[Bug sanitizer/103792] New: stack-use-after-scope false positive with exceptions on ARM EABI

["mcross at irobot dot com" <gcc-bugzilla@gcc.gnu.org>]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103792

            Bug ID: 103792
           Summary: stack-use-after-scope false positive with exceptions
                    on ARM EABI
           Product: gcc
           Version: 10.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: mcross at irobot dot com
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
  Target Milestone: ---

Created attachment 52039
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52039&action=edit
reproduction code

This is the same issue as https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81021 ,
except specific to ARM EABI.  I think the same change needs to be applied to
the ARM EABI specific code that sets up the call to __cxa_end_cleanup() in
gcc/tree-eh.c.

I have attached minimal code that reproduces the issue (well, as minimal as I
could get it).

To reproduce, this must be compiled with "-O1 -fsanitize=address".

The reproduction code is also available on Compiler Explorer here:
https://godbolt.org/z/5q1Yq5za3  Unfortunately it cannot run it there, but here
is what I see when I run it (based on generated code addresses in that view):

* At address 10cce is where the exception is thrown in the intermediate()
function (it has inline the calls to the constructors for "struct Bad" and
optimized it down to just throwing an exception).
* The clean-up for for this PC in intermediate() is at 10cd2, and if you follow
it through it effectively just poisons the stack and then calls
__cxa_end_cleanup().

This leaves the stack poisoned after exception handling is complete, which
later code then trips over.