In the context of a tool comparison, I do not want to be unfair to ASan if it can detect the problem in the program below:
$ cat t.c
#include <stdio.h>
int *G;
int f(void) {
int l = 1;
int res = *G;
G = &l;
return res + *G;
}
int main(void) {
int x = 2;
G = &x;
f();
printf("%d\n", f());
}
$ clang -v
clang version 3.8.0-2ubuntu4 (tags/RELEASE_380/final)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9
...
$ clang -O2 -fsanitize=address t.c
$ ./a.out
1
$ clang -fsanitize=address t.c
$ ./a.out
2
The first occurence of G the second time f is called invokes undefined behavior, because G is indeterminate at that point. In addition, G is immediately dereferenced, making this the sort of memory error that one may expect ASan to detect. It is part of ASan's specifications that it sometimes fails to detect problems of the kind it is supposed to find, but I want to know if I could have used it to find this particular problem here.
I found the option -fsanitize-address-use-after-scope here, but this option does not work in the version of Clang I am using:
$ clang -fsanitize=address t.c -fsanitize-address-use-after-scope
clang: error: unknown argument: '-fsanitize-address-use-after-scope'
Is there an ASan version that flags an error at the execution of the above program, with or without special commandline options?
You are talking about use-after-return errors here. These should be supported by ASan but disabled by default due to significantly higher memory overhead (see e.g. here for details). To enable, run with ASAN_OPTIONS=detect_stack_use_after_return=1.
Unfortunately I can't check whether it works on your particular case but if it doesn't, you should probly file a bug at ASan's tracker.