Revert migration to -fsanitize=fizzer-no-link because of multiple issues.

- AFL doesn't see coverage instrumentation, as it currently relies on
__sanitizer_cov_trace_pc_guard, i.e. -fsanitize=trace-pc-guard.

- coverage generation for libFuzzer is broken, sancov doesn't see any edges.

R=inferno@chromium.org, metzman@chromium.org

Bug: 764514, 798928
Change-Id: Ic4775b53d1ff03af4660b5f930a892182c9f021b
Reviewed-on: https://chromium-review.googlesource.com/852826
Reviewed-by: Abhishek Arya <inferno@chromium.org>
Reviewed-by: Jonathan Metzman <metzman@chromium.org>
Commit-Queue: Abhishek Arya <inferno@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#527401}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: 890a78251380463ed81454104bb91e3700ffff42

config/sanitizers/BUILD.gn

@@ -200,13 +200,7 @@ config("default_sanitizer_ldflags") {
       ldflags += [ "-fsanitize=vptr" ]
     }
 
-    if (use_fuzzing_engine) {
-      ldflags += [
-        "-fsanitize=fuzzer-no-link",
-        # Disable PC-Table coverage as per https://crbug.com/764514#c21.
-        "-fno-sanitize-coverage=pc-table",
-      ]
-    } else if (use_sanitizer_coverage) {
+    if (use_sanitizer_coverage) {
       ldflags += [ "-fsanitize-coverage=$sanitizer_coverage_flags" ]
     }
 
@@ -403,14 +397,7 @@ config("cfi_icall_generalize_pointers") {
 
 config("coverage_flags") {
   cflags = []
-  if (use_fuzzing_engine) {
-    cflags += [
-      "-fsanitize=fuzzer-no-link",
-      # Disable PC-Table coverage as per https://crbug.com/764514#c21.
-      "-fno-sanitize-coverage=pc-table",
-    ]
-    defines = [ "SANITIZER_COVERAGE" ]
-  } else if (use_sanitizer_coverage) {
+  if (use_sanitizer_coverage) {
     cflags += [
       "-fsanitize-coverage=$sanitizer_coverage_flags",
       "-mllvm",

config/sanitizers/sanitizers.gni

@@ -96,6 +96,8 @@ declare_args() {
 
   # Value for -fsanitize-coverage flag. Setting this causes
   # use_sanitizer_coverage to be enabled.
+  # Default value when unset and use_fuzzing_engine=true:
+  #     trace-pc-guard
   # Default value when unset and use_sanitizer_coverage=true:
   #     trace-pc-guard,indirect-calls
   sanitizer_coverage_flags = ""
@@ -132,11 +134,16 @@ if (current_toolchain != default_toolchain) {
   use_sanitizer_coverage = false
 }
 
+# Whether we are doing a fuzzer build. Normally this should be checked instead
+# of checking "use_libfuzzer || use_afl" because often developers forget to
+# check for "use_afl".
+use_fuzzing_engine = use_libfuzzer || use_afl
+
 # Args that are in turn dependent on other args must be in a separate
 # declare_args block. User overrides are only applied at the end of a
 # declare_args block.
 declare_args() {
-  use_sanitizer_coverage = false
+  use_sanitizer_coverage = use_fuzzing_engine || sanitizer_coverage_flags != ""
 
   # Detect overflow/underflow for global objects.
   #
@@ -144,19 +151,9 @@ declare_args() {
   asan_globals = !is_mac
 }
 
-# Whether we are doing a fuzzer build. Normally this should be checked instead
-# of checking "use_libfuzzer || use_afl" because often developers forget to
-# check for "use_afl".
-use_fuzzing_engine = use_libfuzzer || use_afl
-
-assert(
-    !(use_fuzzing_engine &&
-          (use_sanitizer_coverage || sanitizer_coverage_flags != "")),
-    "Sanitizer coverage (either use_sanitizer_coverage or " +
-        "sanitizer_coverage_flags) should not be used if use_fuzzing_engine " +
-        "is true, i.e. when libFuzzer or AFL is being used.")
-
-if (use_sanitizer_coverage && sanitizer_coverage_flags == "") {
+if (use_fuzzing_engine && sanitizer_coverage_flags == "") {
+  sanitizer_coverage_flags = "trace-pc-guard"
+} else if (use_sanitizer_coverage && sanitizer_coverage_flags == "") {
   sanitizer_coverage_flags = "trace-pc-guard,indirect-calls"
 }