[BoundsSafety] Optimize BS_CHK_AccessSize for the case element type is 1 byte

Previously for something like

```
T* __bidi_indexable ptr;
ptr[idx];
```

for the upper bound check (when BS_CHK_AccessSize is active) we always checked

1. `&ptr[idx] + sizeof(T)` does not overflow
2. `&ptr[idx] + sizeof(T) <= ptr.upper_bound`

However, for the case `sizeof(T) == 1` we can actually just check

`&ptr[idx] < ptr.upper_bound`

and completely avoid performing the overflow check. This gives us
a code size and runtime overhead win in this particular case.

We can use Z3 to prove the two different bounds checks implementations
are identical when the access size is 1 using the SMT-LIBv2 file shown below:

```
(set-logic QF_BV)
(declare-const cur (_ BitVec 64))
(declare-const upper (_ BitVec 64))
(declare-const access_size (_ BitVec 64))
;;; for inspecting model
(declare-const overflows Bool)
(declare-const cur_plus_access_size (_ BitVec 64))

(define-fun add_overflows ((a (_ BitVec 64)) (b (_ BitVec 64))) Bool
  (bvult
    (bvadd a b)
    a
  )
)

;;; Access size is not zero
(assert
  (not (= access_size #x0000000000000000))
)

;;; `overflows` is a convenience variable for inspecting the model
(assert
  (=
    overflows
    (add_overflows cur access_size)
  )
)
;;; `cur_plus_access_size` is a convenience variable for inspecting the model
(assert
  (=
    cur_plus_access_size
    (bvadd cur access_size)
  )
)

;;; Consider the special case with access size of 1
(assert
  (= access_size #x0000000000000001)
)

;;;; New upper bound check semantics
(define-fun new_in_bounds () Bool
  (and
    (not (add_overflows cur access_size))
    (bvule
      (bvadd cur access_size)
      upper
    )
  )
)

;;;; Old upper bound check semantics
(define-fun old_in_bounds () Bool
  (and
    (bvult
      cur
      upper
    )
  )
)

(assert
  (not
    (=
      new_in_bounds
      old_in_bounds
    )
  )
)

(check-sat); reports unsat
(get-model)
(get-value (old_in_bounds))
(get-value (new_in_bounds))
(get-value (cur_plus_access_size))
(get-value (overflows))
```

rdar://139665133
(cherry picked from commit 84b0262)

Conflicts:
	clang/test/BoundsSafety/CodeGen/range-check-optimizations.c

Author: delcypher

clang/lib/CodeGen/CGExpr.cpp

@@ -126,9 +126,9 @@ void CodeGenFunction::EmitBoundsSafetyBoundsCheck(
 
   if (Upper) {
     if (getLangOpts().hasNewBoundsSafetyCheck(LangOptions::BS_CHK_AccessSize) &&
-        ElemTy->isSized()) {
-      // For sized types take the size of a potential access into account.
-      // For something like:
+        ElemTy->isSized() && CGM.getDataLayout().getTypeStoreSize(ElemTy) > 1) {
+      // For sized types larger than 1 byte take the size of a potential access
+      // into account. For something like:
       //
       // T* ptr;
       //
@@ -151,15 +151,24 @@ void CodeGenFunction::EmitBoundsSafetyBoundsCheck(
       EmitBoundsSafetyTrapCheck(Builder.CreateICmpULE(Ptr, OnePastTheEndPtr),
                               BNS_TRAP_PTR_GT_UPPER_BOUND, TrapCtx);
     } else {
-      // Legacy path and path for unsized types (e.g. function types).
+      // Path where the size of the access is assumed to be 1 byte. This is used
+      // for
+      //
+      // * 1-byte access when `BS_CHK_AccessSize` enabled.
+      // * unsized types (e.g. function types)
+      // * Legacy bounds checks (i.e. `BS_CHK_AccessSize` is disabled).
+      //
       // In this case for something like
       //
       // T* ptr;
       //
       // We assume that `sizeof(T)` is 1. In this case
       //
-      // `ptr.ptr + sizeof(T) <= ptr.upper` simplifies to
+      // 1. The `ptr.ptr + 1` overflow check is unnecessary and so we skip
+      // emitting it.
+      // 2. The `ptr.ptr + sizeof(T) <= ptr.upper` check simplifies to
       // `ptr.ptr < ptr.upper`.
+      //
       BoundsSafetyOptRemarkScope Scope(this, BNS_OR_PTR_GE_UPPER_BOUND);
       llvm::Value *Check = Builder.CreateICmpULT(Ptr, Upper);
       EmitBoundsSafetyTrapCheck(Check, BNS_TRAP_PTR_GE_UPPER_BOUND, TrapCtx);