I am working on a C# solution and I have noticed after the Sonayway update on the 24th August, I am getting following failure for C# code.
S2583: Conditionally executed code should be reachable
This condition was written long time ago in my C# code base and no sonar cloud failures were reported until 24th August.
Further analysis on to the rules introduced on 24th of August by Sonarway. I can see there is a new rule S2583 has been added to VB.NET
Can somebody please explain me how come this S2568 was raised for C# condition after 24th of August. (where new rule S2568 was introduced for VB.NET by Sonarway) ?
Is there a bug in Sonarcloud which applies this VB.NET rule (S2583) after the Sonarway update on 24th August.
S2583 recently received a facelift and moved to a new symbolic execution engine (see release notes here). This fixed a lot of false-positives and false-negatives with this rule.
Unfortunately on SonarCloud, when analyzers are updated and new issues are raised because of those changes, those new issues are not backdated. This is different from SonarQube which backdates such issues.
Did you notice these issues because they fell into your New Code Period? Or did you notice it some other way (you had 0 overalll issues and suddenly you had some)
Are these issues valid (i.e., not false-positives)?
The issue presents itself on the main branch as part of overall quality gate scanning. We have a custom quality profile, inheriting from SonarWay for C#.(S2583)
We believe the issue raised by S2583 is a valid and existed on main branch for a while but are still unsure as to why Sonarcloud analysers have started to picking that up from 24th August.
I presume this is to do with the “Symbolic Execution Engine” update made on 24th of August.
Is there anyway to receive notifications of these types of breaking changes prior to release/update of the sonar-dotnet tool?
The new version of the sonar-dotnet component will be included in the next version of SonarLint for Visual Studio.
We wouldn’t really consider this a breaking change, it’s just the analyzers getting smarter. However, it doesn’t look like we announced this anywhere (I’m not seeing it if we did), and we should be celebrating our analyzers getting smarter! I’ll ping somebody on this.