False positive for Remove this expression which always evaluates to "true" (squid:S2589 Boolean expressions should not be gratuitous)

2,767 views
Skip to first unread message

Hermann Czedik-Eysenberg

unread,
Jun 30, 2017, 10:46:25 AM6/30/17
to SonarQube
The following code leads to a FP for rule squid:S2589 (Boolean expressions should not be gratuitous):

            boolean eof = false;
            while ( !eof )
            {
                try {
                    names.add( din.readUTF() );
                }
                catch ( EOFException eofException )
                {
                    eof = true;
                }
            }


The code is certainly not nice, but it should not show this particular bug, as eof will eventually get set to true.

This happens in the newest SonarJava 4.10.0.10260

Screenshot:

Tibor Blenessy

unread,
Jun 30, 2017, 12:23:11 PM6/30/17
to Hermann Czedik-Eysenberg, SonarQube
Hello Hermann,

I tried to analyze your snippet in a method like this 

package org.test;

import java.io.DataInputStream;
import java.io.EOFException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

class EOF {

  void test(DataInputStream din) throws IOException {
    List<String> names = new ArrayList<>();
    boolean eof = false;
    while (!eof) {
      try {
        names.add(din.readUTF());
      } catch (EOFException ex) {
        eof = true;
      }
    }
  }
}

and issue is not triggered with SonarJava 4.10. I would need to understand what is different. Can you please send whole file you are analyzing? Which version of scanner you are using for analysis? 




--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/ddbe8cac-b2f7-4cc2-8891-03ea6d11775f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--

Tibor Blenessy | SonarSource

SonarJava Developer

http://sonarsource.com 

Hermann Czedik-Eysenberg

unread,
Jul 4, 2017, 7:47:58 AM7/4/17
to SonarQube, hcz...@gmail.com
Hi Tibor,

thanks for looking into this!

Our code looks very similar:

import java.io.DataInputStream;
import java.io.EOFException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collection;


public class FileServiceUtil
{    
    public Collection<String> getFileNames( InputStream in ) throws Exception
    {
        Collection<String> names = new ArrayList<>();
       
        DataInputStream din = new DataInputStream( in );
        try
        {

            boolean eof = false;
            while ( !eof )
            {
                try {
                    names.add( din.readUTF() );
                }
                catch ( EOFException eofException )
                {
                    eof = true;
                }
            }
        }

        finally
        {
            din.close();
        }
       
        return names;
    }
}

In fact I tried your code snippet and it triggers the same false positive in my Eclipse. So the issue is also found when using the newest SonarLint 3.2.0.

For our analysis on Jenkins we use the Maven plugin 
org.codehaus.mojo:sonar-maven-plugin:3.2:sonar

Should I try using a different version?

On the server we have SonarJava 4.10.0.10260 on SonarQube version  5.6.6 LTS.

Hermann

Tibor Blenessy

unread,
Jul 11, 2017, 12:26:30 PM7/11/17
to Hermann Czedik-Eysenberg, SonarQube
Hello Hermann,

I managed to reproduce issue, with bit more self-contained example, as described in ticket here https://jira.sonarsource.com/browse/SONARJAVA-2387 . It seems to be a problem with our Symbolic Execution engine, which doesn't take instruction inside the catch block into the account. I am not sure what I was doing wrong before, that I couldn't reproduce it.

Best regards


To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/2d265d2b-b53e-4349-a7ce-7709693b1973%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

akhi...@gmail.com

unread,
Jun 1, 2018, 5:53:06 AM6/1/18
to SonarQube
Hi,

Is this issue "https://jira.sonarsource.com/browse/SONARJAVA-2387" linked to other same kind of warnings raised for "if" conditions also because i am getting this warning with code like this:
finally {
    // Warning is raised for below condition, Change this condition so that it does not always evaluate to "true"
    if (session != null) { 
        session.close(); 
    }
} 

sonar version is 7 and sonar scanner maven plugin is 3.3.

Best Regards

Tibor Blenessy

unread,
Jun 1, 2018, 11:23:51 AM6/1/18
to akhi...@gmail.com, SonarQube
Hello,

to be able to confirm your question please send the whole code snippet reproducing the error as a new thread. Also include version of SonarJava plugin installed on your SQ instance.

Regards

Tibor

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/2dbc3efd-2734-4dce-b0cb-5f1c72ce31b0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.
--

Tibor Blenessy | SonarSource

Language Analyzer Developer

https://sonarsource.com 

Reply all
Reply to author
Forward
0 new messages