CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.1)  
Search by ID:

CWE-561: Dead Code

Individual Definition in a New Window
Dead Code
Status: Draft
Weakness ID: 561 (Weakness Variant)
Description
Summary

The software contains dead code, which can never be executed.

Extended Description

Dead code is source code that can never be executed in a running program. The surrounding code makes it impossible for a section of code to ever be executed.

Potential Mitigations

Remove dead code before deploying the application.

Use a static analysis tool to spot dead code.

Demonstrative Examples
Example 1:

The condition for the second if statement is impossible to satisfy. It requires that the variables be non-null, while on the only path where s can be assigned a non-null value there is a return statement.

String s = null;
if (b) {
s = "Yes";
return;
}
 
if (s != null) {
Dead();
}
Example 2:

In the following class, two private methods call each other, but since neither one is ever invoked from anywhere else, they are both dead code.

public class DoubleDead {
private void doTweedledee() {
doTweedledumb();
}
private void doTweedledumb() {
doTweedledee();
}
public static void main(String[] args) {
System.out.println("running DoubleDead");
}
}

(In this case it is a good thing that the methods are dead: invoking either one would cause an infinite loop.)

Example 3:

The field named glue is not used in the following class. The author of the class has accidentally put quotes around the field name, transforming it into a string constant.

public class Dead {
String glue;
 
public String getGlue() {
return "glue";
}
}
Other Notes

Dead code can lead to confusion during code maintenance and result in unrepaired vulnerabilities.

Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness ClassWeakness Class398Indicator of Poor Code Quality
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory747CERT C Secure Coding Section 49 - Miscellaneous (MSC)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ParentOfWeakness VariantWeakness VariantWeakness Variant570Expression is Always False
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness VariantWeakness Variant571Expression is Always True
Development Concepts (primary)699
Research Concepts (primary)1000
Taxonomy Mappings
Mapped Taxonomy NameNode IDMapped Node Name
Anonymous Tool Vendor (under NDA)  
CERT C Secure CodingMSC07-CDetect and remove dead code
Time of Introduction
* Implementation
Content History
Submissions
Anonymous Tool Vendor (under NDA). (Externally Mined)
Modifications
Eric Dalci. Cigital. 2008-07-01. (External)
updated Potential_Mitigations, Time_of_Introduction
CWE Content Team. MITRE. 2008-09-08. (Internal)
updated Description, Relationships, Other_Notes, Taxonomy_Mappings
CWE Content Team. MITRE. 2008-11-24. (Internal)
updated Relationships, Taxonomy_Mappings
Page Last Updated: November 24, 2008