The presence of unused variables may indicate significant logic errors. To prevent such errors, unused values should be identified and removed from code.
Code that is never executed is known as dead code. Typically, the presence of dead code indicates that a logic error has occurred as a result of changes to a program or the program's environment. To improve readability and ensure that logic errors are resolved, dead code should be identified, understood, and eliminated.
Noncompliant Code Example
...
This noncompliant code example contains a variable $new_name that is initialized , but never subsequently read.
| Code Block | ||||
|---|---|---|---|---|
| ||||
sub fix_name {
my $name = shift;
my $new_name = $name;
$name =~ s/^([a-z])/\U$1\E/g;
$name =~ s/ ([a-z])/ \U$1\E/g;
return $name;
}
|
Compliant Solution
This compliant solution eliminates the unused variable
| Code Block | ||||
|---|---|---|---|---|
| ||||
sub fix_name {
my $name = shift;
$name =~ s/^([a-z])/\U$1\E/g;
$name =~ s/ ([a-z])/ \U$1\E/g;
return $name;
}
|
Noncompliant Code Example (Dead Code)
This noncompliant code example contains code that cannot possibly execute.
| Code Block | ||||
|---|---|---|---|---|
| ||||
sub fix_name { my $name = shift; if ($name eq "") { return $name; } $name =~ s/^([a-z])/\U$1\E/g; $name =~ s/ ([a-z])/ \U$1\E/g; if (length( $name) == 0) { die "Invalid name"; # cannot happen } return $name; } |
Compliant Solution
This compliant solution makes the dead code reachable.
| Code Block | |
|---|---|
| bgColor | #ccccff | perl |
sub fix_name {
my $name = shift;
$name =~ s/^([a-z])/\U$1\E/g;
$name =~ s/ ([a-z])/ \U$1\E/g;
if (length( $name) == 0) {
die "Invalid name"; # cannot happen
}
return $name;
}
|
Risk Assessment
The presence of unused variables or dead code may indicate logic errors that can lead to unintended program behavior. As a result, resolving unused variables and dead code can be an in-depth process requiring significant analysis.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC01-PL | low Low | unlikely Unlikely | high High | P1 L1 | L3 |
Automated Detection
Tool | Diagnostic |
|---|---|
Perl::Critic | Variables::ProhibitUnusedVariables |
Related Guidelines
...
...
...
...
...
CERT C Secure Coding Standard: MSC07-C. Detect and remove dead code
...
Automated Detection
Tool | Diagnostic |
|---|---|
Perl::Critic | Subroutines::ProhibitUnusedPrivateSubroutines |
Perl::Critic | Variables::ProhibitUnusedVariables |
Bibliography
...
...
| [ |
|---|
...
...
...
...
|http://search.cpan.org/dist/Perl-Critic/lib/Perl/Critic/Policy/Variables/ProhibitUnusedVariables.pm]EXP30-PL. Do not use deprecated or obsolete functions 02. Expressions