optimize frames; remove trampoline

docs/testing.md

@@ -118,6 +118,45 @@ When a mismatch is found:
     MISMATCH: test_foo: result mismatch opt=42 noopt=43
 ```
 
+## ASAN for Native AOT
+
+When debugging native (`shop.use_native`) crashes, there are two useful sanitizer workflows.
+
+### 1) AOT-only sanitizer (fastest loop)
+
+Enable sanitizer flags for generated native modules by creating a marker file:
+
+```bash
+touch .cell/asan_aot
+cell --dev bench --native fibonacci
+```
+
+This adds `-fsanitize=address -fno-omit-frame-pointer` to AOT module compilation.
+
+Disable it with:
+
+```bash
+rm -f .cell/asan_aot
+```
+
+### 2) Full runtime sanitizer (CLI + runtime + AOT)
+
+Build an ASAN-instrumented `cell` binary:
+
+```bash
+meson setup build-asan -Dbuildtype=debug -Db_sanitize=address
+CCACHE_DISABLE=1 meson compile -C build-asan
+ASAN_OPTIONS=abort_on_error=1:detect_leaks=0 ./build-asan/cell --dev bench --native fibonacci
+```
+
+This catches bugs crossing the boundary between generated dylibs and runtime helpers.
+
+If stale native artifacts are suspected after compiler/runtime changes, clear build outputs first:
+
+```bash
+cell --dev clean shop --build
+```
+
 ## Fuzz Testing
 
 The fuzzer generates random self-checking programs, compiles them, and runs them through both optimized and unoptimized paths. Each generated program contains test functions that validate their own expected results, so failures catch both correctness bugs and optimizer mismatches.