SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 125

changes.mady.by.user Michal Rozenau

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
langc
int func(int condition) {
    char *s = NULL;
    if (condition) {
        s = (char *)malloc(10);
        if (s == NULL) {
           /* Handle Error */
        }
        /* Process s */
        return 0;
    }
    /* ...Code that doesn't touch s */
    if (s) {
        /* This code is unreachable */
    }
    return 0;
}

...

Code Block
bgColor#ccccff
langc
int func(int condition) {
    char *s = NULL;
    if (condition) {
        s = (char *)malloc(10);
        if (s == NULL) {
           /* Handle error */
        }
        /* Process s */
    }
    /* ... Code that doesn't touch s */
    if (s) {
        /* This code is now reachable */
    }
    return 0;
}

...

Code Block
bgColor#FFCCCC
langc
int s_loop(char *s) {
    size_t i;
    size_t len = strlen(s);
    for (i=0; i < len; i++) {
        /* ... Code that doesn't change s, i, or len */
	  if (s[i] == '\0') {
	    /* This code is never reached */
      }
    }
    return 0;
}

...

Code Block
bgColor#ccccff
langc
int s_loop(char *s) {
    size_t i;
    size_t len = strlen(s);
    for (i=0; i < len; i++) {
        /* ... */
	  Code that doesn't change s, i, or len */
	  if (s[i+1] == '\0') {
	    /* This code is now reached */
      }
    }
    return 0;
}

...

Code Block
bgColor#FFCCCC
langc
if (param == 1)
   openWindow();
 else if (param == 2)
   closeWindow();
 else if (param == 1) /* Duplicated condition */
   moveWindowToTheBackground();

Note that duplicating a condition violates this guideline only if the duplicate conditions always behave similarly...see a compliant solution below for a condition that is textually a duplicate but behaves differently.

Compliant Solution (if/else if)

...

Code Block
bgColor#ccccff
langc
if (param == 1)
   openWindow();
 else if (param == 2)
   closeWindow();
 else if (param == 3)
   moveWindowToTheBackground();

Compliant Solution (Conditional Side-Effects)

This code does not violate this recommendation, because even though the conditions are textually identical, they have different side effects, because the getc()  function advances the stream marker.

Code Block
bgColor#ccccff
langc
if (getc() == ':')
   readMoreInput();
 else if (getc() == ':')
   readMoreInput();
 else if (getc() == ':')
   readMoreInput();

Noncompliant Code Example (logical operatorsNoncompliant Code Example (logical operators)

Using the same subexpression on either side of a logical operator is almost always a mistake.  In this noncompliant code example, the rightmost subexpression of the controlling expression of each if statement has no effect.  

...

Recommendation

Severity

Likelihood

Detectable

Remediation CostRepairable

Priority

Level

MSC12-C

Low

Unlikely

No

MediumYes

P2

L3

Automated Detection

Partially UCUUVARUseless assignment Label Macro Parameter Tag Type
Unused Variableabcdefgh and Partially implemented

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

dead-assignment
dead-initializer
expression-result-unused
redundant-operation
unreachable-code
unreachable-code-after-jump
unused-function
statement-sideeffect

Supported + partially checked
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

DIAG.UNEX.*
LANG.STRUCT.EBS
LANG.STRUCT.RC
MISC.NOEFFECT
LANG.STRUCT.ALIGNAS.

EZA
LANG.STRUCT.UA
LANG.STRUCT.UC
LANG.STRUCT.UULABEL
LANG.STRUCT.UUMACRO
LANG.STRUCT.UUPARAM
LANG.STRUCT.UUTAG
LANG.STRUCT.UUTYPE
LANG.STRUCT.UUVAR
PARSE.

DBNR

Code not exercised by analysis
Empty branch statement checks
Redundant condition
Function call has no effect
Explicit zero alignment
Useless assignment
Unreachable code checks

Unused label
Unused

macro
Unused

parameter
Unused

tag
Unused

type
Unused

variable
Declared but not referenced

Coverity

Include Page
Coverity_V
Coverity_V

NO_EFFECT

 

DEADCODE

 

UNREACHABLE

Finds statements or expressions that do not accomplish anything or statements that perform an unintended action.

