Determinism: Normative => Informative

["Larry Golding (Myriad Consulting Inc)" <v-lgold@microsoft.com>]

TL;DR: I propose to downgrade Appendix F (Producing deterministic SARIF log files) from Normative to Informative, and therefore to remove the “Deterministic SARIF Producer” conformance profile.

 

Details:

 

While processing the Microsoft feedback on Appendix F, it became clear to me that “determinism” in SARIF is a tricky concept, and Appendix F doesn’t treat it adequately. There are at least two kinds of determinism, useful in different scenarios:

 

• Type 1: the ability to produce identical outputs from identical inputs.
• Type 2:  the ability to produce identical outputs from any inputs that generate the same results (for example, if source files have changed, but not in a way that changes the results).

 

Appendix F doesn’t make this distinction – I simply hadn’t clarified the distinction in my mind when I wrote it.

 

I could write a lot more about this, but the bottom line is that I simply don’t have time to work through the implications and produce normative guidance on determinism before we go to ballot. By downgrading the Appendix from Normative to Informative, I give us more time to time about this and address the issue editorially.

 

Please let me know if you have concerns about this.

 

Thanks,

Larry