Improve EPC30 reliability: only warn on provably non-terminating recursion

[SergeyTeplyakov]

Summary

RecursiveCallAnalyzer (EPC30) previously warned on any self-call that passed all parameters as-is, ignoring control flow. That produced false positives whenever recursion was conditional or terminable. This PR makes the analyzer control-flow aware so it only reports recursion that is provably non-terminating.

EPC30 now reports a self-call when either:

• the call is unconditional (no branching or terminating statement can intervene before it), or
• the call is guarded solely by an invariant condition — an if/ternary or top-tested while whose condition is composed purely of unchanged value parameters and constants/operators. Once such a branch is taken it is taken forever ⇒ infinite recursion (e.g. if (b) Foo(b);, if (n > 0) Foo(n);).

Now warns

• void Foo() { Foo(); } — unconditional
• if (b) Foo(b);, if (n > 0) Foo(n); — invariant guard
• return b ? Foo(b) : 0; — invariant ternary
• while (n > 0) Foo(n); — invariant loop condition

No longer warns (false positives removed)

• n++; if (n > 10) return; Foo(n); — conditional early-return termination
• if (_done) return; Foo();, if (Flag) Foo(); — instance-state / property guards
• if (n > 0) { n--; Foo(n); } — mutated argument (guard not invariant)
• switch, non-trivial loops, and touched ref parameters

When in doubt, the analyzer favors not reporting to keep false positives low.

Implementation

New helpers in RecursiveCallAnalyzer.cs: ShouldReportRecursion, IsBranchingOperation, IsInvariantGuard, IsInvariantCondition, IsAllowedInvariantOperation, ContainsTerminatingOrBranchingFlow, GetMutatedParameters, DescendantsAndSelf. Parameters mutated anywhere in the body (assigned, ++/--, or passed by ref/out) cannot make a guard invariant, so decreasing-argument recursions stay suppressed. Existing ref-parameter and nested-lambda suppression is unchanged.

Tests

RecursiveCallAnalyzerTests extended to 24 cases covering both the warning cases (unconditional + invariant-guarded) and the no-warn cases (terminating, instance-state, property, mutated-argument, switch).

• ✅ RecursiveCallAnalyzer tests: 24/24 pass
• ✅ Full CoreAnalyzers suite: 390/390 pass

Also

• New sample samples/ErrorProne.Samples/CoreAnalyzers/RecursiveCallSample.cs
• Updated docs/Rules/EPC30.md and CodeFixes release notes

[Copilot]

Pull request overview

This PR updates the EPC30 RecursiveCallAnalyzer to become control-flow aware, aiming to report only self-recursion that is provably non-terminating (unconditional reachability or invariant-guarded reachability), and expands documentation/samples/tests accordingly.

Changes:

• Add reachability/invariance analysis (ShouldReportRecursion, invariant-guard detection, and mutated-parameter tracking) to suppress EPC30 false positives.
• Extend unit tests to cover unconditional, invariant-guarded, and various “no warn” scenarios.
• Add an EPC30 sample and update EPC30 documentation and release notes to reflect the new behavior.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
src/ErrorProne.NET.CoreAnalyzers/RecursiveCallAnalyzer.cs	Implements control-flow-aware recursion reporting via invariant-guard detection and termination/branching suppression.
src/ErrorProne.NET.CoreAnalyzers.Tests/RecursiveCallAnalyzerTests.cs	Adds/renames test cases to validate new EPC30 reporting and suppression behavior.
src/ErrorProne.NET.CoreAnalyzers.CodeFixes/ErrorProne.NET.CoreAnalyzers.CodeFixes.csproj	Updates release notes text to describe the EPC30 behavior change.
samples/ErrorProne.Samples/CoreAnalyzers/RecursiveCallSample.cs	Adds a sample demonstrating new EPC30 “warn” and “no warn” cases.
docs/Rules/EPC30.md	Updates the rule documentation to describe “provably non-terminating” criteria and examples.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[SergeyTeplyakov]

Good catch on deconstruction — fixed in e588785. Note that compound (
+= 1) and coalesce (
??= ...) assignments were already covered: both ICompoundAssignmentOperation and ICoalesceAssignmentOperation derive from IAssignmentOperation, so the existing IAssignmentOperation { Target: IParameterReferenceOperation } case matches them. Deconstruction ((n, x) = ...) was the real gap because its target is a tuple; added explicit handling that collects every parameter written by the deconstruction.

[SergeyTeplyakov]

Agreed — fixed in e588785. A ry body is no longer treated as branching: recursion directly in a try body is reported again, while calls in catch/inally remain suppressed (those paths are conditional). Added tests for all three.