The instrumented libraries are a collection of Chromium's dependencies built with *SAN enabled. The MSAN libraries are required for an MSAN build to run. The others are optional, and are currently unused.
Building the libraries requires apt-get source
, so the build must be done from an Ubuntu 24.04 environment. The preferred way is using a chroot. To get started, install debootstrap
and schroot
. If you're running a Debian-based distro, run:
sudo apt install debootstrap schroot
Create a configuration for a Noble chroot:
cat | sudo tee /etc/schroot/chroot.d/noble_amd64.conf > /dev/null <<EOF [noble_amd64] description=Ubuntu 24.04 Noble for amd64 directory=/srv/chroot/noble_amd64 personality=linux root-users=$USER type=directory users=$USER EOF
Bootstrap the chroot:
sudo mkdir -p /srv/chroot/noble_amd64 sudo debootstrap --variant=buildd --arch=amd64 noble /srv/chroot/noble_amd64 http://archive.ubuntu.com/ubuntu/
If your $HOME
directory is not /home
(as is the case on gLinux), then route /home
to the real thing. schroot
automatically mounts /home
, which is where I'm assuming you keep your source tree and depot_tools
.
sudo mount --bind "$HOME" /home
Populate sources.list
:
cat | sudo tee -a /srv/chroot/noble_amd64/etc/apt/sources.list > /dev/null <<EOF deb http://archive.ubuntu.com/ubuntu/ noble main restricted universe deb-src http://archive.ubuntu.com/ubuntu/ noble main restricted universe deb http://archive.ubuntu.com/ubuntu/ noble-security main restricted universe deb-src http://archive.ubuntu.com/ubuntu/ noble-security main restricted universe deb http://archive.ubuntu.com/ubuntu/ noble-updates main restricted universe deb-src http://archive.ubuntu.com/ubuntu/ noble-updates main restricted universe EOF
Enter the chroot and install the necessary packages:
schroot -c noble_amd64 -u root --directory /home/dev/chromium/src apt update apt upgrade apt install lsb-release sudo python-is-python3 pkg-config libgtk2.0-bin libdrm-dev help2man git fakeroot gyp patchelf
Install library packages:
third_party/instrumented_libs/noble/scripts/install-build-deps.sh
Change to a non-root user:
exit schroot -c noble_amd64 -u `whoami` --directory /home/dev/chromium/src
On your host, mount /dev/shm/
. Replace *
with the actual path if you have multiple chroots.
sudo mount --bind /dev/shm /run/schroot/mount/noble_amd64-*/dev/shm
Add depot_tools
to your PATH
. For example, I have it in ~/dev/depot_tools
, so I use:
export PATH=/home/dev/depot_tools/:$PATH
Now we're ready to build the libraries. A clean build takes a little over 8 minutes on a 72-thread machine.
third_party/instrumented_libs/scripts/build_and_package.py --parallel -j $(nproc) all noble
This requires write permission on the chromium-instrumented-libraries
GCS bucket. File a ticket at go/peepsec-bug to request access.
# Exit the chroot. exit # Move files into place. mv *.tgz third_party/instrumented_libs/binaries # Upload. upload_to_google_storage.py -b chromium-instrumented-libraries third_party/instrumented_libs/binaries/msan*.tgz
After uploading, run gclient sync
and test out a build with is_msan = true
in your args.gn
. Try running eg. chrome
and unit_tests
to make sure it's working. The binaries should work natively on gLinux.
When uploading a CL, make sure to add the following in the description so that the MSAN bot will run on the CQ:
CQ_INCLUDE_TRYBOTS=luci.chromium.try:linux_chromium_msan_rel_ng
This can be useful for restarting from scratch with a new chroot, e.g. to validate the build instructions above.
sudo rm /etc/schroot/chroot.d/noble_amd64.conf sudo rm -rf /srv/chroot/noble_amd64
If rm
complains about active mount points, list the active chroot session(s):
schroot --list --all-sessions
Which should print something like:
session:noble_amd64-714a3c01-9dbf-4c98-81c1-90ab8c4c61fe
Then shutdown the chroot session with:
schroot -e -c noble_amd64-714a3c01-9dbf-4c98-81c1-90ab8c4c61fe