Upgrade Project Reactor 2024.0.4 -> 2024.0.5 (#1643)

See:
- https://github.com/reactor/reactor/releases/tag/2024.0.5
- https://github.com/reactor/reactor/compare/2024.0.4...2024.0.5

.github/ISSUE_TEMPLATE/bug_report.md

@@ -42,9 +42,9 @@ Please replace this sentence with log output, if applicable.
 <!-- Please complete the following information: -->
 
 - Operating system (e.g. MacOS Monterey).
-- Java version (i.e. `java --version`, e.g. `17.0.3`).
-- Error Prone version (e.g. `2.15.0`).
-- Error Prone Support version (e.g. `0.3.0`).
+- Java version (i.e. `java --version`, e.g. `17.0.13`).
+- Error Prone version (e.g. `2.35.1`).
+- Error Prone Support version (e.g. `0.19.0`).
 
 ### Additional context
 

.github/release.yml

@@ -3,16 +3,16 @@ changelog:
     labels:
       - "ignore-changelog"
   categories:
+    - title: ":warning: Update considerations and deprecations"
+      labels:
+        - "breaking change"
+        - "deprecation"
     - title: ":rocket: New Error Prone checks and Refaster rules"
       labels:
         - "new feature"
     - title: ":sparkles: Improvements"
       labels:
         - "improvement"
-    - title: ":warning: Update considerations and deprecations"
-      labels:
-        - "breaking change"
-        - "deprecation"
     - title: ":bug: Bug fixes"
       labels:
         - "bug"

.github/workflows/build.yaml

@@ -1,56 +0,0 @@
-name: Build and verify
-on:
-  pull_request:
-  push:
-    branches: [ master ]
-permissions:
-  contents: read
-jobs:
-  build:
-    strategy:
-      matrix:
-        os: [ ubuntu-22.04 ]
-        jdk: [ 11.0.16, 17.0.4, 19 ]
-        distribution: [ temurin ]
-        experimental: [ false ]
-        include:
-          - os: macos-12
-            jdk: 17.0.4
-            distribution: temurin
-            experimental: false
-          - os: windows-2022
-            jdk: 17.0.4
-            distribution: temurin
-            experimental: false
-          # XXX: Re-enable this build after upgrading to Error Prone 2.17.
-          #- os: ubuntu-22.04
-          #  jdk: 20-ea
-          #  distribution: zulu
-          #  experimental: true
-    runs-on: ${{ matrix.os }}
-    continue-on-error: ${{ matrix.experimental }}
-    steps:
-        # We run the build twice for each supported JDK: once against the
-        # original Error Prone release, using only Error Prone checks available
-        # on Maven Central, and once against the Picnic Error Prone fork,
-        # additionally enabling all checks defined in this project and any
-        # Error Prone checks available only from other artifact repositories.
-      - name: Check out code
-        uses: actions/checkout@v3.1.0
-      - name: Set up JDK
-        uses: actions/setup-java@v3.8.0
-        with:
-          java-version: ${{ matrix.jdk }}
-          distribution: ${{ matrix.distribution }}
-          cache: maven
-      - name: Display build environment details
-        run: mvn --version
-      - name: Build project against vanilla Error Prone, compile Javadoc
-        run: mvn -T1C install javadoc:jar
-      - name: Build project with self-check against Error Prone fork
-        run: mvn -T1C clean verify -Perror-prone-fork -Pnon-maven-central -Pself-check -s settings.xml
-      - name: Remove installed project artifacts
-        run: mvn build-helper:remove-project-artifact
-
-# XXX: Enable Codecov once we "go public".
-# XXX: Enable SonarCloud once we "go public".

.github/workflows/build.yml

@@ -0,0 +1,63 @@
+name: Build and verify
+on:
+  pull_request:
+  push:
+    branches: [ master ]
+permissions:
+  contents: read
+jobs:
+  build:
+    strategy:
+      matrix:
+        os: [ ubuntu-24.04 ]
+        jdk: [ 17.0.13, 21.0.5, 23.0.1 ]
+        distribution: [ temurin ]
+        experimental: [ false ]
+        include:
+          - os: macos-15
+            jdk: 17.0.13
+            distribution: temurin
+            experimental: false
+          - os: windows-2025
+            jdk: 17.0.13
+            distribution: temurin
+            experimental: false
+    runs-on: ${{ matrix.os }}
+    continue-on-error: ${{ matrix.experimental }}
+    steps:
+      - name: Install Harden-Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.adoptium.net:443
+            github.com:443
+            github-registry-files.githubusercontent.com:443
+            jitpack.io:443
+            maven.pkg.github.com:443
+            objects.githubusercontent.com:443
+            repo.maven.apache.org:443
+      # We run the build twice for each supported JDK: once against the
+      # original Error Prone release, using only Error Prone checks available
+      # on Maven Central, and once against the Picnic Error Prone fork,
+      # additionally enabling all checks defined in this project and any Error
+      # Prone checks available only from other artifact repositories.
+      - name: Check out code and set up JDK and Maven
+        uses: s4u/setup-maven-action@4f7fb9d9675e899ca81c6161dadbba0189a4ebb1 # v1.18.0
+        with:
+          java-version: ${{ matrix.jdk }}
+          java-distribution: ${{ matrix.distribution }}
+          maven-version: 3.9.9
+      - name: Display build environment details
+        run: mvn --version
+      - name: Build project against vanilla Error Prone, compile Javadoc
+        run: mvn -T1C install javadoc:jar
+      - name: Build project with self-check against Error Prone fork
+        run: mvn -T1C clean verify -Perror-prone-fork -Pnon-maven-central -Pself-check -s settings.xml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Remove installed project artifacts
+        run: mvn dependency:purge-local-repository -DmanualInclude='${project.groupId}' -DresolutionFuzziness=groupId
+
+# XXX: Enable Codecov once we "go public".

.github/workflows/codeql.yml

@@ -0,0 +1,52 @@
+# Analyzes the code using GitHub's default CodeQL query database.
+# Identified issues are registered with GitHub's code scanning dashboard. When
+# a pull request is analyzed, any offending lines are annotated. See
+# https://codeql.github.com for details.
+name: CodeQL analysis
+on:
+  pull_request:
+  push:
+    branches: [ master ]
+  schedule:
+    - cron: '0 4 * * 1'
+permissions:
+  contents: read
+jobs:
+  analyze:
+    strategy:
+      matrix:
+        language: [ java, ruby ]
+    permissions:
+      contents: read
+      security-events: write
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Install Harden-Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.adoptium.net:443
+            api.github.com:443
+            github.com:443
+            objects.githubusercontent.com:443
+            repo.maven.apache.org:443
+            uploads.github.com:443
+      - name: Check out code and set up JDK and Maven
+        uses: s4u/setup-maven-action@4f7fb9d9675e899ca81c6161dadbba0189a4ebb1 # v1.18.0
+        with:
+          java-version: 17.0.13
+          java-distribution: temurin
+          maven-version: 3.9.9
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
+        with:
+          languages: ${{ matrix.language }}
+      - name: Perform minimal build
+        if: matrix.language == 'java'
+        run: mvn -T1C clean package -DskipTests -Dverification.skip
+      - name: Perform CodeQL analysis
+        uses: github/codeql-action/analyze@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
+        with:
+          category: /language:${{ matrix.language }}

.github/workflows/deploy-website.yaml

@@ -1,49 +0,0 @@
-name: Update `error-prone.picnic.tech` website content
-on:
-  pull_request:
-  push:
-    branches: [ master, website ]
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-jobs:
-  build:
-    permissions:
-      contents: read
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v3.1.0
-      - uses: ruby/setup-ruby@v1.126.0
-        with:
-          working-directory: ./website
-          bundler-cache: true
-      - name: Configure Github Pages
-        uses: actions/configure-pages@v2.1.3
-      - name: Generate documentation
-        run: ./generate-docs.sh
-      - name: Build website with Jekyll
-        working-directory: ./website
-        run: bundle exec jekyll build
-      - name: Validate HTML output
-        working-directory: ./website
-        # XXX: Drop `--disable_external true` once we fully adopted the
-        # "Refaster rules" terminology on our website and in the code.
-        run: bundle exec htmlproofer --disable_external true --check-external-hash false ./_site
-      - name: Upload website as artifact
-        uses: actions/upload-pages-artifact@v1.0.5
-        with:
-          path: ./website/_site
-  deploy:
-    if: github.ref == 'refs/heads/website'
-    needs: build
-    permissions:
-      id-token: write
-      pages: write
-    runs-on: ubuntu-22.04
-    environment:
-      name: github-pages
-      url: ${{ steps.deployment.outputs.page_url }}
-    steps:
-      - name: Deploy to GitHub Pages
-        id: deployment
-        uses: actions/deploy-pages@v1.2.3

.github/workflows/deploy-website.yml

@@ -0,0 +1,86 @@
+name: Update `error-prone.picnic.tech` website content
+on:
+  pull_request:
+  push:
+    branches: [ master, website ]
+permissions:
+  contents: read
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+jobs:
+  build:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Install Harden-Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.adoptium.net:443
+            api.github.com:443
+            bestpractices.coreinfrastructure.org:443
+            blog.picnic.nl:443
+            docs.github.com:443
+            errorprone.info:443
+            github.com:443
+            img.shields.io:443
+            index.rubygems.org:443
+            jitpack.io:443
+            maven.apache.org:443
+            objects.githubusercontent.com:443
+            pitest.org:443
+            repo.maven.apache.org:443
+            rubygems.org:443
+            search.maven.org:443
+            securityscorecards.dev:443
+            sonarcloud.io:443
+            www.baeldung.com:443
+            www.bestpractices.dev:443
+            www.youtube.com:443
+            youtrack.jetbrains.com:443
+      - name: Check out code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - uses: ruby/setup-ruby@1a615958ad9d422dd932dc1d5823942ee002799f # v1.227.0
+        with:
+          working-directory: ./website
+          bundler-cache: true
+      - name: Configure Github Pages
+        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
+      - name: Generate documentation
+        run: ./generate-docs.sh
+      - name: Build website with Jekyll
+        working-directory: ./website
+        run: bundle exec jekyll build
+      - name: Validate HTML output
+        working-directory: ./website
+        # XXX: Drop `--disable_external true` once we fully adopted the
+        # "Refaster rules" terminology on our website and in the code.
+        run: bundle exec htmlproofer --disable_external true --check-external-hash false ./_site
+      - name: Upload website as artifact
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
+        with:
+          path: ./website/_site
+  deploy:
+    if: github.ref == 'refs/heads/website'
+    needs: build
+    permissions:
+      id-token: write
+      pages: write
+    runs-on: ubuntu-24.04
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+      - name: Install Harden-Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5

.github/workflows/openssf-scorecard.yml

@@ -0,0 +1,53 @@
+# Analyzes the code base and GitHub project configuration for adherence to
+# security best practices for open source software. Identified issues are
+# registered with GitHub's code scanning dashboard. When a pull request is
+# analyzed, any offending lines are annotated. See
+# https://securityscorecards.dev for details.
+name: OpenSSF Scorecard update
+on:
+  pull_request:
+  push:
+    branches: [ master ]
+  schedule:
+    - cron: '0 4 * * 1'
+permissions:
+  contents: read
+jobs:
+  analyze:
+    permissions:
+      contents: read
+      security-events: write
+      id-token: write
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Install Harden-Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.deps.dev:443
+            api.github.com:443
+            api.osv.dev:443
+            api.scorecard.dev:443
+            api.securityscorecards.dev:443
+            github.com:443
+            index.docker.io:443
+            oss-fuzz-build-logs.storage.googleapis.com:443
+            repo.maven.apache.org:443
+            *.sigstore.dev:443
+            www.bestpractices.dev:443
+      - name: Check out code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - name: Run OpenSSF Scorecard analysis
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: ${{ github.ref == 'refs/heads/master' }}
+      - name: Update GitHub's code scanning dashboard
+        uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
+        with:
+          sarif_file: results.sarif

.github/workflows/pitest-analyze-pr.yml

@@ -9,18 +9,25 @@ permissions:
   contents: read
 jobs:
   analyze-pr:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
-      - name: Check out code
-        uses: actions/checkout@v3.1.0
+      - name: Install Harden-Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
         with:
-          fetch-depth: 2
-      - name: Set up JDK
-        uses: actions/setup-java@v3.8.0
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.adoptium.net:443
+            github.com:443
+            objects.githubusercontent.com:443
+            repo.maven.apache.org:443
+      - name: Check out code and set up JDK and Maven
+        uses: s4u/setup-maven-action@4f7fb9d9675e899ca81c6161dadbba0189a4ebb1 # v1.18.0
         with:
-          java-version: 17.0.4
-          distribution: temurin
-          cache: maven
+          checkout-fetch-depth: 2
+          java-version: 17.0.13
+          java-distribution: temurin
+          maven-version: 3.9.9
       - name: Run Pitest
         # By running with features `+GIT(from[HEAD~1]), +gitci`, Pitest only
         # analyzes lines changed in the associated pull request, as GitHub
@@ -31,7 +38,7 @@ jobs:
       - name: Aggregate Pitest reports
         run: mvn pitest-git:aggregate -DkilledEmoji=":tada:" -DmutantEmoji=":zombie:" -DtrailingText="Mutation testing report by [Pitest](https://pitest.org/). Review any surviving mutants by inspecting the line comments under [_Files changed_](${{ github.event.number }}/files)."
       - name: Upload Pitest reports as artifact
-        uses: actions/upload-artifact@v3.1.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: pitest-reports
           path: ./target/pit-reports-ci

.github/workflows/pitest-update-pr.yml

@@ -9,24 +9,35 @@ on:
       - completed
 permissions:
   actions: read
-  checks: write
-  contents: read
-  pull-requests: write
 jobs:
   update-pr:
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
-    runs-on: ubuntu-22.04
+    permissions:
+      actions: read
+      checks: write
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-24.04
     steps:
-      - name: Check out code
-        uses: actions/checkout@v3.1.0
-      - name: Set up JDK
-        uses: actions/setup-java@v3.8.0
+      - name: Install Harden-Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
         with:
-          java-version: 17.0.4
-          distribution: temurin
-          cache: maven
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.adoptium.net:443
+            api.github.com:443
+            github.com:443
+            objects.githubusercontent.com:443
+            repo.maven.apache.org:443
+      - name: Check out code and set up JDK and Maven
+        uses: s4u/setup-maven-action@4f7fb9d9675e899ca81c6161dadbba0189a4ebb1 # v1.18.0
+        with:
+          java-version: 17.0.13
+          java-distribution: temurin
+          maven-version: 3.9.9
       - name: Download Pitest analysis artifact
-        uses: dawidd6/action-download-artifact@v2.24.2
+        uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4
         with:
           workflow: ${{ github.event.workflow_run.workflow_id }}
           name: pitest-reports

.github/workflows/run-integration-tests.yml

@@ -0,0 +1,63 @@
+# If requested by means of a pull request comment, runs integration tests
+# against the project, using the code found on the pull request branch.
+# XXX: Review whether then build matrix should also vary JDK or OS versions.
+# XXX: Support `/integration-test [name...]` comment syntax to specify the
+# subset of integration tests to run.
+# See this example of a dynamic build matrix:
+# https://docs.github.com/en/actions/learn-github-actions/expressions#example-returning-a-json-object
+name: "Integration tests"
+on:
+  issue_comment:
+    types: [ created ]
+permissions:
+  contents: read
+jobs:
+  run-integration-tests:
+    name: On-demand integration test
+    if: |
+      github.event.issue.pull_request && contains(github.event.comment.body, '/integration-test')
+    runs-on: ubuntu-24.04
+    strategy:
+      matrix:
+        integration-test: [ "checkstyle", "metrics", "prometheus-java-client" ]
+    steps:
+      - name: Install Harden-Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+        with:
+          disable-sudo: true
+          egress-policy: block
+          # XXX: After updating the validation build flags in
+          # `integration-tests/prometheus-java-client.sh`, review whether the
+          # Docker domains specified here can be dropped.
+          allowed-endpoints: >
+            api.adoptium.net:443
+            auth.docker.io:443
+            checkstyle.org:443
+            example.com:80
+            github.com:443
+            objects.githubusercontent.com:443
+            oss.sonatype.org:443
+            production.cloudflare.docker.com:443
+            raw.githubusercontent.com:443
+            registry-1.docker.io:443
+            repo.maven.apache.org:443
+            repository.sonatype.org:443
+      - name: Check out code and set up JDK and Maven
+        uses: s4u/setup-maven-action@4f7fb9d9675e899ca81c6161dadbba0189a4ebb1 # v1.18.0
+        with:
+          checkout-ref: "refs/pull/${{ github.event.issue.number }}/head"
+          java-version: 17.0.13
+          java-distribution: temurin
+          maven-version: 3.9.9
+      - name: Install project to local Maven repository
+        run: mvn -T1C install -DskipTests -Dverification.skip
+      - name: Run integration test
+        run: xvfb-run "./integration-tests/${{ matrix.integration-test }}.sh" "${{ runner.temp }}/artifacts"
+      - name: Upload artifacts on failure
+        if: ${{ failure() }}
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: "integration-test-${{ matrix.integration-test }}"
+          path: "${{ runner.temp }}/artifacts"
+      - name: Remove installed project artifacts
+        run: mvn dependency:purge-local-repository -DmanualInclude='${project.groupId}' -DresolutionFuzziness=groupId

.github/workflows/sonarcloud.yml

@@ -0,0 +1,51 @@
+# Analyzes the code base using SonarCloud. See
+# https://sonarcloud.io/project/overview?id=PicnicSupermarket_error-prone-support.
+name: SonarCloud analysis
+on:
+  pull_request:
+  push:
+    branches: [ master ]
+  schedule:
+    - cron: '0 4 * * 1'
+permissions:
+  contents: read
+jobs:
+  analyze:
+    # Analysis of code in forked repositories is skipped, as such workflow runs
+    # do not have access to the requisite secrets.
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
+    permissions:
+      contents: read
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Install Harden-Runner
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            analysis-sensorcache-eu-central-1-prod.s3.amazonaws.com:443
+            api.adoptium.net:443
+            api.nuget.org:443
+            ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443
+            github.com:443
+            objects.githubusercontent.com:443
+            repo.maven.apache.org:443
+            sc-cleancode-sensorcache-eu-central-1-prod.s3.amazonaws.com:443
+            *.sonarcloud.io:443
+            sonarcloud.io:443
+      - name: Check out code and set up JDK and Maven
+        uses: s4u/setup-maven-action@4f7fb9d9675e899ca81c6161dadbba0189a4ebb1 # v1.18.0
+        with:
+          checkout-fetch-depth: 0
+          java-version: 17.0.13
+          java-distribution: temurin
+          maven-version: 3.9.9
+      - name: Create missing `test` directory
+        # XXX: Drop this step in favour of actually having a test.
+        run: mkdir refaster-compiler/src/test
+      - name: Perform SonarCloud analysis
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: mvn -T1C jacoco:prepare-agent verify jacoco:report sonar:sonar -Dverification.skip -Dsonar.projectKey=PicnicSupermarket_error-prone-support

.gitignore

@@ -4,8 +4,12 @@
 .DS_Store
 .factorypath
 .idea
+!.idea/icon.svg
 .project
 .settings
 target
 *.iml
 *.swp
+
+# The Git repositories checked out by the integration test framework.
+integration-tests/.repos

.idea/icon.svg

@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg width="100%" height="100%" viewBox="0 0 1259 1199" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
+    <g transform="matrix(1,0,0,1,-624.154,-988.431)">
+        <g transform="matrix(1,0,0,1,-70.1122,-35.0561)">
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1227.03,1988.79C1237.78,2070.45 1225.83,2190.1 1192.24,2194.53C1158.65,2198.95 1116.14,2086.46 1105.39,2004.81C1094.64,1923.16 1128.44,1902.11 1153.32,1898.84C1178.18,1895.56 1216.28,1907.14 1227.03,1988.79Z" style="fill:rgb(219,220,211);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1151.08,1881.86C1134.93,1883.99 1114.77,1892.69 1101.6,1913.17C1088.42,1933.64 1082.71,1963.73 1088.42,2007.04C1094.04,2049.75 1107.59,2099.16 1124.51,2138.68C1132.97,2158.45 1142.15,2175.68 1152.59,2188.86C1163.04,2202.05 1176.31,2213.89 1194.48,2211.5C1212.65,2209.11 1222.39,2194.23 1229.07,2178.8C1235.75,2163.36 1240.15,2144.34 1243.21,2123.05C1249.32,2080.5 1249.63,2029.27 1244,1986.56C1238.3,1943.24 1225,1915.66 1206.98,1899.29C1188.95,1882.93 1167.22,1879.74 1151.08,1881.86ZM1155.55,1915.81C1164.27,1914.66 1174.03,1915.62 1183.96,1924.64C1193.89,1933.66 1205.01,1952.69 1210.06,1991.03C1215.18,2029.97 1214.89,2079.4 1209.32,2118.19C1206.53,2137.58 1202.32,2154.4 1197.65,2165.2C1194.14,2173.29 1190.82,2176.3 1189.96,2177.22C1188.89,2176.55 1184.91,2174.51 1179.43,2167.6C1172.12,2158.38 1163.7,2143.22 1155.99,2125.21C1140.57,2089.18 1127.49,2041.51 1122.36,2002.57C1117.32,1964.24 1123.13,1942.97 1130.39,1931.69C1137.65,1920.42 1146.82,1916.96 1155.55,1915.81Z" style="fill:rgb(26,26,26);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1516.33,1963.1C1466.19,1897.75 1427.4,1906.77 1407.5,1922.05C1387.59,1937.32 1368.84,1972.45 1418.98,2037.8C1431.75,2054.44 1447.26,2071.84 1463.69,2088.19C1495.18,2119.52 1534.33,2139.39 1582.98,2126.14C1606.4,2119.76 1622.19,2110.46 1623.75,2098.64C1625.79,2083.16 1603,2065.78 1569.69,2050.47C1554.75,2019.83 1535.59,1988.2 1516.33,1963.1Z" style="fill:rgb(219,220,211);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1397.07,1908.46C1409.99,1898.55 1430.41,1890.44 1454.2,1895.61C1478,1900.77 1503.31,1918 1529.91,1952.67C1548.92,1977.44 1567.3,2007.65 1582.28,2037.56C1597.47,2044.87 1610.74,2052.64 1621.09,2061.47C1632.68,2071.35 1642.93,2084.12 1640.73,2100.88C1639.05,2113.64 1630.31,2122.66 1620.9,2128.78C1611.49,2134.9 1600.29,2139.17 1587.48,2142.66C1532.39,2157.66 1485.57,2134.11 1451.61,2100.32C1434.7,2083.49 1418.73,2065.6 1405.39,2048.22C1378.79,2013.56 1368.69,1984.64 1369.86,1960.32C1371.04,1936 1384.15,1918.38 1397.07,1908.46ZM1417.92,1935.63C1410.94,1940.99 1404.71,1948.57 1404.07,1961.97C1403.43,1975.37 1409.02,1996.69 1432.56,2027.38C1444.76,2043.27 1459.82,2060.18 1475.77,2076.05C1504.8,2104.93 1536.26,2121.12 1578.48,2109.62C1589.1,2106.73 1597.5,2103.16 1602.23,2100.08C1605.14,2098.18 1606.16,2096.97 1606.54,2096.46C1606.07,2095.66 1604.57,2092.39 1598.86,2087.52C1591.24,2081.02 1578.31,2073.28 1562.54,2066.03L1556.98,2063.47L1554.29,2057.97C1539.86,2028.35 1521.12,1997.46 1502.75,1973.52C1479.2,1942.84 1460.05,1931.91 1446.94,1929.07C1433.84,1926.23 1424.9,1930.27 1417.92,1935.63Z" style="fill:rgb(26,26,26);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M917.121,1633.14C845.801,1674.32 730.68,1709.07 713.738,1679.73C696.797,1650.39 784.453,1568.07 855.777,1526.89C927.102,1485.71 959.48,1508.89 972.02,1530.62C984.562,1552.34 988.445,1591.97 917.121,1633.14Z" style="fill:rgb(219,220,211);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M986.848,1522.06C978.707,1507.95 962.949,1492.66 938.992,1488.32C915.031,1483.98 885.055,1490.22 847.219,1512.07C809.906,1533.61 769.453,1565.03 739.41,1595.79C724.391,1611.17 711.977,1626.24 703.797,1640.94C695.617,1655.64 689.746,1672.42 698.914,1688.29C708.078,1704.17 725.547,1707.48 742.363,1707.74C759.184,1708.01 778.445,1704.79 799.273,1699.47C840.934,1688.83 888.375,1669.51 925.684,1647.97C963.52,1626.12 983.91,1603.29 992.137,1580.37C1000.36,1557.45 994.988,1536.16 986.848,1522.06ZM957.195,1539.18C961.594,1546.79 964.438,1556.18 959.906,1568.8C955.379,1581.43 942.047,1598.98 908.562,1618.32C874.551,1637.96 828.77,1656.6 790.801,1666.3C771.816,1671.14 754.664,1673.69 742.902,1673.5C734.082,1673.37 730.035,1671.45 728.859,1671C729.062,1669.76 729.426,1665.3 733.715,1657.59C739.434,1647.31 750.215,1633.73 763.906,1619.72C791.285,1591.68 830.324,1561.36 864.336,1541.72C897.824,1522.38 919.695,1519.62 932.895,1522.01C946.09,1524.4 952.797,1531.56 957.195,1539.18Z" style="fill:rgb(26,26,26);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1791.57,1526.89C1862.89,1568.07 1950.54,1650.39 1933.61,1679.74C1916.66,1709.08 1801.54,1674.33 1730.22,1633.15C1658.9,1591.97 1662.78,1552.34 1675.32,1530.62C1687.86,1508.89 1720.24,1485.72 1791.57,1526.89Z" style="fill:rgb(219,220,211);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1660.5,1522.06C1652.35,1536.16 1646.98,1557.45 1655.21,1580.37C1663.43,1603.29 1683.82,1626.13 1721.66,1647.97C1758.97,1669.52 1806.41,1688.84 1848.07,1699.48C1868.9,1704.79 1888.16,1708.01 1904.98,1707.75C1921.79,1707.48 1939.27,1704.17 1948.43,1688.3C1957.59,1672.42 1951.73,1655.64 1943.55,1640.94C1935.37,1626.25 1922.95,1611.17 1907.93,1595.79C1877.89,1565.04 1837.43,1533.61 1800.12,1512.07C1762.29,1490.22 1732.31,1483.98 1708.35,1488.32C1684.39,1492.66 1668.64,1507.95 1660.5,1522.06ZM1690.15,1539.18C1694.55,1531.56 1701.25,1524.4 1714.45,1522.02C1727.64,1519.62 1749.52,1522.39 1783,1541.72C1817.02,1561.36 1856.06,1591.68 1883.44,1619.72C1897.12,1633.73 1907.91,1647.32 1913.63,1657.59C1917.92,1665.3 1918.28,1669.77 1918.48,1671.01C1917.31,1671.45 1913.26,1673.37 1904.44,1673.51C1892.68,1673.69 1875.52,1671.15 1856.54,1666.3C1818.57,1656.61 1772.79,1637.96 1738.78,1618.32C1705.29,1598.99 1691.97,1581.43 1687.43,1568.81C1682.91,1556.18 1685.75,1546.8 1690.15,1539.18Z" style="fill:rgb(26,26,26);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1322.81,1013.67C1058.16,1014.17 843.293,1229.45 843.297,1494.11L843.223,1862.19C843.223,1955.32 919.055,2031.16 1012.19,2031.16C1054.55,2031.16 1093.39,2015.51 1123.09,1989.7C1169.54,2049.44 1242.17,2087.79 1323.7,2087.79C1405.22,2087.79 1477.84,2049.45 1524.28,1989.73C1553.98,2015.52 1592.81,2031.16 1635.15,2031.16C1728.29,2031.16 1804.12,1955.32 1804.12,1862.19L1804.12,1494.1C1804.12,1229.09 1588.7,1013.67 1323.69,1013.67L1322.84,1013.67L1322.81,1013.67ZM1322.92,1068.46L1323.69,1068.46C1559.09,1068.46 1749.33,1258.7 1749.33,1494.11L1749.33,1862.19C1749.33,1925.92 1698.88,1976.37 1635.15,1976.37C1596.91,1976.37 1563.67,1958.03 1542.94,1929.68L1517.91,1895.48L1497,1932.34C1462.85,1992.53 1398.48,2033 1323.7,2033C1248.9,2033 1184.52,1992.51 1150.38,1932.3L1129.45,1895.41L1104.43,1929.65C1083.69,1958.02 1050.44,1976.37 1012.19,1976.37C948.461,1976.37 898.016,1925.93 898.012,1862.2L898.086,1494.11C898.086,1259.03 1087.84,1068.92 1322.92,1068.47L1322.92,1068.46Z" style="fill:rgb(26,26,26);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1322.86,1041.07C1072.99,1041.54 870.684,1244.23 870.688,1494.11L870.648,1862.19C870.648,1940.62 933.789,2003.77 1012.22,2003.77C1073.65,2003.77 1125.69,1965.03 1145.37,1910.56C1201.73,1934.69 1262.41,1947.14 1323.72,1947.14C1385.02,1947.14 1445.69,1934.69 1502.04,1910.57C1521.72,1965.04 1573.76,2003.77 1635.19,2003.77C1713.62,2003.77 1776.76,1940.62 1776.76,1862.19L1776.76,1494.11C1776.76,1243.9 1573.93,1041.07 1323.72,1041.07L1322.86,1041.07Z" style="fill:white;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1323.7,1494.1C1449.2,1494.1 1550.24,1595.14 1550.24,1720.64L1550.24,1833.86C1550.24,1959.36 1449.2,2060.4 1323.7,2060.4C1198.2,2060.4 1097.16,1959.36 1097.16,1833.86L1097.16,1720.64C1097.16,1595.14 1198.2,1494.1 1323.7,1494.1Z" style="fill:white;fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1322.86,1041.07C1262.14,1041.18 1204.25,1053.27 1151.36,1075.05C1316.07,1142.87 1432.03,1304.93 1432.03,1494.11L1432.03,1811.95C1432.03,2003.63 1209.62,2024.85 1126.54,1945.82C1177.52,2034.1 1254.55,2060.4 1323.7,2060.4C1408.4,2060.4 1481.95,2014.37 1520.82,1945.86C1546.53,1981.01 1588.08,2003.77 1635.15,2003.77C1713.58,2003.77 1776.72,1940.62 1776.72,1862.19L1776.72,1494.11C1776.72,1243.9 1573.89,1041.07 1323.68,1041.07L1322.86,1041.07Z" style="fill:rgb(219,220,211);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1322.86,1041.07C1304.33,1041.1 1286.06,1042.28 1268.11,1044.48C1492.04,1071.93 1665.46,1262.75 1665.46,1494.11L1665.46,1862.19C1665.46,1920.85 1630.14,1970.94 1579.54,1992.48C1596.59,1999.74 1615.38,2003.77 1635.15,2003.77C1713.58,2003.77 1776.72,1940.62 1776.72,1862.19L1776.72,1494.11C1776.72,1243.9 1573.89,1041.07 1323.68,1041.07L1322.86,1041.07Z" style="fill:rgb(189,191,175);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1322.85,1034.22C1069.29,1034.69 863.84,1240.54 863.84,1494.11L863.766,1862.19C863.766,1944.3 930.078,2010.61 1012.19,2010.61C1057.88,2010.61 1098.53,1989.94 1125.71,1957.58C1166.88,2023.5 1240.02,2067.25 1323.7,2067.25C1407.36,2067.25 1480.48,2023.52 1521.66,1957.62C1548.84,1989.96 1589.47,2010.61 1635.15,2010.61C1717.25,2010.61 1783.57,1944.3 1783.57,1862.19L1783.57,1494.11C1783.57,1240.2 1577.59,1034.21 1323.68,1034.22L1322.85,1034.22ZM1322.86,1047.92L1323.68,1047.92C1570.19,1047.92 1769.87,1247.6 1769.87,1494.11L1769.87,1862.19C1769.87,1936.95 1709.91,1996.92 1635.15,1996.92C1590.29,1996.92 1550.82,1975.26 1526.36,1941.82L1520.1,1933.27L1514.87,1942.48C1477.18,2008.91 1405.92,2053.55 1323.7,2053.55C1241.46,2053.55 1170.19,2008.89 1132.5,1942.44L1127.27,1933.21L1121.02,1941.77C1096.56,1975.24 1057.07,1996.92 1012.19,1996.92C937.43,1996.92 877.469,1936.95 877.465,1862.19L877.539,1494.11C877.539,1247.94 1076.7,1048.39 1322.86,1047.92Z" style="fill:rgb(26,26,26);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1576.29,1470.72C1576.29,1481.36 1568.75,1491.56 1555.31,1499.08C1541.88,1506.6 1523.67,1510.83 1504.68,1510.83C1465.12,1510.83 1433.06,1492.87 1433.06,1470.72C1433.06,1448.57 1465.12,1430.62 1504.68,1430.62C1523.67,1430.62 1541.88,1434.84 1555.31,1442.36C1568.75,1449.89 1576.29,1460.09 1576.29,1470.72Z" style="fill:rgb(255,155,173);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1214.28,1470.72C1214.28,1481.36 1206.73,1491.56 1193.31,1499.08C1179.87,1506.6 1161.66,1510.83 1142.66,1510.83C1103.11,1510.83 1071.05,1492.87 1071.05,1470.72C1071.05,1448.57 1103.11,1430.62 1142.66,1430.62C1161.66,1430.62 1179.87,1434.84 1193.31,1442.36C1206.73,1449.89 1214.28,1460.09 1214.28,1470.72Z" style="fill:rgb(255,155,173);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1104.39,1401.46C1104.39,1375.15 1118.45,1350.79 1141.24,1337.63C1164.03,1324.48 1192.16,1324.48 1214.95,1337.63C1237.74,1350.79 1251.81,1375.15 1251.81,1401.46L1224.41,1401.46C1224.41,1384.9 1215.6,1369.64 1201.25,1361.36C1186.9,1353.07 1169.29,1353.07 1154.94,1361.36C1140.59,1369.64 1131.78,1384.9 1131.78,1401.46L1104.39,1401.46Z" style="fill:rgb(26,26,26);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1395.54,1401.46C1395.54,1375.15 1409.61,1350.79 1432.39,1337.63C1455.18,1324.48 1483.32,1324.48 1506.11,1337.63C1528.89,1350.79 1542.96,1375.15 1542.96,1401.46L1515.56,1401.46C1515.56,1384.9 1506.75,1369.64 1492.41,1361.36C1478.06,1353.07 1460.44,1353.07 1446.09,1361.36C1431.74,1369.64 1422.93,1384.9 1422.93,1401.46L1395.54,1401.46Z" style="fill:rgb(26,26,26);fill-rule:nonzero;"/>
+            </g>
+            <g transform="matrix(1,0,0,1,0,9.81959)">
+                <path d="M1256.81,1448.61C1256.81,1472.48 1269.56,1494.57 1290.24,1506.51C1310.92,1518.45 1336.42,1518.45 1357.1,1506.51C1377.78,1494.57 1390.53,1472.48 1390.53,1448.61L1376.83,1448.61C1376.83,1467.61 1366.71,1485.15 1350.25,1494.65C1333.79,1504.15 1313.55,1504.15 1297.09,1494.65C1280.63,1485.15 1270.51,1467.61 1270.51,1448.61L1256.81,1448.61Z" style="fill:rgb(26,26,26);fill-rule:nonzero;"/>
+            </g>
+        </g>
+    </g>
+</svg>

.mvn/maven.config

@@ -1 +1,3 @@
---batch-mode --errors --strict-checksums
+--batch-mode
+--errors
+--strict-checksums

.renovaterc.json

@@ -1,18 +1,36 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "helpers:pinGitHubActionDigests"
+  ],
+  "customManagers": [
+    {
+      "customType": "regex",
+      "fileMatch": [
+        "^integration-tests/.*(-init\\.patch|\\.sh)$"
+      ],
+      "matchStrings": [
+        "\\b(?<packageName>[a-z0-9_.-]+?:[a-z0-9_.-]+?):(?<currentValue>[^:]+?):[a-zA-Z0-9_-]+\\b",
+        "<version>(?<currentValue>.*?)<!-- Renovate: (?<packageName>.*?) --></version>"
+      ],
+      "datasourceTemplate": "maven"
+    }
+  ],
   "packageRules": [
     {
-      "matchPackagePatterns": [
-        "^org\\.springframework:spring-framework-bom$",
-        "^org\\.springframework\\.boot:spring-boot[a-z-]*$"
+      "matchPackageNames": [
+        "/^org\\.springframework:spring-framework-bom$/",
+        "/^org\\.springframework\\.boot:spring-boot[a-z-]*$/"
       ],
       "separateMinorPatch": true
     },
     {
-      "matchPackagePatterns": [
-        "^ruby\\/setup-ruby$"
+      "matchPackageNames": [
+        "dawidd6/action-download-artifact",
+        "github/codeql-action",
+        "ruby/setup-ruby"
       ],
-      "schedule": "* * 1 * *"
+      "schedule": "every 4 weeks on Monday"
     }
   ],
   "reviewers": [

CONTRIBUTING.md

@@ -48,6 +48,17 @@ be accepted. When in doubt, make sure to first raise an
 
 To the extent possible, the pull request process guards our coding guidelines.
 Some pointers:
+- Try to make sure that the
+  [`./run-full-build.sh`][error-prone-support-full-build] script completes
+  successfully, ideally before opening a pull request. See the [development
+  instructions][error-prone-support-developing] for details on how to
+  efficiently resolve many of the errors and warnings that may be reported. (In
+  particular, make sure to run `mvn fmt:format` and
+  [`./apply-error-prone-suggestions.sh`][error-prone-support-patch].) That
+  said, if you feel that the build fails for invalid or debatable reasons, or
+  if you're unsure how to best resolve an issue, don't let that discourage you
+  from opening a PR with a failing build; we can have a look at the issue
+  together!
 - Checks should be _topical_: ideally they address a single concern.
 - Where possible checks should provide _fixes_, and ideally these are
   completely behavior-preserving. In order for a check to be adopted by users
@@ -66,6 +77,9 @@ Some pointers:
   sneak in unrelated changes; instead just open more than one pull request 😉.
 
 [error-prone-criteria]: https://errorprone.info/docs/criteria
+[error-prone-support-developing]: https://github.com/PicnicSupermarket/error-prone-support/tree/master#-developing-error-prone-support
+[error-prone-support-full-build]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/run-full-build.sh
 [error-prone-support-issues]: https://github.com/PicnicSupermarket/error-prone-support/issues
-[error-prone-support-mutation-tests]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/run-mutation-tests.sh
+[error-prone-support-mutation-tests]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/run-branch-mutation-tests.sh
+[error-prone-support-patch]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/apply-error-prone-suggestions.sh
 [error-prone-support-pulls]: https://github.com/PicnicSupermarket/error-prone-support/pulls

LICENSE.md

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2017-2022 Picnic Technologies BV
+Copyright (c) 2017-2024 Picnic Technologies BV
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -15,13 +15,26 @@ focussing on maintainability, consistency and avoidance of common pitfalls.
 > Error Prone is a static analysis tool for Java that catches common
 > programming mistakes at compile-time.
 
-Read more on how Picnic uses Error Prone (Support) in the blog post [_Picnic
-loves Error Prone: producing high-quality and consistent Java
-code_][picnic-blog-ep-post].
+To learn more about Error Prone (Support), how you can start using Error Prone
+in practice, and how we use it at Picnic, watch the conference talk
+[_Automating away bugs with Error Prone in practice_][conference-talk]. Also
+consider checking out the blog post [_Picnic loves Error Prone: producing
+high-quality and consistent Java code_][picnic-blog-ep-post].
 
 [![Maven Central][maven-central-badge]][maven-central-search]
 [![Reproducible Builds][reproducible-builds-badge]][reproducible-builds-report]
+[![OpenSSF Best Practices][openssf-best-practices-badge]][openssf-best-practices-checklist]
+[![OpenSSF Scorecard][openssf-scorecard-badge]][openssf-scorecard-report]
+[![CodeQL Analysis][codeql-badge]][codeql-master]
 [![GitHub Actions][github-actions-build-badge]][github-actions-build-master]
+[![Mutation tested with PIT][pitest-badge]][pitest]
+[![Quality Gate Status][sonarcloud-quality-badge]][sonarcloud-quality-master]
+[![Maintainability Rating][sonarcloud-maintainability-badge]][sonarcloud-maintainability-master]
+[![Reliability Rating][sonarcloud-reliability-badge]][sonarcloud-reliability-master]
+[![Security Rating][sonarcloud-security-badge]][sonarcloud-security-master]
+[![Coverage][sonarcloud-coverage-badge]][sonarcloud-coverage-master]
+[![Duplicated Lines (%)][sonarcloud-duplication-badge]][sonarcloud-duplication-master]
+[![Technical Debt][sonarcloud-technical-debt-badge]][sonarcloud-technical-debt-master]
 [![License][license-badge]][license]
 [![PRs Welcome][pr-badge]][contributing]
 
@@ -36,7 +49,11 @@ code_][picnic-blog-ep-post].
 ### Installation
 
 This library is built on top of [Error Prone][error-prone-orig-repo]. To use
-it:
+it, read the installation guide for Maven or Gradle below. The library requires
+that your build is executed using JDK 17 or above, but supports builds that
+[target][baeldung-java-source-target-options] older versions of Java.
+
+#### Maven
 
 1. First, follow Error Prone's [installation
    guide][error-prone-installation-guide].
@@ -50,6 +67,8 @@ it:
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-compiler-plugin</artifactId>
+                   <!-- Prefer using the latest release. -->
+                   <version>3.12.0</version>
                    <configuration>
                        <annotationProcessorPaths>
                            <!-- Error Prone itself. -->
@@ -79,8 +98,6 @@ it:
                            </arg>
                            <arg>-XDcompilePolicy=simple</arg>
                        </compilerArgs>
-                       <!-- Some checks raise warnings rather than errors. -->
-                       <showWarnings>true</showWarnings>
                        <!-- Enable this if you'd like to fail your build upon warnings. -->
                        <!-- <failOnWarning>true</failOnWarning> -->
                    </configuration>
@@ -94,6 +111,32 @@ it:
 Prone Support. Alternatively reference this project's `self-check` profile
 definition. -->
 
+#### Gradle
+
+1. First, follow the [installation
+   guide][error-prone-gradle-installation-guide] of the
+   `gradle-errorprone-plugin`.
+2. Next, edit your `build.gradle` file to add one or more Error Prone Support
+   modules:
+
+   ```groovy
+   dependencies {
+       // Error Prone itself.
+       errorprone("com.google.errorprone:error_prone_core:${errorProneVersion}")
+       // Error Prone Support's additional bug checkers.
+       errorprone("tech.picnic.error-prone-support:error-prone-contrib:${errorProneSupportVersion}")
+       // Error Prone Support's Refaster rules.
+       errorprone("tech.picnic.error-prone-support:refaster-runner:${errorProneSupportVersion}")
+   }
+
+   tasks.withType(JavaCompile).configureEach {
+       options.errorprone.disableWarningsInGeneratedCode = true
+       // Add other Error Prone flags here. See:
+       // - https://github.com/tbroyer/gradle-errorprone-plugin#configuration
+       // - https://errorprone.info/docs/flags
+   }
+   ```
+
 ### Seeing it in action
 
 Consider the following example code:
@@ -144,8 +187,15 @@ rules][refaster-rules].
 ## 👷 Developing Error Prone Support
 
 This is a [Maven][maven] project, so running `mvn clean install` performs a
-full clean build and installs the library to your local Maven repository. Some
-relevant flags:
+full clean build and installs the library to your local Maven repository.
+
+Once you've made changes, the build may fail due to a warning or error emitted
+by static code analysis. The flags and commands listed below allow you to
+suppress or (in a large subset of cases) automatically fix such cases. Make
+sure to carefully check the available options, as this can save you significant
+amounts of development time!
+
+Relevant Maven build parameters:
 
 - `-Dverification.warn` makes the warnings and errors emitted by various
   plugins and the Java compiler non-fatal, where possible.
@@ -155,29 +205,40 @@ relevant flags:
   version of Error Prone. This is useful e.g. when testing a locally built
   Error Prone SNAPSHOT.
 - `-Perror-prone-fork` runs the build using Picnic's [Error Prone
-  fork][error-prone-fork-repo], hosted on [Jitpack][error-prone-fork-jitpack].
-  This fork generally contains a few changes on top of the latest Error Prone
-  release.
+  fork][error-prone-fork-repo], hosted using [GitHub
+  Packages][error-prone-fork-packages]. This fork generally contains a few
+  changes on top of the latest Error Prone release. Using this profile
+  generally requires passing `-s settings.xml`, with [suitably
+  configured][github-packages-auth] `GITHUB_ACTOR` and `GITHUB_TOKEN`
+  environment variables.
 - `-Pself-check` runs the checks defined by this project against itself.
-  Pending a release of [google/error-prone#3301][error-prone-pull-3301], this
-  flag must currently be used in combination with `-Perror-prone-fork`.
 
-Some other commands one may find relevant:
+Other highly relevant commands:
 
 - `mvn fmt:format` formats the code using
   [`google-java-format`][google-java-format].
-- `./run-mutation-tests.sh` runs mutation tests using [Pitest][pitest]. The
-  results can be reviewed by opening the respective
-  `target/pit-reports/index.html` files. For more information check the [PIT
-  Maven plugin][pitest-maven].
-- `./apply-error-prone-suggestions.sh` applies Error Prone and Error Prone
-  Support code suggestions to this project. Before running this command, make
-  sure to have installed the project (`mvn clean install`) and make sure that
-  the current working directory does not contain unstaged or uncommited
-  changes.
+- [`./run-full-build.sh`][script-run-full-build] builds the project twice,
+  where the second pass validates compatibility with Picnic's [Error Prone
+  fork][error-prone-fork-repo] and compliance of the code with any rules
+  defined within this project. (Consider running this before [opening a pull
+  request][contributing-pull-request], as the PR checks also perform this
+  validation.)
+- [`./apply-error-prone-suggestions.sh`][script-apply-error-prone-suggestions]
+  applies Error Prone and Error Prone Support code suggestions to this project.
+  Before running this command, make sure to have installed the project (`mvn
+  clean install`) and make sure that the current working directory does not
+  contain unstaged or uncommited changes.
+- [`./run-branch-mutation-tests.sh`][script-run-branch-mutation-tests] uses
+  [Pitest][pitest] to run mutation tests against code that is modified relative
+  to the upstream default branch. The results can be reviewed by opening the
+  respective `target/pit-reports/index.html` files. One can use
+  [`./run-mutation-tests.sh`][script-run-mutation-tests] to run mutation tests
+  against _all_ code in the current working directory. For more information
+  check the [PIT Maven plugin][pitest-maven].
 
