Stack-use-after-scope bug appears when a stack object is used outside the scopeit was defined.Example (see alsoAddressSanitizerExampleUseAfterScope):

void f() {  int *p;  if (b) {    int x[10];    p = x;  }  *p = 1;}

This check is enabled by default inAddressSanitizer. It can be disabled with the clang flag -fno-sanitize-address-use-after-scope.

AddressSanitizer detects this kind of bugs by marking memory used by local variablesas good when control reached variable definitions. Then it marks memory as bad when control reaches theend of the scope of definition. Implementation relies on @llvm.lifetime.start and @llvm.lifetime.end.

Example above we will be changed into a code similar to the following:

void f() {  int *p;  if (b) {    __asan_unpoison_stack_memory(x);    int x[10];    p = x;    __asan_poison_stack_memory(x);  }  *p = 1;   __asan_unpoison_stack_memory(frame);}

Before a function returned, its stack memory need to be unpoisoned to avoid false reports fornon-instrumented code.

Memory consumption is the same as with default set ofAddressSanitizerFlags.

TODO

TODO