fortify: allow diagnostics without run-time checks (attempt #2)

In configs like ASAN, we can't use _chk functions. This CL builds off of
previous work to allow us to still emit diagnostics in conditions like
these.

Wasn't 100% sure what a good test story would look like here. Opinions
appreciated.

Bug: 141267932
Test: checkbuild on internal-master. TreeHugger for x86_64.
Change-Id: I65da9ecc9903d51a09f740e38ab413b9beaeed88
diff --git a/libc/include/sys/cdefs.h b/libc/include/sys/cdefs.h
index 8078bda..eb30690 100644
--- a/libc/include/sys/cdefs.h
+++ b/libc/include/sys/cdefs.h
@@ -237,14 +237,15 @@
 #define __BIONIC_FORTIFY_UNKNOWN_SIZE ((size_t) -1)
 
 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
-/*
- * FORTIFY's _chk functions effectively disable ASAN's stdlib interceptors.
- * Additionally, the static analyzer/clang-tidy try to pattern match some
- * standard library functions, and FORTIFY sometimes interferes with this. So,
- * we turn FORTIFY off in both cases.
- */
-#  if !__has_feature(address_sanitizer) && !defined(__clang_analyzer__)
+/* FORTIFY can interfere with pattern-matching of clang-tidy/the static analyzer.  */
+#  if !defined(__clang_analyzer__)
 #    define __BIONIC_FORTIFY 1
+/* ASAN has interceptors that FORTIFY's _chk functions can break.  */
+#    if __has_feature(address_sanitizer)
+#      define __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED 0
+#    else
+#      define __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED 1
+#    endif
 #  endif
 #endif