I've been currently working use-after-scope sanitization in GCC. We see optimization opportunity to rewrite local variables (when poisoned) to SSA_NAMEs
where a usage of such SSA_NAME would lead to use-after-scope error. Compared to the current implementation, there SSA_NAMEs (corresponding to a local variable)
does not have a stack store and thus there's no reserved slot in shadow memory. For these I would like to add a new API function builtin_asan_report_use_after_scope.
Let's consider following sample:
int
main (void)
{
char *ptr; { char my_char; ptr = &my_char; } return *ptr;
}
which can be transformed to:
main ()
{
char my_char; int _4; <bb 2>: __builtin___asan_report_use_after_scope ("my_char", 1); _4 = (int) my_char_5(D); return _4;
}
Corresponding run-time error looks as follows:
16049==ERROR: AddressSanitizer: stack-use-after-scope at pc 0x000000400794 bp 0x000000000001 sp 0x0000004005f3
ACCESS of size 1 for variable 'my_char' thread T0
#0 0x4005f2 in main (/tmp/a.out+0x4005f2) #1 0x7f883337e290 in __libc_start_main (/lib64/libc.so.6+0x20290) #2 0x400649 in _start (/tmp/a.out+0x400649)
SUMMARY: AddressSanitizer: stack-use-after-scope (/tmp/a.out+0x4005f2) in main
Please run clang-format on this.