...
Noncompliant Code Example
The following compliant code examples show mixed comments that may be misunderstood:
...
There are other misuses of comments that should be avoided. The following This noncompliant code example uses the character sequence /* to begin a comment but neglects to use the delimiter */ to end the comment. Consequently, the call to the security-critical method is not executed. A reviewer examining this page could incorrectly assume that the code is executed.
...
Using an editor that provides syntax highlighting or that formats the code to identify issues like such as missing end comment delimiters can help detect accidental omissions.
...
Compliant Solution
This compliant solution demonstrates the recommended way to mark code as "dead." It also takes advantage of the compiler's ability to remove unreachable (dead) code. The code inside the if block must remain acceptable to the compilerbe syntactically correct. If other parts of the program later change in a way that would cause syntax errors, the unexecuted code must be brought up to date to correct the problem. Then, if it is needed again in the future, all the programmer must do is need only remove the surrounding if statement and the NOTREACHED comment.
...
| Code Block | ||
|---|---|---|
| ||
if (false) { /* Use of critical security method no
* longer necessary, for now */
/* NOTREACHED */
security_critical_method();
/* Some other comment */
}
|
This is an instance example of an exceptional situation described in 63. Detect and remove superfluous code and values.
...
Nested block comments and inconsistent use of comments could be detected by suitable static analysis tools.
Bibliography
...