Code that is executed but does not perform any action, or has an unintended effect, most likely results from a coding error and can cause unexpected behavior. Statements or expressions that have no effect should be identified and removed from code. Most modern compilers, in many cases, can warn about code that has no effect. (See MSC00-C. Compile cleanly at high warning levels.)
This recommendation is related to MSC07-C. Detect and remove dead code.
Noncompliant Code Example (Assignment)
In this noncompliant code example, the comparison of a to b has no effect.
| Code Block | ||||
|---|---|---|---|---|
| ||||
int a; int b; /* ... */ a == b; |
This code is likely a case of the programmer mistakenly using the equals operator == instead of the assignment operator =.
Compliant Solution (Assignment)
The assignment of b to a is now properly performed.
| Code Block | ||||
|---|---|---|---|---|
| ||||
int a; int b; /* ... */ a = b; |
Noncompliant Code Example (Dereference)
In this example, a pointer increment and then a dereference occur. However, the dereference has no effect.
| Code Block | ||||
|---|---|---|---|---|
| ||||
int *p; /* ... */ *p++; |
Compliant Solution (Dereference)
Correcting this example depends on the intent of the programmer. For instance, if dereferencing p was a mistake, then p should not be dereferenced.
| Code Block | ||||
|---|---|---|---|---|
| ||||
int *p; /* ... */ p++; |
If the intent was to increment the value referred to by p, then parentheses can be used to ensure p is dereferenced and then incremented. (See EXP00-C. Use parentheses for precedence of operation.)
| Code Block | ||||
|---|---|---|---|---|
| ||||
int *p; /* ... */ (*p)++; |
Compliant Solution (Memory-Mapped Devices)
Another possibility is that p is being used to reference a memory-mapped device. In this case, the variable p should be declared as volatile.
| Code Block | ||||
|---|---|---|---|---|
| ||||
volatile int *p; /* ... */ (void) *p++; |
Risk Assessment
The presence of code that has no effect can indicate logic errors that may result in unexpected behavior and vulnerabilities.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC12-C | low | unlikely | medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| NO_EFFECT | Finds statements or expressions that do not accomplish anything or statements that perform an unintended action. | |||||||
| noeffect | Partially implemented. | |||||||
GCC | 3.0 | Options detect unused local variables or nonconstant static variables and unused function parameters, respectively. | |||||||
| EFFECT |
| |||||||
| 65 D | Fully implemented. | |||||||
| PRQA QA-C |
| 3110 | Partially implemented. | ||||||
Splint |
|
|
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| CERT C++ Secure Coding Standard | MSC12-CPP. Detect and remove code that has no effect |
| ISO/IEC TR 24772 | Leveraging Human Experience [BRS] Unspecified Functionality [BVQ] Likely Incorrect Expressions [KOA] Dead and Deactivated Code [XYQ] |
| MISRA-C | Rule 14.1 Rule 14.2 |
Bibliography