OASIS Static Analysis Results Interchange Format (SARIF) TC

 View Only
  • 1.  RE: [sarif] Change draft for #46 (graphs)

    Posted 04-03-2018 05:28
    Sure, Luke, what say you?   Sent from my Windows 10 phone   From: Michael Fanning Sent: Monday, April 2, 2018 7:21 PM To: Larry Golding (Comcast) ; sarif@lists.oasis-open.org Subject: RE: [sarif] Change draft for #46 (graphs)   Can we please check in with Luke on item 1?   From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On Behalf Of Larry Golding (Comcast) Sent: Monday, April 2, 2018 3:05 PM To: sarif@lists.oasis-open.org Subject: [sarif] Change draft for #46 (graphs) Importance: High   I pushed a change draft for Issue #46 : Provide support for graphs and graph traversals:   Documents/ChangeDrafts/Active/sarif-v2.0-issue-46-graphs.docx   This draft incorporates all our design decisions so for. There are still two open items:   How do we represent nested graphs? Are they really “nested” or can we just jump from graph to graph? The current draft chooses the latter. Do we want to rename graph => directedGraph and edge => directedEdge?   This change draft also incorporates several editorial changes for uniformity and brevity. I’ve discussed these with Michael and David; most of you probably don’t care.   We will discuss this on Wednesday, and I hope to be able to move its adoption then.   Thanks, Larry  


  • 2.  Re: [sarif] Change draft for #46 (graphs)

    Posted 04-03-2018 21:37
    I think there are some plausible use cases for true nested graphs, not just interlinked graphs. In particular, it gives you the ability to describe hierarchical relationships between sub-graphs, which can be useful when it comes to displaying results. As an example, if we have a sub-graph for representing each method in a class, containing the data flow nodes within that method, then it is quite natural to nest those graphs inside a graph representing the containing class, and further nest that graph within a graph containing all the classes in a namespace etc. This can be helpful for displaying large or complicated graphs, as the sub-graphs can be expanded or collapsed at different levels. Having said that, I don't believe that this is a critical addition for CSD.1, as long as whatever graph mechanism we provide would be easy to extend at a later point to support graph nesting. I think the current proposal looks reasonable in this regard. Cheers, Luke On Mon, Apr 2, 2018 at 10:28 PM Larry Golding < larrygolding@comcast.net > wrote: Sure, Luke, what say you?   Sent from my Windows 10 phone   From: Michael Fanning Sent: Monday, April 2, 2018 7:21 PM To: Larry Golding (Comcast) ; sarif@lists.oasis-open.org Subject: RE: [sarif] Change draft for #46 (graphs)   Can we please check in with Luke on item 1?   From: sarif@lists.oasis-open.org < sarif@lists.oasis-open.org > On Behalf Of Larry Golding (Comcast) Sent: Monday, April 2, 2018 3:05 PM To: sarif@lists.oasis-open.org Subject: [sarif] Change draft for #46 (graphs) Importance: High   I pushed a change draft for Issue #46 : Provide support for graphs and graph traversals:   Documents/ChangeDrafts/Active/sarif-v2.0-issue-46-graphs.docx   This draft incorporates all our design decisions so for. There are still two open items:   How do we represent nested graphs? Are they really “nested” or can we just jump from graph to graph? The current draft chooses the latter. Do we want to rename graph => directedGraph and edge => directedEdge?   This change draft also incorporates several editorial changes for uniformity and brevity. I’ve discussed these with Michael and David; most of you probably don’t care.   We will discuss this on Wednesday, and I hope to be able to move its adoption then.   Thanks, Larry  


  • 3.  RE: [sarif] Change draft for #46 (graphs)

    Posted 04-03-2018 21:45
    Thank you Luke. I propose that we vote on #46 as it stands tomorrow, just to get the bulk of the graph representation in the books.   BUT THEN : I will file an issue to represent nested graphs. I have an idea for how to do this, which I was just telling Michael about on the phone just now. I’ll send it along later this afternoon.   Larry   From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On Behalf Of Luke Cartey Sent: Tuesday, April 3, 2018 2:37 PM To: Larry Golding <larrygolding@comcast.net> Cc: Michael Fanning <Michael.Fanning@microsoft.com>; sarif@lists.oasis-open.org Subject: Re: [sarif] Change draft for #46 (graphs)   I think there are some plausible use cases for true nested graphs, not just interlinked graphs. In particular, it gives you the ability to describe hierarchical relationships between sub-graphs, which can be useful when it comes to displaying results.   As an example, if we have a sub-graph for representing each method in a class, containing the data flow nodes within that method, then it is quite natural to nest those graphs inside a graph representing the containing class, and further nest that graph within a graph containing all the classes in a namespace etc. This can be helpful for displaying large or complicated graphs, as the sub-graphs can be expanded or collapsed at different levels.   Having said that, I don't believe that this is a critical addition for CSD.1, as long as whatever graph mechanism we provide would be easy to extend at a later point to support graph nesting. I think the current proposal looks reasonable in this regard.   Cheers,   Luke   On Mon, Apr 2, 2018 at 10:28 PM Larry Golding < larrygolding@comcast.net > wrote: Sure, Luke, what say you?   Sent from my Windows 10 phone   From: Michael Fanning Sent: Monday, April 2, 2018 7:21 PM To: Larry Golding (Comcast) ; sarif@lists.oasis-open.org Subject: RE: [sarif] Change draft for #46 (graphs)   Can we please check in with Luke on item 1?   From: sarif@lists.oasis-open.org < sarif@lists.oasis-open.org > On Behalf Of Larry Golding (Comcast) Sent: Monday, April 2, 2018 3:05 PM To: sarif@lists.oasis-open.org Subject: [sarif] Change draft for #46 (graphs) Importance: High   I pushed a change draft for Issue #46 : Provide support for graphs and graph traversals:   Documents/ChangeDrafts/Active/sarif-v2.0-issue-46-graphs.docx   This draft incorporates all our design decisions so for. There are still two open items:   How do we represent nested graphs? Are they really “nested” or can we just jump from graph to graph? The current draft chooses the latter. Do we want to rename graph => directedGraph and edge => directedEdge?   This change draft also incorporates several editorial changes for uniformity and brevity. I’ve discussed these with Michael and David; most of you probably don’t care.   We will discuss this on Wednesday, and I hope to be able to move its adoption then.   Thanks, Larry