Code within a program that is never executed is known as dead code. The presence of dead code often indicates that a logic error has occurred. Typically, this error is an a result of changes to the program or the environment. Dead code is often identified and optimized out dead code during compilation. However, it should be identified, understood, and removed from a program's source code to improve readability and ensure that logic errors are resolved.
Non-Compliant Code Example
This example, inspired by Fortify demonstrates how dead code can be introduced into a program. Because s is set to NULL everything inside if (s) will never be executed. It requires that condition
from fortifysoftware:
ABSTRACT
This statement will never be executed.
EXPLANATION
The surrounding code makes it impossible for this statement to ever be executed.
Example: The condition for the second if statement is impossible to satisfy. It requires that the variable s be non-null, while on the only path where s can be assigned a non-null value there is a return statement.
String s = null;
if (b) {
s = "Yes";
return;
}
| Code Block |
|---|
int func(int condition) {
int *s = NULL;
if (condition) {
s = malloc(10);
if (s == NULL) {
/* Handle Error */
}
/* insert data into s */
return;
}
/* ... */
if (s) {
/* This statement is never reached */
}
}
|
...