You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 103 Next »

The presence of unused values may indicate significant logic errors. To prevent such errors, unused values should be identified and removed from code.

This recommendation is a specific case of MSC12-C. Detect and remove code that has no effect or is never executed.

Noncompliant Code Example

In this example, p2 is assigned the value returned by bar(), but that value is never used. Note this example assumes that foo() and bar() return valid pointers (see DCL30-C. Declare objects with appropriate storage durations).

int *p1;
int *p2;
p1 = foo();
p2 = bar();

if (baz()) {
  return p1;
}
else {
  p2 = p1;
}
return p2;

Compliant Solution

This example can be corrected in many different ways, depending on the intent of the programmer. In this compliant solution, p2 is found to be extraneous. The calls to bar() and baz() can be removed if they do not produce any side effects.

int *p1 = foo();

/* Removable if bar() does not produce any side effects */
(void)bar();

/* Removable if baz() does not produce any side effects */
(void)baz();
return p1;

Exceptions

MSC13-EX1: Initializing a variable with a default value, such as 0, which gets subsequently overwritten may be inefficient, but is less of a problem than reading an uninitialized value, as per EXP33-C. Do not read uninitialized memory.

Risk Assessment

Unused values may indicate significant logic errors.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC13-C

Low

Unlikely

Medium

P2

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
24.04

Supported, but no explicit checker
CodeSonar
8.1p0

LANG.STRUCT.UUVAL

Unused value

Coverity

2017.07

UNUSED_VALUE

Finds variables that are assigned pointer values returned from a function call but never used

Klocwork
2024.3

LV_UNUSED.GEN
VA_UNUSED.GEN
VA_UNUSED.INIT


LDRA tool suite
9.7.1

1 D, 8 D, 105 D, 94 D, 15 D

Fully implemented

Parasoft C/C++test
2023.1

CERT_C-MSC13-a

Avoid unnecessary local variables
Polyspace Bug Finder

R2024a

Unused parameter

Write without a further read

Function prototype has parameters not read or written in function body

Variable never read after assignment

PRQA QA-C
Unable to render {include} The included page could not be found.

1500, 1502, 2980, 2981, 2982,

2983, 2984, 2985, 2986, 3203,

3205, 3206, 3207, 3229

Fully implemented
PVS-Studio

7.33

V519, V596, V603, V714, V744, V751, V763, V1001
SonarQube C/C++ Plugin
3.11
S1854

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID MSC13-CPP. Detect and remove unused values
ISO/IEC TR 24772Likely Incorrect Expressions [KOA]
Dead and Deactivated Code [XYQ]
Unused Variable [XYR]

Bibliography



  • No labels