You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 94 Next »

Never use deprecated fields, methods, or classes in new code. Java also provides a @deprecated annotation to indicate the deprecation of specific fields, methods, and classes. For example, many methods of java.util.Date, such as Date.getYear(), have been explicitly deprecated. Rule THI05-J. Do not use Thread.stop() to terminate threads describes issues that can result from using the deprecated Thread.stop() method.

 

The Java SE documentation provides a list of deprecated APIs for each version of the language:

You should use the list of deprecated functions specific to the language version you are using, although it may also be possible to avoid the use of APIs that are deprecated in later versions as well if suitable alternatives are available.

Obsolete fields, methods, and classes should not be used. Java lacks any annotation that indicates obsolescence; nevertheless, several classes and methods are documented as obsolete. For instance, the java.util.Dictionary<K,V> class is marked as obsolete; new code should use java.util.Map<K,V> instead [API 2006].

Obsolete Methods and Classes

The following methods and classes must not be used:

Class or Method

Replacement

Rule

java.lang.Character.isJavaLetter()

java.lang.Character.isJavaIdentifierStart()

 

java.lang.Character.isJavaLetterOrDigit()

java.lang.Character.isJavaIdentifierPart()

 

java.lang.Character.isSpace()

java.lang.Character.isWhitespace()

 

java.lang.Class.newInstance()

java.lang.reflect.Constructor.newInstance()

ERR06-J. Do not throw undeclared checked exceptions

java.util.Date (many methods)

java.util.Calendar

 

java.util.Dictionary<K,V>

java.util.Map<K,V>

 

java.util.Properties.save()

java.util.Properties.store()

 

java.lang.Thread.run()

java.lang.Thread.start()

THI00-J. Do not invoke Thread.run()

java.lang.Thread.stop()

java.lang.Thread.interrupt()

THI05-J. Do not use Thread.stop() to terminate threads

java.lang.ThreadGroup (many methods)

java.util.concurrent.Executor

THI01-J. Do not invoke ThreadGroup methods

The Java Virtual Machine (JVM) Profiler Interface (JVMPI) and JVM Debug Interface (JVMDI) are also deprecated and have been replaced by the JVM Tool Interface (JVMTI). See rule ENV05-J. Do not deploy an application that can be remotely monitored for more information.

Risk Assessment

Using deprecated or obsolete classes or methods in program code can lead to erroneous behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MET02-J

Low

Unlikely

Medium

P2

L3

Automated Detection

Detecting uses of deprecated methods is straightforward. Obsolete methods have no automatic means of detection.

Related Guidelines

ISO/IEC TR 24772:2010

Deprecated language features [MEM]

MITRE CWE

CWE-589. Call to non-ubiquitous API

Android Implementation Details

The Android SDK also has deprecated or obsolete APIs. Also, there may exist incompatible APIs depending on the SDK version. Therefore, it is recommended that developers refer to the "Android API Difference report" and consider replacing the deprecated APIs.

Bibliography

 


      06. Methods (MET)      

 

 

  • No labels