Add infrastructure to support SARIF output

.github/workflows/build.yml

@@ -28,6 +28,7 @@ jobs:
         image-version: [22.04]
         build-type: [Release, Debug]
         sanitizers: [ON, OFF]
+        features: ["nosarif", "sarif"]
 
     runs-on: ubuntu-${{ matrix.image-version }}
     timeout-minutes: 60
@@ -49,10 +50,11 @@ jobs:
           fetch-depth: 1
 
       - name: Configure build - sanitizers ${{ matrix.sanitizers }}
-        run: cmake --preset ci
+        run: cmake --preset ci-${{ matrix.features }}
 
       - name: Build ${{ matrix.build-type }} with sanitizers set ${{ matrix.sanitizers }}
-        run: cmake --build --preset ci --config ${{ matrix.build-type }} -j $(nproc)
+        run: cmake --build --preset ci-${{ matrix.features }} --config ${{ matrix.build-type }} -j $(nproc)
 
       - name: Test ${{ matrix.build-type }} with sanitizers set ${{ matrix.sanitizers }}
-        run: ctest --preset ci --build-config ${{ matrix.build-type }}
+        run: ctest --preset ci-${{ matrix.features }} --build-config ${{ matrix.build-type }}
+

CMakeLists.txt

@@ -305,6 +305,20 @@ target_link_libraries(vast_settings
     "$<BUILD_LOCAL_INTERFACE:gap::gap-mlir>"
 )
 
+if (sarif IN_LIST VCPKG_MANIFEST_FEATURES)
+  option(VAST_ENABLE_SARIF "Enable SARIF export" ON)
+else()
+  option(VAST_ENABLE_SARIF "Enable SARIF export" OFF)
+endif()
+
+if (VAST_ENABLE_SARIF)
+  target_link_libraries(vast_settings
+    INTERFACE
+      "$<BUILD_LOCAL_INTERFACE:gap::gap-sarif>"
+  )
+  target_compile_definitions(vast_settings INTERFACE VAST_ENABLE_SARIF)
+endif()
+
 #
 # VAST libraries
 #

CMakePresets.json

@@ -30,6 +30,19 @@
                 "CMAKE_VERBOSE_MAKEFILE": "True"
             }
         },
+        {
+            "name": "ci-nosarif",
+            "displayName": "Configure VAST for CI withour SARIF support",
+            "inherits": "ci"
+        },
+        {
+            "name": "ci-sarif",
+            "displayName": "Configure VAST for CI withour SARIF support",
+            "inherits": "ci",
+            "cacheVariables": {
+                "VCPKG_MANIFEST_FEATURES": "sarif"
+            }
+        },
         {
             "name": "compiler-explorer",
             "displayName": "Configure VAST for Compiler Explorer",
@@ -85,8 +98,12 @@
             "configuration": "RelWithDebInfo"
         },
         {
-            "name": "ci",
-            "configurePreset": "ci"
+            "name": "ci-nosarif",
+            "configurePreset": "ci-nosarif"
+        },
+        {
+            "name": "ci-sarif",
+            "configurePreset": "ci-sarif"
         },
         {
             "name": "ci-release",
@@ -157,8 +174,13 @@
             "configuration": "RelWithDebInfo"
         },
         {
-            "name": "ci",
-            "configurePreset": "ci",
+            "name": "ci-nosarif",
+            "configurePreset": "ci-nosarif",
+            "inherits": "test-base"
+        },
+        {
+            "name": "ci-sarif",
+            "configurePreset": "ci-sarif",
             "inherits": "test-base"
         }
     ],

docs/Tools/vast-front.md

@@ -54,6 +54,9 @@ Additional customization options include:
   - After each pass that was specified as an option store MLIR into a file (format is `src.pass_name`).
   - `"*"` stores snapshot after every conversion.
 
+- `-vast-output-sarif="report.sarif"`
+  - Outputs diagnostics as a SARIF report file.
+
 ## Pipelines
 
 WIP pipelines documentation

include/vast/Analysis/Sarif/Sarif.hpp

@@ -0,0 +1,34 @@
+// Copyright (c) 2024-present, Trail of Bits, Inc.
+
+#pragma once
+
+#ifdef VAST_ENABLE_SARIF
+    #include <vector>
+
+    #include <gap/sarif/sarif.hpp>
+
+namespace vast::analysis::sarif {
+
+    class sarif_analysis
+    {
+        std::vector< gap::sarif::result > sarif_results;
+
+      public:
+        virtual ~sarif_analysis() = default;
+
+        const std::vector< gap::sarif::result > &results() const noexcept {
+            return sarif_results;
+        }
+
+      protected:
+        void append_result(const gap::sarif::result &result) {
+            sarif_results.push_back(result);
+        }
+
+        void append_result(gap::sarif::result &&result) {
+            sarif_results.emplace_back(std::move(result));
+        }
+    };
+
+} // namespace vast::analysis::sarif
+#endif // VAST_ENABLE_SARIF

include/vast/Config/config.h.cmake

@@ -19,6 +19,8 @@ namespace vast {
 
     constexpr std::string_view version = "${VAST_VERSION}";
 
