coverage. Warn about too much decision depth

Author: zhuyunxing

compiler/rustc_mir_build/messages.ftl

@@ -103,6 +103,8 @@ mir_build_deref_raw_pointer_requires_unsafe_unsafe_op_in_unsafe_fn_allowed =
 
 mir_build_exceeds_mcdc_condition_limit = number of conditions in decision ({$num_conditions}) exceeds limit ({$max_conditions}), so MC/DC analysis will not count this expression
 
+mir_build_exceeds_mcdc_decision_depth = number of decisions evaluated simultaneously exceeds limit ({$max_decision_depth}). MCDC analysis will not count this expression
+
 mir_build_extern_static_requires_unsafe =
     use of extern static is unsafe and requires unsafe block
     .note = extern statics are not controlled by the Rust type system: invalid data, aliasing violations or data races will cause undefined behavior

compiler/rustc_mir_build/src/build/coverageinfo/mcdc.rs

@@ -10,12 +10,16 @@ use rustc_middle::ty::TyCtxt;
 use rustc_span::Span;
 
 use crate::build::Builder;
-use crate::errors::MCDCExceedsConditionLimit;
+use crate::errors::{MCDCExceedsConditionLimit, MCDCExceedsDecisionDepth};
 
 /// LLVM uses `i16` to represent condition id. Hence `i16::MAX` is the hard limit for number of
 /// conditions in a decision.
 const MAX_CONDITIONS_IN_DECISION: usize = i16::MAX as usize;
 
+/// MCDC allocates an i32 variable on stack for each depth. Ignore decisions nested too much to prevent it
+/// consuming excessive memory.
+const MAX_DECISION_DEPTH: u16 = 0x3FFF;
+
 #[derive(Default)]
 struct MCDCDecisionCtx {
     /// To construct condition evaluation tree.
@@ -236,25 +240,34 @@ impl MCDCInfoBuilder {
             &mut self.degraded_spans,
         ) {
             let num_conditions = conditions.len();
+            let depth = decision.decision_depth;
             assert_eq!(
                 num_conditions, decision.num_conditions,
                 "final number of conditions is not correct"
             );
-            match num_conditions {
-                0 => {
+            match (num_conditions, depth) {
+                (0, _) => {
                     unreachable!("Decision with no condition is not expected");
                 }
-                1..=MAX_CONDITIONS_IN_DECISION => {
+                (1..=MAX_CONDITIONS_IN_DECISION, 0..=MAX_DECISION_DEPTH) => {
                     self.mcdc_spans.push((decision, conditions));
                 }
                 _ => {
                     self.degraded_spans.extend(conditions);
 
-                    tcx.dcx().emit_warn(MCDCExceedsConditionLimit {
-                        span: decision.span,
-                        num_conditions,
-                        max_conditions: MAX_CONDITIONS_IN_DECISION,
-                    });
+                    if num_conditions > MAX_CONDITIONS_IN_DECISION {
+                        tcx.dcx().emit_warn(MCDCExceedsConditionLimit {
+                            span: decision.span,
+                            num_conditions,
+                            max_conditions: MAX_CONDITIONS_IN_DECISION,
+                        });
+                    }
+                    if depth > MAX_DECISION_DEPTH {
+                        tcx.dcx().emit_warn(MCDCExceedsDecisionDepth {
+                            span: decision.span,
+                            max_decision_depth: MAX_DECISION_DEPTH as usize,
+                        });
+                    }
                 }
             }
         }

compiler/rustc_mir_build/src/errors.rs

@@ -883,6 +883,14 @@ pub(crate) struct MCDCExceedsConditionLimit {
     pub(crate) max_conditions: usize,
 }
 
+#[derive(Diagnostic)]
+#[diag(mir_build_exceeds_mcdc_decision_depth)]
+pub(crate) struct MCDCExceedsDecisionDepth {
+    #[primary_span]
+    pub span: Span,
+    pub max_decision_depth: usize,
+}
+
 #[derive(Diagnostic)]
 #[diag(mir_build_pattern_not_covered, code = E0005)]
 pub(crate) struct PatternNotCovered<'s, 'tcx> {