www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - [SAOC 2024] SARIF Library and Outputs - Weekly Update #3

reply Royal Simpson Pinto <royalpinto007 gmail.com> writes:


In the third week of Milestone 1, I worked on building a library 
to represent SARIF and serialize it into JSON, following my 
mentor’s suggestion. I created multiple drafts of SARIF outputs, 
refining the structure and improving the details with each 
iteration. These drafts have helped me fine-tune the SARIF format 
for DMD’s error reporting, and I ran unit tests to validate the 
structure along the way.




    - I created an initial version of the SARIF template that 
includes key components to represent and serialize error 
information.
    - **Key Components**:
      - **LogicalLocation and PhysicalLocation structs**: 
Represent logical (e.g., function or method) and physical (e.g., 
file, line, column) locations in code.
      - **Result struct**: Stores rule violation details and uses 
`SumType` to handle both `PhysicalLocation` and `LogicalLocation` 
flexibly.
      - **JSON Serialization**: Implemented `toJson` methods for 
all structs, enabling easy conversion of SARIF objects into JSON 
format.
    - **Unit Tests**: I created unit tests to ensure robustness, 
covering various scenarios like unusual URIs, empty values, and 
different combinations of logical and physical locations.


    - I worked on multiple drafts to refine the SARIF outputs, 
progressively improving the structure and adding details to 
tailor it for DMD-specific use cases. Here’s a summary of the 
changes across the drafts:

    - **First Draft**: This was the initial version of the SARIF 
output, which included basic sections like `LogicalLocation`, 
`PhysicalLocation`, and `Result`.
      - [feat: SARIF Template, JSON 
Serialisation](https://github.com/royalpinto007/d-drafts/blob/main/sarif.d)
      - 
[sarifoutput.md](https://github.com/royalpinto007/d-drafts/blob/main/sarifoutput.md)

    - **Second Draft**: Added more detailed sections, including 
`invocation`, `tool`, and `result`. This draft provided more 
comprehensive error reporting but did not include a 
`suggestedFix`.
      - [feat: SARIF Template (second 
draft)](https://github.com/royalpinto007/d-drafts/blob/main/1sarif.d)
      - 
[1sarifoutput.md](https://github.com/royalpinto007/d-drafts/blob/main/1sarifoutput.md)

    - **Third Draft**: Introduced the `suggestedFix` section, 
which provided potential solutions for errors connected to 
specific files (e.g., `test.d`). However, I later realized that 
the `suggestedFix` wasn't practical without deeper context from 
the DMD codebase.
      - [feat: SARIF Template (third draft)- source file, 
suggestedFix
](https://github.com/royalpinto007/d-drafts/blob/main/2sarif.d)
      - 
[2sarifoutput.md](https://github.com/royalpinto007/d-drafts/blob/main/2sarifoutput.md)

    - **Fourth Draft**: Removed the `suggestedFix` section to keep 
the output simpler and more in line with how other compilers 
structure SARIF outputs. This draft focuses on clear, minimal, 
and structured error reporting.
      - [feat: SARIF Template (fourth draft)- without any 
suggestedFix
](https://github.com/royalpinto007/d-drafts/blob/main/3sarif.d)
      - 
[3sarifoutput.md](https://github.com/royalpinto007/d-drafts/blob/main/3sarifoutput.md)


    - I applied early returns in the `main` function to simplify 
the code and reduce unnecessary nesting, following my mentor's 
earlier suggestion. This keeps the code cleaner and more 
maintainable.


    - **Feasibility of `suggestedFix`**: While experimenting with 
the `suggestedFix` section in the third draft, I found that it 
wasn’t feasible without a deeper integration with DMD’s existing 
error-handling system. This led to the decision to remove it in 
the fourth draft.
    - **Balancing SARIF Details**: Finding the right level of 
detail in the SARIF outputs was challenging, but after refining 
the structure across four drafts, I achieved a balance between 
comprehensive reporting and simplicity.


    - Begin integrating the SARIF library with the DMD codebase, 
following my mentor’s guidance. This will involve mapping DMD’s 
error reporting system to the SARIF schema using the library I 
built.
    - Continue refining the SARIF integration based on real test 
cases from DMD.

---

This week was focused on building a library for SARIF 
representation and refining the output structure. I’m looking 
forward to integrating the SARIF library with the DMD codebase 
and making further progress on this exciting task!
Oct 06
parent reply "Richard (Rikki) Andrew Cattermole" <richard cattermole.co.nz> writes:
On 07/10/2024 10:34 AM, Royal Simpson Pinto wrote:
 *Result struct*: Stores rule violation details and uses |SumType|
If this is going inside of dmd, you cannot use Phobos. But if you know what you need it to do, it won't be too hard to replicate what you need. I assume this has already been covered, but worth mentioning!
Oct 06
next sibling parent Nicholas Wilson <iamthewilsonator hotmail.com> writes:
On Sunday, 6 October 2024 at 23:05:54 UTC, Richard (Rikki) Andrew 
Cattermole wrote:
 If this is going inside of dmd, you cannot use Phobos.
Indeed, I think the best way to do this is to make SARIF a new `MessageStyle`.
Oct 06
prev sibling parent reply max haughton <maxhaton gmail.com> writes:
On Sunday, 6 October 2024 at 23:05:54 UTC, Richard (Rikki) Andrew 
Cattermole wrote:

 I assume this has already been covered, but worth mentioning!
We've discussed it. I'd rather have a prototype that works that can be de-phobosed than having to make excessive decisions from the start of the project. On sumtype in particular presumably we could also vendor a copy into the compiler. Don't really see why not, it's very good after all.
Oct 07
parent ryuukk_ <ryuukk.dev gmail.com> writes:
On Monday, 7 October 2024 at 11:04:00 UTC, max haughton wrote:
 On Sunday, 6 October 2024 at 23:05:54 UTC, Richard (Rikki) 
 Andrew Cattermole wrote:

 I assume this has already been covered, but worth mentioning!
We've discussed it. I'd rather have a prototype that works that can be de-phobosed than having to make excessive decisions from the start of the project. On sumtype in particular presumably we could also vendor a copy into the compiler. Don't really see why not, it's very good after all.
Good thing multiple people wrote tagged union DIPs, it would have been handy
Oct 07