https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121039

            Bug ID: 121039
           Summary: RFE: optionally capture suppressed diagnostics in
                    SARIF output
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Keywords: diagnostic, SARIF
          Severity: normal
          Priority: P3
         Component: other
          Assignee: unassigned at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
  Target Milestone: ---

SARIF can capture "suppressions" for a "result": 
"3.27.23 suppressions property:  A result object MAY contain a property named
suppressions whose value is an array of zero or more unique (§3.7.3)
suppression objects (§3.35) each of which describes a request to “suppress” a
result (that is, to exclude it from result lists, bug counts, etc.) [...]"
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790911

For suppression objects (§3.35) see
https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790983


Idea
====

Perhaps we could add a flag to SARIF diagnotic sinks to enable capturing
warnings that were suppressed by pragmas, capturing the result with a
"suppressions" containing a reference to the pertinent #pragma directive.

See
https://gcc.gnu.org/onlinedocs/gcc/Diagnostic-Pragmas.html#index-pragma_002c-diagnostic

This might be useful for some compliance situations.


Issues
======

There doesn't seem to be a way to add "justification" metadata inline to the
pragma (re §3.35.6 "justification" property).  Perhaps an additional optional
string argument could be added to "#pragma GCC diagnostic" for a human-readable
justification comment that could be captured in the SARIF "justification"
property (§3.35.6).

diagnostic_context::diagnostic_enabled has logic for rejecting diagnostics
(there's also some in diagnostic_context::report_diagnostic).  In particular,
in addition to pragmas there's:
(a) warnings that are off by default
(b) command-line options
(c) rejection of warnings in system headers (where the user doesn't have
write-access and thus can't add pragmas)
Should we also capture those with suppressions?

There would likely be a *lot* of noise with (a) and (b); perhaps (c) might be
useful, though there doesn't seem to be a way to express it in SARIF form.

Would need some smarts within diagnostic_context::report_diagnostic to avoid
slowing down the common case where there's just a text sink (which would be
discarding suppressed diagnostics).

Reply via email to