Generating CodeQL database without compiling the project

[adriaanjacobs]

[C/C++]

This is more of a nice-to-have/curiosity question, but I was wondering if it would be possible (either right now or in the future) to generate CodeQL databases without actually compiling the project? I'm working on some compiler instrumentation task and using CodeQL's excellent taint analysis to automatically detect certain patterns and provide automatic mediation inside the compiler. However, from a user experience standpoint the process of compiling the same code twice (first to generate the database, then a second time with a modified compiler to run the analysis and instrument the code) to produce a single instrumented executable is quite strange.

Does CodeQL actually need to run the compiler or is looking at the invocations sufficient (i.e. make --dry-run)? Up until now, I thought the generated binaries where simply a side-effect for CodeQL to be able to look at the compiler invocations and also serve as a kind of sanity check that the code is in fact compilable. But now I was wondering, does it use any of the generated files in the extraction process?

[hmakholm]

I'm afraid the compiler does need to be run.

CodeQL does not actually use the object code produced by the compiler, but the way it finds out the compiler is running is by intercepting system calls from the build system that create child processes, and checking whether one of them is a compiler invocation. That way we can support a wider variety of build systems -- for example ones that don't print out the compiler command lines before it executes them like make does, or ones that generate .c or .h files on the fly but immediately delete them after the compiler has run. But it does mean some work during the build will be wasted.

[amir734jj]

@hmakholm this is the issue I am facing, for large projects I wish there was a way to pass the output of build to codeql instead of letter codeql invoking it. Using --command with cpp project is very very slow.