Dead Code

Examples of dead code. Source: Adapted from Seguy 2016
Examples of dead code. Source: Adapted from Seguy 2016 and Knoop et al. 1994.

Dead code is any code that's never executed, or if executed, the execution has no effect on the application's behaviour.

Dead code adds unnecessary complexity to the codebase. It makes the codebase more difficult to understand and maintain in the long run. It impacts performance and security. In some cases, due to poor software engineering practices, dead code can "come back to life" and cause catastrophic failures. It's therefore recommended to remove dead code.

Tools and techniques are available to help developers get rid of dead code. But developers tend to leave them around rather than remove them. It's been said that,

Deleting dead code is not a technical problem; it is a problem of mindset and culture.

Discussion

  • What's the definition of dead code?
    Dead code has a few possible definitions. Source: Boomsma 2012, fig. 2.1.
    Dead code has a few possible definitions. Source: Boomsma 2012, fig. 2.1.

    Dead code is any code that has no effect on the application's behaviour. This is a simple and useful definition. Looking into the details, we identify some alternatives to this definition.

    Code that is unnecessarily executed is called redundant code. This would include variable assignments or function returns that are subsequently never used. A subset of this may be called partially dead code that refers to code that's essential only on some program paths.

    Code that can't be reached or executed on any program path is called unreachable code. This could happen if there's an unconditional function return and there's code that follows the return statement. Code that's commented is another example. A superset of this is unused code that could be executed but it's not executed because the user never triggers it.

  • What are the different types of dead code?
    R8 for Android identifies and removes unused classes and methods from libraries. Source: Android Developers 2021, fig. 1.
    R8 for Android identifies and removes unused classes and methods from libraries. Source: Android Developers 2021, fig. 1.

    Dead code can be of the following types:

    • Dead Types: Types are defined but not used anywhere. This includes types used by only other types but the latter themselves are not used anywhere. Public types should not be considered dead since they maybe called by client code.
    • Dead Methods: Like dead types but applicable for methods.
    • Dead Fields: Unused fields or fields that are only initialized but not used anywhere in the code. Dead fields include attributes of classes common in object-oriented programming languages.
    • Dead Parameters: Maybe considered as a special case of dead fields. For example, a function accepts four parameters but only three are used by the function.

    Since public types, methods and fields could be called by client code, we don't consider them as dead during static analysis or compilation. However, a linker can still identify dead code and remove them if they see that client code is not calling them. An example of this is R8 code shrinker that developers use in Android projects.

  • What problems can dead code cause?

    Dead code introduces unnecessary complexity and confusion. People who maintain code are usually not the same as those who created it. With dead code around, it's hard to know what's safe to delete or update. Developers may even maintain dead code (and their test cases) without realizing that it's a waste of effort. From a design perspective, dead code increases or preserves coupling among classes. This in turn makes code refactoring more difficult.

    Dead code takes up extra space. Program size is larger and so too its runtime footprint.

    Dead code that executes without changing application's functional behaviour but may affect performance. CPU cycles are spent in executing redundant code.

    Dead code that hasn't been touched for a long time may also contain security issues that could be exploited by hackers. It's smarter to delete such code than maintain it.

    A patent is infringed only if the code that implements the claimed invention actually executes. Therefore, patent holders will have a weaker case if some of their code is dead. This is yet another reason to identify dead code.

  • Could you share some real-world instances of dead code?

    A high-profile example is that of Knight Capital Group that lost $440 million in a single day on the NYSE due to dead code. This happened on August 1st, 2012 though the dead code had been unused since 2003. The problem was triggered because a dead feature flag was repurposed for some new code. This unintentionally activated the dead code that had been designed for only test environments. The codebase had also been refactored without adequate regression testing. Moreover, deployment was done manually without a proper reviewal process.

    In 2014, Apple fixed a security vulnerability that was attributed to a copy-paste edit that lead to dead code. A duplicate line of code allowed an attacker to bypass an authentication check, which became dead code. Static code analysis would have caught this problem. Informal peer review, formal code inspection, test coverage (line and path coverage) and training developers are other ways this could have been prevented or caught earlier.

  • Why do we have dead code?
    Themes and sub-themes relevant to dead code. Source: Romano et al. 2020, fig. 4.
    Themes and sub-themes relevant to dead code. Source: Romano et al. 2020, fig. 4.

    Dead code arises due to software maintenance and software aging. For example, a new fragment of code might make another code fragment dead. Developers are either unaware of this or think that such code may be needed again someday. When software ages, dead code due to obsolete features is a common reason.

