2016년 7월 28일 목요일

Inaccessible cord

Inaccessible cord

An inaccessible cord (とうたつふのう cord British: unreachable code) or the dead cord (British: dead code) points at the cord which is never carried out although there is it in the source code of the program.

The dead cord is told to be unfavorable by the following reasons.

  • When an author thinks that the code is carried out, there is a bug for the program.
  • When an author and a scholar of conservatism miss that the code is not carried out, I will spend time and labor on the occasion of maintenance idly.

The redundant code is carried out, but is the cord which no influence gives the output of the program. The identifier that is not used even if declared is called redundant declaration.

Table of contents

Detection of the inaccessible cord

The detection of the dead cord is a kind of the static cord analysis and detects the cord which is never carried out even if how about a condition at the time of the value of the variable and other practice by analyzing control structure. By some languages (JAVA), the certain inaccessible cord is not permitted in the specifications of the language. I call optimization technique to delete the dead cord dead cord deletion.

A cord may become inaccessible as a result of compiler optimization (cocommon method deletion).

The cause that an inaccessible cord is created

In the following, I comment on some causes that an inaccessible cord produces in a source code.

In the case of software development, it may prevent a cord from being carried it out temporarily the programmer (i.e., I renew it so that it is not carried out explicitly). For example, there is the following cord.

  while (condition)  {    foo();    bar();  } 

When it wants to prevent you from carrying out bar() temporarily here, e.g., renews it as follows.

  while (condition)  {    foo();    continue;    bar();  } 

In this example, bar() becomes the inaccessible cord (continue transfers it for the next repetition of the loop promptly). Such a temporary correction may remain until release.

I may leave it without deleting the cord for a case and the debugging that a condition judgment makes redundancy as the cause that other inaccessible cords produce.

When I am not called from anywhere, a function and the subroutine become the dead cord, and the function called only by an inaccessible cord becomes the dead cord.

The existence of the inaccessible cord may show that a premise and the environment of the logical error and program at the time of the correction of the program were largely changed. The superior compiler notifies you of the existence of the dead cord, and the meaning is thought about a person of maintenance.

Inspection of the inaccessible nature

It is equivalent with untying a stop-related problem to determine whether any cord is an inaccessible cord. In other words, it is impossible to grasp every inaccessible code definitely.

The analysis technique becomes elaborateness, and the quantity to detect an inaccessible cord is largely really improved. For example, with the following cords, I can show that a sentence called xyz is inaccessible by fixed number folding in and the simple flow analysis.

  int n = 2 +1,  if (n = = 4)  {    xyz  } 

However, I need a considerable effort to detect a sentence called xyz is inaccessible with the following cords.

  double x = sqrt(2);  if (x > 2)  {    xyz  } 

The inaccessible nature and profiling

With normal technique by the static cord analysis, I may detect a complicated case using a profiler in some cases. The profiler cannot do "proof" by the inaccessible nature of the cord, but is superior for Hugh squirrel Thich finding out an inaccessible cord. If a suspicious part is found, I use a more powerful analysis tool, and a human being investigates it with eyes by hand and judges it whether the cord is really inaccessible.

Fragile due to the inaccessible nature

I may bring weakness in the security by an inaccessible cord. Is a bug in the implementation of TLS/SSL by Apple, and CVE-2014-1266 is given for CVE number, and the well-known example is called "goto fail bug" [1]; [2]. The real codes are as follows [3].

 static OSStatus SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,                                  uint8_t *signature, UInt16 signatureLen) {     OSStatus        err;     ...       if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom))!= 0)         goto fail;     if ((err = SSLHashSHA1.update(&hashCtx, &signedParams))!= 0)         goto fail;         goto fail;     if ((err = SSLHashSHA1.final(&hashCtx, &hashOut))!= 0)         goto fail;     ...   fail:     SSLFreeBuffer(&signedHashes);     SSLFreeBuffer(&hashCtx);     return err; } 

It is goto fail; two successively There is a point calling を, but does not aim at the second. A summons of final where it should arrive at originally becomes the inaccessible cord. Checks by final were always skipped, and err would maintain a value after the success of the SHA1 update operation and was in this way in a condition that signature inspection by final was not carried out [1].

Footnote

  1. ^ a b Adam Langley (2014). "Apple's SSL/TLS bug". March 15, 2015 reading.
  2. ^ Arie van Deursen (2014). "Learning from Apple' s #gotofail Security Bug". March 15, 2015 reading.
  3. ^ "sslKeyExchange.c - Source code for support for key exchange and server key exchange." March 15, 2015 reading.

Allied item

This article is taken from the Japanese Wikipedia Inaccessible cord

This article is distributed by cc-by-sa or GFDL license in accordance with the provisions of Wikipedia.

Wikipedia and Tranpedia does not guarantee the accuracy of this document. See our disclaimer for more information.

In addition, Tranpedia is simply not responsible for any show is only by translating the writings of foreign licenses that are compatible with CC-BY-SA license information.

0 개의 댓글:

댓글 쓰기