View Source

The presence of unused variables may indicate significant logic errors. To prevent such errors, unused values should be identified and removed from code.

Code that is never executed is known as dead code. Typically, the presence of dead code indicates that a logic error has occurred as a result of changes to a program or the program's environment. To improve readability and ensure that logic errors are resolved, dead code should be identified, understood, and eliminated.

Noncompliant Code Example (Unused Variables)

This noncompliant code example contains a variable $new_name that is initialized, but never subsequently read.

sub fix_name {
  my $name = shift;
  my $new_name = $name;

  $name =~ s/^([a-z])/\U$1\E/g;
  $name =~ s/ ([a-z])/ \U$1\E/g;
  return $name;
}

Compliant Solution

This compliant solution eliminates the unused variable

sub fix_name {
  my $name = shift;

  $name =~ s/^([a-z])/\U$1\E/g;
  $name =~ s/ ([a-z])/ \U$1\E/g;
  return $name;
}

Noncompliant Code Example (Dead Code)

This noncompliant code example contains code that cannot possibly execute.

sub fix_name {
  my $name = shift;

  if ($name eq "") {
    return $name;
  }
  $name =~ s/^([a-z])/\U$1\E/g;
  $name =~ s/ ([a-z])/ \U$1\E/g;
  if (length( $name) == 0) {
    die "Invalid name";  # cannot happen
  }
  return $name;
}

Compliant Solution

This compliant solution makes the dead code reachable.

sub fix_name {
  my $name = shift;

  $name =~ s/^([a-z])/\U$1\E/g;
  $name =~ s/ ([a-z])/ \U$1\E/g;
  if (length( $name) == 0) {
    die "Invalid name";  # cannot happen
  }
  return $name;
}

Risk Assessment

The presence of unused variables or dead code may indicate logic errors that can lead to unintended program behavior. As a result, resolving unused variables and dead code can be an in-depth process requiring significant analysis.

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
MSC01-PL	low	unlikely	high	P1	L1

Related Guidelines

CERT C Secure Coding Standard: MSC13-C. Detect and remove unused values

CERT C++ Secure Coding Standard: MSC13-CPP. Detect and remove unused values

CERT C Secure Coding Standard: MSC07-C. Detect and remove dead code

CERT C++ Secure Coding Standard: MSC07-CPP. Detect and remove dead code

Automated Detection

Tool	Diagnostic
Perl::Critic	Subroutines::ProhibitUnusedPrivateSubroutines
Perl::Critic	Variables::ProhibitUnusedVariables

Bibliography

\[[CPAN|AA. Bibliography#CPAN]\] [Elliot Shank, Perl-Critic-1.116|http://search.cpan.org/~elliotjs/Perl-Critic-1.116/] [Subroutines::ProhibitUnusedPrivateSubroutines|http://search.cpan.org/dist/Perl-Critic/lib/Perl/Critic/Policy/Subroutines/ProhibitUnusedPrivateSubroutines.pm], [Variables::ProhibitUnusedVariables|http://search.cpan.org/dist/Perl-Critic/lib/Perl/Critic/Policy/Variables/ProhibitUnusedVariables.pm]

EXP30-PL. Do not use deprecated or obsolete functions 02. Expressions