https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105909
Bug ID: 105909
Summary: RFE: SARIF output could contain metadata about
limitations of the analysis
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
The analysis has various limitations:
- It can give up the analysis (currently with the off-by-default
-Wanalyzer-too-complex):
- too many exploded nodes at a program point
- too many exploded nodes altogether
- If it encounters a function with unknown behavior, it can approximate the
behavior of the call; the code to do this makes various assumptions
- the analyzer has hard-coded handlers for various standard functions
- otherwise, it has a more general "unknown function" handler
- The path-feasibility code can give up if it hits a complexity limit
The SARIF output could contain metadata about these various situations.
Perhaps a warning about "approximating the behavior of unknown function" ?
That way a user of the SARIF data could supply enough stubs/handlers from the
analysis to be "closed world".
