Never use deprecated fields, methods, or classes in new code. The Java SE 6 documentation provides a complete list of deprecated APIs [[API 2006]]. Java provides a @deprecated annotation to indicate the deprecation of specific fields, methods, and classes. For instance, many methods of java.util.Date, such as Date.getYear(), have been explicitly deprecated. The rule THI05-J. Do not use Thread.stop() to terminate threads describes issues that can result from using the deprecated Thread.stop() method.
Obsolete fields, methods, and classes should not be used. Java provides no annotation to indicate obsolescence, but several objects are documented as obsolete. For instance, the java.util.Dictionary class is marked as obsolete, and new code should use java.util.Map<K,V> instead [[API 2006]].
Finally, several classes and methods impose particular limitations on their use. For instance, all of the subclasses of the abstract class java.text.Format are thread-unsafe. These classes must be avoided in multithreaded code. For more information about thread-safety, see rule TSM04-J. Document thread-safety and use annotations where applicable.
Obsolete Methods and Classes
The following methods and classes must not be used:
Class or Method |
Replacement |
Rule |
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
ERR06-J. Do not let code throw undeclared checked exceptions |
|
|
|
|
|
|
|
inherently unsafe |
|
|
inherently unsafe |
|
|
|
|
|
|
|
|
inherently unsafe |
|
JVM Profiler Interface (JVMPI) and JVM Debug Interface (JVMDI) |
JVM Tool Interface (JVMTI) |
ENV05-J. Do not deploy an application that can be remotely monitored |
Risk Assessment
Using deprecated or obsolete classes or methods in program code can lead to erroneous behavior.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MET02-J |
high |
likely |
medium |
P18 |
L1 |
Automated Detection
Detecting uses of deprecated methods is straightforward. Obsolete methods and thread-unsafe methods have no automatic means of detection.
Related Guidelines
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e886174a-662c-45e6-9bec-3981032f194e"><ac:plain-text-body><![CDATA[ |
[ISO/IEC TR 24772:2010 |
http://www.aitcnet.org/isai/] |
"Deprecated Language Features [MEM]" |
]]></ac:plain-text-body></ac:structured-macro> |
CWE ID 589, "Call to Non-ubiquitous API" |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="90b059ab-02ab-4694-8a00-24e909f973ac"><ac:plain-text-body><![CDATA[ |
[[API 2006 |
AA. Bibliography#API 06]] |
[Deprecated API |
http://java.sun.com/javase/6/docs/api/deprecated-list.html], [Dictionary |
http://download.oracle.com/javase/6/docs/api/java/util/Dictionary.html] |
]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5facec0c-9a75-485c-b3e2-d4fcc1726c32"><ac:plain-text-body><![CDATA[ |
[[SDN 2008 |
AA. Bibliography#SDN 08]] |
Bug database, [Bug ID 4264153 |
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4264153] |
]]></ac:plain-text-body></ac:structured-macro> |
MET01-J. Never use assertions to validate method parameters 05. Methods (MET)