VA_UNUSED.GEN

Value is never used after assignment

The VA_UNUSED.GEN checker finds values assigned to local variables that are never used before the next assignment or the end of the function.

Vulnerability and risk

Unused variable values can indicate that

• an incorrect variable may be used later in the code
• there are significant logic errors or other problems with the code

Vulnerable code example

1
2
3
4
5
6
  int foo(){
    int i;
    i = f();
    i = g();
    return i;
  }

Klocwork flags line 3, indicating that 'i' is initialized with value returned from function f(), but the value is never used.

Related checkers

• VA_UNUSED.INIT

External guidance

• CERT MSC12-C: Detect and remove code that has no effect or is never executed
• CERT MSC13-C: Detect and remove unused values
• CWE-561: Dead Code
• STIG-ID: APP3050 Inactive code and libraries not removed