The memtag sanitizer may fail to clear the memory tags before a function exits.
This issue was originally noticed when running the libcxx testsuite in memtag configuration. A slightly
reduced testcase is attached (it's not very small but small enough to work with):
In the patch, the test case
llvm/test/CodeGen/AArch64/stack-tagging-ex-1.ll is a hand-written one that has basically the same structure.
The test case llvm/test/CodeGen/AArch64/stack-tagging-ex-2.ll is another reproducer, see the comment at the top for the
equivalent C++ source.
This patch makes sure that if we tag some memory, we untag that memory before the function returns/throws via any
exit, reachable from the tag operation. For that we place the untag operation either at:
a) the lifetime end call for the alloca, if that call post-dominates the lifetime start call (where the tag operation is placed), or it (the lifetime end call) dominates all reachable exits, otherwise
b) at the reachable exits