuffix:WARN
                -Xep:AnnotationPosition:WARN
                -Xep:EmptyTopLevelDeclaration:WARN
                -Xep:EqualsBrokenForNull:WARN
                -Xep:FunctionalInterfaceClash:WARN
                -Xep:InvalidInlineTag:WARN
                -Xep:InvalidParam:WARN
                -Xep:MissingDefault:WARN
                -Xep:NonCanonicalStaticMemberImport:WARN
                -Xep:PrimitiveArrayPassedToVarargsMethod:WARN
                -Xep:RedundantOverride:WARN
                -Xep:RedundantThrows:WARN
                -Xep:StaticQualifiedUsingExpression:WARN
                -Xep:StringEquality:WARN
                -Xep:UnusedException:WARN
                -Xep:ConstantField:WARN
                -Xep:MultiVariableDeclaration:WARN
                -Xep:MultipleTopLevelClasses:WARN
                -Xep:MultipleUnaryOperatorsInMethodCall:WARN
                -Xep:PrivateConstructorForUtilityClass:WARN
                -Xep:UngroupedOverloads:WARN
            </arg>
        </compilerArgs>
        <annotationProcessorPaths combine.self="append">
            <dependency>
                <groupId>com.google.errorprone</groupId>
                <artifactId>error_prone_core</artifactId>
                <version>2.3.3</version>
            </dependency>
        </annotationProcessorPaths>
        <showWarnings>true</showWarnings>
    </configuration>
</plugin>

the stacktrace appeared only after adding the --illegal-access=debug to vm options of the maven process

[chanseokoh]

I think --add-opens cleared the warning, because it just opened up all the underlying packages belong to to specified module, which IMO is going straight against the Java 9+ module encapsulation and shouldn't be used as a means just for the sake of suppressing the warning. I think the right solution is that Error Prone fixes its own issue so that it becomes a good citizen for the Java 9+ module system. I am sure they will fix this eventually (although it may take a long time), because otherwise people just won't be able to use Error Prone in practice in future Java versions when the illegal access is blocked.

[grahamtriggs]

Looks like the illegal access is already blocked in OpenJDK 13, so either that means abandoning Error Prone to upgrade Java, or being blocked from upgrading until this is resolved.

[PhilippWendler]

If --add-opens doesn't work anymore on JDK 13, one could still disable that one check of error-prone using -Xep:FutureReturnValueIgnored:OFF.

[jonfreedman]

This is quite annoying as it results in the Jenkins Warnings Next Generation plugin failing to match the first error reported since they switched to explicitly handling errorprone warnings (https://issues.jenkins-ci.org/browse/JENKINS-60622)

[cushon]

@grahamtriggs can you provide more detail about the change you're observing in 13? AFAIK it doesn't change the default --illegal-access behaviour.

I can repro this with the example in #1158 (comment), but I'm not consistently seeing these warnings with smaller 'hello world' type examples, which is weird.

The underlying issue here is that by default Java > 9 warns on reflective access to internal APIs (see --illegal-access=). The current default behaviour is permit, which warns on the first 'illegal access'. The default may change in a future release, but I'm not aware of plans to remove the configuration entirely.

It would be nice to avoid accessing javac internals from Error Prone, however I also not aware of public APIs that provide alternatives to some of the implementation details that are currently being accessed, so there isn't an obvious way to avoid these accesses.

[davido]

I see this in Bazel@HEAD with RBE, on this gerrit change: [1].

  $ bazel build --config=remote --remote_instance_name=<$PROJECT_NAME> \
   javatests/com/google/gerrit/server/...
[...]
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.errorprone.bugpatterns.FutureReturnValueIgnored (file:/b/f/w/external/remote_java_tools/java_tools/JavaBuilder_deploy.jar) to field com.sun.tools.javac.code.Type$StructuralTypeMapping$4.this$0
WARNING: Please consider reporting this to the maintainers of com.google.errorprone.bugpatterns.FutureReturnValueIgnored
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

[1] https://gerrit-review.googlesource.com/c/gerrit/+/291864

[cushon]

In JDK 16 EA (which I'm not sure is being used in #1157 (comment), but noting here for posterity), the module access checks have been upgraded by JEP 396: Strongly Encapsulate JDK Internals by Default.

