The presence of unused values may indicate significant logic errors. To prevent such errors, unused values should be identified and removed from code.
This recommendation is a specific case of \[[MSC12-AC. Detect and remove code that has no effect]\]effect or is never executed. Wiki Markup
...
Noncompliant Code Example
In this example, {{ Wiki Markup p2
}} is assigned the value returned by {{bar()
}}, but that value is never used. Note this example assumes that {{foo()
}} and {{bar()
}} return valid pointers (see \[[DCL30-C. Declare objects with appropriate storage durations]\]).
Code Block | ||||
---|---|---|---|---|
| ||||
int *p1,; int *p2; p1 = foo(); p2 = bar(); if (baz()) { return p1; } else { p2 = p1; } return p2; |
Compliant Solution
This example can be corrected corrected in many different ways, depending on the intent of the programmer. In this compliant solution, p2
is found to be extraneous. The calls to bar()
and baz()
can be removed if they do not produce any side - effects.
Code Block | ||||
---|---|---|---|---|
| ||||
int *p1 = foo(); bar(); /* Removable if bar() does not produce any side- effects */ baz(void)bar(); /* Removable if baz() does not produce any side- effects */ (void)baz(); return p1; |
Exceptions
Anchor | ||||
---|---|---|---|---|
|
Risk Assessment
Unused values may indicate significant logic errors, possibly resulting in a denial of service condition.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC13- |
C |
Low |
Unlikely |
Medium | P2 | L3 |
Automated Detection
...
The LDRA tool suite V 7.6.0 is able to detect violations of this recommendation.
...
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported, but no explicit checker | |||||||
CodeSonar |
| LANG.STRUCT.UUVAL | Unused value | ||||||
| UNUSED_VALUE | Finds variables that are assigned pointer values returned from a function call but never used | |||||||
Helix QAC |
| C1500, C1502, C3203, C3205, C3206, C3207, C3229 DF2980, DF2981, DF2982, DF2983, DF2984, DF2985, DF2986 | |||||||
Klocwork |
| LV_UNUSED.GEN | |||||||
LDRA tool suite |
| 1 D, 8 D, 105 D, 94 D, 15 D | Fully implemented | ||||||
Parasoft C/C++test |
| CERT_C-MSC13-a | Avoid unnecessary local variables | ||||||
PC-lint Plus |
| 438, 505, 529, 715, 838 | Partially supported | ||||||
Polyspace Bug Finder |
| Checks for:
Rec. partially covered. | |||||||
PVS-Studio |
| V519, V596, V603, V714, V744, V751, V763, V1001, V5003 | |||||||
SonarQube C/C++ Plugin |
| S1854 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
Wiki Markup |
---|
\[[Coverity 07\|AA. C References#Coverity 07]\]
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "BRS Leveraging human experience," "KOA Likely incorrect expressions," and "XYQ Dead and Deactivated Code" |
Related Guidelines
SEI CERT C++ Coding Standard | VOID MSC13-CPP. Detect and remove unused values |
ISO/IEC TR 24772 | Likely Incorrect Expressions [KOA] Dead and Deactivated Code [XYQ] Unused Variable [XYR] |
Bibliography
...
MSC12-A. Detect and remove code that has no effect 13. Miscellaneous (MSC) MSC14-A. Do not introduce unnecessary platform dependencies