    Where a codebase is inherited from another company, we can have inherited dead code. When developers recognize the dead code, they might comment it out or add comments to flag it. They may remove it only if it's low risk and low cost.

    Sometimes code is created dead with the expectation that it could be used in future. In classes, the use of getters and setters is such an example. Unclear or incomplete specifications are further reasons for dead code. Code reuse can cause dead code since not all interfaces or functions may be used.

    Sometimes dead code is active during testing but not in production. Developers therefore don't consider removing it. On the contrary, lack of automated regression testing makes developers wary of any refactoring.

  • What are some tools and techniques to eliminate dead code?

    An easy way to find and eliminate dead code is a good IDE. Unused files can also be removed. Unnecessary classes can be inlined. Class hierarchy can be collapsed. Eclipse, Findbugs, PMD, and NDepend are some useful IDEs or tools.

    Languages such as JavaScript have good linting tools to catch dead code. For Go, Grind package can be considered. For R, there's rco. For Python, there's Vulture for static code analysis. Although Python is a dynamic language, Vulture can improve code quality.

    Where developers suspect dead code, they can log messages. More generally, it's a good practice to log API calls. If such messages appear at runtime, we can be assured that the code is not entirely dead. However, absence of these messages in the log doesn't guarantee that the code is dead.

    For JavaScript frontend code, minifiers remove dead code for production builds. Likewise, there are options to C++ compilers and linkers that eliminate dead code. These reduce program size and perhaps improve performance. However, they don't solve the problem of dead code at the source, which implies that software maintenance continues to be complex.

Milestones

1970

In this decade, there's research towards better compilers, program certification and program optimization. For example, Rosen's 1977 paper titled High-Level Data Flow Analysis adopts directed graphs as an analysis tool. These research initiatives facilitate dead code elimination.

1994

Based on techniques for partial redundancy elimination, Knoop et al. present an optimal method for partial dead code elimination. Their method is optimal in the sense that any remaining partially dead code can't be eliminated without changing the code structure or its semantics.

1998

In a book about software refactoring, Brown et al. take note of "unused code frozen in an ever-changing design." They call this lava flow.

1999

Martin Fowler in his book titled Refactoring: Improving the Design of Existing Code identifies 22 code smells and suggests ways to remove them. However, he doesn't explicitly mention dead code as a code smell.

Dec
2003

Bolton and Ung file for a patent with the title Partial dead code elimination optimizations for program code conversion. They identify partially dead register definitions that can be eliminated towards more optimized intermediate representation of the code.

Nov
2018

As part of Android Studio 3.3 beta, Google releases R8 for code shrinking. With R8, APK size reduces. R8 gets rid of unused code and resources. It also does code minification to save space. Proguard is another tool that does this but R8 does it faster while achieving similar results.

Dec
2020

In an analysis of code smells, dos Reis et al. include dead code as one of the code smells. From the 83 studies selected for the analysis, they find that 4.8% contain dead code. The most prominent code smell is the God Class, present in 51.8% of the studies.

