split .bazelrc asan config into asan and ubsan

[yevgenypats]

Description:
This splits the asan config in .bazelrc to ubsan and asan. This solves an issue with #7805 and this is a block for #7509. Because currently the asan-fuzzer doesnt work with ubsan.

Risk Level:
Low
Testing:
No

CC @htuch @asraa

[lizan]

@yevgenypats If you incorporate google/oss-fuzz#2664 to #7509 I guess it will unblock you there, can you try if that works?

[yevgenypats]

@lizan I can try that. I already had a working fuzzer build that was based on oss-fuzz scripts that was working. @htuch wanted to have a native bazel build that will build the fuzzers so there won't be duplicate scripts building the same thing. I will happily do either but let's get to a consensus so we won't do duplicate work.

[lizan]

@yevgenypats Oh I missed that comment, re native bazel build, isn't https://github.com/envoyproxy/envoy/blob/master/.bazelrc#L144 already working? @asraa might know more.

[yevgenypats]

Yes it almost works. it is blocked by this fix. @asraa was busy so I contributed. @asraa will be happy if you can look at the commit and see if this is ok.

[htuch]

I don't have any strong objections to this PR, I get what @yevgenypats is trying to do. My main concern is that we are doing this in terms of builds that are targeted at gcc, and clang is where we spend all our time these days on the fuzz and sanitizer front. @yevgenypats are you really planning on using gcc, or is this some kind of asan-base target that only exists for the Clang ASAN/UBSAN?

[yevgenypats]

/retest

[repokitteh-read-only]

🔨 rebuilding ci/circleci: asan (failed build)

🐱

Caused by: a #7947 (comment) was created by @yevgenypats.

see: more, trace.

[yevgenypats]

@htuch I'm not planning on using gcc this is totally related to clang where I want to have an option not to use ubsan for some of the fuzzers because this makes life hard when trying to build it in unprivileged containers like in CircleCI.

[lizan]

I want to have an option not to use ubsan for some of the fuzzers because this makes life hard when trying to build it in unprivileged containers like in CircleCI.

Out of curiousity, which sanitizer need privileged containers?

The current build issue in this PR for ubsan is from vptr which I commented above, which I addressed in the oss-fuzz PR if you want to sanitize on vptr.

Anyway lets see whether #7949 works, which I think it does, then we don't need

[lizan]

You need move -fno-sanitize=vptr after this line.

[yevgenypats]

Agree let's wait for #7949

[lizan]

#7949 is landed, do you still need this one?

[yevgenypats]

nope. we can remove this.