This is an archive of the discontinued LLVM Phabricator instance.

Output "rule" information in SARIF
ClosedPublic

Authored by aaron.ballman on Nov 1 2018, 9:31 AM.

Details

Summary

SARIF allows you to export descriptions about rules that are present in the SARIF log. This patch exposes the help text table generated into Checkers.inc as the rule's "full description" and exports all of the rules present in the analysis output.

This information is useful for analysis result viewers like CodeSonar.

Diff Detail

Event Timeline

aaron.ballman created this revision.Nov 1 2018, 9:31 AM
george.karpenkov requested changes to this revision.Nov 1 2018, 9:50 AM

Minor nit: let's create a custom substitution for your diff command, like diff_plist.
Otherwise LGTM.

test/Analysis/diagnostics/sarif-multi-diagnostic-test.c
2

In order to avoid duplication in diff commands between the tests, it might be better to define a custom command in lit.cfg, as we did for diff_plist
(alternatively, create a custom flag to generate stable output)

This revision now requires changes to proceed.Nov 1 2018, 9:50 AM

Updated based on review feedback.

aaron.ballman marked an inline comment as done.Nov 1 2018, 11:41 AM
aaron.ballman added inline comments.
test/Analysis/diagnostics/sarif-multi-diagnostic-test.c
2

Oh, how neat! I didn't notice that we did that for plists, but that's a nice solution here.

george.karpenkov accepted this revision.Nov 1 2018, 11:52 AM
george.karpenkov added inline comments.
test/Analysis/diagnostics/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif
10

You have probably noticed that seeing those changes is much nicer in diff than in FileCheck :P

This revision is now accepted and ready to land.Nov 1 2018, 11:52 AM
aaron.ballman closed this revision.Nov 1 2018, 12:00 PM
aaron.ballman marked an inline comment as done.

Thank you for the quick review and feedback -- I've commit in r345874.

test/Analysis/diagnostics/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif
10

YES! :-D

Szelethus added inline comments.
lib/StaticAnalyzer/Core/SarifDiagnostics.cpp
237–242

Hmmm, this won't handle checkers loaded from plugins.

Szelethus added inline comments.Nov 4 2018, 3:28 PM
lib/StaticAnalyzer/Core/SarifDiagnostics.cpp
237–242

I don't immediately know the solution is to this, but when you invoke clang with -cc1 -analyzer-checker-help, plugin checkers are also displayed, and this is line that magically does it.
Maybe store the plugins in AnalyzerOptions, and move ClangCheckerRegistry to include/clang/StaticAnalyzer/Frontend?

aaron.ballman added inline comments.Nov 5 2018, 7:36 AM
lib/StaticAnalyzer/Core/SarifDiagnostics.cpp
237–242

Oof, this is a good point. Thank you for bringing it up! I'll look into this as soon as I have the chance.

Do we have any tests that use plugins (preferably on Windows) so that I have a way to test this functionality out?

Szelethus added inline comments.Nov 5 2018, 7:54 AM
lib/StaticAnalyzer/Core/SarifDiagnostics.cpp
237–242

I'm working on the exact same issue, which is why I spotted this! There are some in unittests/, but I plan on enhancing them a lot in the coming days. I'll make sure to add you as subscriber on related paches, until then, unless users of the Saris output are likely to use the StaticAnalyzer with plugins, I think feel free to wait on my progress. I expect to come out with a patch during the week. But you never know, I guess.

https://github.com/llvm-mirror/clang/blob/master/unittests/StaticAnalyzer/RegisterCustomCheckersTest.cpp

aaron.ballman added inline comments.Nov 5 2018, 7:59 AM
lib/StaticAnalyzer/Core/SarifDiagnostics.cpp
237–242

I'm fine with waiting. I don't expect to see heavy use of the Sarif exporter until the spec is finalized, as it's hard to write a Sarif viewer against a moving target. So we've got a few months to find these sort of things out.

Thank you for CCing me on the related patches!

Szelethus added inline comments.Nov 12 2018, 2:40 PM
lib/StaticAnalyzer/Core/SarifDiagnostics.cpp
237–242

Well, yea, skeletons are falling out of the closet left and right, so I'll need to clean a lot of other things up before finding a neat solution to this. Please let me know when you need to make progress on this.

aaron.ballman added inline comments.Nov 12 2018, 4:10 PM
lib/StaticAnalyzer/Core/SarifDiagnostics.cpp
237–242

It's not a high priority for me -- I'm not certain about the intersection of users of the static analyzer with plugins and folks who want to export SARIF. I'm sure such people will exist someday, but it seems like a small audience to fret over for the moment.