public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/105909] New: RFE: SARIF output could contain metadata about limitations of the analysis
@ 2022-06-09 15:15 dmalcolm at gcc dot gnu.org
2023-03-15 15:25 ` [Bug analyzer/105909] " dmalcolm at gcc dot gnu.org
0 siblings, 1 reply; 2+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-06-09 15:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105909
Bug ID: 105909
Summary: RFE: SARIF output could contain metadata about
limitations of the analysis
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
The analysis has various limitations:
- It can give up the analysis (currently with the off-by-default
-Wanalyzer-too-complex):
- too many exploded nodes at a program point
- too many exploded nodes altogether
- If it encounters a function with unknown behavior, it can approximate the
behavior of the call; the code to do this makes various assumptions
- the analyzer has hard-coded handlers for various standard functions
- otherwise, it has a more general "unknown function" handler
- The path-feasibility code can give up if it hits a complexity limit
The SARIF output could contain metadata about these various situations.
Perhaps a warning about "approximating the behavior of unknown function" ?
That way a user of the SARIF data could supply enough stubs/handlers from the
analysis to be "closed world".
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug analyzer/105909] RFE: SARIF output could contain metadata about limitations of the analysis
2022-06-09 15:15 [Bug analyzer/105909] New: RFE: SARIF output could contain metadata about limitations of the analysis dmalcolm at gcc dot gnu.org
@ 2023-03-15 15:25 ` dmalcolm at gcc dot gnu.org
0 siblings, 0 replies; 2+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-03-15 15:25 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105909
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Perhaps via 3.58 notification object:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317894
which: "describes a condition encountered during the execution of an analysis
tool which is relevant to the operation of the tool itself, as opposed to being
relevant to an artifact being analyzed by the tool."
See "Appendix I. (Informative) Detecting incomplete result sets":
https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317946
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-03-15 15:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-09 15:15 [Bug analyzer/105909] New: RFE: SARIF output could contain metadata about limitations of the analysis dmalcolm at gcc dot gnu.org
2023-03-15 15:25 ` [Bug analyzer/105909] " dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).