[PATCH] D131084: Add support for specifying the severity of a SARIF Result.
Vaibhav Yenamandra via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Aug 4 14:16:01 PDT 2022
vaibhav.y added a comment.
> A part of my endgame is to see notes be incorporated into their parents, but that's a long way off methinks.
Regarding this, the current best approach the spec provides is using the "locationRelationShip" <https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.html#_Toc10127919>, but the relationships that exist dont' seem to cover cases needed by us. One example is macro-expansion (example <https://gist.github.com/envp/3a5fdd33115b91c391c22e5e8a5210f4#macro-expansions-nested-diagnostics> from an older proposal for SARIF in clang).
Seems that for locationRelationShip the spec allows producer defined strings:
> A locationRelationship object MAY contain a property named kinds whose value is an array of one or more unique (§3.7.3) strings each of which specifies a relationship between theSource and theTarget (see §3.34.1). If kinds is absent, it SHALL default to [ "relevant" ] (see below for the meaning of "relevant").
> When possible, SARIF producers SHOULD use the following values, with the specified meanings.
> · "includes": The artifact identified by theSource includes the artifact identified by theTarget.
> · "isIncludedBy": The artifact identified by theSource is included by the artifact identified by theTarget.
> · "relevant": theTarget is relevant to theSource in a way not covered by other relationship kinds.
> If none of these values are appropriate, a SARIF producer MAY use any value.
> NOTE: Although "relevant" is a catch-all for any relationship not described by the other values, a producer might still wish to define its own more specific values.
> In particular, the values defined for logicalLocation.kind (§3.33.7) and threadFlowLocation.kinds (§3.38.8) might prove useful.
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
More information about the cfe-commits