Dead Code
Dead code is any code that's never executed, or if executed, the execution has no effect on the application's behaviour.
Dead code adds unnecessary complexity to the codebase. It makes the codebase more difficult to understand and maintain in the long run. It impacts performance and security. In some cases, due to poor software engineering practices, dead code can "come back to life" and cause catastrophic failures. It's therefore recommended to remove dead code.
Tools and techniques are available to help developers get rid of dead code. But developers tend to leave them around rather than remove them. It's been said that,
Deleting dead code is not a technical problem; it is a problem of mindset and culture.
Discussion
-
What's the definition of dead code? Dead code is any code that has no effect on the application's behaviour. This is a simple and useful definition. Looking into the details, we identify some alternatives to this definition.
Code that is unnecessarily executed is called redundant code. This would include variable assignments or function returns that are subsequently never used. A subset of this may be called partially dead code that refers to code that's essential only on some program paths.
Code that can't be reached or executed on any program path is called unreachable code. This could happen if there's an unconditional function return and there's code that follows the return statement. Code that's commented is another example. A superset of this is unused code that could be executed but it's not executed because the user never triggers it.
-
What are the different types of dead code? Dead code can be of the following types:
- Dead Types: Types are defined but not used anywhere. This includes types used by only other types but the latter themselves are not used anywhere. Public types should not be considered dead since they maybe called by client code.
- Dead Methods: Like dead types but applicable for methods.
- Dead Fields: Unused fields or fields that are only initialized but not used anywhere in the code. Dead fields include attributes of classes common in object-oriented programming languages.
- Dead Parameters: Maybe considered as a special case of dead fields. For example, a function accepts four parameters but only three are used by the function.
Since public types, methods and fields could be called by client code, we don't consider them as dead during static analysis or compilation. However, a linker can still identify dead code and remove them if they see that client code is not calling them. An example of this is R8 code shrinker that developers use in Android projects.
-
What problems can dead code cause? Dead code introduces unnecessary complexity and confusion. People who maintain code are usually not the same as those who created it. With dead code around, it's hard to know what's safe to delete or update. Developers may even maintain dead code (and their test cases) without realizing that it's a waste of effort. From a design perspective, dead code increases or preserves coupling among classes. This in turn makes code refactoring more difficult.
Dead code takes up extra space. Program size is larger and so too its runtime footprint.
Dead code that executes without changing application's functional behaviour but may affect performance. CPU cycles are spent in executing redundant code.
Dead code that hasn't been touched for a long time may also contain security issues that could be exploited by hackers. It's smarter to delete such code than maintain it.
A patent is infringed only if the code that implements the claimed invention actually executes. Therefore, patent holders will have a weaker case if some of their code is dead. This is yet another reason to identify dead code.
-
Could you share some real-world instances of dead code? A high-profile example is that of Knight Capital Group that lost $440 million in a single day on the NYSE due to dead code. This happened on August 1st, 2012 though the dead code had been unused since 2003. The problem was triggered because a dead feature flag was repurposed for some new code. This unintentionally activated the dead code that had been designed for only test environments. The codebase had also been refactored without adequate regression testing. Moreover, deployment was done manually without a proper reviewal process.
In 2014, Apple fixed a security vulnerability that was attributed to a copy-paste edit that lead to dead code. A duplicate line of code allowed an attacker to bypass an authentication check, which became dead code. Static code analysis would have caught this problem. Informal peer review, formal code inspection, test coverage (line and path coverage) and training developers are other ways this could have been prevented or caught earlier.
-
Why do we have dead code? Dead code arises due to software maintenance and software aging. For example, a new fragment of code might make another code fragment dead. Developers are either unaware of this or think that such code may be needed again someday. When software ages, dead code due to obsolete features is a common reason.
Where a codebase is inherited from another company, we can have inherited dead code. When developers recognize the dead code, they might comment it out or add comments to flag it. They may remove it only if it's low risk and low cost.
Sometimes code is created dead with the expectation that it could be used in future. In classes, the use of getters and setters is such an example. Unclear or incomplete specifications are further reasons for dead code. Code reuse can cause dead code since not all interfaces or functions may be used.
Sometimes dead code is active during testing but not in production. Developers therefore don't consider removing it. On the contrary, lack of automated regression testing makes developers wary of any refactoring.
-
What are some tools and techniques to eliminate dead code? An easy way to find and eliminate dead code is a good IDE. Unused files can also be removed. Unnecessary classes can be inlined. Class hierarchy can be collapsed. Eclipse, Findbugs, PMD, and NDepend are some useful IDEs or tools.
Languages such as JavaScript have good linting tools to catch dead code. For Go, Grind package can be considered. For R, there's
rco
. For Python, there's Vulture for static code analysis. Although Python is a dynamic language, Vulture can improve code quality.Where developers suspect dead code, they can log messages. More generally, it's a good practice to log API calls. If such messages appear at runtime, we can be assured that the code is not entirely dead. However, absence of these messages in the log doesn't guarantee that the code is dead.
For JavaScript frontend code, minifiers remove dead code for production builds. Likewise, there are options to C++ compilers and linkers that eliminate dead code. These reduce program size and perhaps improve performance. However, they don't solve the problem of dead code at the source, which implies that software maintenance continues to be complex.
Milestones
2003
2018
References
- Android Developers. 2021. "Shrink, obfuscate, and optimize your app." User Guide, Android Studio, Android Developers, February 24. Accessed 2021-04-19.
