C# - S2583 false positive in a for-loop

urmel · November 13, 2023, 11:53am

Hello, we use the following structure to bundle SQL-Queries. But the Linter says that the if-condition is always true or false. I think it’s because the rule isn’t consider the for-loop

What language is this for? C#
Which rule? S2583
Why do you believe it’s a false-positive? Because the condition is not ALWAYS false or wrong.
Are you using
- SonarCloud? No
- SonarQube - which version?No
- SonarLint - which IDE/version? Yes, IDE Visual Studio 17.7.5 ; SonarLint 9.8.0.76515
  - in connected mode with SonarQube or SonarCloud? No
How can we reproduce the problem? Give us a self-contained snippet of code (formatted text, no screenshots)

                for (int j = 0; j < 100; j++)
                {
                    // add sql-update
                    sql += "UPDATE XYZ";

                    iLoop++;
                    if (iLoop == 10)
                    {
                        // send sql update
                        iLoop = 0;
                    }
                }

Mary_Georgiou · November 13, 2023, 12:37pm

Hello @urmel and thanks for reporting this.

I confirm this is a false positive and indeed it’s related to the for-loop.

Our symbolic execution engine explores loops only two times, and it cannot “learn” that iLoop > 2 can be true.

We already have similar issues to our backlog (for example see here, here and here), where you can read more information.

urmel · November 13, 2023, 2:11pm

Hey @Mary_Georgiou ,
thank you for your quick answer!

Unfortunately, I only searched in the community and not in the repo.

Could you turn off the rule for the if’s in a for-loop when there is an incremetation of an var inside?

Mary_Georgiou · November 13, 2023, 2:55pm

Hello again,

We already took that path, where we tried to apply exclusions in the loops but there were a lot of false negatives (more value was lost than noise being taken out).

However, we have a scheduled sprint to look into the symbolic execution engine and for-loops again with the goal of minimizing the false positives.

For now, unfortunately, there’s not a lot we can do.

urmel · November 13, 2023, 3:08pm

Thank you!

I’m looking forward to that solution, and thank you for the tool.

system · November 20, 2023, 3:09pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
False positive on S2583 and conditions looking at incrementing values inside of a loop Report False-positive / False-negative... dotnet , false-positive	1	244	February 23, 2024
S2589 in a while loop with post-if counter Report False-positive / False-negative... csharp	4	553	February 29, 2024
S2589 field value not properly read in nested for loops Report False-positive / False-negative... java , intellij , false-positive , sonarqube-ide	1	366	March 2, 2023
S2589 false alarm in SonarLint, VS 2022 Report False-positive / False-negative... csharp , visualstudio , sonarqube-ide	1	252	December 20, 2023
Rule javascript:S2189 false positive in loop exit condition Report False-positive / False-negative... javascript , sonarqube	1	413	February 26, 2024

C# - S2583 false positive in a for-loop

Related topics