-When running the project's tests in IntelliJ IDEA, you might see the following
-error:
+Opening the project in IntelliJ IDEA may require running `mvn clean install`
+first. Additionally, when running the project's tests using the IDE, you might
+see the following error:
 
 ```
 java: exporting a package from system module jdk.compiler is not allowed with --release
@@ -201,17 +262,28 @@ Want to report or fix a bug, suggest or add a new feature, or improve the
 documentation? That's awesome! Please read our [contribution
 guidelines][contributing].
 
+### Security
+
+If you want to report a security vulnerability, please do so through a private
+channel; please see our [security policy][security] for details.
+
+[baeldung-java-source-target-options]: https://www.baeldung.com/java-source-target-options
 [bug-checks]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/
 [bug-checks-identity-conversion]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/IdentityConversion.java
+[codeql-badge]: https://github.com/PicnicSupermarket/error-prone-support/actions/workflows/codeql.yml/badge.svg?branch=master&event=push
+[codeql-master]: https://github.com/PicnicSupermarket/error-prone-support/actions/workflows/codeql.yml?query=branch:master+event:push
+[conference-talk]: https://www.youtube.com/watch?v=-47WD-3wKBs
 [contributing]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/CONTRIBUTING.md
+[contributing-pull-request]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/CONTRIBUTING.md#-opening-a-pull-request
 [error-prone-bugchecker]: https://github.com/google/error-prone/blob/master/check_api/src/main/java/com/google/errorprone/bugpatterns/BugChecker.java
-[error-prone-fork-jitpack]: https://jitpack.io/#PicnicSupermarket/error-prone
+[error-prone-fork-packages]: https://github.com/PicnicSupermarket/error-prone/packages
 [error-prone-fork-repo]: https://github.com/PicnicSupermarket/error-prone
+[error-prone-gradle-installation-guide]: https://github.com/tbroyer/gradle-errorprone-plugin
 [error-prone-installation-guide]: https://errorprone.info/docs/installation#maven
 [error-prone-orig-repo]: https://github.com/google/error-prone
-[error-prone-pull-3301]: https://github.com/google/error-prone/pull/3301
-[github-actions-build-badge]: https://github.com/PicnicSupermarket/error-prone-support/actions/workflows/build.yaml/badge.svg
-[github-actions-build-master]: https://github.com/PicnicSupermarket/error-prone-support/actions/workflows/build.yaml?query=branch%3Amaster
+[github-actions-build-badge]: https://github.com/PicnicSupermarket/error-prone-support/actions/workflows/build.yml/badge.svg
+[github-actions-build-master]: https://github.com/PicnicSupermarket/error-prone-support/actions/workflows/build.yml?query=branch:master&event=push
+[github-packages-auth]: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry#authenticating-to-github-packages
 [google-java-format]: https://github.com/google/google-java-format
 [idea-288052]: https://youtrack.jetbrains.com/issue/IDEA-288052
 [license-badge]: https://img.shields.io/github/license/PicnicSupermarket/error-prone-support
@@ -219,13 +291,37 @@ guidelines][contributing].
 [maven-central-badge]: https://img.shields.io/maven-central/v/tech.picnic.error-prone-support/error-prone-support?color=blue
 [maven-central-search]: https://search.maven.org/artifact/tech.picnic.error-prone-support/error-prone-support
 [maven]: https://maven.apache.org
-[picnic-blog]: https://blog.picnic.nl
+[openssf-best-practices-badge]: https://bestpractices.coreinfrastructure.org/projects/7199/badge
+[openssf-best-practices-checklist]: https://bestpractices.coreinfrastructure.org/projects/7199
+[openssf-scorecard-badge]: https://img.shields.io/ossf-scorecard/github.com/PicnicSupermarket/error-prone-support?label=openssf%20scorecard
+[openssf-scorecard-report]: https://securityscorecards.dev/viewer/?uri=github.com/PicnicSupermarket/error-prone-support
 [picnic-blog-ep-post]: https://blog.picnic.nl/picnic-loves-error-prone-producing-high-quality-and-consistent-java-code-b8a566be6886
+[picnic-blog]: https://blog.picnic.nl
+[pitest-badge]: https://img.shields.io/badge/-Mutation%20tested%20with%20PIT-blue.svg
 [pitest]: https://pitest.org
 [pitest-maven]: https://pitest.org/quickstart/maven
 [pr-badge]: https://img.shields.io/badge/PRs-welcome-brightgreen.svg
 [refaster]: https://errorprone.info/docs/refaster
 [refaster-rules-bigdecimal]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/error-prone-contrib/src/main/java/tech/picnic/errorprone/refasterrules/BigDecimalRules.java
 [refaster-rules]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/error-prone-contrib/src/main/java/tech/picnic/errorprone/refasterrules/
-[reproducible-builds-badge]: https://img.shields.io/badge/Reproducible_Builds-ok-success?labelColor=1e5b96
+[reproducible-builds-badge]: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/jvm-repo-rebuild/reproducible-central/master/content/tech/picnic/error-prone-support/error-prone-support/badge.json
 [reproducible-builds-report]: https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/tech/picnic/error-prone-support/error-prone-support/README.md
+[script-apply-error-prone-suggestions]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/apply-error-prone-suggestions.sh
+[script-run-branch-mutation-tests]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/run-branch-mutation-tests.sh
+[script-run-full-build]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/run-full-build.sh
+[script-run-mutation-tests]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/run-mutation-tests.sh
+[security]: https://github.com/PicnicSupermarket/error-prone-support/blob/master/SECURITY.md
+[sonarcloud-coverage-badge]: https://sonarcloud.io/api/project_badges/measure?project=PicnicSupermarket_error-prone-support&metric=coverage
+[sonarcloud-coverage-master]: https://sonarcloud.io/component_measures?id=PicnicSupermarket_error-prone-support&metric=coverage
+[sonarcloud-duplication-badge]: https://sonarcloud.io/api/project_badges/measure?project=PicnicSupermarket_error-prone-support&metric=duplicated_lines_density
+[sonarcloud-duplication-master]: https://sonarcloud.io/component_measures?id=PicnicSupermarket_error-prone-support&metric=duplicated_lines_density
+[sonarcloud-maintainability-badge]: https://sonarcloud.io/api/project_badges/measure?project=PicnicSupermarket_error-prone-support&metric=sqale_rating
+[sonarcloud-maintainability-master]: https://sonarcloud.io/component_measures?id=PicnicSupermarket_error-prone-support&metric=sqale_rating
+[sonarcloud-quality-badge]: https://sonarcloud.io/api/project_badges/measure?project=PicnicSupermarket_error-prone-support&metric=alert_status
+[sonarcloud-quality-master]: https://sonarcloud.io/summary/new_code?id=PicnicSupermarket_error-prone-support
+[sonarcloud-reliability-badge]: https://sonarcloud.io/api/project_badges/measure?project=PicnicSupermarket_error-prone-support&metric=reliability_rating
+[sonarcloud-reliability-master]: https://sonarcloud.io/component_measures?id=PicnicSupermarket_error-prone-support&metric=reliability_rating
+[sonarcloud-security-badge]: https://sonarcloud.io/api/project_badges/measure?project=PicnicSupermarket_error-prone-support&metric=security_rating
+[sonarcloud-security-master]: https://sonarcloud.io/component_measures?id=PicnicSupermarket_error-prone-support&metric=security_rating
+[sonarcloud-technical-debt-badge]: https://sonarcloud.io/api/project_badges/measure?project=PicnicSupermarket_error-prone-support&metric=sqale_index
+[sonarcloud-technical-debt-master]: https://sonarcloud.io/component_measures?id=PicnicSupermarket_error-prone-support&metric=sqale_index

SECURITY.md

@@ -0,0 +1,23 @@
+# Security policy
+
+We take security seriously. We are mindful of Error Prone Support's place in
+the software supply chain, and the risks and responsibilities that come with
+this.
+
+## Supported versions
+
+This project uses [semantic versioning][semantic-versioning]. In general, only
+the latest version of this software is supported. That said, if users have a
+compelling reason to ask for patch release of an older major release, then we
+will seriously consider such a request. We do urge users to stay up-to-date and
+use the latest release where feasible.
+
+## Reporting a vulnerability
+
+To report a vulnerability, please visit the [security
+advisories][security-advisories] page and click _Report a vulnerability_. We
+will take such reports seriously and work with you to resolve the issue in a
+timely manner.
+
+[security-advisories]: https://github.com/PicnicSupermarket/error-prone-support/security/advisories
+[semantic-versioning]: https://semver.org

apply-error-prone-suggestions.sh

@@ -9,13 +9,14 @@
 set -e -u -o pipefail
 
 if [ "${#}" -gt 1 ]; then
-  echo "Usage: ./$(basename "${0}") [PatchChecks]"
+  echo "Usage: ${0} [PatchChecks]"
   exit 1
 fi
 
 patchChecks=${1:-}
 
 mvn clean test-compile fmt:format \
+  -s "$(dirname "${0}")/settings.xml" \
   -T 1.0C \
   -Perror-prone \
   -Perror-prone-fork \

arcmutate-licence.txt

@@ -0,0 +1,7 @@
+# Arcmutate license for Error Prone Support, requested by sending an email to
+# support@arcmutate.com.
+expires=27/10/2025
+keyVersion=1
+signature=aQLVt0J//7nXDAlJuBe9ru7Dq6oApcLh17rxsgHoJqBkUCd2zvrtRxkcPm5PmF1I8gBDT9PHb+kTf6Kcfz+D1fT0wRrZv38ip56521AQPD6zjRSqak9O2Gisjo+QTPMD7oS009aSWKzQ1SMdtuZ+KIRvw4Gl+frtYzexqnGWEUQ\=
+packages=tech.picnic.errorprone.*
+type=OSSS

cdg-pitest-licence.txt

@@ -1,7 +0,0 @@
-# Arcmutate license for Error Prone Support, requested by sending an email to
-# support@arcmutate.com.
-expires=07/11/2023
-keyVersion=1
-signature=MhZxMbnO6UovNfllM0JuVWkZyvRT3/G5o/uT0Mm36c7200VpZNVu03gTAGivnl9W5RzvZhfpIHccuQ5ctjQkrqhsFSrl4fyqPqu3y5V2fsHIdFXP/G72EGj6Kay9ndLpaEHalqE0bEwxdnHMzEYq5y3O9vUPv8MhUl57xk+rvBo\=
-packages=tech.picnic.errorprone.*
-type=OSSS

documentation-support/pom.xml

@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>tech.picnic.error-prone-support</groupId>
+        <artifactId>error-prone-support</artifactId>
+        <version>0.22.1-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>documentation-support</artifactId>
+
+    <name>Picnic :: Error Prone Support :: Documentation Support</name>
+    <description>Data extraction support for the purpose of documentation generation.</description>
+    <url>https://error-prone.picnic.tech</url>
+
+    <dependencies>
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>error-prone-utils</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>refaster-test-support</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-annotations</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-guava</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.module</groupId>
+            <artifactId>jackson-module-parameter-names</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.google.auto</groupId>
+            <artifactId>auto-common</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.google.auto.service</groupId>
+            <artifactId>auto-service-annotations</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.google.auto.value</groupId>
+            <artifactId>auto-value-annotations</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.google.errorprone</groupId>
+            <artifactId>error_prone_annotation</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.google.errorprone</groupId>
+            <artifactId>error_prone_annotations</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.google.errorprone</groupId>
+            <artifactId>error_prone_check_api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.google.errorprone</groupId>
+            <artifactId>error_prone_test_helpers</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.assertj</groupId>
+            <artifactId>assertj-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.jspecify</groupId>
+            <artifactId>jspecify</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <!-- XXX: Explicitly declared as a workaround for
+        https://github.com/pitest/pitest-junit5-plugin/issues/105. -->
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-engine</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-params</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>

documentation-support/src/main/java/tech/picnic/errorprone/documentation/BugPatternExtractor.java

@@ -0,0 +1,147 @@
+package tech.picnic.errorprone.documentation;
+
+import static com.google.common.base.Verify.verify;
+import static com.google.common.collect.ImmutableList.toImmutableList;
+import static java.util.Objects.requireNonNull;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.google.auto.common.AnnotationMirrors;
+import com.google.auto.service.AutoService;
+import com.google.auto.value.AutoValue;
+import com.google.common.collect.ImmutableList;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.BugPattern.SeverityLevel;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.annotations.Immutable;
+import com.google.errorprone.util.ASTHelpers;
+import com.sun.source.tree.AnnotationTree;
+import com.sun.source.tree.ClassTree;
+import com.sun.tools.javac.code.Attribute;
+import com.sun.tools.javac.code.Symbol.ClassSymbol;
+import java.net.URI;
+import java.util.Optional;
+import javax.lang.model.element.AnnotationValue;
+import tech.picnic.errorprone.documentation.BugPatternExtractor.BugPatternDocumentation;
+
+/**
+ * An {@link Extractor} that describes how to extract data from a {@code @BugPattern} annotation.
+ */
+@Immutable
+@AutoService(Extractor.class)
+@SuppressWarnings("rawtypes" /* See https://github.com/google/auto/issues/870. */)
+public final class BugPatternExtractor implements Extractor<BugPatternDocumentation> {
+  /** Instantiates a new {@link BugPatternExtractor} instance. */
+  public BugPatternExtractor() {}
+
+  @Override
+  public String identifier() {
+    return "bugpattern";
+  }
+
+  @Override
+  public Optional<BugPatternDocumentation> tryExtract(ClassTree tree, VisitorState state) {
+    ClassSymbol symbol = ASTHelpers.getSymbol(tree);
+    BugPattern annotation = symbol.getAnnotation(BugPattern.class);
+    if (annotation == null) {
+      return Optional.empty();
+    }
+
+    return Optional.of(
+        BugPatternDocumentation.create(
+            state.getPath().getCompilationUnit().getSourceFile().toUri(),
+            symbol.getQualifiedName().toString(),
+            annotation.name().isEmpty() ? tree.getSimpleName().toString() : annotation.name(),
+            ImmutableList.copyOf(annotation.altNames()),
+            annotation.link(),
+            ImmutableList.copyOf(annotation.tags()),
+            annotation.summary(),
+            annotation.explanation(),
+            annotation.severity(),
+            annotation.disableable(),
+            annotation.documentSuppression()
+                ? getSuppressionAnnotations(tree)
+                : ImmutableList.of()));
+  }
+
+  /**
+   * Returns the fully-qualified class names of suppression annotations specified by the {@link
+   * BugPattern} annotation located on the given tree.
+   *
+   * @implNote This method cannot simply invoke {@link BugPattern#suppressionAnnotations()}, as that
+   *     will yield an "Attempt to access Class objects for TypeMirrors" exception.
+   */
+  private static ImmutableList<String> getSuppressionAnnotations(ClassTree tree) {
+    AnnotationTree annotationTree =
+        ASTHelpers.getAnnotationWithSimpleName(
+            ASTHelpers.getAnnotations(tree), BugPattern.class.getSimpleName());
+    requireNonNull(annotationTree, "BugPattern annotation must be present");
+
+    Attribute.Array types =
+        doCast(
+            AnnotationMirrors.getAnnotationValue(
+                ASTHelpers.getAnnotationMirror(annotationTree), "suppressionAnnotations"),
+            Attribute.Array.class);
+
+    return types.getValue().stream()
+        .map(v -> doCast(v, Attribute.Class.class).classType.toString())
+        .collect(toImmutableList());
+  }
+
+  @SuppressWarnings("unchecked")
+  private static <T extends AnnotationValue> T doCast(AnnotationValue value, Class<T> target) {
+    verify(target.isInstance(value), "Value '%s' is not of type '%s'", value, target);
+    return (T) value;
+  }
+
+  @AutoValue
+  @JsonDeserialize(as = AutoValue_BugPatternExtractor_BugPatternDocumentation.class)
+  abstract static class BugPatternDocumentation {
+    static BugPatternDocumentation create(
+        URI source,
+        String fullyQualifiedName,
+        String name,
+        ImmutableList<String> altNames,
+        String link,
+        ImmutableList<String> tags,
+        String summary,
+        String explanation,
+        SeverityLevel severityLevel,
+        boolean canDisable,
+        ImmutableList<String> suppressionAnnotations) {
+      return new AutoValue_BugPatternExtractor_BugPatternDocumentation(
+          source,
+          fullyQualifiedName,
+          name,
+          altNames,
+          link,
+          tags,
+          summary,
+          explanation,
+          severityLevel,
+          canDisable,
+          suppressionAnnotations);
+    }
+
+    abstract URI source();
+
+    abstract String fullyQualifiedName();
+
+    abstract String name();
+
+    abstract ImmutableList<String> altNames();
+
+    abstract String link();
+
+    abstract ImmutableList<String> tags();
+
+    abstract String summary();
+
+    abstract String explanation();
+
+    abstract SeverityLevel severityLevel();
+
+    abstract boolean canDisable();
+
+    abstract ImmutableList<String> suppressionAnnotations();
+  }
+}

documentation-support/src/main/java/tech/picnic/errorprone/documentation/BugPatternTestExtractor.java

@@ -0,0 +1,291 @@
+package tech.picnic.errorprone.documentation;
+
+import static com.google.errorprone.matchers.Matchers.instanceMethod;
+import static com.google.errorprone.matchers.method.MethodMatchers.staticMethod;
+import static java.util.Objects.requireNonNull;
+import static java.util.function.Predicate.not;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+import com.fasterxml.jackson.annotation.JsonSubTypes;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import com.fasterxml.jackson.annotation.JsonTypeInfo.As;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.google.auto.service.AutoService;
+import com.google.auto.value.AutoValue;
+import com.google.common.collect.ImmutableList;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.annotations.Immutable;
+import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.util.ASTHelpers;
+import com.sun.source.tree.ClassTree;
+import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.MethodInvocationTree;
+import com.sun.source.util.TreeScanner;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+import org.jspecify.annotations.Nullable;
+import tech.picnic.errorprone.documentation.BugPatternTestExtractor.BugPatternTestCases;
+
+/**
+ * An {@link Extractor} that describes how to extract data from classes that test a {@code
+ * BugChecker}.
+ */
+// XXX: Handle other methods from `{BugCheckerRefactoring,Compilation}TestHelper`:
+// - Indicate which custom arguments are specified, if any.
+// - For replacement tests, indicate which `FixChooser` is used.
+// - ... (We don't use all optional features; TBD what else to support.)
+@Immutable
+@AutoService(Extractor.class)
+@SuppressWarnings("rawtypes" /* See https://github.com/google/auto/issues/870. */)
+public final class BugPatternTestExtractor implements Extractor<BugPatternTestCases> {
+  /** Instantiates a new {@link BugPatternTestExtractor} instance. */
+  public BugPatternTestExtractor() {}
+
+  @Override
+  public String identifier() {
+    return "bugpattern-test";
+  }
+
+  @Override
+  public Optional<BugPatternTestCases> tryExtract(ClassTree tree, VisitorState state) {
+    BugPatternTestCollector collector = new BugPatternTestCollector();
+
+    collector.scan(tree, state);
+
+    return Optional.of(collector.getCollectedTests())
+        .filter(not(ImmutableList::isEmpty))
+        .map(
+            tests ->
+                new AutoValue_BugPatternTestExtractor_BugPatternTestCases(
+                    state.getPath().getCompilationUnit().getSourceFile().toUri(),
+                    ASTHelpers.getSymbol(tree).className(),
+                    tests));
+  }
+
+  private static final class BugPatternTestCollector
+      extends TreeScanner<@Nullable Void, VisitorState> {
+    private static final Matcher<ExpressionTree> COMPILATION_HELPER_DO_TEST =
+        instanceMethod()
+            .onDescendantOf("com.google.errorprone.CompilationTestHelper")
+            .named("doTest");
+    private static final Matcher<ExpressionTree> TEST_HELPER_NEW_INSTANCE =
+        staticMethod()
+            .onDescendantOfAny(
+                "com.google.errorprone.CompilationTestHelper",
+                "com.google.errorprone.BugCheckerRefactoringTestHelper")
+            .named("newInstance")
+            .withParameters(Class.class.getCanonicalName(), Class.class.getCanonicalName());
+    private static final Matcher<ExpressionTree> IDENTIFICATION_SOURCE_LINES =
+        instanceMethod()
+            .onDescendantOf("com.google.errorprone.CompilationTestHelper")
+            .named("addSourceLines");
+    private static final Matcher<ExpressionTree> REPLACEMENT_DO_TEST =
+        instanceMethod()
+            .onDescendantOf("com.google.errorprone.BugCheckerRefactoringTestHelper")
+            .named("doTest");
+    private static final Matcher<ExpressionTree> REPLACEMENT_EXPECT_UNCHANGED =
+        instanceMethod()
+            .onDescendantOf("com.google.errorprone.BugCheckerRefactoringTestHelper.ExpectOutput")
+            .named("expectUnchanged");
+    private static final Matcher<ExpressionTree> REPLACEMENT_OUTPUT_SOURCE_LINES =
+        instanceMethod()
+            .onDescendantOf("com.google.errorprone.BugCheckerRefactoringTestHelper.ExpectOutput")
+            .namedAnyOf("addOutputLines", "expectUnchanged");
+
+    private final List<BugPatternTestCase> collectedBugPatternTestCases = new ArrayList<>();
+
+    private ImmutableList<BugPatternTestCase> getCollectedTests() {
+      return ImmutableList.copyOf(collectedBugPatternTestCases);
+    }
+
+    @Override
+    public @Nullable Void visitMethodInvocation(MethodInvocationTree node, VisitorState state) {
+      boolean isReplacementTest = REPLACEMENT_DO_TEST.matches(node, state);
+      if (isReplacementTest || COMPILATION_HELPER_DO_TEST.matches(node, state)) {
+        getClassUnderTest(node, state)
+            .ifPresent(
+                classUnderTest -> {
+                  List<TestEntry> entries = new ArrayList<>();
+                  if (isReplacementTest) {
+                    extractReplacementBugPatternTestCases(node, entries, state);
+                  } else {
+                    extractIdentificationBugPatternTestCases(node, entries, state);
+                  }
+
+                  if (!entries.isEmpty()) {
+                    collectedBugPatternTestCases.add(
+                        new AutoValue_BugPatternTestExtractor_BugPatternTestCase(
+                            classUnderTest, ImmutableList.copyOf(entries).reverse()));
+                  }
+                });
+      }
+
+      return super.visitMethodInvocation(node, state);
+    }
+
+    private static Optional<String> getClassUnderTest(
+        MethodInvocationTree tree, VisitorState state) {
+      if (TEST_HELPER_NEW_INSTANCE.matches(tree, state)) {
+        return Optional.ofNullable(ASTHelpers.getSymbol(tree.getArguments().get(0)))
+            .filter(s -> !s.type.allparams().isEmpty())
+            .map(s -> s.type.allparams().get(0).tsym.getQualifiedName().toString());
+      }
+
+      ExpressionTree receiver = ASTHelpers.getReceiver(tree);
+      return receiver instanceof MethodInvocationTree methodInvocation
+          ? getClassUnderTest(methodInvocation, state)
+          : Optional.empty();
+    }
+
+    private static void extractIdentificationBugPatternTestCases(
+        MethodInvocationTree tree, List<TestEntry> sink, VisitorState state) {
+      if (IDENTIFICATION_SOURCE_LINES.matches(tree, state)) {
+        String path = ASTHelpers.constValue(tree.getArguments().get(0), String.class);
+        Optional<String> sourceCode =
+            getSourceCode(tree).filter(s -> s.contains("// BUG: Diagnostic"));
+        if (path != null && sourceCode.isPresent()) {
+          sink.add(
+              new AutoValue_BugPatternTestExtractor_IdentificationTestEntry(
+                  path, sourceCode.orElseThrow()));
+        }
+      }
+
+      ExpressionTree receiver = ASTHelpers.getReceiver(tree);
+      if (receiver instanceof MethodInvocationTree methodInvocation) {
+        extractIdentificationBugPatternTestCases(methodInvocation, sink, state);
+      }
+    }
+
+    private static void extractReplacementBugPatternTestCases(
+        MethodInvocationTree tree, List<TestEntry> sink, VisitorState state) {
+      if (REPLACEMENT_OUTPUT_SOURCE_LINES.matches(tree, state)) {
+        /*
+         * Retrieve the method invocation that contains the input source code. Note that this cast
+         * is safe, because this code is guarded by an earlier call to `#getClassUnderTest(..)`,
+         * which ensures that `tree` is part of a longer method invocation chain.
+         */
+        MethodInvocationTree inputTree =
+            (MethodInvocationTree)
+                requireNonNull(
+                    ASTHelpers.getReceiver(tree), "Instance method invocation must have receiver");
+
+        String path = ASTHelpers.constValue(inputTree.getArguments().get(0), String.class);
+        Optional<String> inputCode = getSourceCode(inputTree);
+        if (path != null && inputCode.isPresent()) {
+          Optional<String> outputCode =
+              REPLACEMENT_EXPECT_UNCHANGED.matches(tree, state) ? inputCode : getSourceCode(tree);
+
+          if (outputCode.isPresent() && !inputCode.equals(outputCode)) {
+            sink.add(
+                new AutoValue_BugPatternTestExtractor_ReplacementTestEntry(
+                    path, inputCode.orElseThrow(), outputCode.orElseThrow()));
+          }
+        }
+      }
+
+      ExpressionTree receiver = ASTHelpers.getReceiver(tree);
+      if (receiver instanceof MethodInvocationTree methodInvocation) {
+        extractReplacementBugPatternTestCases(methodInvocation, sink, state);
+      }
+    }
+
+    // XXX: This logic is duplicated in `ErrorProneTestSourceFormat`. Can we do better?
+    private static Optional<String> getSourceCode(MethodInvocationTree tree) {
+      List<? extends ExpressionTree> sourceLines =
+          tree.getArguments().subList(1, tree.getArguments().size());
+      StringBuilder source = new StringBuilder();
+
+      for (ExpressionTree sourceLine : sourceLines) {
+        String value = ASTHelpers.constValue(sourceLine, String.class);
+        if (value == null) {
+          return Optional.empty();
+        }
+        source.append(value).append('\n');
+      }
+
+      return Optional.of(source.toString());
+    }
+  }
+
+  @AutoValue
+  @JsonDeserialize(as = AutoValue_BugPatternTestExtractor_BugPatternTestCases.class)
+  abstract static class BugPatternTestCases {
+    static BugPatternTestCases create(
+        URI source, String testClass, ImmutableList<BugPatternTestCase> testCases) {
+      return new AutoValue_BugPatternTestExtractor_BugPatternTestCases(
+          source, testClass, testCases);
+    }
+
+    abstract URI source();
+
+    abstract String testClass();
+
+    abstract ImmutableList<BugPatternTestCase> testCases();
+  }
+
+  @AutoValue
+  @JsonDeserialize(as = AutoValue_BugPatternTestExtractor_BugPatternTestCase.class)
+  abstract static class BugPatternTestCase {
+    static BugPatternTestCase create(String classUnderTest, ImmutableList<TestEntry> entries) {
+      return new AutoValue_BugPatternTestExtractor_BugPatternTestCase(classUnderTest, entries);
+    }
+
+    abstract String classUnderTest();
+
+    abstract ImmutableList<TestEntry> entries();
+  }
+
+  @JsonSubTypes({
+    @JsonSubTypes.Type(AutoValue_BugPatternTestExtractor_IdentificationTestEntry.class),
+    @JsonSubTypes.Type(AutoValue_BugPatternTestExtractor_ReplacementTestEntry.class)
+  })
+  @JsonTypeInfo(include = As.EXISTING_PROPERTY, property = "type", use = JsonTypeInfo.Id.DEDUCTION)
+  @JsonIgnoreProperties(ignoreUnknown = true)
+  @JsonPropertyOrder("type")
+  interface TestEntry {
+    TestType type();
+
+    String path();
+
+    enum TestType {
+      IDENTIFICATION,
+      REPLACEMENT
+    }
+  }
+
+  @AutoValue
+  abstract static class IdentificationTestEntry implements TestEntry {
+    static IdentificationTestEntry create(String path, String code) {
+      return new AutoValue_BugPatternTestExtractor_IdentificationTestEntry(path, code);
+    }
+
+    @JsonProperty
+    @Override
+    public final TestType type() {
+      return TestType.IDENTIFICATION;
+    }
+
+    abstract String code();
+  }
+
+  @AutoValue
+  abstract static class ReplacementTestEntry implements TestEntry {
+    static ReplacementTestEntry create(String path, String input, String output) {
+      return new AutoValue_BugPatternTestExtractor_ReplacementTestEntry(path, input, output);
+    }
+
+    @JsonProperty
+    @Override
+    public final TestType type() {
+      return TestType.REPLACEMENT;
+    }
+
+    abstract String input();
+
+    abstract String output();
+  }
+}

documentation-support/src/main/java/tech/picnic/errorprone/documentation/DocumentationGenerator.java

@@ -0,0 +1,56 @@
+package tech.picnic.errorprone.documentation;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+import com.google.auto.service.AutoService;
+import com.google.common.annotations.VisibleForTesting;
+import com.sun.source.util.JavacTask;
+import com.sun.source.util.Plugin;
+import com.sun.tools.javac.api.BasicJavacTask;
+import java.nio.file.InvalidPathException;
+import java.nio.file.Path;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * A compiler {@link Plugin} that analyzes and extracts relevant information for documentation
+ * purposes from processed files.
+ */
+// XXX: Find a better name for this class; it doesn't generate documentation per se.
+@AutoService(Plugin.class)
+public final class DocumentationGenerator implements Plugin {
+  @VisibleForTesting static final String OUTPUT_DIRECTORY_FLAG = "-XoutputDirectory";
+  private static final Pattern OUTPUT_DIRECTORY_FLAG_PATTERN =
+      Pattern.compile(Pattern.quote(OUTPUT_DIRECTORY_FLAG) + "=(.*)");
+
+  /** Instantiates a new {@link DocumentationGenerator} instance. */
+  public DocumentationGenerator() {}
+
+  @Override
+  public String getName() {
+    return getClass().getSimpleName();
+  }
+
+  @Override
+  public void init(JavacTask javacTask, String... args) {
+    checkArgument(args.length == 1, "Precisely one path must be provided");
+
+    javacTask.addTaskListener(
+        new DocumentationGeneratorTaskListener(
+            ((BasicJavacTask) javacTask).getContext(), getOutputPath(args[0])));
+  }
+
+  @VisibleForTesting
+  static Path getOutputPath(String pathArg) {
+    Matcher matcher = OUTPUT_DIRECTORY_FLAG_PATTERN.matcher(pathArg);
+    checkArgument(
+        matcher.matches(), "'%s' must be of the form '%s=<value>'", pathArg, OUTPUT_DIRECTORY_FLAG);
+
+    String path = matcher.group(1);
+    try {
+      return Path.of(path);
+    } catch (InvalidPathException e) {
+      throw new IllegalArgumentException(String.format("Invalid path '%s'", path), e);
+    }
+  }
+}

documentation-support/src/main/java/tech/picnic/errorprone/documentation/DocumentationGeneratorTaskListener.java

@@ -0,0 +1,91 @@
+package tech.picnic.errorprone.documentation;
+
+import com.google.common.collect.ImmutableList;
+import com.google.errorprone.VisitorState;
+import com.sun.source.tree.ClassTree;
+import com.sun.source.tree.CompilationUnitTree;
+import com.sun.source.util.TaskEvent;
+import com.sun.source.util.TaskEvent.Kind;
+import com.sun.source.util.TaskListener;
+import com.sun.source.util.TreePath;
+import com.sun.tools.javac.api.JavacTrees;
+import com.sun.tools.javac.util.Context;
+import java.io.IOException;
+import java.net.URI;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.ServiceLoader;
+import javax.tools.JavaFileObject;
+
+/**
+ * A {@link TaskListener} that identifies and extracts relevant content for documentation generation
+ * and writes it to disk.
+ */
+// XXX: Find a better name for this class; it doesn't generate documentation per se.
+final class DocumentationGeneratorTaskListener implements TaskListener {
+  @SuppressWarnings({"rawtypes", "unchecked"})
+  private static final ImmutableList<Extractor<?>> EXTRACTORS =
+      (ImmutableList)
+          ImmutableList.copyOf(
+              ServiceLoader.load(
+                  Extractor.class, DocumentationGeneratorTaskListener.class.getClassLoader()));
+
+  private final Context context;
+  private final Path docsPath;
+
+  DocumentationGeneratorTaskListener(Context context, Path path) {
+    this.context = context;
+    this.docsPath = path;
+  }
+
+  @Override
+  public void started(TaskEvent taskEvent) {
+    if (taskEvent.getKind() == Kind.ANALYZE) {
+      createDocsDirectory();
+    }
+  }
+
+  @Override
+  public void finished(TaskEvent taskEvent) {
+    if (taskEvent.getKind() != Kind.ANALYZE) {
+      return;
+    }
+
+    JavaFileObject sourceFile = taskEvent.getSourceFile();
+    CompilationUnitTree compilationUnit = taskEvent.getCompilationUnit();
+    ClassTree classTree = JavacTrees.instance(context).getTree(taskEvent.getTypeElement());
+    if (sourceFile == null || compilationUnit == null || classTree == null) {
+      return;
+    }
+
+    VisitorState state =
+        VisitorState.createForUtilityPurposes(context)
+            .withPath(new TreePath(new TreePath(compilationUnit), classTree));
+
+    for (Extractor<?> extractor : EXTRACTORS) {
+      extractor
+          .tryExtract(classTree, state)
+          .ifPresent(
+              data ->
+                  writeToFile(
+                      extractor.identifier(), getSimpleClassName(sourceFile.toUri()), data));
+    }
+  }
+
+  private void createDocsDirectory() {
+    try {
+      Files.createDirectories(docsPath);
+    } catch (IOException e) {
+      throw new IllegalStateException(
+          String.format("Error while creating directory with path '%s'", docsPath), e);
+    }
+  }
+
+  private <T> void writeToFile(String identifier, String className, T data) {
+    Json.write(docsPath.resolve(String.format("%s-%s.json", identifier, className)), data);
+  }
+
+  private static String getSimpleClassName(URI path) {
+    return Path.of(path).getFileName().toString().replace(".java", "");
+  }
+}

documentation-support/src/main/java/tech/picnic/errorprone/documentation/Extractor.java

@@ -0,0 +1,33 @@
+package tech.picnic.errorprone.documentation;
+
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.annotations.Immutable;
+import com.sun.source.tree.ClassTree;
+import java.util.Optional;
+
+/**
+ * Interface implemented by classes that define how to extract data of some type {@link T} from a
+ * given {@link ClassTree}.
+ *
+ * @param <T> The type of data that is extracted.
+ */
+@Immutable
+interface Extractor<T> {
+  /**
+   * Returns the unique identifier of this extractor.
+   *
+   * @return A non-{@code null} string.
+   */
+  String identifier();
+
+  /**
+   * Attempts to extract an instance of type {@link T} using the provided arguments.
+   *
+   * @param tree The {@link ClassTree} to analyze and from which to extract an instance of type
+   *     {@link T}.
+   * @param state A {@link VisitorState} describing the context in which the given {@link ClassTree}
+   *     is found.
+   * @return An instance of type {@link T}, if possible.
+   */
+  Optional<T> tryExtract(ClassTree tree, VisitorState state);
+}

documentation-support/src/main/java/tech/picnic/errorprone/documentation/Json.java

@@ -0,0 +1,45 @@
+package tech.picnic.errorprone.documentation;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility;
+import com.fasterxml.jackson.annotation.PropertyAccessor;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.datatype.guava.GuavaModule;
+import com.fasterxml.jackson.module.paramnames.ParameterNamesModule;
+import com.google.errorprone.annotations.FormatMethod;
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.Path;
+
+/**
+ * Utility class that offers mutually consistent JSON serialization and deserialization operations,
+ * without further specifying the exact schema used.
+ */
+final class Json {
+  private static final ObjectMapper OBJECT_MAPPER =
+      new ObjectMapper()
+          .setVisibility(PropertyAccessor.FIELD, Visibility.ANY)
+          .registerModules(new GuavaModule(), new ParameterNamesModule());
+
+  private Json() {}
+
+  static <T> T read(Path path, Class<T> clazz) {
+    try {
+      return OBJECT_MAPPER.readValue(path.toFile(), clazz);
+    } catch (IOException e) {
+      throw failure(e, "Failure reading from '%s'", path);
+    }
+  }
+
+  static <T> void write(Path path, T object) {
+    try {
+      OBJECT_MAPPER.writeValue(path.toFile(), object);
+    } catch (IOException e) {
+      throw failure(e, "Failure writing to '%s'", path);
+    }
+  }
+
+  @FormatMethod
+  private static UncheckedIOException failure(IOException cause, String format, Object... args) {
+    return new UncheckedIOException(String.format(format, args), cause);
+  }
+}

documentation-support/src/main/java/tech/picnic/errorprone/documentation/RefasterRuleCollectionTestExtractor.java

@@ -0,0 +1,176 @@
+package tech.picnic.errorprone.documentation;
+
+import static com.google.common.collect.ImmutableList.toImmutableList;
+import static com.google.errorprone.matchers.Matchers.isSubtypeOf;
+import static java.util.stream.Collectors.joining;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.google.auto.service.AutoService;
+import com.google.auto.value.AutoValue;
+import com.google.common.base.Splitter;
+import com.google.common.base.Supplier;
+import com.google.common.base.VerifyException;
+import com.google.common.collect.ImmutableList;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.annotations.FormatMethod;
+import com.google.errorprone.annotations.Immutable;
+import com.google.errorprone.matchers.Matcher;
+import com.sun.source.tree.ClassTree;
+import com.sun.source.tree.MethodTree;
+import java.net.URI;
+import java.util.Optional;
+import java.util.regex.Pattern;
+import tech.picnic.errorprone.documentation.RefasterRuleCollectionTestExtractor.RefasterTestCases;
+import tech.picnic.errorprone.utils.SourceCode;
+
+/**
+ * An {@link Extractor} that describes how to extract data from Refaster rule input and output test
+ * classes.
+ */
+// XXX: Drop this extractor if/when the Refaster test framework is reimplemented such that tests can
+// be located alongside rules, rather than in two additional resource files as currently required by
+// `RefasterRuleCollection`.
+@Immutable
+@AutoService(Extractor.class)
+@SuppressWarnings("rawtypes" /* See https://github.com/google/auto/issues/870. */)
+public final class RefasterRuleCollectionTestExtractor implements Extractor<RefasterTestCases> {
+  private static final Matcher<ClassTree> IS_REFASTER_RULE_COLLECTION_TEST_CASE =
+      isSubtypeOf("tech.picnic.errorprone.refaster.test.RefasterRuleCollectionTestCase");
+  private static final Pattern TEST_CLASS_NAME_PATTERN = Pattern.compile("(.*)Test");
+  private static final Pattern TEST_CLASS_FILE_NAME_PATTERN =
+      Pattern.compile(".*(Input|Output)\\.java");
+  private static final Pattern TEST_METHOD_NAME_PATTERN = Pattern.compile("test(.*)");
+  private static final String LINE_SEPARATOR = "\n";
+  private static final Splitter LINE_SPLITTER = Splitter.on(LINE_SEPARATOR);
+
+  /** Instantiates a new {@link RefasterRuleCollectionTestExtractor} instance. */
+  public RefasterRuleCollectionTestExtractor() {}
+
+  @Override
+  public String identifier() {
+    return "refaster-rule-collection-test";
+  }
+
+  @Override
+  public Optional<RefasterTestCases> tryExtract(ClassTree tree, VisitorState state) {
+    if (!IS_REFASTER_RULE_COLLECTION_TEST_CASE.matches(tree, state)) {
+      return Optional.empty();
+    }
+
+    URI sourceFile = state.getPath().getCompilationUnit().getSourceFile().toUri();
+    return Optional.of(
+        RefasterTestCases.create(
+            sourceFile,
+            getRuleCollectionName(tree),
+            isInputFile(sourceFile),
+            getRefasterTestCases(tree, state)));
+  }
+
+  private static String getRuleCollectionName(ClassTree tree) {
+    String className = tree.getSimpleName().toString();
+
+    // XXX: Instead of throwing an error here, it'd be nicer to have a bug checker validate key
+    // aspects of `RefasterRuleCollectionTestCase` subtypes.
+    return tryExtractPatternGroup(className, TEST_CLASS_NAME_PATTERN)
+        .orElseThrow(
+            violation(
+                "Refaster rule collection test class name '%s' does not match '%s'",
+                className, TEST_CLASS_NAME_PATTERN));
+  }
+
+  private static boolean isInputFile(URI sourceFile) {
+    String path = sourceFile.getPath();
+
+    // XXX: Instead of throwing an error here, it'd be nicer to have a bug checker validate key
+    // aspects of `RefasterRuleCollectionTestCase` subtypes.
+    return "Input"
+        .equals(
+            tryExtractPatternGroup(path, TEST_CLASS_FILE_NAME_PATTERN)
+                .orElseThrow(
+                    violation(
+                        "Refaster rule collection test file name '%s' does not match '%s'",
+                        path, TEST_CLASS_FILE_NAME_PATTERN)));
+  }
+
+  private static ImmutableList<RefasterTestCase> getRefasterTestCases(
+      ClassTree tree, VisitorState state) {
+    return tree.getMembers().stream()
+        .filter(MethodTree.class::isInstance)
+        .map(MethodTree.class::cast)
+        .flatMap(m -> tryExtractRefasterTestCase(m, state).stream())
+        .collect(toImmutableList());
+  }
+
+  private static Optional<RefasterTestCase> tryExtractRefasterTestCase(
+      MethodTree method, VisitorState state) {
+    return tryExtractPatternGroup(method.getName().toString(), TEST_METHOD_NAME_PATTERN)
+        .map(name -> RefasterTestCase.create(name, getFormattedSource(method, state)));
+  }
+
+  /**
+   * Returns the source code for the specified method.
+   *
+   * @implNote This operation attempts to trim leading whitespace, such that the start and end of
+   *     the method declaration are aligned. The implemented heuristic assumes that the code is
+   *     formatted using Google Java Format.
+   */
+  // XXX: Leading Javadoc and other comments are currently not extracted. Consider fixing this.
+  private static String getFormattedSource(MethodTree method, VisitorState state) {
+    String source = SourceCode.treeToString(method, state);
+    int finalNewline = source.lastIndexOf(LINE_SEPARATOR);
+    if (finalNewline < 0) {
+      return source;
+    }
+
+    int indentation = Math.max(0, source.lastIndexOf(' ') - finalNewline);
+    String prefixToStrip = " ".repeat(indentation);
+
+    return LINE_SPLITTER
+        .splitToStream(source)
+        .map(line -> line.startsWith(prefixToStrip) ? line.substring(indentation) : line)
+        .collect(joining(LINE_SEPARATOR));
+  }
+
+  private static Optional<String> tryExtractPatternGroup(String input, Pattern pattern) {
+    java.util.regex.Matcher matcher = pattern.matcher(input);
+    return matcher.matches() ? Optional.of(matcher.group(1)) : Optional.empty();
+  }
+
+  @FormatMethod
+  private static Supplier<VerifyException> violation(String format, Object... args) {
+    return () -> new VerifyException(String.format(format, args));
+  }
+
+  @AutoValue
+  @JsonDeserialize(as = AutoValue_RefasterRuleCollectionTestExtractor_RefasterTestCases.class)
+  abstract static class RefasterTestCases {
+    static RefasterTestCases create(
+        URI source,
+        String ruleCollection,
+        boolean isInput,
+        ImmutableList<RefasterTestCase> testCases) {
+      return new AutoValue_RefasterRuleCollectionTestExtractor_RefasterTestCases(
+          source, ruleCollection, isInput, testCases);
+    }
+
+    abstract URI source();
+
+    abstract String ruleCollection();
+
+    abstract boolean isInput();
+
+    abstract ImmutableList<RefasterTestCase> testCases();
+  }
+
+  @AutoValue
+  @JsonDeserialize(as = AutoValue_RefasterRuleCollectionTestExtractor_RefasterTestCase.class)
+  abstract static class RefasterTestCase {
+    static RefasterTestCase create(String name, String content) {
+      return new AutoValue_RefasterRuleCollectionTestExtractor_RefasterTestCase(name, content);
+    }
+
+    abstract String name();
+
+    abstract String content();
+  }
+}

documentation-support/src/main/java/tech/picnic/errorprone/documentation/package-info.java

@@ -0,0 +1,7 @@
+/**
+ * A Java compiler plugin that extracts data from compiled classes, in support of the Error Prone
+ * Support documentation.
+ */
+@com.google.errorprone.annotations.CheckReturnValue
+@org.jspecify.annotations.NullMarked
+package tech.picnic.errorprone.documentation;

documentation-support/src/test/java/tech/picnic/errorprone/documentation/BugPatternExtractorTest.java

@@ -0,0 +1,142 @@
+package tech.picnic.errorprone.documentation;
+
+import static com.google.errorprone.BugPattern.SeverityLevel.ERROR;
+import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
+import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
+import static org.assertj.core.api.Assertions.assertThat;
+
+import com.google.common.collect.ImmutableList;
+import com.google.errorprone.BugPattern;
+import java.net.URI;
+import java.nio.file.Path;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+import tech.picnic.errorprone.documentation.BugPatternExtractor.BugPatternDocumentation;
+
+final class BugPatternExtractorTest {
+  @Test
+  void noBugPattern(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "TestCheckerWithoutAnnotation.java",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "public final class TestCheckerWithoutAnnotation extends BugChecker {}");
+
+    assertThat(outputDirectory.toAbsolutePath()).isEmptyDirectory();
+  }
+
+  @Test
+  void minimalBugPattern(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "MinimalBugChecker.java",
+        "package pkg;",
+        "",
+        "import com.google.errorprone.BugPattern;",
+        "import com.google.errorprone.BugPattern.SeverityLevel;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "@BugPattern(summary = \"MinimalBugChecker summary\", severity = SeverityLevel.ERROR)",
+        "public final class MinimalBugChecker extends BugChecker {}");
+
+    verifyGeneratedFileContent(
+        outputDirectory,
+        "MinimalBugChecker",
+        BugPatternDocumentation.create(
+            URI.create("file:///MinimalBugChecker.java"),
+            "pkg.MinimalBugChecker",
+            "MinimalBugChecker",
+            ImmutableList.of(),
+            "",
+            ImmutableList.of(),
+            "MinimalBugChecker summary",
+            "",
+            ERROR,
+            /* canDisable= */ true,
+            ImmutableList.of(SuppressWarnings.class.getCanonicalName())));
+  }
+
+  @Test
+  void completeBugPattern(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "CompleteBugChecker.java",
+        "package pkg;",
+        "",
+        "import com.google.errorprone.BugPattern;",
+        "import com.google.errorprone.BugPattern.SeverityLevel;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "import org.junit.jupiter.api.Test;",
+        "",
+        "@BugPattern(",
+        "    name = \"OtherName\",",
+        "    summary = \"CompleteBugChecker summary\",",
+        "    linkType = BugPattern.LinkType.CUSTOM,",
+        "    link = \"https://error-prone.picnic.tech\",",
+        "    explanation = \"Example explanation\",",
+        "    severity = SeverityLevel.SUGGESTION,",
+        "    altNames = \"Check\",",
+        "    tags = BugPattern.StandardTags.SIMPLIFICATION,",
+        "    disableable = false,",
+        "    suppressionAnnotations = {BugPattern.class, Test.class})",
+        "public final class CompleteBugChecker extends BugChecker {}");
+
+    verifyGeneratedFileContent(
+        outputDirectory,
+        "CompleteBugChecker",
+        BugPatternDocumentation.create(
+            URI.create("file:///CompleteBugChecker.java"),
+            "pkg.CompleteBugChecker",
+            "OtherName",
+            ImmutableList.of("Check"),
+            "https://error-prone.picnic.tech",
+            ImmutableList.of("Simplification"),
+            "CompleteBugChecker summary",
+            "Example explanation",
+            SUGGESTION,
+            /* canDisable= */ false,
+            ImmutableList.of(BugPattern.class.getCanonicalName(), "org.junit.jupiter.api.Test")));
+  }
+
+  @Test
+  void undocumentedSuppressionBugPattern(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "UndocumentedSuppressionBugPattern.java",
+        "package pkg;",
+        "",
+        "import com.google.errorprone.BugPattern;",
+        "import com.google.errorprone.BugPattern.SeverityLevel;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "@BugPattern(",
+        "    summary = \"UndocumentedSuppressionBugPattern summary\",",
+        "    severity = SeverityLevel.WARNING,",
+        "    documentSuppression = false)",
+        "public final class UndocumentedSuppressionBugPattern extends BugChecker {}");
+
+    verifyGeneratedFileContent(
+        outputDirectory,
+        "UndocumentedSuppressionBugPattern",
+        BugPatternDocumentation.create(
+            URI.create("file:///UndocumentedSuppressionBugPattern.java"),
+            "pkg.UndocumentedSuppressionBugPattern",
+            "UndocumentedSuppressionBugPattern",
+            ImmutableList.of(),
+            "",
+            ImmutableList.of(),
+            "UndocumentedSuppressionBugPattern summary",
+            "",
+            WARNING,
+            /* canDisable= */ true,
+            ImmutableList.of()));
+  }
+
+  private static void verifyGeneratedFileContent(
+      Path outputDirectory, String testClass, BugPatternDocumentation expected) {
+    assertThat(outputDirectory.resolve(String.format("bugpattern-%s.json", testClass)))
+        .exists()
+        .returns(expected, path -> Json.read(path, BugPatternDocumentation.class));
+  }
+}

documentation-support/src/test/java/tech/picnic/errorprone/documentation/BugPatternTestExtractorTest.java

@@ -0,0 +1,558 @@
+package tech.picnic.errorprone.documentation;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import com.google.common.collect.ImmutableList;
+import java.net.URI;
+import java.nio.file.Path;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+import tech.picnic.errorprone.documentation.BugPatternTestExtractor.BugPatternTestCase;
+import tech.picnic.errorprone.documentation.BugPatternTestExtractor.BugPatternTestCases;
+import tech.picnic.errorprone.documentation.BugPatternTestExtractor.IdentificationTestEntry;
+import tech.picnic.errorprone.documentation.BugPatternTestExtractor.ReplacementTestEntry;
+
+final class BugPatternTestExtractorTest {
+  @Test
+  void noTestClass(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "TestCheckerWithoutAnnotation.java",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "public final class TestCheckerWithoutAnnotation extends BugChecker {}");
+
+    assertThat(outputDirectory.toAbsolutePath()).isEmptyDirectory();
+  }
+
+  @Test
+  void noDoTestInvocation(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "TestCheckerTest.java",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper;",
+        "import com.google.errorprone.CompilationTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class TestCheckerTest {",
+        "  private static class TestChecker extends BugChecker {}",
+        "",
+        "  void m() {",
+        "    CompilationTestHelper.newInstance(TestChecker.class, getClass())",
+        "        .addSourceLines(\"A.java\", \"// BUG: Diagnostic contains:\", \"class A {}\");",
+        "",
+        "    BugCheckerRefactoringTestHelper.newInstance(TestChecker.class, getClass())",
+        "        .addInputLines(\"A.java\", \"class A {}\")",
+        "        .addOutputLines(\"A.java\", \"class A { /* This is a change. */ }\");",
+        "  }",
+        "}");
+
+    assertThat(outputDirectory.toAbsolutePath()).isEmptyDirectory();
+  }
+
+  @Test
+  void nullBugCheckerInstance(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "TestCheckerTest.java",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper;",