- Bolton, Ian Graham, and David Ung. 2009. "Partial dead code elimination optimizations for program code conversion." U.S. Patent US7543284B2, June 2. Filed 2003-12-20. Accessed 2021-04-19.
- Boomsma, Hidde. 2012. "Dead code elimination for web applications written in dynamic languages." Master’s Thesis, Delft University of Technology. Accessed 2021-04-19.
- Boroumand, Amir. 2018. "The Risks of Dead Code." Dev.to, August 8. Accessed 2021-04-19.
- Carnegie Mellon University. 2021. "MSC12-C. Detect and remove code that has no effect or is never executed." SEI CERT C Coding Standard, Carnegie Mellon University, April 20. Accessed 2021-04-20.
- Dietrich, Erik. 2017. "You Have No Excuse for Dead Code." Blog, NDepend, October 19. Updated 2020-07-16. Accessed 2021-04-19.
- Dolfing, Henrico. 2019. "Case Study 4: The $440 Million Software Error at Knight Capital." Blog, June 5. Accessed 2021-04-19.
- Ehsan, Samiul. 2015. "Compiler Design: Dead Code Elimination." On SlideShare, December 20. Accessed 2021-04-20.
- Frankovitz, Jason. 2017. "Code is Tricky, Part 1: Dead Code." Quandary Peak Research, February 10. Accessed 2021-04-19.
- Grind. 2015. "Readme." Grind package, v0, March 2. cessed 2021-04-19.
- Hogg, Jim. 2013. "Optimizing C++ Code : Dead Code Elimination." C++ Team Blog, Microsoft, August 9. Accessed 2021-04-20.
- Kellner, Ingmar. 2015. "Dead Code Detection." Hello2morrow Blog, April 21. Accessed 2021-04-20.
- Knoop, Jens, Oliver Rüthing, and Bernhard Steffen. 1994. "Partial Dead Code Elimination." ACM SIGPLAN Notices, vol. 29, pp. 147-158, June. doi: 10.1145/178243.178256. Accessed 2021-04-19.
- Linders, Ben. 2017. "Dead Code Must Be Removed." InfoQ, February 9. Accessed 2021-04-19.
- NDepend. 2021. "Detect and Remove Dead Code." Docs, NDepend. Accessed 2021-04-19.
- Parikh, Sapan. 2020. "Dead code." Medium, July 16. Accessed 2021-04-19.
- PyPI. 2021. "vulture 2.3." PyPI, January 16. Accessed 2021-04-19.
- Refactoring.Guru. 2020. "Dead Code." Refactoring.Guru, January 1. Accessed 2021-04-19.
- Rodriguez, Juan Cruz, Yihui Xie, and Nicolás Wolovick. 2021. "Dead Code Elimination." Vignette in: The R Code Optimizer, v1.0.2, April 17. Accessed 2021-04-19.
- Romano, Simone, Christopher Vendome, Giuseppe Scanniello, and Denys Poshyvanyk. 2020. "A Multi-Study Investigation Into Dead Code." IEEE Transactions on Software Engineering, vol. 46, no. 1, pp. 71-99, January. doi: 10.1109/TSE.2018.2842781. Accessed 2021-04-19.
- Rosen, Barry K. 1977. "High-Level Data Flow Analysis." Comms of the ACM, vol. 20, no. 10, pp. 712-724, October. doi: 10.1145/359842.359849. Accessed 2021-04-19.
- Seguy, Damien. 2016. "The hunt for dead code." On SlideShare, November 14. Accessed 2021-04-20.
- Sei, Leo. 2018. "R8, the new code shrinker from Google, is available in Android studio 3.3 beta." Android Developers Blog, Google, November 5. Accessed 2021-04-19.
- Tobias. 2017. "Finding Dead Code." Blog, November 25. Accessed 2021-04-19.
- Woody, Carol and Bill Nichols. 2015. "Heartbleed and Goto Fail: Two Case Studies for Predicting Software Assurance Using Quality and Reliability Measures." SEI Blog, April 20. Accessed 2021-04-19.
- dos Reis, José Pereira, Fernando Brito e Abreu, Glauco de Figueiredo Carneiro, and Craig Anslow. 2020. "Code smells detection and visualization: A systematic literature review." arXiv, v1, December 16. Accessed 2021-04-19.
Further Reading
- Romano, Simone, Christopher Vendome, Giuseppe Scanniello, and Denys Poshyvanyk. 2020. "A Multi-Study Investigation Into Dead Code." IEEE Transactions on Software Engineering, vol. 46, no. 1, pp. 71-99, January. doi: 10.1109/TSE.2018.2842781. Accessed 2021-04-19.
- Linders, Ben. 2021. "Dead Code Must Be Removed." InfoQ, February 9. Accessed 2021-04-19.
- Dietrich, Erik. 2017. "You Have No Excuse for Dead Code." Blog, NDepend, October 19. Updated 2020-07-16. Accessed 2021-04-19.
- Boomsma, Hidde. 2012. "Dead code elimination for web applications written in dynamic languages." Master’s Thesis, Delft University of Technology. Accessed 2021-04-19.
- Streitel, Fabian, Daniela Steidl, and Elmar Jürgens. 2014. "Dead Code Detection On Class Level." CQSE GmbH. Accessed 2021-04-19.
Article Stats
Cite As
See Also
- Code Smell
- Clean Code
- Code Review
- Code Refactoring
- Static Code Analysis
- Technical Debt