Why are opaque types considered sized? If they're opaque and we don't yet have a body, how can they be sized? That seems like the root of the problem here.

The type of V isn't sized and isn't opaque. However, the type of BV is opaque, and we don't check if it's sized.

I could replace the new check with isSized(), that might be better.

The isSized check would be a lot more general.

I really wonder though if the isSized and isNonNegative checks shouldn't be pushed inside the two callees though.

I updated the check to isSized.

I'm not well familiar with this code, so I don't have strong opinion on whether these checks are worth pulling in or not. It seems useful though.

I don't think that you have to sink isNonNegative check because it's checking a contract of stripAndAccumulateInBoundsConstantOffsets function. But it makes sense to sink isSized check to isDereferenceableFromAttribute.

The issue is with isAligned, not with isDereferenceableFromAttribute.

isDereferenceableFromAttribute (ValueTracking.cpp:3118) has an assert

assert(Ty->isSized() && "must be sized");

But we pass Ty there, not BV->getType()->getPointerElementType(), that's why the assert doesn't fire.

isAligned doesn't have a check or an assert, and we don't pass a type there, so it derives the type from the value we pass (BV):

Type *Ty = Base->getType()->getPointerElementType();
BaseAlign = DL.getABITypeAlignment(Ty);

This type Ty happens to be opaque, and somewhere in getABITypeAlignment we crash.

Will it make sense to add the isSized check to isAligned?

if Ty were opaque here wouldn't there be an assertion in that call already? I guess I don't see why a non-opaque type is guaranteed here. The safe fix would be to check for isSized(Ty) here as well. Since this is orthogonal to the current assert a FIXME should do for now.

The call to isDeferenceableFromAttribute does not look correct. Should Ty match BV's type. I think the invocation without the Ty parameter is the one needed here. Accidentally this would fix the assertion bug, too, since the subsequent call to isAligned would not happen.

I think the isAligned code is not correct either. The following should be changed to
03178 APInt BaseAlign(Offset.getBitWidth(), getAlignment(Base, DL));
03179
03180 if (!BaseAlign) {
03181 Type *Ty = Base->getType()->getPointerElementType();
03182 BaseAlign = DL.getABITypeAlignment(Ty);
03183 }
Type *Ty = Base->getTyoe()->getPointerElementType();
if (!isSized(Ty)) return false;
APInt ...
But again, just to fix the assertion, this is not necessary. A FIXME would do for now.

If I'm not mistaken, the invocation without the Ty parameter goes without the Offset parameter as well, which is required in this case. So, we can't use another version of isDeferenceableFromAttribute here.

That said, the case when BV's type doesn't match V's type is indeed a special case - should we maybe just bailout in this case, or is it expected, and we know how to properly handle it?

The problem with fixing it in isAligned is that we have two versions of that function:

static bool isAligned(const Value *Base, unsigned Align, const DataLayout &DL)

and

static bool isAligned(const Value *Base, APInt Offset, unsigned Align, const DataLayout &DL)

The first calls the second, both of them need the check, and in our case we call directly the second one.
Thus, if we sink isSized check to these functions, we'll do this check twice if the first version is called. Considering this, I think the best fix is to check isSized before calling isAligned, as we do in the current patch. Does it sound right?

Ty other than BV type is a perfectly correct and supported case. You might reference to a field of a struct for example. In this case you will have a struct as a base value (BV) and a field type as Ty.