SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 117

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 118

changes.mady.by.user Svyatoslav Razmyslov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
langc
int *p;
/* ... */
(*p)++;

 


Another possibility is that p is being used to reference a memory-mapped device. In this case, the variable p should be declared as volatile.

...

The presence of code that has no effect or is never executed can indicate logic errors that may result in unexpected behavior and vulnerabilities. Such code can be introduced into programs in a variety of ways and eliminating it can require significant analysis.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC12-C

Low

Unlikely

Medium

P2

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

unreachable-code

statement-sideeffect

Partially checked
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

DIAG.UNEX.*
LANG.STRUCT.EBS
LANG.STRUCT.RC
MISC.NOEFFECT
LANG.STRUCT.UC
LANG.STRUCT.UA
LANG.STRUCT.UULABEL
LANG.STRUCT.UUMACRO
LANG.STRUCT.UUPARAM
LANG.STRUCT.UUTAG
LANG.STRUCT.UUTYPE
LANG.STRUCT.UUVAR

Code not exercised by analysis
Empty branch statement checks
Redundant condition
Function call has no effect
Unreachable code checks
Useless assignment
Unused Label
Unused Macro
Unused Parameter
Unused Tag
Unused Type
Unused Variable

Coverity

Include Page
Coverity_V
Coverity_V

NO_EFFECT


DEADCODE

 

UNREACHABLE

Finds statements or expressions that do not accomplish anything or statements that perform an unintended action.

Can detect the specific instance where code can never be reached because of a logical contradiction or a dead "default" in switch statement

Can detect the instances where code block is unreachable because of the syntactic structure of the code

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.MSC12

Partially implemented

GCC

3.0

-Wunused-value
-Wunused-parameter

Options detect unused local variables, nonconstant static variables and unused function parameters, or unreachable code respectively.

Klocwork
Include Page
Klocwork_V
Klocwork_V

CWARN.NOEFFECT.SELF_ASSIGN
CWARN.NOEFFECT.UCMP.GE
CWARN.NOEFFECT.UCMP.GE.MACRO
CWARN.NOEFFECT.UCMP.LT
CWARN.NOEFFECT.UCMP.LT.MACRO
CWARN.NULLCHECK.FUNCNAME
EFFECT
INVARIANT_CONDITION.UNREACH
LA_UNUSED
MISRA.STMT.NO_EFFECT
UNREACH.GEN
UNREACH.RETURN
UNREACH.SIZEOF
VA_UNUSED.GEN
VA_UNUSED.INIT

 


LDRA tool suite
Include Page
LDRA_V
LDRA_V


8 D, 65 D, 105 D, I J, 139 S, 140 S, 57 S

Partially implemented

Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
MISRA2008-0_1_{a,b,c,d,e,f,g}, BD-PB-SWITCH
 

Polyspace Bug FinderR2016a

Dead code

Unreachable code

Use of memset with size argument zero

Code does not execute

Default case is missing and may be reached

Size argument of function in memset family is zero

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

3426, 3427, 3307, 3110, 3112, 3404, 1501, 1503, 2008, 2880, 2881, 2882, 2883, 2877, 3196, 3202, 3203, 3205, 3206, 3207, 3210, 3219, 3229, 3404, 3422, 3423, 3425, 3470, 2980, 2981, 2982, 2983, 2984, 2985, 2986

Partially implemented
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V

statement-sideeffect

Partially checked
SonarQube C/C++ Plugin
 
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S1764, S2589, S2583, S1116, S1172, S1763, S1862, S1065, S1656, S2754, S1751
 

Splint
Include Page
Splint_V
Splint_V

 -standard

The default mode checks for unreachable code.

PVS-Studio6.22V551, V606, V649, V779General analysis rule set

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

CVE-2014-1266 results from a violation of this rule. There is a spurious goto fail statement on line 631 of sslKeyExchange.c. This goto statement gets executed unconditionally, even though it is indented as if it were part of the preceding if statement. As a result, the call to sslRawVerify() (which would perform the actual signature verification) becomes dead code [ImperialViolet 2014].

Related Guidelines

SEI CERT C++ Coding StandardVOID MSC12-CPP. Detect and remove code that has no effect
ISO/IEC TR 24772Unspecified Functionality [BVQ]
Likely Incorrect Expressions [KOA]
Dead and Deactivated Code [XYQ]
MISRA C:2012Rule 2.2 (required)

Bibliography

 


[Fortify 2006]Code Quality, "Dead Code"
[Coverity 2007]
 

...

 




...