This is already set for our d8 jobs.

We *may* be able to set this for Chrome as well, but we need to make sure that SEGVs in Chrome that aren't handled by the trap handler are properly forwarded to the sanitizer signal handlers. 

We always pass --disable-in-process-stack-traces to chrome on ClusterFuzz to ensure that Chrome's signal handlers don't interfere with sanitizer ones, but unfortunately it looks like the trap handler relies on Chrome's signal handler to work: https://cs.chromium.org/chromium/src/content/renderer/render_process_impl.cc?type=cs&q=kDisableInProcessStackTraces&sq=package:chromium&l=163


It looks like we have to either:
- Install the V8 trap handler some other way that doesn't rely on Chrome's signal handler, or
- Modify chrome's signal handler to always defer to ASan's signal handler after trying |try_handle_signal| in https://chromium.googlesource.com/chromium/src/+/6915c5b2478a20ee07830170db5a01c16efed673/base/debug/stack_trace_posix.cc#244, and stop passing --disable-in-process-stack-traces on ClusterFuzz.

Your first option is very doable. At https://cs.chromium.org/chromium/src/content/renderer/render_process_impl.cc?type=cs&q=kDisableInProcessStackTraces&sq=package:chromium&l=174, we just need to make sure use_v8_signal_handler = true is set when the sanitizers are enabled. This will install the same signal handler that runs in d8. This one is set up to uninstall itself on a fault that it cannot handle and raise the signal again so the previous signal handler gets a chance. See https://cs.chromium.org/chromium/src/v8/src/trap-handler/handler-inside.cc?sq=package:chromium&l=160

Ah, I think this is already possible if we just pass --disable-breakpad to our chrome jobs in addition to --disable-in-process-stack-traces to pass all the checks to make use_v8_signal_handler = true.

However, this might break in the future when Linux moves to Crashpad though (and I'm not sure if there is a similar option to disable signal handlers there), so it's probably best to add an explicit check for sanitizers here.

eholk@, would you mind making this change? 

I can definitely make the change to install V8's signal handler when sanitizers are enabled. I'm happy to change the flags for Chrome jobs too, but I'll need a pointer for where to make this change.

Thanks! We can make the change to change the Chrome flags on ClusterFuzz. Please CC me on the CL so I know when to do so. 

So actually, reading the code more closely at https://cs.chromium.org/chromium/src/content/renderer/render_process_impl.cc?type=cs&q=kDisableInProcessStackTraces&sq=package:chromium&l=171, I think this may just work.

The logic is that if --disable-in-process-stack-traces is not given (that is, stack traces are enabled), we call SetStackDumpFirstChanceCallback which registers a hook with the stack dump handler.

Otherwise, unless --enable-crash-reporter or --enable-crash-reporter-for-testing is given, then we use V8's default signal handler.

Basically, trap handlers are designed to work with breakpad, stack dumps, or no signal handler.

So it sounds like all we need to do is change allow_user_segv_handler to 1 in ASAN_OPTIONS.

Is this still relevant?

This was fixed in https://crrev.com/c/1335572.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/26a78061af924d5277717e07364dcfd20f63d2c3

commit 26a78061af924d5277717e07364dcfd20f63d2c3
Author: Clemens Hammacher <clemensh@chromium.org>
Date: Thu Jan 03 09:53:17 2019

Remove trap handler fallback for sanitizers

Since https://crrev.com/c/1335572, our sanitizers allow to set custom
segfault handlers. Thus remove special code that was added to handle
sanitizers that prevent installation of segfault handlers. Instead,
CHECK that the signal handler was installed correctly.

R=ahaas@chromium.org, mseaborn@chromium.org, mark@chromium.org

Bug:  chromium:830894 
Change-Id: I3bd66e33efdceb3e8469f3f4a09fbde90cb3d7ec
Reviewed-on: https://chromium-review.googlesource.com/c/1392199
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58513}
[modify] https://crrev.com/26a78061af924d5277717e07364dcfd20f63d2c3/src/trap-handler/handler-outside-posix.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/5ac88bfca6fa32673c173b1d8d3ddc906d869106

commit 5ac88bfca6fa32673c173b1d8d3ddc906d869106
Author: Clemens Hammacher <clemensh@chromium.org>
Date: Fri Jan 04 16:08:38 2019

Revert "Remove trap handler fallback for sanitizers"

This reverts commit 26a78061af924d5277717e07364dcfd20f63d2c3.

Reason for revert: Not all fuzzers support custom segfault handlers yet, see https://crbug.com/918949

Original change's description:
> Remove trap handler fallback for sanitizers
> 
> Since https://crrev.com/c/1335572, our sanitizers allow to set custom
> segfault handlers. Thus remove special code that was added to handle
> sanitizers that prevent installation of segfault handlers. Instead,
> CHECK that the signal handler was installed correctly.
> 
> R=​ahaas@chromium.org, mseaborn@chromium.org, mark@chromium.org
> 
> Bug:  chromium:830894 
> Change-Id: I3bd66e33efdceb3e8469f3f4a09fbde90cb3d7ec
> Reviewed-on: https://chromium-review.googlesource.com/c/1392199
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58513}

TBR=mseaborn@chromium.org,ahaas@chromium.org,mark@chromium.org,clemensh@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug:  chromium:830894 , chromium:918949
Change-Id: Ide545860cf7729139ac50c0dd2e85facca49b0b1
Reviewed-on: https://chromium-review.googlesource.com/c/1396277
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58556}
[modify] https://crrev.com/5ac88bfca6fa32673c173b1d8d3ddc906d869106/src/trap-handler/handler-outside-posix.cc