Tracking Uses of Deprecated Code Using Architectures


Use Understand’s Architecture graphs and Dependency Browser to

  1. Isolate and identify obsolete/deprecated code
  2. Visually show where your other code depends on it
  3. When the time comes to fix the uses, visit each use for inspection or cleanup.


The first rule of being in a hole is to stop digging. So when you decide it’s time to not use a library or a particular set of functions any longer, the first step is to identify where you are using the undesired code, and the second step is to stop adding new uses.

For purposes of this example, I’m going to use the Apache server source code – it’s one of the pre-built Understand sample projects.

Everybody knows that sprintf() is not secure to use. So I searched for it and didn’t find any uses of it… but I did find some home-brewed versions, which I’m going to treat as if they have the same security issues as the more better known stdlib versions.

The possibly offending functions, that I want to eventually replace with more secure versions are: ap_fprintf(), ap_fputstrs(), etag_uint64_to_hex().

What are Architectures?

Put simply… they are names given to code. They can be hierarchical, or just a name like a tag. We are going to put a “tag” into an existing hierarchical architecture based on the Directory structure of the source code.

We are going to “tag” each function we want to stop using as an architecture called “Don’t Use Anymore“.

Add a New Architecture called “Don’t Use Anymore”

I’m going to add a new Architecture Node to one I built for an earlier article called “Directory+Human”:

then I find the offending functions and add them to this architecture:

I can do this from any place I see the functions’ names, for instance in the source code. For simplicity I found them using the Entity Filter.

I end up with this change to my architecture “Directory+Human”:

See who is using functions in “Don’t Use Anymore” in the Dependency Graph

Now I need to see who is using these functions, as a group. This is super simple – just choose “Graphs->Dependency Graphs->Directory+Human”.

I circled the uses in green by hand to highlight where to look.

This shows me that there are 3 uses in modules and 2 uses in server. Nice. To make it a little clearer I can right-click on Don’t Use Anymore and choose “Highlight Edges In” and the architectures using the deprecated code are clearer:

For a little more details, just double click on Don’t Use Anymore and the internal nodes will be shown and paths to them highlighted as well.

When it’s time to clean them up…

When the time comes to remove these dependencies or to visit and see what might be involved in removing them we can easily visit them in the Dependency Browser.

To load this up just right-click anywhere you see “Don’t Use Anymore” and choose “View Dependencies”.

This brings up the Dependency Browser, where you can visit each use of the deprecated code.

See all the references. Visit and learn. Or visit and clean up.


Remember… if in a hole, stop digging! Using Understand Architectures to identify and track uses of code you want to stop using, helps you know if you are digging deeper, and also makes it easy to visit each use and start getting out of the hole.