SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 87

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 88

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This recommendation is related to guideline MSC12-C. Detect and remove code that has no effect.

...

Wiki Markup
This noncompliant code example demonstrates how dead code can be introduced into a program \[[Fortify 062006|AA. Bibliography#Fortify 06]\]. The second conditional statement, {{if (s)}}, will never evaluate true because it requires that {{s}} not be assigned {{NULL}}, and the only path where {{s}} can be assigned a non\-{{NULL}} value ends with a return statement.

...

MSC07-EX1: In some situations, dead code may make software resilient to future changes. An example of this is adding a default case to a switch statement even when all possible switch labels are specified. (see See guideline MSC01-C. Strive for logical completeness for an illustration of this example). .)

MSC07-EX2: It is also permissible to temporarily remove code that may be needed later. (see See guideline MSC04-C. Use comments consistently and in a readable fashion for an illustration.).

Risk Assessment

The presence of dead code may indicate logic errors that can lead to unintended program behavior. The ways in which dead code can be introduced into a program and the effort required to remove it can be complex. As a result, resolving dead code can be an in-depth process requiring significant analysis.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC07-C

low

unlikely

medium

P2

L3

Automated Detection

The LDRA tool suite Version 7.6.0 can detect violations of this recommendation.

...

Tool

Version

Checker

Description

Section

LDRA tool suite

Include Page
c:LDRA_V
c:LDRA_V

 

 

Section

Splint

Include Page
c:Splint_V
c:Splint_V

 

Section

can detect violations of this recommendation

...

when the -Wunreachable-code flag is used

Section

GCC

Include Page
c:GCC_V
c:GCC_V

 

Section

can detect violations of this recommendation when the -Wunreachable-code flag is used

...

Section

Klocwork

Include Page
c:Klocwork_V
c:Klocwork_V
Section

LV_UNUSED.GEN

...

VA_UNUSED.*

...

UNREACH.*

...

 

Section

Coverity Prevent

Include Page
c:Coverity_V
c:Coverity_V
Section

DEADCODE

Section

can detect the specific instance where Code can never be reached because of a logical contradiction or a dead 'default' in switch statement

...

Section

Coverity Prevent

Include Page
c:Coverity_V
c:Coverity_V
Section

UNREACHABLE

Section

can detect the instances where Code block is unreachable because of the syntactic structure of the code

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : MSC07-CPP. Detect and remove dead code.

Bibliography

Wiki Markup
\[[Fortify 062006|AA. Bibliography#Fortify 06]\] Code Quality, "Dead Code"
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "BRS Leveraging human experience," "BVQ Unspecified Functionality," and "XYQ Dead and Deactivated Code"
\[[MISRA 042004|AA. Bibliography#MISRA 04]\] Rule 2.4
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 561|http://cwe.mitre.org/data/definitions/561.html], "Dead Code"

...