You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Code that is never executed is known as dead code. Typically, the presence of dead code indicates that a logic error has occurred as a result of changes to a program over time. Dead code is usually optimized out of a program during compilation. However, to improve readability and ensure that logic errors are resolved dead code should be identified, understood, and removed from a program.

Non-Compliant Code Example

This example, inspired by Fortify demonstrates how dead code can be introduced into a program. The second conditional statement, if (s) may never evaluate true because it requires that s not be assigned NULL. However, the only path where s can be assigned a non-NULL value ends with a return statement.

int func(int condition) {
    int *s = NULL;
    if (condition) {
        s = malloc(10);
        if (s == NULL) {
           /* Handle Error */
        }
        /* insert data into s */
        return 0;
    }
    /* ... */
    if (s) {
        /* This code is never reached */
    }
}

Compliant Solution

/* */

Risk Assessment

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

 

 

 

 

 

 

References

  • No labels