[PA] Add configuration for iOS binary experiment

To drive the experiment smoothly, we want to make it configurable with
only `//ios` changes.

`enable_ios_corruption_hardening` is now exposed through build overrides
and toggles `enable_partition_lock_reentrancy_check`,
`use_partition_cookie`, `smaller_partition_cookie`, and
`force_disable_backup_ref_ptr_feature`.

Bug: 371135823
Change-Id: I1e8361f69a054b75942b6269e62449d5eaf5ac19
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5925058
Commit-Queue: Mark Cogan <marq@chromium.org>
Reviewed-by: Takashi Sakamoto <tasak@google.com>
Auto-Submit: Mikihito Matsuura <mikt@google.com>
Reviewed-by: Mark Cogan <marq@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1367388}

base/allocator/partition_allocator/build_overrides/partition_alloc.gni

@@ -15,6 +15,7 @@ use_allocator_shim_default = false
 enable_backup_ref_ptr_support_default = false
 enable_backup_ref_ptr_slow_checks_default = false
 enable_dangling_raw_ptr_checks_default = false
+enable_ios_corruption_hardening_default = false
 
 # This is the default build configuration for pointers/raw_ptr*.
 raw_ptr_zero_on_construct_default = true

base/allocator/partition_allocator/partition_alloc.gni

@@ -92,6 +92,15 @@ declare_args() {
       use_partition_alloc_as_malloc
 }
 
+declare_args() {
+  # This is a flag for binary experiment on iOS. When BRP for iOS is enabled,
+  # we see some un-actionable `DoubleFreeOrCorruptionDetected` crashes.
+  # This flag enables some extra `CHECK`s to get actionable crash reports.
+  # TODO(crbug.com/371135823): Remove upon completion of investigation.
+  enable_ios_corruption_hardening = use_partition_alloc_as_malloc && is_ios &&
+                                    enable_ios_corruption_hardening_default
+}
+
 assert(
     !enable_allocator_shim_partition_alloc_dispatch_with_advanced_checks_support || use_partition_alloc_as_malloc,
     "PartitionAlloc with advanced checks requires PartitionAlloc itself.")
@@ -150,18 +159,19 @@ declare_args() {
 
   # Enable reentrancy checks at `partition_alloc::internal::Lock`.
   # TODO(crbug.com/371135823): Remove upon completion of investigation.
-  enable_partition_lock_reentrancy_check = false
+  enable_partition_lock_reentrancy_check = enable_ios_corruption_hardening
 
   # This will write a fixed cookie pattern at the end of each allocation, and
   # later verify the pattern remain unchanged to ensure there is no OOB write.
   # It comes with performance and memory cost, hence enabled only in debug.
-  use_partition_cookie = is_debug || dcheck_always_on
+  use_partition_cookie =
+      is_debug || dcheck_always_on || enable_ios_corruption_hardening
 
   # This will change partition cookie size to 4B or 8B, whichever equivalent to
   # size of InSlotMetadata. This option is useful for InSlotMetadata corruption
   # investigation.
   # TODO(crbug.com/371135823): Remove upon completion of investigation.
-  smaller_partition_cookie = false
+  smaller_partition_cookie = enable_ios_corruption_hardening
 }
 
 declare_args() {
@@ -244,7 +254,8 @@ declare_args() {
   # While keeping BRP support, override a feature flag to make it disabled
   # state. This will overwrite `enable_backup_ref_ptr_feature_flag`.
   # TODO(https://crbug.com/372183586): Fix the bug and remove this arg.
-  force_disable_backup_ref_ptr_feature = enable_backup_ref_ptr_support && false
+  force_disable_backup_ref_ptr_feature =
+      enable_backup_ref_ptr_support && enable_ios_corruption_hardening
 
   # Build support for Dangling Ptr Detection (DPD) via BackupRefPtr (BRP),
   # making the raw_ptr<T> implementation to RawPtrBackupRefImpl if active.

build_overrides/partition_alloc.gni

@@ -143,6 +143,9 @@ enable_dangling_raw_ptr_checks_default =
     # at the moment. The other Android bots are not ready for it yet.
     !is_android
 
+enable_ios_corruption_hardening_default =
+    is_ios && ios_partition_alloc_corruption_hardening_enabled
+
 raw_ptr_zero_on_construct_default = true
 raw_ptr_zero_on_move_default = true
 raw_ptr_zero_on_destruct_default = false

ios/features.gni

@@ -11,6 +11,11 @@ declare_args() {
   # Temporarily disable for rollout -- see crbug.com/1412190 for details.
   ios_partition_alloc_enabled = true
 
+  # Control whether PartitionAlloc for iOS builds has extra checks for
+  # metadata corruption issue investigation.
+  # TODO(crbug.com/371135823): Remove upon completion of the investigation.
+  ios_partition_alloc_corruption_hardening_enabled = false
+
   # Control whether //ios/chrome and //ios/web targets are build. This
   # is used by bots from projects based on top of Chromium that want to
   # only reuse shared code (//ios/net, //remoting/ios, ...).