Detect Dead Code and Calls to Deprecated Methods with Sonar Squid
Up to version 2.1, Sonar was relying only on external coding rules engines such as Checkstyle, PMD and Findbugs to report violations on Java applications. But since version 2.1, Sonar also provides its own rules engine to work on Java dependencies. This rules engine is based on Squid and three rules are currently available :
Squid provides an easy to use visitor pattern to be able to visit dependencies between methods, fields, classes and packages. This visitor pattern has been used in Sonar 2.0 to calculate Object Oriented metrics like LCOM4, RFC, DIT, NOC, … and has been reused in Sonar 2.1 to implement this new rules engine.
Here is a description of the three new rules :
- Use of deprecated method : Once deprecated, a method should no longer be used as it means that the method might be removed one day; it might also mean its usage is inefficient or does not enable to benefit from certain features. Using a deprecated method is a sort of technical debt that must be repaid earlier rather than later. The rule detects calls to deprecated methods not only inside but also outside the project. It means that you can track usage of deprecated methods on Java API or any other external libraries. Here is an example of violation :
- Unused protected method or Unused private method : Protected or private methods that are never used by any classes in the same project are strongly suspected to be dead code. Dead code means unnecessary, inoperative code that should be removed. This helps in maintenance by decreasing the maintained code size, making it easier to understand the program. Protected methods that override a method from a parent class are not considered as dead code as those methods are most often used through polymorphism.
To support those new functionality, a new Open Source library called sonar-check-api has been added in the Sonar toolbox. This library offers a mechanism to describe the rule : title, description, default priority, ISO category… For Checkstyle, PMD and Findbugs, an XML file is used to provide such description but this library allows use of java annotations to embed the description inside the rule. Here is an example of use with the new “Use of deprecated method” rule :
Have fun with those three new rules while waiting for new ones like a rule to define the architecture layering :)
Good news! By analyzing bytecode, Squid brings powerful informations.
I have one question about Squid “Unused private method” rule. How does it differ from PMD UnusedPrivateMethod rule (http://pmd.sourceforge.net/rules/unusedcode.html), as AST should be enough to detect private dead code within a class?
Cheers,
Xavier
By Xavier on May 26, 2010 at 4:25 pm
The PMD and Squid rules to detect unused private methods are pretty similar even if it’s far easier and less error prone to work with the bytecode instead of the AST to implement such rule.
cheers,
Freddy
By Freddy Mallet on May 27, 2010 at 3:38 pm
I guess you’ll agree “Unused protected method” is only to be used in a “final” product.
An API like Hibernate, Spring or so, will by definition have a lot of those methods, and so shouldn’t use this kind of rule, right?
Cheers
By Baptiste on June 3, 2010 at 10:20 pm
You’re right Baptiste !
By Freddy Mallet on June 4, 2010 at 11:05 am
Great Info. Thanks!
By John S on September 14, 2010 at 5:06 am
Configure your rss please, I reading blogs news via rss reader, thnks.
By Free Crack on October 19, 2010 at 7:59 am
RSS works fine for me, so what do you mean by configure ?
By Evgeny Mandrikov on October 19, 2010 at 9:35 am
Will the bytecode analysis that you will do here, cover the data (bytecode) of all the projects on the Sonar server? (maybe better, a user-definable set of to-be-released projects on a Sonar server), or will it “only” run on a per project basis. Running this cross projects, will strongly increase value I assume.
By Pieter Bloemendaal on November 2, 2010 at 10:39 pm
Not for the moment. It would anyway only increase the value for unused protected methods.
By Olivier Gaudin on November 3, 2010 at 10:20 am
Hi, Private method ‘(…)’ is never used.
What does that mean? And how to solve?
By Jeroen Wolff on June 24, 2011 at 12:03 pm
Hi Jeroen, please use the User Sonar Mailing list to get some support (http://www.sonarsource.org/support/). Thanks ! Freddy
By Freddy Mallet on June 24, 2011 at 2:54 pm