Enormously huge analysis time

The following command:

clang-15 --analyze -Qunused-arguments -Xclang \
	 -analyzer-opt-analyze-headers -Xclang \
	 -analyzer-output=plist-multi-file -o t-checker.plist \
	 -Xclang -analyzer-config -Xclang expand-macros=true -Xclang \
	 -analyzer-checker=alpha.core.BoolAssignment,alpha.core.CastSize,alpha.core.Conversion,alpha.core.DynamicTypeChecker,alpha.core.SizeofPtr,alpha.core.TestAfterDivZero,alpha.cplusplus.DeleteWithNonVirtualDtor,alpha.cplusplus.EnumCastOutOfRange,alpha.cplusplus.InvalidatedIterator,alpha.cplusplus.IteratorRange,alpha.cplusplus.MismatchedIterator,alpha.cplusplus.STLAlgorithmModeling,alpha.cplusplus.SmartPtr,alpha.security.MmapWriteExec,alpha.security.ReturnPtrRange,alpha.security.cert.pos.34c,alpha.security.taint.TaintPropagation,alpha.unix.BlockInCriticalSection,alpha.unix.Chroot,alpha.unix.PthreadLock,alpha.unix.Stream,alpha.unix.cstring.NotNullTerminated,alpha.unix.cstring.OutOfBounds,core.CallAndMessage,core.DivideZero,core.NonNullParamChecker,core.NullDereference,core.StackAddressEscape,core.UndefinedBinaryOperatorResult,core.VLASize,core.uninitialized.ArraySubscript,core.uninitialized.Assign,core.uninitialized.Branch,core.uninitialized.CapturedBlockVariable,core.uninitialized.UndefReturn,cplusplus.InnerPointer,cplusplus.Move,cplusplus.NewDelete,cplusplus.NewDeleteLeaks,cplusplus.PlacementNew,cplusplus.PureVirtualCall,deadcode.DeadStores,nullability.NullPassedToNonnull,nullability.NullReturnedFromNonnull,nullability.NullableDereferenced,nullability.NullablePassedToNonnull,nullability.NullableReturnedFromNonnull,optin.cplusplus.UninitializedObject,optin.cplusplus.VirtualCall,optin.mpi.MPI-Checker,optin.portability.UnixAPI,security.FloatLoopCounter,security.insecureAPI.UncheckedReturn,security.insecureAPI.getpw,security.insecureAPI.gets,security.insecureAPI.mkstemp,security.insecureAPI.mktemp,security.insecureAPI.rand,security.insecureAPI.vfork,unix.API,unix.Malloc,unix.MallocSizeof,unix.MismatchedDeallocator,unix.Vfork,unix.cstring.BadSizeArg,unix.cstring.NullArg,valist.CopyToSelf,valist.Uninitialized,valist.Unterminated \
	 -Xclang -analyzer-config \
	 -Xclang aggressive-binary-operation-simplification=true \
	 -x c --target=x86_64-redhat-linux t-checker.c

takes more than 33 minutes to process the following C code snippet:

extern int f (const char *);

int g (int x) {
  char *v[] = {
    [0] = "",
    [1234] = "aaaa",
    [123456] = "bbbb",
  };

  return x < 0 ? -1 : f (v[x]);
}

Why it is so slow?

Oh interesting, looks like we’re trying to create an array of 123456 elements and explicitly write down each element in its appropriate offset in our symbolic memory.

I filed a github issue about this and I hope I’ll get to fix it soon-ish: Slow compound value binding with C99 designated initializers. · Issue #54390 · llvm/llvm-project · GitHub

As a workaround, please consider excluding the offending function from analysis:

#ifndef __clang_analyzer__
int g (int x) {
  char *v[] = {
    [0] = "",
    [1234] = "aaaa",
    [123456] = "bbbb",
  };

  return x < 0 ? -1 : f (v[x]);
}
#endif