I don't currently know a better way to use Error Prone on JDK 16 than passing --illegal-access=permit, or else:

--add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.main=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.processing=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED
--add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED
--add-opens=jdk.compiler/com.sun.tools.javac.comp=ALL-UNNAMED

Example of updating a maven build with this flags: google/turbine@622b591

[tbroyer]

@cushon Do you think the gradle plugin should add them by default when compiling with JDK 16+ ? This also necessarily means forking the process like with JDK 8, right? (would be a daemon process reused between compilation tasks and subsequent builds with Gradle though, so amortized over time)

[cushon]

@tbroyer if the plugin can add them by default, that SGTM. I was planning to update the release instructions in time for JDK 16 to mention this also.

[codylerum]

Is there an updated maven example? I've tried using the google/turbine@622b591 example, but no luck. This is my current maven profile that I use with JDK15.

The error I get with 16 with 2.5.1 is

class com.google.errorprone.BaseErrorProneJavaCompiler (in unnamed module @0x5204062d) cannot access class com.sun.tools.javac.api.BasicJavacTask (in module jdk.compiler) because module jdk.compiler does not export com.sun.tools.javac.api to unnamed module @0x5204062d

<profile>
	<id>errorprone</id>
	<activation>
		<activeByDefault>true</activeByDefault>
	</activation>

	<build>
		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<version>${version.compiler.plugin}</version>
				<configuration>
					<release>${version.java}</release>
					<showWarnings>true</showWarnings>
					<failOnWarning>true</failOnWarning>
					<maxmem>2048m</maxmem>
					<compilerArgs>
						<arg>-XDcompilePolicy=simple</arg>
						<arg>-Xplugin:ErrorProne -Xep:UnusedMethod:OFF -Xep:JavaTimeDefaultTimeZone:OFF -Xep:ObjectEqualsForPrimitives:OFF</arg>
					</compilerArgs>
					<annotationProcessorPaths>
						<path>
							<groupId>org.hibernate</groupId>
							<artifactId>hibernate-jpamodelgen</artifactId>
							<version>${version.wildfly.org.hibernate}</version>
						</path>
						<path>
							<groupId>com.google.errorprone</groupId>
							<artifactId>error_prone_core</artifactId>
							<version>${version.errorprone}</version>
						</path>
					</annotationProcessorPaths>
				</configuration>
			</plugin>
		</plugins>
	</build>
</profile>

[cushon]

@codylerum google/turbine is still successfully using JDK 16 EA. Are you using <fork>true</fork>? Do you have a complete example?

[codylerum]

@cushon I was able to distill it down a bit and got things working. Here is a working example (runs on 15 and 16) for anyone else who finds this.

<profile>
	<id>errorprone</id>
	<activation>
		<activeByDefault>false</activeByDefault>
	</activation>

	<build>
		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<version>${version.compiler.plugin}</version>
				<configuration>
					<release>${version.java}</release>
					<showWarnings>true</showWarnings>
					<failOnWarning>false</failOnWarning>
					<maxmem>2048m</maxmem>
					<fork>true</fork>
					<compilerArgs>
						<arg>-parameters</arg>
						<arg>-XDcompilePolicy=simple</arg>
						<arg>-Xplugin:ErrorProne -Xep:UnusedMethod:OFF -Xep:JavaTimeDefaultTimeZone:OFF -Xep:ObjectEqualsForPrimitives:OFF</arg>
						<arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED</arg>
						<arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED</arg>
						<arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.main=ALL-UNNAMED</arg>
						<arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED</arg>
						<arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED</arg>
						<arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.processing=ALL-UNNAMED</arg>
						<arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED</arg>
						<arg>-J--add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED</arg>
						<arg>-J--add-opens=jdk.compiler/com.sun.tools.javac.comp=ALL-UNNAMED</arg>
					</compilerArgs>
					<annotationProcessorPaths>
						<path>
							<groupId>org.hibernate</groupId>
							<artifactId>hibernate-jpamodelgen</artifactId>
							<version>${version.hibernate}</version>
						</path>
						<path>
							<groupId>com.google.errorprone</groupId>
							<artifactId>error_prone_core</artifactId>
							<version>${version.errorprone}</version>
						</path>
					</annotationProcessorPaths>
				</configuration>
			</plugin>
		</plugins>
	</build>
</profile>

[michaelhixson]

Adding <fork>true</true> means that the flags for Error Prone must all be declared on a single line, right? That is, the formatting shown for JDK 9+ on the documentation website doesn't work? https://errorprone.info/docs/flags#maven

<arg>
  -Xplugin:ErrorProne
  -Xep:DeadException:WARN
  -Xep:GuardedBy:OFF
</arg>

That's the behavior I'm seeing. I use a large number of flags with XML comments interspersed, so this is really unfortunate.

