Implement use_cfi_cast to optionally enable cast checks.

build/config/sanitizers/sanitizers.gni

 # Copyright 2015 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 declare_args() {
   # Compile for Address Sanitizer to find memory bugs.
   is_asan = false
 
   # Compile for Leak Sanitizer to find leaks.
   is_lsan = false
@@ skipping 31 matching lines @@
   # errors. Only works on Windows. See
   # https://github.com/google/syzygy/wiki/SyzyASanHowTo
   is_syzyasan = false
 
   # Compile with Control Flow Integrity to protect virtual calls and casts.
   # See http://clang.llvm.org/docs/ControlFlowIntegrity.html
   #
   # TODO(pcc): Remove this flag if/when CFI is enabled in official builds.
   is_cfi = false
 
+  # Enable checks for bad casts: derived cast and unrelated cast.
+  # TODO(krasin): remove this, when we're ready to add these checks by default.
+  # https://crbug.com/626794
+  use_cfi_cast = false
+
   # By default, Control Flow Integrity will crash the program if it detects a
   # violation. Set this to true to print detailed diagnostics instead.
   use_cfi_diag = false
 
   # Compile for fuzzing with LLVM LibFuzzer.
   # See http://www.chromium.org/developers/testing/libfuzzer
   use_libfuzzer = false
 
   # Compile for fuzzing with AFL.
   use_afl = false
@@ skipping 59 matching lines @@
 #
 # If you find a use-case where you want to compile a sanitizer in debug mode
 # and have verified it works, ask brettw and we can consider removing it from
 # this condition. We may also be able to find another way to enable your case
 # without having people accidentally get broken builds by compiling an
 # unsupported or unadvisable configurations.
 #
 # For one-off testing, just comment this assertion out.
 assert(!is_debug || !(is_msan || is_ubsan || is_ubsan_null || is_ubsan_vptr),
        "Sanitizers should generally be used in release (set is_debug=false).")