byval unsoundness

[regehr]

this isn't a refinement but alive-tv thinks it is. it doesn't look like we're including the contents of the pointed-to memory for byval parameters in the refinement criteria?

declare i32 @g(ptr byval(i32))

define i32 @src() {
entry:
  %p = alloca i32, align 4
  %q = alloca i32, align 4
  store i32 1, ptr %p, align 4
  store i32 2, ptr %q, align 4
  %r = call i32 @g(ptr byval(i32) %p)
  ret i32 %r
}

define i32 @tgt() {
entry:
  %p = alloca i32, align 4
  %q = alloca i32, align 4
  store i32 1, ptr %p, align 4
  store i32 2, ptr %q, align 4
  %r = call i32 @g(ptr byval(i32) %q)
  ret i32 %r
}