subject:"\[Bug analyzer\/96894\] State explosion on gdb's fibheap.c"

[Bug analyzer/96894] State explosion on gdb's fibheap.c

2021-03-12 Thread dmalcolm at gcc dot gnu.org via Gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96894

David Malcolm  changed:

   What|Removed |Added

 Blocks||99390

--- Comment #4 from David Malcolm  ---
The warnings from -Wanalyzer-too-complex show some deeply nested callstrings
e.g.:

./xgcc -B. -S -fanalyzer ../../src/pr96894.c   -Wanalyzer-too-complex --param
analyzer-bb-explosion-factor=50
../../src/pr96894.c: In function ‘fibheap_consolidate’:
../../src/pr96894.c:3011:23: warning: terminating analysis for this program
point: callstring: [(SN: 89 -> SN: 97 in fibheap_delete), (SN: 59 -> SN: 86 in
fibheap_extr_min_node)] before (SN: 56 stmt: 0):  i_34 = i_16 + 1;EN: 2004, EN:
2014, EN: 2143, EN: 2157, EN: 2275, EN: 2363, EN: 2424, EN: 2697
[-Wanalyzer-too-complex]
 3011 |   for (i = 0; i < D; i++)
  |  ~^~
../../src/pr96894.c:3011:23: warning: terminating analysis for this program
point: callstring: [(SN: 89 -> SN: 97 in fibheap_delete), (SN: 59 -> SN: 86 in
fibheap_extr_min_node)] before (SN: 56 stmt: 0):  i_34 = i_16 + 1;EN: 2004, EN:
2014, EN: 2143, EN: 2157, EN: 2275, EN: 2363, EN: 2424, EN: 2697
[-Wanalyzer-too-complex]
../../src/pr96894.c:3011:23: warning: terminating analysis for this program
point: callstring: [(SN: 144 -> SN: 106 in fibheap_delete_node), (SN: 89 -> SN:
141 in fibheap_extract_min), (SN: 59 -> SN: 86 in fibheap_extr_min_node)]
before (SN: 56 stmt: 0):  i_34 = i_16 + 1;EN: 4777, EN: 4787, EN: 4916, EN:
4930, EN: 5048, EN: 5136, EN: 5197, EN: 6058 [-Wanalyzer-too-complex]
../../src/pr96894.c:3011:23: warning: terminating analysis for this program
point: callstring: [(SN: 144 -> SN: 106 in fibheap_delete_node), (SN: 89 -> SN:
141 in fibheap_extract_min), (SN: 59 -> SN: 86 in fibheap_extr_min_node)]
before (SN: 56 stmt: 0):  i_34 = i_16 + 1;EN: 4777, EN: 4787, EN: 4916, EN:
4930, EN: 5048, EN: 5136, EN: 5197, EN: 6058 [-Wanalyzer-too-complex]

so this is likely an issue with call summarization failing.  Adding to call
summaries tracker.


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99390
[Bug 99390] [meta-bug] tracker bug for call summaries in -fanalyzer

[Bug analyzer/96894] State explosion on gdb's fibheap.c

2021-03-03 Thread dmalcolm at gcc dot gnu.org via Gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96894

David Malcolm  changed:

   What|Removed |Added

Summary|Analyzer assumes pointer is |State explosion on gdb's
   |NULL, even if pointer was   |fibheap.c
   |tested to be non-null   |
   |before  |

--- Comment #3 from David Malcolm  ---
I'm not seeing the false positive any more with trunk.

Enabling -Wanalyzer-too-complex shows that the analyzer is still safety limits
and stopping (both per-program-point limits and the overall node limit).

If I bump up the limits, it fully explores the egraph, without showing any
diagnostics:

./xgcc -B. -S -fanalyzer ../../src/pr96894.c \
  -Wanalyzer-too-complex \
  --param analyzer-max-enodes-per-program-point=200 \
  --param analyzer-bb-explosion-factor=50

So it appears that the false positive from -Wanalyzer-null-dereference is
fixed, but there's some kind of state explosion bug going on; we ought to be
able to explore this file without hitting the safety limits.

Retitling this bug accordingly

[Bug analyzer/96894] State explosion on gdb's fibheap.c

[Bug analyzer/96894] State explosion on gdb's fibheap.c

2 matches

Site Navigation

Mail list logo

Footer information