[BasicAA] Make sure types match in constant offset heuristic

This can only happen if offset types that are larger than the
pointer size are involved. The previous implementation did not
assert in this case because it initialized the APInts to the
width of one of the variables -- though I strongly suspect it
did not compute correct results in this case.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32621
reported by fhahn.

diff --git a/llvm/lib/Analysis/BasicAliasAnalysis.cpp b/llvm/lib/Analysis/BasicAliasAnalysis.cpp
index 4f41b28a3a0dc41850060739010f8f5f04cba4f0..15e4946eb8fdd14654641ea70e11ec0056c50a11 100644 (file)
--- a/llvm/lib/Analysis/BasicAliasAnalysis.cpp
+++ b/llvm/lib/Analysis/BasicAliasAnalysis.cpp
@@ -1725,7 +1725,7 @@ bool BasicAAResult::constantOffsetHeuristic(
   const VariableGEPIndex &Var0 = VarIndices[0], &Var1 = VarIndices[1];
 
   if (Var0.ZExtBits != Var1.ZExtBits || Var0.SExtBits != Var1.SExtBits ||
-      Var0.Scale != -Var1.Scale)
+      Var0.Scale != -Var1.Scale || Var0.V->getType() != Var1.V->getType())
     return false;
 
   // We'll strip off the Extensions of Var0 and Var1 and do another round

diff --git a/llvm/test/Analysis/BasicAA/q.bad.ll b/llvm/test/Analysis/BasicAA/q.bad.ll
index 0d22f37cc251dedd2d50a922a61f46bc635c0b2d..ac27143c57d1734be9b07de4504821ad681bea73 100644 (file)
--- a/llvm/test/Analysis/BasicAA/q.bad.ll
+++ b/llvm/test/Analysis/BasicAA/q.bad.ll
@@ -178,3 +178,11 @@ define void @constantOffsetHeuristic_i8_i8(i8* %mem, i8 %val) {
   %c = bitcast i8* %c.8 to i32*
   ret void
 }
+
+; CHECK-LABEL: different_large_bitwidths
+; MayAlias: i64* %p1, i64* %p2
+define void @different_large_bitwidths(i8* %a, i64 %i, i128 %j) {
+  %p1 = getelementptr i8, i8* %a, i64 %i
+  %p2 = getelementptr i8, i8* %a, i128 %j
+  ret void
+}