0

I'm working on a huge monolith Java application with over 15000 lines of code that has been developed for quite a while now. My task is to find dead code (code that is never used) in the application. My idea was to approach this with JaCoCo code coverage tool being used in our production environment.

I've done some reading, but since JaCoCo (as most code coverage tools) are designed to show test coverage, there is not much information regarding my use case.

In the project, I use Gradle, which is a bit unfortunate, as I found out that for example for Maven, the JaCoCo plug-in provides a prepare agent task. There is no such thing for Gradle, so I'm wondering how I could set up the JaCoCo agent to receive the requests in production and mark the code that is being used. (I'm referring to code that is reachable in some flows but perhaps was never really used.)

I've found and example command that could be used:

java -javaagent:<path-to-application>/src/main/resources/lib/jacocoagent.jar=address=*,port=36320,destfile=jacoco-it.exec,output=tcpserver -jar <path-to-application>/target/myapplication.jar

Could someone explain what this command basically does? Could it be useful for my scenario? I'm open to any suggestions.

ripsta
  • 1
  • 2
  • 3
    You probably shouldn't do code coverage in production as it has overhead. I'm not sure, but IntelliJ might have code inspections that can tell if a method is not used: https://stackoverflow.com/questions/6587729/how-to-use-intellij-idea-to-find-all-unused-code – akarnokd Jun 17 '22 at 10:26
  • Code coverage tools such as Jacoco are aimed at seeing how much of the code is tested, not how much it is used overall. As @akarnokd said, IDEs like IntelliJ have easy tools to inspect code and find cases like unused functions or variables, which is closer to what you are looking for. – Randommm Jun 17 '22 at 10:31
  • Are you trying to find code that _cannot_ possibly ever be reached? If so, then use your IDE to find unreachable code as others have commented above. Or are you trying to find code that, for example, is theoretically reachable but it processes an endpoint that no user has called in the last 10 years? If that's the case, make it clear by editing your question. – k314159 Jun 17 '22 at 10:50
  • 2
    He almost certainly means working code that has simply not been used for a while. This would be very dangerous to do in production; simply don't. In addition to other reasons the tool will only find code that is used "now" and some code may run once per year. If that happens you will delete it even if it is still needed. My advice is to use logging instead and check the logs to see what high-level functions get called. If it is a web application you might already have web server logs you can use (but don't forget background jobs). – ewramner Jun 17 '22 at 11:14
  • @ewramner Thanks for your response. I would of course only remove code that I see is not going to be used in the future. I just want Jacoco to point these bits of code out for me so that I don't have to browse it myself. Do you see any security vulnerabilities that this could cause? – ripsta Jun 17 '22 at 14:13
  • @Joe My question is really about how to implement my use case. I'm afraid our code base is way too big to start placing logs all around or introduce AOP, it would just take much more effort at this point. – ripsta Jun 17 '22 at 14:17
  • @ripsta I don't know of security (but there may be issues there as well), but you can expect a radical decrease in performance. It may also affect stability. In test, fine, but production? Not on my shift ;-) – ewramner Jun 17 '22 at 14:43

0 Answers0