Inappropriate finding S2437 when Or-ing a sum


I would like to report the following inappropriate finding S2437 “Remove this silly bit operation”.

Environment is

  • Windows 10 Pro V10.0.18363.1621
  • Visual Studio Professional 2019 (16.10.3, 16.10.31424.327)
  • SonarLint extension V4.35.0.32570
  • No SonarQube

Here is the code:

Public Function SecureAreEqual(a1 As Byte(), a2 As Byte()) As Boolean
      Dim compareLength As Integer = a1.Length

      If a2.Length < compareLength Then _
         compareLength = a2.Length

      Const ZERO_SUM As Byte = 0

      Dim xorSum As Byte = ZERO_SUM

      For i As Integer = 0 To compareLength - 1
         xorSum = xorSum Or (a1(i) Xor a2(i))

      Return (a1.Length = a2.Length) And (xorSum = ZERO_SUM)
   End Function

In the line xorSum = xorSum Or (a1(i) Xor a2(i)) the Or is flagged as a “silly bit operation”.

I assume that this based on the fact that xorSum is initialized with zero and SonarLint evaluates xorSum = xorSum Or (a1(i) Xor a2(i)) as xorSum = 0 Or (a1(i) Xor a2(i)) where 0 Or something is indeed an unnecessary bit operation.

However the rules seems to fail to take into account that this “silly bit operation” is part of a loop where xorSum is not guaranteed to be 0.

Another point I have with this message is that I regard the word “silly” in the message as offending. I think it would be more appopriate to use the word “unnecessary”.

Hi @dbs_fs

First of all, thank you for reporting this false positive.
This issue was fixed and released with Analyzer version 8.24. So, please update to a newer version of SonarLint and the false positive will be gone.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.