Variable assignment falsely claimed to be null

Henning_Luther · October 30, 2023, 9:48am

the variable doc is reassigned at line 37 and 39 but claimed to stay null

and of course at runtime testing the doc normally returns the proper value

Colin · October 31, 2023, 9:27am

Hey there.

I’ve moved your post to the section on reporting false-positives.

Can you please update your post with the information requested in this post, specifically a text-based code sample (or link to a public SonarCloud project) rather than a screenshot?

Henning_Luther · October 31, 2023, 9:31am

thx, sure i ccheck on it

Henning_Luther · October 31, 2023, 9:32am

String doc = null;
    if (file.isPresent()) {
      Object element = file.get().getElement(offset);
      if (element instanceof IContentTag ct) {
        doc = getForTag(ct);
      } else if (element instanceof IContentAttribute ca) {
        doc = getForAttribute(processor, offset, ca);
      }
    }
    return doc != null ? doc : NO_DOC_AVAILABLE;

Henning_Luther · October 31, 2023, 9:33am

https://sonarcloud.io/project/issues?resolved=false&sinceLeakPeriod=true&types=BUG&branch=feature%2FCASTIDE-782&id=testificast_CastFramework%2Fide-core&open=AYtniDOn7iHGj4kI8Jz_

angelo.buono · November 1, 2023, 9:08am

Hello @Henning_Luther, thanks for reaching out.

I failed to reproduce the issue with the following code:

  String sample(boolean a, boolean b, boolean c) {
    String doc = null;

    if (a) {
      if (b) {
        doc = "B";
      } else if (c) {
        doc = "C";
      }
    }

    return doc != null ? doc : "NO_DOC_AVAILABLE";
  }

Can you provide a reproducible example? Also, what is the rule that raises the issue? Is it part of Sonar way Quality Profile?

Henning_Luther · November 1, 2023, 9:10am

it is that one: SonarCloud

Henning_Luther · November 1, 2023, 9:12am

so my guess would be that the both methods called are claimed to return null. they can but normally dont.

@SuppressWarnings("deprecation")//commons-text not avail in eclipse plugin repo
  private static String getForTag(IContentTag ct) {
    if (ct.getCastTag() != null) {
      return DocumentationHelper.getTagDocumentation(ct.getCastTag());
    } else if (ct.getValidationException() != null) {
      return StringEscapeUtils.escapeHtml4(ct.getValidationException().getMessage());
    }

    return null;
  }

  private static String getForAttribute(IProjectProcessor processor, int offset,
      IContentAttribute att) {
    IRange valueNode = att.getValueRange();
    IContentTag tag = att.getParent();
    if (tag.getCastTag() != null) {
      Optional<ICastAttribute> castAttributeOpt = tag.getCastTag().getAttribute(att.getName());
      if (castAttributeOpt.isPresent()) {
        ICastAttribute castAttribute = castAttributeOpt.get();
        if (valueNode != null && valueNode.contains(offset)) {
          return DocumentationHelper.getAttributeValueDocumentation(processor, castAttribute,
              att.getValue());
        } else {
          return DocumentationHelper.getAttributeDocumentation(processor, castAttribute);
        }
      }
    }
    return null;
  }

Henning_Luther · November 1, 2023, 1:12pm

@angelo.buono got it

public static void main(String[] args) {
    for(int i = 0;i<100;i++) {
      System.out.println(testSonarBug());
    }
  }
  
  public static Object testSonarBug() {
    Object o = null;
    if(testSonarBug1()) {
      o = 3;
    }else if(testSonarBug2()){
      o = 4;
    }
    
    return o!=null? o : 8;
  }
  
  public static boolean testSonarBug1() {
    Object o = null;
    if(testSonarBug3().isPresent()) {
      o = 1;
    }else {
      o = null;
    }
    
    return o == null;
    
  }

  public static boolean testSonarBug2() {
    if(testSonarBug3().isPresent()) {
      LOGGER.debug(TESTAUTOMAT_ERROR);
    }else {
      return true;
    }
    return false;
  }
  
  public static Optional<Object> testSonarBug3() {
    
    return RANDOM.nextBoolean()?Optional.empty():Optional.of(new Object());
  }

output:

4

8

3

4

8

4

3

4

3

4

3

angelo.buono · November 2, 2023, 11:06am

Hello @Henning_Luther, I tried to reproduce it using your code without any success. I tried with:

Sonar Cloud

Screenshot 2023-11-02 at 10.03.30986×1022 84.5 KB
Sonar Qube Community Edition v 10.1.1

Screenshot 2023-11-02 at 09.29.451054×1004 66.7 KB
Sonar Qube Enterprise Edition v10.2.1

Screenshot 2023-11-02 at 09.20.071053×1044 70.9 KB

I double-checked that the quality profile includes rule S2583. Are you aware of any custom configuration you are using?

In general, this rule is very noisy since it relies on the Symbolic Execution engine that is not maintained. There are many false positives reported, but none seems to match your scenario.

Henning_Luther · November 3, 2023, 11:07am

we dont have any special custom config. we just use what sonar is offering. so would you recommend to disable those rules?

Henning_Luther · November 3, 2023, 11:10am

i also observe similar problem whith java:S3516 : SonarCloud

angelo.buono · November 6, 2023, 9:35am

The rules with the “symbolic-execution” tag are definitely noisy, so affected by many false positives, and the engine is not maintained at the moment.

I will recommend you to still report these scenarios, so we can try to reproduce them and, once verified, open an issue. Meanwhile, you can disable those rules.

A new engine, the “Data Bug Detection”, is available for Sonar Qube Enterprise and Sonar Cloud for dealing with rules that require data flow tracking. The “symbolic-execution” rules are being migrated there.

For example, S2583 will be available soon. I’ll suggest keeping an open eye and enabling the new versions of these rules once they are available; most likely they will be automatically enabled in the Sonar way quality profile on Sonar Cloud.