From 5c3e4d8b293fab06d2311a863c675a392f24e383 Mon Sep 17 00:00:00 2001
From: Antoine Poinsot <darosior@protonmail.com>
Date: Tue, 21 Jan 2025 14:51:41 -0500
Subject: [PATCH] doc: add a section about using MSan

Thanks to Niklas Pieter and Michael for the pointers.
---
 doc/fuzzing.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/doc/fuzzing.md b/doc/fuzzing.md
index 365314a5928..3b3c2c4c0e1 100644
--- a/doc/fuzzing.md
+++ b/doc/fuzzing.md
@@ -101,6 +101,18 @@ INFO: seed corpus: files: 991 min: 1b max: 1858b total: 288291b rss: 150Mb
 …
 ```
 
+## Using the MemorySanitizer (MSan)
+
+MSan [requires](https://clang.llvm.org/docs/MemorySanitizer.html#handling-external-code)
+that all linked code be instrumented. The exact steps to achieve this may vary
+but involve compiling `clang` from source, using the built `clang` to compile
+an instrumentalized libc++, then using it to build [Bitcoin Core dependencies
+from source](../depends/README.md) and finally the Bitcoin Core fuzz binary
+itself. One can use the MSan CI job as an example for how to perform these
+steps.
+
+Valgrind is an alternative to MSan that does not require building a custom libc++.
+
 ## Run without sanitizers for increased throughput
 
 Fuzzing on a harness compiled with `-DSANITIZERS=address,fuzzer,undefined` is