SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 75

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 76

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

The presence of unused values may indicate significant logic errors. To prevent such errors, unused values should be identified and removed from code.

This recommendation is a specific case of MSC12-C. Detect and remove code that has no effect.

Noncompliant Code Example

In this example, p2 is assigned the value returned by bar(), but that value is never used. Note this example assumes that foo() and bar() return valid pointers. (See DCL30-C. Declare objects with appropriate storage durations.)

Code Block
bgColor#FFCCCC
langc
int *p1;
int *p2;
p1 = foo();
p2 = bar();

if (baz()) {
  return p1;
}
else {
  p2 = p1;
}
return p2;

Compliant Solution

This example can be corrected in many different ways, depending on the intent of the programmer. In this compliant solution, p2 is found to be extraneous. The calls to bar() and baz() can be removed if they do not produce any side effects.

Code Block
bgColor#ccccff
langc
int *p1 = foo();

/* Removable if bar() does not produce any side effects */
(void)bar();

/* Removable if baz() does not produce any side effects */
(void)baz();
return p1;

Risk Assessment

Unused values may indicate significant logic errors.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC13-C

Low

Unlikely

Medium

P2

L3

Automated Detection

Tool

Version

Checker

Description

Coverity

Include Page
Coverity_V
Coverity_V

UNUSED_VALUE

Finds variables that are assigned pointer values returned from a function call but never used

Klocwork

Include Page
Klocwork_V
Klocwork_V

 

Can detect violations of this rule with a number of checkers

LDRA tool suite

Include Page
LDRA_V
LDRA_V

1 D
70 D
94 D
15 D

Fully implemented

PRQA QA-C
Include Page
PRQA_V
PRQA_V

3195
3197
3198
3199

Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding StandardMSC13-CPP. Detect and remove unused values
ISO/IEC TR 24772Likely Incorrect Expressions [KOA]
Dead and Deactivated Code [XYQ]
Unused Variable [XYR]

Bibliography

[Coverity 2007]