Teach BasicAliasAnalysis to understand constant gep indices that fall

beyond their associated static array type.

I believe that this fixes a legitimate bug, because BasicAliasAnalysis
already has code to check for this condition that works for non-constant
indices, however it was missing the case of constant indices. With this
change, it checks for both.

This fixes PR4267, and miscompiles of SPEC 188.ammp and 464.h264.href.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@72451 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Analysis/BasicAliasAnalysis.cpp b/lib/Analysis/BasicAliasAnalysis.cpp
index d958746359119487c892e8872cfebee22fc5febf..d0620456399b3a4159f83346b4f3d42f8c98461b 100644 (file)
--- a/lib/Analysis/BasicAliasAnalysis.cpp
+++ b/lib/Analysis/BasicAliasAnalysis.cpp
@@ -611,18 +611,39 @@ BasicAliasAnalysis::CheckGEPInstructions(
           if (G1OC != G2OC) {
             // Handle the "be careful" case above: if this is an array/vector
             // subscript, scan for a subsequent variable array index.
-            if (isa<SequentialType>(BasePtr1Ty))  {
-              const Type *NextTy =
-                cast<SequentialType>(BasePtr1Ty)->getElementType();
+            if (const SequentialType *STy =
+                  dyn_cast<SequentialType>(BasePtr1Ty)) {
+              const Type *NextTy = STy;
               bool isBadCase = false;
               
-              for (unsigned Idx = FirstConstantOper+1;
+              for (unsigned Idx = FirstConstantOper;
                    Idx != MinOperands && isa<SequentialType>(NextTy); ++Idx) {
                 const Value *V1 = GEP1Ops[Idx], *V2 = GEP2Ops[Idx];
                 if (!isa<Constant>(V1) || !isa<Constant>(V2)) {
                   isBadCase = true;
                   break;
                 }
+                // If the array is indexed beyond the bounds of the static type
+                // at this level, it will also fall into the "be careful" case.
+                // It would theoretically be possible to analyze these cases,
+                // but for now just be conservatively correct.
+                if (const ArrayType *ATy = dyn_cast<ArrayType>(STy))
+                  if (cast<ConstantInt>(G1OC)->getZExtValue() >=
+                        ATy->getNumElements() ||
+                      cast<ConstantInt>(G2OC)->getZExtValue() >=
+                        ATy->getNumElements()) {
+                    isBadCase = true;
+                    break;
+                  }
+                if (const VectorType *VTy = dyn_cast<VectorType>(STy))
+                  if (cast<ConstantInt>(G1OC)->getZExtValue() >=
+                        VTy->getNumElements() ||
+                      cast<ConstantInt>(G2OC)->getZExtValue() >=
+                        VTy->getNumElements()) {
+                    isBadCase = true;
+                    break;
+                  }
+                STy = cast<SequentialType>(NextTy);
                 NextTy = cast<SequentialType>(NextTy)->getElementType();
               }
               

diff --git a/test/Analysis/BasicAA/constant-over-index.ll b/test/Analysis/BasicAA/constant-over-index.ll
new file mode 100644 (file)
index 0000000..e92995b
--- /dev/null
+++ b/test/Analysis/BasicAA/constant-over-index.ll
@@ -0,0 +1,27 @@
+; RUN: llvm-as < %s | opt -aa-eval -print-all-alias-modref-info \
+; RUN:   |& grep {MayAlias:    double\\* \[%\]p.0.i.0, double\\* \[%\]p3\$}
+; PR4267
+
+; %p3 is equal to %p.0.i.0 on the second iteration of the loop,
+; so MayAlias is needed.
+
+define void @foo([3 x [3 x double]]* noalias %p) {
+entry:
+  %p3 = getelementptr [3 x [3 x double]]* %p, i64 0, i64 0, i64 3
+  br label %loop
+
+loop:
+  %i = phi i64 [ 0, %entry ], [ %i.next, %loop ]
+
+  %p.0.i.0 = getelementptr [3 x [3 x double]]* %p, i64 0, i64 %i, i64 0
+
+  volatile store double 0.0, double* %p3
+  volatile store double 0.1, double* %p.0.i.0
+
+  %i.next = add i64 %i, 1
+  %cmp = icmp slt i64 %i.next, 3
+  br i1 %cmp, label %loop, label %exit
+
+exit:
+  ret void
+}