Can detect the specific instance where code can never be reached because of a logical contradiction or a dead "default" in switch statement

Can detect the instances where code block is unreachable because of the syntactic structure of the code

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.MSC12

Partially implemented

GCC

3.0

-Wunused-value
-Wunused-parameter

Options detect unused local variables, nonconstant static variables and unused function parameters, or unreachable code respectively.and unused function parameters, or unreachable code respectively.

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C3110, C3112, C3307, C3404, C3426, C3427


Klocwork
Include Page
Klocwork_V
Klocwork_V
CWARN.NOEFFECT.SELF_ASSIGN
CWARN.NOEFFECT.UCMP.GE
CWARN.NOEFFECT.UCMP.GE.MACRO
CWARN.NOEFFECT.UCMP.LT
CWARN.NOEFFECT.UCMP.LT.MACRO
CWARN.NULLCHECK.FUNCNAME
EFFECT
INVARIANT_CONDITION.UNREACH
LA_UNUSED
MISRA.STMT.NO_EFFECT
UNREACH.GEN
UNREACH.RETURN
UNREACH.SIZEOF
UNREACH.ENUM
LA_UNUSED
VA_UNUSED.GEN
VA_UNUSED.INIT
INVARIANT_CONDITION.UNREACH


LDRA tool suite
Include Page
LDRA_V
LDRA_V

 

8 D, 65 D, 105 D, I J, 139 S, 140 S, 57 S

Partially implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V_V

CERT_C-MSC12-a
CERT_C-MSC12-b
CERT_C-MSC12-c
CERT_C-MSC12-

d
CERT_C-MSC12-

e
CERT_C-MSC12-

f
CERT_C-MSC12-

g
CERT_C-MSC12-

h
CERT_C-MSC12-

i
CERT_C-MSC12-

j
CERT_C-MSC12-

k

There shall be no unreachable code in "else" block
There shall be no unreachable code after 'return', 'break', 'continue',

'goto', 'throw' statements, and after calls to functions with the 'noreturn' attribute
There shall be no unreachable code in "if/else/while/for" block
There shall be no unreachable code in switch statement
There shall be no unreachable code in 'for' loop
There shall be no unreachable code after 'if' or 'switch' statement
There shall be no unreachable code after "if" or "switch" statement inside while/for/do...while loop
Avoid switch with unreachable branches

Polyspace Bug FinderR2016a

Dead code

Unreachable code

Use of memset with size argument zero

Code does not execute

Default case is missing and may be reached

Size argument of function in memset family is zero

Avoid unreachable methods
Avoid conditions that always evaluate to the same value
All non-null statements shall either have at least one side-effect however executed or cause control flow to change

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

438, 474, 505, 522, 523,
527, 528, 529, 563, 612,
714, 715, 719, 749, 750,
751, 752, 753, 754, 755,
756, 757, 758, 768, 769,
774, 827, 838, 1972

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. MSC12-C


Checks for:

  • Unreachable code
  • Dead code

Rec. partially covered.

PRQA QA-C
Include Page
PRQA QA-C_vPRQA QA-C_v

3426, 3427, 3307, 3110, 3112, 3404, 1501, 1503, 2008, 2880, 2881, 2882, 2883, 2877, 3196, 3202, 3203, 3205, 3206, 3207, 3210, 3219, 3229, 3404, 3422, 3423, 3425, 3470, 2980, 2981, 2982, 2983, 2984, 2985, 2986

RuleChecker
Include Page
RuleChecker_V
RuleChecker_V

dead-assignment
dead-initializer
expression-result-unused
redundant-operation
unreachable-code-after-jump
unused-function
statement-sideeffect

Partially checked
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

CPtr

Fully implemented
SonarQube C/C++ Plugin
 
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S1764, S2589, S2583, S1116, S1172, S1763, S1862, S1065, S1656, S2754, S1751
Splint
Include Page
Splint_V
Splint_V

 -standard

The default mode checks for unreachable code.

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V551, V606, V649, V779

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...