new file mode 100644
@@ -0,0 +1,51 @@
+/* PR analyzer/101068. */
+
+/* { dg-additional-options "--param analyzer-max-enodes-per-program-point=200 --param analyzer-bb-explosion-factor=50" } */
+
+#include <stdlib.h>
+
+extern int get (void);
+
+void test (void)
+{
+ void *p0, *p1, *p2, *p3;
+ /* Due to not purging constraints on SSA names within loops
+ (PR analyzer/101068), the analyzer effectively treats the original
+ explode-2.c as this code. */
+ int a = get ();
+ int b = get ();
+ while (a)
+ {
+ switch (b)
+ {
+ default:
+ case 0:
+ p0 = malloc (16); /* { dg-warning "leak" } */
+ break;
+ case 1:
+ free (p0); /* { dg-warning "double-'free' of 'p0'" "" { xfail *-*-* } } */
+ break;
+
+ case 2:
+ p1 = malloc (16); /* { dg-warning "leak" } */
+ break;
+ case 3:
+ free (p1); /* { dg-warning "double-'free' of 'p1'" "" { xfail *-*-* } } */
+ break;
+
+ case 4:
+ p2 = malloc (16); /* { dg-warning "leak" } */
+ break;
+ case 5:
+ free (p2); /* { dg-warning "double-'free' of 'p2'" "" { xfail *-*-* } } */
+ break;
+
+ case 6:
+ p3 = malloc (16); /* { dg-warning "leak" } */
+ break;
+ case 7:
+ free (p3); /* { dg-warning "double-'free' of 'p3'" "" { xfail *-*-* } } */
+ break;
+ }
+ }
+}
Due to a bug (PR analyzer/101068), the analyzer only explores a limited subset of the possible paths through gcc.dg/analyzer/explode-2.c, and this artifically helps stop this testcase from exploding. I intend to fix this at some point, but for now, this patch adds a revised test case which captures the effective CFG due to the bug, so that we explicitly have test coverage for that CFG. Successfully regrtested on x86_64-pc-linux-gnu. Pushed to trunk as r12-1479-g954c9235297f2e63acacefd448bc5dabe039ea7c. gcc/testsuite/ChangeLog: PR analyzer/101068 * gcc.dg/analyzer/explode-2a.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com> --- gcc/testsuite/gcc.dg/analyzer/explode-2a.c | 51 ++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 gcc/testsuite/gcc.dg/analyzer/explode-2a.c