https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121039
Bug ID: 121039 Summary: RFE: optionally capture suppressed diagnostics in SARIF output Product: gcc Version: unknown Status: UNCONFIRMED Keywords: diagnostic, SARIF Severity: normal Priority: P3 Component: other Assignee: unassigned at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- SARIF can capture "suppressions" for a "result": "3.27.23 suppressions property: A result object MAY contain a property named suppressions whose value is an array of zero or more unique (§3.7.3) suppression objects (§3.35) each of which describes a request to “suppress” a result (that is, to exclude it from result lists, bug counts, etc.) [...]" https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790911 For suppression objects (§3.35) see https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790983 Idea ==== Perhaps we could add a flag to SARIF diagnotic sinks to enable capturing warnings that were suppressed by pragmas, capturing the result with a "suppressions" containing a reference to the pertinent #pragma directive. See https://gcc.gnu.org/onlinedocs/gcc/Diagnostic-Pragmas.html#index-pragma_002c-diagnostic This might be useful for some compliance situations. Issues ====== There doesn't seem to be a way to add "justification" metadata inline to the pragma (re §3.35.6 "justification" property). Perhaps an additional optional string argument could be added to "#pragma GCC diagnostic" for a human-readable justification comment that could be captured in the SARIF "justification" property (§3.35.6). diagnostic_context::diagnostic_enabled has logic for rejecting diagnostics (there's also some in diagnostic_context::report_diagnostic). In particular, in addition to pragmas there's: (a) warnings that are off by default (b) command-line options (c) rejection of warnings in system headers (where the user doesn't have write-access and thus can't add pragmas) Should we also capture those with suppressions? There would likely be a *lot* of noise with (a) and (b); perhaps (c) might be useful, though there doesn't seem to be a way to express it in SARIF form. Would need some smarts within diagnostic_context::report_diagnostic to avoid slowing down the common case where there's just a text sink (which would be discarding suppressed diagnostics).