V3093. The operator evaluates both operands. Perhaps a short-circuit operator should be used instead.


The analyzer detected a possible error that has to do with the programmer confusing operator '&' with '&&' or '|' with '||' when using them to form a logical expression.

Conditional operators AND ('&&') / OR ('||') evaluate the second operand only when necessary (see Short circuit) while operators '&' and '|' always evaluate both operands. It is very likely that the code author did not intend it to work that way.

Consider the following example:

if ((i < a.m_length) & (a[i] % 2 == 0))
{
  sum += a[i];
}

Suppose the 'a' object is a container; the number of elements in it is stored in the 'm_length' member. We need to find the sum of even elements, making sure that we do not go beyond the array boundaries.

Because of a typo, our example uses operator '&' instead of '&&'. It will result in an array-index-out-of-bounds error when evaluating the '(a[i] % 2 == 0)' subexpression if index 'i' appears to be greater than or equal to 'a.m_length'. Regardless of whether the left part of the expression is true or false, the right part will be evaluated anyway.

Fixed code:

if ((i < a. m_length) && (a[i] % 2 == 0))
{
  sum += a[i];
}

Here is another example of incorrect code:

if (x > 0 | BoolFunc())
{
  ....
}

The call to the 'BoolFunc()' function will execute all the time, even when the '(x > 0)' condition is true.

Fixed code:

if (x > 0 || BoolFunc())
{
  ....
}

Code fragments detected by diagnostic V3093 do not always contain errors, but they do deal with expressions that are non-optimal from the viewpoint of performance (especially when they use calls to complex functions).

If, however, the conditional expression is correct and written as you intended, you can mark this fragment with special comment "//-V3093" so that the analyzer does not output the warning:

if (x > 0 | BoolFunc()) //-V3093
{
  ....
}

To learn more about false-positive-suppression techniques, see the documentation.

According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-480.

You can look at examples of errors detected by the V3093 diagnostic.


Bugs Found

Checked Projects
363
Collected Errors
13 495