[tbroyer]

When using <fork>true</fork>, Maven (plexus-compiler actually) will use an argument file, so it's using Javac's own parsing rules, where you need to use line-continuations for multiline arguments; i.e. end your lines with a \.
(Disclaimer: I haven't actually tested it, only read the JDK's code)

[cushon]

Thanks @tbroyer, using line continuations works for me with <fork>true</fork>.

I pushed a change to update the installation docs for JDK 16, and to also mention line continuations in the flag docs: 038d3dc

[codylerum]

@cushon is this the long-term plan or is there any investigation being done as to what would be needed from OpenJDK so that error prone could run without requiring these compiler options?

[joschi]

I pushed a change to update the installation docs for JDK 16, and to also mention line continuations in the flag docs: 038d3dc

@cushon I think there was an "opens" argument missing. I had to add -J--add-opens=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED in order to make it work for our project:
dropwizard/dropwizard@28a9283

Failed GitHub workflow run: https://github.com/dropwizard/dropwizard/runs/2130657086#step:8:1666

Full error message with stacktrace

Error:  /home/runner/work/dropwizard/dropwizard/dropwizard-lifecycle/src/test/java/io/dropwizard/lifecycle/setup/LifecycleEnvironmentTest.java:[59,63] error: An unhandled exception was thrown by the Error Prone static analysis plugin.
     Please report this at https://github.com/google/error-prone/issues/new and include the following:
  
