<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/56205>56205</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
AddressSanitizer false positive due to incorrectly preserved writesonly attribute
</td>
</tr>
<tr>
<th>Labels</th>
<td>
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
tmiasko
</td>
</tr>
</table>
<pre>
AddressSanitizer instrumentation introduces reads from shadow memory, while at
the same time preserving existing `writesonly` function attribute. This
transformation introduces undefined behaviour:
> If a `writeonly` function reads memory visible outside the function or has
> other side-effects, the behavior is undefined.
This is also problematic in practice, since a dead store elimination might
remove an unpoisoning store to shadow memory preceding call to such a function,
consequently leading to a false positive report from inside the function. For a
concrete example see the issue reported in rust-lang/rust#98454.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJxlU9tymzAQ_Rp40YTBXBzzwEPa1DN9bn9ASAtsKyRXKzlxv74rsOM0mfFgdna156LD4PSlf9LaA9EPaTHgX_ACLQUfF7BBBnSW6-CdjgpIeJCaxOjdImiW2r2IBRbnL1n1VbzMaEDIkJXPWfkUZhAkFxAB-XFiBPBntJOAV6SQXrJ9-eIxADlrLlyIMVq1AsoQPA4xQCF-zkjXhV5aGp1fPpGKVsOIFrQYYJZndNFn9dN26vqsv4nvo5BvmJ8gN2GbGHFGwoG1uBgINUtgLW-TzotZ0n2v464Xae4BxhFUoGRGOnJlw4a-41i855XUpa405Ngjx6BJnmJ1XEoGVJC2EVrF1grNLAUF50GAwQXt5sWC03y13bOCM49aRjw5ZG-T1duR4P6_tHQrCnQaUNKYtR_VzDg3sYy9rVXOEvyJHAlzEYZZpEM8z6PMne_XEYeHgT2cnA9bQjhHH90rxJH9kG9LlYfAWl7lcmK_CbZpJIq3VXyrbIaPFB6MtFNWHdN7VtXdoWmbItd9rbu6k3nAYOBzmD_w03H1gf10ntUnOddsMtA9jvcI5tGbfg7hRClT1ZF_E4Y5DoVyCxfGnG9_D3yDv3gnl6sCDsKx3Vdlm8990yhoym5fSd3W0D0emmrfHXQ5Dgc5jLsmN3IAQ33Wfsna5xz7qqyqcl81u2732HRFWzf74fAoAXa7Q921WVNyVNAUCbhwfsp9v3IY4kTcNPyR0b0piXCyALf9MobZ-T4sKOm3y1e6_cr1H9vCa8E">