Page History

The presence of unused values may indicate significant logic errors. To prevent such errors, unused values should be identified and removed from code.

Non-Compliant Code Example

This recommendation is a specific case of MSC12-C. Detect and remove code that has no effect or is never executed.

Noncompliant Code Example

In this example, p2 is assigned the value returned by bar(), but that value is never used. Note this example assumes that foo() and bar() return valid pointers (see DCL30-C. Declare objects with appropriate storage durations) Wiki MarkupIn this example, {{p2}} is assigned the value returned by {{bar()}}, but that value is never used. Note this example assumes that {{foo()}} and {{bar()}} return valid pointers \[[DCL30-C|DCL30-C. Do not refer to an object outside of its lifetime]\].

Code Block

bgColor	#FFCCCC
lang	c


int *p1,;
int *p2;
p1 = foo();
p2 = bar();

if (baz()) {
   return p1;
}
else {
    p2 = p1;
}
return p2;

Compliant Solution

This example can be corrected corrected in many different ways, depending on the intent of the programmer. In this compliant solution, p2 is initialized to NULL rather than the result of bar()found to be extraneous. The call calls to bar() and baz() can be removed if bar() does if they do not produce any side - effects.

Code Block

bgColor	#ccccff
lang	c


int *p1, *p2;
p1 = foo();
p2 = NULL;
bar(); /* Removable if bar() does not haveproduce any side effects */
if(bazvoid)bar());

/* Removable if return p1;
else
    p2 = p1baz() does not produce any side effects */
(void)baz();
return p2p1;

Exceptions

Anchor

	MSC13-EX1
	MSC13-EX1

MSC13-EX1: Initializing a variable with a default value, such as 0, which gets subsequently overwritten may be inefficient, but is less of a problem than reading an uninitialized value, as per EXP33-C. Do not read uninitialized memory.

Risk Assessment

The presence of unused Unused values may indicate significant logic errors.

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
MSC13-

A

1 (low)

1 (unlikely)

2 (medium)

C

Low

Unlikely

Medium

P2

L3

Automated Detection

...

Tool
Version
Checker
Description
Astrée
Include Page
Astrée_V
Astrée_V

Supported, but no explicit checker
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.STRUCT.UUVAL
Unused value
Coverity
Include Page
Coverity_V
Coverity_V
UNUSED_VALUE
Finds variables that are assigned pointer values returned from a function call but never used
Helix QAC
Include Page
Helix QAC_V
Helix QAC_V
C1500, C1502, C3203, C3205, C3206, C3207, C3229
DF2980, DF2981, DF2982, DF2983, DF2984, DF2985, DF2986

Klocwork
Include Page
Klocwork_V
Klocwork_V
LV_UNUSED.
...
GEN
VA_UNUSED.GEN
VA_UNUSED.INIT

LDRA tool suite
Include Page
LDRA_V
LDRA_V
1 D, 8 D, 105 D, 94 D, 15 D
Fully implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-MSC13-a
Avoid unnecessary local variables
PC-lint Plus
Include Page
PC-lint Plus_V
PC-lint Plus_V
438, 505, 529, 715, 838
Partially supported
Polyspace Bug Finder
Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V
CERT C: Rec. MSC13-C

Checks for:
Unused parameter
Write without a further read
Rec. partially covered.
PVS-Studio
Include Page
PVS-Studio_V
PVS-Studio_V
V519, V596, V603, V714, V744, V751, V763, V1001, V5003
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S1854

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERTwebsite.

References

CERT website.

Related Guidelines

SEI CERT C++ Coding Standard	VOID MSC13-CPP. Detect and remove unused values
ISO/IEC TR 24772	Likely Incorrect Expressions [KOA] Dead and Deactivated Code [XYQ] Unused Variable [XYR]

Bibliography

[Coverity 2007]

...

Image Added Image Added Image Added Coverity 07 Coverity Prevent? User's Manual (3.3.0) (2007).

Space shortcuts

Page tree

Versions Compared

Old Version 10

New Version Current

Key