+        "import com.google.errorprone.CompilationTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class TestCheckerTest {",
+        "  void m() {",
+        "    CompilationTestHelper.newInstance((Class<BugChecker>) null, getClass())",
+        "        .addSourceLines(\"A.java\", \"// BUG: Diagnostic contains:\", \"class A {}\")",
+        "        .doTest();",
+        "",
+        "    BugCheckerRefactoringTestHelper.newInstance((Class<BugChecker>) null, getClass())",
+        "        .addInputLines(\"A.java\", \"class A {}\")",
+        "        .addOutputLines(\"A.java\", \"class A { /* This is a change. */ }\")",
+        "        .doTest();",
+        "  }",
+        "}");
+
+    assertThat(outputDirectory.toAbsolutePath()).isEmptyDirectory();
+  }
+
+  @Test
+  void rawBugCheckerInstance(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "TestCheckerTest.java",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper;",
+        "import com.google.errorprone.CompilationTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class TestCheckerTest {",
+        "  private static class TestChecker extends BugChecker {}",
+        "",
+        "  @SuppressWarnings(\"unchecked\")",
+        "  void m() {",
+        "    @SuppressWarnings(\"rawtypes\")",
+        "    Class bugChecker = TestChecker.class;",
+        "",
+        "    CompilationTestHelper.newInstance(bugChecker, getClass())",
+        "        .addSourceLines(\"A.java\", \"// BUG: Diagnostic contains:\", \"class A {}\")",
+        "        .doTest();",
+        "",
+        "    BugCheckerRefactoringTestHelper.newInstance(bugChecker, getClass())",
+        "        .addInputLines(\"A.java\", \"class A {}\")",
+        "        .addOutputLines(\"A.java\", \"class A { /* This is a change. */ }\")",
+        "        .doTest();",
+        "  }",
+        "}");
+
+    assertThat(outputDirectory.toAbsolutePath()).isEmptyDirectory();
+  }
+
+  @Test
+  void scannerSupplierInstance(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "TestCheckerTest.java",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper;",
+        "import com.google.errorprone.CompilationTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "import com.google.errorprone.scanner.ScannerSupplier;",
+        "",
+        "final class TestCheckerTest {",
+        "  private static class TestChecker extends BugChecker {}",
+        "",
+        "  void m() {",
+        "    CompilationTestHelper.newInstance(",
+        "            ScannerSupplier.fromBugCheckerClasses(TestChecker.class), getClass())",
+        "        .addSourceLines(\"A.java\", \"// BUG: Diagnostic contains:\", \"class A {}\")",
+        "        .doTest();",
+        "",
+        "    BugCheckerRefactoringTestHelper.newInstance(",
+        "            ScannerSupplier.fromBugCheckerClasses(TestChecker.class), getClass())",
+        "        .addInputLines(\"A.java\", \"class A {}\")",
+        "        .addOutputLines(\"A.java\", \"class A { /* This is a change. */ }\")",
+        "        .doTest();",
+        "  }",
+        "}");
+
+    assertThat(outputDirectory.toAbsolutePath()).isEmptyDirectory();
+  }
+
+  @Test
+  void nonCompileTimeConstantStrings(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "TestCheckerTest.java",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper;",
+        "import com.google.errorprone.CompilationTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class TestCheckerTest {",
+        "  private static class TestChecker extends BugChecker {}",
+        "",
+        "  void m() {",
+        "    CompilationTestHelper.newInstance(TestChecker.class, getClass())",
+        "        .addSourceLines(toString() + \"A.java\", \"// BUG: Diagnostic contains:\", \"class A {}\")",
+        "        .addSourceLines(\"B.java\", \"// BUG: Diagnostic contains:\", \"class B {}\", toString())",
+        "        .doTest();",
+        "",
+        "    BugCheckerRefactoringTestHelper.newInstance(TestChecker.class, getClass())",
+        "        .addInputLines(toString() + \"A.java\", \"class A {}\")",
+        "        .addOutputLines(\"A.java\", \"class A { /* This is a change. */ }\")",
+        "        .addInputLines(\"B.java\", \"class B {}\", toString())",
+        "        .addOutputLines(\"B.java\", \"class B { /* This is a change. */ }\")",
+        "        .addInputLines(\"C.java\", \"class C {}\")",
+        "        .addOutputLines(\"C.java\", \"class C { /* This is a change. */ }\", toString())",
+        "        .doTest();",
+        "  }",
+        "}");
+
+    assertThat(outputDirectory.toAbsolutePath()).isEmptyDirectory();
+  }
+
+  @Test
+  void nonFluentTestHelperExpressions(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "TestCheckerTest.java",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper;",
+        "import com.google.errorprone.CompilationTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class TestCheckerTest {",
+        "  private static class TestChecker extends BugChecker {}",
+        "",
+        "  void m() {",
+        "    CompilationTestHelper testHelper =",
+        "        CompilationTestHelper.newInstance(TestChecker.class, getClass())",
+        "            .addSourceLines(\"A.java\", \"class A {}\");",
+        "    testHelper.doTest();",
+        "",
+        "    BugCheckerRefactoringTestHelper.ExpectOutput expectedOutput =",
+        "        BugCheckerRefactoringTestHelper.newInstance(TestChecker.class, getClass())",
+        "            .addInputLines(\"A.java\", \"class A {}\");",
+        "    expectedOutput.addOutputLines(\"A.java\", \"class A {}\").doTest();",
+        "    expectedOutput.expectUnchanged().doTest();",
+        "  }",
+        "}");
+
+    assertThat(outputDirectory.toAbsolutePath()).isEmptyDirectory();
+  }
+
+  @Test
+  void noSource(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "TestCheckerTest.java",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper;",
+        "import com.google.errorprone.CompilationTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class TestCheckerTest {",
+        "  private static class TestChecker extends BugChecker {}",
+        "",
+        "  void m() {",
+        "    CompilationTestHelper.newInstance(TestChecker.class, getClass()).doTest();",
+        "",
+        "    BugCheckerRefactoringTestHelper.newInstance(TestChecker.class, getClass()).doTest();",
+        "  }",
+        "}");
+
+    assertThat(outputDirectory.toAbsolutePath()).isEmptyDirectory();
+  }
+
+  @Test
+  void noDiagnostics(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "TestCheckerTest.java",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper;",
+        "import com.google.errorprone.CompilationTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class TestCheckerTest {",
+        "  private static class TestChecker extends BugChecker {}",
+        "",
+        "  void m() {",
+        "    CompilationTestHelper.newInstance(TestChecker.class, getClass())",
+        "        .addSourceLines(\"A.java\", \"class A {}\")",
+        "        .doTest();",
+        "",
+        "    BugCheckerRefactoringTestHelper.newInstance(TestChecker.class, getClass())",
+        "        .addInputLines(\"A.java\", \"class A {}\")",
+        "        .addOutputLines(\"A.java\", \"class A {}\")",
+        "        .addInputLines(\"B.java\", \"class B {}\")",
+        "        .expectUnchanged()",
+        "        .doTest();",
+        "  }",
+        "}");
+
+    assertThat(outputDirectory.toAbsolutePath()).isEmptyDirectory();
+  }
+
+  @Test
+  void singleFileCompilationTestHelper(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "SingleFileCompilationTestHelperTest.java",
+        "import com.google.errorprone.CompilationTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class SingleFileCompilationTestHelperTest {",
+        "  private static class TestChecker extends BugChecker {}",
+        "",
+        "  void m() {",
+        "    CompilationTestHelper.newInstance(TestChecker.class, getClass())",
+        "        .addSourceLines(\"A.java\", \"// BUG: Diagnostic contains:\", \"class A {}\")",
+        "        .doTest();",
+        "  }",
+        "}");
+
+    verifyGeneratedFileContent(
+        outputDirectory,
+        "SingleFileCompilationTestHelperTest",
+        BugPatternTestCases.create(
+            URI.create("file:///SingleFileCompilationTestHelperTest.java"),
+            "SingleFileCompilationTestHelperTest",
+            ImmutableList.of(
+                BugPatternTestCase.create(
+                    "SingleFileCompilationTestHelperTest.TestChecker",
+                    ImmutableList.of(
+                        IdentificationTestEntry.create(
+                            "A.java", "// BUG: Diagnostic contains:\nclass A {}\n"))))));
+  }
+
+  @Test
+  void singleFileCompilationTestHelperWithSetArgs(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "SingleFileCompilationTestHelperWithSetArgsTest.java",
+        "import com.google.errorprone.CompilationTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class SingleFileCompilationTestHelperWithSetArgsTest {",
+        "  private static class TestChecker extends BugChecker {}",
+        "",
+        "  void m() {",
+        "    CompilationTestHelper.newInstance(TestChecker.class, getClass())",
+        "        .setArgs(\"-XepAllSuggestionsAsWarnings\")",
+        "        .addSourceLines(\"A.java\", \"// BUG: Diagnostic contains:\", \"class A {}\")",
+        "        .doTest();",
+        "  }",
+        "}");
+
+    verifyGeneratedFileContent(
+        outputDirectory,
+        "SingleFileCompilationTestHelperWithSetArgsTest",
+        BugPatternTestCases.create(
+            URI.create("file:///SingleFileCompilationTestHelperWithSetArgsTest.java"),
+            "SingleFileCompilationTestHelperWithSetArgsTest",
+            ImmutableList.of(
+                BugPatternTestCase.create(
+                    "SingleFileCompilationTestHelperWithSetArgsTest.TestChecker",
+                    ImmutableList.of(
+                        IdentificationTestEntry.create(
+                            "A.java", "// BUG: Diagnostic contains:\nclass A {}\n"))))));
+  }
+
+  @Test
+  void multiFileCompilationTestHelper(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "MultiFileCompilationTestHelperTest.java",
+        "import com.google.errorprone.CompilationTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class MultiFileCompilationTestHelperTest {",
+        "  private static class TestChecker extends BugChecker {}",
+        "",
+        "  void m() {",
+        "    CompilationTestHelper.newInstance(TestChecker.class, getClass())",
+        "        .addSourceLines(\"A.java\", \"// BUG: Diagnostic contains:\", \"class A {}\")",
+        "        .addSourceLines(\"B.java\", \"// BUG: Diagnostic contains:\", \"class B {}\")",
+        "        .doTest();",
+        "  }",
+        "}");
+
+    verifyGeneratedFileContent(
+        outputDirectory,
+        "MultiFileCompilationTestHelperTest",
+        BugPatternTestCases.create(
+            URI.create("file:///MultiFileCompilationTestHelperTest.java"),
+            "MultiFileCompilationTestHelperTest",
+            ImmutableList.of(
+                BugPatternTestCase.create(
+                    "MultiFileCompilationTestHelperTest.TestChecker",
+                    ImmutableList.of(
+                        IdentificationTestEntry.create(
+                            "A.java", "// BUG: Diagnostic contains:\nclass A {}\n"),
+                        IdentificationTestEntry.create(
+                            "B.java", "// BUG: Diagnostic contains:\nclass B {}\n"))))));
+  }
+
+  @Test
+  void singleFileBugCheckerRefactoringTestHelper(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "SingleFileBugCheckerRefactoringTestHelperTest.java",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class SingleFileBugCheckerRefactoringTestHelperTest {",
+        "  private static class TestChecker extends BugChecker {}",
+        "",
+        "  void m() {",
+        "    BugCheckerRefactoringTestHelper.newInstance(TestChecker.class, getClass())",
+        "        .addInputLines(\"A.java\", \"class A {}\")",
+        "        .addOutputLines(\"A.java\", \"class A { /* This is a change. */ }\")",
+        "        .doTest();",
+        "  }",
+        "}");
+
+    verifyGeneratedFileContent(
+        outputDirectory,
+        "SingleFileBugCheckerRefactoringTestHelperTest",
+        BugPatternTestCases.create(
+            URI.create("file:///SingleFileBugCheckerRefactoringTestHelperTest.java"),
+            "SingleFileBugCheckerRefactoringTestHelperTest",
+            ImmutableList.of(
+                BugPatternTestCase.create(
+                    "SingleFileBugCheckerRefactoringTestHelperTest.TestChecker",
+                    ImmutableList.of(
+                        ReplacementTestEntry.create(
+                            "A.java", "class A {}\n", "class A { /* This is a change. */ }\n"))))));
+  }
+
+  @Test
+  void singleFileBugCheckerRefactoringTestHelperWithSetArgsFixChooserAndCustomTestMode(
+      @TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "SingleFileBugCheckerRefactoringTestHelperWithSetArgsFixChooserAndCustomTestModeTest.java",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper;",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper.FixChoosers;",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper.TestMode;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class SingleFileBugCheckerRefactoringTestHelperWithSetArgsFixChooserAndCustomTestModeTest {",
+        "  private static class TestChecker extends BugChecker {}",
+        "",
+        "  void m() {",
+        "    BugCheckerRefactoringTestHelper.newInstance(TestChecker.class, getClass())",
+        "        .setArgs(\"-XepAllSuggestionsAsWarnings\")",
+        "        .setFixChooser(FixChoosers.SECOND)",
+        "        .addInputLines(\"A.java\", \"class A {}\")",
+        "        .addOutputLines(\"A.java\", \"class A { /* This is a change. */ }\")",
+        "        .doTest(TestMode.TEXT_MATCH);",
+        "  }",
+        "}");
+
+    verifyGeneratedFileContent(
+        outputDirectory,
+        "SingleFileBugCheckerRefactoringTestHelperWithSetArgsFixChooserAndCustomTestModeTest",
+        BugPatternTestCases.create(
+            URI.create(
+                "file:///SingleFileBugCheckerRefactoringTestHelperWithSetArgsFixChooserAndCustomTestModeTest.java"),
+            "SingleFileBugCheckerRefactoringTestHelperWithSetArgsFixChooserAndCustomTestModeTest",
+            ImmutableList.of(
+                BugPatternTestCase.create(
+                    "SingleFileBugCheckerRefactoringTestHelperWithSetArgsFixChooserAndCustomTestModeTest.TestChecker",
+                    ImmutableList.of(
+                        ReplacementTestEntry.create(
+                            "A.java", "class A {}\n", "class A { /* This is a change. */ }\n"))))));
+  }
+
+  @Test
+  void multiFileBugCheckerRefactoringTestHelper(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "MultiFileBugCheckerRefactoringTestHelperTest.java",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class MultiFileBugCheckerRefactoringTestHelperTest {",
+        "  private static class TestChecker extends BugChecker {}",
+        "",
+        "  void m() {",
+        "    BugCheckerRefactoringTestHelper.newInstance(TestChecker.class, getClass())",
+        "        .addInputLines(\"A.java\", \"class A {}\")",
+        "        .addOutputLines(\"A.java\", \"class A { /* This is a change. */ }\")",
+        "        .addInputLines(\"B.java\", \"class B {}\")",
+        "        .addOutputLines(\"B.java\", \"class B { /* This is a change. */ }\")",
+        "        .doTest();",
+        "  }",
+        "}");
+
+    verifyGeneratedFileContent(
+        outputDirectory,
+        "MultiFileBugCheckerRefactoringTestHelperTest",
+        BugPatternTestCases.create(
+            URI.create("file:///MultiFileBugCheckerRefactoringTestHelperTest.java"),
+            "MultiFileBugCheckerRefactoringTestHelperTest",
+            ImmutableList.of(
+                BugPatternTestCase.create(
+                    "MultiFileBugCheckerRefactoringTestHelperTest.TestChecker",
+                    ImmutableList.of(
+                        ReplacementTestEntry.create(
+                            "A.java", "class A {}\n", "class A { /* This is a change. */ }\n"),
+                        ReplacementTestEntry.create(
+                            "B.java", "class B {}\n", "class B { /* This is a change. */ }\n"))))));
+  }
+
+  @Test
+  void compilationAndBugCheckerRefactoringTestHelpers(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "CompilationAndBugCheckerRefactoringTestHelpersTest.java",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper;",
+        "import com.google.errorprone.CompilationTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class CompilationAndBugCheckerRefactoringTestHelpersTest {",
+        "  private static class TestChecker extends BugChecker {}",
+        "",
+        "  void m() {",
+        "    CompilationTestHelper.newInstance(TestChecker.class, getClass())",
+        "        .addSourceLines(\"A.java\", \"// BUG: Diagnostic contains:\", \"class A {}\")",
+        "        .doTest();",
+        "",
+        "    BugCheckerRefactoringTestHelper.newInstance(TestChecker.class, getClass())",
+        "        .addInputLines(\"A.java\", \"class A {}\")",
+        "        .addOutputLines(\"A.java\", \"class A { /* This is a change. */ }\")",
+        "        .doTest();",
+        "  }",
+        "}");
+
+    verifyGeneratedFileContent(
+        outputDirectory,
+        "CompilationAndBugCheckerRefactoringTestHelpersTest",
+        BugPatternTestCases.create(
+            URI.create("file:///CompilationAndBugCheckerRefactoringTestHelpersTest.java"),
+            "CompilationAndBugCheckerRefactoringTestHelpersTest",
+            ImmutableList.of(
+                BugPatternTestCase.create(
+                    "CompilationAndBugCheckerRefactoringTestHelpersTest.TestChecker",
+                    ImmutableList.of(
+                        IdentificationTestEntry.create(
+                            "A.java", "// BUG: Diagnostic contains:\nclass A {}\n"))),
+                BugPatternTestCase.create(
+                    "CompilationAndBugCheckerRefactoringTestHelpersTest.TestChecker",
+                    ImmutableList.of(
+                        ReplacementTestEntry.create(
+                            "A.java", "class A {}\n", "class A { /* This is a change. */ }\n"))))));
+  }
+
+  @Test
+  void compilationAndBugCheckerRefactoringTestHelpersWithCustomCheckerPackageAndNames(
+      @TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "CompilationAndBugCheckerRefactoringTestHelpersWithCustomCheckerPackageAndNamesTest.java",
+        "package pkg;",
+        "",
+        "import com.google.errorprone.BugCheckerRefactoringTestHelper;",
+        "import com.google.errorprone.CompilationTestHelper;",
+        "import com.google.errorprone.bugpatterns.BugChecker;",
+        "",
+        "final class CompilationAndBugCheckerRefactoringTestHelpersWithCustomCheckerPackageAndNamesTest {",
+        "  private static class CustomTestChecker extends BugChecker {}",
+        "",
+        "  private static class CustomTestChecker2 extends BugChecker {}",
+        "",
+        "  void m() {",
+        "    CompilationTestHelper.newInstance(CustomTestChecker.class, getClass())",
+        "        .addSourceLines(\"A.java\", \"// BUG: Diagnostic contains:\", \"class A {}\")",
+        "        .doTest();",
+        "",
+        "    BugCheckerRefactoringTestHelper.newInstance(CustomTestChecker2.class, getClass())",
+        "        .addInputLines(\"A.java\", \"class A {}\")",
+        "        .addOutputLines(\"A.java\", \"class A { /* This is a change. */ }\")",
+        "        .doTest();",
+        "  }",
+        "}");
+
+    verifyGeneratedFileContent(
+        outputDirectory,
+        "CompilationAndBugCheckerRefactoringTestHelpersWithCustomCheckerPackageAndNamesTest",
+        BugPatternTestCases.create(
+            URI.create(
+                "file:///CompilationAndBugCheckerRefactoringTestHelpersWithCustomCheckerPackageAndNamesTest.java"),
+            "pkg.CompilationAndBugCheckerRefactoringTestHelpersWithCustomCheckerPackageAndNamesTest",
+            ImmutableList.of(
+                BugPatternTestCase.create(
+                    "pkg.CompilationAndBugCheckerRefactoringTestHelpersWithCustomCheckerPackageAndNamesTest.CustomTestChecker",
+                    ImmutableList.of(
+                        IdentificationTestEntry.create(
+                            "A.java", "// BUG: Diagnostic contains:\nclass A {}\n"))),
+                BugPatternTestCase.create(
+                    "pkg.CompilationAndBugCheckerRefactoringTestHelpersWithCustomCheckerPackageAndNamesTest.CustomTestChecker2",
+                    ImmutableList.of(
+                        ReplacementTestEntry.create(
+                            "A.java", "class A {}\n", "class A { /* This is a change. */ }\n"))))));
+  }
+
+  private static void verifyGeneratedFileContent(
+      Path outputDirectory, String testClass, BugPatternTestCases expected) {
+    assertThat(outputDirectory.resolve(String.format("bugpattern-test-%s.json", testClass)))
+        .exists()
+        .returns(expected, path -> Json.read(path, BugPatternTestCases.class));
+  }
+}

documentation-support/src/test/java/tech/picnic/errorprone/documentation/Compilation.java

@@ -0,0 +1,74 @@
+package tech.picnic.errorprone.documentation;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import com.google.common.collect.ImmutableList;
+import com.google.errorprone.FileManagers;
+import com.google.errorprone.FileObjects;
+import com.sun.tools.javac.api.JavacTaskImpl;
+import com.sun.tools.javac.api.JavacTool;
+import com.sun.tools.javac.file.JavacFileManager;
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.List;
+import javax.tools.Diagnostic;
+import javax.tools.JavaCompiler;
+import javax.tools.JavaFileObject;
+
+// XXX: Generalize and move this class so that it can also be used by `refaster-compiler`.
+// XXX: This class is supported by the `ErrorProneTestHelperSourceFormat` check, but until that
+// support is covered by unit tests, make sure to update that logic if this class or its methods are
+// moved/renamed.
+public final class Compilation {
+  private Compilation() {}
+
+  public static void compileWithDocumentationGenerator(
+      Path outputDirectory, String path, String... lines) {
+    compileWithDocumentationGenerator(outputDirectory.toAbsolutePath().toString(), path, lines);
+  }
+
+  public static void compileWithDocumentationGenerator(
+      String outputDirectory, String path, String... lines) {
+    /*
+     * The compiler options specified here largely match those used by Error Prone's
+     * `CompilationTestHelper`. A key difference is the stricter linting configuration. When
+     * compiling using JDK 21+, these lint options also require that certain JDK modules are
+     * explicitly exported.
+     */
+    compile(
+        ImmutableList.of(
+            "--add-exports=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED",
+            "--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED",
+            "--add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED",
+            "-encoding",
+            "UTF-8",
+            "-parameters",
+            "-proc:none",
+            "-Werror",
+            "-Xlint:all,-serial",
+            "-Xplugin:DocumentationGenerator -XoutputDirectory=" + outputDirectory,
+            "-XDdev",
+            "-XDcompilePolicy=simple"),
+        FileObjects.forSourceLines(path, lines));
+  }
+
+  private static void compile(ImmutableList<String> options, JavaFileObject javaFileObject) {
+    JavacFileManager javacFileManager = FileManagers.testFileManager();
+    JavaCompiler compiler = JavacTool.create();
+
+    List<Diagnostic<?>> diagnostics = new ArrayList<>();
+    JavacTaskImpl task =
+        (JavacTaskImpl)
+            compiler.getTask(
+                null,
+                javacFileManager,
+                diagnostics::add,
+                options,
+                ImmutableList.of(),
+                ImmutableList.of(javaFileObject));
+
+    Boolean result = task.call();
+    assertThat(diagnostics).isEmpty();
+    assertThat(result).isTrue();
+  }
+}

documentation-support/src/test/java/tech/picnic/errorprone/documentation/DocumentationGeneratorTaskListenerTest.java

@@ -0,0 +1,147 @@
+package tech.picnic.errorprone.documentation;
+
+import static com.google.common.collect.ImmutableList.toImmutableList;
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static java.nio.file.attribute.AclEntryPermission.ADD_SUBDIRECTORY;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.junit.jupiter.api.condition.OS.WINDOWS;
+
+import com.google.auto.service.AutoService;
+import com.google.auto.value.AutoValue;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Sets;
+import com.google.common.collect.Streams;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.annotations.Immutable;
+import com.sun.source.tree.ClassTree;
+import com.sun.source.tree.Tree;
+import java.io.IOException;
+import java.nio.file.FileSystemException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.attribute.AclEntry;
+import java.nio.file.attribute.AclFileAttributeView;
+import java.util.Optional;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.condition.DisabledOnOs;
+import org.junit.jupiter.api.condition.EnabledOnOs;
+import org.junit.jupiter.api.io.TempDir;
+
+final class DocumentationGeneratorTaskListenerTest {
+  @EnabledOnOs(WINDOWS)
+  @Test
+  void readOnlyFileSystemWindows(@TempDir Path outputDirectory) throws IOException {
+    AclFileAttributeView view =
+        Files.getFileAttributeView(outputDirectory, AclFileAttributeView.class);
+    view.setAcl(
+        view.getAcl().stream()
+            .map(
+                entry ->
+                    AclEntry.newBuilder(entry)
+                        .setPermissions(
+                            Sets.difference(
+                                entry.permissions(), Sets.immutableEnumSet(ADD_SUBDIRECTORY)))
+                        .build())
+            .collect(toImmutableList()));
+
+    readOnlyFileSystemFailsToWrite(outputDirectory.resolve("nonexistent"));
+  }
+
+  @DisabledOnOs(WINDOWS)
+  @Test
+  void readOnlyFileSystemNonWindows(@TempDir Path outputDirectory) {
+    assertThat(outputDirectory.toFile().setWritable(false))
+        .describedAs("Failed to make test directory unwritable")
+        .isTrue();
+
+    readOnlyFileSystemFailsToWrite(outputDirectory.resolve("nonexistent"));
+  }
+
+  private static void readOnlyFileSystemFailsToWrite(Path outputDirectory) {
+    assertThatThrownBy(
+            () ->
+                Compilation.compileWithDocumentationGenerator(
+                    outputDirectory, "A.java", "class A {}"))
+        .hasRootCauseInstanceOf(FileSystemException.class)
+        .hasCauseInstanceOf(IllegalStateException.class)
+        .hasMessageEndingWith("Error while creating directory with path '%s'", outputDirectory);
+  }
+
+  @Test
+  void noClassNoOutput(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(outputDirectory, "A.java", "package pkg;");
+
+    assertThat(outputDirectory).isEmptyDirectory();
+  }
+
+  @Test
+  void excessArguments(@TempDir Path outputDirectory) {
+    String actualOutputDirectory = outputDirectory.toAbsolutePath() + " extra-arg";
+    assertThatThrownBy(
+            () ->
+                Compilation.compileWithDocumentationGenerator(
+                    actualOutputDirectory, "A.java", "package pkg;"))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessage("Precisely one path must be provided");
+  }
+
+  @Test
+  void extraction(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "DocumentationGeneratorTaskListenerTestClass.java",
+        "class DocumentationGeneratorTaskListenerTestClass {}");
+
+    assertThat(
+            outputDirectory.resolve(
+                "documentation-generator-task-listener-test-DocumentationGeneratorTaskListenerTestClass.json"))
+        .content(UTF_8)
+        .isEqualToIgnoringWhitespace(
+            """
+            {
+              "className": "DocumentationGeneratorTaskListenerTestClass",
+              "path": [
+                "CLASS: DocumentationGeneratorTaskListenerTestClass",
+                "COMPILATION_UNIT"
+              ]
+            }
+            """);
+  }
+
+  @Immutable
+  @AutoService(Extractor.class)
+  @SuppressWarnings("rawtypes" /* See https://github.com/google/auto/issues/870. */)
+  public static final class TestExtractor implements Extractor<ExtractionParameters> {
+    @Override
+    public String identifier() {
+      return "documentation-generator-task-listener-test";
+    }
+
+    @Override
+    public Optional<ExtractionParameters> tryExtract(ClassTree tree, VisitorState state) {
+      return Optional.of(tree.getSimpleName().toString())
+          .filter(n -> n.contains(DocumentationGeneratorTaskListenerTest.class.getSimpleName()))
+          .map(
+              className ->
+                  new AutoValue_DocumentationGeneratorTaskListenerTest_ExtractionParameters(
+                      className,
+                      Streams.stream(state.getPath())
+                          .map(TestExtractor::describeTree)
+                          .collect(toImmutableList())));
+    }
+
+    private static String describeTree(Tree tree) {
+      return (tree instanceof ClassTree clazz)
+          ? String.join(": ", String.valueOf(tree.getKind()), clazz.getSimpleName())
+          : tree.getKind().toString();
+    }
+  }
+
+  @AutoValue
+  abstract static class ExtractionParameters {
+    abstract String className();
+
+    abstract ImmutableList<String> path();
+  }
+}

documentation-support/src/test/java/tech/picnic/errorprone/documentation/DocumentationGeneratorTest.java

@@ -0,0 +1,38 @@
+package tech.picnic.errorprone.documentation;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static tech.picnic.errorprone.documentation.DocumentationGenerator.OUTPUT_DIRECTORY_FLAG;
+
+import java.nio.file.InvalidPathException;
+import java.nio.file.Path;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+final class DocumentationGeneratorTest {
+  @ParameterizedTest
+  @ValueSource(strings = {"bar", "foo"})
+  void getOutputPath(String path) {
+    assertThat(DocumentationGenerator.getOutputPath(OUTPUT_DIRECTORY_FLAG + '=' + path))
+        .isEqualTo(Path.of(path));
+  }
+
+  @ParameterizedTest
+  @ValueSource(strings = {"", "-XoutputDirectory", "invalidOption=Test", "nothing"})
+  void getOutputPathWithInvalidArgument(String pathArg) {
+    assertThatThrownBy(() -> DocumentationGenerator.getOutputPath(pathArg))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasMessage("'%s' must be of the form '%s=<value>'", pathArg, OUTPUT_DIRECTORY_FLAG);
+  }
+
+  @Test
+  void getOutputPathWithInvalidPath() {
+    String basePath = "path-with-null-char-\0";
+    assertThatThrownBy(
+            () -> DocumentationGenerator.getOutputPath(OUTPUT_DIRECTORY_FLAG + '=' + basePath))
+        .isInstanceOf(IllegalArgumentException.class)
+        .hasCauseInstanceOf(InvalidPathException.class)
+        .hasMessageEndingWith("Invalid path '%s'", basePath);
+  }
+}

documentation-support/src/test/java/tech/picnic/errorprone/documentation/JsonTest.java

@@ -0,0 +1,62 @@
+package tech.picnic.errorprone.documentation;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.google.auto.value.AutoValue;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+
+final class JsonTest {
+  private static final TestObject TEST_OBJECT = new AutoValue_JsonTest_TestObject("foo", 42);
+  private static final String TEST_JSON = "{\"string\":\"foo\",\"number\":42}";
+
+  @Test
+  void write(@TempDir Path directory) {
+    Path file = directory.resolve("test.json");
+
+    Json.write(file, TEST_OBJECT);
+
+    assertThat(file).content(UTF_8).isEqualTo(TEST_JSON);
+  }
+
+  @Test
+  void writeFailure(@TempDir Path directory) {
+    assertThatThrownBy(() -> Json.write(directory, TEST_OBJECT))
+        .isInstanceOf(UncheckedIOException.class)
+        .hasMessageContaining("Failure writing to '%s'", directory)
+        .hasCauseInstanceOf(FileNotFoundException.class);
+  }
+
+  @Test
+  void read(@TempDir Path directory) throws IOException {
+    Path file = directory.resolve("test.json");
+
+    Files.writeString(file, TEST_JSON, UTF_8);
+
+    assertThat(Json.read(file, TestObject.class)).isEqualTo(TEST_OBJECT);
+  }
+
+  @Test
+  void readFailure(@TempDir Path directory) {
+    assertThatThrownBy(() -> Json.read(directory, TestObject.class))
+        .isInstanceOf(UncheckedIOException.class)
+        .hasMessageContaining("Failure reading from '%s'", directory)
+        .hasCauseInstanceOf(FileNotFoundException.class);
+  }
+
+  @AutoValue
+  @JsonDeserialize(as = AutoValue_JsonTest_TestObject.class)
+  abstract static class TestObject {
+    abstract String string();
+
+    abstract int number();
+  }
+}

documentation-support/src/test/java/tech/picnic/errorprone/documentation/RefasterRuleCollectionTestExtractorTest.java

@@ -0,0 +1,166 @@
+package tech.picnic.errorprone.documentation;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+import com.google.common.base.VerifyException;
+import com.google.common.collect.ImmutableList;
+import java.net.URI;
+import java.nio.file.Path;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+import tech.picnic.errorprone.documentation.RefasterRuleCollectionTestExtractor.RefasterTestCase;
+import tech.picnic.errorprone.documentation.RefasterRuleCollectionTestExtractor.RefasterTestCases;
+
+final class RefasterRuleCollectionTestExtractorTest {
+  @Test
+  void noRefasterRuleTest(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory, "NoRefasterRuleTest.java", "public final class NoRefasterRuleTest {}");
+
+    assertThat(outputDirectory.toAbsolutePath()).isEmptyDirectory();
+  }
+
+  @Test
+  void invalidTestClassName(@TempDir Path outputDirectory) {
+    assertThatThrownBy(
+            () ->
+                Compilation.compileWithDocumentationGenerator(
+                    outputDirectory,
+                    "InvalidTestClassNameInput.java",
+                    "import tech.picnic.errorprone.refaster.test.RefasterRuleCollectionTestCase;",
+                    "",
+                    "final class InvalidTestClassName implements RefasterRuleCollectionTestCase {}"))
+        .cause()
+        .isInstanceOf(VerifyException.class)
+        .hasMessage(
+            "Refaster rule collection test class name 'InvalidTestClassName' does not match '(.*)Test'");
+  }
+
+  @Test
+  void invalidFileName(@TempDir Path outputDirectory) {
+    assertThatThrownBy(
+            () ->
+                Compilation.compileWithDocumentationGenerator(
+                    outputDirectory,
+                    "InvalidFileNameTest.java",
+                    "import tech.picnic.errorprone.refaster.test.RefasterRuleCollectionTestCase;",
+                    "",
+                    "final class InvalidFileNameTest implements RefasterRuleCollectionTestCase {}"))
+        .cause()
+        .isInstanceOf(VerifyException.class)
+        .hasMessage(
+            "Refaster rule collection test file name '/InvalidFileNameTest.java' does not match '.*(Input|Output)\\.java'");
+  }
+
+  @Test
+  void emptyRefasterRuleCollectionTestInput(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "EmptyRefasterRuleCollectionTestInput.java",
+        "import tech.picnic.errorprone.refaster.test.RefasterRuleCollectionTestCase;",
+        "",
+        "final class EmptyRefasterRuleCollectionTest implements RefasterRuleCollectionTestCase {}");
+
+    verifyGeneratedFileContent(
+        outputDirectory,
+        "EmptyRefasterRuleCollectionTestInput",
+        RefasterTestCases.create(
+            URI.create("file:///EmptyRefasterRuleCollectionTestInput.java"),
+            "EmptyRefasterRuleCollection",
+            /* isInput= */ true,
+            ImmutableList.of()));
+  }
+
+  @Test
+  void singletonRefasterRuleCollectionTestOutput(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "SingletonRefasterRuleCollectionTestOutput.java",
+        "import tech.picnic.errorprone.refaster.test.RefasterRuleCollectionTestCase;",
+        "",
+        "final class SingletonRefasterRuleCollectionTest implements RefasterRuleCollectionTestCase {",
+        "  int testMyRule() {",
+        "    return 42;",
+        "  }",
+        "}");
+
+    verifyGeneratedFileContent(
+        outputDirectory,
+        "SingletonRefasterRuleCollectionTestOutput",
+        RefasterTestCases.create(
+            URI.create("file:///SingletonRefasterRuleCollectionTestOutput.java"),
+            "SingletonRefasterRuleCollection",
+            /* isInput= */ false,
+            ImmutableList.of(
+                RefasterTestCase.create(
+                    "MyRule",
+                    """
+                    int testMyRule() {
+                      return 42;
+                    }"""))));
+  }
+
+  @Test
+  void complexRefasterRuleCollectionTestOutput(@TempDir Path outputDirectory) {
+    Compilation.compileWithDocumentationGenerator(
+        outputDirectory,
+        "pkg/ComplexRefasterRuleCollectionTestInput.java",
+        "package pkg;",
+        "",
+        "import com.google.common.collect.ImmutableSet;",
+        "import tech.picnic.errorprone.refaster.test.RefasterRuleCollectionTestCase;",
+        "",
+        "final class ComplexRefasterRuleCollectionTest implements RefasterRuleCollectionTestCase {",
+        "  private static final String IGNORED_CONSTANT = \"constant\";",
+        "",
+        "  @Override",
+        "  public ImmutableSet<Object> elidedTypesAndStaticImports() {",
+        "    return ImmutableSet.of();",
+        "  }",
+        "",
+        "  /** Javadoc. */",
+        "  String testFirstRule() {",
+        "    return \"Don't panic\";",
+        "  }",
+        "",
+        "  // Comment.",
+        "  String testSecondRule() {",
+        "    return \"Carry a towel\";",
+        "  }",
+        "",
+        "  void testEmptyRule() {}",
+        "}");
+
+    verifyGeneratedFileContent(
+        outputDirectory,
+        "ComplexRefasterRuleCollectionTestInput",
+        RefasterTestCases.create(
+            URI.create("file:///pkg/ComplexRefasterRuleCollectionTestInput.java"),
+            "ComplexRefasterRuleCollection",
+            /* isInput= */ true,
+            ImmutableList.of(
+                RefasterTestCase.create(
+                    "FirstRule",
+                    """
+                    String testFirstRule() {
+                      return "Don't panic";
+                    }"""),
+                RefasterTestCase.create(
+                    "SecondRule",
+                    """
+                    String testSecondRule() {
+                      return "Carry a towel";
+                    }"""),
+                RefasterTestCase.create("EmptyRule", "void testEmptyRule() {}"))));
+  }
+
+  private static void verifyGeneratedFileContent(
+      Path outputDirectory, String testIdentifier, RefasterTestCases expected) {
+    assertThat(
+            outputDirectory.resolve(
+                String.format("refaster-rule-collection-test-%s.json", testIdentifier)))
+        .exists()
+        .returns(expected, path -> Json.read(path, RefasterTestCases.class));
+  }
+}

error-prone-contrib/README.md

@@ -24,7 +24,6 @@ project:
 
 - Document how to apply patches.
 - Document each of the checks.
-- Add [SonarQube][sonarcloud] and [Codecov][codecov] integrations.
 - Add non-Java file formatting support, like we have internally at Picnic.
   (I.e., somehow open-source that stuff.)
 - Auto-generate a website listing each of the checks, just like the Error Prone
@@ -126,9 +125,6 @@ The following is a list of checks we'd like to see implemented:
   statement. Idem for other exception types.
 - A Guava-specific check that replaces simple anonymous `CacheLoader` subclass
   declarations with `CacheLoader.from(someLambda)`.
-- A Spring-specific check that enforces that methods with the `@Scheduled`
-  annotation are also annotated with New Relic's `@Trace` annotation. Such
-  methods should ideally not also represent Spring MVC endpoints.
 - A Spring-specific check that enforces that `@RequestMapping` annotations,
   when applied to a method, explicitly specify one or more target HTTP methods.
 - A Spring-specific check that looks for classes in which all `@RequestMapping`
@@ -273,7 +269,6 @@ Refaster's expressiveness:
 [autorefactor]: https://autorefactor.org
 [bettercodehub]: https://bettercodehub.com
 [checkstyle-external-project-tests]: https://github.com/checkstyle/checkstyle/blob/master/wercker.yml
-[codecov]: https://codecov.io
 [error-prone-bug-patterns]: https://errorprone.info/bugpatterns
 [error-prone]: https://errorprone.info
 [error-prone-repo]: https://github.com/google/error-prone
@@ -283,4 +278,3 @@ Refaster's expressiveness:
 [main-contributing]: ../CONTRIBUTING.md
 [main-readme]: ../README.md
 [modernizer-maven-plugin]: https://github.com/gaul/modernizer-maven-plugin
-[sonarcloud]: https://sonarcloud.io

error-prone-contrib/pom.xml

@@ -5,44 +5,37 @@
     <parent>
         <groupId>tech.picnic.error-prone-support</groupId>
         <artifactId>error-prone-support</artifactId>
-        <version>0.6.1-SNAPSHOT</version>
+        <version>0.22.1-SNAPSHOT</version>
     </parent>
 
     <artifactId>error-prone-contrib</artifactId>
 
     <name>Picnic :: Error Prone Support :: Contrib</name>
     <description>Extra Error Prone plugins by Picnic.</description>
+    <url>https://error-prone.picnic.tech</url>
 
     <dependencies>
         <dependency>
-            <groupId>${groupId.error-prone}</groupId>
-            <artifactId>error_prone_annotation</artifactId>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>documentation-support</artifactId>
+            <!-- This dependency is declared only as a hint to Maven that
+            compilation depends on it; see the `maven-compiler-plugin`'s
+            `annotationProcessorPaths` configuration below. -->
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>${groupId.error-prone}</groupId>
-            <artifactId>error_prone_annotations</artifactId>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>${groupId.error-prone}</groupId>
-            <artifactId>error_prone_check_api</artifactId>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>${groupId.error-prone}</groupId>
-            <artifactId>error_prone_core</artifactId>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>${groupId.error-prone}</groupId>
-            <artifactId>error_prone_test_helpers</artifactId>
-            <scope>test</scope>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>error-prone-utils</artifactId>
         </dependency>
         <dependency>
             <groupId>${project.groupId}</groupId>
             <artifactId>refaster-support</artifactId>
-            <scope>provided</scope>
+            <!-- XXX: One would expect this to be a `provided` dependency (as
+            Refaster rules are interpreted by the `refaster-runner` module),
+            but the `OptionalOrElseGet` bug checker defined by this module
+            depends on the `RequiresComputation` matcher that
+            `refaster-support` primarily exposes for use by Refaster rules.
+            Review this setup. (Should the matchers be moved elsewhere?) -->
         </dependency>
         <dependency>
             <groupId>${project.groupId}</groupId>
@@ -52,11 +45,11 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-annotations</artifactId>
-            <scope>test</scope>
+            <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>com.google.auto</groupId>
-            <artifactId>auto-common</artifactId>
+            <groupId>com.github.ben-manes.caffeine</groupId>
+            <artifactId>caffeine</artifactId>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -65,8 +58,44 @@
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>com.google.googlejavaformat</groupId>
-            <artifactId>google-java-format</artifactId>
+            <groupId>com.google.auto.value</groupId>
+            <artifactId>auto-value-annotations</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <!-- XXX: JSR-305 (meta-)annotation usage by some dependencies triggers
+        NullAway to attempt to load said annotations. As such some modules
+        require these annotations to be on the classpath. Periodically review
+        whether we can drop this dependeny declaration. See
+        https://github.com/uber/NullAway/issues/1171. -->
+        <dependency>
+            <groupId>com.google.code.findbugs</groupId>
+            <artifactId>jsr305</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.google.errorprone</groupId>
+            <artifactId>error_prone_annotation</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.google.errorprone</groupId>
+            <artifactId>error_prone_annotations</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.google.errorprone</groupId>
+            <artifactId>error_prone_check_api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.google.errorprone</groupId>
+            <artifactId>error_prone_core</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.google.errorprone</groupId>
+            <artifactId>error_prone_test_helpers</artifactId>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>com.google.guava</groupId>
@@ -74,9 +103,9 @@
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>com.newrelic.agent.java</groupId>
-            <artifactId>newrelic-api</artifactId>
-            <scope>test</scope>
+            <groupId>io.micrometer</groupId>
+            <artifactId>micrometer-core</artifactId>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>io.projectreactor</groupId>
@@ -118,6 +147,16 @@
             <artifactId>jakarta.servlet-api</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>javax.annotation</groupId>
+            <artifactId>javax.annotation-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.inject</groupId>
+            <artifactId>javax.inject</artifactId>
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>javax.xml.bind</groupId>
             <artifactId>jaxb-api</artifactId>
@@ -138,6 +177,11 @@
             <artifactId>value-annotations</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.jooq</groupId>
+            <artifactId>jooq</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.jspecify</groupId>
             <artifactId>jspecify</artifactId>
@@ -146,8 +190,10 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-api</artifactId>
-            <scope>test</scope>
+            <scope>provided</scope>
         </dependency>
+        <!-- XXX: Explicitly declared as a workaround for
+        https://github.com/pitest/pitest-junit5-plugin/issues/105. -->
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-engine</artifactId>
@@ -163,6 +209,36 @@
             <artifactId>mockito-core</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.mongodb</groupId>
+            <artifactId>mongodb-driver-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.openrewrite</groupId>
+            <artifactId>rewrite-core</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.openrewrite</groupId>
+            <artifactId>rewrite-java</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.openrewrite</groupId>
+            <artifactId>rewrite-java-17</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.openrewrite</groupId>
+            <artifactId>rewrite-templating</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.openrewrite</groupId>
+            <artifactId>rewrite-test</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.reactivestreams</groupId>
             <artifactId>reactive-streams</artifactId>
@@ -198,6 +274,11 @@
             <artifactId>spring-boot-test</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.testng</groupId>
             <artifactId>testng</artifactId>
@@ -213,6 +294,14 @@
                     <artifactId>maven-compiler-plugin</artifactId>
                     <configuration>
                         <annotationProcessorPaths combine.children="append">
+                            <!-- XXX: Drop the version declarations once
+                            properly supported. See
+                            https://youtrack.jetbrains.com/issue/IDEA-342187. -->
+                            <path>
+                                <groupId>${project.groupId}</groupId>
+                                <artifactId>documentation-support</artifactId>
+                                <version>${project.version}</version>
+                            </path>
                             <path>
                                 <groupId>${project.groupId}</groupId>
                                 <artifactId>refaster-compiler</artifactId>
@@ -225,20 +314,58 @@
                             </path>
                         </annotationProcessorPaths>
                         <compilerArgs combine.children="append">
-                            <arg>-Xplugin:RefasterRuleCompiler</arg>
+                            <arg>-Xplugin:DocumentationGenerator -XoutputDirectory=${project.build.directory}/docs</arg>
                         </compilerArgs>
                     </configuration>
-                </plugin>
-                <plugin>
-                    <groupId>org.apache.maven.plugins</groupId>
-                    <artifactId>maven-dependency-plugin</artifactId>
-                    <configuration>
-                        <ignoredUnusedDeclaredDependencies>
-                            <!-- XXX: Figure out why the plugin thinks this
-                            dependency is unused. -->
-                            <ignoredUnusedDeclaredDependency>${project.groupId}:refaster-support</ignoredUnusedDeclaredDependency>
-                        </ignoredUnusedDeclaredDependencies>
-                    </configuration>
+                    <executions>
+                        <!-- The Refaster input/output test classes used by
+                        `RefasterRuleCollection` are modelled as classpath
+                        resources, and thus not subject to the default test
+                        compilation step. These two custom compilation steps
+                        serve two purposes:
+                        - To provide early feedback in case of syntax errors.
+                        - To enable the `DocumentationGenerator` compiler
+                        plugin to extract documentation metadata from them.
+                        Note that the input and output files must be compiled
+                        separately and to distinct output directories, as they
+                        define the same set of class names. -->
+                        <!-- XXX: Drop these executions if/when the Refaster
+                        test framework is reimplemented such that tests can be
+                        located alongside rules, rather than in two additional
+                        resource files. -->
+                        <execution>
+                            <id>compile-refaster-test-input</id>
+                            <goals>
+                                <goal>testCompile</goal>
+                            </goals>
+                            <phase>process-test-resources</phase>
+                            <configuration>
+                                <compileSourceRoots>
+                                    <compileSourceRoot>${project.basedir}/src/test/resources</compileSourceRoot>
+                                </compileSourceRoots>
+                                <testIncludes>
+                                    <testInclude>**/*Input.java</testInclude>
+                                </testIncludes>
+                                <outputDirectory>${project.build.directory}/refaster-test-input</outputDirectory>
+                            </configuration>
+                        </execution>
+                        <execution>
+                            <id>compile-refaster-test-output</id>
+                            <goals>
+                                <goal>testCompile</goal>
