Note | ||
---|---|---|
| ||
This rule has been deprecated. It has been merged with: 10/07/2014 -- Version 2.0
|
Code that is never executed is known as dead code. Typically, the presence of dead code indicates that a logic error has occurred as a result of changes to a program or the program's environment. Dead code is usually optimized out of a program during compilation. However, to improve readability and ensure that logic errors are resolved, dead code should be identified, understood, and eliminated.
...
The presence of dead code may indicate logic errors that can lead to unintended program behavior. The ways in which dead code can be introduced into a program and the effort required to remove it can be complex. As a result, resolving dead code can be an in-depth process requiring significant analysis.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC07-C | Low | Unlikely | Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| dead-assignemnt dead-initializer | Partially checked and soundly supported. | ||||||
CodeSonar |
| DIAG.UNEX.* | Code not exercised by analysis | ||||||
| DEADCODE
| Can detect the specific instance where code can never be reached because of a logical contradiction or a dead "default" in Can detect the instances where code block is unreachable because of the syntactic structure of the code | |||||||
GCC |
|
Can detect violations of this recommendation when the | |||||||||
Helix QAC |
| C1501, C1503, C2008, C2877, C2880, C2881, C2882, C2883,C3202, C3203, C3205, C3206, C3207, C3210, C3219, C3229, C3404, C3422, C3423, C3425, C3470 DF2877, DF2880, DF2881, DF2882, DF2883, DF2980, DF2981, DF2982, DF2983, DF2984, DF2985, DF2986 | |||||||
Klocwork |
|
LA_UNUSED |
|
ENUM INVARIANT_CONDITION.UNREACH | |||||||||
LDRA tool suite |
| 1 J | Fully implemented | ||||||
Parasoft C/C++test |
| CERT_C-MSC07-a | There shall be no unreachable code in "else" block | |||||||
Polyspace Bug Finder |
| CERT C: Rule MSC07-C | Checks for: |
Missing case for switch condition
Unreachable code
|
RuleChecker |
|
1501,1503,2008,2880,2881,2882,2883,2877,3196,
3202,3203,3205,3206,3207,3210,3219,3229,3404,
3422,3423,3425,3470,2980,2981,2982,2983,2984,2985,2986
| dead-assignemnt | Partially checked | |||||
SonarQube C/C++ Plugin |
| S1763, S1751 |
Splint |
|
Can detect violations of this recommendation when the |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
CVE-2014-1266 results from a violation of this rule. There is a spurious goto fail
statement on line 631 of sslKeyExchange.c. This goto
statement gets executed unconditionally, even though it is indented as if it were part of the preceding if
statement. As a result, the call to sslRawVerify()
(which would perform the actual signature verification) becomes dead code. [ImperialViolet 2014]
Related Guidelines
SEI CERT C++ Coding Standard | VOID MSC07-CPP. Detect and remove dead code |
ISO/IEC TR 24772 | Unspecified functionality [BVQ] Dead and deactivated code [XYQ] |
MISRA C:2012 | Rule 2.1 (required) |
MITRE CWE | CWE-561, Dead code |
Bibliography
[Fortify 2006] | Code Quality, "Dead Code" |
...
...