Add a hwasan_platform build flag.

This flag specifies whether to target the platform's copy of the HWASan
runtime, rather than one bundled with the application.

I decided to make this a build flag rather than change the default because
there are use cases for both settings.

- Builds with hwasan_platform=true may only be used on HWASANified builds of
  the platform.
- Builds with hwasan_platform=false are only expected to work on
  non-HWSANified builds of the platform. They may work in HWASANified builds,
  but this is not guaranteed because the compiler is allowed to target the
  bundled runtime library which may have a different ABI to the platform's
  copy.

Moreover, hwasan_platform=false requires the compiler to emit additional
code into each function which can hurt performance and binary size.

Bug: 916828
Change-Id: I45c9ccdc0a5cf1b3c6a729263204a023b40ba15f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1642787
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#666092}

build/config/android/rules.gni

@@ -31,7 +31,7 @@ if (use_cfi_diag || is_ubsan || is_ubsan_security || is_ubsan_vptr) {
   _sanitizer_runtimes = [ "$clang_base_path/lib/clang/$clang_version/lib/linux/libclang_rt.ubsan_standalone-$_sanitizer_arch-android.so" ]
 }
 
-if (is_hwasan) {
+if (is_hwasan && !hwasan_platform) {
   _sanitizer_runtimes = [ "$clang_base_path/lib/clang/$clang_version/lib/linux/libclang_rt.hwasan-$_sanitizer_arch-android.so" ]
 }
 

build/config/sanitizers/BUILD.gn

@@ -436,6 +436,9 @@ config("coverage_flags") {
 config("hwasan_flags") {
   if (is_hwasan) {
     cflags = [ "-fsanitize=hwaddress" ]
+    if (hwasan_platform) {
+      cflags += [ "-fsanitize-hwaddress-abi=platform" ]
+    }
   }
 }
 

build/config/sanitizers/sanitizers.gni

@@ -16,6 +16,10 @@ declare_args() {
   # See http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
   is_hwasan = false
 
+  # Specify whether to target the platform's copy of the HWASan runtime,
+  # rather than one bundled with the application.
+  hwasan_platform = false
+
   # Compile for Leak Sanitizer to find leaks.
   is_lsan = false
 
@@ -123,6 +127,7 @@ if (current_toolchain != default_toolchain) {
   is_asan = false
   is_cfi = false
   is_hwasan = false
+  hwasan_platform = false
   is_lsan = false
   is_msan = false
   is_tsan = false
@@ -245,6 +250,9 @@ assert(
         "Chromium mac_clang_x64 toolchain on iOS distribution. Please set " +
         "the argument value to false.")
 
+assert(!hwasan_platform || is_hwasan,
+       "hwasan_platform requires is_hwasan to be set")
+
 # Use these lists of configs to disable instrumenting code that is part of a
 # fuzzer, but which isn't being targeted (such as libprotobuf-mutator, *.pb.cc
 # and libprotobuf when they are built as part of a proto fuzzer). Adding or