+                            </goals>
+                            <phase>process-test-resources</phase>
+                            <configuration>
+                                <compileSourceRoots>
+                                    <compileSourceRoot>${project.basedir}/src/test/resources</compileSourceRoot>
+                                </compileSourceRoots>
+                                <testIncludes>
+                                    <testInclude>**/*Output.java</testInclude>
+                                </testIncludes>
+                                <outputDirectory>${project.build.directory}/refaster-test-output</outputDirectory>
+                            </configuration>
+                        </execution>
+                    </executions>
                 </plugin>
             </plugins>
         </pluginManagement>

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/AmbiguousJsonCreator.java

@@ -4,7 +4,7 @@ import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
 import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
 import static com.google.errorprone.BugPattern.StandardTags.LIKELY_ERROR;
 import static com.google.errorprone.matchers.Matchers.isType;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.errorprone.BugPattern;
@@ -18,7 +18,7 @@ import com.google.errorprone.util.ASTHelpers;
 import com.sun.source.tree.AnnotationTree;
 import com.sun.source.tree.ClassTree;
 import com.sun.source.tree.MethodTree;
-import com.sun.source.tree.Tree;
+import com.sun.source.tree.Tree.Kind;
 import com.sun.tools.javac.code.Symbol;
 import java.util.Map;
 import javax.lang.model.element.AnnotationValue;
@@ -46,7 +46,7 @@ public final class AmbiguousJsonCreator extends BugChecker implements Annotation
     }
 
     ClassTree clazz = state.findEnclosing(ClassTree.class);
-    if (clazz == null || clazz.getKind() != Tree.Kind.ENUM) {
+    if (clazz == null || clazz.getKind() != Kind.ENUM) {
       return Description.NO_MATCH;
     }
 

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/AssertJIsNull.java

@@ -8,7 +8,7 @@ import static com.google.errorprone.matchers.Matchers.argument;
 import static com.google.errorprone.matchers.Matchers.argumentCount;
 import static com.google.errorprone.matchers.Matchers.instanceMethod;
 import static com.google.errorprone.matchers.Matchers.nullLiteral;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.errorprone.BugPattern;

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/AutowiredConstructor.java

@@ -6,10 +6,9 @@ import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
 import static com.google.errorprone.matchers.ChildMultiMatcher.MatchType.AT_LEAST_ONE;
 import static com.google.errorprone.matchers.Matchers.annotations;
 import static com.google.errorprone.matchers.Matchers.isType;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
-import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Iterables;
 import com.google.errorprone.BugPattern;
 import com.google.errorprone.VisitorState;
@@ -17,13 +16,14 @@ import com.google.errorprone.bugpatterns.BugChecker;
 import com.google.errorprone.bugpatterns.BugChecker.ClassTreeMatcher;
 import com.google.errorprone.matchers.Description;
 import com.google.errorprone.matchers.MultiMatcher;
+import com.google.errorprone.matchers.MultiMatcher.MultiMatchResult;
 import com.google.errorprone.util.ASTHelpers;
 import com.sun.source.tree.AnnotationTree;
 import com.sun.source.tree.ClassTree;
 import com.sun.source.tree.MethodTree;
 import com.sun.source.tree.Tree;
 import java.util.List;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /** A {@link BugChecker} that flags redundant {@code @Autowired} constructor annotations. */
 @AutoService(BugChecker.class)
@@ -48,20 +48,18 @@ public final class AutowiredConstructor extends BugChecker implements ClassTreeM
       return Description.NO_MATCH;
     }
 
-    ImmutableList<AnnotationTree> annotations =
-        AUTOWIRED_ANNOTATION
-            .multiMatchResult(Iterables.getOnlyElement(constructors), state)
-            .matchingNodes();
-    if (annotations.size() != 1) {
+    MultiMatchResult<AnnotationTree> hasAutowiredAnnotation =
+        AUTOWIRED_ANNOTATION.multiMatchResult(Iterables.getOnlyElement(constructors), state);
+    if (!hasAutowiredAnnotation.matches()) {
       return Description.NO_MATCH;
     }
 
     /*
      * This is the only `@Autowired` constructor: suggest that it be removed. Note that this likely
-     * means that the associated import can be removed as well. Rather than adding code for this case we
-     * leave flagging the unused import to Error Prone's `RemoveUnusedImports` check.
+     * means that the associated import can be removed as well. Rather than adding code for this
+     * case we leave flagging the unused import to Error Prone's `RemoveUnusedImports` check.
      */
-    AnnotationTree annotation = Iterables.getOnlyElement(annotations);
+    AnnotationTree annotation = hasAutowiredAnnotation.onlyMatchingNode();
     return describeMatch(annotation, SourceCode.deleteWithTrailingWhitespace(annotation, state));
   }
 }

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/CanonicalAnnotationSyntax.java

@@ -3,7 +3,7 @@ package tech.picnic.errorprone.bugpatterns;
 import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
 import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
 import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.common.collect.ImmutableSet;
@@ -19,14 +19,13 @@ import com.sun.source.tree.AnnotationTree;
 import com.sun.source.tree.AssignmentTree;
 import com.sun.source.tree.ExpressionTree;
 import com.sun.source.tree.NewArrayTree;
-import com.sun.source.tree.Tree.Kind;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
 import java.util.function.BiFunction;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /** A {@link BugChecker} that flags annotations that could be written more concisely. */
 @AutoService(BugChecker.class)
@@ -91,8 +90,8 @@ public final class CanonicalAnnotationSyntax extends BugChecker implements Annot
     ExpressionTree arg = args.get(0);
     if (state.getSourceForNode(arg) == null) {
       /*
-       * The annotation argument isn't doesn't have a source representation, e.g. because `value`
-       * isn't assigned to explicitly.
+       * The annotation argument doesn't have a source representation, e.g. because `value` isn't
+       * assigned explicitly.
        */
       return Optional.empty();
     }
@@ -119,7 +118,7 @@ public final class CanonicalAnnotationSyntax extends BugChecker implements Annot
        * the expression as a whole.
        */
       ExpressionTree value =
-          (arg.getKind() == Kind.ASSIGNMENT) ? ((AssignmentTree) arg).getExpression() : arg;
+          (arg instanceof AssignmentTree assignment) ? assignment.getExpression() : arg;
 
       /* Store a fix for each expression that was successfully simplified. */
       simplifyAttributeValue(value, state)
@@ -130,13 +129,10 @@ public final class CanonicalAnnotationSyntax extends BugChecker implements Annot
   }
 
   private static Optional<String> simplifyAttributeValue(ExpressionTree expr, VisitorState state) {
-    if (expr.getKind() != Kind.NEW_ARRAY) {
-      /* There are no curly braces or commas to be dropped here. */
-      return Optional.empty();
-    }
-
-    NewArrayTree array = (NewArrayTree) expr;
-    return simplifySingletonArray(array, state).or(() -> dropTrailingComma(array, state));
+    /* Drop curly braces or commas if possible. */
+    return expr instanceof NewArrayTree newArray
+        ? simplifySingletonArray(newArray, state).or(() -> dropTrailingComma(newArray, state))
+        : Optional.empty();
   }
 
   /** Returns the expression describing the array's sole element, if any. */

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/CanonicalClassNameUsage.java

@@ -0,0 +1,91 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
+import static com.google.errorprone.BugPattern.StandardTags.FRAGILE_CODE;
+import static com.google.errorprone.matchers.Matchers.allOf;
+import static com.google.errorprone.matchers.Matchers.anything;
+import static com.google.errorprone.matchers.Matchers.classLiteral;
+import static com.google.errorprone.matchers.Matchers.instanceMethod;
+import static com.google.errorprone.matchers.Matchers.receiverOfInvocation;
+import static com.google.errorprone.matchers.Matchers.toType;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+
+import com.google.auto.service.AutoService;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.annotations.Var;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.MethodInvocationTreeMatcher;
+import com.google.errorprone.fixes.SuggestedFixes;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.util.ASTHelpers;
+import com.sun.source.tree.BinaryTree;
+import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.MethodInvocationTree;
+import com.sun.source.util.TreePath;
+import com.sun.tools.javac.code.Symbol.MethodSymbol;
+import java.util.regex.Pattern;
+
+/**
+ * A {@link BugChecker} that flags invocations of {@link Class#getName()} where {@link
+ * Class#getCanonicalName()} was likely meant.
+ *
+ * <p>For top-level types these two methods generally return the same result, but for nested types
+ * the former separates identifiers using a dollar sign ({@code $}) rather than a dot ({@code .}).
+ *
+ * @implNote This check currently only flags {@link Class#getName()} invocations on class literals,
+ *     and doesn't flag method references. This avoids false positives, such as suggesting use of
+ *     {@link Class#getCanonicalName()} in contexts where the canonical name is {@code null}.
+ */
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary = "This code should likely use the type's canonical name",
+    link = BUG_PATTERNS_BASE_URL + "CanonicalClassNameUsage",
+    linkType = CUSTOM,
+    severity = WARNING,
+    tags = FRAGILE_CODE)
+public final class CanonicalClassNameUsage extends BugChecker
+    implements MethodInvocationTreeMatcher {
+  private static final long serialVersionUID = 1L;
+  private static final Matcher<ExpressionTree> GET_NAME_INVOCATION =
+      toType(
+          MethodInvocationTree.class,
+          allOf(
+              receiverOfInvocation(classLiteral(anything())),
+              instanceMethod().onExactClass(Class.class.getCanonicalName()).named("getName")));
+  private static final Pattern CANONICAL_NAME_USING_TYPES =
+      Pattern.compile("(com\\.google\\.errorprone|tech\\.picnic\\.errorprone)\\..*");
+
+  /** Instantiates a new {@link CanonicalClassNameUsage} instance. */
+  public CanonicalClassNameUsage() {}
+
+  @Override
+  public Description matchMethodInvocation(MethodInvocationTree tree, VisitorState state) {
+    if (!GET_NAME_INVOCATION.matches(tree, state) || !isPassedToCanonicalNameUsingType(state)) {
+      /*
+       * This is not a `class.getName()` invocation of which the result is passed to another method
+       * known to accept canonical type names.
+       */
+      return Description.NO_MATCH;
+    }
+
+    return describeMatch(
+        tree, SuggestedFixes.renameMethodInvocation(tree, "getCanonicalName", state));
+  }
+
+  private static boolean isPassedToCanonicalNameUsingType(VisitorState state) {
+    @Var TreePath path = state.getPath().getParentPath();
+    while (path.getLeaf() instanceof BinaryTree) {
+      path = path.getParentPath();
+    }
+
+    return path.getLeaf() instanceof MethodInvocationTree methodInvocation
+        && isOwnedByCanonicalNameUsingType(ASTHelpers.getSymbol(methodInvocation));
+  }
+
+  private static boolean isOwnedByCanonicalNameUsingType(MethodSymbol symbol) {
+    return CANONICAL_NAME_USING_TYPES.matcher(symbol.owner.getQualifiedName()).matches();
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/ClassCastLambdaUsage.java

@@ -0,0 +1,76 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
+import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+
+import com.google.auto.service.AutoService;
+import com.google.common.collect.Iterables;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.LambdaExpressionTreeMatcher;
+import com.google.errorprone.fixes.SuggestedFix;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.util.ASTHelpers;
+import com.sun.source.tree.LambdaExpressionTree;
+import com.sun.source.tree.TypeCastTree;
+import com.sun.source.tree.VariableTree;
+import com.sun.tools.javac.code.Type;
+import javax.lang.model.type.TypeKind;
+import tech.picnic.errorprone.utils.SourceCode;
+
+/**
+ * A {@link BugChecker} that flags lambda expressions that can be replaced with a method reference
+ * of the form {@code T.class::cast}.
+ */
+// XXX: Consider folding this logic into the `MethodReferenceUsage` check of the
+// `error-prone-experimental` module.
+// XXX: This check and its tests are structurally nearly identical to `IsInstanceLambdaUsage`.
+// Unless folded into `MethodReferenceUsage`, consider merging the two.
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary = "Prefer `Class::cast` method reference over equivalent lambda expression",
+    link = BUG_PATTERNS_BASE_URL + "ClassCastLambdaUsage",
+    linkType = CUSTOM,
+    severity = SUGGESTION,
+    tags = SIMPLIFICATION)
+public final class ClassCastLambdaUsage extends BugChecker implements LambdaExpressionTreeMatcher {
+  private static final long serialVersionUID = 1L;
+
+  /** Instantiates a new {@link ClassCastLambdaUsage} instance. */
+  public ClassCastLambdaUsage() {}
+
+  @Override
+  public Description matchLambdaExpression(LambdaExpressionTree tree, VisitorState state) {
+    if (tree.getParameters().size() != 1 || !(tree.getBody() instanceof TypeCastTree typeCast)) {
+      return Description.NO_MATCH;
+    }
+
+    Type type = ASTHelpers.getType(typeCast);
+    if (type == null
+        || type.isParameterized()
+        || type.isPrimitive()
+        || type.getKind() == TypeKind.TYPEVAR) {
+      /*
+       * The method reference syntax does not support casting to parameterized types, and type
+       * variables aren't supported either. Additionally, `Class#cast` does not support the same
+       * range of type conversions between (boxed) primitive types as the cast operator.
+       */
+      // XXX: Depending on the declared type of the value being cast, in some cases we _can_ rewrite
+      // primitive casts. Add support for this.
+      return Description.NO_MATCH;
+    }
+
+    VariableTree param = Iterables.getOnlyElement(tree.getParameters());
+    if (!ASTHelpers.getSymbol(param).equals(ASTHelpers.getSymbol(typeCast.getExpression()))) {
+      return Description.NO_MATCH;
+    }
+
+    return describeMatch(
+        tree,
+        SuggestedFix.replace(
+            tree, SourceCode.treeToString(typeCast.getType(), state) + ".class::cast"));
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/CollectorMutability.java

@@ -4,9 +4,12 @@ import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
 import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
 import static com.google.errorprone.BugPattern.StandardTags.FRAGILE_CODE;
 import static com.google.errorprone.matchers.method.MethodMatchers.staticMethod;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 import com.google.errorprone.BugPattern;
 import com.google.errorprone.VisitorState;
 import com.google.errorprone.bugpatterns.BugChecker;
@@ -17,8 +20,12 @@ import com.google.errorprone.matchers.Description;
 import com.google.errorprone.matchers.Matcher;
 import com.sun.source.tree.ExpressionTree;
 import com.sun.source.tree.MethodInvocationTree;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
 import java.util.stream.Collector;
-import tech.picnic.errorprone.bugpatterns.util.ThirdPartyLibrary;
+import java.util.stream.Collectors;
+import tech.picnic.errorprone.utils.ThirdPartyLibrary;
 
 /**
  * A {@link BugChecker} that flags {@link Collector Collectors} that don't clearly express
@@ -30,7 +37,7 @@ import tech.picnic.errorprone.bugpatterns.util.ThirdPartyLibrary;
 @AutoService(BugChecker.class)
 @BugPattern(
     summary =
-        "Avoid `Collectors.to{List,Map,Set}` in favour of alternatives that emphasize (im)mutability",
+        "Avoid `Collectors.to{List,Map,Set}` in favor of collectors that emphasize (im)mutability",
     link = BUG_PATTERNS_BASE_URL + "CollectorMutability",
     linkType = CUSTOM,
     severity = WARNING,
@@ -38,7 +45,7 @@ import tech.picnic.errorprone.bugpatterns.util.ThirdPartyLibrary;
 public final class CollectorMutability extends BugChecker implements MethodInvocationTreeMatcher {
   private static final long serialVersionUID = 1L;
   private static final Matcher<ExpressionTree> COLLECTOR_METHOD =
-      staticMethod().onClass("java.util.stream.Collectors");
+      staticMethod().onClass(Collectors.class.getCanonicalName());
   private static final Matcher<ExpressionTree> LIST_COLLECTOR =
       staticMethod().anyClass().named("toList");
   private static final Matcher<ExpressionTree> MAP_COLLECTOR =
@@ -58,7 +65,10 @@ public final class CollectorMutability extends BugChecker implements MethodInvoc
 
     if (LIST_COLLECTOR.matches(tree, state)) {
       return suggestToCollectionAlternatives(
-          tree, "com.google.common.collect.ImmutableList.toImmutableList", "ArrayList", state);
+          tree,
+          ImmutableList.class.getCanonicalName() + ".toImmutableList",
+          ArrayList.class.getCanonicalName(),
+          state);
     }
 
     if (MAP_COLLECTOR.matches(tree, state)) {
@@ -67,7 +77,10 @@ public final class CollectorMutability extends BugChecker implements MethodInvoc
 
     if (SET_COLLECTOR.matches(tree, state)) {
       return suggestToCollectionAlternatives(
-          tree, "com.google.common.collect.ImmutableSet.toImmutableSet", "HashSet", state);
+          tree,
+          ImmutableSet.class.getCanonicalName() + ".toImmutableSet",
+          HashSet.class.getCanonicalName(),
+          state);
     }
 
     return Description.NO_MATCH;
@@ -75,20 +88,20 @@ public final class CollectorMutability extends BugChecker implements MethodInvoc
 
   private Description suggestToCollectionAlternatives(
       MethodInvocationTree tree,
-      String fullyQualifiedImmutableReplacement,
+      String immutableReplacement,
       String mutableReplacement,
       VisitorState state) {
     SuggestedFix.Builder mutableFix = SuggestedFix.builder();
     String toCollectionSelect =
         SuggestedFixes.qualifyStaticImport(
-            "java.util.stream.Collectors.toCollection", mutableFix, state);
+            Collectors.class.getCanonicalName() + ".toCollection", mutableFix, state);
+    String mutableCollection = SuggestedFixes.qualifyType(state, mutableFix, mutableReplacement);
 
     return buildDescription(tree)
-        .addFix(replaceMethodInvocation(tree, fullyQualifiedImmutableReplacement, state))
+        .addFix(replaceMethodInvocation(tree, immutableReplacement, state))
         .addFix(
             mutableFix
-                .addImport(String.format("java.util.%s", mutableReplacement))
-                .replace(tree, String.format("%s(%s::new)", toCollectionSelect, mutableReplacement))
+                .replace(tree, String.format("%s(%s::new)", toCollectionSelect, mutableCollection))
                 .build())
         .build();
   }
@@ -99,17 +112,20 @@ public final class CollectorMutability extends BugChecker implements MethodInvoc
       return Description.NO_MATCH;
     }
 
+    SuggestedFix.Builder mutableFix = SuggestedFix.builder();
+    String hashMap =
+        SuggestedFixes.qualifyType(state, mutableFix, HashMap.class.getCanonicalName());
+
     return buildDescription(tree)
         .addFix(
             replaceMethodInvocation(
-                tree, "com.google.common.collect.ImmutableMap.toImmutableMap", state))
+                tree, ImmutableMap.class.getCanonicalName() + ".toImmutableMap", state))
         .addFix(
-            SuggestedFix.builder()
-                .addImport("java.util.HashMap")
+            mutableFix
                 .postfixWith(
                     tree.getArguments().get(argCount - 1),
                     (argCount == 2 ? ", (a, b) -> { throw new IllegalStateException(); }" : "")
-                        + ", HashMap::new")
+                        + String.format(", %s::new", hashMap))
                 .build())
         .build();
   }

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/ConstantNaming.java

@@ -0,0 +1,125 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
+import static com.google.errorprone.BugPattern.StandardTags.STYLE;
+import static com.google.errorprone.matchers.Matchers.allOf;
+import static com.google.errorprone.matchers.Matchers.hasModifier;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+
+import com.google.auto.service.AutoService;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Sets;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.ErrorProneFlags;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.VariableTreeMatcher;
+import com.google.errorprone.fixes.SuggestedFixes;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.util.ASTHelpers;
+import com.sun.source.tree.VariableTree;
+import com.sun.source.util.TreeScanner;
+import java.util.Locale;
+import java.util.regex.Pattern;
+import javax.inject.Inject;
+import javax.lang.model.element.Modifier;
+import org.jspecify.annotations.Nullable;
+import tech.picnic.errorprone.utils.Flags;
+
+/**
+ * A {@link BugChecker} that flags static constants that do not follow the upper snake case naming
+ * convention.
+ */
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary = "Constant variables should adhere to the `UPPER_SNAKE_CASE` naming convention",
+    link = BUG_PATTERNS_BASE_URL + "ConstantNaming",
+    linkType = CUSTOM,
+    severity = WARNING,
+    tags = STYLE)
+@SuppressWarnings("java:S2160" /* Super class equality definition suffices. */)
+public final class ConstantNaming extends BugChecker implements VariableTreeMatcher {
+  private static final long serialVersionUID = 1L;
+  private static final Matcher<VariableTree> IS_CONSTANT =
+      allOf(hasModifier(Modifier.STATIC), hasModifier(Modifier.FINAL));
+  private static final Matcher<VariableTree> IS_PRIVATE = hasModifier(Modifier.PRIVATE);
+  private static final Pattern SNAKE_CASE = Pattern.compile("([a-z])([A-Z])");
+  private static final ImmutableSet<String> DEFAULT_EXEMPTED_NAMES =
+      ImmutableSet.of("serialVersionUID");
+
+  /**
+   * Flag using which constant names that must not be flagged (in addition to those defined by
+   * {@link #DEFAULT_EXEMPTED_NAMES}) can be specified.
+   */
+  private static final String ADDITIONAL_EXEMPTED_NAMES_FLAG =
+      "CanonicalConstantNaming:ExemptedNames";
+
+  private final ImmutableSet<String> exemptedNames;
+
+  /** Instantiates a default {@link ConstantNaming} instance. */
+  public ConstantNaming() {
+    this(ErrorProneFlags.empty());
+  }
+
+  /**
+   * Instantiates a customized {@link ConstantNaming}.
+   *
+   * @param flags Any provided command line flags.
+   */
+  @Inject
+  ConstantNaming(ErrorProneFlags flags) {
+    exemptedNames =
+        Sets.union(DEFAULT_EXEMPTED_NAMES, Flags.getSet(flags, ADDITIONAL_EXEMPTED_NAMES_FLAG))
+            .immutableCopy();
+  }
+
+  @Override
+  public Description matchVariable(VariableTree tree, VisitorState state) {
+    String variableName = tree.getName().toString();
+    if (!IS_CONSTANT.matches(tree, state) || exemptedNames.contains(variableName)) {
+      return Description.NO_MATCH;
+    }
+
+    String replacement = toUpperSnakeCase(variableName);
+    if (replacement.equals(variableName)) {
+      return Description.NO_MATCH;
+    }
+
+    Description.Builder description = buildDescription(tree);
+    if (!IS_PRIVATE.matches(tree, state)) {
+      description.setMessage(
+          "%s; consider renaming to '%s', though note that this is not a private constant"
+              .formatted(message(), replacement));
+    } else if (isVariableNameInUse(replacement, state)) {
+      description.setMessage(
+          "%s; consider renaming to '%s', though note that a variable with this name is already declared"
+              .formatted(message(), replacement));
+    } else {
+      description.addFix(SuggestedFixes.renameVariable(tree, replacement, state));
+    }
+
+    return description.build();
+  }
+
+  private static String toUpperSnakeCase(String variableName) {
+    return SNAKE_CASE.matcher(variableName).replaceAll("$1_$2").toUpperCase(Locale.ROOT);
+  }
+
+  private static boolean isVariableNameInUse(String name, VisitorState state) {
+    return Boolean.TRUE.equals(
+        new TreeScanner<Boolean, @Nullable Void>() {
+          @Override
+          public Boolean visitVariable(VariableTree tree, @Nullable Void unused) {
+            return ASTHelpers.getSymbol(tree).getSimpleName().contentEquals(name)
+                || super.visitVariable(tree, null);
+          }
+
+          @Override
+          public Boolean reduce(Boolean r1, Boolean r2) {
+            return Boolean.TRUE.equals(r1) || Boolean.TRUE.equals(r2);
+          }
+        }.scan(state.getPath().getCompilationUnit(), null));
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/DirectReturn.java

@@ -0,0 +1,180 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
+import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
+import static com.google.errorprone.matchers.Matchers.allOf;
+import static com.google.errorprone.matchers.Matchers.argument;
+import static com.google.errorprone.matchers.Matchers.isSameType;
+import static com.google.errorprone.matchers.Matchers.isVariable;
+import static com.google.errorprone.matchers.Matchers.not;
+import static com.google.errorprone.matchers.Matchers.returnStatement;
+import static com.google.errorprone.matchers.Matchers.staticMethod;
+import static com.google.errorprone.matchers.Matchers.toType;
+import static java.util.Objects.requireNonNull;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+
+import com.google.auto.service.AutoService;
+import com.google.common.collect.Streams;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.BlockTreeMatcher;
+import com.google.errorprone.fixes.SuggestedFix;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.util.ASTHelpers;
+import com.sun.source.tree.AssignmentTree;
+import com.sun.source.tree.BlockTree;
+import com.sun.source.tree.ExpressionStatementTree;
+import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.IdentifierTree;
+import com.sun.source.tree.MethodInvocationTree;
+import com.sun.source.tree.ReturnTree;
+import com.sun.source.tree.StatementTree;
+import com.sun.source.tree.Tree;
+import com.sun.source.tree.TryTree;
+import com.sun.source.tree.VariableTree;
+import com.sun.source.util.TreeScanner;
+import com.sun.tools.javac.code.Symbol;
+import java.util.List;
+import java.util.Optional;
+import org.jspecify.annotations.Nullable;
+import tech.picnic.errorprone.utils.MoreASTHelpers;
+import tech.picnic.errorprone.utils.SourceCode;
+
+/**
+ * A {@link BugChecker} that flags unnecessary local variable assignments preceding a return
+ * statement.
+ */
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary = "Variable assignment is redundant; value can be returned directly",
+    link = BUG_PATTERNS_BASE_URL + "DirectReturn",
+    linkType = CUSTOM,
+    severity = SUGGESTION,
+    tags = SIMPLIFICATION)
+public final class DirectReturn extends BugChecker implements BlockTreeMatcher {
+  private static final long serialVersionUID = 1L;
+  private static final Matcher<StatementTree> VARIABLE_RETURN = returnStatement(isVariable());
+  private static final Matcher<ExpressionTree> MOCKITO_MOCK_OR_SPY_WITH_IMPLICIT_TYPE =
+      allOf(
+          not(
+              toType(
+                  MethodInvocationTree.class,
+                  argument(0, isSameType(Class.class.getCanonicalName())))),
+          staticMethod().onClass("org.mockito.Mockito").namedAnyOf("mock", "spy"));
+
+  /** Instantiates a new {@link DirectReturn} instance. */
+  public DirectReturn() {}
+
+  @Override
+  public Description matchBlock(BlockTree tree, VisitorState state) {
+    List<? extends StatementTree> statements = tree.getStatements();
+    if (statements.size() < 2) {
+      return Description.NO_MATCH;
+    }
+
+    StatementTree finalStatement = statements.get(statements.size() - 1);
+    if (!VARIABLE_RETURN.matches(finalStatement, state)) {
+      return Description.NO_MATCH;
+    }
+
+    Symbol variableSymbol =
+        requireNonNull(
+            ASTHelpers.getSymbol(((ReturnTree) finalStatement).getExpression()),
+            "Missing symbol for returned variable");
+    StatementTree precedingStatement = statements.get(statements.size() - 2);
+
+    return tryMatchAssignment(variableSymbol, precedingStatement)
+        .filter(
+            resultExpr ->
+                canInlineToReturnStatement(resultExpr, state)
+                    && !isIdentifierSymbolReferencedInAssociatedFinallyBlock(variableSymbol, state))
+        .map(
+            resultExpr ->
+                describeMatch(
+                    precedingStatement,
+                    SuggestedFix.builder()
+                        .replace(
+                            precedingStatement,
+                            String.format("return %s;", SourceCode.treeToString(resultExpr, state)))
+                        .delete(finalStatement)
+                        .build()))
+        .orElse(Description.NO_MATCH);
+  }
+
+  private static Optional<ExpressionTree> tryMatchAssignment(Symbol targetSymbol, Tree tree) {
+    if (tree instanceof ExpressionStatementTree expressionStatement) {
+      return tryMatchAssignment(targetSymbol, expressionStatement.getExpression());
+    }
+
+    if (tree instanceof AssignmentTree assignment) {
+      return targetSymbol.equals(ASTHelpers.getSymbol(assignment.getVariable()))
+          ? Optional.of(assignment.getExpression())
+          : Optional.empty();
+    }
+
+    if (tree instanceof VariableTree declaration) {
+      return declaration.getModifiers().getAnnotations().isEmpty()
+              && targetSymbol.equals(ASTHelpers.getSymbol(declaration))
+          ? Optional.ofNullable(declaration.getInitializer())
+          : Optional.empty();
+    }
+
+    return Optional.empty();
+  }
+
+  /**
+   * Tells whether inlining the given expression to the associated return statement can likely be
+   * done without changing the expression's return type.
+   *
+   * <p>Inlining an expression generally does not change its return type, but in rare cases the
+   * operation may have a functional impact. The sole case considered here is the inlining of a
+   * Mockito mock or spy construction without an explicit type. In such a case the type created
+   * depends on context, such as the method's return type.
+   */
+  private static boolean canInlineToReturnStatement(
+      ExpressionTree expressionTree, VisitorState state) {
+    return !MOCKITO_MOCK_OR_SPY_WITH_IMPLICIT_TYPE.matches(expressionTree, state)
+        || MoreASTHelpers.findMethodExitedOnReturn(state)
+            .filter(m -> MoreASTHelpers.areSameType(expressionTree, m.getReturnType(), state))
+            .isPresent();
+  }
+
+  /**
+   * Tells whether the given identifier {@link Symbol} is referenced in a {@code finally} block that
+   * is executed <em>after</em> control flow returns from the {@link VisitorState#getPath() current
+   * location}.
+   */
+  private static boolean isIdentifierSymbolReferencedInAssociatedFinallyBlock(
+      Symbol symbol, VisitorState state) {
+    return Streams.zip(
+            Streams.stream(state.getPath()).skip(1),
+            Streams.stream(state.getPath()),
+            (tree, child) -> {
+              if (!(tree instanceof TryTree tryTree)) {
+                return null;
+              }
+
+              BlockTree finallyBlock = tryTree.getFinallyBlock();
+              return !child.equals(finallyBlock) ? finallyBlock : null;
+            })
+        .anyMatch(finallyBlock -> referencesIdentifierSymbol(symbol, finallyBlock));
+  }
+
+  private static boolean referencesIdentifierSymbol(Symbol symbol, @Nullable BlockTree tree) {
+    return Boolean.TRUE.equals(
+        new TreeScanner<Boolean, @Nullable Void>() {
+          @Override
+          public Boolean visitIdentifier(IdentifierTree node, @Nullable Void unused) {
+            return symbol.equals(ASTHelpers.getSymbol(node));
+          }
+
+          @Override
+          public Boolean reduce(Boolean r1, Boolean r2) {
+            return Boolean.TRUE.equals(r1) || Boolean.TRUE.equals(r2);
+          }
+        }.scan(tree, null));
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/EagerStringFormatting.java

@@ -0,0 +1,325 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
+import static com.google.errorprone.BugPattern.StandardTags.PERFORMANCE;
+import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
+import static com.google.errorprone.matchers.Matchers.anyOf;
+import static com.google.errorprone.matchers.Matchers.isSubtypeOf;
+import static com.google.errorprone.matchers.Matchers.staticMethod;
+import static com.google.errorprone.matchers.method.MethodMatchers.instanceMethod;
+import static java.util.Objects.requireNonNull;
+import static java.util.stream.Collectors.joining;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+
+import com.google.auto.service.AutoService;
+import com.google.auto.value.AutoValue;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Verify;
+import com.google.common.base.VerifyException;
+import com.google.common.collect.ImmutableList;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.annotations.Var;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.MethodInvocationTreeMatcher;
+import com.google.errorprone.fixes.SuggestedFix;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.util.ASTHelpers;
+import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.MethodInvocationTree;
+import com.sun.source.tree.Tree;
+import com.sun.tools.javac.code.Symbol;
+import com.sun.tools.javac.code.Symbol.MethodSymbol;
+import com.sun.tools.javac.code.Symbol.VarSymbol;
+import java.util.Collections;
+import java.util.Formattable;
+import java.util.List;
+import java.util.Locale;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.stream.Stream;
+import tech.picnic.errorprone.utils.SourceCode;
+
+/**
+ * A {@link BugChecker} that flags {@link String#format} and {@link String#formatted} invocations
+ * that can be omitted by delegating to another format method.
+ */
+// XXX: The special-casing of Throwable applies only to SLF4J 1.6.0+; see
+// https://www.slf4j.org/faq.html#paramException. That should be documented.
+// XXX: Some of the `Matcher`s defined here are also declared by the `Slf4jLogStatement` and
+// `RedundantStringConversion` checks. Look into deduplicating them.
+// XXX: Should we also simplify e.g. `LOG.error(String.join("sep", arg1, arg2), throwable)`? Perhaps
+// that's too obscure.
+// XXX: This check currently only flags string format expressions that are a direct argument to
+// another format-capable method invocation. Indirect cases, such as where the result is assigned to
+// a variable, are currently not covered.
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary = "String formatting can be deferred",
+    link = BUG_PATTERNS_BASE_URL + "EagerStringFormatting",
+    linkType = CUSTOM,
+    severity = WARNING,
+    tags = {PERFORMANCE, SIMPLIFICATION})
+public final class EagerStringFormatting extends BugChecker implements MethodInvocationTreeMatcher {
+  private static final long serialVersionUID = 1L;
+  private static final Matcher<ExpressionTree> FORMATTABLE = isSubtypeOf(Formattable.class);
+  private static final Matcher<ExpressionTree> LOCALE = isSubtypeOf(Locale.class);
+  private static final Matcher<ExpressionTree> SLF4J_MARKER = isSubtypeOf("org.slf4j.Marker");
+  private static final Matcher<ExpressionTree> THROWABLE = isSubtypeOf(Throwable.class);
+  private static final Matcher<ExpressionTree> REQUIRE_NON_NULL_INVOCATION =
+      staticMethod().onClass(Objects.class.getCanonicalName()).named("requireNonNull");
+  private static final Matcher<ExpressionTree> GUAVA_GUARD_INVOCATION =
+      anyOf(
+          staticMethod()
+              .onClass(Preconditions.class.getCanonicalName())
+              .namedAnyOf("checkArgument", "checkNotNull", "checkState"),
+          staticMethod()
+              .onClass(Verify.class.getCanonicalName())
+              .namedAnyOf("verify", "verifyNotNull"));
+  private static final Matcher<ExpressionTree> SLF4J_LOGGER_INVOCATION =
+      instanceMethod()
+          .onDescendantOf("org.slf4j.Logger")
+          .namedAnyOf("trace", "debug", "info", "warn", "error");
+  private static final Matcher<ExpressionTree> STATIC_FORMAT_STRING =
+      staticMethod().onClass(String.class.getCanonicalName()).named("format");
+  private static final Matcher<ExpressionTree> INSTANCE_FORMAT_STRING =
+      instanceMethod().onDescendantOf(String.class.getCanonicalName()).named("formatted");
+  private static final String MESSAGE_NEVER_NULL_ARGUMENT =
+      "String formatting never yields `null` expression";
+
+  /** Instantiates a new {@link EagerStringFormatting} instance. */
+  public EagerStringFormatting() {}
+
+  @Override
+  public Description matchMethodInvocation(MethodInvocationTree tree, VisitorState state) {
+    Tree parent = state.getPath().getParentPath().getLeaf();
+    if (!(parent instanceof MethodInvocationTree methodInvocation)) {
+      /*
+       * Fast path: this isn't a method invocation whose result is an argument to another method
+       * invocation.
+       */
+      // XXX: This logic assumes that the string format operation isn't redundantly wrapped in
+      // parentheses. Similar assumptions likely exist throughout the code base. Investigate how to
+      // structurally cover such cases.
+      return Description.NO_MATCH;
+    }
+
+    return StringFormatExpression.tryCreate(tree, state)
+        .map(expr -> analyzeFormatStringContext(expr, methodInvocation, state))
+        .orElse(Description.NO_MATCH);
+  }
+
+  private Description analyzeFormatStringContext(
+      StringFormatExpression stringFormat, MethodInvocationTree context, VisitorState state) {
+    if (REQUIRE_NON_NULL_INVOCATION.matches(context, state)) {
+      return analyzeRequireNonNullStringFormatContext(stringFormat, context);
+    }
+
+    if (GUAVA_GUARD_INVOCATION.matches(context, state)) {
+      return analyzeGuavaGuardStringFormatContext(stringFormat, context, state);
+    }
+
+    if (SLF4J_LOGGER_INVOCATION.matches(context, state)) {
+      return analyzeSlf4jLoggerStringFormatContext(stringFormat, context, state);
+    }
+
+    /*
+     * The string formatting operation does not appear to happen in a context that admits of
+     * simplification or optimization.
+     */
+    return Description.NO_MATCH;
+  }
+
+  private Description analyzeRequireNonNullStringFormatContext(
+      StringFormatExpression stringFormat, MethodInvocationTree context) {
+    List<? extends ExpressionTree> arguments = context.getArguments();
+    if (arguments.size() != 2 || arguments.get(0).equals(stringFormat.expression())) {
+      /* Vacuous validation that string formatting doesn't yield `null`. */
+      return buildDescription(context).setMessage(MESSAGE_NEVER_NULL_ARGUMENT).build();
+    }
+
+    if (stringFormat.arguments().stream()
+        .anyMatch(EagerStringFormatting::isNonFinalLocalVariable)) {
+      /*
+       * The format operation depends on a variable that isn't final or effectively final; moving
+       * it into a lambda expression would cause a compilation error.
+       */
+      return buildDescription(context)
+          .setMessage(message() + " (but this requires introducing an effectively final variable)")
+          .build();
+    }
+
+    /* Suggest that the string formatting is deferred. */
+    return describeMatch(context, SuggestedFix.prefixWith(stringFormat.expression(), "() -> "));
+  }
+
+  private Description analyzeGuavaGuardStringFormatContext(
+      StringFormatExpression stringFormat, MethodInvocationTree context, VisitorState state) {
+    List<? extends ExpressionTree> arguments = context.getArguments();
+    if (arguments.get(0).equals(stringFormat.expression())) {
+      /*
+       * Vacuous `checkNotNull` or `verifyNotNull` validation that string formatting doesn't yield
+       * `null`.
+       */
+      return buildDescription(context).setMessage(MESSAGE_NEVER_NULL_ARGUMENT).build();
+    }
+
+    if (stringFormat.simplifiableFormatString().isEmpty() || arguments.size() > 2) {
+      /*
+       * The format string cannot be simplified, or the format string produces a format string
+       * itself, or its result is the input to another format operation. These are complex cases
+       * that we'll only flag.
+       */
+      return createSimplificationSuggestion(context, "Guava");
+    }
+
+    return describeMatch(context, stringFormat.suggestFlattening("%s", state));
+  }
+
+  private Description analyzeSlf4jLoggerStringFormatContext(
+      StringFormatExpression stringFormat, MethodInvocationTree context, VisitorState state) {
+    if (stringFormat.simplifiableFormatString().isEmpty()) {
+      /* We can't simplify this case; only flag it. */
+      return createSimplificationSuggestion(context, "SLF4J");
+    }
+
+    List<? extends ExpressionTree> arguments = context.getArguments();
+    int leftOffset = SLF4J_MARKER.matches(arguments.get(0), state) ? 1 : 0;
+    int rightOffset = THROWABLE.matches(arguments.get(arguments.size() - 1), state) ? 1 : 0;
+    if (arguments.size() != leftOffset + 1 + rightOffset) {
+      /*
+       * The format string produces a format string itself, or its result is the input to another
+       * format operation. This is a complex case that we'll only flag.
+       */
+      return createSimplificationSuggestion(context, "SLF4J");
+    }
+
+    return describeMatch(context, stringFormat.suggestFlattening("{}", state));
+  }
+
+  private static boolean isNonFinalLocalVariable(Tree tree) {
+    Symbol symbol = ASTHelpers.getSymbol(tree);
+    return symbol instanceof VarSymbol
+        && symbol.owner instanceof MethodSymbol
+        && !ASTHelpers.isConsideredFinal(symbol);
+  }
+
+  private Description createSimplificationSuggestion(MethodInvocationTree context, String library) {
+    return buildDescription(context)
+        .setMessage(
+            "%s (assuming that %s's simplified formatting support suffices)"
+                .formatted(message(), library))
+        .build();
+  }
+
+  /** Description of a string format expression. */
+  @AutoValue
+  abstract static class StringFormatExpression {
+    /** The full string format expression. */
+    abstract MethodInvocationTree expression();
+
+    /** The format string expression. */
+    abstract Tree formatString();
+
+    /** The string format arguments to be plugged into its format string. */
+    abstract ImmutableList<ExpressionTree> arguments();
+
+    /**
+     * The constant format string, if it contains only {@code %s} placeholders, and the number of
+     * said placeholders matches the number of format arguments.
+     */
+    abstract Optional<String> simplifiableFormatString();
+
+    private SuggestedFix suggestFlattening(String newPlaceholder, VisitorState state) {
+      return SuggestedFix.replace(
+          expression(),
+          Stream.concat(
+                  Stream.of(deriveFormatStringExpression(newPlaceholder, state)),
+                  arguments().stream().map(arg -> SourceCode.treeToString(arg, state)))
+              .collect(joining(", ")));
+    }
+
+    private String deriveFormatStringExpression(String newPlaceholder, VisitorState state) {
+      String formatString =
+          String.format(
+              simplifiableFormatString()
+                  .orElseThrow(() -> new VerifyException("Format string cannot be simplified")),
+              Collections.nCopies(arguments().size(), newPlaceholder).toArray());
+
+      /*
+       * If the suggested replacement format string is the same as the original, then use the
+       * expression's existing source code representation. This way string constant references are
+       * not unnecessarily replaced.
+       */
+      return formatString.equals(ASTHelpers.constValue(formatString(), String.class))
+          ? SourceCode.treeToString(formatString(), state)
+          : SourceCode.toStringConstantExpression(formatString, state);
+    }
+
+    private static Optional<StringFormatExpression> tryCreate(
+        MethodInvocationTree tree, VisitorState state) {
+      if (INSTANCE_FORMAT_STRING.matches(tree, state)) {
+        return Optional.of(
+            create(
+                tree,
+                requireNonNull(ASTHelpers.getReceiver(tree), "Receiver unexpectedly absent"),
+                ImmutableList.copyOf(tree.getArguments()),
+                state));
+      }
+
+      if (STATIC_FORMAT_STRING.matches(tree, state)) {
+        List<? extends ExpressionTree> arguments = tree.getArguments();
+        int argOffset = LOCALE.matches(arguments.get(0), state) ? 1 : 0;
+        return Optional.of(
+            create(
+                tree,
+                arguments.get(argOffset),
+                ImmutableList.copyOf(arguments.subList(argOffset + 1, arguments.size())),
+                state));
+      }
+
+      return Optional.empty();
+    }
+
+    private static StringFormatExpression create(
+        MethodInvocationTree expression,
+        Tree formatString,
+        ImmutableList<ExpressionTree> arguments,
+        VisitorState state) {
+      return new AutoValue_EagerStringFormatting_StringFormatExpression(
+          expression,
+          formatString,
+          arguments,
+          Optional.ofNullable(ASTHelpers.constValue(formatString, String.class))
+              .filter(template -> isSimplifiable(template, arguments, state)));
+    }
+
+    private static boolean isSimplifiable(
+        String formatString, ImmutableList<ExpressionTree> arguments, VisitorState state) {
+      if (arguments.stream().anyMatch(arg -> FORMATTABLE.matches(arg, state))) {
+        /* `Formattable` arguments can have arbitrary format semantics. */
+        return false;
+      }
+
+      @Var int placeholderCount = 0;
+      for (int p = formatString.indexOf('%'); p != -1; p = formatString.indexOf('%', p + 2)) {
+        if (p == formatString.length() - 1) {
+          /* Malformed format string with trailing `%`. */
+          return false;
+        }
+
+        char modifier = formatString.charAt(p + 1);
+        if (modifier == 's') {
+          placeholderCount++;
+        } else if (modifier != '%') {
+          /* Only `%s` and `%%` (a literal `%`) are supported. */
+          return false;
+        }
+      }
+
+      return placeholderCount == arguments.size();
+    }
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/EmptyMethod.java

@@ -7,7 +7,7 @@ import static com.google.errorprone.matchers.ChildMultiMatcher.MatchType.AT_LEAS
 import static com.google.errorprone.matchers.Matchers.annotations;
 import static com.google.errorprone.matchers.Matchers.anyOf;
 import static com.google.errorprone.matchers.Matchers.isType;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.errorprone.BugPattern;
@@ -21,7 +21,7 @@ import com.sun.source.tree.ClassTree;
 import com.sun.source.tree.MethodTree;
 import com.sun.source.tree.Tree;
 import java.util.Optional;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /** A {@link BugChecker} that flags empty methods that seemingly can simply be deleted. */
 @AutoService(BugChecker.class)
@@ -36,12 +36,15 @@ public final class EmptyMethod extends BugChecker implements MethodTreeMatcher {
   private static final Matcher<Tree> PERMITTED_ANNOTATION =
       annotations(
           AT_LEAST_ONE,
-          anyOf(isType("java.lang.Override"), isType("org.aspectj.lang.annotation.Pointcut")));
+          anyOf(
+              isType(Override.class.getCanonicalName()),
+              isType("org.aspectj.lang.annotation.Pointcut")));
 
   /** Instantiates a new {@link EmptyMethod} instance. */
   public EmptyMethod() {}
 
   @Override
+  @SuppressWarnings("java:S1067" /* Chaining disjunctions like this does not impact readability. */)
   public Description matchMethod(MethodTree tree, VisitorState state) {
     if (tree.getBody() == null
         || !tree.getBody().getStatements().isEmpty()
@@ -59,7 +62,7 @@ public final class EmptyMethod extends BugChecker implements MethodTreeMatcher {
   }
 
   private static boolean isInPossibleTestHelperClass(VisitorState state) {
-    return Optional.ofNullable(ASTHelpers.findEnclosingNode(state.getPath(), ClassTree.class))
+    return Optional.ofNullable(state.findEnclosing(ClassTree.class))
         .map(ClassTree::getSimpleName)
         .filter(name -> name.toString().contains("Test"))
         .isPresent();

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/EmptyMonoZip.java

@@ -0,0 +1,89 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.ERROR;
+import static com.google.errorprone.BugPattern.StandardTags.LIKELY_ERROR;
+import static com.google.errorprone.matchers.Matchers.anyOf;
+import static com.google.errorprone.matchers.Matchers.instanceMethod;
+import static com.google.errorprone.matchers.Matchers.staticMethod;
+import static com.google.errorprone.matchers.Matchers.typePredicateMatcher;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.MoreTypePredicates.isSubTypeOf;
+import static tech.picnic.errorprone.utils.MoreTypes.generic;
+import static tech.picnic.errorprone.utils.MoreTypes.type;
+
+import com.google.auto.service.AutoService;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.MethodInvocationTreeMatcher;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.suppliers.Supplier;
+import com.google.errorprone.suppliers.Suppliers;
+import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.MemberSelectTree;
+import com.sun.source.tree.MethodInvocationTree;
+import com.sun.tools.javac.code.Type;
+import reactor.core.publisher.Mono;
+
+/**
+ * A {@link BugChecker} that flags {@link Mono#zip} and {@link Mono#zipWith} invocations with a
+ * {@code Mono<Void>} or {@link Mono#empty()} argument or receiver.
+ *
+ * <p>When a zipped reactive stream completes empty, then the other zipped streams will be cancelled
+ * (or not subscribed to), and the operation as a whole will complete empty as well. This is
+ * generally not what was intended.
+ */
+// XXX: Generalize this check to also cover `Flux` zip operations.
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary = "Don't pass a `Mono<Void>` or `Mono.empty()` argument to `Mono#{zip,With}`",
+    link = BUG_PATTERNS_BASE_URL + "EmptyMonoZip",
+    linkType = CUSTOM,
+    severity = ERROR,
+    tags = LIKELY_ERROR)
+public final class EmptyMonoZip extends BugChecker implements MethodInvocationTreeMatcher {
+  private static final long serialVersionUID = 1L;
+  private static final Supplier<Type> MONO =
+      Suppliers.typeFromString("reactor.core.publisher.Mono");
+  private static final Matcher<ExpressionTree> MONO_ZIP_OR_ZIP_WITH =
+      anyOf(
+          instanceMethod().onDescendantOf(MONO).named("zipWith"),
+          staticMethod().onClass(MONO).named("zip"));
+  private static final Matcher<ExpressionTree> EMPTY_MONO =
+      anyOf(
+          staticMethod().onDescendantOf(MONO).named("empty"),
+          typePredicateMatcher(isSubTypeOf(generic(MONO, type(Void.class.getCanonicalName())))));
+
+  /** Instantiates a new {@link EmptyMonoZip} instance. */
+  public EmptyMonoZip() {}
+
+  @Override
+  public Description matchMethodInvocation(MethodInvocationTree tree, VisitorState state) {
+    if (!MONO_ZIP_OR_ZIP_WITH.matches(tree, state)) {
+      return Description.NO_MATCH;
+    }
+
+    if (hasEmptyReceiver(tree, state)) {
+      return buildDescription(tree)
+          .setMessage("Invoking `Mono#zipWith` on `Mono#empty()` or a `Mono<Void>` is a no-op")
+          .build();
+    }
+
+    if (hasEmptyArguments(tree, state)) {
+      return describeMatch(tree);
+    }
+
+    return Description.NO_MATCH;
+  }
+
+  private static boolean hasEmptyReceiver(MethodInvocationTree tree, VisitorState state) {
+    return tree.getMethodSelect() instanceof MemberSelectTree memberSelect
+        && EMPTY_MONO.matches(memberSelect.getExpression(), state);
+  }
+
+  private static boolean hasEmptyArguments(MethodInvocationTree tree, VisitorState state) {
+    return tree.getArguments().stream().anyMatch(arg -> EMPTY_MONO.matches(arg, state));
