Maven combined detector experiment (#1628)

* Maven combined detector experiment

* Fix verification test race condition

* Added variable to account for race conditions

* Fixed tests

* Update MavenCommandService

* NIt

* Force experiment detector to use another temp directory

* PR comments

* Remove extra code

* Nit

* Another nit

* Update experiment

* Perf refactoring

* Perf improvement

* perf update

* Updated tests

* Readd semaphore

* More improvements

* Nit

* Remove Maven new detector experiment

* Remove unused method overload

* Remove unused parameter

* More perf improvement

* Nit

* All cancellation token usage

* Added ExecutionDataflowBlockOptions

* Build error

Author: zhenghao104

src/Microsoft.ComponentDetection.Detectors/maven/IMavenCommandService.cs

@@ -11,7 +11,7 @@ public interface IMavenCommandService
 
     Task<bool> MavenCLIExistsAsync();
 
-    Task GenerateDependenciesFileAsync(ProcessRequest processRequest, CancellationToken cancellationToken = default);
+    Task<MavenCliResult> GenerateDependenciesFileAsync(ProcessRequest processRequest, CancellationToken cancellationToken = default);
 
     void ParseDependenciesFile(ProcessRequest processRequest);
 }

src/Microsoft.ComponentDetection.Detectors/maven/MavenCliResult.cs

@@ -0,0 +1,8 @@
+namespace Microsoft.ComponentDetection.Detectors.Maven;
+
+/// <summary>
+/// Represents the result of executing a Maven CLI command.
+/// </summary>
+/// <param name="Success">Whether the command completed successfully.</param>
+/// <param name="ErrorOutput">The error output from the command, if any.</param>
+public record MavenCliResult(bool Success, string? ErrorOutput);

src/Microsoft.ComponentDetection.Detectors/maven/MavenCommandService.cs

@@ -2,6 +2,7 @@
 namespace Microsoft.ComponentDetection.Detectors.Maven;
 
 using System;
+using System.Collections.Concurrent;
 using System.IO;
 using System.Threading;
 using System.Threading.Tasks;
@@ -19,6 +20,19 @@ public class MavenCommandService : IMavenCommandService
 
     internal static readonly string[] AdditionalValidCommands = ["mvn.cmd"];
 
+    /// <summary>
+    /// Per-location semaphores to prevent concurrent Maven CLI executions for the same pom.xml.
+    /// This allows multiple detectors (e.g., MvnCliComponentDetector and MavenWithFallbackDetector)
+    /// to safely share the same output file without race conditions.
+    /// </summary>
+    private readonly ConcurrentDictionary<string, SemaphoreSlim> locationLocks = new();
+
+    /// <summary>
+    /// Tracks locations where dependency generation has completed successfully.
+    /// Used to skip duplicate executions when multiple detectors process the same pom.xml.
+    /// </summary>
+    private readonly ConcurrentDictionary<string, MavenCliResult> completedLocations = new();
+
     private readonly ICommandLineInvocationService commandLineInvocationService;
     private readonly IMavenStyleDependencyGraphParserService parserService;
     private readonly IEnvironmentVariableService envVarService;
@@ -43,7 +57,57 @@ public async Task<bool> MavenCLIExistsAsync()
         return await this.commandLineInvocationService.CanCommandBeLocatedAsync(PrimaryCommand, AdditionalValidCommands, MvnVersionArgument);
     }
 
-    public async Task GenerateDependenciesFileAsync(ProcessRequest processRequest, CancellationToken cancellationToken = default)
+    public async Task<MavenCliResult> GenerateDependenciesFileAsync(ProcessRequest processRequest, CancellationToken cancellationToken = default)
+    {
+        var pomFile = processRequest.ComponentStream;
+        var pomDir = Path.GetDirectoryName(pomFile.Location);
+        var depsFilePath = Path.Combine(pomDir, this.BcdeMvnDependencyFileName);
+
+        // Check the cache before acquiring the semaphore to allow fast-path returns
+        // even when cancellation has been requested.
+        if (this.completedLocations.TryGetValue(pomFile.Location, out var cachedResult)
+            && cachedResult.Success
+            && File.Exists(depsFilePath))
+        {
+            this.logger.LogDebug("{DetectorPrefix}: Skipping duplicate \"dependency:tree\" for {PomFileLocation}, already generated", DetectorLogPrefix, pomFile.Location);
+            return cachedResult;
+        }
+
+        // Use semaphore to prevent concurrent Maven CLI executions for the same pom.xml.
+        // This allows MvnCliComponentDetector and MavenWithFallbackDetector to safely share the output file.
+        var semaphore = this.locationLocks.GetOrAdd(pomFile.Location, _ => new SemaphoreSlim(1, 1));
+
+        await semaphore.WaitAsync(cancellationToken);
+        try
+        {
+            // Re-check the cache after acquiring the semaphore in case another caller
+            // completed while we were waiting.
+            if (this.completedLocations.TryGetValue(pomFile.Location, out cachedResult)
+                && cachedResult.Success
+                && File.Exists(depsFilePath))
+            {
+                this.logger.LogDebug("{DetectorPrefix}: Skipping duplicate \"dependency:tree\" for {PomFileLocation}, already generated", DetectorLogPrefix, pomFile.Location);
+                return cachedResult;
+            }
+
+            var result = await this.GenerateDependenciesFileCoreAsync(processRequest, cancellationToken);
+
+            // Only cache successful results. Failed results should allow retries for transient failures,
+            // and caching them would waste memory since the cache check requires Success == true anyway.
+            if (result.Success)
+            {
+                this.completedLocations[pomFile.Location] = result;
+            }
+
+            return result;
+        }
+        finally
+        {
+            semaphore.Release();
+        }
+    }
+
+    private async Task<MavenCliResult> GenerateDependenciesFileCoreAsync(ProcessRequest processRequest, CancellationToken cancellationToken)
     {
         var cliFileTimeout = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken);
         var timeoutSeconds = -1;
@@ -58,7 +122,7 @@ public async Task GenerateDependenciesFileAsync(ProcessRequest processRequest, C
         var pomFile = processRequest.ComponentStream;
         this.logger.LogDebug("{DetectorPrefix}: Running \"dependency:tree\" on {PomFileLocation}", DetectorLogPrefix, pomFile.Location);
 
-        var cliParameters = new[] { "dependency:tree", "-B", $"-DoutputFile={this.BcdeMvnDependencyFileName}", "-DoutputType=text", $"-f{pomFile.Location}" };
+        string[] cliParameters = ["dependency:tree", "-B", $"-DoutputFile={this.BcdeMvnDependencyFileName}", "-DoutputType=text", $"-f{pomFile.Location}"];
 
         var result = await this.commandLineInvocationService.ExecuteCommandAsync(PrimaryCommand, AdditionalValidCommands, cancellationToken: cliFileTimeout.Token, cliParameters);
 
@@ -78,10 +142,13 @@ public async Task GenerateDependenciesFileAsync(ProcessRequest processRequest, C
             {
                 this.logger.LogWarning("{DetectorPrefix}: There was a timeout in {PomFileLocation} file. Increase it using {TimeoutVar} environment variable.", DetectorLogPrefix, pomFile.Location, MvnCLIFileLevelTimeoutSecondsEnvVar);
             }
+
+            return new MavenCliResult(false, errorMessage);
         }
         else
         {
             this.logger.LogDebug("{DetectorPrefix}: Execution of \"dependency:tree\" on {PomFileLocation} completed successfully", DetectorLogPrefix, pomFile.Location);
+            return new MavenCliResult(true, null);
         }
     }