Merge bitcoin/bitcoin#31704: doc: add a section in the fuzzing documentation about using MSan

5c3e4d8b29 doc: add a section about using MSan (Antoine Poinsot) Pull request description: Just a couple lines in a subsection of the sanitizers section mentioning that using the memory sanitizer is a bit more involve than other sanitizers, describing the steps and pointing to an example. ACKs for top commit: fanquake: ACK 5c3e4d8b29 dergoegge: ACK 5c3e4d8b29 Tree-SHA512: 4ff73c2dd0f25cb96148e54bd867b8d340bd0fbc9b9a736a705125039352eb1d40bd724f9f262a44d3dbd1bea8f03166cf30e571d882fec02ceb1dd399ef7422
2025-02-22 15:04:44 +01:00 · 2025-01-23 14:25:28 +00:00 · 2025-01-23 14:25:28 +00:00 · 9914e73729
commit 9914e73729
parent 188b02116d 5c3e4d8b29
1 changed files with 12 additions and 0 deletions
--- a/doc/fuzzing.md
+++ b/doc/fuzzing.md
@ -101,6 +101,18 @@ INFO: seed corpus: files: 991 min: 1b max: 1858b total: 288291b rss: 150Mb
 …
 ```

+## Using the MemorySanitizer (MSan)
+
+MSan [requires](https://clang.llvm.org/docs/MemorySanitizer.html#handling-external-code)
+that all linked code be instrumented. The exact steps to achieve this may vary
+but involve compiling `clang` from source, using the built `clang` to compile
+an instrumentalized libc++, then using it to build [Bitcoin Core dependencies
+from source](../depends/README.md) and finally the Bitcoin Core fuzz binary
+itself. One can use the MSan CI job as an example for how to perform these
+steps.
+
+Valgrind is an alternative to MSan that does not require building a custom libc++.
+
 ## Run without sanitizers for increased throughput

 Fuzzing on a harness compiled with `-DSANITIZERS=address,fuzzer,undefined` is