Hello,
I would like to report the following inappropriate finding S2437 “Remove this silly bit operation”.
Environment is
- Windows 10 Pro V10.0.18363.1621
- Visual Studio Professional 2019 (16.10.3, 16.10.31424.327)
- SonarLint extension V4.35.0.32570
- No SonarQube
Here is the code:
Public Function SecureAreEqual(a1 As Byte(), a2 As Byte()) As Boolean
Dim compareLength As Integer = a1.Length
If a2.Length < compareLength Then _
compareLength = a2.Length
Const ZERO_SUM As Byte = 0
Dim xorSum As Byte = ZERO_SUM
For i As Integer = 0 To compareLength - 1
xorSum = xorSum Or (a1(i) Xor a2(i))
Next
Return (a1.Length = a2.Length) And (xorSum = ZERO_SUM)
End Function
In the line xorSum = xorSum Or (a1(i) Xor a2(i))
the Or
is flagged as a “silly bit operation”.
I assume that this based on the fact that xorSum
is initialized with zero and SonarLint evaluates xorSum = xorSum Or (a1(i) Xor a2(i))
as xorSum = 0 Or (a1(i) Xor a2(i))
where 0 Or something
is indeed an unnecessary bit operation.
However the rules seems to fail to take into account that this “silly bit operation” is part of a loop where xorSum
is not guaranteed to be 0.
Another point I have with this message is that I regard the word “silly” in the message as offending. I think it would be more appopriate to use the word “unnecessary”.