Hello,

I would like to report the following inappropriate finding S2437 “Remove this silly bit operation”.

Environment is

- Windows 10 Pro V10.0.18363.1621
- Visual Studio Professional 2019 (16.10.3, 16.10.31424.327)
- SonarLint extension V4.35.0.32570
- No SonarQube

Here is the code:

```
Public Function SecureAreEqual(a1 As Byte(), a2 As Byte()) As Boolean
Dim compareLength As Integer = a1.Length
If a2.Length < compareLength Then _
compareLength = a2.Length
Const ZERO_SUM As Byte = 0
Dim xorSum As Byte = ZERO_SUM
For i As Integer = 0 To compareLength - 1
xorSum = xorSum Or (a1(i) Xor a2(i))
Next
Return (a1.Length = a2.Length) And (xorSum = ZERO_SUM)
End Function
```

In the line `xorSum = xorSum Or (a1(i) Xor a2(i))`

the `Or`

is flagged as a “silly bit operation”.

I assume that this based on the fact that `xorSum`

is initialized with zero and SonarLint evaluates `xorSum = xorSum Or (a1(i) Xor a2(i))`

as `xorSum = 0 Or (a1(i) Xor a2(i))`

where `0 Or something`

is indeed an unnecessary bit operation.

However the rules seems to fail to take into account that this “silly bit operation” is part of a loop where `xorSum`

is not guaranteed to be 0.

Another point I have with this message is that I regard the word “silly” in the message as offending. I think it would be more appopriate to use the word “unnecessary”.