https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104690
--- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> --- It would be difficult in all cases. Essentially, the sanitizer would need to change the ABI of the function to return a pair of normal return type, boolean flag whether it fell off from the function end without returning value (or add an extra pointer argument and return that flag by reference) and change all the callers. But as one can take address of such functions, the changing of the ABI isn't trivial, so either it would need to be done by cloning the function to the instrumented version and a wrapper which just ignores the flag, taking address would use the wrapper, direct calls the former, or say just emit some internal function call at the end of such calls and only optimize later if we can prove the function isn't address taken and only called directly or something similar. But the later it is done, the fuzzier on what exactly will mean a use of the result, simple assignments to otherwise unused automatic variables will be gone etc.