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/ExplicitArgumentEnumeration.java

@@ -0,0 +1,251 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.common.collect.ImmutableList.toImmutableList;
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
+import static com.google.errorprone.BugPattern.StandardTags.PERFORMANCE;
+import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
+import static com.google.errorprone.matchers.Matchers.allOf;
+import static com.google.errorprone.matchers.Matchers.anyOf;
+import static com.google.errorprone.matchers.Matchers.instanceMethod;
+import static com.google.errorprone.matchers.Matchers.staticMethod;
+import static com.google.errorprone.matchers.Matchers.symbolMatcher;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+
+import com.google.auto.service.AutoService;
+import com.google.common.collect.ImmutableCollection;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMultiset;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.ImmutableTable;
+import com.google.common.collect.Iterables;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.MethodInvocationTreeMatcher;
+import com.google.errorprone.fixes.SuggestedFix;
+import com.google.errorprone.fixes.SuggestedFixes;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.util.ASTHelpers;
+import com.google.errorprone.util.Visibility;
+import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.MethodInvocationTree;
+import com.sun.source.tree.MethodTree;
+import com.sun.tools.javac.code.Symbol.MethodSymbol;
+import com.sun.tools.javac.code.Symbol.VarSymbol;
+import com.sun.tools.javac.code.Type;
+import com.sun.tools.javac.code.Types;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.Set;
+import javax.lang.model.element.Element;
+import tech.picnic.errorprone.utils.SourceCode;
+
+/**
+ * A {@link BugChecker} that flags single-argument method invocations with an iterable of explicitly
+ * enumerated values, for which a semantically equivalent varargs variant (appears to) exists as
+ * well.
+ *
+ * <p>This check drops selected {@link ImmutableSet#of} and {@link Set#of} invocations, with the
+ * assumption that these operations do not deduplicate the collection of explicitly enumerated
+ * values. It also drops {@link ImmutableMultiset#of} and {@link Set#of} invocations, with the
+ * assumption that these do not materially impact iteration order.
+ *
+ * <p>This checker attempts to identify {@link Iterable}-accepting methods for which a varargs
+ * overload exists, and suggests calling the varargs overload instead. This is an imperfect
+ * heuristic, but it e.g. allows invocations of <a
+ * href="https://immutables.github.io/immutable.html#copy-methods">Immutables-generated {@code
+ * with*}</a> methods to be simplified.
+ */
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary = "Iterable creation can be avoided by using a varargs alternative method",
+    link = BUG_PATTERNS_BASE_URL + "ExplicitArgumentEnumeration",
+    linkType = CUSTOM,
+    severity = SUGGESTION,
+    tags = {PERFORMANCE, SIMPLIFICATION})
+public final class ExplicitArgumentEnumeration extends BugChecker
+    implements MethodInvocationTreeMatcher {
+  private static final long serialVersionUID = 1L;
+  private static final Matcher<ExpressionTree> EXPLICIT_ITERABLE_CREATOR =
+      anyOf(
+          staticMethod()
+              .onClassAny(
+                  ImmutableList.class.getCanonicalName(),
+                  ImmutableMultiset.class.getCanonicalName(),
+                  ImmutableSet.class.getCanonicalName(),
+                  List.class.getCanonicalName(),
+                  Set.class.getCanonicalName())
+              .named("of"),
+          allOf(
+              staticMethod()
+                  .onClassAny(
+                      ImmutableList.class.getCanonicalName(),
+                      ImmutableMultiset.class.getCanonicalName(),
+                      ImmutableSet.class.getCanonicalName())
+                  .named("copyOf"),
+              symbolMatcher(
+                  (symbol, state) ->
+                      state
+                          .getSymtab()
+                          .arrayClass
+                          .equals(((MethodSymbol) symbol).params().get(0).type.tsym))),
+          staticMethod().onClass(Arrays.class.getCanonicalName()).named("asList"));
+  private static final Matcher<ExpressionTree> IMMUTABLE_COLLECTION_BUILDER =
+      instanceMethod().onDescendantOf(ImmutableCollection.Builder.class.getCanonicalName());
+  private static final Matcher<ExpressionTree> OBJECT_ENUMERABLE_ASSERT =
+      instanceMethod().onDescendantOf("org.assertj.core.api.ObjectEnumerableAssert");
+  private static final Matcher<ExpressionTree> STEP_VERIFIER_STEP =
+      instanceMethod().onDescendantOf("reactor.test.StepVerifier.Step");
+  private static final ImmutableTable<Matcher<ExpressionTree>, String, String> ALTERNATIVE_METHODS =
+      ImmutableTable.<Matcher<ExpressionTree>, String, String>builder()
+          .put(IMMUTABLE_COLLECTION_BUILDER, "addAll", "add")
+          .put(OBJECT_ENUMERABLE_ASSERT, "containsAnyElementsOf", "containsAnyOf")
+          .put(OBJECT_ENUMERABLE_ASSERT, "containsAll", "contains")
+          .put(OBJECT_ENUMERABLE_ASSERT, "containsExactlyElementsOf", "containsExactly")
+          .put(
+              OBJECT_ENUMERABLE_ASSERT,
+              "containsExactlyInAnyOrderElementsOf",
+              "containsExactlyInAnyOrder")
+          .put(OBJECT_ENUMERABLE_ASSERT, "containsOnlyElementsOf", "containsOnly")
+          .put(OBJECT_ENUMERABLE_ASSERT, "containsOnlyOnceElementsOf", "containsOnlyOnce")
+          .put(OBJECT_ENUMERABLE_ASSERT, "doesNotContainAnyElementsOf", "doesNotContain")
+          .put(OBJECT_ENUMERABLE_ASSERT, "hasSameElementsAs", "containsOnly")
+          .put(STEP_VERIFIER_STEP, "expectNextSequence", "expectNext")
+          .buildOrThrow();
+
+  /** Instantiates a new {@link ExplicitArgumentEnumeration} instance. */
+  public ExplicitArgumentEnumeration() {}
+
+  @Override
+  public Description matchMethodInvocation(MethodInvocationTree tree, VisitorState state) {
+    if (tree.getArguments().size() != 1) {
+      /* Performance optimization: non-unary method invocations cannot be simplified. */
+      return Description.NO_MATCH;
+    }
+
+    MethodSymbol method = ASTHelpers.getSymbol(tree);
+    if (!isUnaryIterableAcceptingMethod(method, state) || isLocalOverload(method, state)) {
+      /*
+       * This isn't a method invocation we can simplify, or it's an invocation of a local overload.
+       * The latter type of invocation we do not suggest replacing, as this is fairly likely to
+       * introduce an unbounded recursive call chain.
+       */
+      return Description.NO_MATCH;
+    }
+
+    ExpressionTree argument = tree.getArguments().get(0);
+    if (!EXPLICIT_ITERABLE_CREATOR.matches(argument, state)) {
+      return Description.NO_MATCH;
+    }
+
+    return trySuggestCallingVarargsOverload(method, (MethodInvocationTree) argument, state)
+        .or(() -> trySuggestCallingCustomAlternative(tree, (MethodInvocationTree) argument, state))
+        .map(fix -> describeMatch(tree, fix))
+        .orElse(Description.NO_MATCH);
+  }
+
+  private static boolean isUnaryIterableAcceptingMethod(MethodSymbol method, VisitorState state) {
+    List<VarSymbol> params = method.params();
+    return !method.isVarArgs()
+        && params.size() == 1
+        && ASTHelpers.isSubtype(params.get(0).type, state.getSymtab().iterableType, state);
+  }
+
+  private static boolean isLocalOverload(MethodSymbol calledMethod, VisitorState state) {
+    MethodTree enclosingMethod = state.findEnclosing(MethodTree.class);
+    if (enclosingMethod == null) {
+      return false;
+    }
+
+    MethodSymbol callingMethod = ASTHelpers.getSymbol(enclosingMethod);
+    return Objects.equals(callingMethod.getEnclosingElement(), calledMethod.getEnclosingElement())
+        && callingMethod.getSimpleName().equals(calledMethod.getSimpleName());
+  }
+
+  private static Optional<SuggestedFix> trySuggestCallingVarargsOverload(
+      MethodSymbol method, MethodInvocationTree argument, VisitorState state) {
+    /*
+     * Collect all overloads of the given method that we are sure to be able to call. Note that the
+     * `isAtLeastAsVisible` check is conservative heuristic.
+     */
+    ImmutableList<MethodSymbol> overloads =
+        ASTHelpers.matchingMethods(
+                method.getSimpleName(),
+                m -> isAtLeastAsVisible(m, method),
+                method.enclClass().type,
+                state.getTypes())
+            .collect(toImmutableList());
+
+    return hasLikelySuitableVarargsOverload(method, overloads, state)
+        ? Optional.of(SourceCode.unwrapMethodInvocation(argument, state))
+        : Optional.empty();
+  }
+
+  /**
+   * Tells whether it is likely that, if the argument to the given method is unwrapped, a suitable
+   * varargs overload will be invoked instead.
+   *
+   * <p>If all overloads have a single parameter, and at least one of them is a suitably-typed
+   * varargs method, then we assume that unwrapping the iterable argument will cause a suitable
+   * overload to be invoked. (Note that there may be multiple varargs overloads due to method
+   * overriding; this check does not attempt to determine which exact method or overload will be
+   * invoked as a result of the suggested simplification.)
+   *
+   * <p>Note that this is a (highly!) imperfect heuristic, but it is sufficient to prevent e.g.
+   * unwrapping of arguments to `org.jooq.impl.DSL#row`, which can cause the expression's return
+   * type to change from `RowN` to (e.g.) `Row2`.
+   */
+  // XXX: There are certainly cases where it _would_ be nice to unwrap the arguments to
+  // `org.jooq.impl.DSL#row(Collection<?>)`. Look into this.
+  // XXX: Ideally we validate that eligible overloads have compatible return types.
+  private static boolean hasLikelySuitableVarargsOverload(
+      MethodSymbol method, ImmutableList<MethodSymbol> overloads, VisitorState state) {
+    Types types = state.getTypes();
+    // XXX: This logic is fragile, as it assumes that the method parameter's type is of the form
+    // `X<T>`, where `T` is the type of the explicitly enumerated values passed to the expression to
+    // be unwrapped. This should generally hold, given the types returned by the
+    // `EXPLICIT_ITERABLE_CREATOR` expressions: `Iterable<T>`, `List<T>`, `Set<T>`, etc.
+    Type parameterType =
+        Iterables.getOnlyElement(
+            Iterables.getOnlyElement(method.getParameters()).type.getTypeArguments());
+    return overloads.stream().allMatch(m -> m.params().size() == 1)
+        && overloads.stream()
+            .filter(MethodSymbol::isVarArgs)
+            .map(m -> types.elemtype(Iterables.getOnlyElement(m.getParameters()).type))
+            .anyMatch(varArgsType -> types.containsType(parameterType, varArgsType));
+  }
+
+  private static Optional<SuggestedFix> trySuggestCallingCustomAlternative(
+      MethodInvocationTree tree, MethodInvocationTree argument, VisitorState state) {
+    return ALTERNATIVE_METHODS.rowMap().entrySet().stream()
+        .filter(e -> e.getKey().matches(tree, state))
+        .findFirst()
+        .flatMap(e -> trySuggestCallingCustomAlternative(tree, argument, state, e.getValue()));
+  }
+
+  private static Optional<SuggestedFix> trySuggestCallingCustomAlternative(
+      MethodInvocationTree tree,
+      MethodInvocationTree argument,
+      VisitorState state,
+      Map<String, String> alternatives) {
+    return Optional.ofNullable(
+            alternatives.get(ASTHelpers.getSymbol(tree).getSimpleName().toString()))
+        .map(
+            replacement ->
+                SuggestedFix.builder()
+                    .merge(SuggestedFixes.renameMethodInvocation(tree, replacement, state))
+                    .merge(SourceCode.unwrapMethodInvocation(argument, state))
+                    .build());
+  }
+
+  private static boolean isAtLeastAsVisible(Element symbol, Element reference) {
+    return Visibility.fromModifiers(symbol.getModifiers())
+            .compareTo(Visibility.fromModifiers(reference.getModifiers()))
+        >= 0;
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/ExplicitEnumOrdering.java

@@ -7,7 +7,7 @@ import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
 import static com.google.errorprone.BugPattern.StandardTags.FRAGILE_CODE;
 import static com.google.errorprone.matchers.method.MethodMatchers.staticMethod;
 import static java.util.stream.Collectors.collectingAndThen;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.common.collect.ImmutableSet;
@@ -44,7 +44,7 @@ import java.util.stream.Stream;
 public final class ExplicitEnumOrdering extends BugChecker implements MethodInvocationTreeMatcher {
   private static final long serialVersionUID = 1L;
   private static final Matcher<ExpressionTree> EXPLICIT_ORDERING =
-      staticMethod().onClass(Ordering.class.getName()).named("explicit");
+      staticMethod().onClass(Ordering.class.getCanonicalName()).named("explicit");
 
   /** Instantiates a new {@link ExplicitEnumOrdering} instance. */
   public ExplicitEnumOrdering() {}
@@ -72,7 +72,7 @@ public final class ExplicitEnumOrdering extends BugChecker implements MethodInvo
       List<? extends ExpressionTree> expressions) {
     return expressions.stream()
         .map(ASTHelpers::getSymbol)
-        .filter(Symbol::isEnum)
+        .filter(s -> s != null && s.isEnum())
         .collect(
             collectingAndThen(
                 toImmutableSetMultimap(Symbol::asType, Symbol::toString),

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/FluxFlatMapUsage.java

@@ -4,11 +4,11 @@ import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
 import static com.google.errorprone.BugPattern.SeverityLevel.ERROR;
 import static com.google.errorprone.BugPattern.StandardTags.LIKELY_ERROR;
 import static com.google.errorprone.matchers.method.MethodMatchers.instanceMethod;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
-import static tech.picnic.errorprone.bugpatterns.util.MoreTypes.generic;
-import static tech.picnic.errorprone.bugpatterns.util.MoreTypes.subOf;
-import static tech.picnic.errorprone.bugpatterns.util.MoreTypes.type;
-import static tech.picnic.errorprone.bugpatterns.util.MoreTypes.unbound;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.MoreTypes.generic;
+import static tech.picnic.errorprone.utils.MoreTypes.subOf;
+import static tech.picnic.errorprone.utils.MoreTypes.type;
+import static tech.picnic.errorprone.utils.MoreTypes.unbound;
 
 import com.google.auto.service.AutoService;
 import com.google.common.collect.Iterables;
@@ -50,8 +50,9 @@ import reactor.core.publisher.Flux;
 @AutoService(BugChecker.class)
 @BugPattern(
     summary =
-        "`Flux#flatMap` and `Flux#flatMapSequential` have subtle semantics; "
-            + "please use `Flux#concatMap` or explicitly specify the desired amount of concurrency",
+        """
+        `Flux#flatMap` and `Flux#flatMapSequential` have subtle semantics; please use \
+        `Flux#concatMap` or explicitly specify the desired amount of concurrency""",
     link = BUG_PATTERNS_BASE_URL + "FluxFlatMapUsage",
     linkType = CUSTOM,
     severity = ERROR,
@@ -66,7 +67,7 @@ public final class FluxFlatMapUsage extends BugChecker
       instanceMethod()
           .onDescendantOf(FLUX)
           .namedAnyOf("flatMap", "flatMapSequential")
-          .withParameters(Function.class.getName());
+          .withParameters(Function.class.getCanonicalName());
   private static final Supplier<Type> FLUX_OF_PUBLISHERS =
       VisitorState.memoize(
           generic(FLUX, subOf(generic(type("org.reactivestreams.Publisher"), unbound()))));
@@ -82,10 +83,8 @@ public final class FluxFlatMapUsage extends BugChecker
 
     SuggestedFix serializationFix = SuggestedFixes.renameMethodInvocation(tree, "concatMap", state);
     SuggestedFix concurrencyCapFix =
-        SuggestedFix.builder()
-            .postfixWith(
-                Iterables.getOnlyElement(tree.getArguments()), ", " + MAX_CONCURRENCY_ARG_NAME)
-            .build();
+        SuggestedFix.postfixWith(
+            Iterables.getOnlyElement(tree.getArguments()), ", " + MAX_CONCURRENCY_ARG_NAME);
 
     Description.Builder description = buildDescription(tree);
 

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/FluxImplicitBlock.java

@@ -0,0 +1,104 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.common.base.Preconditions.checkState;
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
+import static com.google.errorprone.BugPattern.StandardTags.CONCURRENCY;
+import static com.google.errorprone.BugPattern.StandardTags.PERFORMANCE;
+import static com.google.errorprone.matchers.method.MethodMatchers.instanceMethod;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+
+import com.google.auto.service.AutoService;
+import com.google.common.collect.ImmutableList;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.MethodInvocationTreeMatcher;
+import com.google.errorprone.fixes.SuggestedFix;
+import com.google.errorprone.fixes.SuggestedFixes;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.suppliers.Supplier;
+import com.google.errorprone.suppliers.Suppliers;
+import com.google.errorprone.util.ASTHelpers;
+import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.MethodInvocationTree;
+import com.sun.tools.javac.code.Type;
+import com.sun.tools.javac.util.Position;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import tech.picnic.errorprone.utils.ThirdPartyLibrary;
+
+/**
+ * A {@link BugChecker} that flags {@link reactor.core.publisher.Flux} operator usages that may
+ * implicitly cause the calling thread to be blocked.
+ *
+ * <p>Note that the methods flagged here are not themselves blocking, but iterating over the
+ * resulting {@link Iterable} or {@link Stream} may be.
+ */
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary = "Avoid iterating over `Flux`es in an implicitly blocking manner",
+    link = BUG_PATTERNS_BASE_URL + "FluxImplicitBlock",
+    linkType = CUSTOM,
+    severity = WARNING,
+    tags = {CONCURRENCY, PERFORMANCE})
+public final class FluxImplicitBlock extends BugChecker implements MethodInvocationTreeMatcher {
+  private static final long serialVersionUID = 1L;
+  private static final Matcher<ExpressionTree> FLUX_WITH_IMPLICIT_BLOCK =
+      instanceMethod()
+          .onDescendantOf("reactor.core.publisher.Flux")
+          .namedAnyOf("toIterable", "toStream")
+          .withNoParameters();
+  private static final Supplier<Type> STREAM =
+      Suppliers.typeFromString(Stream.class.getCanonicalName());
+
+  /** Instantiates a new {@link FluxImplicitBlock} instance. */
+  public FluxImplicitBlock() {}
+
+  @Override
+  public Description matchMethodInvocation(MethodInvocationTree tree, VisitorState state) {
+    if (!FLUX_WITH_IMPLICIT_BLOCK.matches(tree, state)) {
+      return Description.NO_MATCH;
+    }
+
+    Description.Builder description =
+        buildDescription(tree).addFix(SuggestedFixes.addSuppressWarnings(state, canonicalName()));
+    if (ThirdPartyLibrary.GUAVA.isIntroductionAllowed(state)) {
+      description.addFix(
+          suggestBlockingElementCollection(
+              tree, ImmutableList.class.getCanonicalName() + ".toImmutableList", state));
+    }
+    description.addFix(
+        suggestBlockingElementCollection(
+            tree, Collectors.class.getCanonicalName() + ".toList", state));
+
+    return description.build();
+  }
+
+  private static SuggestedFix suggestBlockingElementCollection(
+      MethodInvocationTree tree, String fullyQualifiedCollectorMethod, VisitorState state) {
+    SuggestedFix.Builder importSuggestion = SuggestedFix.builder();
+    String replacementMethodInvocation =
+        SuggestedFixes.qualifyStaticImport(fullyQualifiedCollectorMethod, importSuggestion, state);
+
+    boolean isStream =
+        ASTHelpers.isSubtype(ASTHelpers.getResultType(tree), STREAM.get(state), state);
+    String replacement =
+        String.format(
+            ".collect(%s()).block()%s", replacementMethodInvocation, isStream ? ".stream()" : "");
+    return importSuggestion.merge(replaceMethodInvocation(tree, replacement, state)).build();
+  }
+
+  private static SuggestedFix.Builder replaceMethodInvocation(
+      MethodInvocationTree tree, String replacement, VisitorState state) {
+    int startPosition = state.getEndPosition(ASTHelpers.getReceiver(tree));
+    int endPosition = state.getEndPosition(tree);
+
+    checkState(
+        startPosition != Position.NOPOS && endPosition != Position.NOPOS,
+        "Cannot locate method to be replaced in source code");
+
+    return SuggestedFix.builder().replace(startPosition, endPosition, replacement);
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/FormatStringConcatenation.java

@@ -10,9 +10,11 @@ import static com.google.errorprone.matchers.Matchers.instanceMethod;
 import static com.google.errorprone.matchers.Matchers.not;
 import static com.google.errorprone.matchers.Matchers.staticMethod;
 import static java.util.stream.Collectors.joining;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Verify;
 import com.google.errorprone.BugPattern;
 import com.google.errorprone.VisitorState;
 import com.google.errorprone.bugpatterns.BugChecker;
@@ -30,10 +32,12 @@ import com.sun.source.tree.Tree;
 import com.sun.source.tree.Tree.Kind;
 import com.sun.source.util.SimpleTreeVisitor;
 import java.util.ArrayList;
+import java.util.Formatter;
 import java.util.List;
 import java.util.Optional;
 import org.jspecify.annotations.Nullable;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.MoreASTHelpers;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /**
  * A {@link BugChecker} that flags string concatenations that produce a format string; in such cases
@@ -59,6 +63,7 @@ import tech.picnic.errorprone.bugpatterns.util.SourceCode;
 public final class FormatStringConcatenation extends BugChecker
     implements MethodInvocationTreeMatcher {
   private static final long serialVersionUID = 1L;
+
   /**
    * AssertJ exposes varargs {@code fail} methods with a {@link Throwable}-accepting overload, the
    * latter of which should not be flagged.
@@ -67,7 +72,8 @@ public final class FormatStringConcatenation extends BugChecker
       anyMethod()
           .anyClass()
           .withAnyName()
-          .withParameters(String.class.getName(), Throwable.class.getName());
+          .withParameters(String.class.getCanonicalName(), Throwable.class.getCanonicalName());
+
   // XXX: Drop some of these methods if we use Refaster to replace some with others.
   private static final Matcher<ExpressionTree> ASSERTJ_FORMAT_METHOD =
       anyOf(
@@ -116,14 +122,14 @@ public final class FormatStringConcatenation extends BugChecker
   private static final Matcher<ExpressionTree> GUAVA_FORMAT_METHOD =
       anyOf(
           staticMethod()
-              .onClass("com.google.common.base.Preconditions")
+              .onClass(Preconditions.class.getCanonicalName())
               .namedAnyOf("checkArgument", "checkNotNull", "checkState"),
-          staticMethod().onClass("com.google.common.base.Verify").named("verify"));
+          staticMethod().onClass(Verify.class.getCanonicalName()).named("verify"));
   // XXX: Add `PrintWriter`, maybe others.
   private static final Matcher<ExpressionTree> JDK_FORMAT_METHOD =
       anyOf(
-          staticMethod().onClass("java.lang.String").named("format"),
-          instanceMethod().onExactClass("java.util.Formatter").named("format"));
+          staticMethod().onClass(String.class.getCanonicalName()).named("format"),
+          instanceMethod().onExactClass(Formatter.class.getCanonicalName()).named("format"));
   private static final Matcher<ExpressionTree> SLF4J_FORMAT_METHOD =
       instanceMethod()
           .onDescendantOf("org.slf4j.Logger")
@@ -198,14 +204,10 @@ public final class FormatStringConcatenation extends BugChecker
 
     ExpressionTree argument = ASTHelpers.stripParentheses(arguments.get(argPosition));
     return argument instanceof BinaryTree
-        && isStringTyped(argument, state)
+        && MoreASTHelpers.isStringTyped(argument, state)
         && ASTHelpers.constValue(argument, String.class) == null;
   }
 
-  private static boolean isStringTyped(ExpressionTree tree, VisitorState state) {
-    return ASTHelpers.isSameType(ASTHelpers.getType(tree), state.getSymtab().stringType, state);
-  }
-
   private static class ReplacementArgumentsConstructor
       extends SimpleTreeVisitor<@Nullable Void, VisitorState> {
     private final StringBuilder formatString = new StringBuilder();
@@ -218,7 +220,7 @@ public final class FormatStringConcatenation extends BugChecker
 
     @Override
     public @Nullable Void visitBinary(BinaryTree tree, VisitorState state) {
-      if (tree.getKind() == Kind.PLUS && isStringTyped(tree, state)) {
+      if (tree.getKind() == Kind.PLUS && MoreASTHelpers.isStringTyped(tree, state)) {
         tree.getLeftOperand().accept(this, state);
         tree.getRightOperand().accept(this, state);
       } else {
@@ -240,8 +242,8 @@ public final class FormatStringConcatenation extends BugChecker
     }
 
     private void appendExpression(Tree tree) {
-      if (tree instanceof LiteralTree) {
-        formatString.append(((LiteralTree) tree).getValue());
+      if (tree instanceof LiteralTree literal) {
+        formatString.append(literal.getValue());
       } else {
         formatString.append(formatSpecifier);
         formatArguments.add(tree);

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/IdentityConversion.java

@@ -7,9 +7,20 @@ import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
 import static com.google.errorprone.matchers.Matchers.anyOf;
 import static com.google.errorprone.matchers.Matchers.staticMethod;
 import static com.google.errorprone.suppliers.Suppliers.OBJECT_TYPE;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
+import com.google.common.collect.ImmutableBiMap;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableListMultimap;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableMultimap;
+import com.google.common.collect.ImmutableMultiset;
+import com.google.common.collect.ImmutableRangeMap;
+import com.google.common.collect.ImmutableRangeSet;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.ImmutableSetMultimap;
+import com.google.common.collect.ImmutableTable;
 import com.google.common.primitives.Primitives;
 import com.google.errorprone.BugPattern;
 import com.google.errorprone.VisitorState;
@@ -20,6 +31,7 @@ import com.google.errorprone.fixes.SuggestedFix;
 import com.google.errorprone.fixes.SuggestedFixes;
 import com.google.errorprone.matchers.Description;
 import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.matchers.Matchers;
 import com.google.errorprone.util.ASTHelpers;
 import com.google.errorprone.util.ASTHelpers.TargetType;
 import com.sun.source.tree.ExpressionTree;
@@ -27,14 +39,20 @@ import com.sun.source.tree.MemberSelectTree;
 import com.sun.source.tree.MethodInvocationTree;
 import com.sun.tools.javac.code.Type;
 import com.sun.tools.javac.code.Types;
+import java.time.Instant;
 import java.util.Arrays;
 import java.util.List;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /** A {@link BugChecker} that flags redundant identity conversions. */
 // XXX: Consider detecting cases where a flagged expression is passed to a method, and where removal
 // of the identity conversion would cause a different method overload to be selected. Depending on
 // the target method such a modification may change the code's semantics or performance.
+// XXX: Also flag `Stream#map`, `Mono#map` and `Flux#map` invocations where the given transformation
+// is effectively the identity operation.
+// XXX: Also flag nullary instance method invocations that represent an identity conversion, such as
+// `Boolean#booleanValue()`, `Byte#byteValue()` and friends.
+// XXX: Also flag redundant round-trip conversions such as `path.toFile().toPath()`.
 @AutoService(BugChecker.class)
 @BugPattern(
     summary = "Avoid or clarify identity conversions",
@@ -52,24 +70,23 @@ public final class IdentityConversion extends BugChecker implements MethodInvoca
                       .map(Class::getName)
                       .collect(toImmutableSet()))
               .named("valueOf"),
-          staticMethod().onClass(String.class.getName()).named("valueOf"),
+          staticMethod().onClass(String.class.getCanonicalName()).named("valueOf"),
           staticMethod()
               .onClassAny(
-                  "com.google.common.collect.ImmutableBiMap",
-                  "com.google.common.collect.ImmutableList",
-                  "com.google.common.collect.ImmutableListMultimap",
-                  "com.google.common.collect.ImmutableMap",
-                  "com.google.common.collect.ImmutableMultimap",
-                  "com.google.common.collect.ImmutableMultiset",
-                  "com.google.common.collect.ImmutableRangeMap",
-                  "com.google.common.collect.ImmutableRangeSet",
-                  "com.google.common.collect.ImmutableSet",
-                  "com.google.common.collect.ImmutableSetMultimap",
-                  "com.google.common.collect.ImmutableTable")
+                  ImmutableBiMap.class.getCanonicalName(),
+                  ImmutableList.class.getCanonicalName(),
+                  ImmutableListMultimap.class.getCanonicalName(),
+                  ImmutableMap.class.getCanonicalName(),
+                  ImmutableMultimap.class.getCanonicalName(),
+                  ImmutableMultiset.class.getCanonicalName(),
+                  ImmutableRangeMap.class.getCanonicalName(),
+                  ImmutableRangeSet.class.getCanonicalName(),
+                  ImmutableSet.class.getCanonicalName(),
+                  ImmutableSetMultimap.class.getCanonicalName(),
+                  ImmutableTable.class.getCanonicalName())
               .named("copyOf"),
-          staticMethod()
-              .onClass("com.google.errorprone.matchers.Matchers")
-              .namedAnyOf("allOf", "anyOf"),
+          staticMethod().onClass(Instant.class.getCanonicalName()).namedAnyOf("from"),
+          staticMethod().onClass(Matchers.class.getCanonicalName()).namedAnyOf("allOf", "anyOf"),
           staticMethod().onClass("reactor.adapter.rxjava.RxJava2Adapter"),
           staticMethod()
               .onClass("reactor.core.publisher.Flux")
@@ -110,8 +127,9 @@ public final class IdentityConversion extends BugChecker implements MethodInvoca
 
     return buildDescription(tree)
         .setMessage(
-            "This method invocation appears redundant; remove it or suppress this warning and "
-                + "add a comment explaining its purpose")
+            """
+            This method invocation appears redundant; remove it or suppress this warning and add a \
+            comment explaining its purpose""")
         .addFix(SuggestedFix.replace(tree, SourceCode.treeToString(sourceTree, state)))
         .addFix(SuggestedFixes.addSuppressWarnings(state, canonicalName()))
         .build();

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/ImmutablesSortedSetComparator.java

@@ -11,7 +11,7 @@ import static com.google.errorprone.matchers.Matchers.hasModifier;
 import static com.google.errorprone.matchers.Matchers.isSubtypeOf;
 import static com.google.errorprone.matchers.Matchers.methodReturns;
 import static com.google.errorprone.matchers.Matchers.not;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.errorprone.BugPattern;
@@ -43,8 +43,9 @@ import javax.lang.model.element.Modifier;
 @AutoService(BugChecker.class)
 @BugPattern(
     summary =
-        "`SortedSet` properties of a `@Value.Immutable` or `@Value.Modifiable` type must be "
-            + "annotated with `@Value.NaturalOrder` or `@Value.ReverseOrder`",
+        """
+        `SortedSet` properties of a `@Value.Immutable` or `@Value.Modifiable` type must be \
+        annotated with `@Value.NaturalOrder` or `@Value.ReverseOrder`""",
     link = BUG_PATTERNS_BASE_URL + "ImmutablesSortedSetComparator",
     linkType = CUSTOM,
     severity = ERROR,

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/IsInstanceLambdaUsage.java

@@ -3,7 +3,7 @@ package tech.picnic.errorprone.bugpatterns;
 import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
 import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
 import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.common.collect.Iterables;
@@ -16,17 +16,17 @@ import com.google.errorprone.matchers.Description;
 import com.google.errorprone.util.ASTHelpers;
 import com.sun.source.tree.InstanceOfTree;
 import com.sun.source.tree.LambdaExpressionTree;
-import com.sun.source.tree.Tree.Kind;
 import com.sun.source.tree.VariableTree;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /**
  * A {@link BugChecker} that flags lambda expressions that can be replaced with a method reference
  * of the form {@code T.class::isInstance}.
- *
- * @see MethodReferenceUsage
  */
-// XXX: Consider folding this logic into the `MethodReferenceUsage` check.
+// XXX: Consider folding this logic into the `MethodReferenceUsage` check of the
+// `error-prone-experimental` module.
+// XXX: This check and its tests are structurally nearly identical to `ClassCastLambdaUsage`. Unless
+// folded into `MethodReferenceUsage`, consider merging the two.
 @AutoService(BugChecker.class)
 @BugPattern(
     summary = "Prefer `Class::isInstance` method reference over equivalent lambda expression",
@@ -42,12 +42,12 @@ public final class IsInstanceLambdaUsage extends BugChecker implements LambdaExp
 
   @Override
   public Description matchLambdaExpression(LambdaExpressionTree tree, VisitorState state) {
-    if (tree.getParameters().size() != 1 || tree.getBody().getKind() != Kind.INSTANCE_OF) {
+    if (tree.getParameters().size() != 1
+        || !(tree.getBody() instanceof InstanceOfTree instanceOf)) {
       return Description.NO_MATCH;
     }
 
     VariableTree param = Iterables.getOnlyElement(tree.getParameters());
-    InstanceOfTree instanceOf = (InstanceOfTree) tree.getBody();
     if (!ASTHelpers.getSymbol(param).equals(ASTHelpers.getSymbol(instanceOf.getExpression()))) {
       return Description.NO_MATCH;
     }

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/JUnitClassModifiers.java

@@ -11,12 +11,12 @@ import static com.google.errorprone.matchers.Matchers.hasMethod;
 import static com.google.errorprone.matchers.Matchers.hasModifier;
 import static com.google.errorprone.matchers.Matchers.isType;
 import static com.google.errorprone.matchers.Matchers.not;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
-import static tech.picnic.errorprone.bugpatterns.util.MoreJUnitMatchers.TEST_METHOD;
-import static tech.picnic.errorprone.bugpatterns.util.MoreMatchers.hasMetaAnnotation;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.MoreJUnitMatchers.TEST_METHOD;
+import static tech.picnic.errorprone.utils.MoreMatchers.hasMetaAnnotation;
 
 import com.google.auto.service.AutoService;
-import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Sets;
 import com.google.errorprone.BugPattern;
 import com.google.errorprone.VisitorState;
 import com.google.errorprone.bugpatterns.BugChecker;
@@ -70,7 +70,7 @@ public final class JUnitClassModifiers extends BugChecker implements ClassTreeMa
     SuggestedFixes.removeModifiers(
             tree.getModifiers(),
             state,
-            ImmutableSet.of(Modifier.PRIVATE, Modifier.PROTECTED, Modifier.PUBLIC))
+            Sets.immutableEnumSet(Modifier.PRIVATE, Modifier.PROTECTED, Modifier.PUBLIC))
         .ifPresent(fixBuilder::merge);
 
     if (!HAS_SPRING_CONFIGURATION_ANNOTATION.matches(tree, state)) {

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/JUnitMethodDeclaration.java

@@ -8,10 +8,9 @@ import static com.google.errorprone.matchers.Matchers.enclosingClass;
 import static com.google.errorprone.matchers.Matchers.hasModifier;
 import static com.google.errorprone.matchers.Matchers.not;
 import static java.util.function.Predicate.not;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
-import static tech.picnic.errorprone.bugpatterns.util.JavaKeywords.isValidIdentifier;
-import static tech.picnic.errorprone.bugpatterns.util.MoreJUnitMatchers.SETUP_OR_TEARDOWN_METHOD;
-import static tech.picnic.errorprone.bugpatterns.util.MoreJUnitMatchers.TEST_METHOD;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.MoreJUnitMatchers.SETUP_OR_TEARDOWN_METHOD;
+import static tech.picnic.errorprone.utils.MoreJUnitMatchers.TEST_METHOD;
 
 import com.google.auto.service.AutoService;
 import com.google.common.collect.ImmutableSet;
@@ -25,15 +24,11 @@ import com.google.errorprone.fixes.SuggestedFixes;
 import com.google.errorprone.matchers.Description;
 import com.google.errorprone.matchers.Matcher;
 import com.google.errorprone.util.ASTHelpers;
-import com.sun.source.tree.ImportTree;
 import com.sun.source.tree.MethodTree;
-import com.sun.source.tree.Tree;
-import com.sun.tools.javac.code.Symbol;
 import com.sun.tools.javac.code.Symbol.MethodSymbol;
-import com.sun.tools.javac.code.Type;
 import java.util.Optional;
 import javax.lang.model.element.Modifier;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.ConflictDetection;
 
 /** A {@link BugChecker} that flags non-canonical JUnit method declarations. */
 // XXX: Consider introducing a class-level check that enforces that test classes:
@@ -90,7 +85,7 @@ public final class JUnitMethodDeclaration extends BugChecker implements MethodTr
     tryCanonicalizeMethodName(symbol)
         .ifPresent(
             newName ->
-                findMethodRenameBlocker(symbol, newName, state)
+                ConflictDetection.findMethodRenameBlocker(symbol, newName, state)
                     .ifPresentOrElse(
                         blocker -> reportMethodRenameBlocker(tree, blocker, state),
                         () -> fixBuilder.merge(SuggestedFixes.renameMethod(tree, newName, state))));
@@ -106,61 +101,9 @@ public final class JUnitMethodDeclaration extends BugChecker implements MethodTr
             .build());
   }
 
-  /**
-   * If applicable, returns a human-readable argument against assigning the given name to an
-   * existing method.
-   *
-   * <p>This method implements imperfect heuristics. Things it currently does not consider include
-   * the following:
-   *
-   * <ul>
-   *   <li>Whether the rename would merely introduce a method overload, rather than clashing with an
-   *       existing method declaration.
-   *   <li>Whether the rename would cause a method in a superclass to be overridden.
-   *   <li>Whether the rename would in fact clash with a static import. (It could be that a static
-   *       import of the same name is only referenced from lexical scopes in which the method under
-   *       consideration cannot be referenced directly.)
-   * </ul>
-   */
-  private static Optional<String> findMethodRenameBlocker(
-      MethodSymbol method, String newName, VisitorState state) {
-    if (isExistingMethodName(method.owner.type, newName, state)) {
-      return Optional.of(
-          String.format(
-              "a method named `%s` is already defined in this class or a supertype", newName));
-    }
-
-    if (isSimpleNameStaticallyImported(newName, state)) {
-      return Optional.of(String.format("`%s` is already statically imported", newName));
-    }
-
-    if (!isValidIdentifier(newName)) {
-      return Optional.of(String.format("`%s` is not a valid identifier", newName));
-    }
-
-    return Optional.empty();
-  }
-
-  private static boolean isExistingMethodName(Type clazz, String name, VisitorState state) {
-    return ASTHelpers.matchingMethods(state.getName(name), method -> true, clazz, state.getTypes())
-        .findAny()
-        .isPresent();
-  }
-
-  private static boolean isSimpleNameStaticallyImported(String simpleName, VisitorState state) {
-    return state.getPath().getCompilationUnit().getImports().stream()
-        .filter(ImportTree::isStatic)
-        .map(ImportTree::getQualifiedIdentifier)
-        .map(tree -> getStaticImportSimpleName(tree, state))
-        .anyMatch(simpleName::contentEquals);
-  }
-
-  private static CharSequence getStaticImportSimpleName(Tree tree, VisitorState state) {
-    String source = SourceCode.treeToString(tree, state);
-    return source.subSequence(source.lastIndexOf('.') + 1, source.length());
-  }
-
-  private static Optional<String> tryCanonicalizeMethodName(Symbol symbol) {
+  // XXX: Consider dropping leading underscores that otherwise result when canonicalizing
+  // `test_some_method_name`.
+  private static Optional<String> tryCanonicalizeMethodName(MethodSymbol symbol) {
     return Optional.of(symbol.getQualifiedName().toString())
         .filter(name -> name.startsWith(TEST_PREFIX))
         .map(name -> name.substring(TEST_PREFIX.length()))

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/JUnitNullaryParameterizedTestDeclaration.java

@@ -0,0 +1,91 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
+import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
+import static com.google.errorprone.matchers.ChildMultiMatcher.MatchType.AT_LEAST_ONE;
+import static com.google.errorprone.matchers.Matchers.annotations;
+import static com.google.errorprone.matchers.Matchers.anyOf;
+import static com.google.errorprone.matchers.Matchers.isType;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.MoreMatchers.hasMetaAnnotation;
+
+import com.google.auto.service.AutoService;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.MethodTreeMatcher;
+import com.google.errorprone.fixes.SuggestedFix;
+import com.google.errorprone.fixes.SuggestedFixes;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.matchers.MultiMatcher;
+import com.google.errorprone.matchers.MultiMatcher.MultiMatchResult;
+import com.sun.source.tree.AnnotationTree;
+import com.sun.source.tree.MethodTree;
+import tech.picnic.errorprone.utils.SourceCode;
+
+/**
+ * A {@link BugChecker} that flags nullary {@link
+ * org.junit.jupiter.params.ParameterizedTest @ParameterizedTest} test methods.
+ *
+ * <p>Such tests are unnecessarily executed more than necessary. This checker suggests annotating
+ * the method with {@link org.junit.jupiter.api.Test @Test}, and to drop all declared {@link
+ * org.junit.jupiter.params.provider.ArgumentsSource argument sources}.
+ */
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary = "Nullary JUnit test methods should not be parameterized",
+    link = BUG_PATTERNS_BASE_URL + "JUnitNullaryParameterizedTestDeclaration",
+    linkType = CUSTOM,
+    severity = SUGGESTION,
+    tags = SIMPLIFICATION)
+public final class JUnitNullaryParameterizedTestDeclaration extends BugChecker
+    implements MethodTreeMatcher {
+  private static final long serialVersionUID = 1L;
+  private static final MultiMatcher<MethodTree, AnnotationTree> IS_PARAMETERIZED_TEST =
+      annotations(AT_LEAST_ONE, isType("org.junit.jupiter.params.ParameterizedTest"));
+  private static final Matcher<AnnotationTree> IS_ARGUMENT_SOURCE =
+      anyOf(
+          isType("org.junit.jupiter.params.provider.ArgumentsSource"),
+          isType("org.junit.jupiter.params.provider.ArgumentsSources"),
+          hasMetaAnnotation("org.junit.jupiter.params.provider.ArgumentsSource"));
+
+  /** Instantiates a new {@link JUnitNullaryParameterizedTestDeclaration} instance. */
+  public JUnitNullaryParameterizedTestDeclaration() {}
+
+  @Override
+  public Description matchMethod(MethodTree tree, VisitorState state) {
+    if (!tree.getParameters().isEmpty()) {
+      return Description.NO_MATCH;
+    }
+
+    MultiMatchResult<AnnotationTree> isParameterizedTest =
+        IS_PARAMETERIZED_TEST.multiMatchResult(tree, state);
+    if (!isParameterizedTest.matches()) {
+      return Description.NO_MATCH;
+    }
+
+    /*
+     * This method is vacuously parameterized. Suggest replacing `@ParameterizedTest` with `@Test`.
+     * (As each method is checked independently, we cannot in general determine whether this
+     * suggestion makes a `ParameterizedTest` type import obsolete; that task is left to Error
+     * Prone's `RemoveUnusedImports` check.)
+     */
+    SuggestedFix.Builder fix = SuggestedFix.builder();
+    fix.merge(
+        SuggestedFix.replace(
+            isParameterizedTest.onlyMatchingNode(),
+            '@' + SuggestedFixes.qualifyType(state, fix, "org.junit.jupiter.api.Test")));
+
+    /*
+     * Also suggest dropping all (explicit and implicit) `@ArgumentsSource`s. No attempt is made to
+     * assess whether a dropped `@MethodSource` also makes the referenced factory method(s) unused.
+     */
+    tree.getModifiers().getAnnotations().stream()
+        .filter(a -> IS_ARGUMENT_SOURCE.matches(a, state))
+        .forEach(a -> fix.merge(SourceCode.deleteWithTrailingWhitespace(a, state)));
+
+    return describeMatch(tree, fix.build());
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/JUnitValueSource.java

@@ -0,0 +1,316 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
+import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
+import static com.google.errorprone.matchers.ChildMultiMatcher.MatchType.ALL;
+import static com.google.errorprone.matchers.ChildMultiMatcher.MatchType.AT_LEAST_ONE;
+import static com.google.errorprone.matchers.Matchers.allOf;
+import static com.google.errorprone.matchers.Matchers.anyOf;
+import static com.google.errorprone.matchers.Matchers.anything;
+import static com.google.errorprone.matchers.Matchers.argument;
+import static com.google.errorprone.matchers.Matchers.argumentCount;
+import static com.google.errorprone.matchers.Matchers.classLiteral;
+import static com.google.errorprone.matchers.Matchers.hasArguments;
+import static com.google.errorprone.matchers.Matchers.isPrimitiveOrBoxedPrimitiveType;
+import static com.google.errorprone.matchers.Matchers.isSameType;
+import static com.google.errorprone.matchers.Matchers.methodHasParameters;
+import static com.google.errorprone.matchers.Matchers.staticMethod;
+import static com.google.errorprone.matchers.Matchers.toType;
+import static java.util.Objects.requireNonNull;
+import static java.util.function.Predicate.not;
+import static java.util.stream.Collectors.joining;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.MoreJUnitMatchers.HAS_METHOD_SOURCE;
+import static tech.picnic.errorprone.utils.MoreJUnitMatchers.getMethodSourceFactoryNames;
+
+import com.google.auto.service.AutoService;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Iterables;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.MethodTreeMatcher;
+import com.google.errorprone.fixes.SuggestedFix;
+import com.google.errorprone.fixes.SuggestedFixes;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.util.ASTHelpers;
+import com.sun.source.tree.AnnotationTree;
+import com.sun.source.tree.ClassTree;
+import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.LambdaExpressionTree;
+import com.sun.source.tree.MethodInvocationTree;
+import com.sun.source.tree.MethodTree;
+import com.sun.source.tree.NewArrayTree;
+import com.sun.source.tree.ReturnTree;
+import com.sun.source.util.TreeScanner;
+import com.sun.tools.javac.code.Type;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+import java.util.Locale;
+import java.util.Optional;
+import java.util.Set;
+import java.util.function.Predicate;
+import java.util.stream.DoubleStream;
+import java.util.stream.IntStream;
+import java.util.stream.LongStream;
+import java.util.stream.Stream;
+import org.jspecify.annotations.Nullable;
+import tech.picnic.errorprone.utils.SourceCode;
+
+/**
+ * A {@link BugChecker} that flags JUnit tests with a {@link
+ * org.junit.jupiter.params.provider.MethodSource} annotation that can be replaced with an
+ * equivalent {@link org.junit.jupiter.params.provider.ValueSource} annotation.
+ */
+// XXX: Where applicable, also flag `@MethodSource` annotations that reference multiple value
+// factory methods (or that repeat the same value factory method multiple times).
+// XXX: Support inlining of overloaded value factory methods.
+// XXX: Support inlining of value factory methods referenced by multiple `@MethodSource`
+// annotations.
+// XXX: Support value factory return expressions of the form `Stream.of(a, b,
+// c).map(Arguments::argument)`.
+// XXX: Support simplification of test methods that accept additional injected parameters such as
+// `TestInfo`; such parameters should be ignored for the purpose of this check.
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary = "Prefer `@ValueSource` over a `@MethodSource` where possible and reasonable",
+    linkType = CUSTOM,
+    link = BUG_PATTERNS_BASE_URL + "JUnitValueSource",
+    severity = SUGGESTION,
+    tags = SIMPLIFICATION)
+public final class JUnitValueSource extends BugChecker implements MethodTreeMatcher {
+  private static final long serialVersionUID = 1L;
+  private static final Matcher<ExpressionTree> SUPPORTED_VALUE_FACTORY_VALUES =
+      anyOf(
+          isArrayArgumentValueCandidate(),
+          toType(
+              MethodInvocationTree.class,
+              allOf(
+                  staticMethod()
+                      .onClass("org.junit.jupiter.params.provider.Arguments")
+                      .namedAnyOf("arguments", "of"),
+                  argumentCount(1),
+                  argument(0, isArrayArgumentValueCandidate()))));
+  private static final Matcher<ExpressionTree> ARRAY_OF_SUPPORTED_SINGLE_VALUE_ARGUMENTS =
+      isSingleDimensionArrayCreationWithAllElementsMatching(SUPPORTED_VALUE_FACTORY_VALUES);
+  private static final Matcher<ExpressionTree> ENUMERATION_OF_SUPPORTED_SINGLE_VALUE_ARGUMENTS =
+      toType(
+          MethodInvocationTree.class,
+          allOf(
+              staticMethod()
+                  .onClassAny(
+                      Stream.class.getCanonicalName(),
+                      IntStream.class.getCanonicalName(),
+                      LongStream.class.getCanonicalName(),
+                      DoubleStream.class.getCanonicalName(),
+                      List.class.getCanonicalName(),
+                      Set.class.getCanonicalName(),
+                      ImmutableList.class.getCanonicalName(),
+                      ImmutableSet.class.getCanonicalName())
+                  .named("of"),
+              hasArguments(AT_LEAST_ONE, anything()),
+              hasArguments(ALL, SUPPORTED_VALUE_FACTORY_VALUES)));
+  private static final Matcher<MethodTree> IS_UNARY_METHOD_WITH_SUPPORTED_PARAMETER =
+      methodHasParameters(
+          anyOf(
+              isPrimitiveOrBoxedPrimitiveType(),
+              isSameType(String.class),
+              isSameType(state -> state.getSymtab().classType)));
+
+  /** Instantiates a new {@link JUnitValueSource} instance. */
+  public JUnitValueSource() {}
+
+  @Override
+  public Description matchMethod(MethodTree tree, VisitorState state) {
+    if (!IS_UNARY_METHOD_WITH_SUPPORTED_PARAMETER.matches(tree, state)) {
+      return Description.NO_MATCH;
+    }
+
+    Type parameterType =
+        requireNonNull(
+            ASTHelpers.getType(Iterables.getOnlyElement(tree.getParameters())),
+            "Missing type for method parameter");
+
+    return findMethodSourceAnnotation(tree, state)
+        .flatMap(
+            methodSourceAnnotation ->
+                getSoleLocalFactoryName(methodSourceAnnotation, tree)
+                    .filter(factory -> !hasSiblingReferencingValueFactory(tree, factory, state))
+                    .flatMap(factory -> findSiblingWithName(tree, factory, state))
+                    .flatMap(
+                        factoryMethod ->
+                            tryConstructValueSourceFix(
+                                parameterType, methodSourceAnnotation, factoryMethod, state))
+                    .map(fix -> describeMatch(methodSourceAnnotation, fix)))
+        .orElse(Description.NO_MATCH);
+  }
+
+  /**
+   * Returns the name of the value factory method pointed to by the given {@code @MethodSource}
+   * annotation, if it (a) is the only one and (b) is a method in the same class as the annotated
+   * method.
+   */
+  private static Optional<String> getSoleLocalFactoryName(
+      AnnotationTree methodSourceAnnotation, MethodTree method) {
+    return getElementIfSingleton(getMethodSourceFactoryNames(methodSourceAnnotation, method))
+        .filter(name -> name.indexOf('#') < 0);
+  }
+
+  /**
+   * Tells whether the given method has a sibling method in the same class that depends on the
+   * specified value factory method.
+   */
+  private static boolean hasSiblingReferencingValueFactory(
