https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116613
--- Comment #18 from David Malcolm <dmalcolm at gcc dot gnu.org> --- (In reply to Kamil Dudka from comment #16) > (In reply to David Malcolm from comment #15) > > (In reply to Kamil Dudka from comment #14) [...snip...] > > > Does the above support all your use-cases? > > OSH does not care too much about the names of SARIF files because all the > important data are contained in the files inside. The ideal SARIF-based > workflow for OSH would be: > 1. create an empty directory for scan results > 2. run the (instrumented) build a of C/C++ project > 3. each invocation of gcc (that produces warnings) during the build creates > a unique file with SARIF data in the pre-created directory with scan results > 4. all the files created in the pre-created directory with scan results can > be processed after the build > > Step 3. can be partially implemented in the compiler wrapper with > flock/mktemp, which can invoke gcc with an absolute path of an already > created empty file to write the SARIF data to. If we take this approach, > OSH will not need any such substitutions in gcc. If a substitution was > provided by gcc to construct a unique file name (such as %p and %n in > valgrind), OSH would not need to implement this part in the compiler wrapper. Given that it seems like you can create a tempfile name for the sarif and pass that to gcc easily from a script, I decided it would be simpler not to implement any of the "substitution" ideas in GCC, but to let you specify the .sarif filename, potentially with an absolute or relative path. I have work-in-progress patches that implement this as a new -fdiagnostics-add-output= option, but they're not yet ready to push upstream (currently they break some targets, plus the Fortran, and Modula 2 frontends). I still hope to get them ready for GCC 15 feature freeze. If you want to try them out, I've created a Copr build of gcc trunk with the patches: https://copr.fedorainfracloud.org/coprs/dmalcolm/gcc-latest/ where the build gcc-latest-15.0.0-4.20241006git4782662796ac.pr116613.v0.128.fc42.src.rpm has the new feature. I've briefly tested them on my laptop, and: /opt/gcc-latest/bin/gcc \ -fdiagnostics-add-output=sarif:file=OUTPUT-FILENAME.sarif OTHER GCC OPTIONS works, where OUTPUT-FILENAME can be absolute or relative. This is based on jwakely's work here, with the same caveats: https://jwakely.github.io/pkg-gcc-latest/ Let me know if you need me to tweak the copr build (e.g. other targets, other distros), or if anything's not clear, or you run into bugs.
