The software contains dead code, which can never be
executed.
Extended Description
Dead code is source code that can never be executed in a running program.
The surrounding code makes it impossible for a section of code to ever be
executed.
Time of Introduction
Implementation
Common Consequences
Scope
Effect
Other
Dead code can lead to confusion during code maintenance and result in
unrepaired vulnerabilities.
Demonstrative Examples
Example 1
The condition for the second if statement is impossible to satisfy.
It requires that the variables be non-null, while on the only path where s
can be assigned a non-null value there is a return statement.
(Bad Code)
C++
String s = null;
if (b) {
s = "Yes";
return;
}
if (s != null) {
Dead();
}
Example 2
In the following class, two private methods call each other, but
since neither one is ever invoked from anywhere else, they are both dead
code.
(Bad Code)
Java
public class DoubleDead {
private void doTweedledee() {
doTweedledumb();
}
private void doTweedledumb() {
doTweedledee();
}
public static void main(String[] args) {
System.out.println("running DoubleDead");
}
}
(In this case it is a good thing that the methods are dead: invoking
either one would cause an infinite loop.)
Example 3
The field named glue is not used in the following class. The author
of the class has accidentally put quotes around the field name, transforming
it into a string constant.
(Bad Code)
Java
public class Dead {
String glue;
public String getGlue() {
return "glue";
}
}
Potential Mitigations
Phase
Description
Remove dead code before deploying the application.
Description
