This diagnostic rule was added at users' request.
The analyzer has detected a suspicious expression with a string literal which text matches the name of the string type variable. Such an expression may contain a typo, which is difficult to identify both at the code review stage and during compilation.
Look at the synthetic example:
bool CheckCredentials(const std::string& username,
const std::string& password)
{
return users[username].password == "password";
}
This function should check if the passed password matches the one in the user data store. When you work with the string type data, you can accidentally type extra quotation marks. Since this comparison is syntactically correct, it is compiled successfully. However, the function doesn't work as planned. If such code is surrounded by the same type of expressions that check other data, then reviewer may consider it too trivial and not pay attention to it.
Another example of a typo found in a real project:
qboolean QGL_Init( const char *dllname ) {
....
// NOTE: this assumes that 'dllname' is lower case (and it should be)!
if ( strstr( dllname, _3DFX_DRIVER_NAME ) ) {
if ( !GlideIsValid() ) {
ri.Printf( PRINT_ALL,
"...WARNING: missing Glide installation, assuming no 3Dfx available\n" );
return qfalse;
}
}
if ( dllname[0] != '!' && strstr( "dllname", ".dll" ) == NULL ) { // <=
Com_sprintf( libName, sizeof( libName ), "%s\\%s", systemDir, dllname );
} else
{
Q_strncpyz( libName, dllname, sizeof( libName ) );
}
....
}
Fragment of the 'strstr( "dllname", ".dll" ) == NULL' expression will always be true because the "dllname" string doesn't have the ".dll" substring. In fact, the code author wanted to check the 'dllname' variable's contents.
Unfortunately, this diagnostic often gives false positives, because it is difficult to determine the logic of processing certain variables. For example, variables and text literals often overlap when you work with key-value containers designed to bind data to their names. However, such warnings do not take much time when you view the report. The code can be quickly refactored, and unnecessary warnings can be suppressed.