I need this for the demo at the dev meeting ^.^"
Instead of using an allocator-based stable identifier as in D51667, let's make truly stable identifiers. The nodes now identify themselves as 1.,2.,3.,..., etc., which is not only nice to read, but also allows reliably setting conditional breakpoints. Eg., in lldb:
(lldb) br s -n inlineCall -c 'Pred->Id == 12345'
lets you reliably debug the construction of the CallEnter node whose predecessor is node 12345.
You could do a similar trick with the current stable IDs but that worked in ~30% of the cases because of slight indeterminism in how immutable sets and maps are allocated in the bump pointer allocator. Now it's fully reliable.
The exploded-graph-rewriter is updated accordingly. Additionally, because in exploded graph dumps we collapse multiple real exploded nodes into a single dumped graph node when they have the same state and the respective sub-graph is linear, i changed it to dump *each* node's identifier near the program point. Additionally, the "sink node" and "bug report attached" messages are also passed one per point rather than once per visible node.
Notice the 1., 2., 3. things on the left:
That's how bug/sink notices now look:
In the worst case this patch may increase memory usage of the static analyzer by around 1MB per process (if all 225000 nodes are constructed, times 4 bytes per unsigned integer on most architectures; note that only one analysis is kept in memory at a time, so the overhead doesn't add up for multiple exploded graphs). So even though i could have hidden the new feature under #ifndef NDEBUG, like the whole graph dumping facility, i don't think it's really worth it; i'd much rather enable graph dumping in noassert builds.
Missing space at the end ", \"is_sink\":" -> ", \"is_sink\": ", and also I like the booleans dumped as true/false, but it was a total arbitrary decision.