Make UBSAN vptr work inside UBSAN and also add the UNDEFINED_SANITIZER define. Also, these can share the same blacklist file due to seperate prefixes.

TBR=glider@chromium.org,jochen@chromium.org
BUG=

Review URL: https://codereview.chromium.org/851163006

Cr-Commit-Position: refs/heads/master@{#312207}

1 files changed, 90 insertions, 0 deletions

diff --git a/tools/ubsan/blacklist.txt b/tools/ubsan/blacklist.txt
new file mode 100644
index 0000000..6b5915f
--- /dev/null
+++ b/tools/ubsan/blacklist.txt
@@ -0,0 +1,90 @@
+#############################################################################
+# UBSan vptr blacklist.
+# Function and type based blacklisting use a mangled name, and it is especially
+# tricky to represent C++ types. For now, any possible changes by name manglings
+# are simply represented as wildcard expressions of regexp, and thus it might be
+# over-blacklisted.
+
+#############################################################################
+# Identical layouts.
+# If base and derived classes have identifical memory layouts (i.e., the same
+# object size) and both have no virtual functions, we blacklist them as there
+# would be not much security implications.
+
+fun:*LifecycleNotifier*addObserver*
+fun:*LifecycleNotifier*removeObserver*
+fun:*toWebInputElement*
+type:*base*MessageLoopForIO*
+type:*BlockRefType*
+type:*SkAutoTUnref*
+type:*WDResult*
+type:*ExecutionContext*
+type:*WebInputElement*
+type:*WebFormControlElement*
+
+# Avoid identical layout cases for 86 different classes in InspectorTypeBuilder,
+# all of which are guarded using COMPILER_ASSERT on the object size. Two more
+# types are also blacklisted due to the template class (JSONArray <-> Array<T>).
+
+src:*InspectorTypeBuilder.h*
+type:*TypeBuilder*
+type:*JSONArray*
+
+#############################################################################
+# Base class's constructor accesses a derived class's member.
+
+fun:*DoublyLinkedListNode*
+type:*content*WebUIExtensionData*
+
+# RenderFrameObserverTracker<T>::RenderFrameObserverTracker()
+fun:*content*RenderFrameObserverTracker*RenderFrame*
+
+# RenderViewObserverTracker<T>::RenderViewObserverTracker()
+fun:*content*RenderViewObserverTracker*RenderView*
+
+#############################################################################
+# Base class's destructor accesses a derived class.
+
+fun:*DatabaseContext*contextDestroyed*
+
+#############################################################################
+# static_cast into itself in the constructor.
+
+fun:*RefCountedGarbageCollected*makeKeepAlive*
+fun:*ThreadSafeRefCountedGarbageCollected*makeKeepAlive*
+
+#############################################################################
+# Accessing data in destructurors where the class has virtual inheritances.
+
+type:*content*RenderWidgetHost*
+
+# Mangled name for content::RenderViewHostImpl::~RenderViewHostImpl()
+fun:*content*RenderViewHostImpl*
+
+#############################################################################
+# Using raw pointer values.
+#
+# A raw pointer value (16) is used to infer the field offset by
+# GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET.
+
+src:*/third_party/protobuf/src/google/protobuf/compiler/plugin.pb.cc
+src:*/third_party/protobuf/src/google/protobuf/compiler/cpp/cpp_message.cc
+src:*/third_party/protobuf/src/google/protobuf/descriptor.pb.cc
+
+#############################################################################
+# Avoid link errors.
+# Ubsan vptr needs typeinfo on the target class, but it looks like typeinfo is
+# not avaiable if the class is not exported.  For now, simply blacklisted to
+# avoid link errors; e.g., undefined reference to 'typeinfo for [CLASS_NAME]'.
+
+# obj/ppapi/libppapi_proxy.a(obj/ppapi/proxy/ppapi_proxy.proxy_channel.o):../../ppapi/proxy/proxy_channel.cc:__unnamed_53: error: undefined reference to 'typeinfo for IPC::TestSink'
+src:*/ppapi/proxy/proxy_channel.cc
+
+# obj/chrome/libbrowser.a(obj/chrome/browser/net/browser.predictor.o):../../chrome/browser/net/predictor.cc:__unnamed_577: error: undefined reference to 'typeinfo for ProxyAdvisor'
+src:*/chrome/browser/net/predictor.cc
+
+# obj/third_party/pdfium/libfpdfapi.a(obj/third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdfapi.fpdf_render_text.o):../../third_party/pdfium/core/src/fpdfapi/fpdf_render/:__unnamed_360: error: undefined reference to 'typeinfo for CPDF_InlineImages'
+src:*/third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdf_render_text.cpp
+
+# obj/third_party/libwebm/libwebm.a(obj/third_party/libwebm/source/libwebm.mkvmuxer.o)(.data.rel..L__unnamed_2+0x18): error: undefined reference to 'typeinfo for mkvparser::IMkvReader'
+src:*/third_party/libwebm/source/mkvmuxer.cpp