kotlin:S1874 False positives on some List methods with Java 21

GeorgEchterling · December 1, 2023, 4:20pm

SonarQube sometimes reports deprecation warnings (kotlin:S1874) for List methods that aren’t deprecated.

Kotlin’s List<T>.first() extension method.
Java’s List.removeLast() method.

This happened immediately after I upgraded the project’s JVM toolchain from Java 17 to 21. The methods aren’t deprecated in Java 21.

Weirdly, not all occurrences of these method calls are being reported. F.e. myGenericList.first() got reported, but myString.split('-', limit = 2).first() didn’t. (Where myGenericListhas the type List<T> with T : Any.)

SonarQube: 9.9.2 (not sure about the deployment type)
Gradle Plugin: 4.4.1.3373
Gradle: 8.5
Kotlin: 1.9.21
Java: 21

Marco_Kaufmann · December 8, 2023, 1:49pm

Hi Georg!

I can’t reproduce your problem. Neither of both examples triggers S1874 for me. I’m using the same toolchain version as you, except for SonarQube 9.9.3 (but I don’t think that makes the difference). Maybe can you provide me with some more information? (i.e., your build script and a minimal source file in which the problem occurs).

This is my minimal setup in which I couldn’t observe the described effect:

Main.kt:

// Unused import to get at least one report in SQ
import java.awt.ActiveEvent;

fun <T: Any>foo(myGenericList: List<T>): T {
    return myGenericList.first()
}

fun bar(myString: String): String {
    return myString.split('-', limit = 2).first();
}

build.gradle.kts:

import org.jetbrains.kotlin.gradle.tasks.KotlinCompile

plugins {
    kotlin("jvm") version "1.9.21"
    id("org.sonarqube") version "4.4.1.3373"
}

group = "org.example"
version = "1.0-SNAPSHOT"

repositories {
    mavenCentral()
}

java {
    toolchain {
        languageVersion = JavaLanguageVersion.of(21)
    }
}

tasks.withType<KotlinCompile> {
    kotlinOptions.jvmTarget = "21"
}

Best,
Marco

GeorgEchterling · December 11, 2023, 1:56pm

Hi Marco,

I’ve directly copied your minimal setup into a fresh, empty project. The issue also appears there. (In foo. bar isn’t affected.) The only other files in the project are gradle.properties with the Sonar URL and project key, settings.gradle.kts with the root project name, and the Gradle Wrapper files.

We’ve also updated SonarQube to version 9.9.3, but that didn’t change anything.

(The analysis warning in the screenshot is just because the test project has no SCM provider.)

In case it’s relevant: I’m using the Java 21.0.1 distribution from Temurin.

Please let me know if I can provide more information.

Marco_Kaufmann · December 11, 2023, 4:44pm

This is strange. Maybe could you provide me also with the gradle.properties and settings.gradle.kts? These and Temurin should now be the only three differences between my and your setup. I’ll try these too and then get back to you.

I’m just asking for completeness to rule out any other causes for this behavior: you are using the Gradle wrapper when doing the analysis, i.e., ./gradlew, not gradle , right?

GeorgEchterling · December 12, 2023, 7:54am

Yes, I’m using ./gradlew sonar with the Gradle Wrapper 8.5.

settings.gradle.kts

rootProject.name = "sonar-kotlin-s1874"

gradle.properties

# SonarScanner configuration.
systemProp.sonar.projectKey=test-sonar-kotlin-s1874
systemProp.sonar.host.url=https://(internal url)

GeorgEchterling · December 12, 2023, 8:40am

I’ve tested a bit more. The issue appears when I execute ./gradlew using Java 21, but not when I execute it using Java 17. The configured toolchain doesn’t matter.

I.e. I can change 21 to 17 in build.gradle.kts and the issue still appears. But if I change my shell’s default Java version to 17 (using SDKMAN!'s sdk use java 17.0.9-tem), the issue disappears, even if the Gradle Java toolchain still uses Java 21.

