[all-commits] [llvm/llvm-project] 30402c: [analyzer] Emit IssueHash in SARIF (#159445)

Dave Bartolomeo via All-commits all-commits at lists.llvm.org
Thu Sep 25 10:48:12 PDT 2025 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 30402c7dea57d35ead80387c061cda6977ba98ef
      https://github.com/llvm/llvm-project/commit/30402c7dea57d35ead80387c061cda6977ba98ef
  Author: Dave Bartolomeo <dave_bartolomeo at apple.com>
  Date:   2025-09-25 (Thu, 25 Sep 2025)

  Changed paths:
    M clang/include/clang/Analysis/PathDiagnostic.h
    M clang/include/clang/Basic/Sarif.h
    M clang/lib/Analysis/PathDiagnostic.cpp
    M clang/lib/Basic/Sarif.cpp
    M clang/lib/StaticAnalyzer/Core/HTMLDiagnostics.cpp
    A clang/lib/StaticAnalyzer/Core/HTMLDiagnostics.h
    M clang/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
    M clang/lib/StaticAnalyzer/Core/SarifDiagnostics.cpp
    M clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif
    M clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif
    A clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-multi-file-diagnostics.c.sarif
    A clang/test/Analysis/diagnostics/sarif-multi-file-diagnostics.c
    M clang/test/Analysis/lit.local.cfg

  Log Message:
  -----------
  [analyzer] Emit IssueHash in SARIF (#159445)

This change adds two new properties to each `result` object in the SARIF
log:

`partialFingerprints`: Contains the "issue hash" that the analyzer
already generates for each result, which can help identify a result
across runs even if surrounding code changes.

`hostedViewUri`: If running with `-analyzer-format=sarif-html`, this
property will now be emitted with the `file:` URL of the generated HTML
report for that result.

Along the way, I discovered an existing bug where the HTML diagnostic
consumer does not record the path to the generated report if another
compilation already created that report. This caused both the SARIF and
Plist consumers to be missing the link to the file in all but one of the
compilations in case of a warning in a header file. I added a new test
to ensure that the generated SARIF for each compilation contains the
property.

Finally, I made a few changes to the `normalize_sarif` processing in the
tests. I switched to `sed` to allow substitutions. The normalization now
removes directory components from `file:` URLs, replaces the `length`
property of the source file with a constant `-1`, and puts placeholders
in the values of the `version` properties rather than just deleting
them. The URL transformation in particular lets us verify that the right
filename is generated for each HTML report.

Fixes #158159

rdar://160410408



To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications

More information about the All-commits mailing list