SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 101

changes.mady.by.user Pranjal Jumde

Saved on

compared with

New Version 102

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This noncompliant code example demonstrates how dead code can be introduced into a program [Fortify 2006]. The second conditional statement, if (s), will never evaluate true because it requires that s not be assigned NULL, and the only path where s can be assigned a non-NULL value ends with a return statement.

...

Anchor
MSC07-EX1
MSC07-EX1
MSC07-EX1: In some situations, seemingly dead code may make software resilient. An example is the default label in a switch statement whose controlling expression has an enumerated type and that specifies labels for all enumerations of the type. (See MSC01-C. Strive for logical completeness.) Because valid values of an enumerated type include all those of its underlying integer type, unless enumeration constants are provided for all those values, the default label is appropriate and necessary.

...

Anchor
MSC07-EX2
MSC07-EX2
MSC07-EX2: It is also permissible to temporarily remove code that may be needed later. (See MSC04-C. Use comments consistently and in a readable fashion for an illustration.)

Risk Assessment

...

Tool

Version

Checker

Description

LDRA tool suite

Include Page
LDRA_V
LDRA_V

1 J
139 S
140 S

Fully implemented.

Splint

Include Page
Splint_V
Splint_V

 

Can detect violations of this recommendation when the -Wunreachable-code flag is used.

GCC

Include Page
GCC_V
GCC_V

 

Can detect violations of this recommendation when the -Wunreachable-code flag is used.

Klocwork

Include Page
Klocwork_V
Klocwork_V

LV_UNUSED.GEN VA_UNUSED.* UNREACH.*

 

Coverity

Include Page
Coverity_V
Coverity_V

DEADCODE

Can detect the specific instance where code can never be reached because of a logical contradiction or a dead "default" in switch statement.

Coverity

Include Page
Coverity_V
Coverity_V

UNREACHABLE

Can detect the instances where code block is unreachable because of the syntactic structure of the code.

PRQA QA-C
Include Page
PRQA_V
PRQA_V
 

0689

2008

3110

3112

3196

3201

3202

3203

3205

3206

3207

3210

3219 .

3229

3307

3328

3355

3356

3357

3358

3359

3360

3404

3422

3423

3425

3426

3427

3470

Fully implemented

Related Vulnerabilities

...

CERT C++ Secure Coding Standard: MSC07-CPP. Detect and remove dead code

ISO/IEC TR 24772 "BRS Leveraging human experience," "BVQ Unspecified functionality," and "XYQ Dead and deactivated code"

MISRA Rule 2.4

MITRE CWE: CWE-561, "Dead code"

Sources

[Fortify 2006] Code Quality, "Dead code"

...