https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96653
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <dmalc...@gcc.gnu.org>: https://gcc.gnu.org/g:fd111c419d146ee47c7df9a36a535e8d843d4802 commit r11-3247-gfd111c419d146ee47c7df9a36a535e8d843d4802 Author: David Malcolm <dmalc...@redhat.com> Date: Wed Sep 16 09:22:06 2020 -0400 analyzer: fix state explosions due to SCC bug Debugging the state explosion of the very large switch statement in gcc.dg/analyzer/pr96653.c showed that the worklist was failing to order the exploded nodes correctly; the in-edges at the join point after the switch were not getting processed together, but were instead being rocessed in smaller batches, bloating the exploded graph until the per-point limit was reached. The root cause turned out to be a bug in creating the strongly-connected components for the supergraph: the code was considering interprocedural edges as well as intraprocedural edges, leading to unpredictable misorderings of the SCC and worklist, leading to bloating of the exploded graph. This patch fixes the SCC creation so it only considers intraprocedural edges within the supergraph. It also tweaks worklist::key_t::cmp to give higher precedence to call_string over differences within a supernode, since enodes with different call_strings can't be merges. In practise, none of my test cases were affected by this latter change, though it seems to be the right thing to do. With this patch, the very large switch statement in gcc.dg/analyzer/pr96653.c is handled in a single call to exploded_graph::maybe_process_run_of_before_supernode_enodes: merged 358 in-enodes into 2 out-enode(s) at SN: 402 and that testcase no longer hits the per-program-point limits. gcc/analyzer/ChangeLog: * engine.cc (strongly_connected_components::strong_connect): Only consider intraprocedural edges when creating SCCs. (worklist::key_t::cmp): Add comment. Treat call_string differences as more important than differences of program_point within a supernode. gcc/testsuite/ChangeLog: PR analyzer/96653 * gcc.dg/analyzer/loop-0-up-to-n-by-1-with-iter-obj.c: Update expected number of exploded nodes. * gcc.dg/analyzer/malloc-vs-local-1a.c: Update expected number of exploded nodes. * gcc.dg/analyzer/pr96653.c: Remove -Wno-analyzer-too-complex.