I’ve also tried a different vendor (sdk use java 21.0.1-zulu), but the issue still appears.

Margarita_Nedzelska · February 16, 2024, 2:19pm

I think this is related to the fact that Kotlin analyzer doesn’t consider your “compile-time” Java version and takes the runtime one.

There’s a ticket to take a proper Java version into account here:

https://sonarsource.atlassian.net/browse/SONARKT-270

Note: the deprecation rule in Kotlin is based on the Compiler warning, so this means that the rule itself should work correctly but there might indeed be misconfiguration.

Let’s wait till the ticket is fixed, and then get back to us if the issue is still there.

Best,
Margarita

arek · August 8, 2025, 8:26am

Is there any workaround or fix for this issue?

SonarQube Server Developer Edition v2025.1.3 (110580)

SonarQube Plugin 6.1.0.5360

Gradle 8.11.1

Kotlin 2.1.10

jvmToolchain(21)

compileOptions {
  sourceCompatibility 21
  targetCompatibility 21
}

Still has the same issue:

fun foo(bars: List<Bar>) {
  bars.first().spam
       ~~~~~~~
       Deprecated code should not be used.
}

ganncamp · August 8, 2025, 11:16am

Hi @arek,

Welcome to the community!

The Jira ticket linked above is still in Open status. Feel free to keep an eye on it in future to follow the status.

Ann

arek · August 8, 2025, 1:12pm

Thanks for the reply. Actually I tried viewing that, but I get an error:

Try a different account. [your-email] doesn’t have access to Jira on sonarsource.atlassian.net.

ganncamp · August 8, 2025, 1:24pm

Hi,

That project got moved to private.

The ticket is still Open.

Ann

Godin · August 13, 2025, 9:38am

Hello @arek and others in this thread,

This particular rule in our analyzer comes directly from the Kotlin compiler diagnostic.

And the issue with it is reproducible in SonarQube Server version 9.9.3 (where our Kotlin analyzer is based on Kotlin compiler version 1.7.10) exactly as was earlier described by topic starter @GeorgEchterling

Based on our investigations this relates to the following issue in the Kotlin compiler itself - see https://youtrack.jetbrains.com/issue/KT-65235/JDK-21-might-lead-to-change-in-overloads-resolution which claims to be fixed in 2.0.0-RC1, 1.9.24

And we can see that this issue does not appear after following the same steps with

SonarQube Server Developer Edition v2025.1.3

where our Kotlin analyzer is based on Kotlin compiler version 2.0.21

Unfortunately, your example

fun foo(bars: List<Bar>) {
  bars.first().spam
       ~~~~~~~
       Deprecated code should not be used.
}

does not allow us to reproduce it either.

So we consider that original issue reported here was fixed.

@GeorgEchterling could you please also check that the issue is fixed for you after the SonarQube upgrade to at least current LTA version 2025.1 ?

@arek maybe you’re facing something different or under different conditions, but to investigate we need you to provide complete example (eg project in GitHub) that we can use to reproduce the issue - once you can provide it, please create a new thread, providing the example and all the necessary details to reproduce it.

Regards,
Evgeny

Topic		Replies	Views
SonarLint 7.2.1.58118 incorrectly claims unncessary import in Kotlin IntelliJ Platform kotlin , bug	2	528	December 22, 2022
After upgrading SonarJava plugin to 5.8 (15699) Sonar can't analyze class anymore (guava issue) SonarQube Server / Community Build java	21	6572	November 5, 2018
Support `@Suppress` for the sonarqube kotlin analyzer Suggest new features kotlin , sonarqube	16	6169	October 14, 2020
Which is the alternative property of SonarQube gradle property ''language" which is deprecated? SonarQube Server / Community Build sonarqube	14	9713	July 9, 2018
Wrong Deprecation warning bug for java:S1874 Report False-positive / False-negative... java , intellij , sonarqube-ide	3	3043	November 8, 2021

kotlin:S1874 False positives on some List methods with Java 21

Related topics