SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 137

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 138

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: update parasoft
Note
titleDeprecated

This rule has been deprecated.  It has been merged with:

10/07/2014 -- Version 2.0

 


Code that is never executed is known as dead code. Typically, the presence of dead code indicates that a logic error has occurred as a result of changes to a program or the program's environment. Dead code is usually optimized out of a program during compilation. However, to improve readability and ensure that logic errors are resolved, dead code should be identified, understood, and eliminated.

...

The presence of dead code may indicate logic errors that can lead to unintended program behavior. The ways in which dead code can be introduced into a program and the effort required to remove it can be complex. As a result, resolving dead code can be an in-depth process requiring significant analysis.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC07-C

Low

Unlikely

Medium

P2

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

DIAG.UNEX.*
LANG.STRUCT.RC
LANG.STRUCT.UC

Code not exercised by analysis
Redundant condition
Unreachable {Call, Computation, Conditional, Control Flow, Data Flow}

Coverity

Include Page
Coverity_V
Coverity_V

DEADCODE


UNREACHABLE

Can detect the specific instance where code can never be reached because of a logical contradiction or a dead "default" in switch statement

Can detect the instances where code block is unreachable because of the syntactic structure of the code

GCC
Include Page
GCC_V
GCC_V
 


Can detect violations of this recommendation when the -Wunreachable-code flag is used

Klocwork
Include Page
Klocwork_V
Klocwork_V

LV_UNUSED
UNREACH.GEN
UNREACH.RETURN
UNREACH.SIZEOF
INVARIANT_CONDITION.UNREACH

 


LDRA tool suite
Include Page
LDRA_V
LDRA_V

1 J
139 S
140 S

Fully implemented

Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
MISRA2008
MISRA2004-
0
14_1_
{
a, MISRA2004-14_1_b, MISRA2004-14_1_c, MISRA2004-14_1_d, MISRA2004-14_1_e, MISRA2004-14_1_f, MISRA2004-14_1_g
}
, BD-PB-SWITCH
Fully implemented
Polyspace Bug FinderR2016a

Dead code

Missing case for switch condition

Unreachable code

Code does not execute

Default case is missing and may be reached

Code following control-flow statements

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

1501,1503,2008,2880,2881,2882,2883,2877,3196,

3202,3203,3205,3206,3207,3210,3219,3229,3404,

3422,3423,3425,3470,2980,2981,2982,2983,2984,2985,2986

Fully implemented
SonarQube C/C++ Plugin
 
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V

S1763, S1751

 


Splint
Include Page
Splint_V
Splint_V

 


Can detect violations of this recommendation when the -Wunreachable-code flag is used

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

CVE-2014-1266 results from a violation of this rule. There is a spurious goto fail statement on line 631 of sslKeyExchange.c. This goto statement gets executed unconditionally, even though it is indented as if it were part of the preceding if statement. As a result, the call to sslRawVerify() (which would perform the actual signature verification) becomes dead code.  [ImperialViolet 2014]

Related Guidelines

SEI CERT C++ Coding StandardVOID MSC07-CPP. Detect and remove dead code
ISO/IEC TR 24772Unspecified functionality [BVQ]
Dead and deactivated code [XYQ]
MISRA C:2012Rule 2.1 (required)
MITRE CWECWE-561, Dead code

Bibliography

[Fortify 2006]Code Quality, "Dead Code"

...


...