     error-prone version: 2.5.1
     BugPattern: FutureReturnValueIgnored
     Stack Trace:
     java.lang.reflect.InaccessibleObjectException: Unable to make field final com.sun.tools.javac.code.Type$StructuralTypeMapping com.sun.tools.javac.code.Type$StructuralTypeMapping$4.this$0 accessible: module jdk.compiler does not "opens com.sun.tools.javac.code" to unnamed module @1efee8e7
  	at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:357)
  	at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297)
  	at java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:177)
  	at java.base/java.lang.reflect.Field.setAccessible(Field.java:171)
  	at com.google.errorprone.bugpatterns.AbstractReturnValueIgnored.getSubst(AbstractReturnValueIgnored.java:435)
  	at com.google.errorprone.bugpatterns.AbstractReturnValueIgnored.getResolvedGenerics(AbstractReturnValueIgnored.java:418)
  	at com.google.errorprone.bugpatterns.AbstractReturnValueIgnored.checkLostType(AbstractReturnValueIgnored.java:369)
  	at com.google.errorprone.bugpatterns.AbstractReturnValueIgnored.matchMethodInvocation(AbstractReturnValueIgnored.java:130)
  	at com.google.errorprone.scanner.ErrorProneScanner.processMatchers(ErrorProneScanner.java:450)
  	at com.google.errorprone.scanner.ErrorProneScanner.visitMethodInvocation(ErrorProneScanner.java:747)
  	at com.google.errorprone.scanner.ErrorProneScanner.visitMethodInvocation(ErrorProneScanner.java:151)
  	at jdk.compiler/com.sun.tools.javac.tree.JCTree$JCMethodInvocation.accept(JCTree.java:1761)
  	at jdk.compiler/com.sun.source.util.TreePathScanner.scan(TreePathScanner.java:86)
  	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:74)
  	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:48)
  	at jdk.compiler/com.sun.source.util.TreeScanner.scanAndReduce(TreeScanner.java:94)
  	at jdk.compiler/com.sun.source.util.TreeScanner.visitVariable(TreeScanner.java:229)
  	at com.google.errorprone.scanner.ErrorProneScanner.visitVariable(ErrorProneScanner.java:886)
  	at com.google.errorprone.scanner.ErrorProneScanner.visitVariable(ErrorProneScanner.java:151)
  	at jdk.compiler/com.sun.tools.javac.tree.JCTree$JCVariableDecl.accept(JCTree.java:1001)
  	at jdk.compiler/com.sun.source.util.TreePathScanner.scan(TreePathScanner.java:86)
  	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:74)
  	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:48)
  	at jdk.compiler/com.sun.source.util.TreeScanner.scanAndReduce(TreeScanner.java:94)
  	at jdk.compiler/com.sun.source.util.TreeScanner.scan(TreeScanner.java:109)
  	at jdk.compiler/com.sun.source.util.TreeScanner.visitBlock(TreeScanner.java:254)
  	at com.google.errorprone.scanner.ErrorProneScanner.visitBlock(ErrorProneScanner.java:521)
  	at com.google.errorprone.scanner.ErrorProneScanner.visitBlock(ErrorProneScanner.java:151)
  	at jdk.compiler/com.sun.tools.javac.tree.JCTree$JCBlock.accept(JCTree.java:1059)
  	at jdk.compiler/com.sun.source.util.TreePathScanner.scan(TreePathScanner.java:86)
  	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:74)
  	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:48)
  	at jdk.compiler/com.sun.source.util.TreeScanner.scanAndReduce(TreeScanner.java:94)
  	at jdk.compiler/com.sun.source.util.TreeScanner.visitMethod(TreeScanner.java:212)
  	at com.google.errorprone.scanner.ErrorProneScanner.visitMethod(ErrorProneScanner.java:741)
  	at com.google.errorprone.scanner.ErrorProneScanner.visitMethod(ErrorProneScanner.java:151)
  	at jdk.compiler/com.sun.tools.javac.tree.JCTree$JCMethodDecl.accept(JCTree.java:925)
  	at jdk.compiler/com.sun.source.util.TreePathScanner.scan(TreePathScanner.java:86)
  	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:74)
  	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:48)
  	at jdk.compiler/com.sun.source.util.TreeScanner.scanAndReduce(TreeScanner.java:94)
  	at jdk.compiler/com.sun.source.util.TreeScanner.scan(TreeScanner.java:109)
  	at jdk.compiler/com.sun.source.util.TreeScanner.scanAndReduce(TreeScanner.java:117)
  	at jdk.compiler/com.sun.source.util.TreeScanner.visitClass(TreeScanner.java:193)
  	at com.google.errorprone.scanner.ErrorProneScanner.visitClass(ErrorProneScanner.java:549)
  	at com.google.errorprone.scanner.ErrorProneScanner.visitClass(ErrorProneScanner.java:151)
  	at jdk.compiler/com.sun.tools.javac.tree.JCTree$JCClassDecl.accept(JCTree.java:832)
  	at jdk.compiler/com.sun.source.util.TreePathScanner.scan(TreePathScanner.java:86)
  	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:74)
  	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:48)
  	at jdk.compiler/com.sun.source.util.TreeScanner.scan(TreeScanner.java:109)
  	at jdk.compiler/com.sun.source.util.TreeScanner.scanAndReduce(TreeScanner.java:117)
  	at jdk.compiler/com.sun.source.util.TreeScanner.visitCompilationUnit(TreeScanner.java:148)
  	at com.google.errorprone.scanner.ErrorProneScanner.visitCompilationUnit(ErrorProneScanner.java:561)
  	at com.google.errorprone.scanner.ErrorProneScanner.visitCompilationUnit(ErrorProneScanner.java:151)
  	at jdk.compiler/com.sun.tools.javac.tree.JCTree$JCCompilationUnit.accept(JCTree.java:603)
  	at jdk.compiler/com.sun.source.util.TreePathScanner.scan(TreePathScanner.java:60)
  	at com.google.errorprone.scanner.Scanner.scan(Scanner.java:58)
  	at com.google.errorprone.scanner.ErrorProneScannerTransformer.apply(ErrorProneScannerTransformer.java:43)
  	at com.google.errorprone.ErrorProneAnalyzer.finished(ErrorProneAnalyzer.java:152)
  	at jdk.compiler/com.sun.tools.javac.api.MultiTaskListener.finished(MultiTaskListener.java:132)
  	at jdk.compiler/com.sun.tools.javac.main.JavaCompiler.flow(JavaCompiler.java:1421)
  	at jdk.compiler/com.sun.tools.javac.main.JavaCompiler.flow(JavaCompiler.java:1368)
  	at jdk.compiler/com.sun.tools.javac.main.JavaCompiler.compile(JavaCompiler.java:960)
  	at jdk.compiler/com.sun.tools.javac.main.Main.compile(Main.java:317)
  	at jdk.compiler/com.sun.tools.javac.main.Main.compile(Main.java:176)
  	at jdk.compiler/com.sun.tools.javac.Main.compile(Main.java:64)
  	at jdk.compiler/com.sun.tools.javac.Main.main(Main.java:50)

