SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 4

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor edits

...

The presence of unused values in code may indicate significant logic errors. To prevent such errors, unused values should be identified and removed from code.

Noncompliant Code Example (

...

Dead Code)

This noncompliant code example demonstrates how dead code can be introduced into a program [Fortify 06]. 

Code Block
bgColor#FFCCCC
public int func(boolean condition) {
    int x = 0;
    if (condition) {
        x = foo();
        /* Process x */
        return x;
    }
    /* ... */
    if (x != 0) {
        /* This code is never executed */
    }
    return x;
}

The condition in the second conditional if statement, if (x != 0), will never evaluate to true because the only path where x can be assigned a non-zero value ends with a return statement.

...

Code Block
bgColor#ccccff
int func(int condition) {
    int x = 0;
    if (condition) {
        x = foo();
        /* Process x */
    }
    /* ... */
    if (x != 0) {
        /* This code is now executed */
    }
    return 0;
}

Noncompliant Code Example (

...

Dead Code)

In this example, the length() function is used to limit the number of times the function string_loop() will iterate. The conditional condition of the if statement inside the loop evaluates to true when the current index is the length of str. However, because str.length() is not i is always strictly less than str.length(), that will never happen.

...

Code Block
bgColor#ccccff
public int string_loop(String str) {
  for (int i=0; i < str.length(); i++) {
    /* ... */
    if (i==str.length()-1) {
      /* This code is now executed */
    }
  }
  return 0;
}

Noncompliant Code Example (

...

Code with no

...

Effect)

In this noncompliant code example, the comparison of s to t has no effect.

...

Code Block
bgColor#ccccff
String s;
String t;

// ...

if (s.equals(t)) {
  System.out.println("Strings equal");
} else {
  System.out.println("Strings unequal");
}

Noncompliant Code Example (

...

Unused Values)

In this example, p2 is assigned the value returned by bar(), but that value is never used.

...

The presence of dead code may indicate logic errors that can lead to unintended program behavior. The ways in which dead code can be introduced into a program and the effort required to remove it can be complex. As a result, resolving dead code can be an in-depth process requiring significant analysis.

In some exceptional situations, dead code may make software resilient to future changes. An example of this is the presence of a default case in a switch statement even though all possible switch labels are specified (see MSC60-JG. Strive for logical completeness for an illustration of this example).

...

The presence of code that has no effect can indicate logic errors that may result in unexpected behavior and vulnerabilities.

Unused values in code may indicate significant logic errors.

Code and values that has have no effect can be detected by suitable static analysis.Unused values in code may indicate significant logic errors.

Related Guidelines

ISO/IEC PDTR 24772"BRS Leveraging human experience," "BVQ Unspecified Functionality," and "XYQ Dead and Deactivated Code"
MITRE 07CWE ID 561, "Dead Code"
[MISRA 04]Rule 2.4
ISO/IEC PDTR 24772 "BRS Leveraging human experience," "BVQ Unspecified Functionality," "KOA Likely incorrect expressions," and "XYQ Dead and Deactivated Code"
ISO/IEC PDTR 24772
"BRS Leveraging Human Experience," "KOA Likely Incorrect Expressions," "XYQ Dead and Deactivated Code," and "XYR Unused Variable"

...