UNUSED.FUNC.GEN
Unused function
Function defined but not used.
Vulnerability and risk
A defined but unused function can have few implications. It can lead to development confusion such as the wrong function having similar name being called. In some rare occasions the unused function may also find its way to the final executable which may lead to other vulnerabilities. This checker is mostly concerned about static functions that are not used. By definition static functions cannot be called from outside of the translation unit (unless they are inside a header file and included in multiple translation units).
Vulnerable code example 1
static void used() {}
static void unused() {}
int main() {
used();
return 0;
}In the above code snippet the function "unused()" is defined as static but never used within the current translation unit; hence should be removed. Klocwork produces UNUSED.FUNC.GEN on line 2 alerting the developer.
Fixed code example 1
static void used() {}
int main() {
used();
return 0;
}In order to fix the issue the function “unused()” is simply removed from the file.
Vulnerable code example 2
static void foo(int x) {}
static void foo(int x, int y) {}
int main() {
foo(0,0);
return 0;
}Similar idea but in the context of overloaded functions. Klocwork produces UNUSED.FUNC.GEN on line 1.
Fixed code example 2
static void used(int x, int y) {}
int main() {
used(0,0);
return 0;
}The unused version of foo – "foo(int)" is simply removed.
