Fix MSan false positive: enlarge dummy buffer for SVE predicated loads#14
Merged
alexey-milovidov merged 2 commits intoClickHouse/v6.5.15from Mar 7, 2026
Merged
Conversation
MemorySanitizer cannot track data flow through SIMD intrinsics
(SVE, NEON, SSE, AVX), causing false-positive "use-of-uninitialized-value"
reports. For example, SVE predicated loads only access memory for active
lanes, but MSan sees the full vector width as a memory read, flagging
tail elements as uninitialized.
Add `__attribute__((no_sanitize("memory")))` to `SIMSIMD_PUBLIC` and
`SIMSIMD_DYNAMIC` macros when MSan is detected via `__has_feature`.
This disables MSan instrumentation for all SimSIMD functions, which is
appropriate since they are entirely SIMD code that MSan cannot analyze.
The previous approach of unpoisoning results after dispatch (in lib.c)
was insufficient because MSan aborts inside the function body before
the dispatch wrapper can unpoison the output.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
`simsimd_capabilities` probes SIMD functions with n=0 to pre-initialize
dispatch function pointers. SVE implementations use `do { } while (i < n)`
loops that always execute the body once, even with n=0. MemorySanitizer
instruments SVE predicated loads (`svld1_f32` etc.) as full-width vector
reads regardless of the predicate mask, so it reports use-of-uninitialized
memory when the buffer is smaller than the SIMD register width.
Increase the dummy buffer from 8 bytes (`double[1]`) to 256 bytes
(`double[32]`) to cover the widest possible SVE vector (2048 bits).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Merged
1 task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
simsimd_capabilitiesprobes SIMD functions withn=0to pre-initialize dispatch function pointers. SVE implementations usedo { } while (i < n)loops that always execute the body once, even withn=0. MemorySanitizer instruments SVE predicated loads (svld1_f32etc.) as full-width vector reads regardless of the predicate mask, so it reports use-of-uninitialized memory when the buffer is smaller than the SIMD register width.Increase the dummy buffer from 8 bytes (
double[1]) to 256 bytes (double[32]) to cover the widest possible SVE vector (2048 bits).Also reverts the
no_sanitize("memory")approach fromtypes.hsince it would leave output memory poisoned for callers.CI report: https://s3.amazonaws.com/clickhouse-test-reports/json.html?PR=98677&sha=a1b9d7f6170c510431fce962a869aa617d88d888&name_0=PR&name_1=Stress%20test%20%28arm_msan%29