http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58543
--- Comment #4 from dodji at seketeli dot org <dodji at seketeli dot org> --- Thank you for reporting this bug. Please find my comments below, "y.gribov at samsung dot com" <gcc-bugzi...@gcc.gnu.org> a écrit: > Prologue seems to poison words at frame_shadow_base + { 0, 4, 8, 12, 16, 24, > 28}: Right. > > add r4, r3, #536870912 > ldr r3, .L3+8 > str r3, [r4] > ldr r3, .L3+12 > str r3, [r4, #4] > ldr r3, .L3+16 > str r3, [r4, #8] > ldr r3, .L3+20 > str r3, [r4, #12] > ldr r3, .L3+16 > str r3, [r4, #16] > ldr r3, .L3+20 > str r3, [r4, #24] > ldr r3, .L3+24 > str r3, [r4, #28] > > Whereas epilogue poisons frame_shadow_base + { 0, 4, 8, 12, 16, 40, 44}: I guess you mean *un*poison here. > add r3, r4, #20 > .L1: > mov r2, #0 > str r2, [r4] > add r4, r4, #4 > cmp r4, r3 > bcc .L1 My understanding is that in the loop above, we are setting the memory pointed to by frame_shadow_base + { 0, 4, 8, 12, 16} to zero. And in the code below, we are preparing to set the memory pointed to by frame_shadow_base + {24, 28} to zero. > add r3, r4, #24 ; r3 gets invalid value here Why is r3 invalid? It's being set to #24, so that the strb r2, [r3] below writes a zero byte to [r4,#24]. Or what am I missing? > mov r2, #0 > strb r2, [r3] > add r3, r3, #1 > mov r2, #0 > strb r2, [r3] > add r3, r3, #1 > mov r2, #0 > strb r2, [r3] > add r3, r3, #1 > mov r2, #0 > strb r2, [r3] > add r3, r3, #1 > mov r2, #0 > strb r2, [r3] > add r3, r3, #1 > mov r2, #0 > strb r2, [r3] > add r3, r3, #1 > mov r2, #0 > strb r2, [r3] > add r3, r3, #1 > mov r2, #0 > strb r2, [r3] > > This causes some shadow bytes to remain set after function returns. Those may > trigger incorrect Asan errors later. I am guessing that you have a short and self contained example of an asan error that is caused by a wrong epilogue. Would it be possible that you file it so that I can understand better what is going on? Thanks.