I started review process in libsanitizer: https://reviews.llvm.org/D26965 And I have a question that was asked in the review: can we distinguish between load and store in case of having usage of ASAN_POISON?
Load looks as follows: int main (int argc, char **argv) { char *ptr; if (argc != 12312) { char my_char; ptr = &my_char; } return *ptr; } main (int argc, char * * argv) { char my_char; int _5; <bb 2>: if (argc_1(D) != 12312) goto <bb 3>; else goto <bb 5>; <bb 5>: goto <bb 4>; <bb 3>: my_char_8 = ASAN_POISON (); <bb 4>: # my_char_6 = PHI <my_char_7(D)(5), my_char_8(3)> _5 = (int) my_char_6; return _5; } however doing a store: int main (int argc, char **argv) { char *ptr; if (argc != 12312) { char my_char; ptr = &my_char; } *ptr = 0; return 0; } main (int argc, char * * argv) { <bb 2>: if (argc_1(D) != 12312) goto <bb 3>; else goto <bb 5>; <bb 5>: goto <bb 4>; <bb 3>: ASAN_POISON (); <bb 4>: return 0; } leads to a situation, where LHS of ASAN_POISON assignment is identified as overwritten and eventually we see just ASAN_POISON call. This is currently removed in sanopt pass, but I'm wondering whether it's valid optimization or not in this context? Thanks, Martin