[llvm] LangRef: allocated objects can grow (PR #141338)

[Nikita Popov via llvm-commits]

================
@@ -11870,6 +11879,8 @@ if the ``getelementptr`` has any non-zero indices, the following rules apply:
    :ref:`based <pointeraliasing>` on. This means that it points into that
    allocated object, or to its end. Note that the object does not have to be
    live anymore; being in-bounds of a deallocated object is sufficient.
+   If the allocated object can grow, then the relevant size for being *in
+   bounds* is the maximal size the object will ever have, not its current size.
----------------
nikic wrote:

> I think this semantics is problematic as you need to guess the future. We need getelementptr to produce poison if it goes OOB, and with this wording, you need to delay the decision until the program exits, and then propagate it backwards.

See the comments above. I think we can avoid this issue by rephrasing this to something like:

> If the allocated object can grow, then the relevant size for being *in bounds* is the maximal possible size the object could have, not its current size.

I believe this still gives us all the properties we need from inbounds (in particular the ability to cross more than half the address space, even with a sequence of multiple inbounds operations).

> This has implications in alias analysis. We would need to disable all rules that use reasoning such as `p + offset > p's size` to conclude no-alias, because the size may be increased later. We have a few of these rules in BasicAA.

This alias analysis only applies to fixed size objects with known size. I do not believe it will be affected by this change (which is only relevant to allocations which for LLVM does not know the size).

https://github.com/llvm/llvm-project/pull/141338