Index: lib/Analysis/BasicAliasAnalysis.cpp =================================================================== --- lib/Analysis/BasicAliasAnalysis.cpp +++ lib/Analysis/BasicAliasAnalysis.cpp @@ -42,11 +42,10 @@ /// Enable analysis of recursive PHI nodes. static cl::opt EnableRecPhiAnalysis("basicaa-recphi", cl::Hidden, cl::init(false)); - +#define DEBUG_TYPE "basicaa" /// SearchLimitReached / SearchTimes shows how often the limit of /// to decompose GEPs is reached. It will affect the precision /// of basic alias analysis. -#define DEBUG_TYPE "basicaa" STATISTIC(SearchLimitReached, "Number of times the limit to " "decompose GEPs is reached"); STATISTIC(SearchTimes, "Number of times a GEP is decomposed"); @@ -319,6 +318,17 @@ return V; } +/// To ensure a pointer offset fits in an integer of size PointerSize +/// (in bits) when that size is smaller than 64. This is an issue in +/// particular for 32b programs with negative indices that rely on two's +/// complement wrap-arounds for correct alias information. +static int64_t adjustToPointerSize(int64_t Offset, unsigned PointerSize) { + assert(PointerSize <= 64 && "Invalide PointerSize!"); + unsigned ShiftBits = 64 - PointerSize; + Offset <<= ShiftBits; + return Offset >> ShiftBits; +} + /// If V is a symbolic pointer expression, decompose it into a base pointer /// with a constant offset and a number of scaled symbolic offsets. /// @@ -387,6 +397,7 @@ unsigned AS = GEPOp->getPointerAddressSpace(); // Walk the indices of the GEP, accumulating them into BaseOff/VarIndices. gep_type_iterator GTI = gep_type_begin(GEPOp); + unsigned PointerSize = DL.getPointerSizeInBits(AS); for (User::const_op_iterator I = GEPOp->op_begin() + 1, E = GEPOp->op_end(); I != E; ++I) { const Value *Index = *I; @@ -415,7 +426,6 @@ // If the integer type is smaller than the pointer size, it is implicitly // sign extended to pointer size. unsigned Width = Index->getType()->getIntegerBitWidth(); - unsigned PointerSize = DL.getPointerSizeInBits(AS); if (PointerSize > Width) SExtBits += PointerSize - Width; @@ -457,6 +467,8 @@ } } + // Take care of wrap-arounds + BaseOffs = adjustToPointerSize(BaseOffs, PointerSize); // Analyze the base pointer next. V = GEPOp->getOperand(0); } while (--MaxLookup); Index: test/Analysis/BasicAA/noalias-wraparound-bug.ll =================================================================== --- /dev/null +++ test/Analysis/BasicAA/noalias-wraparound-bug.ll @@ -0,0 +1,24 @@ +; RUN: opt -S -basicaa -gvn < %s | FileCheck %s + +target datalayout = "e-m:o-p:32:32-f64:32:64-f80:128-n8:16:32-S128" +target triple = "i386-apple-macosx10.6.0" + +; We incorrectly returned noalias in the example below for "tmp5" and +; "tmp12" returning i32 32, since basicaa converted the offsets to 64b +; and missed the wrap-around + +define i32 @foo(i8* %buffer) { +entry: + %tmp2 = getelementptr i8, i8* %buffer, i32 -2071408432 + %tmp3 = bitcast i8* %tmp2 to i32* + %tmp4 = getelementptr i8, i8* %buffer, i32 128 + %tmp5 = bitcast i8* %tmp4 to i32* + store i32 32, i32* %tmp5, align 4 + %tmp12 = getelementptr i32, i32* %tmp3, i32 -1629631508 + store i32 28, i32* %tmp12, align 4 + %tmp13 = getelementptr i8, i8* %buffer, i32 128 + %tmp14 = bitcast i8* %tmp13 to i32* + %tmp2083 = load i32, i32* %tmp14, align 4 +; CHECK: ret i32 28 + ret i32 %tmp2083 +}