[fprochazka]

I've come to the conclusion, that it's easier to just specify the flags through maven

I've created a jvm-build.options file:

--illegal-access=debug
--add-opens java.base/java.io=ALL-UNNAMED
--add-opens java.base/java.lang.reflect=ALL-UNNAMED
--add-opens java.base/java.lang=ALL-UNNAMED
--add-opens java.base/java.time=ALL-UNNAMED
--add-opens java.base/java.util.concurrent.atomic=ALL-UNNAMED
--add-opens java.base/java.util.regex=ALL-UNNAMED
--add-opens java.base/javax.crypto=ALL-UNNAMED
--add-opens java.base/sun.nio.ch=ALL-UNNAMED
--add-opens jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED
--add-opens jdk.compiler/com.sun.tools.javac.comp=ALL-UNNAMED
--add-opens jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED

and then specify it in CI config as a part of MAVEN_OPTS

environment:
  MAVEN_OPTS: "-Xmx800m -Xms512m @jvm-build.options"

The options file can be also easily used in IDE

The full maven-compiler-plugin can then look for example like this:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-compiler-plugin</artifactId>
    <configuration combine.self="append">
        <release>${java.version}</release>
        <showWarnings>true</showWarnings>
        <compilerArgs combine.self="override">
            <arg>-Werror</arg>
            <arg>-Xlint:all,-fallthrough,-processing,-serial,-classfile,-path</arg>
            <arg>-parameters</arg>
            <arg>-XDcompilePolicy=simple</arg>
            <arg>-Xplugin:ErrorProne
                -XepDisableWarningsInGeneratedCode
                -XepAllDisabledChecksAsWarnings
                -Xep:AndroidJdkLibsChecker:OFF
                -Xep:BooleanParameter:OFF
                -Xep:CatchingUnchecked:OFF
                -Xep:DeduplicateConstants:OFF
                -Xep:FieldCanBeFinal:OFF
                -Xep:HashCodeToString:OFF
                -Xep:InconsistentOverloads:OFF
                -Xep:InvalidBlockTag:OFF
                -Xep:Java7ApiChecker:OFF
                -Xep:MethodCanBeStatic:OFF
                -Xep:MissingSummary:OFF
                -Xep:NoFunctionalReturnType:OFF
                -Xep:StaticOrDefaultInterfaceMethod:OFF
                -Xep:StaticQualifiedUsingExpression:OFF
                -Xep:StringSplitter:OFF
                -Xep:SuppressWarningsWithoutExplanation:OFF
                -Xep:TryFailRefactoring:OFF
                -Xep:TypeParameterNaming:OFF
                -Xep:UseTimeInScope:OFF
                -Xep:Var:OFF
                -Xep:WildcardImport:OFF
                -Xep:NullAway:WARN
                -XepOpt:NullAway:AnnotatedPackages=com.cogvio
                -XepOpt:NullAway:TreatGeneratedAsUnannotated=true
                -XepOpt:NullAway:AcknowledgeRestrictiveAnnotations=true
                -XepOpt:NullAway:KnownInitializers=org.springframework.beans.factory.InitializingBean.afterPropertiesSet
                -XepOpt:NullAway:ExcludedFieldAnnotations=org.springframework.beans.factory.annotation.Autowired
            </arg>
        </compilerArgs>
        <annotationProcessorPaths combine.self="append">
            <path>
                <groupId>com.google.errorprone</groupId>
                <artifactId>error_prone_core</artifactId>
                <version>2.5.1</version>
            </path>
            <path>
                <groupId>com.google.guava</groupId>
                <artifactId>guava</artifactId>
                <version>30.1-jre</version>
            </path>
            <path>
                <groupId>com.uber.nullaway</groupId>
                <artifactId>nullaway</artifactId>
                <version>0.8.0</version>
            </path>
        </annotationProcessorPaths>
    </configuration>
</plugin>

[cushon]

@joschi thanks, I added that flag too in the instructions: 9014ef5

[cushon]

I'm going to close this. If you encounter any more flags that need to be added please report those, and I'll keep iterating on the list in the installation instructions.

[tbroyer]

@tbroyer if the plugin can add them by default, that SGTM. I was planning to update the release instructions in time for JDK 16 to mention this also.

I just released v2.0.0 of the net.ltgt.errorprone plugin that does just that.