[Docs] Clarify what the object-size sanitizer does.

Currently, the UBSan docs make it sound like the object-size sanitizer
will only detect out-of-bounds reads/writes. It also catches some
operations that don't necessarily access memory (invalid downcasts,
calls of methods on invalid pointers, ...). This patch adds a note
about this behavior in the docs.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@267447 91177308-0d34-0410-b5e6-96231b3b80d8

docs/UndefinedBehaviorSanitizer.rst

@@ -92,11 +92,14 @@ Available checks are:
      parameter which is declared to never be null.
   -  ``-fsanitize=null``: Use of a null pointer or creation of a null
      reference.
-  -  ``-fsanitize=object-size``: An attempt to use bytes which the
-     optimizer can determine are not part of the object being
-     accessed. The sizes of objects are determined using
-     ``__builtin_object_size``, and consequently may be able to detect
-     more problems at higher optimization levels.
+  -  ``-fsanitize=object-size``: An attempt to potentially use bytes which
+    the optimizer can determine are not part of the object being accessed.
+    This will also detect some types of undefined behavior that may not
+    directly access memory, but are provably incorrect given the size of
+    the objects involved, such as invalid downcasts and calling methods on
+    invalid pointers. These checks are made in terms of
+    ``__builtin_object_size``, and consequently may be able to detect more
+    problems at higher optimization levels.
   -  ``-fsanitize=return``: In C++, reaching the end of a
      value-returning function without returning a value.
   -  ``-fsanitize=returns-nonnull-attribute``: Returning null pointer