[Bug analyzer/105909] New: RFE: SARIF output could contain metadata about limitations of the analysis

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug analyzer/105909] New: RFE: SARIF output could contain metadata about limitations of the analysis
@ 2022-06-09 15:15 dmalcolm at gcc dot gnu.org
  2023-03-15 15:25 ` [Bug analyzer/105909] " dmalcolm at gcc dot gnu.org
  0 siblings, 1 reply; 2+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-06-09 15:15 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105909

            Bug ID: 105909
           Summary: RFE: SARIF output could contain metadata about
                    limitations of the analysis
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
  Target Milestone: ---

The analysis has various limitations:

- It can give up the analysis (currently with the off-by-default
-Wanalyzer-too-complex):
  - too many exploded nodes at a program point
  - too many exploded nodes altogether
- If it encounters a function with unknown behavior, it can approximate the
behavior of the call; the code to do this makes various assumptions
  - the analyzer has hard-coded handlers for various standard functions
  - otherwise, it has a more general "unknown function" handler
- The path-feasibility code can give up if it hits a complexity limit

The SARIF output could contain metadata about these various situations.

Perhaps a warning about "approximating the behavior of unknown function" ?

That way a user of the SARIF data could supply enough stubs/handlers from the
analysis to be "closed world".

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [Bug analyzer/105909] RFE: SARIF output could contain metadata about limitations of the analysis
  2022-06-09 15:15 [Bug analyzer/105909] New: RFE: SARIF output could contain metadata about limitations of the analysis dmalcolm at gcc dot gnu.org
@ 2023-03-15 15:25 ` dmalcolm at gcc dot gnu.org
  0 siblings, 0 replies; 2+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2023-03-15 15:25 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105909

--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Perhaps via 3.58 notification object:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317894
which: "describes a condition encountered during the execution of an analysis
tool which is relevant to the operation of the tool itself, as opposed to being
relevant to an artifact being analyzed by the tool."

See "Appendix I. (Informative) Detecting incomplete result sets":
 
https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317946

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-03-15 15:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-09 15:15 [Bug analyzer/105909] New: RFE: SARIF output could contain metadata about limitations of the analysis dmalcolm at gcc dot gnu.org
2023-03-15 15:25 ` [Bug analyzer/105909] " dmalcolm at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).