On Thu, May 12, 2016 at 04:12:21PM +0200, Martin Liška wrote:
> > Dunno, guess you need to do something in the FE for it already (talk to
> > Jason?). At least in *.original dump there is already:
> > <<cleanup_point <<< Unknown tree: expr_stmt
> > save ((const struct IntHolder &) &TARGET_EXPR <D.2263, {.val=10}>) >>>>>;
> > int x = (int) saved->val;
> > return <retval> = x;
> > and the info on where the D.2263 temporary goes out of scope is lost.
>
> Thanks for sample, I will ask Jason to help me with that.
Actually, I believe this is all available to the gimplifier.
Primarily look at gimplify_target_expr, which if
gimplify_ctxp->in_cleanup_point_expr
emits a D.NNNNN ={v} {CLOBBER};
stmt as cleanup to be added at that corresponding CLEANUP_POINT_EXPR.
And also study gimplify_cleanup_point_expr and gimple_push_cleanup.
I bet you want to emit for use-after-scope sanitization in
gimplify_target_expr next to the conditional which adds the clobber also
(for gimplify_ctxp->in_cleanup_point_expr only) also addition of ASAN_MASK
for the poisoning. And with the same guard also (again, for if (init) case
only, i.e. the first time the TARGET_EXPR is encountered) before the
gimplification of the init the unpoisoning of the temporary.
Maybe initially ignore VLA temporaries, those would be harder to handle,
and probably have to be dealt together with user VLA/alloca address
sanitization.
Jakub