References

  1. Android Developers. 2021. "Shrink, obfuscate, and optimize your app." User Guide, Android Studio, Android Developers, February 24. Accessed 2021-04-19.
  2. Bolton, Ian Graham, and David Ung. 2009. "Partial dead code elimination optimizations for program code conversion." U.S. Patent US7543284B2, June 2. Filed 2003-12-20. Accessed 2021-04-19.
  3. Boomsma, Hidde. 2012. "Dead code elimination for web applications written in dynamic languages." Master’s Thesis, Delft University of Technology. Accessed 2021-04-19.
  4. Boroumand, Amir. 2018. "The Risks of Dead Code." Dev.to, August 8. Accessed 2021-04-19.
  5. Carnegie Mellon University. 2021. "MSC12-C. Detect and remove code that has no effect or is never executed." SEI CERT C Coding Standard, Carnegie Mellon University, April 20. Accessed 2021-04-20.
  6. Dietrich, Erik. 2017. "You Have No Excuse for Dead Code." Blog, NDepend, October 19. Updated 2020-07-16. Accessed 2021-04-19.
  7. Dolfing, Henrico. 2019. "Case Study 4: The $440 Million Software Error at Knight Capital." Blog, June 5. Accessed 2021-04-19.
  8. Ehsan, Samiul. 2015. "Compiler Design: Dead Code Elimination." On SlideShare, December 20. Accessed 2021-04-20.
  9. Frankovitz, Jason. 2017. "Code is Tricky, Part 1: Dead Code." Quandary Peak Research, February 10. Accessed 2021-04-19.
  10. Grind. 2015. "Readme." Grind package, v0, March 2. cessed 2021-04-19.
  11. Hogg, Jim. 2013. "Optimizing C++ Code : Dead Code Elimination." C++ Team Blog, Microsoft, August 9. Accessed 2021-04-20.
  12. Kellner, Ingmar. 2015. "Dead Code Detection." Hello2morrow Blog, April 21. Accessed 2021-04-20.
  13. Knoop, Jens, Oliver Rüthing, and Bernhard Steffen. 1994. "Partial Dead Code Elimination." ACM SIGPLAN Notices, vol. 29, pp. 147-158, June. doi: 10.1145/178243.178256. Accessed 2021-04-19.
  14. Linders, Ben. 2017. "Dead Code Must Be Removed." InfoQ, February 9. Accessed 2021-04-19.
  15. NDepend. 2021. "Detect and Remove Dead Code." Docs, NDepend. Accessed 2021-04-19.
  16. Parikh, Sapan. 2020. "Dead code." Medium, July 16. Accessed 2021-04-19.
  17. PyPI. 2021. "vulture 2.3." PyPI, January 16. Accessed 2021-04-19.
  18. Refactoring.Guru. 2020. "Dead Code." Refactoring.Guru, January 1. Accessed 2021-04-19.
  19. Rodriguez, Juan Cruz, Yihui Xie, and Nicolás Wolovick. 2021. "Dead Code Elimination." Vignette in: The R Code Optimizer, v1.0.2, April 17. Accessed 2021-04-19.
  20. Romano, Simone, Christopher Vendome, Giuseppe Scanniello, and Denys Poshyvanyk. 2020. "A Multi-Study Investigation Into Dead Code." IEEE Transactions on Software Engineering, vol. 46, no. 1, pp. 71-99, January. doi: 10.1109/TSE.2018.2842781. Accessed 2021-04-19.
  21. Rosen, Barry K. 1977. "High-Level Data Flow Analysis." Comms of the ACM, vol. 20, no. 10, pp. 712-724, October. doi: 10.1145/359842.359849. Accessed 2021-04-19.
  22. Seguy, Damien. 2016. "The hunt for dead code." On SlideShare, November 14. Accessed 2021-04-20.
  23. Sei, Leo. 2018. "R8, the new code shrinker from Google, is available in Android studio 3.3 beta." Android Developers Blog, Google, November 5. Accessed 2021-04-19.
  24. Tobias. 2017. "Finding Dead Code." Blog, November 25. Accessed 2021-04-19.
  25. Woody, Carol and Bill Nichols. 2015. "Heartbleed and Goto Fail: Two Case Studies for Predicting Software Assurance Using Quality and Reliability Measures." SEI Blog, April 20. Accessed 2021-04-19.
  26. dos Reis, José Pereira, Fernando Brito e Abreu, Glauco de Figueiredo Carneiro, and Craig Anslow. 2020. "Code smells detection and visualization: A systematic literature review." arXiv, v1, December 16. Accessed 2021-04-19.

Further Reading

  1. Romano, Simone, Christopher Vendome, Giuseppe Scanniello, and Denys Poshyvanyk. 2020. "A Multi-Study Investigation Into Dead Code." IEEE Transactions on Software Engineering, vol. 46, no. 1, pp. 71-99, January. doi: 10.1109/TSE.2018.2842781. Accessed 2021-04-19.
  2. Linders, Ben. 2021. "Dead Code Must Be Removed." InfoQ, February 9. Accessed 2021-04-19.
  3. Dietrich, Erik. 2017. "You Have No Excuse for Dead Code." Blog, NDepend, October 19. Updated 2020-07-16. Accessed 2021-04-19.
  4. Boomsma, Hidde. 2012. "Dead code elimination for web applications written in dynamic languages." Master’s Thesis, Delft University of Technology. Accessed 2021-04-19.
  5. Streitel, Fabian, Daniela Steidl, and Elmar Jürgens. 2014. "Dead Code Detection On Class Level." CQSE GmbH. Accessed 2021-04-19.

Article Stats

Author-wise Stats for Article Edits

Author
No. of Edits
No. of Chats
DevCoins
4
0
1915
1
0
15
1507
Words
3
Likes
16K
Hits

Cite As

Devopedia. 2022. "Dead Code." Version 5, February 15. Accessed 2024-06-25. https://devopedia.org/dead-code
Contributed by
2 authors


Last updated on
2022-02-15 11:56:30