Merge bitcoin/bitcoin#31704: doc: add a section in the fuzzing documentation about using MSan

fanquake · fanquake · commit 9914e7372976 · 2025-01-23T14:25:28.000Z
5c3e4d8 doc: add a section about using MSan (Antoine Poinsot) Pull request description: Just a couple lines in a subsection of the sanitizers section mentioning that using the memory sanitizer is a bit more involve than other sanitizers, describing the steps and pointing to an example. ACKs for top commit: fanquake: ACK 5c3e4d8 dergoegge: ACK 5c3e4d8 Tree-SHA512: 4ff73c2dd0f25cb96148e54bd867b8d340bd0fbc9b9a736a705125039352eb1d40bd724f9f262a44d3dbd1bea8f03166cf30e571d882fec02ceb1dd399ef7422
diff --git a/doc/fuzzing.md b/doc/fuzzing.md
@@ -101,6 +101,18 @@ INFO: seed corpus: files: 991 min: 1b max: 1858b total: 288291b rss: 150Mb
 …
 ```
 
+## Using the MemorySanitizer (MSan)
+
+MSan [requires](https://clang.llvm.org/docs/MemorySanitizer.html#handling-external-code)
+that all linked code be instrumented. The exact steps to achieve this may vary
+but involve compiling `clang` from source, using the built `clang` to compile
+an instrumentalized libc++, then using it to build [Bitcoin Core dependencies
+from source](../depends/README.md) and finally the Bitcoin Core fuzz binary
+itself. One can use the MSan CI job as an example for how to perform these
+steps.
+
+Valgrind is an alternative to MSan that does not require building a custom libc++.
+
 ## Run without sanitizers for increased throughput
 
 Fuzzing on a harness compiled with `-DSANITIZERS=address,fuzzer,undefined` is
