UNREACH.RETURN
Unreachable return
The UNREACH.RETURN checker looks for unreachable return statements in the code-any return that will never be used. A typical use for UNREACH.RETURN is to separate unreachable returns from other types of unreachable code. It is useful to be able to turn off the UNREACH.RETURN checker when you know there are unreachable returns in the code (particularly in generated code) that aren't significant, but still want to check for more generally unreachable code with UNREACH.GEN.
Vulnerability and risk
An unreachable return statement can cause confusion during code maintenance and/or code review. In some edge cases, an unreachable return can also cause unintended program behavior.
Vulnerable code example
  void foo(int *p)
  {
      switch (*p) {
          case 0:
          case 1:
              if (*p == 0) {
                  ++(*p);
                  return;
              } else if (*p == 1){
                 --(*p);
                 return;
             }
             return;
         default:
             (*p) = 1 - (*p);
     }
 }Klocwork produces a report of an unreachable void return statement, indicating that the return statement at line 13 is never reached. Obviously in this case, the behavior is benign and would typically cause the reviewer to turn this checker off (particularly if the pattern is one emitted by a code generator in a systematic manner).
Related checkers
External guidance
Extension
This checker can be extended. See Tuning C/C++ analysis for more information.




