Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The presence of unused values may indicate significant logic errors. To prevent such errors, unused values should be identified and removed from code.

...

This recommendation is a specific case of MSC12-C. Detect and remove code that has no effect or is never executed.

Noncompliant Code Example

Wiki MarkupIn this example, {{p2}} is assigned the value returned by {{bar()}}, but that value is never used. Note this example assumes that {{foo()}} and {{bar()}} return valid pointers in compliance with \[[DCL30-C]\]pointers (see DCL30-C. Declare objects with appropriate storage durations).

Code Block
bgColor#FFCCCC
langc

int *p1,;
int *p2;
p1 = foo();
p2 = bar();

if (baz()) {
   return p1;
}
else {
    p2 = p1;
}
return p2;

Note this example assumes that the results of foo() and bar() are valid DCL30-C.

Compliant Solution

This example can be corrected corrected in many different ways, depending on the intent of the programmer. In this compliant solution, p2 is initialized to NULL rather than the result of bar()found to be extraneous. The calls to bar() and baz() can be removed if they do not produce any side effects.

Code Block
bgColor#ccccff
langc

int *p1, *p2;
p1 = foo();

p2/* =Removable NULL;

if(baz())
   return p1;
else
    p2 = p1;
return p2;

Risk Assessment

 bar() does not produce any side effects */
(void)bar();

/* Removable if baz() does not produce any side effects */
(void)baz();
return p1;

Exceptions

Anchor
MSC13-EX1
MSC13-EX1
MSC13-EX1: Initializing a variable with a default value, such as 0, which gets subsequently overwritten may be inefficient, but is less of a problem than reading an uninitialized value, as per EXP33-C. Do not read uninitialized memory.

Risk Assessment

Unused The presence of unused values may indicate significant logic errors.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC13-

A

1 (low)

1 (unlikely)

2 (medium)

C

Low

Unlikely

Medium

P2

L3

Automated Detection

...

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported, but no explicit checker
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.STRUCT.UUVAL

Unused value

Coverity

Include Page
Coverity_V
Coverity_V

UNUSED_VALUE

Finds variables that are assigned pointer values returned from a function call but never used

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C1500, C1502, C3203, C3205, C3206, C3207, C3229

DF2980, DF2981, DF2982, DF2983, DF2984, DF2985, DF2986


Klocwork
Include Page
Klocwork_V
Klocwork_V

LV_UNUSED.

...

GEN
VA_UNUSED.GEN
VA_UNUSED.INIT


LDRA tool suite
Include Page
LDRA_V
LDRA_V

1 D, 8 D, 105 D, 94 D, 15 D

Fully implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-MSC13-a

Avoid unnecessary local variables
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

438, 505, 529, 715, 838

Partially supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. MSC13-C


Checks for:

  • Unused parameter
  • Write without a further read

Rec. partially covered.

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V519, V596, V603, V714, V744, V751, V763, V1001, V5003
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S1854

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERTwebsite CERT website.

References

*Coverity 07 Section 6.1.20, "UNUSED_VALUE"

Related Guidelines

SEI CERT C++ Coding StandardVOID MSC13-CPP. Detect and remove unused values
ISO/IEC TR 24772Likely Incorrect Expressions [KOA]
Dead and Deactivated Code [XYQ]
Unused Variable [XYR]

Bibliography


...

Image Added Image Added Image AddedReferences
Coverity 07 Coverity Prevent? User's Manual (3.3.0) (2007).