Start copying here:

End copying here.

When having unreachable code it allows programs to be vulnerable to attacks and threat, as discovered "Understanding the Origins of Mobile App Vulnerabilities: A Large-scale Measurement Study of Free and Paid Apps".

Thus when creating new libraries or functions...

1. Be wary when using and placement of statements such as break, continue, and return, as they're indicators that segments of code are at risk of being unreachable; as stated by "Case-Based Reasoning Research and Development: 24th International Conference".  
2.  

Noncompliant Code Example

This noncompliant code example shows an a line of code that is unreachable. 

int x = 1;
 
if (x == 1){
	return x;
	x += 1; // Code here is unreachable, never executed 
}

Any code following the return statement will never get executed thus created errors and bugs in the program.

Compliant Solution

In this compliant solution with reachable code.

int x = 1;

if (x == 1){
	x += 1;
	return x; 
}

Exceptions

Risk Assessment

Summary of risk assessment.

Automated Detection

Tools are available online, such as ProGuard, that help clean up code by removing unused statements that may have been a result of code being unreachable.

Related Vulnerabilities

Hyperlink black-font text "the CERT website" below, with URL as follows: https://www.kb.cert.org/vulnotes/bymetric?searchview&query=FIELD+KEYWORDS+contains+<RULE_ID>

In the URL example above, <RULE_ID> should be substituted by this CERT guideline ID (e.g., INT31-C). Then, remove this purple-font paragraph.

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Fill in the table below with at least one entry row, per these instructions, then remove this purple-font section.

Bibliography