diff --git a/clang/docs/AddressSanitizer.rst b/clang/docs/AddressSanitizer.rst --- a/clang/docs/AddressSanitizer.rst +++ b/clang/docs/AddressSanitizer.rst @@ -14,8 +14,9 @@ * Out-of-bounds accesses to heap, stack and globals * Use-after-free -* Use-after-return (runtime flag `ASAN_OPTIONS=detect_stack_use_after_return=1`) -* Use-after-scope (clang flag `-fsanitize-address-use-after-scope`) +* Use-after-return (clang flag ``-fsanitize-address-use-after-return=(never|runtime|always)`` default: ``runtime``) + * Enable ``runtime`` with: ``ASAN_OPTIONS=detect_stack_use_after_return=1`` +* Use-after-scope (clang flag ``-fsanitize-address-use-after-scope``) * Double-free, invalid free * Memory leaks (experimental) @@ -136,6 +137,26 @@ Note that this option is not supported on macOS. +Stack Use After Return (UAR) +---------------------------- + +AddressSanitizer can optionally detect stack use after return problems. +This is available by default, or explicitly +(``-fsanitize-address-use-after-return=runtime``). +To enable this check at runtime, set the environment variable +``ASAN_OPTIONS=detect_stack_use_after_return=1``. + +Enabling this check (``-fsanitize-address-use-after-return=always``) will +reduce code size. The code size may be reduced further by completely +eliminating this check (``-fsanitize-address-use-after-return=never``). + +To summarize: ``-fsanitize-address-use-after-return=`` + * ``never``: Completely disables detection of UAR errors (reduces code size). + * ``runtime``: Adds the code for detection, but must be enabled via the + runtime environment (``ASAN_OPTIONS=detect_stack_use_after_return=1``). + * ``always``: Enables detection of UAR errors in all cases. (reduces code + size, but not as much as ``never``). + Memory leak detection --------------------- diff --git a/clang/docs/UsersManual.rst b/clang/docs/UsersManual.rst --- a/clang/docs/UsersManual.rst +++ b/clang/docs/UsersManual.rst @@ -3744,6 +3744,8 @@ Enable linker dead stripping of globals in AddressSanitizer -fsanitize-address-poison-custom-array-cookie Enable poisoning array cookies when using custom operator new[] in AddressSanitizer + -fsanitize-address-use-after-return= + Select the mode of detecting stack use-after-return in AddressSanitizer: never | runtime (default) | always -fsanitize-address-use-after-scope Enable use-after-scope detection in AddressSanitizer -fsanitize-address-use-odr-indicator diff --git a/clang/include/clang/Driver/Options.td b/clang/include/clang/Driver/Options.td --- a/clang/include/clang/Driver/Options.td +++ b/clang/include/clang/Driver/Options.td @@ -1584,7 +1584,7 @@ : Joined<["-"], "fsanitize-address-use-after-return=">, MetaVarName<"">, Flags<[CC1Option]>, - HelpText<"Select the mode of detecting stack use-after-return in AddressSanitizer">, + HelpText<"Select the mode of detecting stack use-after-return in AddressSanitizer: never | runtime (default) | always">, Group, Values<"never,runtime,always">, NormalizedValuesScope<"llvm::AsanDetectStackUseAfterReturnMode">,