gcc: use SARIF output with --gcc-analyzer-bin

kdudka · kdudka · commit 187390a24293 · 2024-11-08T12:44:31.000+01:00
With https://copr.fedorainfracloud.org/coprs/dmalcolm/gcc-latest/ added to the `fedora-41-x86_64` mock config, this can be tested using the following commands: ``` koji download-build -a src units-2.23-3.fc41 csmock -f units-2.23-3.fc41.src.rpm -r fedora-41-x86_64 --install gcc-latest --gcc-analyzer-bin /opt/gcc-latest/bin/gcc ``` Depends-on: csutils/csdiff#210 Depends-on: csutils/csdiff#212 Related: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116613 Closes: #187
diff --git a/make-srpm.sh b/make-srpm.sh
@@ -125,7 +125,7 @@ Tool for plugging static analyzers into the build process, free of mock.
 
 %package common
 Summary: Core of csmock (a mock wrapper for Static Analysis tools)
-Requires: csdiff > 3.1.0
+Requires: csdiff > 3.5.1
 Requires: csgcca
 Requires: cswrap
 Requires: mock >= 5.7
diff --git a/py/plugins/gcc.py b/py/plugins/gcc.py
@@ -16,6 +16,7 @@
 # along with csmock.  If not, see <http://www.gnu.org/licenses/>.
 
 # standard imports
+import os
 import subprocess
 
 # local imports
@@ -25,10 +26,20 @@
 
 CSGCCA_BIN = "/usr/bin/csgcca"
 
+# directory for GCC results (currently used only with `--gcc-analyzer-bin`)
+GCC_RESULTS_DIR = "/builddir/gcc-results"
+
 CSMOCK_GCC_WRAPPER_NAME = 'csmock-gcc-wrapper'
 CSMOCK_GCC_WRAPPER_PATH = '/usr/bin/%s' % CSMOCK_GCC_WRAPPER_NAME
-CSMOCK_GCC_WRAPPER_TEMPLATE = '#!/bin/bash\n' \
-                              'exec %s "$@"'
+
+# script to run gcc analyzer and dump its output to a seaprate SARIF file in GCC_RESULTS_DIR
+CSMOCK_GCC_WRAPPER_TEMPLATE = f"""#!/bin/bash
+fn=$(flock {GCC_RESULTS_DIR} mktemp "{GCC_RESULTS_DIR}/$$-XXXX.sarif")
+exec %s "$@" -fdiagnostics-set-output="sarif:file=$fn"
+"""
+
+# command to read and join all captured SARIF files
+FILTER_CMD = "csgrep --mode=json --remove-duplicates"
 
 SANITIZER_CAPTURE_DIR = "/builddir/gcc-sanitizer-capture"
 
@@ -289,6 +300,23 @@ def csgcca_hook(results, mock):
                     # tell csgcca to use the wrapped script rather than system gcc analyzer
                     props.env["CSGCCA_ANALYZER_BIN"] = CSMOCK_GCC_WRAPPER_NAME
 
+                    # create directory for gcc results
+                    def create_gcc_results_dir_hook(_, mock):
+                        cmd = f"mkdir -pv '{GCC_RESULTS_DIR}' && touch '{GCC_RESULTS_DIR}/empty.sarif'"
+                        return mock.exec_mockbuild_cmd(cmd)
+                    props.post_depinst_hooks += [create_gcc_results_dir_hook]
+
+                    # copy gcc results out of the chroot
+                    props.copy_out_files += [GCC_RESULTS_DIR]
+
+                    # process all captured SARIF files
+                    def filter_hook(results):
+                        src = os.path.join(results.dbgdir_raw, GCC_RESULTS_DIR[1:])
+                        dst = os.path.join(results.dbgdir_uni, "gcc-results.json")
+                        cmd = f'{FILTER_CMD} --file-glob "{src}/*.sarif" > "{dst}"'
+                        return results.exec_cmd(cmd, shell=True)
+                    props.post_process_hooks += [filter_hook]
+
                 # XXX: changing props this way is extremely fragile
                 # insert csgcca right before cswrap to avoid chaining
                 # csclng/cscppc while invoking `gcc -fanalyzer`
