The presence of unused values may indicate significant logic errors. To prevent such errors, unused values should be identified and removed from code.
This recommendation is a specific case of MSC12-C. Detect and remove code that has no effect or is never executed.
Noncompliant Code Example
In this example, p2
is assigned the value returned by bar()
, but that value is never used. Note this example assumes that foo()
and bar()
return valid pointers (see DCL30-C. Declare objects with appropriate storage durations).
int *p1; int *p2; p1 = foo(); p2 = bar(); if (baz()) { return p1; } else { p2 = p1; } return p2;
Compliant Solution
This example can be corrected in many different ways, depending on the intent of the programmer. In this compliant solution, p2
is found to be extraneous. The calls to bar()
and baz()
can be removed if they do not produce any side effects.
int *p1 = foo(); /* Removable if bar() does not produce any side effects */ (void)bar(); /* Removable if baz() does not produce any side effects */ (void)baz(); return p1;
Exceptions
MSC13-EX1: Initializing a variable with a default value, such as 0, which gets subsequently overwritten may be inefficient, but is less of a problem than reading an uninitialized value, as per EXP33-C. Do not read uninitialized memory.
Risk Assessment
Unused values may indicate significant logic errors.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC13-C | Low | Unlikely | Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description |
---|---|---|---|
Astrée | 24.04 | Supported, but no explicit checker | |
CodeSonar | 8.1p0 | LANG.STRUCT.UUVAL | Unused value |
2017.07 | UNUSED_VALUE | Finds variables that are assigned pointer values returned from a function call but never used | |
Helix QAC | 2024.3 | C1500, C1502, C2980, C2981, C2982, C2983, C2984, C2985, C2986, C3203, C3205, C3206, C3207, C3229 | |
Klocwork | 2024.3 | ||
LDRA tool suite | 9.7.1 | 1 D, 8 D, 105 D, 94 D, 15 D | Fully implemented |
Parasoft C/C++test | 2023.1 | CERT_C-MSC13-a | Avoid unnecessary local variables |
PC-lint Plus | 1.4 | 438, 505, 529, 715, 838 | Partially supported |
Polyspace Bug Finder | R2024a | Checks for:
Rec. partially covered. | |
PRQA QA-C | Unable to render {include} The included page could not be found. | 2980, 2981, 2982, 2983, 2984, 2985, 2986, 3203, 3205, 3206, 3207, 3229, 1500, 1502 | Fully implemented |
PVS-Studio | 7.33 | V519, V596, V603, V714, V744, V751, V763, V1001 | |
SonarQube C/C++ Plugin | 3.11 | S1854 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | VOID MSC13-CPP. Detect and remove unused values |
ISO/IEC TR 24772 | Likely Incorrect Expressions [KOA] Dead and Deactivated Code [XYQ] Unused Variable [XYR] |