Unreachable Code


Unreachable code is a program code fragment which is never executed.

Don't mix it up with dead code which is, unlike unreachable code, a code fragment that can be executed but whose result is never used in any other computation.

Presence of unreachable code in a program is determined by a number of factors. These fragments often contain random computations looking very similar to executable code. Since unreachable code is never executed, it only adds to the size of the program but does not cause performance losses. However, its presence may indicate a logic error. The common task of detecting fragments of unreachable code is algorithmically unsolvable. But most errors related to unreachable code are very plain and can be detected by the compiler or specialized utilities. Static code analysis, being based on various heuristic methods, can be used to find fragments of unreachable code.

Below are a few simple examples of unreachable code.

Example 1:

int func(int a)
{
   int b = a*2;
   return b;

   // Unreachable code
   if (b < 10)
   {
        b += 10;
   }
   return b;
}

The condition 'b<10' in this sample will never be executed, since it stands below the unconditional return operator. Since the condition 'b<10' can never be executed, the variable 'b' will also never be incremented by 10.

Example 2:

vector<string> vec;
while (true)
{
   vec.push_back("abc");

   if (vec.size() > 25)
   {
       return 0;
   }
}

// Unreachable code
vec.pop_back();

The infinite loop in this sample fills the 'vec' container with the string "abc". As the container's size exceeds 25, the return operator will be called to immediately terminate the function and bring control back to the return point. Due to this, the last item of the 'vec' container will never be removed.

Example 3:

tStatus = TGetFirstLayerItem (pContext, DBX_LAYER_MULTI, pLayerItem);
...
if (DBX_LAYER_MULTI && tStatus == DBX_OK)
{
    // Writing styles
}

In this sample, the list of project styles will never be written because the condition (DBX_LAYER_MULTI && tStatus == DBX_OK) is always false. It contains the DBX_LAYER_MULTI constant which equals zero.

Example 4:

typedef unsigned short wint_t;

void lexungetc(wint_t c) {
  if (c < 0)
    return;
  ....
}

The condition 'c<0' here is always false because 'c' is unsigned.

Such bugs are most efficient to diagnose by static code analysis tools at the earlier stage of software development.

Unreachable code is often exploited in practice. For instance, blocks "if (false)" can be used to disable certain code fragments. It allows preserving obsolete or incomplete code which can be later included into the program. Disabled code will be maintained through refactoring means, which will simplify issues associated with inclusion of such fragments into the project when it is needed. An "if (false)" block can also be used for the purpose of step-by-step debugging by returning the current program execution point into it. While doing so, you can use this block to perform some computations or output certain data which you may need later for debugging. Thus, you can keep code fragments which will never be called by the program itself but which may come in handy for debugging purposes.

References


Bugs Found

Checked Projects
336
Collected Errors
12 743