https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104955
Bug ID: 104955
Summary: Analyzer slowdown with many diagnostics
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
The following artificial testcase for -fanalyzer seems to take at least several
minutes; perhaps much more:
#define DOUBLE_FREE() \
do { \
void *p = __builtin_malloc (1024); \
__builtin_free (p); \
__builtin_free (p); \
} while (0)
#define DOUBLE_FREE_x_10() \
do { \
DOUBLE_FREE(); \
DOUBLE_FREE(); \
DOUBLE_FREE(); \
DOUBLE_FREE(); \
DOUBLE_FREE(); \
DOUBLE_FREE(); \
DOUBLE_FREE(); \
DOUBLE_FREE(); \
DOUBLE_FREE(); \
DOUBLE_FREE(); \
} while (0)
#define DOUBLE_FREE_x_100() \
do { \
DOUBLE_FREE_x_10(); \
DOUBLE_FREE_x_10(); \
DOUBLE_FREE_x_10(); \
DOUBLE_FREE_x_10(); \
DOUBLE_FREE_x_10(); \
DOUBLE_FREE_x_10(); \
DOUBLE_FREE_x_10(); \
DOUBLE_FREE_x_10(); \
DOUBLE_FREE_x_10(); \
DOUBLE_FREE_x_10(); \
} while (0)
#define DOUBLE_FREE_x_1000() \
do { \
DOUBLE_FREE_x_100(); \
DOUBLE_FREE_x_100(); \
DOUBLE_FREE_x_100(); \
DOUBLE_FREE_x_100(); \
DOUBLE_FREE_x_100(); \
DOUBLE_FREE_x_100(); \
DOUBLE_FREE_x_100(); \
DOUBLE_FREE_x_100(); \
DOUBLE_FREE_x_100(); \
DOUBLE_FREE_x_100(); \
} while (0)
void test_1 (void)
{
DOUBLE_FREE_x_1000 ();
}
Breaking into it shows that it seems to be spending the bulk of its time
exploring paths to determine if they are feasible (despite the fact that
there's no control flow at all):
(gdb) bt
#0 0x0000000000f22750 in hash_table<hash_map<ana::region const*,
ana::binding_cluster*, simple_hashmap_traits<default_hash_traits<ana::region
const*>, ana::binding_cluster*> >::hash_entry, false,
xcallocator>::find_slot_with_hash (this=this@entry=0x7fffffffc768,
comparable=@0x7fffffffc5f8: 0x292b5c0, hash=5396152,
insert=insert@entry=INSERT) at ../../src/gcc/hash-traits.h:186
#1 0x0000000000f1b976 in hash_map<ana::region const*, ana::binding_cluster*,
simple_hashmap_traits<default_hash_traits<ana::region const*>,
ana::binding_cluster*> >::put (v=<optimized out>, k=@0x7fffffffc5f8: 0x292b5c0,
this=0x7fffffffc768) at ../../src/gcc/hash-traits.h:162
#2 ana::store::store (this=this@entry=0x7fffffffc768, other=...) at
../../src/gcc/analyzer/store.cc:2046
#3 0x0000000000eeaecf in ana::region_model::region_model
(this=this@entry=0x7fffffffc760, other=...) at
../../src/gcc/analyzer/region-model.cc:260
#4 0x0000000000eccf71 in ana::feasibility_state::feasibility_state
(this=0x7fffffffc760, other=...) at ../../src/gcc/analyzer/engine.cc:4478
#5 0x00000000018a51f0 in ana::epath_finder::process_worklist_item
(this=<optimized out>, worklist=0x7fffffffc950, tg=..., fg=0x7fffffffc8a0,
target_enode=0x2bdcf60, diag_idx=305, out_best_path=0x7fffffffc858) at
../../src/gcc/analyzer/feasible-graph.h:96
#6 0x00000000018a603c in ana::epath_finder::explore_feasible_paths
(this=0x7fffffffcb90, target_enode=0x2bdcf60, desc=0x1a64f09 "double_free",
diag_idx=305) at ../../src/gcc/analyzer/diagnostic-manager.cc:414
#7 0x00000000018a6787 in ana::saved_diagnostic::calc_best_epath
(this=0x2bddbf0, pf=0x7fffffffcb90)
at ../../src/gcc/analyzer/diagnostic-manager.cc:736
#8 0x00000000018aaece in ana::dedupe_winners::add
(this=this@entry=0x7fffffffcba0, logger=0x0, pf=pf@entry=0x7fffffffcb90,
sd=0x2bddbf0)
at ../../src/gcc/analyzer/diagnostic-manager.cc:1065
#9 0x00000000018a7ece in ana::diagnostic_manager::emit_saved_diagnostics
(this=0x7fffffffcea0, eg=...)
at ../../src/gcc/analyzer/analyzer-logging.h:150
#10 0x0000000000ed79ab in ana::impl_run_checkers (logger=logger@entry=0x0) at
../../src/gcc/analyzer/exploded-graph.h:857
#11 0x0000000000ed8804 in ana::run_checkers () at
../../src/gcc/analyzer/analyzer-logging.h:150
