False positive on S2583

25 views
Skip to first unread message

philip...@gmail.com

unread,
Feb 27, 2018, 7:33:39 AM2/27/18
to SonarQube
Hi there,

We have found a false positive that is reported on a loop variable:

public class FalsePositive { 
 protected StringBuilder foo() { 
   String[] array = {"one", "two", "three"}; 
   for (int i = 0; i < array.length; i++) { 
     for (int j=0;j<=i;j++) { 
       if(j>0) { 
         // j can be zero in the first iteration 
       } 
     } 
   } 
   return null; 
   } 

Here Sonar claims that j>0 is always false but it is not on the first iteration of both loops.

Versions:
  1. Sonar version 6.7.1 (build 35068)
  2. SonarJava 51 (build 13090)
  3. Sonarlint for Eclipse 3.3.1.201712071600
Philippe

Michael Gumowski

unread,
Feb 28, 2018, 9:10:58 AM2/28/18
to philip...@gmail.com, SonarQube
Hello Philippe,

Thanks for the feedback. This is indeed a FP. Unfortunately caused by an approximation implemented in our Symbolic Execution engine, regarding how it currently handles loops.

We plan to rework the engine to cover such cases at some point , using a different approach (we currently limit our exploration of loops "a given number of times", which leads to bad FPs), but nothing really planned yet.

In the meantime, I added your case to the following ticket, to not lose it: SONARJAVA-2523

Regards,
Michael

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/7c8b189b-c0b2-4592-a353-b47e7b991c10%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Michael Gumowski | SonarSource
Software Developer, Language Team
https://www.sonarsource.com
Reply all
Reply to author
Forward
0 new messages