Possible FP: squid:S3516 Methods returns should not be invariant

208 views
Skip to first unread message

René

unread,
Nov 27, 2017, 3:30:36 AM11/27/17
to SonarQube
Hello there,

I think there's a false-positive regarding rule squid:S3516, Methods returns should not be invariant.

As soon as there is an additional check (the checkValue part) SonarJava raises squid:S3516, when removing that line the finding disappears.

public class SonarLintTest {
 private static final List<String> VALUES = Arrays.asList("VAL1", "VAL2", "VAL3");
 
   private static class Value {
     private String region;
     private String description;
     private String detail;
   }

   /**
   * Test of squid:3516
   * @param parValues list of values
   * @return true if the list contains items with all 3 details
   */
  public boolean testInvariant(final List<Value> parValues) {
   if (parValues == null || parValues.isEmpty() || parValues.size() < VALUES.size()) {
     return false;
   }

   boolean val1Found = false;
   boolean val2Found = false;
   boolean val3Found = false;

   for (Value val : parValues) {
     if (checkValue(val)) { // without this additional check squid:S3516 is not raised
       if ("VAL1".equalsIgnoreCase(val.detail)) {
         val1Found = true;
       } else if ("VAL2".equalsIgnoreCase(val.detail)) {
         val2Found = true;
       } else if ("VAL3".equalsIgnoreCase(val.detail)) {
         val3Found = true;
       }
     }
   }

   return val1Found && val2Found && val3Found;
 }

 private boolean checkValue(final Value parValue) {
 return parValue.description != null && parValue.region != null;
 }
}

Could you please have a look into it?

Thanks and kind regards,
René
René
unread,
Nov 27, 2017, 3:34:46 AM11/27/17
to SonarQube
Follow up:
SonarJava used was version 4.15.0.12310
Michael Gumowski
unread,
Jan 30, 2018, 12:00:31 PM1/30/18
to René, SonarQube
Hello René,

Sorry for answering you after so long. I can not reproduce the issue with SonarJava 5.1.0 and SQ 6.7.1 (LTS).
Could you please confirm that you are still having the issue?

Now, it looks like an obvious FP to me, most probably related to the way the Symbolic Execution engine is handling loops. I'll need to reproduce it to tell more.

It is also possible that after adding the new test (checkValue), then the engine is not able to complete the exploration of the method anymore (explosion of states, too many program state being generated), leading to an interruption of the execution (and no issue being raised). If it's the case, you will have a trace from that in the log (debug mode).

Regards,
Michael



-- 

You received this message because you are subscribed to the Google Groups "SonarQube" group.

To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/5a77231f-dca5-4daf-9fae-8ee23a73dd29%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


-- 
Michael Gumowski | SonarSource
Software Developer, Language Team
https://www.sonarsource.com


René
unread,
Jan 31, 2018, 3:34:12 AM1/31/18
to SonarQube
Hello Michael,

just checked it again with the latest SonarJava version and the issue is gone, so I guess it was fixed somehow :)

Thanks for looking into it.

Regards,
René
Reply all
Reply to author
Forward
0 new messages