+      MethodTree tree, String valueFactory, VisitorState state) {
+    return findMatchingSibling(tree, m -> hasValueFactory(m, valueFactory, state), state)
+        .isPresent();
+  }
+
+  private static Optional<MethodTree> findSiblingWithName(
+      MethodTree tree, String methodName, VisitorState state) {
+    return findMatchingSibling(tree, m -> m.getName().contentEquals(methodName), state);
+  }
+
+  private static Optional<MethodTree> findMatchingSibling(
+      MethodTree tree, Predicate<? super MethodTree> predicate, VisitorState state) {
+    return requireNonNull(state.findEnclosing(ClassTree.class), "No class enclosing method")
+        .getMembers()
+        .stream()
+        .filter(MethodTree.class::isInstance)
+        .map(MethodTree.class::cast)
+        .filter(not(tree::equals))
+        .filter(predicate)
+        .findFirst();
+  }
+
+  private static boolean hasValueFactory(
+      MethodTree tree, String valueFactoryMethodName, VisitorState state) {
+    return findMethodSourceAnnotation(tree, state).stream()
+        .anyMatch(
+            annotation ->
+                getMethodSourceFactoryNames(annotation, tree).contains(valueFactoryMethodName));
+  }
+
+  private static Optional<AnnotationTree> findMethodSourceAnnotation(
+      MethodTree tree, VisitorState state) {
+    return HAS_METHOD_SOURCE.multiMatchResult(tree, state).matchingNodes().stream().findFirst();
+  }
+
+  private static Optional<SuggestedFix> tryConstructValueSourceFix(
+      Type parameterType,
+      AnnotationTree methodSourceAnnotation,
+      MethodTree valueFactoryMethod,
+      VisitorState state) {
+    return getSingleReturnExpression(valueFactoryMethod)
+        .flatMap(expression -> tryExtractValueSourceAttributeValue(expression, state))
+        .map(
+            valueSourceAttributeValue -> {
+              SuggestedFix.Builder fix = SuggestedFix.builder();
+              String valueSource =
+                  SuggestedFixes.qualifyType(
+                      state, fix, "org.junit.jupiter.params.provider.ValueSource");
+              return fix.replace(
+                      methodSourceAnnotation,
+                      String.format(
+                          "@%s(%s = %s)",
+                          valueSource,
+                          toValueSourceAttributeName(parameterType),
+                          valueSourceAttributeValue))
+                  .delete(valueFactoryMethod)
+                  .build();
+            });
+  }
+
+  // XXX: This pattern also occurs a few times inside Error Prone; contribute upstream.
+  private static Optional<ExpressionTree> getSingleReturnExpression(MethodTree methodTree) {
+    List<ExpressionTree> returnExpressions = new ArrayList<>();
+    new TreeScanner<@Nullable Void, @Nullable Void>() {
+      @Override
+      public @Nullable Void visitClass(ClassTree node, @Nullable Void unused) {
+        /* Ignore `return` statements inside anonymous/local classes. */
+        return null;
+      }
+
+      @Override
+      public @Nullable Void visitReturn(ReturnTree node, @Nullable Void unused) {
+        returnExpressions.add(node.getExpression());
+        return super.visitReturn(node, null);
+      }
+
+      @Override
+      public @Nullable Void visitLambdaExpression(
+          LambdaExpressionTree node, @Nullable Void unused) {
+        /* Ignore `return` statements inside lambda expressions. */
+        return null;
+      }
+    }.scan(methodTree, null);
+
+    return getElementIfSingleton(returnExpressions);
+  }
+
+  private static Optional<String> tryExtractValueSourceAttributeValue(
+      ExpressionTree tree, VisitorState state) {
+    List<? extends ExpressionTree> arguments;
+    if (ENUMERATION_OF_SUPPORTED_SINGLE_VALUE_ARGUMENTS.matches(tree, state)) {
+      arguments = ((MethodInvocationTree) tree).getArguments();
+    } else if (ARRAY_OF_SUPPORTED_SINGLE_VALUE_ARGUMENTS.matches(tree, state)) {
+      arguments = ((NewArrayTree) tree).getInitializers();
+    } else {
+      return Optional.empty();
+    }
+
+    /*
+     * Join the values into a comma-separated string, unwrapping `Arguments` factory method
+     * invocations if applicable.
+     */
+    return Optional.of(
+            arguments.stream()
+                .map(
+                    arg ->
+                        arg instanceof MethodInvocationTree methodInvocation
+                            ? Iterables.getOnlyElement(methodInvocation.getArguments())
+                            : arg)
+                .map(argument -> SourceCode.treeToString(argument, state))
+                .collect(joining(", ")))
+        .map(value -> arguments.size() > 1 ? String.format("{%s}", value) : value);
+  }
+
+  private static String toValueSourceAttributeName(Type type) {
+    String typeString = type.tsym.name.toString();
+
+    return switch (typeString) {
+      case "Class" -> "classes";
+      case "Character" -> "chars";
+      case "Integer" -> "ints";
+      default -> typeString.toLowerCase(Locale.ROOT) + 's';
+    };
+  }
+
+  private static <T> Optional<T> getElementIfSingleton(Collection<T> collection) {
+    return Optional.of(collection)
+        .filter(elements -> elements.size() == 1)
+        .map(Iterables::getOnlyElement);
+  }
+
+  private static Matcher<ExpressionTree> isSingleDimensionArrayCreationWithAllElementsMatching(
+      Matcher<? super ExpressionTree> elementMatcher) {
+    return (tree, state) -> {
+      if (!(tree instanceof NewArrayTree newArray)) {
+        return false;
+      }
+
+      return newArray.getDimensions().isEmpty()
+          && !newArray.getInitializers().isEmpty()
+          && newArray.getInitializers().stream()
+              .allMatch(element -> elementMatcher.matches(element, state));
+    };
+  }
+
+  private static Matcher<ExpressionTree> isArrayArgumentValueCandidate() {
+    return anyOf(classLiteral(anything()), (tree, state) -> ASTHelpers.constValue(tree) != null);
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/LexicographicalAnnotationAttributeListing.java

@@ -7,13 +7,14 @@ import static com.google.errorprone.BugPattern.StandardTags.STYLE;
 import static java.util.Comparator.comparing;
 import static java.util.Comparator.naturalOrder;
 import static java.util.stream.Collectors.joining;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.common.base.Splitter;
 import com.google.common.collect.Comparators;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Sets;
 import com.google.errorprone.BugPattern;
 import com.google.errorprone.ErrorProneFlags;
 import com.google.errorprone.VisitorState;
@@ -31,18 +32,17 @@ import com.sun.source.tree.LiteralTree;
 import com.sun.source.tree.NewArrayTree;
 import com.sun.source.tree.PrimitiveTypeTree;
 import com.sun.source.tree.Tree;
-import com.sun.source.tree.Tree.Kind;
 import com.sun.source.util.TreeScanner;
 import com.sun.tools.javac.code.Symtab;
 import com.sun.tools.javac.code.Type;
-import java.util.HashSet;
 import java.util.List;
 import java.util.Optional;
-import java.util.Set;
 import java.util.stream.Stream;
+import javax.inject.Inject;
 import org.jspecify.annotations.Nullable;
-import tech.picnic.errorprone.bugpatterns.util.AnnotationAttributeMatcher;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.AnnotationAttributeMatcher;
+import tech.picnic.errorprone.utils.Flags;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /**
  * A {@link BugChecker} that flags annotation array listings which aren't sorted lexicographically.
@@ -50,6 +50,9 @@ import tech.picnic.errorprone.bugpatterns.util.SourceCode;
  * <p>The idea behind this checker is that maintaining a sorted sequence simplifies conflict
  * resolution, and can even avoid it if two branches add the same entry.
  */
+// XXX: In some places we declare a `@SuppressWarnings` annotation with a final value of
+// `key-to-resolve-AnnotationUseStyle-and-TrailingComment-check-conflict`. That entry must stay
+// last. Consider adding (generic?) support for such cases.
 @AutoService(BugChecker.class)
 @BugPattern(
     summary = "Where possible, sort annotation array attributes lexicographically",
@@ -57,22 +60,25 @@ import tech.picnic.errorprone.bugpatterns.util.SourceCode;
     linkType = CUSTOM,
     severity = SUGGESTION,
     tags = STYLE)
+@SuppressWarnings("java:S2160" /* Super class equality definition suffices. */)
 public final class LexicographicalAnnotationAttributeListing extends BugChecker
     implements AnnotationTreeMatcher {
   private static final long serialVersionUID = 1L;
   private static final ImmutableSet<String> BLACKLISTED_ANNOTATIONS =
       ImmutableSet.of(
-          // XXX: unless JsonPropertyOrder#alphabetic is true...
+          // XXX: Unless `JsonPropertyOrder#alphabetic` is true...
           "com.fasterxml.jackson.annotation.JsonPropertyOrder#value",
           "io.swagger.annotations.ApiImplicitParams#value",
           "io.swagger.v3.oas.annotations.Parameters#value",
           "javax.xml.bind.annotation.XmlType#propOrder",
           "org.springframework.context.annotation.PropertySource#value",
           "org.springframework.test.context.TestPropertySource#locations",
-          "org.springframework.test.context.TestPropertySource#value");
+          "org.springframework.test.context.TestPropertySource#value",
+          "picocli.CommandLine.Option#names");
   private static final String FLAG_PREFIX = "LexicographicalAnnotationAttributeListing:";
   private static final String INCLUDED_ANNOTATIONS_FLAG = FLAG_PREFIX + "Includes";
   private static final String EXCLUDED_ANNOTATIONS_FLAG = FLAG_PREFIX + "Excludes";
+
   /**
    * The splitter applied to string-typed annotation arguments prior to lexicographical sorting. By
    * splitting on {@code =}, strings that represent e.g. inline Spring property declarations are
@@ -92,7 +98,8 @@ public final class LexicographicalAnnotationAttributeListing extends BugChecker
    *
    * @param flags Any provided command line flags.
    */
-  public LexicographicalAnnotationAttributeListing(ErrorProneFlags flags) {
+  @Inject
+  LexicographicalAnnotationAttributeListing(ErrorProneFlags flags) {
     matcher = createAnnotationAttributeMatcher(flags);
   }
 
@@ -117,13 +124,9 @@ public final class LexicographicalAnnotationAttributeListing extends BugChecker
   }
 
   private static Optional<NewArrayTree> extractArray(ExpressionTree expr) {
-    if (expr.getKind() == Kind.ASSIGNMENT) {
-      return extractArray(((AssignmentTree) expr).getExpression());
-    }
-
-    return Optional.of(expr)
-        .filter(e -> e.getKind() == Kind.NEW_ARRAY)
-        .map(NewArrayTree.class::cast);
+    return expr instanceof AssignmentTree assignment
+        ? extractArray(assignment.getExpression())
+        : Optional.of(expr).filter(NewArrayTree.class::isInstance).map(NewArrayTree.class::cast);
   }
 
   private static Optional<SuggestedFix.Builder> suggestSorting(
@@ -159,7 +162,12 @@ public final class LexicographicalAnnotationAttributeListing extends BugChecker
 
     /* For now we don't force sorting on numeric types. */
     return Stream.of(
-            symtab.annotationType, symtab.classType, symtab.enumSym.type, symtab.stringType)
+            symtab.annotationType,
+            symtab.booleanType,
+            symtab.charType,
+            symtab.classType,
+            symtab.enumSym.type,
+            symtab.stringType)
         .anyMatch(t -> ASTHelpers.isSubtype(elemType, t, state));
   }
 
@@ -188,24 +196,24 @@ public final class LexicographicalAnnotationAttributeListing extends BugChecker
       @Override
       public @Nullable Void visitIdentifier(IdentifierTree node, @Nullable Void unused) {
         nodes.add(ImmutableList.of(node.getName().toString()));
-        return super.visitIdentifier(node, unused);
+        return super.visitIdentifier(node, null);
       }
 
       @Override
       public @Nullable Void visitLiteral(LiteralTree node, @Nullable Void unused) {
         Object value = ASTHelpers.constValue(node);
         nodes.add(
-            value instanceof String
-                ? STRING_ARGUMENT_SPLITTER.splitToStream((String) value).collect(toImmutableList())
+            value instanceof String str
+                ? STRING_ARGUMENT_SPLITTER.splitToStream(str).collect(toImmutableList())
                 : ImmutableList.of(String.valueOf(value)));
 
-        return super.visitLiteral(node, unused);
+        return super.visitLiteral(node, null);
       }
 
       @Override
       public @Nullable Void visitPrimitiveType(PrimitiveTypeTree node, @Nullable Void unused) {
         nodes.add(ImmutableList.of(node.getPrimitiveTypeKind().toString()));
-        return super.visitPrimitiveType(node, unused);
+        return super.visitPrimitiveType(node, null);
       }
     }.scan(array, null);
 
@@ -215,13 +223,14 @@ public final class LexicographicalAnnotationAttributeListing extends BugChecker
   private static AnnotationAttributeMatcher createAnnotationAttributeMatcher(
       ErrorProneFlags flags) {
     return AnnotationAttributeMatcher.create(
-        flags.getList(INCLUDED_ANNOTATIONS_FLAG), excludedAnnotations(flags));
+        flags.get(INCLUDED_ANNOTATIONS_FLAG).isPresent()
+            ? Optional.of(flags.getListOrEmpty(INCLUDED_ANNOTATIONS_FLAG))
+            : Optional.empty(),
+        excludedAnnotations(flags));
   }
 
-  private static ImmutableList<String> excludedAnnotations(ErrorProneFlags flags) {
-    Set<String> exclusions = new HashSet<>();
-    flags.getList(EXCLUDED_ANNOTATIONS_FLAG).ifPresent(exclusions::addAll);
-    exclusions.addAll(BLACKLISTED_ANNOTATIONS);
-    return ImmutableList.copyOf(exclusions);
+  private static ImmutableSet<String> excludedAnnotations(ErrorProneFlags flags) {
+    return Sets.union(BLACKLISTED_ANNOTATIONS, Flags.getSet(flags, EXCLUDED_ANNOTATIONS_FLAG))
+        .immutableCopy();
   }
 }

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/LexicographicalAnnotationListing.java

@@ -7,7 +7,7 @@ import static com.google.errorprone.BugPattern.StandardTags.STYLE;
 import static com.sun.tools.javac.code.TypeAnnotations.AnnotationType.DECLARATION;
 import static com.sun.tools.javac.code.TypeAnnotations.AnnotationType.TYPE;
 import static java.util.Comparator.comparing;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.common.base.VerifyException;
@@ -28,7 +28,7 @@ import com.sun.tools.javac.code.TypeAnnotations.AnnotationType;
 import java.util.Comparator;
 import java.util.List;
 import org.jspecify.annotations.Nullable;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /**
  * A {@link BugChecker} that flags annotations that are not lexicographically sorted.
@@ -36,6 +36,10 @@ import tech.picnic.errorprone.bugpatterns.util.SourceCode;
  * <p>The idea behind this checker is that maintaining a sorted sequence simplifies conflict
  * resolution, and can even avoid it if two branches add the same annotation.
  */
+// XXX: Currently this checker only flags method-level annotations. It should likely also flag
+// type-, field- and parameter-level annotations.
+// XXX: Duplicate entries are often a mistake. Consider introducing a similar `BugChecker` that
+// flags duplicates.
 @AutoService(BugChecker.class)
 @BugPattern(
     summary = "Sort annotations lexicographically where possible",
@@ -46,9 +50,20 @@ import tech.picnic.errorprone.bugpatterns.util.SourceCode;
 public final class LexicographicalAnnotationListing extends BugChecker
     implements MethodTreeMatcher {
   private static final long serialVersionUID = 1L;
+
+  /**
+   * A comparator that minimally reorders {@link AnnotationType}s, such that declaration annotations
+   * are placed before type annotations.
+   */
+  @SuppressWarnings({
+    "java:S1067",
+    "java:S3358"
+  } /* Avoiding the nested ternary operator hurts readability. */)
   private static final Comparator<@Nullable AnnotationType> BY_ANNOTATION_TYPE =
       (a, b) ->
-          (a == null || a == DECLARATION) && b == TYPE ? -1 : a == TYPE && b == DECLARATION ? 1 : 0;
+          (a == null || a == DECLARATION) && b == TYPE
+              ? -1
+              : (a == TYPE && b == DECLARATION ? 1 : 0);
 
   /** Instantiates a new {@link LexicographicalAnnotationListing} instance. */
   public LexicographicalAnnotationListing() {}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/MissingRefasterAnnotation.java

@@ -1,59 +0,0 @@
-package tech.picnic.errorprone.bugpatterns;
-
-import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
-import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
-import static com.google.errorprone.BugPattern.StandardTags.LIKELY_ERROR;
-import static com.google.errorprone.matchers.ChildMultiMatcher.MatchType.AT_LEAST_ONE;
-import static com.google.errorprone.matchers.Matchers.annotations;
-import static com.google.errorprone.matchers.Matchers.anyOf;
-import static com.google.errorprone.matchers.Matchers.isType;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
-
-import com.google.auto.service.AutoService;
-import com.google.errorprone.BugPattern;
-import com.google.errorprone.VisitorState;
-import com.google.errorprone.bugpatterns.BugChecker;
-import com.google.errorprone.bugpatterns.BugChecker.ClassTreeMatcher;
-import com.google.errorprone.matchers.Description;
-import com.google.errorprone.matchers.MultiMatcher;
-import com.google.errorprone.util.ASTHelpers;
-import com.sun.source.tree.AnnotationTree;
-import com.sun.source.tree.ClassTree;
-import com.sun.source.tree.MethodTree;
-import com.sun.source.tree.Tree;
-
-/** A {@link BugChecker} that flags likely missing Refaster annotations. */
-@AutoService(BugChecker.class)
-@BugPattern(
-    summary = "The Refaster rule contains a method without any Refaster annotations",
-    link = BUG_PATTERNS_BASE_URL + "MissingRefasterAnnotation",
-    linkType = CUSTOM,
-    severity = WARNING,
-    tags = LIKELY_ERROR)
-public final class MissingRefasterAnnotation extends BugChecker implements ClassTreeMatcher {
-  private static final long serialVersionUID = 1L;
-  private static final MultiMatcher<Tree, AnnotationTree> REFASTER_ANNOTATION =
-      annotations(
-          AT_LEAST_ONE,
-          anyOf(
-              isType("com.google.errorprone.refaster.annotation.Placeholder"),
-              isType("com.google.errorprone.refaster.annotation.BeforeTemplate"),
-              isType("com.google.errorprone.refaster.annotation.AfterTemplate")));
-
-  /** Instantiates a new {@link MissingRefasterAnnotation} instance. */
-  public MissingRefasterAnnotation() {}
-
-  @Override
-  public Description matchClass(ClassTree tree, VisitorState state) {
-    long methodTypes =
-        tree.getMembers().stream()
-            .filter(member -> member.getKind() == Tree.Kind.METHOD)
-            .map(MethodTree.class::cast)
-            .filter(method -> !ASTHelpers.isGeneratedConstructor(method))
-            .map(method -> REFASTER_ANNOTATION.matches(method, state))
-            .distinct()
-            .count();
-
-    return methodTypes < 2 ? Description.NO_MATCH : buildDescription(tree).build();
-  }
-}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/MockitoMockClassReference.java

@@ -0,0 +1,85 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
+import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
+import static com.google.errorprone.matchers.Matchers.allOf;
+import static com.google.errorprone.matchers.Matchers.argument;
+import static com.google.errorprone.matchers.Matchers.isSameType;
+import static com.google.errorprone.matchers.Matchers.isVariable;
+import static com.google.errorprone.matchers.Matchers.not;
+import static com.google.errorprone.matchers.Matchers.staticMethod;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+
+import com.google.auto.service.AutoService;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.MethodInvocationTreeMatcher;
+import com.google.errorprone.fixes.SuggestedFixes;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.util.ASTHelpers;
+import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.MethodInvocationTree;
+import com.sun.source.tree.Tree;
+import com.sun.source.tree.VariableTree;
+import java.util.List;
+import tech.picnic.errorprone.utils.MoreASTHelpers;
+
+/**
+ * A {@link BugChecker} that flags the use of {@link org.mockito.Mockito#mock(Class)} and {@link
+ * org.mockito.Mockito#spy(Class)} where instead the type to be mocked or spied can be derived from
+ * context.
+ */
+// XXX: This check currently does not flag method invocation arguments. When adding support for
+// this, consider that in some cases the type to be mocked or spied must be specified explicitly so
+// as to disambiguate between method overloads.
+// XXX: This check currently does not flag (implicit or explicit) lambda return expressions.
+// XXX: This check currently does not drop suppressions that become obsolete after the
+// suggested fix is applied; consider adding support for this.
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary = "Don't unnecessarily pass a type to Mockito's `mock(Class)` and `spy(Class)` methods",
+    link = BUG_PATTERNS_BASE_URL + "MockitoMockClassReference",
+    linkType = CUSTOM,
+    severity = SUGGESTION,
+    tags = SIMPLIFICATION)
+public final class MockitoMockClassReference extends BugChecker
+    implements MethodInvocationTreeMatcher {
+  private static final long serialVersionUID = 1L;
+  private static final Matcher<MethodInvocationTree> MOCKITO_MOCK_OR_SPY_WITH_HARDCODED_TYPE =
+      allOf(
+          argument(0, allOf(isSameType(Class.class.getCanonicalName()), not(isVariable()))),
+          staticMethod().onClass("org.mockito.Mockito").namedAnyOf("mock", "spy"));
+
+  /** Instantiates a new {@link MockitoMockClassReference} instance. */
+  public MockitoMockClassReference() {}
+
+  @Override
+  public Description matchMethodInvocation(MethodInvocationTree tree, VisitorState state) {
+    if (!MOCKITO_MOCK_OR_SPY_WITH_HARDCODED_TYPE.matches(tree, state)
+        || !isTypeDerivableFromContext(tree, state)) {
+      return Description.NO_MATCH;
+    }
+
+    List<? extends ExpressionTree> arguments = tree.getArguments();
+    return describeMatch(tree, SuggestedFixes.removeElement(arguments.get(0), arguments, state));
+  }
+
+  // XXX: Use switch pattern matching once the targeted JDK supports this.
+  private static boolean isTypeDerivableFromContext(MethodInvocationTree tree, VisitorState state) {
+    Tree parent = state.getPath().getParentPath().getLeaf();
+    return switch (parent.getKind()) {
+      case VARIABLE ->
+          !ASTHelpers.hasImplicitType((VariableTree) parent, state)
+              && MoreASTHelpers.areSameType(tree, parent, state);
+      case ASSIGNMENT -> MoreASTHelpers.areSameType(tree, parent, state);
+      case RETURN ->
+          MoreASTHelpers.findMethodExitedOnReturn(state)
+              .filter(m -> MoreASTHelpers.areSameType(tree, m.getReturnType(), state))
+              .isPresent();
+      default -> false;
+    };
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/MockitoStubbing.java

@@ -4,7 +4,7 @@ import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
 import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
 import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
 import static com.google.errorprone.matchers.Matchers.staticMethod;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.common.collect.Iterables;
@@ -18,7 +18,7 @@ import com.google.errorprone.matchers.Matcher;
 import com.sun.source.tree.ExpressionTree;
 import com.sun.source.tree.MethodInvocationTree;
 import java.util.List;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /**
  * A {@link BugChecker} that flags method invocations for which all arguments are wrapped using

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/MongoDBTextFilterUsage.java

@@ -0,0 +1,49 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
+import static com.google.errorprone.BugPattern.StandardTags.PERFORMANCE;
+import static com.google.errorprone.matchers.method.MethodMatchers.staticMethod;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+
+import com.google.auto.service.AutoService;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.MethodInvocationTreeMatcher;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
+import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.MethodInvocationTree;
+
+/**
+ * A {@link BugChecker} that flags usages of MongoDB {@code $text} filter usages.
+ *
+ * @see <a href="https://www.mongodb.com/docs/manual/text-search/">MongoDB Text Search</a>
+ */
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary =
+        """
+        Avoid MongoDB's `$text` filter operator, as it can trigger heavy queries and even cause \
+        the server to run out of memory""",
+    link = BUG_PATTERNS_BASE_URL + "MongoDBTextFilterUsage",
+    linkType = CUSTOM,
+    severity = SUGGESTION,
+    tags = PERFORMANCE)
+public final class MongoDBTextFilterUsage extends BugChecker
+    implements MethodInvocationTreeMatcher {
+  private static final long serialVersionUID = 1L;
+  private static final Matcher<ExpressionTree> MONGO_FILTERS_TEXT_METHOD =
+      staticMethod().onClass("com.mongodb.client.model.Filters").named("text");
+
+  /** Instantiates a new {@link MongoDBTextFilterUsage} instance. */
+  public MongoDBTextFilterUsage() {}
+
+  @Override
+  public Description matchMethodInvocation(MethodInvocationTree tree, VisitorState state) {
+    return MONGO_FILTERS_TEXT_METHOD.matches(tree, state)
+        ? describeMatch(tree)
+        : Description.NO_MATCH;
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/NestedOptionals.java

@@ -3,10 +3,11 @@ package tech.picnic.errorprone.bugpatterns;
 import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
 import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
 import static com.google.errorprone.BugPattern.StandardTags.FRAGILE_CODE;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
-import static tech.picnic.errorprone.bugpatterns.util.MoreTypes.generic;
-import static tech.picnic.errorprone.bugpatterns.util.MoreTypes.raw;
-import static tech.picnic.errorprone.bugpatterns.util.MoreTypes.subOf;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.MoreMatchers.isSubTypeOf;
+import static tech.picnic.errorprone.utils.MoreTypes.generic;
+import static tech.picnic.errorprone.utils.MoreTypes.raw;
+import static tech.picnic.errorprone.utils.MoreTypes.subOf;
 
 import com.google.auto.service.AutoService;
 import com.google.errorprone.BugPattern;
@@ -14,14 +15,19 @@ import com.google.errorprone.VisitorState;
 import com.google.errorprone.bugpatterns.BugChecker;
 import com.google.errorprone.bugpatterns.BugChecker.MethodInvocationTreeMatcher;
 import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
 import com.google.errorprone.suppliers.Supplier;
 import com.google.errorprone.suppliers.Suppliers;
-import com.google.errorprone.util.ASTHelpers;
 import com.sun.source.tree.MethodInvocationTree;
+import com.sun.source.tree.Tree;
 import com.sun.tools.javac.code.Type;
 import java.util.Optional;
 
 /** A {@link BugChecker} that flags nesting of {@link Optional Optionals}. */
+// XXX: Extend this checker to also flag method return types and variable/field types.
+// XXX: Consider generalizing this checker and `NestedPublishers` to a single `NestedMonad` check,
+// which e.g. also flags nested `Stream`s. Alternatively, combine these and other checkers into an
+// even more generic `ConfusingType` checker.
 @AutoService(BugChecker.class)
 @BugPattern(
     summary =
@@ -33,19 +39,16 @@ import java.util.Optional;
 public final class NestedOptionals extends BugChecker implements MethodInvocationTreeMatcher {
   private static final long serialVersionUID = 1L;
   private static final Supplier<Type> OPTIONAL = Suppliers.typeFromClass(Optional.class);
-  private static final Supplier<Type> OPTIONAL_OF_OPTIONAL =
-      VisitorState.memoize(generic(OPTIONAL, subOf(raw(OPTIONAL))));
+  private static final Matcher<Tree> IS_OPTIONAL_OF_OPTIONAL =
+      isSubTypeOf(VisitorState.memoize(generic(OPTIONAL, subOf(raw(OPTIONAL)))));
 
   /** Instantiates a new {@link NestedOptionals} instance. */
   public NestedOptionals() {}
 
   @Override
   public Description matchMethodInvocation(MethodInvocationTree tree, VisitorState state) {
-    Type type = OPTIONAL_OF_OPTIONAL.get(state);
-    if (type == null || !state.getTypes().isSubtype(ASTHelpers.getType(tree), type)) {
-      return Description.NO_MATCH;
-    }
-
-    return describeMatch(tree);
+    return IS_OPTIONAL_OF_OPTIONAL.matches(tree, state)
+        ? describeMatch(tree)
+        : Description.NO_MATCH;
   }
 }

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/NestedPublishers.java

@@ -0,0 +1,64 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
+import static com.google.errorprone.BugPattern.StandardTags.FRAGILE_CODE;
+import static com.google.errorprone.matchers.Matchers.typePredicateMatcher;
+import static com.google.errorprone.predicates.TypePredicates.allOf;
+import static com.google.errorprone.predicates.TypePredicates.not;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.MoreTypePredicates.hasTypeParameter;
+import static tech.picnic.errorprone.utils.MoreTypePredicates.isSubTypeOf;
+import static tech.picnic.errorprone.utils.MoreTypes.generic;
+import static tech.picnic.errorprone.utils.MoreTypes.raw;
+import static tech.picnic.errorprone.utils.MoreTypes.subOf;
+import static tech.picnic.errorprone.utils.MoreTypes.type;
+
+import com.google.auto.service.AutoService;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.MethodInvocationTreeMatcher;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.suppliers.Supplier;
+import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.MethodInvocationTree;
+import com.sun.tools.javac.code.Type;
+
+/**
+ * A {@link BugChecker} that flags {@code Publisher<? extends Publisher>} instances, unless the
+ * nested {@link org.reactivestreams.Publisher} is a {@link reactor.core.publisher.GroupedFlux}.
+ */
+// XXX: See the `NestedOptionals` check for some ideas on how to generalize this kind of checker.
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary =
+        """
+        Avoid `Publisher`s that emit other `Publishers`s; the resultant code is hard to reason \
+        about""",
+    link = BUG_PATTERNS_BASE_URL + "NestedPublishers",
+    linkType = CUSTOM,
+    severity = WARNING,
+    tags = FRAGILE_CODE)
+public final class NestedPublishers extends BugChecker implements MethodInvocationTreeMatcher {
+  private static final long serialVersionUID = 1L;
+  private static final Supplier<Type> PUBLISHER = type("org.reactivestreams.Publisher");
+  private static final Matcher<ExpressionTree> IS_NON_GROUPED_PUBLISHER_OF_PUBLISHERS =
+      typePredicateMatcher(
+          allOf(
+              isSubTypeOf(generic(PUBLISHER, subOf(raw(PUBLISHER)))),
+              not(
+                  hasTypeParameter(
+                      0, isSubTypeOf(raw(type("reactor.core.publisher.GroupedFlux")))))));
+
+  /** Instantiates a new {@link NestedPublishers} instance. */
+  public NestedPublishers() {}
+
+  @Override
+  public Description matchMethodInvocation(MethodInvocationTree tree, VisitorState state) {
+    return IS_NON_GROUPED_PUBLISHER_OF_PUBLISHERS.matches(tree, state)
+        ? describeMatch(tree)
+        : Description.NO_MATCH;
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/NonEmptyMono.java

@@ -5,7 +5,8 @@ import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
 import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
 import static com.google.errorprone.matchers.Matchers.anyOf;
 import static com.google.errorprone.matchers.Matchers.instanceMethod;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static java.util.Objects.requireNonNull;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.errorprone.BugPattern;
@@ -20,7 +21,7 @@ import com.sun.source.tree.ExpressionTree;
 import com.sun.source.tree.MethodInvocationTree;
 import java.util.function.BiFunction;
 import reactor.core.publisher.Mono;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /**
  * A {@link BugChecker} that flags {@link Mono} operations that are known to be vacuous, given that
@@ -43,6 +44,7 @@ import tech.picnic.errorprone.bugpatterns.util.SourceCode;
 // emitting a value (e.g. `Mono.empty()`, `someFlux.then()`, ...), or known not to complete normally
 // (`Mono.never()`, `someFlux.repeat()`, `Mono.error(...)`, ...). The latter category could
 // potentially be split out further.
+@SuppressWarnings("java:S1192" /* Factoring out repeated method names impacts readability. */)
 public final class NonEmptyMono extends BugChecker implements MethodInvocationTreeMatcher {
   private static final long serialVersionUID = 1L;
   private static final Matcher<ExpressionTree> MONO_SIZE_CHECK =
@@ -71,7 +73,7 @@ public final class NonEmptyMono extends BugChecker implements MethodInvocationTr
           instanceMethod()
               .onDescendantOf("reactor.core.publisher.Flux")
               .named("reduce")
-              .withParameters(Object.class.getName(), BiFunction.class.getName()),
+              .withParameters(Object.class.getCanonicalName(), BiFunction.class.getCanonicalName()),
           instanceMethod()
               .onDescendantOf("reactor.core.publisher.Mono")
               .namedAnyOf("defaultIfEmpty", "hasElement", "single"));
@@ -85,7 +87,9 @@ public final class NonEmptyMono extends BugChecker implements MethodInvocationTr
       return Description.NO_MATCH;
     }
 
-    ExpressionTree receiver = ASTHelpers.getReceiver(tree);
+    ExpressionTree receiver =
+        requireNonNull(
+            ASTHelpers.getReceiver(tree), "Instance method invocation must have receiver");
     if (!NON_EMPTY_MONO.matches(receiver, state)) {
       return Description.NO_MATCH;
     }

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/NonStaticImport.java

@@ -0,0 +1,227 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
+import static com.google.errorprone.BugPattern.StandardTags.STYLE;
+import static tech.picnic.errorprone.bugpatterns.StaticImport.STATIC_IMPORT_CANDIDATE_MEMBERS;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+
+import com.google.auto.service.AutoService;
+import com.google.auto.value.AutoValue;
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Predicates;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.ImmutableSetMultimap;
+import com.google.common.collect.ImmutableTable;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.CompilationUnitTreeMatcher;
+import com.google.errorprone.fixes.SuggestedFix;
+import com.google.errorprone.fixes.SuggestedFixes;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.util.ASTHelpers;
+import com.sun.source.tree.CompilationUnitTree;
+import com.sun.source.tree.IdentifierTree;
+import com.sun.source.tree.ImportTree;
+import com.sun.source.tree.MemberSelectTree;
+import com.sun.source.tree.Tree;
+import com.sun.source.util.TreeScanner;
+import com.sun.tools.javac.code.Symbol;
+import java.time.Clock;
+import java.time.InstantSource;
+import java.time.ZoneOffset;
+import java.util.Collections;
+import java.util.Locale;
+import java.util.Optional;
+import java.util.regex.Pattern;
+import org.jspecify.annotations.Nullable;
+import tech.picnic.errorprone.utils.SourceCode;
+
+/**
+ * A {@link BugChecker} that flags static imports of type members that should *not* be statically
+ * imported.
+ */
+// XXX: This check is closely linked to `StaticImport`. Consider merging the two.
+// XXX: Add suppression support. If qualification of one more more identifiers is suppressed, then
+// the associated static import should *not* be removed.
+// XXX: Also introduce logic that disallows statically importing `ZoneOffset.ofHours` and other
+// `ofXXX`-style methods.
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary = "Member should not be statically imported",
+    link = BUG_PATTERNS_BASE_URL + "NonStaticImport",
+    linkType = CUSTOM,
+    severity = SUGGESTION,
+    tags = STYLE)
+public final class NonStaticImport extends BugChecker implements CompilationUnitTreeMatcher {
+  private static final long serialVersionUID = 1L;
+
+  /**
+   * Types whose members should not be statically imported, unless exempted by {@link
+   * StaticImport#STATIC_IMPORT_CANDIDATE_MEMBERS}.
+   *
+   * <p>Types listed here should be mutually exclusive with {@link
+   * StaticImport#STATIC_IMPORT_CANDIDATE_TYPES}.
+   */
+  @VisibleForTesting
+  static final ImmutableSet<String> NON_STATIC_IMPORT_CANDIDATE_TYPES =
+      ImmutableSet.of(
+          ASTHelpers.class.getCanonicalName(),
+          Clock.class.getCanonicalName(),
+          InstantSource.class.getCanonicalName(),
+          Strings.class.getCanonicalName(),
+          VisitorState.class.getCanonicalName(),
+          ZoneOffset.class.getCanonicalName(),
+          "com.google.errorprone.BugCheckerRefactoringTestHelper.TestMode",
+          "reactor.core.publisher.Flux",
+          "reactor.core.publisher.Mono");
+
+  /**
+   * Type members that should never be statically imported.
+   *
+   * <p>Please note that:
+   *
+   * <ul>
+   *   <li>Types listed by {@link #NON_STATIC_IMPORT_CANDIDATE_TYPES} and members listed by {@link
+   *       #NON_STATIC_IMPORT_CANDIDATE_IDENTIFIERS} should be omitted from this collection.
+   *   <li>This collection should be mutually exclusive with {@link
+   *       StaticImport#STATIC_IMPORT_CANDIDATE_MEMBERS}.
+   * </ul>
+   */
+  // XXX: Perhaps the set of exempted `java.util.Collections` methods is too strict. For now any
+  // method name that could be considered "too vague" or could conceivably mean something else in a
+  // specific context is left out.
+  static final ImmutableSetMultimap<String, String> NON_STATIC_IMPORT_CANDIDATE_MEMBERS =
+      ImmutableSetMultimap.<String, String>builder()
+          .putAll(
+              Collections.class.getCanonicalName(),
+              "addAll",
+              "copy",
+              "fill",
+              "list",
+              "max",
+              "min",
+              "nCopies",
+              "rotate",
+              "sort",
+              "swap")
+          .put(Locale.class.getCanonicalName(), "ROOT")
+          .put(Optional.class.getCanonicalName(), "empty")
+          .putAll(Pattern.class.getCanonicalName(), "compile", "matches", "quote")
+          .put(Predicates.class.getCanonicalName(), "contains")
+          .put("org.springframework.http.MediaType", "ALL")
+          .build();
+
+  /**
+   * Identifiers that should never be statically imported.
+   *
+   * <p>Please note that:
+   *
+   * <ul>
+   *   <li>Identifiers listed by {@link StaticImport#STATIC_IMPORT_CANDIDATE_MEMBERS} should be
+   *       mutually exclusive with identifiers listed here.
+   *   <li>This list should contain a superset of the identifiers flagged by {@link
+   *       com.google.errorprone.bugpatterns.BadImport}.
+   * </ul>
+   */
+  static final ImmutableSet<String> NON_STATIC_IMPORT_CANDIDATE_IDENTIFIERS =
+      ImmutableSet.of(
+          "builder",
+          "copyOf",
+          "create",
+          "EPOCH",
+          "from",
+          "getDefaultInstance",
+          "INSTANCE",
+          "MAX",
+          "MAX_VALUE",
+          "MIN",
+          "MIN_VALUE",
+          "newBuilder",
+          "newInstance",
+          "of",
+          "parse",
+          "valueOf");
+
+  /** Instantiates a new {@link NonStaticImport} instance. */
+  public NonStaticImport() {}
+
+  @Override
+  public Description matchCompilationUnit(CompilationUnitTree tree, VisitorState state) {
+    ImmutableTable<String, String, UndesiredStaticImport> undesiredStaticImports =
+        getUndesiredStaticImports(tree, state);
+
+    if (!undesiredStaticImports.isEmpty()) {
+      replaceUndesiredStaticImportUsages(tree, undesiredStaticImports, state);
+
+      for (UndesiredStaticImport staticImport : undesiredStaticImports.values()) {
+        state.reportMatch(
+            describeMatch(staticImport.importTree(), staticImport.fixBuilder().build()));
+      }
+    }
+
+    /* Any violations have been flagged against the offending static import statement. */
+    return Description.NO_MATCH;
+  }
+
+  private static ImmutableTable<String, String, UndesiredStaticImport> getUndesiredStaticImports(
+      CompilationUnitTree tree, VisitorState state) {
+    ImmutableTable.Builder<String, String, UndesiredStaticImport> imports =
+        ImmutableTable.builder();
+    for (ImportTree importTree : tree.getImports()) {
+      Tree qualifiedIdentifier = importTree.getQualifiedIdentifier();
+      if (importTree.isStatic() && qualifiedIdentifier instanceof MemberSelectTree memberSelect) {
+        String type = SourceCode.treeToString(memberSelect.getExpression(), state);
+        String member = memberSelect.getIdentifier().toString();
+        if (shouldNotBeStaticallyImported(type, member)) {
+          imports.put(
+              type,
+              member,
+              new AutoValue_NonStaticImport_UndesiredStaticImport(
+                  importTree, SuggestedFix.builder().removeStaticImport(type + '.' + member)));
+        }
+      }
+    }
+
+    return imports.buildOrThrow();
+  }
+
+  private static boolean shouldNotBeStaticallyImported(String type, String member) {
+    return (NON_STATIC_IMPORT_CANDIDATE_TYPES.contains(type)
+            && !STATIC_IMPORT_CANDIDATE_MEMBERS.containsEntry(type, member))
+        || NON_STATIC_IMPORT_CANDIDATE_MEMBERS.containsEntry(type, member)
+        || NON_STATIC_IMPORT_CANDIDATE_IDENTIFIERS.contains(member);
+  }
+
+  private static void replaceUndesiredStaticImportUsages(
+      CompilationUnitTree tree,
+      ImmutableTable<String, String, UndesiredStaticImport> undesiredStaticImports,
+      VisitorState state) {
+    new TreeScanner<@Nullable Void, @Nullable Void>() {
+      @Override
+      public @Nullable Void visitIdentifier(IdentifierTree node, @Nullable Void unused) {
+        Symbol symbol = ASTHelpers.getSymbol(node);
+        if (symbol != null) {
+          UndesiredStaticImport staticImport =
+              undesiredStaticImports.get(
+                  symbol.owner.getQualifiedName().toString(), symbol.name.toString());
+          if (staticImport != null) {
+            SuggestedFix.Builder fix = staticImport.fixBuilder();
+            fix.prefixWith(node, SuggestedFixes.qualifyType(state, fix, symbol.owner) + '.');
+          }
+        }
+
+        return super.visitIdentifier(node, null);
+      }
+    }.scan(tree, null);
+  }
+
+  @AutoValue
+  abstract static class UndesiredStaticImport {
+    abstract ImportTree importTree();
+
+    abstract SuggestedFix.Builder fixBuilder();
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/OptionalOrElseGet.java

@@ -0,0 +1,123 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.errorprone.BugPattern.LinkType.NONE;
+import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
+import static com.google.errorprone.BugPattern.StandardTags.PERFORMANCE;
+import static com.google.errorprone.matchers.Matchers.instanceMethod;
+import static com.google.errorprone.matchers.Matchers.staticMethod;
+import static java.util.stream.Collectors.joining;
+
+import com.google.auto.service.AutoService;
+import com.google.common.collect.Iterables;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.MethodInvocationTreeMatcher;
+import com.google.errorprone.fixes.SuggestedFix;
+import com.google.errorprone.fixes.SuggestedFixes;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.refaster.Refaster;
+import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.MemberSelectTree;
+import com.sun.source.tree.MethodInvocationTree;
+import java.util.Optional;
+import java.util.function.Supplier;
+import tech.picnic.errorprone.refaster.matchers.RequiresComputation;
+import tech.picnic.errorprone.utils.SourceCode;
+
+/**
+ * A {@link BugChecker} that flags arguments to {@link Optional#orElse(Object)} that should be
+ * deferred using {@link Optional#orElseGet(Supplier)}.
+ *
+ * <p>The suggested fix assumes that the argument to {@code orElse} does not have side effects. If
+ * it does, the suggested fix changes the program's semantics. Such fragile code must instead be
+ * refactored such that the side-effectful code does not appear accidental.
+ */
+// XXX: This rule may introduce a compilation error: the `value` expression may reference a
+// non-effectively final variable, which is not allowed in the replacement lambda expression.
+// Review whether a `@Matcher` can be used to avoid this.
+// XXX: Once the `MethodReferenceUsageCheck` bug checker becomes generally usable, consider leaving
+// the method reference cleanup to that check, and express the remainder of the logic in this class
+// using a Refaster template, i.c.w. a `@NotMatches(RequiresComputation.class)` constraint.
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary =
+        """
+        Prefer `Optional#orElseGet` over `Optional#orElse` if the fallback requires additional \
+        computation""",
+    linkType = NONE,
+    severity = WARNING,
+    tags = PERFORMANCE)
+public final class OptionalOrElseGet extends BugChecker implements MethodInvocationTreeMatcher {
+  private static final long serialVersionUID = 1L;
+  private static final Matcher<ExpressionTree> REQUIRES_COMPUTATION = new RequiresComputation();
+  private static final Matcher<ExpressionTree> OPTIONAL_OR_ELSE_METHOD =
+      instanceMethod().onExactClass(Optional.class.getCanonicalName()).namedAnyOf("orElse");
+  // XXX: Also exclude invocations of `@Placeholder`-annotated methods.
+  private static final Matcher<ExpressionTree> REFASTER_METHOD =
+      staticMethod().onClass(Refaster.class.getCanonicalName());
+
+  /** Instantiates a new {@link OptionalOrElseGet} instance. */
+  public OptionalOrElseGet() {}
+
+  @Override
+  public Description matchMethodInvocation(MethodInvocationTree tree, VisitorState state) {
+    if (!OPTIONAL_OR_ELSE_METHOD.matches(tree, state)) {
+      return Description.NO_MATCH;
+    }
+
+    ExpressionTree argument = Iterables.getOnlyElement(tree.getArguments());
+    if (!REQUIRES_COMPUTATION.matches(argument, state)
+        || REFASTER_METHOD.matches(argument, state)) {
+      return Description.NO_MATCH;
+    }
+
+    /*
+     * We have a match. Construct the method reference or lambda expression to be passed to the
+     * replacement `#orElseGet` invocation.
+     */
+    String newArgument =
+        tryMethodReferenceConversion(argument, state)
+            .orElseGet(() -> "() -> " + SourceCode.treeToString(argument, state));
+
+    /* Construct the suggested fix, replacing the method invocation and its argument. */
+    SuggestedFix fix =
+        SuggestedFix.builder()
+            .merge(SuggestedFixes.renameMethodInvocation(tree, "orElseGet", state))
+            .replace(argument, newArgument)
+            .build();
+
+    return describeMatch(tree, fix);
+  }
+
+  /** Returns the nullary method reference matching the given expression, if any. */
+  private static Optional<String> tryMethodReferenceConversion(
+      ExpressionTree tree, VisitorState state) {
+    if (!(tree instanceof MethodInvocationTree methodInvocation)) {
+      return Optional.empty();
+    }
+
+    if (!methodInvocation.getArguments().isEmpty()) {
+      return Optional.empty();
+    }
+
+    if (!(methodInvocation.getMethodSelect() instanceof MemberSelectTree memberSelect)) {
+      return Optional.empty();
+    }
+
+    if (REQUIRES_COMPUTATION.matches(memberSelect.getExpression(), state)) {
+      return Optional.empty();
+    }
+
+    return Optional.of(
+        SourceCode.treeToString(memberSelect.getExpression(), state)
+            + "::"
+            + (methodInvocation.getTypeArguments().isEmpty()
+                ? ""
+                : methodInvocation.getTypeArguments().stream()
+                    .map(arg -> SourceCode.treeToString(arg, state))
+                    .collect(joining(",", "<", ">")))
+            + memberSelect.getIdentifier());
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/PrimitiveComparison.java

@@ -7,7 +7,7 @@ import static com.google.errorprone.matchers.Matchers.anyOf;
 import static com.google.errorprone.matchers.method.MethodMatchers.instanceMethod;
 import static com.google.errorprone.matchers.method.MethodMatchers.staticMethod;
 import static java.util.stream.Collectors.joining;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.common.base.VerifyException;
@@ -17,10 +17,12 @@ import com.google.errorprone.bugpatterns.BugChecker;
 import com.google.errorprone.bugpatterns.BugChecker.MethodInvocationTreeMatcher;
 import com.google.errorprone.fixes.Fix;
 import com.google.errorprone.fixes.SuggestedFix;
+import com.google.errorprone.fixes.SuggestedFixes;
 import com.google.errorprone.matchers.Description;
 import com.google.errorprone.matchers.Matcher;
 import com.google.errorprone.util.ASTHelpers;
 import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.IdentifierTree;
 import com.sun.source.tree.LambdaExpressionTree;
 import com.sun.source.tree.MemberSelectTree;
 import com.sun.source.tree.MethodInvocationTree;
@@ -32,7 +34,7 @@ import java.util.Comparator;
 import java.util.Optional;
 import java.util.function.Function;
 import java.util.stream.Stream;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /**
  * A {@link BugChecker} that flags {@code Comparator#comparing*} invocations that can be replaced
@@ -43,32 +45,34 @@ import tech.picnic.errorprone.bugpatterns.util.SourceCode;
 @AutoService(BugChecker.class)
 @BugPattern(
     summary =
-        "Ensure invocations of `Comparator#comparing{,Double,Int,Long}` match the return type"
-            + " of the provided function",
+        """
+        Ensure invocations of `Comparator#comparing{,Double,Int,Long}` match the return type of \
+        the provided function""",
     link = BUG_PATTERNS_BASE_URL + "PrimitiveComparison",
     linkType = CUSTOM,
     severity = WARNING,
     tags = PERFORMANCE)
+@SuppressWarnings("java:S1192" /* Factoring out repeated method names impacts readability. */)
 public final class PrimitiveComparison extends BugChecker implements MethodInvocationTreeMatcher {
   private static final long serialVersionUID = 1L;
   private static final Matcher<ExpressionTree> STATIC_COMPARISON_METHOD =
       anyOf(
           staticMethod()
-              .onClass(Comparator.class.getName())
+              .onClass(Comparator.class.getCanonicalName())
               .namedAnyOf("comparingInt", "comparingLong", "comparingDouble"),
           staticMethod()
-              .onClass(Comparator.class.getName())
+              .onClass(Comparator.class.getCanonicalName())
               .named("comparing")
-              .withParameters(Function.class.getName()));
+              .withParameters(Function.class.getCanonicalName()));
   private static final Matcher<ExpressionTree> INSTANCE_COMPARISON_METHOD =
       anyOf(
           instanceMethod()
-              .onDescendantOf(Comparator.class.getName())
+              .onDescendantOf(Comparator.class.getCanonicalName())
               .namedAnyOf("thenComparingInt", "thenComparingLong", "thenComparingDouble"),
           instanceMethod()
-              .onDescendantOf(Comparator.class.getName())
+              .onDescendantOf(Comparator.class.getCanonicalName())
               .named("thenComparing")
-              .withParameters(Function.class.getName()));
+              .withParameters(Function.class.getCanonicalName()));
 
   /** Instantiates a new {@link PrimitiveComparison} instance. */
   public PrimitiveComparison() {}
@@ -145,37 +149,44 @@ public final class PrimitiveComparison extends BugChecker implements MethodInvoc
     return isStatic ? "comparing" : "thenComparing";
   }
 
+  // XXX: Use switch pattern matching once the targeted JDK supports this.
   private static Optional<Type> getPotentiallyBoxedReturnType(ExpressionTree tree) {
-    switch (tree.getKind()) {
-      case LAMBDA_EXPRESSION:
-        /* Return the lambda expression's actual return type. */
-        return Optional.ofNullable(ASTHelpers.getType(((LambdaExpressionTree) tree).getBody()));
-      case MEMBER_REFERENCE:
-        /* Return the method's declared return type. */
-        // XXX: Very fragile. Do better.
-        Type subType2 = ((JCMemberReference) tree).referentType;
-        return Optional.of(subType2.getReturnType());
-      default:
-        /* This appears to be a genuine `{,ToInt,ToLong,ToDouble}Function`. */
-        return Optional.empty();
+    if (tree instanceof LambdaExpressionTree lambdaExpression) {
+      /* Return the lambda expression's actual return type. */
