Add sandbox support for AsanCoverage.

Support dumping coverage data generated by AsanCoverage from sandboxed processes. For the GPU process, we simply pre-open a file before engaging the sandbox. For the renderers, we use a helper process which we fork from the zygote. The helper process collects coverage data from renderers over a socket and writes it to a file. This allows an arbitrary number of renderers to share one output file.

With this change, GPU and renderers will write coverage data to .sancov.packed files which may contain data from multiple modules/processes. Previously, we created one .sancov file per process per module (and still do so for other processes).

Note that the new behavior takes effect regardless of whether the sandbox is actually enabled.

BUG=336212
R=jln@chromium.org
TBR=kbr@chromium.org

Review URL: https://codereview.chromium.org/280303002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@274248 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 12 insertions, 0 deletions

diff --git a/content/gpu/gpu_main.cc b/content/gpu/gpu_main.cc
index dd9759b..7cfd446 100644
--- a/content/gpu/gpu_main.cc
+++ b/content/gpu/gpu_main.cc
@@ -56,6 +56,10 @@
 #include "base/message_loop/message_pump_mac.h"
 #endif
 
+#if defined(ADDRESS_SANITIZER)
+#include <sanitizer/asan_interface.h>
+#endif
+
 const int kGpuTimeout = 10000;
 
 namespace content {
@@ -444,6 +448,14 @@ bool StartSandboxLinux(const gpu::GPUInfo& gpu_info,
     // has really been stopped.
     LinuxSandbox::StopThread(watchdog_thread);
   }
+
+#if defined(ADDRESS_SANITIZER)
+  LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance();
+  linux_sandbox->sanitizer_args()->coverage_sandboxed = 1;
+  linux_sandbox->sanitizer_args()->coverage_fd = -1;
+  linux_sandbox->sanitizer_args()->coverage_max_block_size = 0;
+#endif
+
   // LinuxSandbox::InitializeSandbox() must always be called
   // with only one thread.
   res = LinuxSandbox::InitializeSandbox();