ccache side effect on GCC SCA export format

[AlexFabre]

Describe the bug

GCC 14, option -fdiagnostics-format=sarif-file does not produce repeatable SARIF reports when ccache is enabled.

When building with this option, the number of SARIF analysis reported issues is inconsistant (sometime all issues are reported, most of the time it's not, many issues are missing).

At first I thought the bug was due to the way each generated SARIF files is saved all in one place inside the build directory.
GCC issue 110522.

But in my investigations, trying to understand why the number of generated issues was not repeatable, I toggled off ccache and that fixed it. All consecutive builds now generate identical SARIF files with the full number of analyzer issues.

To Reproduce

Install gnu-arm toolchain v14.2.rel1 to benefit from this new option.

Compile at least twice consecutively the hello world project with this custom toolchain and the following custom C flags:

west build -p -b stm32h573i_dk zephyr/samples/hello_world -- -DZEPHYR_TOOLCHAIN_VARIANT=gnuarmemb -DGNUARMEMB_TOOLCHAIN_PATH=/Users/alex/Toolchains/arm-gcc -DEXTRA_CXXFLAGS="-fanalyzer -fdiagnostics-format=sarif-file" -DEXTRA_AFLAGS="-fanalyzer -fdiagnostics-format=sarif-file" -DEXTRA_CFLAGS="-fanalyzer -fdiagnostics-format=sarif-file"

First compilation should see the various SARIF files have the correct diagnostique reported.
Second compilation and following builds will have all SARIF files reporting no issues or not all issues in the SARIF files.

Now disable ccache, with -DUSE_CCACHE=0, and every build is now consistent and all the SARIF files contains appropriate results.

Expected behavior

Analyzer results should not be affected by the use of ccache when analyzer export format is set to SARIF file.

Impact

Logs and console output

Environment (please complete the following information):

• OS: MacOS (M1)
• Toolchain gnu-arm 14.2.rel1
• Zephyr 3.7

Additional context

[tejlmand]

This sounds like a ccache issue and not a Zephyr issue.
Ref: ccache/ccache#1466

The use of diagnostics-format is done as -DEXTRA_CFLAGS="-fanalyzer -fdiagnostics-format=sarif-file" (and AFLAGS / CXXFLAGS) meaning the build system cannot really know that ccache is not optimal in this case.

If Zephyr SCA had direct support for diagnostics-format=sarif-file, for example as part of its https://docs.zephyrproject.org/latest/develop/sca/gcc.html GCC SCA support, then we could warn the user when ccache is used, or perhaps also default the build to not use ccache per default in those cases.

For now, this is not really a Zephyr bug, but feel free to open an enhancement issue to support sarif-file as part of the GCC SCA feature, and as part of that improve Zephyr's usage of ccache when sarif-file is enabled.