Code that is executed but does not perform any action, or has an unintended effect, most likely results from a coding error and can result in unexpected behavior. Statements or expressions that have no effect should be identified and removed from code. Most modern compilers can warn about code that has no effect in many cases. (See guideline [MSC00-C. Compile cleanly at high warning levels.)

This recommendation is related to guideline MSC07-C. Detect and remove dead code.

Noncompliant Code Example (Assignment)

In this noncompliant code example, the comparison of a to b has no effect.

int a;
int b;
/* ... */
a == b;

This is likely a case of the programmer mistakenly using the equals operator == instead of the assignment operator =.

Compliant Solution (Assignment)

The assignment of b to a is now properly performed.

int a;
int b;
/* ... */
a = b;

Noncompliant Code Example (Dereference)

In this example, a pointer increment and then a dereference occurs. However, the dereference has no effect.

int *p;
/* ... */
*p++;

Compliant Solution (Dereference)

Correcting this example depends on the intent of the programmer. For instance, if dereferencing p was a mistake, then p should not be dereferenced.

int *p;
/* ... */
p++;

If the intent was to increment the value referred to by p, then parentheses can be used to ensure p is dereferenced and then incremented. (See guideline EXP00-C. Use parentheses for precedence of operation.)

int *p;
/* ... */
(*p)++;

Compliant Solution (Memory Mapped Devices)

Another possibility is that p is being used to reference a memory-mapped device. In this case, the variable p should be declared as volatile.

volatile int *p;
/* ... */
(void) *p++;

Risk Assessment

The presence of code that has no effect can indicate logic errors that may result in unexpected behavior and vulnerabilities.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC12-C

low

unlikely

medium

P2

L3

Automated Detection

Tool

Version

Checker

Description

Coverity Prevent

NO_EFFECT

finds statements or expressions that do not accomplish anything, or statements that perform an unintended action

GCC

-Wunused-value and -Wunused-parameter

 

Klocwork

EFFECT

 

LDRA tool suite

 

 

Splint

 

 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard: MSC12-CPP. Detect and remove code that has no effect
CERT Oracle Secure Coding Standard for Java: MSC17-J. Detect and remove dead code
ISO/IEC TR 24772: "BRS Leveraging human experience," "BVQ Unspecified Functionality," "KOA Likely incorrect expressions," and "XYQ Dead and Deactivated Code"
MISRA C 2004: Rule 14.1 and Rule 14.2

Bibliography

\[[Coverity 2007|AA. Bibliography#Coverity 07]\]

      49. Miscellaneous (MSC)