diff --git a/clang/docs/AddressSanitizer.rst b/clang/docs/AddressSanitizer.rst --- a/clang/docs/AddressSanitizer.rst +++ b/clang/docs/AddressSanitizer.rst @@ -14,8 +14,9 @@ * Out-of-bounds accesses to heap, stack and globals * Use-after-free -* Use-after-return (runtime flag `ASAN_OPTIONS=detect_stack_use_after_return=1`) -* Use-after-scope (clang flag `-fsanitize-address-use-after-scope`) +* Use-after-return (clang flag ``-fsanitize-address-use-after-return=(never|runtime|always)`` default: ``runtime``) + * Enable ``runtime`` with: ``ASAN_OPTIONS=detect_stack_use_after_return=1`` +* Use-after-scope (clang flag ``-fsanitize-address-use-after-scope``) * Double-free, invalid free * Memory leaks (experimental) diff --git a/clang/docs/ClangCommandLineReference.rst b/clang/docs/ClangCommandLineReference.rst --- a/clang/docs/ClangCommandLineReference.rst +++ b/clang/docs/ClangCommandLineReference.rst @@ -881,6 +881,15 @@ * ``global`` - Emit module destructors that are called via a platform specific array (see `llvm.global_dtors`). * ``none`` - Do not emit module destructors. +.. option:: -fsanitize-address-use-after-return= + +Select the enabling method of detecting stack use-after-return in AddressSanitizer. + +Valid options are: +* ``never`` - Do not detect use-after-return. +* ``runtime`` - Detect use-after-return with runtime ON/OFF switch (environment variable `ASAN_OPTIONS=detect_stack_use_after_return=1`, default: 0) +* ``always`` - Detect use-after-return. + .. option:: -fsanitize-ignorelist= Path to ignorelist file for sanitizers diff --git a/clang/docs/UsersManual.rst b/clang/docs/UsersManual.rst --- a/clang/docs/UsersManual.rst +++ b/clang/docs/UsersManual.rst @@ -1848,6 +1848,16 @@ link-time optimizations like whole program inter-procedural basic block reordering. +.. option:: -fsanitize-address-use-after-return= + + When paired with ``-fsanitize=address``, this changes how detection of stack use-after-return (UAR) behaves. + + * ``never``: Completely disables detection of UAR errors (reduces code size). + * ``runtime``: Adds the code for detection, but must be enabled via the runtime environment (``ASAN_OPTIONS=detect_stack_use_after_return=1``). + * ``always``: Enables detection of UAR errors in all cases. (reduces code size, but not as much as ``never``). + + The default is ``-fsanitize-address-use-after-return=runtime``. + Profile Guided Optimization --------------------------- @@ -3724,6 +3734,8 @@ Enable linker dead stripping of globals in AddressSanitizer -fsanitize-address-poison-custom-array-cookie Enable poisoning array cookies when using custom operator new[] in AddressSanitizer + -fsanitize-address-use-after-return= + Select the mode of detecting stack use-after-return in AddressSanitizer -fsanitize-address-use-after-scope Enable use-after-scope detection in AddressSanitizer -fsanitize-address-use-odr-indicator