Allocator shim skeleton + Linux impl behind a build flag

TL;DR
-----
This CL introduces the skeleton for the unified allocator shim and
an actual working implementation for Linux.
The Linux implementation is really just taking the headers that today
define the malloc symbols in tcmalloc and copying them to base.
All the changes introduced are conditioned behind the build-time flag
use_experimental_allocator_shim, which is disabled by default.

Background Context
------------------
There are two reasons why we want to intercept allocations in Chrome:
1) To enforce some security properties (suicide on malloc failure via
   std::new_handler, preventing allocations > 2GB which can trigger
   signed vs. unsigned bugs in third_party libraries).
2) For diagnostic purposes (heap profiling).

Today (before this CL) allocation calls are already intercepted in
most Chrome platforms, but that happens in a disorganized and
inconsistent fashion. More in details:
On Linux: TCMalloc redefines the malloc()/new() symbols and we added
  code to the internal fork of tcmalloc to achieve 1).
On Mac: we inject our hooks in the default malloc zone in
  EnableTerminationOnOutOfMemory() (memory_mac.mm)
On Windows: we strip the malloc symbols out of libcmt and re-define
  them in allocator_shim_win.cc
On Android: we don't have 1)

The purpose of this work is to refactor and uniform this.
The goal is to have all the OS call into a single module (herein
allocator_shim.h) which performs 1) in base (as opposite to forking
allocator-specific code) and which offers a uniform interface for 2).

Why is this good?
-----------------
- Makes the allocator code more readable.
- Allows to unfork code from tcmalloc.
- Allows to design a more maintainable heap profiler, which shares
  the same code paths of the security enforcement layer.

Notes about execution
---------------------
Essentially on each platform we need to do three things:
 - Dismantle the code that defines the malloc()/new symbols.
 - Let the malloc()/new symbols route through the shim.
 - Have the shim ultimately invoke the actual allocator (tcmalloc,
   winheap, system allocator) as defined by the build config.
This clearly cannot happen atomically in one CL.
The plan, therefore, is to make the above happen behind a build-time
flag (use_experimental_allocator_shim), so the shim can be easily
tested / rolled-back in case of failures, and ultimately drop the
build-time flag (and remove the dead cde) once everything works.
This also will make dealing with reverts very manageable.

Therefore this CL (and likely all the future ones) is meant to be
a no-op until use_experimental_allocator_shim==true.

Design doc: bit.ly/allocator-shim

BUG=550886
TEST=build with use_experimental_allocator_shim=true, base_unittests --gtest_filter=AllocatorShimTest.*

Review URL: https://codereview.chromium.org/1675143004

Cr-Commit-Position: refs/heads/master@{#380196}

1 files changed, 12 insertions, 0 deletions

diff --git a/base/BUILD.gn b/base/BUILD.gn
index a06dfa3..925dd7a 100644
--- a/base/BUILD.gn
+++ b/base/BUILD.gn
@@ -18,6 +18,7 @@
 # huge sequence of random-looking conditionals.
 
 import("//build/buildflag_header.gni")
+import("//build/config/allocator.gni")
 import("//build/config/compiler/compiler.gni")
 import("//build/config/nacl/config.gni")
 import("//build/config/sysroot.gni")
@@ -974,6 +975,7 @@ component("base") {
 
   deps = [
     "//base/allocator",
+    "//base/allocator:features",
     "//base/third_party/dynamic_annotations",
     "//third_party/modp_b64",
   ]
@@ -990,6 +992,12 @@ component("base") {
     libs = [ "atomic" ]
   }
 
+  if (use_experimental_allocator_shim) {
+    # The allocator shim is part of the base API. This is to allow clients of
+    # base should to install hooks into the allocator path.
+    public_deps += [ "//base/allocator:unified_allocator_shim" ]
+  }
+
   # Allow more direct string conversions on platforms with native utf8
   # strings
   if (is_mac || is_ios || is_chromeos) {
@@ -1898,6 +1906,10 @@ test("base_unittests") {
     deps += [ ":base_profiler_test_support_library" ]
   }
 
+  if (use_experimental_allocator_shim) {
+    sources += [ "allocator/allocator_shim_unittest.cc" ]
+  }
+
   # TODO(jschuh): crbug.com/167187 fix size_t to int truncations.
   configs += [ "//build/config/compiler:no_size_t_to_int_warning" ]