Codekvast

The Truly Dead Code Detector

Why Codekvast?


TL;DR Codekvast detects Truly Dead Code in Java applications without access to the source code. Currently only as a Heroku Add-on. More to come later.


  • All code is a liability!
  • The best code is the code that is not written!
  • Fastest way to increase code coverage is to remove dead code!

I believe all agree that is is good to keep the codebase small and compact.

Build times are kept short, test suites run fast, deployments are fast, static code analysis is fast, developer on-boarding is fast, the risk for bugs and vulnerabilities is kept low and so on. In short, it allows you and your team to be more agile!

All development teams should spend time not only on writing new code, but also on cleaning up after themselves.

Which turns out to be easier said than done...

As long as we write new code, things are simple. We build the Simplest Thing That Can Possibly Work, and eat YAGNI for breakfast, right?

But the ugly truth is that over time the codebase becomes more and more rotten and bloated. It will contain not only useful features, but also features that no real user any longer is using.

Pure garbage, that really should be deleted, right?

The problem is also accented by modern phenomenons as Lean Startup and Continuous Delivery, that tells us to deploy little and often. Sometimes pure experiments to learn what the users really want. Some of these experiments are not successful, and should thus be removed.

But to be honest, how often does this happen? How easy is it to identify what should be removed?

So what can you do to identify code garbage?

- Intellij reports dead code! you might say.

True. In some circumstances. The IDE support for detecting dead code is based on static code analysis. The IDE will never propose deletion of public methods, since it cannot know all other clients to the code that potentially could invoke the methods. So this otherwise fantastic feature is of limited use in this context.

The same reasoning is applicable if you use code coverage tools during automated acceptance tests. The code that the coverage tool reports as unused often only indicates a shortcoming in the test suite. The natural - and correct - reaction is to write more tests.

If you have an acceptance test suite that tests exactly what your product is supposed to support, nothing more and nothing less, then all code that is uncovered by the tests can be deleted. Congrats! You don't have the problem Codekvast is solving!

Many companies add feature trackers to their products to learn their customers' behaviour. It could be JavaScript or invisible 1x1 images in web pages or manually instrumented code in the back-end. These tools are obviously good, since they help the product owner identify useful features that should be nurtured. They are however quite useless in pinpointing unused stuff that safely can be removed.

Well, what about log file analysis? Same thing, logs tell what has been used. It does not tell what is dead code without extensive manual analysis.

What you really would want to have

What you really want is a tool that

  • Automatically records the instant methods are invoked in any of your production servers.
  • Automatically makes an inventory of the code that is deployed to production.
  • Automatically delivers invocation and inventory data to a central data warehouse.
  • Can applied with minimal risk; without risking jar hell.
  • Has minimal runtime penalty; CPU-wise, I/O-wise, memory-wise and bandwidth-wise.
  • Can be applied to an existing application without code modification.
  • Requires minimal modifications to the start scripts.
  • Makes the aggregated information available to the development teams without having to give them access to the production environments.
  • Has warehouse tools for finding code that has not been executed for X days.

The value of "X days" is highly domain specific. For a news site it could be as little as 14 days. For a system handling public elections it could be 4 years!

When one after X days has used the tool for identifying and removing truly dead code (with accompanying tests), the IDE support for identifying statically dead code comes to play. Behind each public business method there are often supporting private methods. Once you have started digging, it could turn out to be quite much that is dead.

So what such tools are there?

With the above feature set, as of today only Codekvast!

Codekvast is currently offered as Codekvast-as-a-Service:

  • You sign up for Codekvast, selecting a suitable price plan (including a free test plan).
  • You add the Codekvast Agent to your application.
  • You access the Codekvast Warehouse in the cloud.

Easy!

As a first step, Codekvast will be added to Heroku Add-ons, with support for Java only.

Later, Codekvast-as-a-Service will support other languages and platforms, including self-hosted data centers.

Interested in becoming a Heroku add-on alpha tester? Drop a mail to codekvast-support@hit.se!

Read more at What is Codekvast?