+      return Optional.ofNullable(ASTHelpers.getType(lambdaExpression.getBody()));
     }
+
+    // XXX: The match against a concrete type and reference to one of its fields is fragile. Do
+    // better.
+    if (tree instanceof JCMemberReference memberReference) {
+      /* Return the method's declared return type. */
+      Type subType = memberReference.referentType;
+      return Optional.of(subType.getReturnType());
+    }
+
+    /* This appears to be a genuine `{,ToInt,ToLong,ToDouble}Function`. */
+    return Optional.empty();
   }
 
+  // XXX: Use switch pattern matching once the targeted JDK supports this.
   private static Fix suggestFix(
       MethodInvocationTree tree, String preferredMethodName, VisitorState state) {
     ExpressionTree expr = tree.getMethodSelect();
-    switch (expr.getKind()) {
-      case IDENTIFIER:
-        return SuggestedFix.builder()
-            .addStaticImport(Comparator.class.getName() + '.' + preferredMethodName)
-            .replace(expr, preferredMethodName)
-            .build();
-      case MEMBER_SELECT:
-        MemberSelectTree ms = (MemberSelectTree) tree.getMethodSelect();
-        return SuggestedFix.replace(
-            ms, SourceCode.treeToString(ms.getExpression(), state) + '.' + preferredMethodName);
-      default:
-        throw new VerifyException("Unexpected type of expression: " + expr.getKind());
+
+    if (expr instanceof IdentifierTree) {
+      SuggestedFix.Builder fix = SuggestedFix.builder();
+      String replacement =
+          SuggestedFixes.qualifyStaticImport(
+              Comparator.class.getCanonicalName() + '.' + preferredMethodName, fix, state);
+      return fix.replace(expr, replacement).build();
     }
+
+    if (expr instanceof MemberSelectTree memberSelect) {
+      return SuggestedFix.replace(
+          memberSelect,
+          SourceCode.treeToString(memberSelect.getExpression(), state) + '.' + preferredMethodName);
+    }
+
+    throw new VerifyException("Unexpected type of expression: " + expr.getKind());
   }
 }

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/RedundantStringConversion.java

@@ -7,6 +7,7 @@ import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
 import static com.google.errorprone.matchers.Matchers.allOf;
 import static com.google.errorprone.matchers.Matchers.anyMethod;
 import static com.google.errorprone.matchers.Matchers.anyOf;
+import static com.google.errorprone.matchers.Matchers.anything;
 import static com.google.errorprone.matchers.Matchers.argumentCount;
 import static com.google.errorprone.matchers.Matchers.isNonNullUsingDataflow;
 import static com.google.errorprone.matchers.Matchers.isSameType;
@@ -14,9 +15,11 @@ import static com.google.errorprone.matchers.Matchers.isSubtypeOf;
 import static com.google.errorprone.matchers.Matchers.not;
 import static com.google.errorprone.matchers.method.MethodMatchers.instanceMethod;
 import static com.google.errorprone.matchers.method.MethodMatchers.staticMethod;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Verify;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Iterables;
 import com.google.common.primitives.Primitives;
@@ -49,8 +52,10 @@ import java.util.Locale;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.stream.Stream;
-import tech.picnic.errorprone.bugpatterns.util.MethodMatcherFactory;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import javax.inject.Inject;
+import tech.picnic.errorprone.utils.Flags;
+import tech.picnic.errorprone.utils.MethodMatcherFactory;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /** A {@link BugChecker} that flags redundant explicit string conversions. */
 @AutoService(BugChecker.class)
@@ -60,16 +65,18 @@ import tech.picnic.errorprone.bugpatterns.util.SourceCode;
     linkType = CUSTOM,
     severity = SUGGESTION,
     tags = SIMPLIFICATION)
+@SuppressWarnings({
+  "java:S1192" /* Factoring out repeated method names impacts readability. */,
+  "java:S2160" /* Super class equality definition suffices. */,
+  "key-to-resolve-AnnotationUseStyle-and-TrailingComment-check-conflict"
+})
 public final class RedundantStringConversion extends BugChecker
     implements BinaryTreeMatcher, CompoundAssignmentTreeMatcher, MethodInvocationTreeMatcher {
   private static final long serialVersionUID = 1L;
-  private static final String FLAG_PREFIX = "RedundantStringConversion:";
   private static final String EXTRA_STRING_CONVERSION_METHODS_FLAG =
-      FLAG_PREFIX + "ExtraConversionMethods";
-
-  @SuppressWarnings("UnnecessaryLambda")
-  private static final Matcher<ExpressionTree> ANY_EXPR = (t, s) -> true;
+      "RedundantStringConversion:ExtraConversionMethods";
 
+  private static final Matcher<ExpressionTree> ANY_EXPR = anything();
   private static final Matcher<ExpressionTree> LOCALE = isSameType(Locale.class);
   private static final Matcher<ExpressionTree> MARKER = isSubtypeOf("org.slf4j.Marker");
   private static final Matcher<ExpressionTree> STRING = isSameType(String.class);
@@ -81,7 +88,7 @@ public final class RedundantStringConversion extends BugChecker
   private static final Matcher<MethodInvocationTree> WELL_KNOWN_STRING_CONVERSION_METHODS =
       anyOf(
           instanceMethod()
-              .onDescendantOfAny(Object.class.getName())
+              .onDescendantOfAny(Object.class.getCanonicalName())
               .named("toString")
               .withNoParameters(),
           allOf(
@@ -95,7 +102,7 @@ public final class RedundantStringConversion extends BugChecker
                               .collect(toImmutableSet()))
                       .named("toString"),
                   allOf(
-                      staticMethod().onClass(String.class.getName()).named("valueOf"),
+                      staticMethod().onClass(String.class.getCanonicalName()).named("valueOf"),
                       not(
                           anyMethod()
                               .anyClass()
@@ -104,35 +111,37 @@ public final class RedundantStringConversion extends BugChecker
                                   ImmutableList.of(Suppliers.arrayOf(Suppliers.CHAR_TYPE))))))));
   private static final Matcher<ExpressionTree> STRINGBUILDER_APPEND_INVOCATION =
       instanceMethod()
-          .onDescendantOf(StringBuilder.class.getName())
+          .onDescendantOf(StringBuilder.class.getCanonicalName())
           .named("append")
-          .withParameters(String.class.getName());
+          .withParameters(String.class.getCanonicalName());
   private static final Matcher<ExpressionTree> STRINGBUILDER_INSERT_INVOCATION =
       instanceMethod()
-          .onDescendantOf(StringBuilder.class.getName())
+          .onDescendantOf(StringBuilder.class.getCanonicalName())
           .named("insert")
-          .withParameters(int.class.getName(), String.class.getName());
+          .withParameters(int.class.getCanonicalName(), String.class.getCanonicalName());
   private static final Matcher<ExpressionTree> FORMATTER_INVOCATION =
       anyOf(
-          staticMethod().onClass(String.class.getName()).named("format"),
-          instanceMethod().onDescendantOf(Formatter.class.getName()).named("format"),
+          staticMethod().onClass(String.class.getCanonicalName()).named("format"),
+          instanceMethod().onDescendantOf(Formatter.class.getCanonicalName()).named("format"),
           instanceMethod()
-              .onDescendantOfAny(PrintStream.class.getName(), PrintWriter.class.getName())
+              .onDescendantOfAny(
+                  PrintStream.class.getCanonicalName(), PrintWriter.class.getCanonicalName())
               .namedAnyOf("format", "printf"),
           instanceMethod()
-              .onDescendantOfAny(PrintStream.class.getName(), PrintWriter.class.getName())
+              .onDescendantOfAny(
+                  PrintStream.class.getCanonicalName(), PrintWriter.class.getCanonicalName())
               .namedAnyOf("print", "println")
-              .withParameters(Object.class.getName()),
+              .withParameters(Object.class.getCanonicalName()),
           staticMethod()
-              .onClass(Console.class.getName())
+              .onClass(Console.class.getCanonicalName())
               .namedAnyOf("format", "printf", "readline", "readPassword"));
   private static final Matcher<ExpressionTree> GUAVA_GUARD_INVOCATION =
       anyOf(
           staticMethod()
-              .onClass("com.google.common.base.Preconditions")
+              .onClass(Preconditions.class.getCanonicalName())
               .namedAnyOf("checkArgument", "checkState", "checkNotNull"),
           staticMethod()
-              .onClass("com.google.common.base.Verify")
+              .onClass(Verify.class.getCanonicalName())
               .namedAnyOf("verify", "verifyNotNull"));
   private static final Matcher<ExpressionTree> SLF4J_LOGGER_INVOCATION =
       instanceMethod()
@@ -151,7 +160,8 @@ public final class RedundantStringConversion extends BugChecker
    *
    * @param flags Any provided command line flags.
    */
-  public RedundantStringConversion(ErrorProneFlags flags) {
+  @Inject
+  RedundantStringConversion(ErrorProneFlags flags) {
     conversionMethodMatcher = createConversionMethodMatcher(flags);
   }
 
@@ -164,7 +174,7 @@ public final class RedundantStringConversion extends BugChecker
     ExpressionTree lhs = tree.getLeftOperand();
     ExpressionTree rhs = tree.getRightOperand();
     if (!STRING.matches(lhs, state)) {
-      return finalize(tree, tryFix(rhs, state, STRING));
+      return createDescription(tree, tryFix(rhs, state, STRING));
     }
 
     List<SuggestedFix.Builder> fixes = new ArrayList<>();
@@ -178,7 +188,7 @@ public final class RedundantStringConversion extends BugChecker
     }
     tryFix(rhs, state, ANY_EXPR).ifPresent(fixes::add);
 
-    return finalize(tree, fixes.stream().reduce(SuggestedFix.Builder::merge));
+    return createDescription(tree, fixes.stream().reduce(SuggestedFix.Builder::merge));
   }
 
   @Override
@@ -187,36 +197,36 @@ public final class RedundantStringConversion extends BugChecker
       return Description.NO_MATCH;
     }
 
-    return finalize(tree, tryFix(tree.getExpression(), state, ANY_EXPR));
+    return createDescription(tree, tryFix(tree.getExpression(), state, ANY_EXPR));
   }
 
   @Override
   public Description matchMethodInvocation(MethodInvocationTree tree, VisitorState state) {
     if (STRINGBUILDER_APPEND_INVOCATION.matches(tree, state)) {
-      return finalize(tree, tryFixPositionalConverter(tree.getArguments(), state, 0));
+      return createDescription(tree, tryFixPositionalConverter(tree.getArguments(), state, 0));
     }
 
     if (STRINGBUILDER_INSERT_INVOCATION.matches(tree, state)) {
-      return finalize(tree, tryFixPositionalConverter(tree.getArguments(), state, 1));
+      return createDescription(tree, tryFixPositionalConverter(tree.getArguments(), state, 1));
     }
 
     if (FORMATTER_INVOCATION.matches(tree, state)) {
-      return finalize(tree, tryFixFormatter(tree.getArguments(), state));
+      return createDescription(tree, tryFixFormatter(tree.getArguments(), state));
     }
 
     if (GUAVA_GUARD_INVOCATION.matches(tree, state)) {
-      return finalize(tree, tryFixGuavaGuard(tree.getArguments(), state));
+      return createDescription(tree, tryFixGuavaGuard(tree.getArguments(), state));
     }
 
     if (SLF4J_LOGGER_INVOCATION.matches(tree, state)) {
-      return finalize(tree, tryFixSlf4jLogger(tree.getArguments(), state));
+      return createDescription(tree, tryFixSlf4jLogger(tree.getArguments(), state));
     }
 
     if (instanceMethod().matches(tree, state)) {
-      return finalize(tree, tryFix(tree, state, STRING));
+      return createDescription(tree, tryFix(tree, state, STRING));
     }
 
-    return finalize(tree, tryFix(tree, state, NON_NULL_STRING));
+    return createDescription(tree, tryFix(tree, state, NON_NULL_STRING));
   }
 
   private Optional<SuggestedFix.Builder> tryFixPositionalConverter(
@@ -299,7 +309,7 @@ public final class RedundantStringConversion extends BugChecker
 
     /* Simplify the values to be plugged into the format pattern, if possible. */
     return arguments.stream()
-        .skip(patternIndex + 1)
+        .skip(patternIndex + 1L)
         .map(arg -> tryFix(arg, state, remainingArgFilter))
         .flatMap(Optional::stream)
         .reduce(SuggestedFix.Builder::merge);
@@ -321,36 +331,32 @@ public final class RedundantStringConversion extends BugChecker
   }
 
   private Optional<ExpressionTree> trySimplify(ExpressionTree tree, VisitorState state) {
-    if (tree.getKind() != Kind.METHOD_INVOCATION) {
+    if (!(tree instanceof MethodInvocationTree methodInvocation)) {
       return Optional.empty();
     }
 
-    MethodInvocationTree methodInvocation = (MethodInvocationTree) tree;
     if (!conversionMethodMatcher.matches(methodInvocation, state)) {
       return Optional.empty();
     }
 
-    switch (methodInvocation.getArguments().size()) {
-      case 0:
-        return trySimplifyNullaryMethod(methodInvocation, state);
-      case 1:
-        return trySimplifyUnaryMethod(methodInvocation, state);
-      default:
-        throw new IllegalStateException(
-            "Cannot simplify method call with two or more arguments: "
-                + SourceCode.treeToString(tree, state));
-    }
+    return switch (methodInvocation.getArguments().size()) {
+      case 0 -> trySimplifyNullaryMethod(methodInvocation, state);
+      case 1 -> trySimplifyUnaryMethod(methodInvocation, state);
+      default ->
+          throw new IllegalStateException(
+              "Cannot simplify method call with two or more arguments: "
+                  + SourceCode.treeToString(tree, state));
+    };
   }
 
   private static Optional<ExpressionTree> trySimplifyNullaryMethod(
       MethodInvocationTree methodInvocation, VisitorState state) {
-    if (!instanceMethod().matches(methodInvocation, state)) {
+    if (!instanceMethod().matches(methodInvocation, state)
+        || !(methodInvocation.getMethodSelect() instanceof MemberSelectTree memberSelect)) {
       return Optional.empty();
     }
 
-    return Optional.of(methodInvocation.getMethodSelect())
-        .filter(methodSelect -> methodSelect.getKind() == Kind.MEMBER_SELECT)
-        .map(methodSelect -> ((MemberSelectTree) methodSelect).getExpression())
+    return Optional.of(memberSelect.getExpression())
         .filter(expr -> !"super".equals(SourceCode.treeToString(expr, state)));
   }
 
@@ -363,7 +369,7 @@ public final class RedundantStringConversion extends BugChecker
     return Optional.of(Iterables.getOnlyElement(methodInvocation.getArguments()));
   }
 
-  private Description finalize(Tree tree, Optional<SuggestedFix.Builder> fixes) {
+  private Description createDescription(Tree tree, Optional<SuggestedFix.Builder> fixes) {
     return fixes
         .map(SuggestedFix.Builder::build)
         .map(fix -> describeMatch(tree, fix))
@@ -372,12 +378,11 @@ public final class RedundantStringConversion extends BugChecker
 
   private static Matcher<MethodInvocationTree> createConversionMethodMatcher(
       ErrorProneFlags flags) {
-    // XXX: ErrorProneFlags#getList splits by comma, but method signatures may also contain commas.
-    // For this class methods accepting more than one argument are not valid, but still: not nice.
-    return flags
-        .getList(EXTRA_STRING_CONVERSION_METHODS_FLAG)
-        .map(new MethodMatcherFactory()::create)
-        .map(m -> anyOf(WELL_KNOWN_STRING_CONVERSION_METHODS, m))
-        .orElse(WELL_KNOWN_STRING_CONVERSION_METHODS);
+    // XXX: `Flags#getSet` splits by comma, but method signatures may also contain commas. For this
+    // class methods accepting more than one argument are not valid, but still: not nice.
+    return anyOf(
+        WELL_KNOWN_STRING_CONVERSION_METHODS,
+        new MethodMatcherFactory()
+            .create(Flags.getSet(flags, EXTRA_STRING_CONVERSION_METHODS_FLAG)));
   }
 }

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/RedundantStringEscape.java

@@ -0,0 +1,95 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
+import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+
+import com.google.auto.service.AutoService;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.LiteralTreeMatcher;
+import com.google.errorprone.fixes.SuggestedFix;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.util.ASTHelpers;
+import com.sun.source.tree.LiteralTree;
+import tech.picnic.errorprone.utils.SourceCode;
+
+/** A {@link BugChecker} that flags string constants with extraneous escaping. */
+// XXX: Also cover `\"` sequences inside text blocks. Note that this requires a more subtle
+// approach, as double-quote characters will need to remain escaped if removing the backslash would
+// create a new sequence of three or more double-quotes. (TBD whether we'd like to enforce a
+// "preferred" approach to escaping, e.g. by always escaping the last of a triplet, such that the
+// over-all number of escaped characters is minimized.)
+// XXX: Also flag `'\"'` char literals.
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary = "Inside string expressions single quotes do not need to be escaped",
+    link = BUG_PATTERNS_BASE_URL + "RedundantStringEscape",
+    linkType = CUSTOM,
+    severity = SUGGESTION,
+    tags = SIMPLIFICATION)
+public final class RedundantStringEscape extends BugChecker implements LiteralTreeMatcher {
+  private static final long serialVersionUID = 1L;
+
+  /** Instantiates a new {@link RedundantStringEscape} instance. */
+  public RedundantStringEscape() {}
+
+  @Override
+  public Description matchLiteral(LiteralTree tree, VisitorState state) {
+    String constant = ASTHelpers.constValue(tree, String.class);
+    if (constant == null || constant.indexOf('\'') < 0) {
+      /* Fast path: this isn't a string constant with a single quote. */
+      return Description.NO_MATCH;
+    }
+
+    String source = SourceCode.treeToString(tree, state);
+    if (!containsBannedEscapeSequence(source)) {
+      /* Semi-fast path: this expression doesn't contain an escaped single quote. */
+      return Description.NO_MATCH;
+    }
+
+    /* Slow path: suggest dropping the escape characters. */
+    return describeMatch(tree, SuggestedFix.replace(tree, dropRedundantEscapeSequences(source)));
+  }
+
+  /**
+   * Tells whether the given string constant source expression contains an escaped single quote.
+   *
+   * @implNote As the input is a literal Java string expression, it will start and end with a double
+   *     quote; as such any found backslash will not be the string's final character.
+   */
+  private static boolean containsBannedEscapeSequence(String source) {
+    for (int p = source.indexOf('\\'); p != -1; p = source.indexOf('\\', p + 2)) {
+      if (source.charAt(p + 1) == '\'') {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  /**
+   * Simplifies the given string constant source expression by dropping the backslash preceding an
+   * escaped single quote.
+   *
+   * @implNote Note that this method does not delegate to {@link
+   *     SourceCode#toStringConstantExpression}, as that operation may replace other Unicode
+   *     characters with their associated escape sequence.
+   * @implNote As the input is a literal Java string expression, it will start and end with a double
+   *     quote; as such any found backslash will not be the string's final character.
+   */
+  private static String dropRedundantEscapeSequences(String source) {
+    StringBuilder result = new StringBuilder();
+
+    for (int p = 0; p < source.length(); p++) {
+      char c = source.charAt(p);
+      if (c != '\\' || source.charAt(p + 1) != '\'') {
+        result.append(c);
+      }
+    }
+
+    return result.toString();
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/RequestMappingAnnotation.java

@@ -11,7 +11,7 @@ import static com.google.errorprone.matchers.Matchers.isSameType;
 import static com.google.errorprone.matchers.Matchers.isType;
 import static com.google.errorprone.matchers.Matchers.methodHasParameters;
 import static com.google.errorprone.matchers.Matchers.not;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.errorprone.BugPattern;
@@ -22,6 +22,10 @@ import com.google.errorprone.matchers.Description;
 import com.google.errorprone.matchers.Matcher;
 import com.sun.source.tree.MethodTree;
 import com.sun.source.tree.Tree;
+import java.io.InputStream;
+import java.time.ZoneId;
+import java.util.Locale;
+import java.util.TimeZone;
 
 /**
  * A {@link BugChecker} that flags {@code @RequestMapping} methods that have one or more parameters
@@ -69,14 +73,20 @@ public final class RequestMappingAnnotation extends BugChecker implements Method
                           isType(ANN_PACKAGE_PREFIX + "RequestBody"),
                           isType(ANN_PACKAGE_PREFIX + "RequestHeader"),
                           isType(ANN_PACKAGE_PREFIX + "RequestParam"),
-                          isType(ANN_PACKAGE_PREFIX + "RequestPart"))),
-                  isSameType("java.io.InputStream"),
-                  isSameType("java.time.ZoneId"),
-                  isSameType("java.util.Locale"),
-                  isSameType("java.util.TimeZone"),
+                          isType(ANN_PACKAGE_PREFIX + "RequestPart"),
+                          isType(
+                              "org.springframework.security.core.annotation.CurrentSecurityContext"))),
+                  isSameType(InputStream.class.getCanonicalName()),
+                  isSameType(Locale.class.getCanonicalName()),
+                  isSameType(TimeZone.class.getCanonicalName()),
+                  isSameType(ZoneId.class.getCanonicalName()),
+                  isSameType("jakarta.servlet.http.HttpServletRequest"),
+                  isSameType("jakarta.servlet.http.HttpServletResponse"),
                   isSameType("javax.servlet.http.HttpServletRequest"),
                   isSameType("javax.servlet.http.HttpServletResponse"),
                   isSameType("org.springframework.http.HttpMethod"),
+                  isSameType("org.springframework.ui.Model"),
+                  isSameType("org.springframework.validation.BindingResult"),
                   isSameType("org.springframework.web.context.request.NativeWebRequest"),
                   isSameType("org.springframework.web.context.request.WebRequest"),
                   isSameType("org.springframework.web.server.ServerWebExchange"),
@@ -95,8 +105,10 @@ public final class RequestMappingAnnotation extends BugChecker implements Method
             && LACKS_PARAMETER_ANNOTATION.matches(tree, state)
         ? buildDescription(tree)
             .setMessage(
-                "Not all parameters of this request mapping method are annotated; this may be a mistake. "
-                    + "If the unannotated parameters represent query string parameters, annotate them with `@RequestParam`.")
+                """
+                Not all parameters of this request mapping method are annotated; this may be a \
+                mistake. If the unannotated parameters represent query string parameters, annotate \
+                them with `@RequestParam`.""")
             .build()
         : Description.NO_MATCH;
   }

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/RequestParamType.java

@@ -1,5 +1,6 @@
 package tech.picnic.errorprone.bugpatterns;
 
+import static com.google.common.collect.ImmutableList.toImmutableList;
 import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
 import static com.google.errorprone.BugPattern.SeverityLevel.ERROR;
 import static com.google.errorprone.BugPattern.StandardTags.LIKELY_ERROR;
@@ -9,41 +10,77 @@ import static com.google.errorprone.matchers.Matchers.annotations;
 import static com.google.errorprone.matchers.Matchers.anyOf;
 import static com.google.errorprone.matchers.Matchers.isSubtypeOf;
 import static com.google.errorprone.matchers.Matchers.isType;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static com.google.errorprone.matchers.Matchers.not;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.common.collect.ImmutableCollection;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 import com.google.errorprone.BugPattern;
+import com.google.errorprone.ErrorProneFlags;
 import com.google.errorprone.VisitorState;
 import com.google.errorprone.bugpatterns.BugChecker;
 import com.google.errorprone.bugpatterns.BugChecker.VariableTreeMatcher;
 import com.google.errorprone.matchers.Description;
 import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.suppliers.Suppliers;
+import com.sun.source.tree.Tree;
 import com.sun.source.tree.VariableTree;
+import javax.inject.Inject;
+import tech.picnic.errorprone.utils.Flags;
 
 /** A {@link BugChecker} that flags {@code @RequestParam} parameters with an unsupported type. */
 @AutoService(BugChecker.class)
 @BugPattern(
-    summary = "`@RequestParam` does not support `ImmutableCollection` and `ImmutableMap` subtypes",
+    summary =
+        """
+        By default, `@RequestParam` does not support `ImmutableCollection` and `ImmutableMap` \
+        subtypes""",
     link = BUG_PATTERNS_BASE_URL + "RequestParamType",
     linkType = CUSTOM,
     severity = ERROR,
     tags = LIKELY_ERROR)
+@SuppressWarnings("java:S2160" /* Super class equality definition suffices. */)
 public final class RequestParamType extends BugChecker implements VariableTreeMatcher {
   private static final long serialVersionUID = 1L;
-  private static final Matcher<VariableTree> HAS_UNSUPPORTED_REQUEST_PARAM =
-      allOf(
-          annotations(AT_LEAST_ONE, isType("org.springframework.web.bind.annotation.RequestParam")),
-          anyOf(isSubtypeOf(ImmutableCollection.class), isSubtypeOf(ImmutableMap.class)));
+  private static final String SUPPORTED_CUSTOM_TYPES_FLAG = "RequestParamType:SupportedCustomTypes";
 
-  /** Instantiates a new {@link RequestParamType} instance. */
-  public RequestParamType() {}
+  private final Matcher<VariableTree> hasUnsupportedRequestParamType;
+
+  /** Instantiates a default {@link RequestParamType} instance. */
+  public RequestParamType() {
+    this(ErrorProneFlags.empty());
+  }
+
+  /**
+   * Instantiates a customized {@link RequestParamType} instance.
+   *
+   * @param flags Any provided command line flags.
+   */
+  @Inject
+  RequestParamType(ErrorProneFlags flags) {
+    hasUnsupportedRequestParamType = hasUnsupportedRequestParamType(flags);
+  }
 
   @Override
   public Description matchVariable(VariableTree tree, VisitorState state) {
-    return HAS_UNSUPPORTED_REQUEST_PARAM.matches(tree, state)
+    return hasUnsupportedRequestParamType.matches(tree, state)
         ? describeMatch(tree)
         : Description.NO_MATCH;
   }
+
+  private static Matcher<VariableTree> hasUnsupportedRequestParamType(ErrorProneFlags flags) {
+    return allOf(
+        annotations(AT_LEAST_ONE, isType("org.springframework.web.bind.annotation.RequestParam")),
+        anyOf(isSubtypeOf(ImmutableCollection.class), isSubtypeOf(ImmutableMap.class)),
+        not(isSubtypeOfAny(Flags.getSet(flags, SUPPORTED_CUSTOM_TYPES_FLAG))));
+  }
+
+  private static Matcher<Tree> isSubtypeOfAny(ImmutableSet<String> inclusions) {
+    return anyOf(
+        inclusions.stream()
+            .map(inclusion -> isSubtypeOf(Suppliers.typeFromString(inclusion)))
+            .collect(toImmutableList()));
+  }
 }

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/ScheduledTransactionTrace.java

@@ -1,94 +0,0 @@
-package tech.picnic.errorprone.bugpatterns;
-
-import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
-import static com.google.errorprone.BugPattern.SeverityLevel.ERROR;
-import static com.google.errorprone.BugPattern.StandardTags.LIKELY_ERROR;
-import static com.google.errorprone.matchers.ChildMultiMatcher.MatchType.AT_LEAST_ONE;
-import static com.google.errorprone.matchers.Matchers.annotations;
-import static com.google.errorprone.matchers.Matchers.hasAnnotation;
-import static com.google.errorprone.matchers.Matchers.isType;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
-
-import com.google.auto.common.AnnotationMirrors;
-import com.google.auto.service.AutoService;
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.Iterables;
-import com.google.errorprone.BugPattern;
-import com.google.errorprone.VisitorState;
-import com.google.errorprone.bugpatterns.BugChecker;
-import com.google.errorprone.bugpatterns.BugChecker.MethodTreeMatcher;
-import com.google.errorprone.fixes.SuggestedFix;
-import com.google.errorprone.fixes.SuggestedFixes;
-import com.google.errorprone.matchers.Description;
-import com.google.errorprone.matchers.Matcher;
-import com.google.errorprone.matchers.MultiMatcher;
-import com.google.errorprone.util.ASTHelpers;
-import com.sun.source.tree.AnnotationTree;
-import com.sun.source.tree.MethodTree;
-import com.sun.source.tree.Tree;
-import tech.picnic.errorprone.bugpatterns.util.ThirdPartyLibrary;
-
-/**
- * A {@link BugChecker} that flags methods with Spring's {@code @Scheduled} annotation that lack New
- * Relic Agent's {@code @Trace(dispatcher = true)}.
- */
-@AutoService(BugChecker.class)
-@BugPattern(
-    summary = "Scheduled operation must start a new New Relic transaction",
-    link = BUG_PATTERNS_BASE_URL + "ScheduledTransactionTrace",
-    linkType = CUSTOM,
-    severity = ERROR,
-    tags = LIKELY_ERROR)
-public final class ScheduledTransactionTrace extends BugChecker implements MethodTreeMatcher {
-  private static final long serialVersionUID = 1L;
-  private static final String TRACE_ANNOTATION_FQCN = "com.newrelic.api.agent.Trace";
-  private static final Matcher<Tree> IS_SCHEDULED =
-      hasAnnotation("org.springframework.scheduling.annotation.Scheduled");
-  private static final MultiMatcher<Tree, AnnotationTree> TRACE_ANNOTATION =
-      annotations(AT_LEAST_ONE, isType(TRACE_ANNOTATION_FQCN));
-
-  /** Instantiates a new {@link ScheduledTransactionTrace} instance. */
-  public ScheduledTransactionTrace() {}
-
-  @Override
-  public Description matchMethod(MethodTree tree, VisitorState state) {
-    if (!ThirdPartyLibrary.NEW_RELIC_AGENT_API.isIntroductionAllowed(state)
-        || !IS_SCHEDULED.matches(tree, state)) {
-      return Description.NO_MATCH;
-    }
-
-    ImmutableList<AnnotationTree> traceAnnotations =
-        TRACE_ANNOTATION.multiMatchResult(tree, state).matchingNodes();
-    if (traceAnnotations.isEmpty()) {
-      /* This method completely lacks the `@Trace` annotation; add it. */
-      return describeMatch(
-          tree,
-          SuggestedFix.builder()
-              .addImport(TRACE_ANNOTATION_FQCN)
-              .prefixWith(tree, "@Trace(dispatcher = true)")
-              .build());
-    }
-
-    AnnotationTree traceAnnotation = Iterables.getOnlyElement(traceAnnotations);
-    if (isCorrectAnnotation(traceAnnotation)) {
-      return Description.NO_MATCH;
-    }
-
-    /*
-     * The `@Trace` annotation is present but does not specify `dispatcher = true`. Add or update
-     * the `dispatcher` annotation element.
-     */
-    return describeMatch(
-        traceAnnotation,
-        SuggestedFixes.updateAnnotationArgumentValues(
-                traceAnnotation, state, "dispatcher", ImmutableList.of("true"))
-            .build());
-  }
-
-  private static boolean isCorrectAnnotation(AnnotationTree traceAnnotation) {
-    return Boolean.TRUE.equals(
-        AnnotationMirrors.getAnnotationValue(
-                ASTHelpers.getAnnotationMirror(traceAnnotation), "dispatcher")
-            .getValue());
-  }
-}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/Slf4jLogStatement.java

@@ -6,7 +6,7 @@ import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
 import static com.google.errorprone.BugPattern.StandardTags.LIKELY_ERROR;
 import static com.google.errorprone.matchers.Matchers.isSubtypeOf;
 import static com.google.errorprone.matchers.method.MethodMatchers.instanceMethod;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.common.base.Splitter;
@@ -23,13 +23,11 @@ import com.sun.source.tree.MethodInvocationTree;
 import com.sun.source.tree.Tree.Kind;
 import java.util.List;
 import java.util.Optional;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /** A {@link BugChecker} that flags SLF4J usages that are likely to be in error. */
 // XXX: The special-casing of Throwable applies only to SLF4J 1.6.0+; see
 // https://www.slf4j.org/faq.html#paramException. That should be documented.
-// XXX: Also simplify `LOG.error(String.format("Something %s", arg), throwable)`.
-// XXX: Also simplify `LOG.error(String.join("sep", arg1, arg2), throwable)`? Perhaps too obscure.
 // XXX: Write a similar checker for Spring RestTemplates, String.format and friends, Guava
 // preconditions, ...
 @AutoService(BugChecker.class)
@@ -41,7 +39,7 @@ import tech.picnic.errorprone.bugpatterns.util.SourceCode;
     tags = LIKELY_ERROR)
 public final class Slf4jLogStatement extends BugChecker implements MethodInvocationTreeMatcher {
   private static final long serialVersionUID = 1L;
-  private static final Matcher<ExpressionTree> MARKER = isSubtypeOf("org.slf4j.Marker");
+  private static final Matcher<ExpressionTree> SLF4J_MARKER = isSubtypeOf("org.slf4j.Marker");
   private static final Matcher<ExpressionTree> THROWABLE = isSubtypeOf(Throwable.class);
   private static final Matcher<ExpressionTree> SLF4J_LOGGER_INVOCATION =
       instanceMethod()
@@ -71,7 +69,7 @@ public final class Slf4jLogStatement extends BugChecker implements MethodInvocat
      * SLF4J log statements may accept a "marker" as a first argument, before the format string.
      * We ignore such markers.
      */
-    int lTrim = MARKER.matches(args.get(0), state) ? 1 : 0;
+    int lTrim = SLF4J_MARKER.matches(args.get(0), state) ? 1 : 0;
     /*
      * SLF4J treats the final argument to a log statement specially if it is a `Throwabe`: it
      * will always choose to render the associated stacktrace, even if the argument has a

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/Slf4jLoggerDeclaration.java

@@ -0,0 +1,185 @@
+package tech.picnic.errorprone.bugpatterns;
+
+import static com.google.common.base.Verify.verify;
+import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
+import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
+import static com.google.errorprone.BugPattern.StandardTags.STYLE;
+import static com.google.errorprone.matchers.Matchers.allOf;
+import static com.google.errorprone.matchers.Matchers.classLiteral;
+import static com.google.errorprone.matchers.Matchers.instanceMethod;
+import static com.google.errorprone.matchers.Matchers.staticMethod;
+import static com.google.errorprone.matchers.Matchers.toType;
+import static java.util.Objects.requireNonNull;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
+
+import com.google.auto.service.AutoService;
+import com.google.common.base.CaseFormat;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Iterables;
+import com.google.common.collect.Sets;
+import com.google.errorprone.BugPattern;
+import com.google.errorprone.ErrorProneFlags;
+import com.google.errorprone.VisitorState;
+import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.VariableTreeMatcher;
+import com.google.errorprone.fixes.SuggestedFix;
+import com.google.errorprone.fixes.SuggestedFixes;
+import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matcher;
+import com.google.errorprone.util.ASTHelpers;
+import com.sun.source.tree.ClassTree;
+import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.MethodInvocationTree;
+import com.sun.source.tree.ModifiersTree;
+import com.sun.source.tree.Tree.Kind;
+import com.sun.source.tree.VariableTree;
+import com.sun.tools.javac.code.Symbol;
+import java.util.EnumSet;
+import javax.inject.Inject;
+import javax.lang.model.element.Modifier;
+import tech.picnic.errorprone.utils.MoreASTHelpers;
+
+/** A {@link BugChecker} that flags non-canonical SLF4J logger declarations. */
+@AutoService(BugChecker.class)
+@BugPattern(
+    summary = "SLF4J logger declarations should follow established best-practices",
+    link = BUG_PATTERNS_BASE_URL + "Slf4jLoggerDeclaration",
+    linkType = CUSTOM,
+    severity = WARNING,
+    tags = STYLE)
+@SuppressWarnings("java:S2160" /* Super class equality definition suffices. */)
+public final class Slf4jLoggerDeclaration extends BugChecker implements VariableTreeMatcher {
+  private static final long serialVersionUID = 1L;
+  private static final Matcher<ExpressionTree> IS_GET_LOGGER =
+      staticMethod().onDescendantOf("org.slf4j.LoggerFactory").named("getLogger");
+  private static final String CANONICAL_STATIC_LOGGER_NAME_FLAG =
+      "Slf4jLoggerDeclaration:CanonicalStaticLoggerName";
+  private static final String DEFAULT_CANONICAL_LOGGER_NAME = "LOG";
+  private static final Matcher<ExpressionTree> IS_STATIC_ENCLOSING_CLASS_REFERENCE =
+      classLiteral(Slf4jLoggerDeclaration::isEnclosingClassReference);
+  private static final Matcher<ExpressionTree> IS_DYNAMIC_ENCLOSING_CLASS_REFERENCE =
+      toType(
+          MethodInvocationTree.class,
+          allOf(
+              instanceMethod().anyClass().named("getClass").withNoParameters(),
+              Slf4jLoggerDeclaration::getClassReceiverIsEnclosingClassInstance));
+  private static final ImmutableSet<Modifier> INSTANCE_DECLARATION_MODIFIERS =
+      Sets.immutableEnumSet(Modifier.PRIVATE, Modifier.FINAL);
+  private static final ImmutableSet<Modifier> STATIC_DECLARATION_MODIFIERS =
+      Sets.immutableEnumSet(Modifier.PRIVATE, Modifier.STATIC, Modifier.FINAL);
+
+  private final String canonicalStaticFieldName;
+  private final String canonicalInstanceFieldName;
+
+  /** Instantiates a default {@link Slf4jLoggerDeclaration} instance. */
+  public Slf4jLoggerDeclaration() {
+    this(ErrorProneFlags.empty());
+  }
+
+  /**
+   * Instantiates a customized {@link Slf4jLoggerDeclaration}.
+   *
+   * @param flags Any provided command line flags.
+   */
+  @Inject
+  Slf4jLoggerDeclaration(ErrorProneFlags flags) {
+    canonicalStaticFieldName =
+        flags.get(CANONICAL_STATIC_LOGGER_NAME_FLAG).orElse(DEFAULT_CANONICAL_LOGGER_NAME);
+    canonicalInstanceFieldName =
+        CaseFormat.UPPER_UNDERSCORE.to(CaseFormat.LOWER_CAMEL, canonicalStaticFieldName);
+  }
+
+  @Override
+  public Description matchVariable(VariableTree tree, VisitorState state) {
+    ExpressionTree initializer = tree.getInitializer();
+    if (!IS_GET_LOGGER.matches(initializer, state)) {
+      return Description.NO_MATCH;
+    }
+
+    ClassTree clazz = getEnclosingClass(state);
+    ExpressionTree factoryArg =
+        Iterables.getOnlyElement(((MethodInvocationTree) initializer).getArguments());
+
+    SuggestedFix.Builder fix = SuggestedFix.builder();
+
+    if (clazz.getModifiers().getFlags().contains(Modifier.ABSTRACT)
+        && IS_DYNAMIC_ENCLOSING_CLASS_REFERENCE.matches(factoryArg, state)) {
+      /*
+       * While generally we prefer `Logger` declarations to be static and named after their
+       * enclosing class, we allow one exception: loggers in abstract classes with a name derived
+       * from `getClass()`.
+       */
+      suggestModifiers(tree, INSTANCE_DECLARATION_MODIFIERS, fix, state);
+      suggestRename(tree, canonicalInstanceFieldName, fix, state);
+    } else {
+      suggestModifiers(
+          tree,
+          clazz.getKind() == Kind.INTERFACE ? ImmutableSet.of() : STATIC_DECLARATION_MODIFIERS,
+          fix,
+          state);
+      suggestRename(tree, canonicalStaticFieldName, fix, state);
+
+      if (!MoreASTHelpers.isStringTyped(factoryArg, state)
+          && !IS_STATIC_ENCLOSING_CLASS_REFERENCE.matches(factoryArg, state)) {
+        /*
+         * Loggers with a custom string name are generally "special", but those with a name derived
+         * from a class other than the one that encloses it are likely in error.
+         */
+        fix.merge(SuggestedFix.replace(factoryArg, clazz.getSimpleName() + ".class"));
+      }
+    }
+
+    return fix.isEmpty() ? Description.NO_MATCH : describeMatch(tree, fix.build());
+  }
+
+  private static void suggestModifiers(
+      VariableTree tree,
+      ImmutableSet<Modifier> modifiers,
+      SuggestedFix.Builder fixBuilder,
+      VisitorState state) {
+    ModifiersTree modifiersTree =
+        requireNonNull(ASTHelpers.getModifiers(tree), "`VariableTree` must have modifiers");
+    SuggestedFixes.addModifiers(tree, modifiersTree, state, modifiers).ifPresent(fixBuilder::merge);
+    SuggestedFixes.removeModifiers(
+            modifiersTree, state, Sets.difference(EnumSet.allOf(Modifier.class), modifiers))
+        .ifPresent(fixBuilder::merge);
+  }
+
+  private static void suggestRename(
+      VariableTree variableTree, String name, SuggestedFix.Builder fixBuilder, VisitorState state) {
+    if (!variableTree.getName().contentEquals(name)) {
+      fixBuilder.merge(SuggestedFixes.renameVariable(variableTree, name, state));
+    }
+  }
+
+  private static boolean isEnclosingClassReference(ExpressionTree tree, VisitorState state) {
+    return ASTHelpers.getSymbol(getEnclosingClass(state)).equals(ASTHelpers.getSymbol(tree));
+  }
+
+  private static boolean getClassReceiverIsEnclosingClassInstance(
+      MethodInvocationTree getClassInvocationTree, VisitorState state) {
+    ExpressionTree receiver = ASTHelpers.getReceiver(getClassInvocationTree);
+    if (receiver == null) {
+      /*
+       * Method invocations without an explicit receiver either involve static methods (possibly
+       * statically imported), or instance methods invoked on the enclosing class. As the given
+       * `getClassInvocationTree` is guaranteed to be a nullary `#getClass()` invocation, the latter
+       * must be the case.
+       */
+      return true;
+    }
+
+    Symbol symbol = ASTHelpers.getSymbol(receiver);
+    return symbol != null
+        && symbol.asType().tsym.equals(ASTHelpers.getSymbol(getEnclosingClass(state)));
+  }
+
+  private static ClassTree getEnclosingClass(VisitorState state) {
+    ClassTree clazz = state.findEnclosing(ClassTree.class);
+    // XXX: Review whether we should relax this constraint in the face of so-called anonymous
+    // classes. See
+    // https://docs.oracle.com/en/java/javase/23/language/implicitly-declared-classes-and-instance-main-methods.html
+    verify(clazz != null, "Variable not defined inside class");
+    return clazz;
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/SpringMvcAnnotation.java

@@ -1,12 +1,11 @@
 package tech.picnic.errorprone.bugpatterns;
 
-import static com.google.common.base.Verify.verify;
 import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
 import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
 import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
 import static java.util.function.Predicate.not;
 import static java.util.stream.Collectors.joining;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.common.base.VerifyException;
@@ -18,16 +17,16 @@ import com.google.errorprone.bugpatterns.BugChecker;
 import com.google.errorprone.bugpatterns.BugChecker.AnnotationTreeMatcher;
 import com.google.errorprone.fixes.Fix;
 import com.google.errorprone.fixes.SuggestedFix;
+import com.google.errorprone.fixes.SuggestedFixes;
 import com.google.errorprone.matchers.Description;
 import com.sun.source.tree.AnnotationTree;
 import com.sun.source.tree.AssignmentTree;
 import com.sun.source.tree.ExpressionTree;
 import com.sun.source.tree.MemberSelectTree;
 import com.sun.source.tree.NewArrayTree;
-import com.sun.source.tree.Tree.Kind;
 import java.util.Optional;
-import tech.picnic.errorprone.bugpatterns.util.AnnotationAttributeMatcher;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.AnnotationAttributeMatcher;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /**
  * A {@link BugChecker} that flags {@code @RequestMapping} annotations that can be written more
@@ -55,7 +54,7 @@ public final class SpringMvcAnnotation extends BugChecker implements AnnotationT
           .put("PATCH", "PatchMapping")
           .put("POST", "PostMapping")
           .put("PUT", "PutMapping")
-          .build();
+          .buildOrThrow();
 
   /** Instantiates a new {@link SpringMvcAnnotation} instance. */
   public SpringMvcAnnotation() {}
@@ -79,31 +78,25 @@ public final class SpringMvcAnnotation extends BugChecker implements AnnotationT
   }
 
   private static Optional<String> extractUniqueMethod(ExpressionTree arg, VisitorState state) {
-    verify(
-        arg.getKind() == Kind.ASSIGNMENT,
-        "Annotation attribute is not an assignment: %s",
-        arg.getKind());
-
-    ExpressionTree expr = ((AssignmentTree) arg).getExpression();
-    if (expr.getKind() != Kind.NEW_ARRAY) {
-      return Optional.of(extractMethod(expr, state));
+    if (!(arg instanceof AssignmentTree assignment)) {
+      throw new VerifyException("Annotation attribute is not an assignment:" + arg.getKind());
     }
 
-    NewArrayTree newArray = (NewArrayTree) expr;
-    return Optional.of(newArray.getInitializers())
-        .filter(args -> args.size() == 1)
-        .map(args -> extractMethod(args.get(0), state));
+    ExpressionTree expr = assignment.getExpression();
+    return expr instanceof NewArrayTree newArray
+        ? Optional.of(newArray.getInitializers())
+            .filter(args -> args.size() == 1)
+            .map(args -> extractMethod(args.get(0), state))
+        : Optional.of(extractMethod(expr, state));
   }
 
+  // XXX: Use switch pattern matching once the targeted JDK supports this.
   private static String extractMethod(ExpressionTree expr, VisitorState state) {
-    switch (expr.getKind()) {
-      case IDENTIFIER:
-        return SourceCode.treeToString(expr, state);
-      case MEMBER_SELECT:
-        return ((MemberSelectTree) expr).getIdentifier().toString();
-      default:
-        throw new VerifyException("Unexpected type of expression: " + expr.getKind());
-    }
+    return switch (expr.getKind()) {
+      case IDENTIFIER -> SourceCode.treeToString(expr, state);
+      case MEMBER_SELECT -> ((MemberSelectTree) expr).getIdentifier().toString();
+      default -> throw new VerifyException("Unexpected type of expression: " + expr.getKind());
+    };
   }
 
   private static Fix replaceAnnotation(
@@ -114,9 +107,8 @@ public final class SpringMvcAnnotation extends BugChecker implements AnnotationT
             .map(arg -> SourceCode.treeToString(arg, state))
             .collect(joining(", "));
 
-    return SuggestedFix.builder()
-        .addImport(ANN_PACKAGE_PREFIX + newAnnotation)
-        .replace(tree, String.format("@%s(%s)", newAnnotation, newArguments))
-        .build();
+    SuggestedFix.Builder fix = SuggestedFix.builder();
+    String annotation = SuggestedFixes.qualifyType(state, fix, ANN_PACKAGE_PREFIX + newAnnotation);
+    return fix.replace(tree, String.format("@%s(%s)", annotation, newArguments)).build();
   }
 }

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/StaticImport.java

@@ -2,14 +2,32 @@ package tech.picnic.errorprone.bugpatterns;
 
 import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
 import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
-import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
+import static com.google.errorprone.BugPattern.StandardTags.STYLE;
 import static java.util.Objects.requireNonNull;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.bugpatterns.NonStaticImport.NON_STATIC_IMPORT_CANDIDATE_IDENTIFIERS;
+import static tech.picnic.errorprone.bugpatterns.NonStaticImport.NON_STATIC_IMPORT_CANDIDATE_MEMBERS;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Functions;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Predicates;
+import com.google.common.base.Verify;
+import com.google.common.collect.Comparators;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableListMultimap;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableMultiset;
+import com.google.common.collect.ImmutableRangeSet;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.ImmutableSetMultimap;
+import com.google.common.collect.ImmutableSortedMap;
+import com.google.common.collect.ImmutableSortedMultiset;
+import com.google.common.collect.ImmutableSortedSet;
+import com.google.common.collect.ImmutableTable;
+import com.google.common.collect.MoreCollectors;
+import com.google.common.collect.Sets;
 import com.google.errorprone.BugPattern;
 import com.google.errorprone.VisitorState;
 import com.google.errorprone.bugpatterns.BugChecker;
@@ -20,55 +38,76 @@ import com.google.errorprone.fixes.Fix;
 import com.google.errorprone.fixes.SuggestedFix;
 import com.google.errorprone.fixes.SuggestedFixes;
 import com.google.errorprone.matchers.Description;
+import com.google.errorprone.matchers.Matchers;
+import com.google.errorprone.predicates.TypePredicates;
+import com.google.errorprone.refaster.ImportPolicy;
 import com.google.errorprone.util.ASTHelpers;
 import com.sun.source.tree.MemberSelectTree;
 import com.sun.source.tree.MethodInvocationTree;
 import com.sun.source.tree.Tree;
+import com.sun.source.tree.Tree.Kind;
 import com.sun.tools.javac.code.Type;
+import java.nio.charset.StandardCharsets;
+import java.time.ZoneOffset;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.Map;
+import java.util.Objects;
 import java.util.Optional;
+import java.util.UUID;
+import java.util.function.Function;
+import java.util.function.Predicate;
+import java.util.regex.Pattern;
+import java.util.stream.Collectors;
 
-/**
- * A {@link BugChecker} that flags methods and constants that can and should be statically imported.
- */
+/** A {@link BugChecker} that flags type members that can and should be statically imported. */
+// XXX: This check is closely linked to `NonStaticImport`. Consider merging the two.
 // XXX: Tricky cases:
 // - `org.springframework.http.HttpStatus` (not always an improvement, and `valueOf` must
 //    certainly be excluded)
 // - `com.google.common.collect.Tables`
-// - `ch.qos.logback.classic.Level.{DEBUG, ERROR, INFO, TRACE, WARN"}`
-// XXX: Also introduce a check that disallows static imports of certain methods. Candidates:
-// - `com.google.common.base.Strings`
-// - `java.util.Optional.empty`
-// - `java.util.Locale.ROOT`
-// - `ZoneOffset.ofHours` and other `ofXXX`-style methods.
-// - `java.time.Clock`.
-// - Several other `java.time` classes.
-// - Likely any of `*.{ZERO, ONE, MIX, MAX, MIN_VALUE, MAX_VALUE}`.
+// - `ch.qos.logback.classic.Level.{DEBUG, ERROR, INFO, TRACE, WARN}`
 @AutoService(BugChecker.class)
 @BugPattern(
     summary = "Identifier should be statically imported",
     link = BUG_PATTERNS_BASE_URL + "StaticImport",
     linkType = CUSTOM,
     severity = SUGGESTION,
-    tags = SIMPLIFICATION)
+    tags = STYLE)
 public final class StaticImport extends BugChecker implements MemberSelectTreeMatcher {
   private static final long serialVersionUID = 1L;
 
   /**
    * Types whose members should be statically imported, unless exempted by {@link
-   * #STATIC_IMPORT_EXEMPTED_MEMBERS} or {@link #STATIC_IMPORT_EXEMPTED_IDENTIFIERS}.
+   * NonStaticImport#NON_STATIC_IMPORT_CANDIDATE_MEMBERS} or {@link
+   * NonStaticImport#NON_STATIC_IMPORT_CANDIDATE_IDENTIFIERS}.
+   *
+   * <p>Types listed here should be mutually exclusive with {@link
+   * NonStaticImport#NON_STATIC_IMPORT_CANDIDATE_TYPES}.
    */
   @VisibleForTesting
   static final ImmutableSet<String> STATIC_IMPORT_CANDIDATE_TYPES =
       ImmutableSet.of(
-          "com.google.common.base.Preconditions",
-          "com.google.common.base.Predicates",
-          "com.google.common.base.Verify",
-          "com.google.common.collect.MoreCollectors",
-          "com.google.errorprone.BugPattern.LinkType",
-          "com.google.errorprone.BugPattern.SeverityLevel",
-          "com.google.errorprone.BugPattern.StandardTags",
-          "com.google.errorprone.matchers.Matchers",
-          "com.google.errorprone.refaster.ImportPolicy",
+          BugPattern.LinkType.class.getCanonicalName(),
+          BugPattern.SeverityLevel.class.getCanonicalName(),
+          BugPattern.StandardTags.class.getCanonicalName(),
+          Collections.class.getCanonicalName(),
+          Collectors.class.getCanonicalName(),
+          Comparator.class.getCanonicalName(),
+          ImportPolicy.class.getCanonicalName(),
+          Map.Entry.class.getCanonicalName(),
+          Matchers.class.getCanonicalName(),
+          MoreCollectors.class.getCanonicalName(),
+          Pattern.class.getCanonicalName(),
+          Preconditions.class.getCanonicalName(),
+          Predicates.class.getCanonicalName(),
+          StandardCharsets.class.getCanonicalName(),
+          TypePredicates.class.getCanonicalName(),
+          Verify.class.getCanonicalName(),
+          "com.fasterxml.jackson.annotation.JsonCreator.Mode",
