<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/66103>66103</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            `allocsize` "element size argument is out of bounds" on custom memory allocator function and -O3 optimization
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          arnetheduck
      </td>
    </tr>
</table>

<pre>
    For the attached file, with `opt -passes="default<O3>"`, the following crash happens:

```
'allocsize' element size argument is out of bounds
ptr @rawAlloc__mE4QEVyMvGRVliDWDngZCQ
'allocsize' element size argument is out of bounds
ptr @newObjRC1
LLVM ERROR: Broken module found, compilation aborted!
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.      Program arguments: opt -passes=default<O3> test.ll
 #0 0x00007f383f8c350a llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/lib64/libLLVM-16.so+0xcc350a)
 #1 0x00007f383f8c0e94 llvm::sys::RunSignalHandlers() (/lib64/libLLVM-16.so+0xcc0e94)
 #2 0x00007f383f8c40bb (/lib64/libLLVM-16.so+0xcc40bb)
 #3 0x00007f383e65fb70 __restore_rt (/lib64/libc.so.6+0x3db70)
 #4 0x00007f383e6b0844 __pthread_kill_implementation (/lib64/libc.so.6+0x8e844)
 #5 0x00007f383e65fabe gsignal (/lib64/libc.so.6+0x3dabe)
 #6 0x00007f383e64887f abort (/lib64/libc.so.6+0x2687f)
 #7 0x00007f383f7ebbfd llvm::report_fatal_error(llvm::Twine const&, bool) (/lib64/libLLVM-16.so+0xbebbfd)
 #8 0x00007f383f7eba3a (/lib64/libLLVM-16.so+0xbeba3a)
 #9 0x00007f383faa0ec0 llvm::VerifierPass::run(llvm::Function&, llvm::AnalysisManager<llvm::Function>&) (/lib64/libLLVM-16.so+0xea0ec0)
#10 0x0000000000427eb1 (/usr/bin/opt+0x427eb1)
#11 0x00007f383fa6e090 llvm::PassManager<llvm::Module, llvm::AnalysisManager<llvm::Module>>::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) (/lib64/libLLVM-16.so+0xe6e090)
#12 0x0000000000420d41 llvm::runPassPipeline(llvm::StringRef, llvm::Module&, llvm::TargetMachine*, llvm::TargetLibraryInfoImpl*, llvm::ToolOutputFile*, llvm::ToolOutputFile*, llvm::ToolOutputFile*, llvm::StringRef, llvm::ArrayRef<llvm::PassPlugin>, llvm::opt_tool::OutputKind, llvm::opt_tool::VerifierKind, bool, bool, bool, bool, bool, bool) (/usr/bin/opt+0x420d41)
#13 0x000000000042b916 main (/usr/bin/opt+0x42b916)
#14 0x00007f383e649b4a __libc_start_call_main (/lib64/libc.so.6+0x27b4a)
#15 0x00007f383e649c0b __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x27c0b)
#16 0x000000000041bb95 _start (/usr/bin/opt+0x41bb95)
Aborted (core dumped)
```

The crash happens in the function:
```llvm
; Function Attrs: allockind("alloc,uninitialized") allocsize(1)
define internal noalias nonnull align 16 ptr @rawAlloc__mE4QEVyMvGRVliDWDngZCQ(ptr %a, i64 %requestedSize)
```

It is likely that the `%a` argument is removed by the optimizer since it's always called with a particular global in this case leaving `%requestedSize` to live at index 0 while `allocsize` continues to point to index 1 causing subsequent passes to crash.

```
opt --version
LLVM (http://llvm.org/):
  LLVM version 16.0.6
  Optimized build.
  Default target: x86_64-redhat-linux-gnu
  Host CPU: tigerlake
```

[test.ll.gz](https://github.com/llvm/llvm-project/files/12588460/test.ll.gz)

