Index: include/clang/Driver/Options.td =================================================================== --- include/clang/Driver/Options.td +++ include/clang/Driver/Options.td @@ -555,6 +555,9 @@ def fsanitize_memory_track_origins : Flag<["-"], "fsanitize-memory-track-origins">, Group, Flags<[CC1Option]>, HelpText<"Enable origins tracking in MemorySanitizer">; +def fsanitize_memory_use_after_dtor : Flag<["-"], "fsanitize-memory-use-after-dtor">, + Group, Flags<[CC1Option]>, + HelpText<"Enable use-after-destroy detection in MemorySanitizer">; def fno_sanitize_memory_track_origins : Flag<["-"], "fno-sanitize-memory-track-origins">, Group, Flags<[CC1Option]>, HelpText<"Disable origins tracking in MemorySanitizer">; Index: include/clang/Frontend/CodeGenOptions.def =================================================================== --- include/clang/Frontend/CodeGenOptions.def +++ include/clang/Frontend/CodeGenOptions.def @@ -112,6 +112,8 @@ ///< offset in AddressSanitizer. CODEGENOPT(SanitizeMemoryTrackOrigins, 2, 0) ///< Enable tracking origins in ///< MemorySanitizer +CODEGENOPT(SanitizeMemoryUseAfterDtor, 2, 0) ///< Enable use-after-delete detection + ///< in MemorySanitizer CODEGENOPT(SanitizeCoverageType, 2, 0) ///< Type of sanitizer coverage ///< instrumentation. CODEGENOPT(SanitizeCoverageIndirectCalls, 1, 0) ///< Enable sanitizer coverage Index: lib/CodeGen/CGClass.cpp =================================================================== --- lib/CodeGen/CGClass.cpp +++ lib/CodeGen/CGClass.cpp @@ -1455,6 +1455,11 @@ // Exit the try if applicable. if (isTryBody) ExitCXXTryStmt(*cast(Body), true); + + if (CGM.getCodeGenOpts().SanitizeMemoryUseAfterDtor) { + // insert destructor clean up here + EnterDtorPoisoning(); + } } void CodeGenFunction::emitImplicitAssignmentOperatorBody(FunctionArgList &Args) { @@ -1623,6 +1628,14 @@ } } +// EnterDtorPoisoning +void CodeGenFunction::EnterDtorPoisoning() { + // check run-time flag + // then continue by generating code in destructor + assert(true); + return; +} + /// EmitCXXAggrConstructorCall - Emit a loop to call a particular /// constructor for each of several members of an array. /// Index: lib/CodeGen/CodeGenFunction.h =================================================================== --- lib/CodeGen/CodeGenFunction.h +++ lib/CodeGen/CodeGenFunction.h @@ -1365,6 +1365,10 @@ /// order of their construction. void EnterDtorCleanups(const CXXDestructorDecl *Dtor, CXXDtorType Type); + // EnterDtorPoisoning - Enter the memory poisoning to pollute member + // attributes of a class. + void EnterDtorPoisoning(); + /// ShouldInstrumentFunction - Return true if the current function should be /// instrumented with __cyg_profile_func_* calls bool ShouldInstrumentFunction(); Index: lib/Frontend/CompilerInvocation.cpp =================================================================== --- lib/Frontend/CompilerInvocation.cpp +++ lib/Frontend/CompilerInvocation.cpp @@ -557,6 +557,8 @@ Args.hasArg(OPT_fsanitize_coverage_8bit_counters); Opts.SanitizeMemoryTrackOrigins = getLastArgIntValue(Args, OPT_fsanitize_memory_track_origins_EQ, 0, Diags); + Opts.SanitizeMemoryUseAfterDtor = + Args.hasArg(OPT_fsanitize_memory_use_after_dtor); Opts.SSPBufferSize = getLastArgIntValue(Args, OPT_stack_protector_buffer_size, 8, Diags); Opts.StackRealignment = Args.hasArg(OPT_mstackrealign);