+    constexpr std::string_view homepage_url = "${PROJECT_HOMEPAGE_URL}";
+
     constexpr std::string_view bug_report_url = "${BUG_REPORT_URL}";
 
     constexpr std::string_view default_resource_dir = "${VAST_DEFAULT_RESOURCE_DIR}";

include/vast/Frontend/Options.hpp

@@ -100,6 +100,8 @@ namespace vast::cc
         constexpr option_t vast_verify_diags = "verify-diags";
         constexpr option_t disable_emit_cxx_default = "disable-emit-cxx-default";
 
+        constexpr option_t output_sarif = "output-sarif";
+
         bool emit_only_mlir(const vast_args &vargs);
         bool emit_only_llvm(const vast_args &vargs);
     } // namespace opt

include/vast/Frontend/Sarif.hpp

@@ -0,0 +1,53 @@
+// Copyright (c) 2024, Trail of Bits, Inc.
+
+#pragma once
+
+
+#ifdef VAST_ENABLE_SARIF
+    #include <gap/sarif/sarif.hpp>
+
+    #include "vast/Frontend/Options.hpp"
+    #include "vast/Util/Common.hpp"
+
+namespace vast::cc::sarif {
+
+    gap::sarif::location mk_location(loc_t loc);
+    gap::sarif::location mk_location(file_loc_t loc);
+    gap::sarif::location mk_location(name_loc_t loc);
+
+    gap::sarif::physical_location get_physical_loc(file_loc_t loc);
+
+    gap::sarif::level get_severity_level(mlir::DiagnosticSeverity severity);
+
+    struct diagnostics {
+        gap::sarif::run run;
+
+        explicit diagnostics(const vast_args &vargs);
+
+        auto handler() {
+            return [&] (auto &diag) {
+                gap::sarif::result result = {
+                    .ruleId = "mlir-diag",
+                    .message = { .text = diag.str() }
+                };
+
+                if (auto loc = mk_location(diag.getLocation()); loc.physicalLocation.has_value()) {
+                    result.locations.push_back(std::move(loc));
+                }
+
+                result.level = get_severity_level(diag.getSeverity());
+                run.results.push_back(std::move(result));
+            };
+        };
+
+        gap::sarif::root emit(logical_result result) && {
+            run.invocations[0].executionSuccessful = mlir::succeeded(result);
+            return {
+                .version = gap::sarif::version::k2_1_0,
+                .runs{ std::move(run) },
+            };
+        }
+    };
+
+} // namespace vast::cc::sarif
+#endif // VAST_ENABLE_SARIF

include/vast/Util/Common.hpp

@@ -74,7 +74,9 @@ namespace vast {
 
     using values_t      = mlir::SmallVector< mlir_value >;
 
-    using loc_t         = mlir::Location;
+    using loc_t      = mlir::Location;
+    using name_loc_t = mlir::NameLoc;
+    using file_loc_t = mlir::FileLineColLoc;
 
     using mlir_builder    = mlir::OpBuilder;
     using op_state        = mlir::OperationState;

lib/vast/Frontend/CMakeLists.txt

@@ -5,6 +5,7 @@ add_vast_library(Frontend
     Consumer.cpp
     Options.cpp
     Pipelines.cpp
+    Sarif.cpp
     Targets.cpp
 
     LINK_LIBS PUBLIC

lib/vast/Frontend/Consumer.cpp

@@ -1,6 +1,8 @@
 // Copyright (c) 2023-present, Trail of Bits, Inc.
 
 #include "vast/Frontend/Consumer.hpp"
+#include "mlir/IR/Diagnostics.h"
+#include "mlir/IR/Location.h"
 
 VAST_RELAX_WARNINGS
 #include <llvm/Support/Signals.h>
@@ -17,18 +19,22 @@
 VAST_UNRELAX_WARNINGS
 
 #include <filesystem>
+#include <fstream>
 
 #include "vast/CodeGen/CodeGenDriver.hpp"
 
 #include "vast/Util/Common.hpp"
 
 #include "vast/Frontend/Pipelines.hpp"
+#include "vast/Frontend/Sarif.hpp"
 #include "vast/Frontend/Targets.hpp"
 
 #include "vast/Target/LLVMIR/Convert.hpp"
 
