Dead Code |
Weakness ID: 561 (Weakness Variant) | Status: Draft |
Description Summary
Extended Description
Dead code is source code that can never be executed in a running program. The surrounding code makes it impossible for a section of code to ever be executed.
Scope | Effect |
---|---|
Other | Dead code can lead to confusion during code maintenance and result in unrepaired vulnerabilities. |
Example 1
The condition for the second if statement is impossible to satisfy. It requires that the variables be non-null, while on the only path where s can be assigned a non-null value there is a return statement.
Example 2
In the following class, two private methods call each other, but since neither one is ever invoked from anywhere else, they are both dead code.
(In this case it is a good thing that the methods are dead: invoking either one would cause an infinite loop.)
Example 3
The field named glue is not used in the following class. The author of the class has accidentally put quotes around the field name, transforming it into a string constant.
Remove dead code before deploying the application. |
Use a static analysis tool to spot dead code. |
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 398 | Indicator of Poor Code Quality | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | ![]() | 747 | CERT C Secure Coding Section 49 - Miscellaneous (MSC) | Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734 |
ParentOf | ![]() | 570 | Expression is Always False | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 571 | Expression is Always True | Development Concepts (primary)699 Research Concepts (primary)1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
Anonymous Tool Vendor (under NDA) | |||
CERT C Secure Coding | MSC07-C | Detect and remove dead code |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
Anonymous Tool Vendor (under NDA) | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Potential Mitigations, Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Description, Relationships, Other Notes, Taxonomy Mappings | ||||
2008-11-24 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
2009-05-27 | CWE Content Team | MITRE | Internal | |
updated Demonstrative Examples | ||||
2009-07-27 | CWE Content Team | MITRE | Internal | |
updated Demonstrative Examples | ||||
2009-10-29 | CWE Content Team | MITRE | Internal | |
updated Common Consequences, Other Notes |