Dead store explained

In computer programming, a dead store is a local variable that is assigned a value but is read by no following instruction. Dead stores waste processor time and memory, and may be detected through the use of static program analysis, and removed by an optimizing compiler.

If the purpose of a store is intentionally to overwrite data, for example when a password is being removed from memory, dead store optimizations can cause the write not to happen, leading to a security issue.[1] Some system libraries have specific functions designed to avoid such dangerous optimizations, e.g. explicit_bzero on OpenBSD.[2]

Examples

Java

Dead store example in Java:// DeadStoreExample.javaimport java.util.ArrayList;import java.util.Arrays;import java.util.List;

public class DeadStoreExample

In the above code an ArrayList<String> object was instantiated but never used. Instead, in the next line the variable which references it is set to point to a different object. The ArrayList which was created when list was declared will now need to be de-allocated, for instance by a garbage collector.

JavaScript

Dead store example in JavaScript:function func(a, b)

The code in the loop repeatedly overwrites the same variable, so it can be reduced to only one call.[3]

See also

Notes and References

  1. Web site: Insecure Compiler Optimization | OWASP.
  2. Web site: OpenBSD manual pages . man.openbsd.org . 2016-05-14.
  3. Web site: HTML5, and Real World Site Performance: Seventh IE9 Platform Preview Available for Developers.