Hi there!
I think this is a false-positive.
total2 and total1 aren’t equal.
- Developer Edition
- Version 9.4 (build 54424)
Hi @lnksz,
Thanks for reaching out. In order to better understand why this issue is raised, we would need a reproducer. Could you share it with us?
Thank you
To generate the reproducer file:
- Search in the analysis log for the full path of the source file for which you want to create a reproducer (for instance, a file that contains a false-positive). You will have to use exactly this name (same case, / or \…)
- Add the reproducer option to the scanner configuration:
sonar.cfamily.reproducer= “Full path to the source file .cpp” - Re-run the scanner to generate a file named sonar-cfamily.reproducer in the project folder.
- Please share this file. If you think this file contains private information, let us know, and we’ll send you a private message that will allow you to send it privately.
oh, wow. Isn’t there an online option like the PVS-Studio integration with compiler-explorer?
There is no support for the compiler-explorer or any other online testing program for our tool. In theory, it would be possible to create a smaller reduced example. However, we do not recommend doing so, especially for the symbolic-execution rules. For such kinds of rules, our analyzer simulates the invocation of the program code. The presence of the issue depends on the traveled path, so even if the reduced example produces the same message, it may be a different issue (or true positive).
For the reasons above, we prefer to receive a reproducer file that allows us to reproduce conditions that occurred for your specific code.
I can see the reasoning, although it could be an AND not an XOR between the two options. Semgrep’s and PVS Studio’s online option to reproduce errors on small snippets is quite handy.
But anyway, this isn’t a feature request thread for that. 
Can you drop me a link to share the repro file privately?
Thank you for reporting the issue and providing a reproducer.
I have investigated the issue and it is limited understanding of floating-point operations by our symbolic-execution engine. You can use the CPP-3673 ticket to follow progress.
1 Like