From ce066da81c3e6175a02fa7ae831931b5e4126a2b Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Sun, 28 Mar 2021 21:20:50 +0200 Subject: [PATCH] [BasicAA] Make sure types match in constant offset heuristic This can only happen if offset types that are larger than the pointer size are involved. The previous implementation did not assert in this case because it initialized the APInts to the width of one of the variables -- though I strongly suspect it did not compute correct results in this case. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32621 reported by fhahn. --- llvm/lib/Analysis/BasicAliasAnalysis.cpp | 2 +- llvm/test/Analysis/BasicAA/q.bad.ll | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/llvm/lib/Analysis/BasicAliasAnalysis.cpp b/llvm/lib/Analysis/BasicAliasAnalysis.cpp index 4f41b28..15e4946 100644 --- a/llvm/lib/Analysis/BasicAliasAnalysis.cpp +++ b/llvm/lib/Analysis/BasicAliasAnalysis.cpp @@ -1725,7 +1725,7 @@ bool BasicAAResult::constantOffsetHeuristic( const VariableGEPIndex &Var0 = VarIndices[0], &Var1 = VarIndices[1]; if (Var0.ZExtBits != Var1.ZExtBits || Var0.SExtBits != Var1.SExtBits || - Var0.Scale != -Var1.Scale) + Var0.Scale != -Var1.Scale || Var0.V->getType() != Var1.V->getType()) return false; // We'll strip off the Extensions of Var0 and Var1 and do another round diff --git a/llvm/test/Analysis/BasicAA/q.bad.ll b/llvm/test/Analysis/BasicAA/q.bad.ll index 0d22f37..ac27143 100644 --- a/llvm/test/Analysis/BasicAA/q.bad.ll +++ b/llvm/test/Analysis/BasicAA/q.bad.ll @@ -178,3 +178,11 @@ define void @constantOffsetHeuristic_i8_i8(i8* %mem, i8 %val) { %c = bitcast i8* %c.8 to i32* ret void } + +; CHECK-LABEL: different_large_bitwidths +; MayAlias: i64* %p1, i64* %p2 +define void @different_large_bitwidths(i8* %a, i64 %i, i128 %j) { + %p1 = getelementptr i8, i8* %a, i64 %i + %p2 = getelementptr i8, i8* %a, i128 %j + ret void +} -- 2.7.4