[CaptureTracking] Check for equality predicate for null comparisons

The logic here is not valid for non-equality comparisons. E.g.
using slt will leak the sign bit, regardless of whether the
pointer is dereferenceable.

This fix is split out from #125880.

Author: nikic

llvm/lib/Analysis/CaptureTracking.cpp

@@ -376,11 +376,12 @@ UseCaptureKind llvm::DetermineUseCaptureKind(
   case Instruction::ICmp: {
     unsigned Idx = U.getOperandNo();
     unsigned OtherIdx = 1 - Idx;
-    if (auto *CPN = dyn_cast<ConstantPointerNull>(I->getOperand(OtherIdx))) {
+    if (isa<ConstantPointerNull>(I->getOperand(OtherIdx)) &&
+        cast<ICmpInst>(I)->isEquality()) {
       // Don't count comparisons of a no-alias return value against null as
       // captures. This allows us to ignore comparisons of malloc results
       // with null, for example.
-      if (CPN->getType()->getAddressSpace() == 0)
+      if (U->getType()->getPointerAddressSpace() == 0)
         if (isNoAliasCall(U.get()->stripPointerCasts()))
           return UseCaptureKind::NO_CAPTURE;
       if (!I->getFunction()->nullPointerIsDefined()) {

llvm/test/Transforms/FunctionAttrs/nocapture.ll

@@ -791,7 +791,7 @@ define i1 @captureICmpWrongPred(ptr %x) {
 define i1 @captureICmpWrongPredDereferenceableOrNull(ptr dereferenceable_or_null(1) %x) {
 ; FNATTRS: Function Attrs: mustprogress nofree norecurse nosync nounwind willreturn memory(none)
 ; FNATTRS-LABEL: define noundef i1 @captureICmpWrongPredDereferenceableOrNull
-; FNATTRS-SAME: (ptr readnone captures(none) dereferenceable_or_null(1) [[X:%.*]]) #[[ATTR0]] {
+; FNATTRS-SAME: (ptr readnone dereferenceable_or_null(1) [[X:%.*]]) #[[ATTR0]] {
 ; FNATTRS-NEXT:    [[TMP1:%.*]] = icmp slt ptr [[X]], null
 ; FNATTRS-NEXT:    ret i1 [[TMP1]]
 ;