[Bug analyzer/108535] New: RFE: analyzer to allow ifdef inclusion/exclusion like cppcheck -D/-U

[Bug analyzer/108535] New: RFE: analyzer to allow ifdef inclusion/exclusion like cppcheck -D/-U

[jamie.bainbridge at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108535

            Bug ID: 108535
           Summary: RFE: analyzer to allow ifdef inclusion/exclusion like
                    cppcheck -D/-U
           Product: gcc
           Version: 12.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: jamie.bainbridge at gmail dot com
  Target Milestone: ---

When using code with a lot of #ifdefs, the analyzer can take a long time. It
would be nice if the analyzer could only take some ifdef paths to improve
runtime.

This is common with header-only libraries. Here's an example from stb_image, a
no-dependency image loading library which is popular in game development:

$ wget https://raw.githubusercontent.com/nothings/stb/master/stb_image.h
$ cat > main.c << EOF
#include <math.h>
#define STB_IMAGE_IMPLEMENTATION
#include "stb_image.h"
int main(void) { return 0; }
EOF

$ gcc-12 --version | head -1
gcc-12 (Ubuntu 12.1.0-2ubuntu1~22.04) 12.1.0

A plain compile completes quickly:

$ time gcc-12 -Wall -Wextra -Wpedantic -o main main.c -lm
real    0m0.322s
user    0m0.290s
sys 0m0.033s

Adding the analyzer makes things worse:

$ time gcc-12 -Wall -Wextra -Wpedantic -fanalyzer -o main main.c -lm
real    0m5.542s
user    0m5.297s
sys 0m0.245s

Adding sanitizers even worse:

$ time gcc-12 -Wall -Wextra -Wpedantic -fanalyzer -fsanitize=address
-fsanitize=leak -fsanitize=undefined -o main main.c -lm
real    0m12.731s
user    0m12.014s
sys 0m0.716s

With cppcheck, analysis time for every path is terrible:

$ time cppcheck --force main.c
...
real    0m40.070s
user    0m40.038s
sys 0m0.024s

(this make's GCC's 5 second analysis look very impressive!)

However I'm able to restrict the number of #ifdef paths that cppcheck takes
with its "-D" option to only check the path(s) provided, this cuts runtime down
to 5% of the above:

$ time cppcheck -D__GNUC__ main.c
...
real    0m2.149s
user    0m2.129s
sys 0m0.020s

Likewise cppcheck has a -U option to exclude #ifdef paths. I would use -U
because maybe I don't care about some paths that this library supports like
STBI_NEON (ARMv7+) or STBI_NO_SIMD (pre-1996 x86 hardware without MMX).

My actual usage right now is to just make my edit-build-run cycle quicker while
I'm still in this rapid development stage, and improving developer experience
seems likely to increase adoption of tools like the analyzer.

For this reason, it would be nice for the GCC analyzer to support an ifdef
include/exclude feature like cppcheck's -D and -U options.

[Bug analyzer/108535] RFE: analyzer to allow ifdef inclusion/exclusion like cppcheck -D/-U

[dmalcolm at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108535

David Malcolm <dmalcolm at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2023-01-26
             Status|UNCONFIRMED                 |WAITING

--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
As I understand it, cppcheck's attempts to explore all combinations of possible
preprocessor defines.

GCC's -fanalyzer performs coverage-guided symbolic execution to try to explore
the various execution paths in the user's code.  It runs on GCC's intermediate
representation as the code is being compiled.  In particular -fanalyzer runs
internally *after* preprocessing; it uses just the specific defines that the
file was invoked with (via -D at the command-line, or via #defines in headers,
etc).

So I don't think GCC's -fanalyzer can support the "all combinations of
preprocessor defines" approach; it would be a total rewrite.

It sounds like what you really want is for GCC -fanalyzer to be faster on this
particular translation unit.  If so, I can try digging into it to see where the
slowdown happens.

[Bug analyzer/108535] RFE: analyzer to allow ifdef inclusion/exclusion like cppcheck -D/-U

[jamie.bainbridge at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108535

--- Comment #2 from Jamie Bainbridge <jamie.bainbridge at gmail dot com> ---
Ah, I've misunderstood how the analyzer works, my apologies.

(In reply to David Malcolm from comment #1)
> It sounds like what you really want is for GCC -fanalyzer to be faster on
> this particular translation unit.  If so, I can try digging into it to see
> where the slowdown happens.

That sounds good, thank you. I will edit the bug title to better reflect it.