Add preliminary support for UBsan's vptr in Chromium (-fsanitize=vptr).

build/common.gypi

Index: build/common.gypi
diff --git a/build/common.gypi b/build/common.gypi
index aca6efd95a3f06e2727d56d11dff5c612521c6a3..274ecfc0b83f306980909476ccaf8460d601eb8e 100644
--- a/build/common.gypi
+++ b/build/common.gypi
@@ -391,6 +391,11 @@
       # See http://clang.llvm.org/docs/UsersManual.html
       'ubsan%': 0,
 
+      # Enable building with UBsan's vptr (Clang's -fsanitize=vptr -fsanitize=null options).
+      # -fsanitize=vptr only works with clang, but ubsan_vptr=1 implies clang=1
+      'ubsan_vptr%': 0,
+      'ubsan_vptr_blacklist%': '<(PRODUCT_DIR)/../../tools/ubsan_vptr/blacklist.txt',
+
       # Use the dynamic libraries instrumented by one of the sanitizers
       # instead of the standard system libraries.
       'use_instrumented_libraries%': 0,
@@ -1066,6 +1071,8 @@
     'tsan%': '<(tsan)',
     'tsan_blacklist%': '<(tsan_blacklist)',
     'ubsan%': '<(ubsan)',
+    'ubsan_vptr%': '<(ubsan_vptr)',
+    'ubsan_vptr_blacklist%': '<(ubsan_vptr_blacklist)',
     'use_instrumented_libraries%': '<(use_instrumented_libraries)',
     'use_custom_libcxx%': '<(use_custom_libcxx)',
     'clang_type_profiler%': '<(clang_type_profiler)',
@@ -1456,7 +1463,7 @@
           # compiler_version works with clang.
           # TODO(glider): set clang to 1 earlier for ASan and TSan builds so
           # that it takes effect here.
-          ['clang==0 and asan==0 and lsan==0 and tsan==0 and msan==0 and ubsan==0', {
+          ['clang==0 and asan==0 and lsan==0 and tsan==0 and msan==0 and ubsan==0 and ubsan_vptr==0', {
             'binutils_version%': '<!pymod_do_main(compiler_version target assembler)',
           }],
           # On Android we know the binutils version in the toolchain.
@@ -1482,7 +1489,7 @@
       # platforms except Windows, Mac and iOS.
       # TODO(glider): set clang to 1 earlier for ASan and TSan builds so that
       # it takes effect here.
-      ['os_posix==1 and OS!="mac" and OS!="ios" and clang==0 and asan==0 and lsan==0 and tsan==0 and msan==0', {
+      ['os_posix==1 and OS!="mac" and OS!="ios" and clang==0 and asan==0 and lsan==0 and tsan==0 and msan==0 and ubsan_vptr==0', {
         'conditions': [
           ['OS=="android"', {
             # We directly set the gcc versions since we know what we use.
@@ -2046,7 +2053,6 @@
           '<!@(<(DEPTH)/tools/clang/scripts/plugin_flags.sh)'
         ],
       }],
-
       ['asan==1 or msan==1 or lsan==1 or tsan==1', {
         'clang%': 1,
         'use_allocator%': 'none',
@@ -2054,6 +2060,11 @@
       ['ubsan==1', {
         'clang%': 1,
       }],
+      ['ubsan_vptr==1', {
+        'clang%': 1,
+        'use_allocator%': 'none',

[earthdok, 2014/06/26 16:48:31]

UBSan doesn't replace the allocator. Why are we setting this?

+        'clang_use_chrome_plugins%': 0,  # Temporally turn plugins off as Ubsan's vptr now relies on custom Clang binaries.

[earthdok, 2014/06/26 16:48:31]

Please either pass this explicitly in GYP_DEFINES (preferable) or at least put a
TODO here.

+      }],
       ['asan==1 and OS=="mac"', {
         # TODO(glider): we do not strip ASan binaries until the dynamic ASan
         # runtime is fully adopted. See http://crbug.com/242503.
@@ -2517,7 +2528,7 @@
           'GCC_GENERATE_DEBUGGING_SYMBOLS': 'NO',
         },
         'conditions': [
-          ['clang==1 and asan==0 and msan==0 and tsan==0', {
+          ['clang==1 and asan==0 and msan==0 and tsan==0 and ubsan_vptr==0', {
             # Clang creates chubby debug information, which makes linking very
             # slow. For now, don't create debug information with clang.  See
             # http://crbug.com/70000
@@ -3852,7 +3863,7 @@
           }],
           # Common options for AddressSanitizer, LeakSanitizer,
           # ThreadSanitizer and MemorySanitizer.
-          ['asan==1 or lsan==1 or tsan==1 or msan==1 or ubsan==1', {
+          ['asan==1 or lsan==1 or tsan==1 or msan==1 or ubsan==1 or ubsan_vptr==1', {
             'target_conditions': [
               ['_toolset=="target"', {
                 'cflags': [
@@ -3865,7 +3876,7 @@
               }],
             ],
           }],
-          ['asan==1 or lsan==1 or tsan==1 or msan==1', {
+          ['asan==1 or lsan==1 or tsan==1 or msan==1 or ubsan_vptr==1', {

[earthdok, 2014/06/26 16:48:31]

Again, why define MEMORY_TOOL_REPLACES_ALLOCATOR?

             'target_conditions': [
               ['_toolset=="target"', {
                 'ldflags!': [
@@ -3925,6 +3936,30 @@
               }],
             ],
           }],
+          ['ubsan_vptr==1', {
+            'target_conditions': [
+              ['_toolset=="target"', {
+                'cflags': [
+                  '-fsanitize=vptr',
+                  '-fsanitize=null',  # Avoid dereferences on null pointer objects.
+                  '-fsanitize-blacklist=<(ubsan_vptr_blacklist)',
+                  '-w',  # http://crbug.com/162783
+                ],
+                'cflags_cc!': [
+                  '-fno-rtti',
+                ],
+                'cflags!': [
+                  '-fno-rtti',
+                ],
+                'ldflags': [
+                  '-fsanitize=vptr',  # -fsanitize=null is not necessary.
+                ],
+                'defines': [
+                  'UNDEFINED_SANITIZER',
+                ],
+              }],
+            ],
+          }],
           ['asan_coverage!=0', {
             'target_conditions': [
               ['_toolset=="target"', {