[Loads] Fix crash in is isDereferenceableAndAlignedPointer()

Summary:
We were trying to add APInt values with different bit sizes after
visiting an addrspacecast instruction which changed the bit width
of the pointer.

Reviewers: majnemer, hfinkel

Subscribers: hfinkel, wdng, llvm-commits

Differential Revision: https://reviews.llvm.org/D24774

llvm-svn: 285407

llvm/lib/Analysis/Loads.cpp

@@ -91,8 +91,11 @@ static bool isDereferenceableAndAlignedPointer(
     // then the GEP (== Base + Offset == k_0 * Align + k_1 * Align) is also
     // aligned to Align bytes.
 
-    return isDereferenceableAndAlignedPointer(Base, Align, Offset + Size, DL,
-                                              CtxI, DT, Visited);
+    // Offset and Size may have different bit widths if we have visited an
+    // addrspacecast, so we can't do arithmetic directly on the APInt values.
+    return isDereferenceableAndAlignedPointer(
+        Base, Align, Offset + Size.sextOrTrunc(Offset.getBitWidth()),
+        DL, CtxI, DT, Visited);
   }
 
   // For gc.relocate, look through relocations

llvm/test/Analysis/ValueTracking/dereferenceable-and-aligned.ll

@@ -0,0 +1,21 @@
+; RUN: opt < %s -licm -S | FileCheck %s
+
+target datalayout = "e-p:32:32-p1:64:64-p4:64:64"
+
+; Make sure isDereferenceableAndAlignePointer() doesn't crash when looking
+; walking pointer defs with an addrspacecast that changes pointer size.
+; CHECK-LABEL: @addrspacecast_crash
+define void @addrspacecast_crash() {
+bb:
+  %tmp = alloca [256 x i32]
+  br label %bb1
+
+bb1:
+  %tmp2 = getelementptr inbounds [256 x i32], [256 x i32]* %tmp, i32 0, i32 36
+  %tmp3 = bitcast i32* %tmp2 to <4 x i32>*
+  %tmp4 = addrspacecast <4 x i32>* %tmp3 to <4 x i32> addrspace(4)*
+  %tmp5 = load <4 x i32>, <4 x i32> addrspace(4)* %tmp4
+  %tmp6 = xor <4 x i32> %tmp5, undef
+  store <4 x i32> %tmp6, <4 x i32> addrspace(1)* undef
+  br label %bb1
+}