MSan is bit-exact: it can track uninitialized bits in a bitfield. It will tolerate copying of uninitialized memory, and also simple logic and arithmetic operations with it. In general, MSan silently tracks the spread of uninitialized data in memory, and reports a warning when a code branch is taken (or not taken) depending on an uninitialized value.
sanitize-memory-param-retval does not work this way. Passing an uninitialized value to a function is "spreading" it, not "branching" on it.
We should amend this paragraph to avoid confusion. Something like:
MSan is bit-exact: it can track uninitialized bits in a bitfield. It will tolerate copying of uninitialized memory, and also simple logic and arithmetic operations with it. In general, MSan silently tracks the spread of uninitialized data in memory, and reports a warning when a code branch is taken (or not taken) depending on an uninitialized value. MSan will also report a warning on certain types of undefined behavior, such as when a function call takes or returns uninitialized values.
In Clang 16,
-fsanitize-memory-param-retval
was enabled by default. This is a good feature but it conflicts with the MSAN introduction text somewhat:https://github.com/google/sanitizers/wiki/MemorySanitizer#introduction
sanitize-memory-param-retval
does not work this way. Passing an uninitialized value to a function is "spreading" it, not "branching" on it.We should amend this paragraph to avoid confusion. Something like: