Dead store

In computer programming, a dead store is a local variable that is assigned a value but is read by no following instruction. Dead stores waste processor time and memory, and may be detected through the use of static program analysis, and removed by an optimizing compiler.

If the purpose of a store is intentionally to overwrite data, for example when a password is being removed from memory, dead store optimizations can cause the write not to happen, leading to a security issue.^[1] Some system libraries have specific functions designed to avoid such dangerous optimizations, e.g. explicit_bzero on OpenBSD.^[2]

Examples

Java

Dead store example in Java:

// DeadStoreExample.java
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

public class DeadStoreExample {
    public static void main(String[] args) {
        List<String> list = new ArrayList<String>(); // This is a Dead Store, as the ArrayList is never read. 
        list = getList();
        System.out.println(list);
    }

    private static List<String> getList() {
        return new ArrayList<String>(Arrays.asList("Hello"));
    }
}

In the above code an ArrayList<String> object was instantiated but never used. Instead, in the next line the variable which references it is set to point to a different object. The ArrayList which was created when list was declared will now need to be de-allocated, for instance by a garbage collector.

JavaScript

Dead store example in JavaScript:

function func(a, b) {
    var x;
    var i = 300;
    while (i--) {
        x = a + b; // dead store
    }
}

The code in the loop repeatedly overwrites the same variable, so it can be reduced to only one call.^[3]

See also

• Dead code
• Unreachable code

References

1. "Insecure Compiler Optimization | OWASP".
2. "OpenBSD manual pages". man.openbsd.org. Retrieved 2016-05-14.
3. "HTML5, and Real World Site Performance: Seventh IE9 Platform Preview Available for Developers".