+          "com.fasterxml.jackson.annotation.JsonFormat.Shape",
+          "com.fasterxml.jackson.annotation.JsonInclude.Include",
+          "com.fasterxml.jackson.annotation.JsonProperty.Access",
           "com.mongodb.client.model.Accumulators",
           "com.mongodb.client.model.Aggregates",
           "com.mongodb.client.model.Filters",
@@ -76,12 +115,6 @@ public final class StaticImport extends BugChecker implements MemberSelectTreeMa
           "com.mongodb.client.model.Projections",
           "com.mongodb.client.model.Sorts",
           "com.mongodb.client.model.Updates",
-          "java.nio.charset.StandardCharsets",
-          "java.util.Collections",
-          "java.util.Comparator",
-          "java.util.Map.Entry",
-          "java.util.regex.Pattern",
-          "java.util.stream.Collectors",
           "org.assertj.core.api.Assertions",
           "org.assertj.core.api.InstanceOfAssertFactories",
           "org.assertj.core.api.SoftAssertions",
@@ -102,95 +135,59 @@ public final class StaticImport extends BugChecker implements MemberSelectTreeMa
           "org.springframework.http.MediaType",
           "org.testng.Assert",
           "reactor.function.TupleUtils",
-          "tech.picnic.errorprone.bugpatterns.util.MoreTypes");
+          "tech.picnic.errorprone.utils.MoreTypes");
 
-  /** Type members that should be statically imported. */
-  @VisibleForTesting
+  /**
+   * Type members that should be statically imported.
+   *
+   * <p>Please note that:
+   *
+   * <ul>
+   *   <li>Types listed by {@link #STATIC_IMPORT_CANDIDATE_TYPES} should be omitted from this
+   *       collection.
+   *   <li>This collection should be mutually exclusive with {@link
+   *       NonStaticImport#NON_STATIC_IMPORT_CANDIDATE_MEMBERS}.
+   *   <li>This collection should not list members contained in {@link
+   *       NonStaticImport#NON_STATIC_IMPORT_CANDIDATE_IDENTIFIERS}.
+   * </ul>
+   */
   static final ImmutableSetMultimap<String, String> STATIC_IMPORT_CANDIDATE_MEMBERS =
       ImmutableSetMultimap.<String, String>builder()
+          .putAll(Comparators.class.getCanonicalName(), "emptiesFirst", "emptiesLast")
+          .put(Function.class.getCanonicalName(), "identity")
+          .put(Functions.class.getCanonicalName(), "identity")
+          .put(ImmutableList.class.getCanonicalName(), "toImmutableList")
           .putAll(
-              "com.google.common.collect.ImmutableListMultimap",
+              ImmutableListMultimap.class.getCanonicalName(),
               "flatteningToImmutableListMultimap",
               "toImmutableListMultimap")
-          .put("com.google.common.collect.ImmutableList", "toImmutableList")
-          .put("com.google.common.collect.ImmutableMap", "toImmutableMap")
-          .put("com.google.common.collect.ImmutableMultiset", "toImmutableMultiset")
-          .put("com.google.common.collect.ImmutableRangeSet", "toImmutableRangeSet")
+          .put(ImmutableMap.class.getCanonicalName(), "toImmutableMap")
+          .put(ImmutableMultiset.class.getCanonicalName(), "toImmutableMultiset")
+          .put(ImmutableRangeSet.class.getCanonicalName(), "toImmutableRangeSet")
+          .put(ImmutableSet.class.getCanonicalName(), "toImmutableSet")
           .putAll(
-              "com.google.common.collect.ImmutableSetMultimap",
+              ImmutableSetMultimap.class.getCanonicalName(),
               "flatteningToImmutableSetMultimap",
               "toImmutableSetMultimap")
-          .put("com.google.common.collect.ImmutableSet", "toImmutableSet")
-          .put("com.google.common.collect.ImmutableSortedMap", "toImmutableSortedMap")
-          .put("com.google.common.collect.ImmutableSortedMultiset", "toImmutableSortedMultiset")
-          .put("com.google.common.collect.ImmutableSortedSet", "toImmutableSortedSet")
-          .put("com.google.common.collect.ImmutableTable", "toImmutableTable")
-          .put("com.google.common.collect.Sets", "toImmutableEnumSet")
-          .put("com.google.common.base.Functions", "identity")
-          .put("java.time.ZoneOffset", "UTC")
-          .put("java.util.function.Function", "identity")
-          .put("java.util.function.Predicate", "not")
-          .put("java.util.UUID", "randomUUID")
-          .put("org.junit.jupiter.params.provider.Arguments", "arguments")
+          .put(ImmutableSortedMap.class.getCanonicalName(), "toImmutableSortedMap")
+          .put(ImmutableSortedMultiset.class.getCanonicalName(), "toImmutableSortedMultiset")
+          .put(ImmutableSortedSet.class.getCanonicalName(), "toImmutableSortedSet")
+          .put(ImmutableTable.class.getCanonicalName(), "toImmutableTable")
           .putAll(
-              "java.util.Objects",
+              Objects.class.getCanonicalName(),
               "checkIndex",
               "checkFromIndexSize",
               "checkFromToIndex",
               "requireNonNull",
               "requireNonNullElse",
               "requireNonNullElseGet")
-          .putAll("com.google.common.collect.Comparators", "emptiesFirst", "emptiesLast")
+          .put(Predicate.class.getCanonicalName(), "not")
+          .put(Sets.class.getCanonicalName(), "toImmutableEnumSet")
+          .put(UUID.class.getCanonicalName(), "randomUUID")
+          .put(ZoneOffset.class.getCanonicalName(), "UTC")
+          .put("org.junit.jupiter.params.provider.Arguments", "arguments")
           .build();
 
-  /**
-   * Type members that should never be statically imported.
-   *
-   * <p>Identifiers listed by {@link #STATIC_IMPORT_EXEMPTED_IDENTIFIERS} should be omitted from
-   * this collection.
-   */
-  // XXX: Perhaps the set of exempted `java.util.Collections` methods is too strict. For now any
-  // method name that could be considered "too vague" or could conceivably mean something else in a
-  // specific context is left out.
-  @VisibleForTesting
-  static final ImmutableSetMultimap<String, String> STATIC_IMPORT_EXEMPTED_MEMBERS =
-      ImmutableSetMultimap.<String, String>builder()
-          .put("com.mongodb.client.model.Filters", "empty")
-          .putAll(
-              "java.util.Collections",
-              "addAll",
-              "copy",
-              "fill",
-              "list",
-              "max",
-              "min",
-              "nCopies",
-              "rotate",
-              "sort",
-              "swap")
-          .putAll("java.util.regex.Pattern", "compile", "matches", "quote")
-          .put("org.springframework.http.MediaType", "ALL")
-          .build();
-
-  /**
-   * Identifiers that should never be statically imported.
-   *
-   * <p>This should be a superset of the identifiers flagged by {@link
-   * com.google.errorprone.bugpatterns.BadImport}.
-   */
-  @VisibleForTesting
-  static final ImmutableSet<String> STATIC_IMPORT_EXEMPTED_IDENTIFIERS =
-      ImmutableSet.of(
-          "builder",
-          "create",
-          "copyOf",
-          "from",
-          "getDefaultInstance",
-          "INSTANCE",
-          "newBuilder",
-          "of",
-          "valueOf");
-
   /** Instantiates a new {@link StaticImport} instance. */
   public StaticImport() {}
 
@@ -215,26 +212,21 @@ public final class StaticImport extends BugChecker implements MemberSelectTreeMa
     Tree parentTree =
         requireNonNull(state.getPath().getParentPath(), "MemberSelectTree lacks enclosing node")
             .getLeaf();
-    switch (parentTree.getKind()) {
-      case IMPORT:
-      case MEMBER_SELECT:
-        return false;
-      case METHOD_INVOCATION:
-        return ((MethodInvocationTree) parentTree).getTypeArguments().isEmpty();
-      default:
-        return true;
-    }
+
+    return parentTree instanceof MethodInvocationTree methodInvocation
+        ? methodInvocation.getTypeArguments().isEmpty()
+        : (parentTree.getKind() != Kind.IMPORT && parentTree.getKind() != Kind.MEMBER_SELECT);
   }
 
   private static boolean isCandidate(MemberSelectTree tree) {
     String identifier = tree.getIdentifier().toString();
-    if (STATIC_IMPORT_EXEMPTED_IDENTIFIERS.contains(identifier)) {
+    if (NON_STATIC_IMPORT_CANDIDATE_IDENTIFIERS.contains(identifier)) {
       return false;
     }
 
     Type type = ASTHelpers.getType(tree.getExpression());
     return type != null
-        && !STATIC_IMPORT_EXEMPTED_MEMBERS.containsEntry(type.toString(), identifier);
+        && !NON_STATIC_IMPORT_CANDIDATE_MEMBERS.containsEntry(type.toString(), identifier);
   }
 
   private static Optional<String> getCandidateSimpleName(StaticImportInfo importInfo) {

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/StringCaseLocaleUsage.java

@@ -1,89 +0,0 @@
-package tech.picnic.errorprone.bugpatterns;
-
-import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
-import static com.google.errorprone.BugPattern.SeverityLevel.WARNING;
-import static com.google.errorprone.BugPattern.StandardTags.FRAGILE_CODE;
-import static com.google.errorprone.matchers.method.MethodMatchers.instanceMethod;
-import static com.sun.tools.javac.parser.Tokens.TokenKind.RPAREN;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
-
-import com.google.auto.service.AutoService;
-import com.google.common.collect.Streams;
-import com.google.errorprone.BugPattern;
-import com.google.errorprone.VisitorState;
-import com.google.errorprone.bugpatterns.BugChecker;
-import com.google.errorprone.bugpatterns.BugChecker.MethodInvocationTreeMatcher;
-import com.google.errorprone.fixes.Fix;
-import com.google.errorprone.fixes.SuggestedFix;
-import com.google.errorprone.matchers.Description;
-import com.google.errorprone.matchers.Matcher;
-import com.google.errorprone.util.ASTHelpers;
-import com.google.errorprone.util.ErrorProneTokens;
-import com.sun.source.tree.ExpressionTree;
-import com.sun.source.tree.MethodInvocationTree;
-import com.sun.tools.javac.util.Position;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
-
-/**
- * A {@link BugChecker} that flags calls to {@link String#toLowerCase()} and {@link
- * String#toUpperCase()}, as these methods implicitly rely on the environment's default locale.
- */
-// XXX: Also flag `String::toLowerCase` and `String::toUpperCase` method references. For these cases
-// the suggested fix should introduce a lambda expression with a parameter of which the name does
-// not coincide with the name of an existing variable name. Such functionality should likely be
-// introduced in a utility class.
-@AutoService(BugChecker.class)
-@BugPattern(
-    summary = "Specify a `Locale` when calling `String#to{Lower,Upper}Case`",
-    link = BUG_PATTERNS_BASE_URL + "StringCaseLocaleUsage",
-    linkType = CUSTOM,
-    severity = WARNING,
-    tags = FRAGILE_CODE)
-public final class StringCaseLocaleUsage extends BugChecker implements MethodInvocationTreeMatcher {
-  private static final long serialVersionUID = 1L;
-  private static final Matcher<ExpressionTree> DEFAULT_LOCALE_CASE_CONVERSION =
-      instanceMethod()
-          .onExactClass(String.class.getName())
-          .namedAnyOf("toLowerCase", "toUpperCase")
-          .withNoParameters();
-
-  /** Instantiates a new {@link StringCaseLocaleUsage} instance. */
-  public StringCaseLocaleUsage() {}
-
-  @Override
-  public Description matchMethodInvocation(MethodInvocationTree tree, VisitorState state) {
-    if (!DEFAULT_LOCALE_CASE_CONVERSION.matches(tree, state)) {
-      return Description.NO_MATCH;
-    }
-
-    int closingParenPosition = getClosingParenPosition(tree, state);
-    if (closingParenPosition == Position.NOPOS) {
-      return describeMatch(tree);
-    }
-
-    return buildDescription(tree)
-        .addFix(suggestLocale(closingParenPosition, "Locale.ROOT"))
-        .addFix(suggestLocale(closingParenPosition, "Locale.getDefault()"))
-        .build();
-  }
-
-  private static Fix suggestLocale(int insertPosition, String locale) {
-    return SuggestedFix.builder()
-        .addImport("java.util.Locale")
-        .replace(insertPosition, insertPosition, locale)
-        .build();
-  }
-
-  private static int getClosingParenPosition(MethodInvocationTree tree, VisitorState state) {
-    int startPosition = ASTHelpers.getStartPosition(tree);
-    if (startPosition == Position.NOPOS) {
-      return Position.NOPOS;
-    }
-
-    return Streams.findLast(
-            ErrorProneTokens.getTokens(SourceCode.treeToString(tree, state), state.context).stream()
-                .filter(t -> t.kind() == RPAREN))
-        .map(token -> startPosition + token.pos())
-        .orElse(Position.NOPOS);
-  }
-}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/StringJoin.java

@@ -4,7 +4,7 @@ import static com.google.errorprone.BugPattern.LinkType.CUSTOM;
 import static com.google.errorprone.BugPattern.SeverityLevel.SUGGESTION;
 import static com.google.errorprone.BugPattern.StandardTags.SIMPLIFICATION;
 import static com.google.errorprone.matchers.method.MethodMatchers.staticMethod;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.common.base.Splitter;
@@ -23,12 +23,11 @@ import com.google.errorprone.util.ASTHelpers;
 import com.sun.source.tree.ExpressionTree;
 import com.sun.source.tree.MethodInvocationTree;
 import com.sun.tools.javac.code.Type;
-import com.sun.tools.javac.util.Convert;
 import java.util.Formattable;
 import java.util.Iterator;
 import java.util.List;
 import org.jspecify.annotations.Nullable;
-import tech.picnic.errorprone.bugpatterns.util.SourceCode;
+import tech.picnic.errorprone.utils.SourceCode;
 
 /**
  * A {@link BugChecker} that flags {@link String#format(String, Object...)} invocations which can be
@@ -37,7 +36,9 @@ import tech.picnic.errorprone.bugpatterns.util.SourceCode;
  */
 // XXX: What about `v1 + "sep" + v2` and similar expressions? Do we want to rewrite those to
 // `String.join`, or should some `String.join` invocations be rewritten to use the `+` operator?
-// (The latter suggestion would conflict with the `FormatStringConcatenation` check.)
+// (The latter suggestion would conflict with the `FormatStringConcatenation` check, but does make
+// more sense when `"sep"` is a long string. Similarly for `String.format("%s some long text %s",
+// arg1, arg2)`.)
 @AutoService(BugChecker.class)
 @BugPattern(
     summary = "Prefer `String#join` over `String#format`",
@@ -49,7 +50,7 @@ public final class StringJoin extends BugChecker implements MethodInvocationTree
   private static final long serialVersionUID = 1L;
   private static final Splitter FORMAT_SPECIFIER_SPLITTER = Splitter.on("%s");
   private static final Matcher<ExpressionTree> STRING_FORMAT_INVOCATION =
-      staticMethod().onClass(String.class.getName()).named("format");
+      staticMethod().onClass(String.class.getCanonicalName()).named("format");
   private static final Supplier<Type> CHAR_SEQUENCE_TYPE =
       Suppliers.typeFromClass(CharSequence.class);
   private static final Supplier<Type> FORMATTABLE_TYPE = Suppliers.typeFromClass(Formattable.class);
@@ -150,7 +151,7 @@ public final class StringJoin extends BugChecker implements MethodInvocationTree
     SuggestedFix.Builder fix =
         SuggestedFix.builder()
             .replace(tree.getMethodSelect(), "String.join")
-            .replace(arguments.next(), String.format("\"%s\"", Convert.quote(separator)));
+            .replace(arguments.next(), SourceCode.toStringConstantExpression(separator, state));
 
     while (arguments.hasNext()) {
       ExpressionTree argument = arguments.next();

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/TimeZoneUsage.java

@@ -10,16 +10,18 @@ import static com.google.errorprone.matchers.Matchers.instanceMethod;
 import static com.google.errorprone.matchers.Matchers.isSubtypeOf;
 import static com.google.errorprone.matchers.Matchers.not;
 import static com.google.errorprone.matchers.Matchers.staticMethod;
-import static tech.picnic.errorprone.bugpatterns.util.Documentation.BUG_PATTERNS_BASE_URL;
+import static tech.picnic.errorprone.utils.Documentation.BUG_PATTERNS_BASE_URL;
 
 import com.google.auto.service.AutoService;
 import com.google.errorprone.BugPattern;
 import com.google.errorprone.VisitorState;
 import com.google.errorprone.bugpatterns.BugChecker;
+import com.google.errorprone.bugpatterns.BugChecker.MemberReferenceTreeMatcher;
 import com.google.errorprone.bugpatterns.BugChecker.MethodInvocationTreeMatcher;
 import com.google.errorprone.matchers.Description;
 import com.google.errorprone.matchers.Matcher;
 import com.sun.source.tree.ExpressionTree;
+import com.sun.source.tree.MemberReferenceTree;
 import com.sun.source.tree.MethodInvocationTree;
 import java.time.Clock;
 import java.time.Instant;
@@ -34,22 +36,25 @@ import java.time.ZonedDateTime;
 @AutoService(BugChecker.class)
 @BugPattern(
     summary =
-        "Derive the current time from an existing `Clock` Spring bean, and don't rely on a `Clock`'s time zone",
+        """
+        Derive the current time from an existing `Clock` Spring bean, and don't rely on a \
+        `Clock`'s time zone""",
     link = BUG_PATTERNS_BASE_URL + "TimeZoneUsage",
     linkType = CUSTOM,
     severity = WARNING,
     tags = FRAGILE_CODE)
-public final class TimeZoneUsage extends BugChecker implements MethodInvocationTreeMatcher {
+public final class TimeZoneUsage extends BugChecker
+    implements MethodInvocationTreeMatcher, MemberReferenceTreeMatcher {
   private static final long serialVersionUID = 1L;
   private static final Matcher<ExpressionTree> BANNED_TIME_METHOD =
       anyOf(
           allOf(
               instanceMethod()
-                  .onDescendantOf(Clock.class.getName())
+                  .onDescendantOf(Clock.class.getCanonicalName())
                   .namedAnyOf("getZone", "withZone"),
               not(enclosingClass(isSubtypeOf(Clock.class)))),
           staticMethod()
-              .onClass(Clock.class.getName())
+              .onClass(Clock.class.getCanonicalName())
               .namedAnyOf(
                   "system",
                   "systemDefaultZone",
@@ -57,22 +62,34 @@ public final class TimeZoneUsage extends BugChecker implements MethodInvocationT
                   "tickMillis",
                   "tickMinutes",
                   "tickSeconds"),
+          staticMethod()
+              .onClassAny(Instant.class.getCanonicalName())
+              .named("now")
+              .withNoParameters(),
           staticMethod()
               .onClassAny(
-                  LocalDate.class.getName(),
-                  LocalDateTime.class.getName(),
-                  LocalTime.class.getName(),
-                  OffsetDateTime.class.getName(),
-                  OffsetTime.class.getName(),
-                  ZonedDateTime.class.getName())
-              .named("now"),
-          staticMethod().onClassAny(Instant.class.getName()).named("now").withNoParameters());
+                  LocalDate.class.getCanonicalName(),
+                  LocalDateTime.class.getCanonicalName(),
+                  LocalTime.class.getCanonicalName(),
+                  OffsetDateTime.class.getCanonicalName(),
+                  OffsetTime.class.getCanonicalName(),
+                  ZonedDateTime.class.getCanonicalName())
+              .named("now"));
 
   /** Instantiates a new {@link TimeZoneUsage} instance. */
   public TimeZoneUsage() {}
 
   @Override
   public Description matchMethodInvocation(MethodInvocationTree tree, VisitorState state) {
+    return getDescription(tree, state);
+  }
+
+  @Override
+  public Description matchMemberReference(MemberReferenceTree tree, VisitorState state) {
+    return getDescription(tree, state);
+  }
+
+  private Description getDescription(ExpressionTree tree, VisitorState state) {
     return BANNED_TIME_METHOD.matches(tree, state)
         ? buildDescription(tree).build()
         : Description.NO_MATCH;

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/util/JavaKeywords.java

@@ -1,155 +0,0 @@
-package tech.picnic.errorprone.bugpatterns.util;
-
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Sets;
-
-/** Utility class that can be used to identify reserved keywords of the Java language. */
-// XXX: This class is no longer only about keywords. Consider changing its name and class-level
-// documentation.
-public final class JavaKeywords {
-  /**
-   * Enumeration of boolean and null literals.
-   *
-   * @see <a href="https://docs.oracle.com/javase/specs/jls/se17/html/jls-3.html#jls-3.10.3">JDK 17
-   *     JLS section 3.10.3: Boolean Literals</a>
-   * @see <a href="https://docs.oracle.com/javase/specs/jls/se17/html/jls-3.html#jls-3.10.8">JDK 17
-   *     JLS section 3.10.8: The Null Literal</a>
-   */
-  private static final ImmutableSet<String> BOOLEAN_AND_NULL_LITERALS =
-      ImmutableSet.of("true", "false", "null");
-  /**
-   * List of all reserved keywords in the Java language.
-   *
-   * @see <a href="https://docs.oracle.com/javase/specs/jls/se17/html/jls-3.html#jls-3.9">JDK 17 JLS
-   *     section 3.9: Keywords</a>
-   */
-  private static final ImmutableSet<String> RESERVED_KEYWORDS =
-      ImmutableSet.of(
-          "_",
-          "abstract",
-          "assert",
-          "boolean",
-          "break",
-          "byte",
-          "case",
-          "catch",
-          "char",
-          "class",
-          "const",
-          "continue",
-          "default",
-          "do",
-          "double",
-          "else",
-          "enum",
-          "extends",
-          "final",
-          "finally",
-          "float",
-          "for",
-          "goto",
-          "if",
-          "implements",
-          "import",
-          "instanceof",
-          "int",
-          "interface",
-          "long",
-          "native",
-          "new",
-          "package",
-          "private",
-          "protected",
-          "public",
-          "return",
-          "short",
-          "static",
-          "strictfp",
-          "super",
-          "switch",
-          "synchronized",
-          "this",
-          "throw",
-          "throws",
-          "transient",
-          "try",
-          "void",
-          "volatile",
-          "while");
-  /**
-   * List of all contextual keywords in the Java language.
-   *
-   * @see <a href="https://docs.oracle.com/javase/specs/jls/se17/html/jls-3.html#jls-3.9">JDK 17 JLS
-   *     section 3.9: Keywords</a>
-   */
-  private static final ImmutableSet<String> CONTEXTUAL_KEYWORDS =
-      ImmutableSet.of(
-          "exports",
-          "module",
-          "non-sealed",
-          "open",
-          "opens",
-          "permits",
-          "provides",
-          "record",
-          "requires",
-          "sealed",
-          "to",
-          "transitive",
-          "uses",
-          "var",
-          "with",
-          "yield");
-  /** List of all keywords in the Java language. */
-  private static final ImmutableSet<String> ALL_KEYWORDS =
-      Sets.union(RESERVED_KEYWORDS, CONTEXTUAL_KEYWORDS).immutableCopy();
-
-  private JavaKeywords() {}
-
-  /**
-   * Tells whether the given string is a valid identifier in the Java language.
-   *
-   * @param str The string of interest.
-   * @return {@code true} if the given string is a valid identifier in the Java language.
-   * @see <a href="https://docs.oracle.com/javase/specs/jls/se17/html/jls-3.html#jls-3.8">JDK 17 JLS
-   *     section 3.8: Identifiers</a>
-   */
-  public static boolean isValidIdentifier(String str) {
-    return !str.isEmpty()
-        && !isReservedKeyword(str)
-        && !BOOLEAN_AND_NULL_LITERALS.contains(str)
-        && Character.isJavaIdentifierStart(str.codePointAt(0))
-        && str.codePoints().skip(1).allMatch(Character::isUnicodeIdentifierPart);
-  }
-
-  /**
-   * Tells whether the given string is a reserved keyword in the Java language.
-   *
-   * @param str The string of interest.
-   * @return {@code true} if the given string is a reserved keyword in the Java language.
-   */
-  public static boolean isReservedKeyword(String str) {
-    return RESERVED_KEYWORDS.contains(str);
-  }
-
-  /**
-   * Tells whether the given string is a contextual keyword in the Java language.
-   *
-   * @param str The string of interest.
-   * @return {@code true} if the given string is a contextual keyword in the Java language.
-   */
-  public static boolean isContextualKeyword(String str) {
-    return CONTEXTUAL_KEYWORDS.contains(str);
-  }
-
-  /**
-   * Tells whether the given string is a reserved or contextual keyword in the Java language.
-   *
-   * @param str The string of interest.
-   * @return {@code true} if the given string is a reserved or contextual keyword in the Java
-   *     language.
-   */
-  public static boolean isKeyword(String str) {
-    return ALL_KEYWORDS.contains(str);
-  }
-}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/util/MoreASTHelpers.java

@@ -1,49 +0,0 @@
-package tech.picnic.errorprone.bugpatterns.util;
-
-import static com.google.common.base.Preconditions.checkArgument;
-import static com.google.common.collect.ImmutableList.toImmutableList;
-
-import com.google.common.collect.ImmutableList;
-import com.google.errorprone.VisitorState;
-import com.sun.source.tree.ClassTree;
-import com.sun.source.tree.MethodTree;
-
-/**
- * A collection of helper methods for working with the AST.
- *
- * <p>These methods are additions to the ones found in {@link
- * com.google.errorprone.util.ASTHelpers}.
- */
-public final class MoreASTHelpers {
-  private MoreASTHelpers() {}
-
-  /**
-   * Finds methods with the specified name in given the {@link VisitorState}'s current enclosing
-   * class.
-   *
-   * @param methodName The method name to search for.
-   * @param state The {@link VisitorState} from which to derive the enclosing class of interest.
-   * @return The {@link MethodTree}s of the methods with the given name in the enclosing class.
-   */
-  public static ImmutableList<MethodTree> findMethods(CharSequence methodName, VisitorState state) {
-    ClassTree clazz = state.findEnclosing(ClassTree.class);
-    checkArgument(clazz != null, "Visited node is not enclosed by a class");
-    return clazz.getMembers().stream()
-        .filter(MethodTree.class::isInstance)
-        .map(MethodTree.class::cast)
-        .filter(method -> method.getName().contentEquals(methodName))
-        .collect(toImmutableList());
-  }
-
-  /**
-   * Determines whether there are any methods with the specified name in given the {@link
-   * VisitorState}'s current enclosing class.
-   *
-   * @param methodName The method name to search for.
-   * @param state The {@link VisitorState} from which to derive the enclosing class of interest.
-   * @return Whether there are any methods with the given name in the enclosing class.
-   */
-  public static boolean methodExistsInEnclosingClass(CharSequence methodName, VisitorState state) {
-    return !findMethods(methodName, state).isEmpty();
-  }
-}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/util/MoreMatchers.java

@@ -1,39 +0,0 @@
-package tech.picnic.errorprone.bugpatterns.util;
-
-import com.google.errorprone.matchers.Matcher;
-import com.google.errorprone.matchers.Matchers;
-import com.google.errorprone.predicates.TypePredicate;
-import com.google.errorprone.util.ASTHelpers;
-import com.sun.source.tree.AnnotationTree;
-import com.sun.tools.javac.code.Symbol;
-
-/**
- * A collection of general-purpose {@link Matcher}s.
- *
- * <p>These methods are additions to the ones found in {@link Matchers}.
- */
-public final class MoreMatchers {
-  private MoreMatchers() {}
-
-  /**
-   * Returns a {@link Matcher} that determines whether a given {@link AnnotationTree} has a
-   * meta-annotation of the specified type.
-   *
-   * @param <T> The type of tree to match against.
-   * @param annotationType The binary type name of the annotation (e.g.
-   *     "org.jspecify.annotations.Nullable", or "some.package.OuterClassName$InnerClassName")
-   * @return A {@link Matcher} that matches trees with the specified meta-annotation.
-   */
-  public static <T extends AnnotationTree> Matcher<T> hasMetaAnnotation(String annotationType) {
-    TypePredicate typePredicate = hasAnnotation(annotationType);
-    return (tree, state) -> {
-      Symbol sym = ASTHelpers.getSymbol(tree);
-      return sym != null && typePredicate.apply(sym.type, state);
-    };
-  }
-
-  // XXX: Consider moving to a `MoreTypePredicates` utility class.
-  private static TypePredicate hasAnnotation(String annotationClassName) {
-    return (type, state) -> ASTHelpers.hasAnnotation(type.tsym, annotationClassName, state);
-  }
-}

error-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/util/SourceCode.java

@@ -1,62 +0,0 @@
-package tech.picnic.errorprone.bugpatterns.util;
-
-import static com.sun.tools.javac.util.Position.NOPOS;
-
-import com.google.common.base.CharMatcher;
-import com.google.errorprone.VisitorState;
-import com.google.errorprone.fixes.SuggestedFix;
-import com.sun.source.tree.Tree;
-import com.sun.tools.javac.util.JCDiagnostic.DiagnosticPosition;
-
-/**
- * A collection of Error Prone utility methods for dealing with the source code representation of
- * AST nodes.
- */
-public final class SourceCode {
-  /** The complement of {@link CharMatcher#whitespace()}. */
-  private static final CharMatcher NON_WHITESPACE_MATCHER = CharMatcher.whitespace().negate();
-
-  private SourceCode() {}
-
-  /**
-   * Returns a string representation of the given {@link Tree}, preferring the original source code
-   * (if available) over its prettified representation.
-   *
-   * @param tree The AST node of interest.
-   * @param state A {@link VisitorState} describing the context in which the given {@link Tree} is
-   *     found.
-   * @return A non-{@code null} string.
-   */
-  public static String treeToString(Tree tree, VisitorState state) {
-    String src = state.getSourceForNode(tree);
-    return src != null ? src : tree.toString();
-  }
-
-  /**
-   * Creates a {@link SuggestedFix} for the deletion of the given {@link Tree}, including any
-   * whitespace that follows it.
-   *
-   * <p>Removing trailing whitespace may prevent the introduction of an empty line at the start of a
-   * code block; such empty lines are not removed when formatting the code using Google Java Format.
-   *
-   * @param tree The AST node of interest.
-   * @param state A {@link VisitorState} describing the context in which the given {@link Tree} is
-   *     found.
-   * @return A non-{@code null} {@link SuggestedFix} similar to one produced by {@link
-   *     SuggestedFix#delete(Tree)}.
-   */
-  public static SuggestedFix deleteWithTrailingWhitespace(Tree tree, VisitorState state) {
-    CharSequence sourceCode = state.getSourceCode();
-    int endPos = state.getEndPosition(tree);
-    if (sourceCode == null || endPos == NOPOS) {
-      /* We can't identify the trailing whitespace; delete just the tree. */
-      return SuggestedFix.delete(tree);
-    }
-
-    int whitespaceEndPos = NON_WHITESPACE_MATCHER.indexIn(sourceCode, endPos);
-    return SuggestedFix.replace(
-        ((DiagnosticPosition) tree).getStartPosition(),
-        whitespaceEndPos == -1 ? sourceCode.length() : whitespaceEndPos,
-        "");
-  }
-}

error-prone-contrib/src/main/java/tech/picnic/errorprone/refasterrules/AssertJCharSequenceRules.java

@@ -18,6 +18,7 @@ final class AssertJCharSequenceRules {
     @BeforeTemplate
     void before(CharSequence charSequence) {
       Refaster.anyOf(
+          assertThat(charSequence.isEmpty()).isTrue(),
           assertThat(charSequence.length()).isEqualTo(0L),
           assertThat(charSequence.length()).isNotPositive());
     }
@@ -33,6 +34,7 @@ final class AssertJCharSequenceRules {
     @BeforeTemplate
     AbstractAssert<?, ?> before(CharSequence charSequence) {
       return Refaster.anyOf(
+          assertThat(charSequence.isEmpty()).isFalse(),
           assertThat(charSequence.length()).isNotEqualTo(0),
           assertThat(charSequence.length()).isPositive());
     }

error-prone-contrib/src/main/java/tech/picnic/errorprone/refasterrules/AssertJEnumerableRules.java

@@ -5,6 +5,9 @@ import com.google.errorprone.refaster.Refaster;
 import com.google.errorprone.refaster.annotation.AfterTemplate;
 import com.google.errorprone.refaster.annotation.BeforeTemplate;
 import java.util.Collection;
+import org.assertj.core.api.AbstractIntegerAssert;
+import org.assertj.core.api.AbstractIterableAssert;
+import org.assertj.core.api.AbstractIterableSizeAssert;
 import org.assertj.core.api.EnumerableAssert;
 import tech.picnic.errorprone.refaster.annotation.OnlineDocumentation;
 
@@ -21,6 +24,11 @@ final class AssertJEnumerableRules {
           enumAssert.hasSizeLessThan(1));
     }
 
+    @BeforeTemplate
+    void before(AbstractIterableAssert<?, ?, E, ?> enumAssert) {
+      enumAssert.size().isNotPositive();
+    }
+
     @AfterTemplate
     void after(EnumerableAssert<?, E> enumAssert) {
       enumAssert.isEmpty();
@@ -34,30 +42,175 @@ final class AssertJEnumerableRules {
           enumAssert.hasSizeGreaterThan(0), enumAssert.hasSizeGreaterThanOrEqualTo(1));
     }
 
+    @BeforeTemplate
+    AbstractIterableAssert<?, ?, E, ?> before(AbstractIterableAssert<?, ?, E, ?> enumAssert) {
+      return Refaster.anyOf(
+          enumAssert.size().isNotEqualTo(0).returnToIterable(),
+          enumAssert.size().isPositive().returnToIterable());
+    }
+
+    // XXX: If this template matches, then the expression's return type changes incompatibly.
+    // Consider moving this template to a separate block (statement) rule.
+    @BeforeTemplate
+    AbstractIntegerAssert<?> before2(AbstractIterableAssert<?, ?, E, ?> enumAssert) {
+      return Refaster.anyOf(enumAssert.size().isNotEqualTo(0), enumAssert.size().isPositive());
+    }
+
     @AfterTemplate
     EnumerableAssert<?, E> after(EnumerableAssert<?, E> enumAssert) {
       return enumAssert.isNotEmpty();
     }
   }
 
-  static final class EnumerableAssertHasSameSizeAs<S, T> {
+  static final class EnumerableAssertHasSize<E> {
     @BeforeTemplate
-    EnumerableAssert<?, S> before(EnumerableAssert<?, S> enumAssert, Iterable<T> iterable) {
+    AbstractIterableAssert<?, ?, E, ?> before(
+        AbstractIterableAssert<?, ?, E, ?> enumAssert, int size) {
+      return enumAssert.size().isEqualTo(size).returnToIterable();
+    }
+
+    // XXX: If this template matches, then the expression's return type changes incompatibly.
+    // Consider moving this template to a separate block (statement) rule.
+    @BeforeTemplate
+    AbstractIterableSizeAssert<?, ?, E, ?> before2(
+        AbstractIterableAssert<?, ?, E, ?> enumAssert, int size) {
+      return enumAssert.size().isEqualTo(size);
+    }
+
+    @AfterTemplate
+    EnumerableAssert<?, E> after(EnumerableAssert<?, E> enumAssert, int size) {
+      return enumAssert.hasSize(size);
+    }
+  }
+
+  static final class EnumerableAssertHasSizeLessThan<E> {
+    @BeforeTemplate
+    AbstractIterableAssert<?, ?, E, ?> before(
+        AbstractIterableAssert<?, ?, E, ?> enumAssert, int size) {
+      return enumAssert.size().isLessThan(size).returnToIterable();
+    }
+
+    // XXX: If this template matches, then the expression's return type changes incompatibly.
+    // Consider moving this template to a separate block (statement) rule.
+    @BeforeTemplate
+    AbstractIterableSizeAssert<?, ?, E, ?> before2(
+        AbstractIterableAssert<?, ?, E, ?> enumAssert, int size) {
+      return enumAssert.size().isLessThan(size);
+    }
+
+    @AfterTemplate
+    EnumerableAssert<?, E> after(EnumerableAssert<?, E> enumAssert, int size) {
+      return enumAssert.hasSizeLessThan(size);
+    }
+  }
+
+  static final class EnumerableAssertHasSizeLessThanOrEqualTo<E> {
+    @BeforeTemplate
+    AbstractIterableAssert<?, ?, E, ?> before(
+        AbstractIterableAssert<?, ?, E, ?> enumAssert, int size) {
+      return enumAssert.size().isLessThanOrEqualTo(size).returnToIterable();
+    }
+
+    // XXX: If this template matches, then the expression's return type changes incompatibly.
+    // Consider moving this template to a separate block (statement) rule.
+    @BeforeTemplate
+    AbstractIterableSizeAssert<?, ?, E, ?> before2(
+        AbstractIterableAssert<?, ?, E, ?> enumAssert, int size) {
+      return enumAssert.size().isLessThanOrEqualTo(size);
+    }
+
+    @AfterTemplate
+    EnumerableAssert<?, E> after(EnumerableAssert<?, E> enumAssert, int size) {
+      return enumAssert.hasSizeLessThanOrEqualTo(size);
+    }
+  }
+
+  static final class EnumerableAssertHasSizeGreaterThan<E> {
+    @BeforeTemplate
+    AbstractIterableAssert<?, ?, E, ?> before(
+        AbstractIterableAssert<?, ?, E, ?> enumAssert, int size) {
+      return enumAssert.size().isGreaterThan(size).returnToIterable();
+    }
+
+    // XXX: If this template matches, then the expression's return type changes incompatibly.
+    // Consider moving this template to a separate block (statement) rule.
+    @BeforeTemplate
+    AbstractIterableSizeAssert<?, ?, E, ?> before2(
+        AbstractIterableAssert<?, ?, E, ?> enumAssert, int size) {
+      return enumAssert.size().isGreaterThan(size);
+    }
+
+    @AfterTemplate
+    EnumerableAssert<?, E> after(EnumerableAssert<?, E> enumAssert, int size) {
+      return enumAssert.hasSizeGreaterThan(size);
+    }
+  }
+
+  static final class EnumerableAssertHasSizeGreaterThanOrEqualTo<E> {
+    @BeforeTemplate
+    AbstractIterableAssert<?, ?, E, ?> before(
+        AbstractIterableAssert<?, ?, E, ?> enumAssert, int size) {
+      return enumAssert.size().isGreaterThanOrEqualTo(size).returnToIterable();
+    }
+
+    // XXX: If this template matches, then the expression's return type changes incompatibly.
+    // Consider moving this template to a separate block (statement) rule.
+    @BeforeTemplate
+    AbstractIterableSizeAssert<?, ?, E, ?> before2(
+        AbstractIterableAssert<?, ?, E, ?> enumAssert, int size) {
+      return enumAssert.size().isGreaterThanOrEqualTo(size);
+    }
+
+    @AfterTemplate
+    EnumerableAssert<?, E> after(EnumerableAssert<?, E> enumAssert, int size) {
+      return enumAssert.hasSizeGreaterThanOrEqualTo(size);
+    }
+  }
+
+  static final class EnumerableAssertHasSizeBetween<E> {
+    @BeforeTemplate
+    AbstractIterableAssert<?, ?, E, ?> before(
+        AbstractIterableAssert<?, ?, E, ?> enumAssert, int lower, int upper) {
+      return enumAssert.size().isBetween(lower, upper).returnToIterable();
+    }
+
+    // XXX: If this template matches, then the expression's return type changes incompatibly.
+    // Consider moving this template to a separate block (statement) rule.
+    @BeforeTemplate
+    AbstractIterableSizeAssert<?, ?, E, ?> before2(
+        AbstractIterableAssert<?, ?, E, ?> enumAssert, int lower, int upper) {
+      return enumAssert.size().isBetween(lower, upper);
+    }
+
+    @AfterTemplate
+    EnumerableAssert<?, E> after(EnumerableAssert<?, E> enumAssert, int lower, int upper) {
+      return enumAssert.hasSizeBetween(lower, upper);
+    }
+  }
+
+  static final class EnumerableAssertHasSameSizeAs<S, E> {
+    @BeforeTemplate
+    EnumerableAssert<?, S> before(EnumerableAssert<?, S> enumAssert, Iterable<E> iterable) {
       return enumAssert.hasSize(Iterables.size(iterable));
     }
 
     @BeforeTemplate
-    EnumerableAssert<?, S> before(EnumerableAssert<?, S> enumAssert, Collection<T> iterable) {
+    EnumerableAssert<?, S> before(EnumerableAssert<?, S> enumAssert, Collection<E> iterable) {
       return enumAssert.hasSize(iterable.size());
     }
 
     @BeforeTemplate
-    EnumerableAssert<?, S> before(EnumerableAssert<?, S> enumAssert, T[] iterable) {
+    EnumerableAssert<?, S> before(EnumerableAssert<?, S> enumAssert, E[] iterable) {
       return enumAssert.hasSize(iterable.length);
     }
 
+    @BeforeTemplate
+    EnumerableAssert<?, S> before(EnumerableAssert<?, S> enumAssert, CharSequence iterable) {
+      return enumAssert.hasSize(iterable.length());
+    }
+
     @AfterTemplate
-    EnumerableAssert<?, S> after(EnumerableAssert<?, S> enumAssert, Iterable<T> iterable) {
+    EnumerableAssert<?, S> after(EnumerableAssert<?, S> enumAssert, Iterable<E> iterable) {
       return enumAssert.hasSameSizeAs(iterable);
     }
   }

error-prone-contrib/src/main/java/tech/picnic/errorprone/refasterrules/AssertJIterableRules.java

@@ -0,0 +1,90 @@
+package tech.picnic.errorprone.refasterrules;
+
+import static com.google.errorprone.refaster.ImportPolicy.STATIC_IMPORT_ALWAYS;
+import static org.assertj.core.api.Assertions.assertThat;
+
+import com.google.common.collect.Iterables;
+import com.google.errorprone.refaster.annotation.AfterTemplate;
+import com.google.errorprone.refaster.annotation.BeforeTemplate;
+import com.google.errorprone.refaster.annotation.UseImportPolicy;
+import java.util.Collection;
+import org.assertj.core.api.AbstractAssert;
+import org.assertj.core.api.AbstractIntegerAssert;
+import org.assertj.core.api.IterableAssert;
+import org.assertj.core.api.ObjectAssert;
+import tech.picnic.errorprone.refaster.annotation.OnlineDocumentation;
+
+@OnlineDocumentation
+final class AssertJIterableRules {
+  private AssertJIterableRules() {}
+
+  static final class AssertThatIterableIsEmpty<E> {
+    @BeforeTemplate
+    void before(Iterable<E> iterable) {
+      assertThat(iterable.iterator()).isExhausted();
+    }
+
+    @BeforeTemplate
+    void before(Collection<E> iterable) {
+      assertThat(iterable.isEmpty()).isTrue();
+    }
+
+    @AfterTemplate
+    @UseImportPolicy(STATIC_IMPORT_ALWAYS)
+    void after(Collection<E> iterable) {
+      assertThat(iterable).isEmpty();
+    }
+  }
+
+  static final class AssertThatIterableIsNotEmpty<E> {
+    @BeforeTemplate
+    AbstractAssert<?, ?> before(Iterable<E> iterable) {
+      return assertThat(iterable.iterator()).hasNext();
+    }
+
+    @BeforeTemplate
+    AbstractAssert<?, ?> before(Collection<E> iterable) {
+      return assertThat(iterable.isEmpty()).isFalse();
+    }
+
+    @AfterTemplate
+    @UseImportPolicy(STATIC_IMPORT_ALWAYS)
+    IterableAssert<E> after(Iterable<E> iterable) {
+      return assertThat(iterable).isNotEmpty();
+    }
+  }
+
+  static final class AssertThatIterableSize<E> {
+    @BeforeTemplate
+    AbstractIntegerAssert<?> before(Iterable<E> iterable) {
+      return assertThat(Iterables.size(iterable));
+    }
+
+    @BeforeTemplate
+    AbstractIntegerAssert<?> before(Collection<E> iterable) {
+      return assertThat(iterable.size());
+    }
+
+    @AfterTemplate
+    @UseImportPolicy(STATIC_IMPORT_ALWAYS)
+    AbstractIntegerAssert<?> after(Iterable<E> iterable) {
+      return assertThat(iterable).size();
+    }
+  }
+
+  // XXX: In practice this rule isn't very useful, as it only matches invocations of
+  // `assertThat(E)`. In most cases a more specific overload of `assertThat` is invoked, in which
+  // case this rule won't match. Look into a more robust approach.
+  static final class AssertThatIterableHasOneElementEqualTo<S, E extends S> {
+    @BeforeTemplate
+    ObjectAssert<S> before(Iterable<S> iterable, E element) {
+      return assertThat(Iterables.getOnlyElement(iterable)).isEqualTo(element);
+    }
+
+    @AfterTemplate
+    @UseImportPolicy(STATIC_IMPORT_ALWAYS)
+    IterableAssert<S> after(Iterable<S> iterable, E element) {
+      return assertThat(iterable).containsExactly(element);
+    }
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/refasterrules/AssertJIteratorRules.java

@@ -0,0 +1,43 @@
+package tech.picnic.errorprone.refasterrules;
+
+import static com.google.errorprone.refaster.ImportPolicy.STATIC_IMPORT_ALWAYS;
+import static org.assertj.core.api.Assertions.assertThat;
+
+import com.google.errorprone.refaster.annotation.AfterTemplate;
+import com.google.errorprone.refaster.annotation.BeforeTemplate;
+import com.google.errorprone.refaster.annotation.UseImportPolicy;
+import java.util.Iterator;
+import org.assertj.core.api.AbstractBooleanAssert;
+import org.assertj.core.api.IteratorAssert;
+import tech.picnic.errorprone.refaster.annotation.OnlineDocumentation;
+
+@OnlineDocumentation
+final class AssertJIteratorRules {
+  private AssertJIteratorRules() {}
+
+  static final class AssertThatHasNext<T> {
+    @BeforeTemplate
+    AbstractBooleanAssert<?> before(Iterator<T> iterator) {
+      return assertThat(iterator.hasNext()).isTrue();
+    }
+
+    @AfterTemplate
+    @UseImportPolicy(STATIC_IMPORT_ALWAYS)
+    IteratorAssert<T> after(Iterator<T> iterator) {
+      return assertThat(iterator).hasNext();
+    }
+  }
+
+  static final class AssertThatIsExhausted<T> {
+    @BeforeTemplate
+    AbstractBooleanAssert<?> before(Iterator<T> iterator) {
+      return assertThat(iterator.hasNext()).isFalse();
+    }
+
+    @AfterTemplate
+    @UseImportPolicy(STATIC_IMPORT_ALWAYS)
+    IteratorAssert<T> after(Iterator<T> iterator) {
+      return assertThat(iterator).isExhausted();
+    }
+  }
+}

error-prone-contrib/src/main/java/tech/picnic/errorprone/refasterrules/AssertJMapRules.java

@@ -3,77 +3,39 @@ package tech.picnic.errorprone.refasterrules;
 import static com.google.errorprone.refaster.ImportPolicy.STATIC_IMPORT_ALWAYS;
 import static org.assertj.core.api.Assertions.assertThat;
 
-import com.google.common.collect.ImmutableBiMap;
-import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableMultiset;
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.ImmutableSortedMap;
-import com.google.common.collect.ImmutableSortedMultiset;
-import com.google.common.collect.ImmutableSortedSet;
 import com.google.errorprone.refaster.Refaster;
 import com.google.errorprone.refaster.annotation.AfterTemplate;
 import com.google.errorprone.refaster.annotation.BeforeTemplate;
+import com.google.errorprone.refaster.annotation.Matches;
 import com.google.errorprone.refaster.annotation.UseImportPolicy;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
+import java.util.Collection;
 import java.util.Map;
-import java.util.TreeMap;
-import java.util.TreeSet;
 import org.assertj.core.api.AbstractAssert;
 import org.assertj.core.api.AbstractBooleanAssert;
+import org.assertj.core.api.AbstractCollectionAssert;
 import org.assertj.core.api.AbstractMapAssert;
 import org.assertj.core.api.MapAssert;
 import tech.picnic.errorprone.refaster.annotation.OnlineDocumentation;
+import tech.picnic.errorprone.refaster.matchers.IsEmpty;
 
 @OnlineDocumentation
 final class AssertJMapRules {
   private AssertJMapRules() {}
 
-  // XXX: Reduce boilerplate using a `Matcher` that identifies "empty" instances.
   static final class AbstractMapAssertIsEmpty<K, V> {
     @BeforeTemplate
-    @SuppressWarnings("unchecked")
-    void before(AbstractMapAssert<?, ?, K, V> mapAssert) {
+    void before(
+        AbstractMapAssert<?, ?, K, V> mapAssert,
+        @Matches(IsEmpty.class) Map<? extends K, ? extends V> wellTypedMap,
+        @Matches(IsEmpty.class) Map<?, ?> arbitrarilyTypedMap,
+        @Matches(IsEmpty.class) Iterable<? extends K> keys) {
       Refaster.anyOf(
-          mapAssert.containsExactlyEntriesOf(
-              Refaster.anyOf(
-                  ImmutableMap.of(),
-                  ImmutableBiMap.of(),
-                  ImmutableSortedMap.of(),
-                  new HashMap<>(),
-                  new LinkedHashMap<>(),
-                  new TreeMap<>())),
-          mapAssert.hasSameSizeAs(
-              Refaster.anyOf(
-                  ImmutableMap.of(),
-                  ImmutableBiMap.of(),
-                  ImmutableSortedMap.of(),
-                  new HashMap<>(),
-                  new LinkedHashMap<>(),
-                  new TreeMap<>())),
-          mapAssert.isEqualTo(
-              Refaster.anyOf(
-                  ImmutableMap.of(),
-                  ImmutableBiMap.of(),
-                  ImmutableSortedMap.of(),
-                  new HashMap<>(),
-                  new LinkedHashMap<>(),
-                  new TreeMap<>())),
-          mapAssert.containsOnlyKeys(
-              Refaster.anyOf(
-                  ImmutableList.of(),
-                  new ArrayList<>(),
-                  ImmutableSet.of(),
-                  new HashSet<>(),
-                  new LinkedHashSet<>(),
-                  ImmutableSortedSet.of(),
-                  new TreeSet<>(),
-                  ImmutableMultiset.of(),
-                  ImmutableSortedMultiset.of())),
+          mapAssert.containsExactlyEntriesOf(wellTypedMap),
+          mapAssert.containsExactlyInAnyOrderEntriesOf(wellTypedMap),
+          mapAssert.hasSameSizeAs(arbitrarilyTypedMap),
+          mapAssert.isEqualTo(arbitrarilyTypedMap),
+          mapAssert.containsOnlyKeys(keys),
           mapAssert.containsExactly(),
           mapAssert.containsOnly(),
           mapAssert.containsOnlyKeys());
@@ -109,15 +71,9 @@ final class AssertJMapRules {
 
   static final class AbstractMapAssertIsNotEmpty<K, V> {
     @BeforeTemplate
-    AbstractMapAssert<?, ?, K, V> before(AbstractMapAssert<?, ?, K, V> mapAssert) {
-      return mapAssert.isNotEqualTo(
-          Refaster.anyOf(
-              ImmutableMap.of(),
-              ImmutableBiMap.of(),
-              ImmutableSortedMap.of(),
-              new HashMap<>(),
-              new LinkedHashMap<>(),
-              new TreeMap<>()));
+    AbstractMapAssert<?, ?, K, V> before(
+        AbstractMapAssert<?, ?, K, V> mapAssert, @Matches(IsEmpty.class) Map<?, ?> map) {
+      return mapAssert.isNotEqualTo(map);
     }
 
     @AfterTemplate
@@ -145,12 +101,14 @@ final class AssertJMapRules {
 
   static final class AbstractMapAssertContainsExactlyInAnyOrderEntriesOf<K, V> {
     @BeforeTemplate
-    AbstractMapAssert<?, ?, K, V> before(AbstractMapAssert<?, ?, K, V> mapAssert, Map<K, V> map) {
+    AbstractMapAssert<?, ?, K, V> before(
+        AbstractMapAssert<?, ?, K, V> mapAssert, Map<? extends K, ? extends V> map) {
       return mapAssert.isEqualTo(map);
     }
 
     @AfterTemplate
-    AbstractMapAssert<?, ?, K, V> after(AbstractMapAssert<?, ?, K, V> mapAssert, Map<K, V> map) {
+    AbstractMapAssert<?, ?, K, V> after(
+        AbstractMapAssert<?, ?, K, V> mapAssert, Map<? extends K, ? extends V> map) {
       return mapAssert.containsExactlyInAnyOrderEntriesOf(map);
     }
   }
@@ -184,12 +142,12 @@ final class AssertJMapRules {
 
   static final class AbstractMapAssertHasSameSizeAs<K, V> {
     @BeforeTemplate
-    AbstractMapAssert<?, ?, K, V> before(AbstractMapAssert<?, ?, K, V> mapAssert, Map<K, V> map) {
+    AbstractMapAssert<?, ?, K, V> before(AbstractMapAssert<?, ?, K, V> mapAssert, Map<?, ?> map) {
       return mapAssert.hasSize(map.size());
     }
 
     @AfterTemplate
-    AbstractMapAssert<?, ?, K, V> after(AbstractMapAssert<?, ?, K, V> mapAssert, Map<K, V> map) {
+    AbstractMapAssert<?, ?, K, V> after(AbstractMapAssert<?, ?, K, V> mapAssert, Map<?, ?> map) {
       return mapAssert.hasSameSizeAs(map);
     }
   }
@@ -220,6 +178,20 @@ final class AssertJMapRules {
     }
   }
 
+  static final class AssertThatMapContainsOnlyKeys<K, V> {
+    @BeforeTemplate
+    AbstractCollectionAssert<?, Collection<? extends K>, K, ?> before(
+        Map<K, V> map, Iterable<? extends K> keys) {
+      return assertThat(map.keySet()).hasSameElementsAs(keys);
+    }
+
+    @AfterTemplate
+    @UseImportPolicy(STATIC_IMPORT_ALWAYS)
+    MapAssert<K, V> after(Map<K, V> map, Iterable<? extends K> keys) {
+      return assertThat(map).containsOnlyKeys(keys);
+    }
+  }
+
   static final class AssertThatMapContainsValue<K, V> {
     @BeforeTemplate
     AbstractBooleanAssert<?> before(Map<K, V> map, V value) {

error-prone-contrib/src/main/java/tech/picnic/errorprone/refasterrules/AssertJOptionalRules.java

@@ -22,7 +22,6 @@ final class AssertJOptionalRules {
 
   static final class AssertThatOptional<T> {
     @BeforeTemplate
-    @SuppressWarnings("NullAway")
     ObjectAssert<T> before(Optional<T> optional) {
       return assertThat(optional.orElseThrow());
     }

error-prone-contrib/src/main/java/tech/picnic/errorprone/refasterrules/AssertJPrimitiveRules.java

@@ -23,6 +23,8 @@ final class AssertJPrimitiveRules {
     }
 
     @BeforeTemplate
+    @SuppressWarnings(
+        "java:S1244" /* The (in)equality checks are fragile, but may be seen in the wild. */)
     AbstractBooleanAssert<?> before(double actual, double expected) {
       return Refaster.anyOf(
           assertThat(actual == expected).isTrue(), assertThat(actual != expected).isFalse());
@@ -43,6 +45,8 @@ final class AssertJPrimitiveRules {
     }
 
     @BeforeTemplate
+    @SuppressWarnings(
+        "java:S1244" /* The (in)equality checks are fragile, but may be seen in the wild. */)
     AbstractBooleanAssert<?> before(double actual, double expected) {
       return Refaster.anyOf(
           assertThat(actual != expected).isTrue(), assertThat(actual == expected).isFalse());