</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJysV1tv6zYS_jX0CxGDoi6WHvzgXNwebIKkydmzwL4IpDSW2VCklqTi-Pz6BSnf5CapW9QwLFMafnPl6BtmrWgUwByl1yi9nbDerbWZM6PAraHuq9cJ1_V2vtQGuzVg5hyr1lDjlZCA6A3eCLfGKCO6c_iqY9aCRfEtorSGFeulQ_HNY4ziO0Qpyojf4WFWWkq9EarBlWF2jdes60BZFC8QuUVk_5uR3XdY0hmTUldW_AREZxgktKAc9mvMTNOHlbBY9w7rFea6V7Ud9nbOYJQQwzYLD1GW7V3y292P7cPbL88_pLj9z61q_nvz2z-mSMHmkf_-fBMNd-_vfzzgu-fnx2cUL_C10a-gcKvrXvpY9Kr2gal02wnJnNAKM66NgxrRHcDT_d3i5Q7bnrfCYYZ532ADnTYOO43XznUheHSJ6LIRbt3zaaVbRJdSvu0vV53Rv0PlEF0Ka3uwiC4xUzUWqpJ9DSEzQz44q16dYRVMB_UvjlWvuO7b7pAiMkWkeDK6Maw9BMUbgcelcFYH2IF1UykHEIxoTDB5J4SQ2SrO41VexSlhOJgdL1C8sFs7_HkyQrlgyHdvGaL5UciwTamtM8BaRDMfTKEcogVGNPfeC54lw9Vn4irKplYjek3eq6AO0eJoT3RmD4Ei-cie5169iEYx-StTtQRjg65LVHrEkUp6pjIhnF-A48VGOPEpDmTpis8ILksD1mkDpXF_BK2mVk-zABjXfEZGeMkYj5M8SXBZdm5tgNXlq5CyFG03HI-hcL9SkEOejB1Pzw1mHHBjQ1j_xFbGYQSVjaGSPJ-thmP0JRDN8tlqBDQbJWMGnK_qk_wPp65cMcdkCcZoM6rE7xuhAFdaWberRK61vKQueNA0MiU_N4XF7BIcFo9LuhjhMEagIicu_QAjVgLME7O72ja9Gnm17FXl07tz6fhgoZjcWmEfmGINGBTffLDJd__skhBAsOxguj-M--4wfBI6Ax7tcHprEF1yoRBd6s4FhEFghDA-zywDUpw6753-yPqH0J0v93YnH9-F70dB3CP-hRAeQS8MYPBu5D49CyCpk-i0nHvlI_AkOpBCjbvqizNCNc-wGhv8iR_fmWnAPbBqHXAWHz29F9wws_2mVvpb28k_SmktH3vX9W4Z-MU_-vgTdxbGsK2_exr4EBPZN2Ko3lN53bnS-TMdVoO-f4nhFf6Z1P6E7eWGnnDptfiy4H1CRxmPzzLOiyjDLRPqSxgvNYI5a_5JwROGy9K3z9I6ZlxZMSnLE-BPOuyMJ2yEnJ4jV4SPkT0oSsgv99-ub0o6pdP0T1RUhI9UZOMYRJwXKR7Av4pCkDsALQYS5jdU2kDgP3Ds0Of0NPx-P3CoHafFQg2U99ANz9ltKJrhVnyN910TL5wzgU8FLvoaKidHlIYloje9Eko4waT46Y2ivk5OaGt-LIoaVv6lJJQD41-sSjMpmMVKK9VLiZkUjcJRhi9lyTQPkjRlgWplif9v4H89WAf1S9D_VZC-BfYsxSvILXZr5kKEwnyQMpSREck20Oo3qDHfBindOdGKn2CwFaoCLByiM4uZ3LCtxb4koR6mEoY7ZpyoeskMbqTmTA7JEF7OApbA3vwMMige258RT6ylePMzDxaqhndM8GYtZDD0GOiM-Le9E6oH67d0WqhAyoc9Ea5Yb70W23PrVSiHB3LshUKpTL8YegKZvnoDY33tHIcJRHPP-g-k3xfRVJsmrIpDkWEcpHf7cZRNyTTbP3rchbLGvBeynu7v3w6UHbvQs30JvudZmSVXBuo1c1dSqP79qlH9fsOv2jp88_RvL-pEA0ayV_gi_yi93o0B0-YnSm93zvylEcYPoH6CiWia54nP4PIEc19-k3oe10VcsAnMo6xI0jiJ83iynidFuspJVs_SrAYSsaKgnJIMaMRJESVkIuaU0JgUEY3StEjiacSKKIasKkgdFVWSooRAy4Sc7kM_CVPVPMsiEk8k4yBtGKspVbDB4aE_puntxMyDM7xvLEqIFNbZI4oTTsL8vMYQpReOoZRirXDVW6db3EKrzXboC8xpc2hDYfC7eoz35ymw90lv5PzvD5PB8_8HAAD__1PE6NY">