Disable the ASan SEGV handler for NaCl processes on Mac.

chrome/app/chrome_exe_main_mac.cc

Index: chrome/app/chrome_exe_main_mac.cc
===================================================================
--- chrome/app/chrome_exe_main_mac.cc	(revision 237596)
+++ chrome/app/chrome_exe_main_mac.cc	(working copy)
@@ -6,8 +6,48 @@
 // bundle (browser) and helper app (renderer, plugin, and friends).
 
 #include <stdlib.h>
+#include <string.h>
 
+#if defined(ADDRESS_SANITIZER)
+// NaCl doesn't play well with ASan's signal handler, so we need to add

[Mark Seaborn, 2013/11/29 16:50:36]

You mean ASan doesn't play well with NaCl's signal handler. :-)  Is there
anything NaCl could do to coexist with ASan's signal handler, other than set
handle_segv=0?

[Alexander Potapenko, 2013/12/02 15:50:19]

I think we've discussed signal handler chaining some time ago, but nothing has
been done to support that.
Fixed the comment.

+// handle_segv=0 to ASAN_OPTIONS. This is done by injecting
+// __asan_default_options into the executable.
+// Because there's no distinct NaCl executable on OSX, we have to look at the
+// command line arguments to understand whether the process is a NaCl loader.
+
+static const char kNaClDefaultOptions[] = "handle_segv=0";
+static const char kNaclFlag[] = "--type=nacl-loader";

[Mark Seaborn, 2013/11/29 16:50:36]

"Nacl" -> "NaCl"

[Alexander Potapenko, 2013/12/02 15:50:19]

Done.

+
 extern "C" {
+char ***_NSGetArgv();

[Mark Seaborn, 2013/11/29 16:50:36]

You can get this decl from crt_externs.h

[Alexander Potapenko, 2013/12/02 15:50:19]

Done. Let me know if you prefer not having #ifdef around this #include to make
the code shorter.

+
+// __asan_default_options() is called at ASan initialization, so it must
+// not be instrumented with ASan -- thus the "no_sanitize_address" attribute.
+__attribute__((no_sanitize_address))
+__attribute__((used))

[Mark Seaborn, 2013/11/29 16:50:36]

Why do you need this?  I thought this is only used for suppressing warnings on
static functions.

[Alexander Potapenko, 2013/12/02 15:50:19]

Because this function is only referenced from the dynamic ASan runtime, and ld
may delete it as dead code.

[Mark Seaborn, 2013/12/02 16:51:32]

Ah, with Clang, __attribute__((used)) adds the function to @llvm.used, so it can
affect linking (unlike with GCC).  I didn't realise that before.

+__attribute__((visibility("default")))
+const char* __asan_default_options()  {
+  char ***argvp = _NSGetArgv();

[Mark Seaborn, 2013/11/29 16:50:36]

Nit: Use "*** " spacing (Chromium style)

[Alexander Potapenko, 2013/12/02 15:50:19]

Done.

+  if (!argvp) return NULL;
+  char **argv = *argvp;
+  bool is_nacl = false;
+  const int kNaclFlagLen = strlen(kNaclFlag);
+  for (int i = 0; argv[i]; ++i) {

[Mark Seaborn, 2013/11/29 16:50:36]

Should you use _NSGetArgc() rather than assuming the array is NULL-terminated?

[Alexander Potapenko, 2013/12/02 15:50:19]

I think the system somewhat guarantees that, but _NSGetArgc() is indeed cleaner.

+    if (strncmp(argv[i], kNaclFlag, kNaclFlagLen + 1) == 0) {

[Mark Seaborn, 2013/11/29 16:50:36]

Why not "strcmp(argv[i], kNaClFlag)"?  You don't need to do a prefix match for
"--type=nacl-loader".

[Alexander Potapenko, 2013/12/02 15:50:19]

Done.

+      is_nacl = true;

[Mark Seaborn, 2013/11/29 16:50:36]

You could just do "return kNaClDefaultOptions" here.

[Alexander Potapenko, 2013/12/02 15:50:19]

True.

+      break;
+    }
+  }
+  if (is_nacl) {
+    return kNaClDefaultOptions;
+  } else {
+    return NULL;
+  }
+}
+}
+#endif
+
+extern "C" {
 int ChromeMain(int argc, char** argv);
 }  // extern "C"