`Atomic` memory accesses in JS are not ASan-instrumented

[tlively]

The "asanify" transformation in acorn-optimizer.js does not instrument uses of the Atomic API in JS, so it's possible for e.g. use-after-free bugs involving atomic access from JS to go uncaught.

It would be nice to improve our ASan coverage by instrumenting atomic accesses as well.

[kripken]

Looks like we'd need to instrument the following Atomics.* APIs for that:

• add
• sub
• load
• store
• compareExchange

For wasm workers, we'd also need

• notify

[tlively]

Is that based on the APIs we currently use? I would expect that for future-proofness we would want to instrument all of them, including or, xor, wait, waitAsync, etc.

[kripken]

Yeah, that's just what's in the code now. I agree we'd want it all in principle.

[M-SAI-SOORYA]

To do this, you can modify the ASanify transformation to also instrument any atomic access in the JavaScript code. This could involve adding a check for any use of the Atomic API and instrumenting it accordingly. The specifics of how to do this would depend on the implementation of the Atomic API and how it is used in the JavaScript code.

Once the ASanify transformation is updated, you can then run your tests and check if any previously uncaught use-after-free bugs involving atomic access are now caught by ASan.