https://bugs.llvm.org/show_bug.cgi?id=47616
Bug ID: 47616
Summary: ASAN use-after-scope for thread-local variables
Product: compiler-rt
Version: 11.0
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: asan
Assignee: unassignedb...@nondot.org
Reporter: mvano...@google.com
CC: llvm-bugs@lists.llvm.org
It seems like asan is not keeping track of thread-local variables.
```cpp
#include <iostream>
#include <thread>
thread_local int x;
extern "C" int __asan_address_is_poisoned(void const volatile *addr);
extern "C" void __asan_describe_address(void *addr);
extern "C" void __asan_poison_memory_region(void const volatile *addr, size_t
size);
int main() {
std::cout << __asan_address_is_poisoned(&x) << " " <<
__asan_address_is_poisoned(&x + 1) << " " << __asan_address_is_poisoned(&x -
1) << std::endl;
int* p = nullptr;
x = 1;
std::thread([&p]() {
x = 2;
p = &x;
std::cout << __asan_address_is_poisoned(p) << " " <<
__asan_address_is_poisoned(p + 1) << " " << __asan_address_is_poisoned(p -
1) << std::endl;
__asan_poison_memory_region(p, sizeof(*p));
std::cout << __asan_address_is_poisoned(p) << " " <<
__asan_address_is_poisoned(p + 1) << " " << __asan_address_is_poisoned(p -
1) << std::endl;
__asan_describe_address(p);
}).join();
std::cout << &x << " " << &p << std::endl;
std::cout << __asan_address_is_poisoned(&x) << " " <<
__asan_address_is_poisoned(p) << std::endl;
__asan_describe_address(&x);
__asan_describe_address(p);
std::cout << x << " " << *p << std::endl;
return 0;
}
```
In this example, we are running a thread that takes the address of a
thread-local variable and it checks whether the local variable is poisoned
after the thread ends. It is not.
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
