jdeprscan
You use the jdeprscan
tool as a static analysis tool that scans a jar file (or some other aggregation of class files) for uses of deprecated API elements.
Synopsis
jdeprscan [options] {dir|jar|class}
-
options
-
dir|jar|class
-
jdeprscan
command scans each argument for usages of deprecated APIs. The arguments can be a:-
dir
: Directory -
jar
: JAR file -
class
: Class name or class file
The class name should use a dot (
.
) as a separator. For example:java.lang.Thread
For nested classes, the dollar sign
$
separator character should be used. For example:java.lang.Thread$State
A class file can also be named. For example:
build/classes/java/lang/Thread$State.class
-
Description
The jdeprscan
tool is a static analysis tool provided by the JDK that scans a JAR file or some other aggregation of class files for uses of deprecated API elements. The jdeprscan
tool only identifies the deprecated APIs defined by Java SE. Deprecated APIs defined by third-party libraries aren’t reported.
To scan a JAR file or a set of class files, you must first ensure that all of the classes that the scanned classes depend upon are present in the class path. Set the class path using the --class-path
option described in Options for the jdeprscan Command. Typically, you would use the same class path as the one that you use when invoking your application.
If the jdeprscan
can’t find all the dependent classes, it will generate an error message for each class that's missing. These error messages are typically of the form:
error: cannot find class ...
If these errors occur, then you must adjust the class path so that it includes all dependent classes.
Options for the jdeprscan Command
The following options are available:
-
--class-path path
-
Provides a search path for resolution of dependent classes.
path
can be a search path that consists of one or more directories separated by the system-specific path separator. For example:-
Oracle Solaris, Linux, and macOS:
--class-path /some/directory:/another/different/dir
Note:
On Windows, use a semicolon (
;
) as the separator instead of a colon (:
).-
Windows:
--class-path \some\directory;\another\different\dir
-
-
--for-removal
-
Limits scanning or listing to APIs that are deprecated for removal. Can’t be used with a release value of 6, 7, or 8.
-
--full-version
-
Prints out the full version string of the tool.
-
--help
or—h
-
Prints out a full help message.
-
--list
or—l
-
Prints the set of deprecated APIs. No scanning is done, so no directory, jar, or class arguments should be provided.
-
--release 6|7|8|9|10|11
-
Specifies the Java SE release that provides the set of deprecated APIs for scanning.
-
--verbose
or—v
-
Enables additional message output during processing.
-
--version
-
Prints out the abbreviated version string of the tool.
Example of jdeprscan Output
The JAR file for this library will be named something similar to commons-math3-3.6.1.jar
. To scan this JAR file for the use of deprecated APIs, run the following command:
jdeprscan commons-math3-3.6.1.jar
This command produces several lines of output. For example, one line of output might be:
class org/apache/commons/math3/util/MathUtils uses deprecated method java/lang/Double::<init>(D)V
Note:
The class name is specified using the slash-separated binary name as described in JVMS 4.2.1. This is the form used internally in class files.
The deprecated API it uses is a method on the java.lang.Double
class.
The name of the deprecated method is <init>
, which is a special name that means that the method is actually a constructor. Another special name is <clinit>
, which indicates a class static initializer.
Other methods are listed just by their method name. Following the method name is the argument list and return type:
(D)V
This indicates that it takes just one double value (a primitive) and returns void. The argument and return types can become cryptic. For example, another line of output might be:
class org/apache/commons/math3/util/Precision uses deprecated method java/math/BigDecimal::setScale(II)Ljava/math/BigDecimal;
In this line of output, the deprecated method is on class java.math.BigDecimal
, and the method is setScale()
. In this case, the (II)
means that it takes two int
arguments. The Ljava/math/BigDecimal;
after the parentheses means that it returns a reference to java.math.BigDecimal
.
jdeprscan Analysis Can Be Version-Specific
You can use jdeprscan
relative to the previous three JDK releases. For example, if you are running JDK 9, then you can check against JDK 8, 7, and 6.
public class Deprecations {
SecurityManager sm = new RMISecurityManager(); // deprecated in 8
Boolean b2 = new Boolean(true); // deprecated in 9
}
The complete class compiles without warnings in JDK 7.If you run jdeprscan
on a system with JDK 9, then you see:
$ jdeprscan --class-path classes --release 7 example.Deprecations
(no output)
jdeprscan
with a release value of 8:$ jdeprscan --class-path classes --release 8 example.Deprecations
class example/Deprecations uses type java/rmi/RMISecurityManager deprecated
class example/Deprecations uses method in type java/rmi/RMISecurityManager deprecated
jdeprscan
on JDK 9:$ jdeprscan --class-path classes example.Deprecations
class example/Deprecations uses type java/rmi/RMISecurityManager deprecated
class example/Deprecations uses method in type java/rmi/RMISecurityManager deprecated
class example/Deprecations uses method java/lang/Boolean <init> (Z)V deprecated