...
This recommendation is a specific case of MSC12-C. Detect and remove code that has no effect or is never executed.
Noncompliant Code Example
In this example, p2
is assigned the value returned by bar()
, but that value is never used. Note this example assumes that foo()
and bar()
return valid pointers . (See see DCL30-C. Declare objects with appropriate storage durations).)
Code Block | ||||
---|---|---|---|---|
| ||||
int *p1; int *p2; p1 = foo(); p2 = bar(); if (baz()) { return p1; } else { p2 = p1; } return p2; |
...
Code Block | ||||
---|---|---|---|---|
| ||||
int *p1 = foo(); /* Removable if bar() does not produce any side effects */ (void)bar(); /* Removable if baz() does not produce any side effects */ (void)baz(); return p1; |
Exceptions
Anchor | ||||
---|---|---|---|---|
|
Risk Assessment
Unused values may indicate significant logic errors.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC13-C |
Low |
Unlikely |
Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported, but no explicit checker | |||||||
CodeSonar |
| LANG.STRUCT.UUVAL | Unused value | ||||||
| UNUSED_VALUE | Finds variables that are assigned pointer values returned from a function call but never used | |||||||
Helix QAC |
| C1500, C1502, C3203, C3205, C3206, C3207, C3229 DF2980, DF2981, DF2982, DF2983, DF2984, DF2985, DF2986 | |||||||
Klocwork |
|
LV_UNUSED.GEN | ||||||||
LDRA tool suite |
| 1 |
70 D
D, 8 D, 105 D, 94 D |
, 15 D | Fully implemented |
3195
3197
3198
3199
Parasoft C/C++test |
| CERT_C-MSC13-a | Avoid unnecessary local variables | ||||||
PC-lint Plus |
| 438, 505, 529, 715, 838 | Partially supported | ||||||
Polyspace Bug Finder |
| Checks for:
Rec. partially covered. | |||||||
PVS-Studio |
| V519, V596, V603, V714, V744, V751, V763, V1001, V5003 | |||||||
SonarQube C/C++ Plugin |
| S1854 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ |
Coding Standard | VOID MSC13-CPP. Detect and remove unused values |
ISO/IEC TR 24772 | Likely Incorrect Expressions [KOA] Dead and Deactivated Code [XYQ] Unused Variable [XYR] |
Bibliography
...
...