 #include "vast/Dialect/Core/CoreOps.hpp"
 
+#include "vast/Config/config.h"
+
 namespace vast::cc {
 
     [[nodiscard]] target_dialect parse_target_dialect(string_ref from);
@@ -101,9 +107,7 @@
 
     void vast_consumer::HandleVTable(clang::CXXRecordDecl * /* decl */) { VAST_UNIMPLEMENTED; }
 
-    owning_mlir_module_ref vast_consumer::result() {
-        return driver->freeze();
-    }
+    owning_mlir_module_ref vast_consumer::result() { return driver->freeze(); }
 
     //
     // vast stream consumer
@@ -153,18 +157,51 @@
         process_mlir_module(target_dialect::llvm, mod.get());
 
         auto final_mlir_module = mlir::cast< mlir_module >(mod->getBody()->front());
-        auto llvm_mod = target::llvmir::translate(final_mlir_module, llvm_context);
-        auto dl  = driver->acontext().getTargetInfo().getDataLayoutString();
+        auto llvm_mod          = target::llvmir::translate(final_mlir_module, llvm_context);
+        auto dl                = driver->acontext().getTargetInfo().getDataLayoutString();
 
         clang::EmitBackendOutput(
             opts.diags, opts.headers, opts.codegen, opts.target, opts.lang, dl, llvm_mod.get(),
             backend_action, &opts.vfs, std::move(output_stream)
         );
     }
 
-    void vast_stream_consumer::process_mlir_module(
-        target_dialect target, mlir_module mod
+    namespace sarif {
+        struct diagnostics;
+    } // namespace sarif
+
+    #ifdef VAST_ENABLE_SARIF
+    std::unique_ptr< vast::cc::sarif::diagnostics > setup_sarif_diagnostics(
+        const vast_args &vargs, mcontext_t &mctx
     ) {
+        if (vargs.get_option(opt::output_sarif)) {
+                auto diags = std::make_unique< vast::cc::sarif::diagnostics >(vargs);
+                mctx.getDiagEngine().registerHandler(diags->handler());
+                return diags;
+        } else {
+            return nullptr;
+        }
+    }
+    #endif // VAST_ENABLE_SARIF
+
+    void emit_sarif_diagnostics(
+        vast::cc::sarif::diagnostics &&sarif_diagnostics, logical_result result, string_ref path
+    ) {
+        #ifdef VAST_ENABLE_SARIF
+            std::error_code ec;
+            llvm::raw_fd_ostream os(path, ec, llvm::sys::fs::OF_None);
+            if (ec) {
+                VAST_FATAL("Failed to open file for SARIF output: {}", ec.message());
+            }
+
+            nlohmann::json report = std::move(sarif_diagnostics).emit(result);
+            os << report.dump(2);
+        #else
+            VAST_REPORT("SARIF support is disabled");
+        #endif // VAST_ENABLE_SARIF
+    }
+
+    void vast_stream_consumer::process_mlir_module(target_dialect target, mlir_module mod) {
         // Handle source manager properly given that lifetime analysis
         // might emit warnings and remarks.
         auto &src_mgr     = driver->acontext().getSourceManager();
@@ -196,8 +233,15 @@
         auto pipeline = setup_pipeline(pipeline_source::ast, target, mctx, vargs, snapshot_prefix);
         VAST_CHECK(pipeline, "failed to setup pipeline");
 
+        #ifdef VAST_ENABLE_SARIF
+        auto sarif_diagnostics = setup_sarif_diagnostics(vargs, mctx);
+        #endif // VAST_ENABLE_SARIF
+
         auto result = pipeline->run(mod);
-        VAST_CHECK(mlir::succeeded(result), "MLIR pass manager failed when running vast passes");
+
+        VAST_CHECK(
+            mlir::succeeded(result), "MLIR pass manager failed when running vast passes"
+        );
 
         // Verify the diagnostic handler to make sure that each of the
         // diagnostics matched.
@@ -206,6 +250,20 @@
             VAST_FATAL("failed mlir codegen");
         }
 
+        if (auto path = vargs.get_option(opt::output_sarif)) {
+            #ifdef VAST_ENABLE_SARIF
+            if (sarif_diagnostics) {
+                emit_sarif_diagnostics(
+                    std::move(*sarif_diagnostics), result, path.value().str()
+                );
+            } else {
+                VAST_REPORT("SARIF diagnostics are missing");
+            }
+            #else
+                VAST_REPORT("SARIF support is disabled");
+            #endif // VAST_ENABLE_SARIF
+        }
+
         // Emit remaining defaulted C++ methods
         // if (!vargs.has_option(opt::disable_emit_cxx_default)) {
         //     generator->build_default_methods();