Linux Instrumented Libraries

The instrumented libraries are a collection of Chromium's dependencies built with *SAN enabled. The MSAN libraries are required for an MSAN build to run. The others are optional, and are currently unused.

Building the instrumented libraries

Setting up a chroot

Building the libraries requires apt-get source, so the build must be done from an Ubuntu 24.04 environment. The preferred way is using a chroot. To get started, install debootstrap and schroot. If you're running a Debian-based distro, run:

sudo apt install debootstrap schroot

Create a configuration for a Noble chroot:

cat | sudo tee /etc/schroot/chroot.d/noble_amd64.conf > /dev/null <<EOF
[noble_amd64]
description=Ubuntu 24.04 Noble for amd64
directory=/srv/chroot/noble_amd64
personality=linux
root-users=$USER
type=directory
users=$USER
EOF

Bootstrap the chroot:

sudo mkdir -p /srv/chroot/noble_amd64
sudo debootstrap --variant=buildd --arch=amd64 noble /srv/chroot/noble_amd64 http://archive.ubuntu.com/ubuntu/

If your $HOME directory is not /home (as is the case on gLinux), then route /home to the real thing. schroot automatically mounts /home, which is where I'm assuming you keep your source tree and depot_tools.

sudo mount --bind "$HOME" /home

Populate sources.list:

cat | sudo tee -a /srv/chroot/noble_amd64/etc/apt/sources.list > /dev/null <<EOF
deb     http://archive.ubuntu.com/ubuntu/ noble          main restricted universe
deb-src	http://archive.ubuntu.com/ubuntu/ noble          main restricted universe
deb     http://archive.ubuntu.com/ubuntu/ noble-security main restricted universe
deb-src http://archive.ubuntu.com/ubuntu/ noble-security main restricted universe
deb     http://archive.ubuntu.com/ubuntu/ noble-updates  main restricted universe
deb-src http://archive.ubuntu.com/ubuntu/ noble-updates  main restricted universe
EOF

Enter the chroot and install the necessary packages:

schroot -c noble_amd64 -u root --directory /home/dev/chromium/src
apt update
apt upgrade
apt install lsb-release sudo python-is-python3 pkg-config libgtk2.0-bin libdrm-dev help2man git fakeroot gyp patchelf

Install library packages:

third_party/instrumented_libs/noble/scripts/install-build-deps.sh

Change to a non-root user:

exit
schroot -c noble_amd64 -u `whoami` --directory /home/dev/chromium/src

On your host, mount /dev/shm/. Replace * with the actual path if you have multiple chroots.

sudo mount --bind /dev/shm /run/schroot/mount/noble_amd64-*/dev/shm

Add depot_tools to your PATH. For example, I have it in ~/dev/depot_tools, so I use:

export PATH=/home/dev/depot_tools/:$PATH

Now we're ready to build the libraries. A clean build takes a little over 8 minutes on a 72-thread machine.

third_party/instrumented_libs/scripts/build_and_package.py --parallel -j $(nproc) all noble

Uploading the libraries

This requires write permission on the chromium-instrumented-libraries GCS bucket. File a ticket at go/peepsec-bug to request access.

# Exit the chroot.
exit

# Move files into place.
mv *.tgz third_party/instrumented_libs/binaries

# Upload.
upload_to_google_storage.py -b chromium-instrumented-libraries third_party/instrumented_libs/binaries/msan*.tgz

Testing and uploading a CL

After uploading, run gclient sync and test out a build with is_msan = true in your args.gn. Try running eg. chrome and unit_tests to make sure it's working. The binaries should work natively on gLinux.

When uploading a CL, make sure to add the following in the description so that the MSAN bot will run on the CQ:

CQ_INCLUDE_TRYBOTS=luci.chromium.try:linux_chromium_msan_rel_ng

Cleaning up chroots

This can be useful for restarting from scratch with a new chroot, e.g. to validate the build instructions above.

sudo rm /etc/schroot/chroot.d/noble_amd64.conf
sudo rm -rf /srv/chroot/noble_amd64

If rm complains about active mount points, list the active chroot session(s):

schroot --list --all-sessions

Which should print something like:

session:noble_amd64-714a3c01-9dbf-4c98-81c1-90ab8c4c61fe

Then shutdown the chroot session with:

schroot -e -c noble_amd64-714a3c01-9dbf-4c98-81c1-90ab8c4c61fe