This page is deprecated. Its contents have been moved.

What build system(s) is Native Client using?

The primary build system used by Native Client is [Scons] (http://www.scons.org/). For historical reasons we are not using plain SCons but an extension call Hammer.

The parts of the system shared with Chrome are also built using Chrome's build system, gn.

We also have some Makefiles and some shell scripts for certain build tasks.

Why is this such a complex mess?

The usual excuses:

  • Inherent complexity.
  • Historical reasons.
  • Entropy requires no maintenance.
  • ...

Which files contain build system information?

For SCons it is: SConstruct, **/build.scons, **/nacl.scons There are also relevant configuration files in site_scons/site_tools/*, and random Python scripts located here and there.

For gn it is: **/*.gn and **/*.gni

What is the difference between trusted and untrusted code?

“trusted code” encompasses components like:

  • the browser plugin
  • service runtime (sel_ldr)

It is compiled using regular compilers. Bugs in trusted code can compromise system security, hence the name. As far as the build system is concerned trusted code is described in **/build.scons files. The gn system only code trusted code. “trusted code” lives in src/trusted/**

“untrusted code” encompasses components like:

  • quake and other examples of Native Client executables
  • libraries necessary to build quake

It is compiled using special sandboxing compilers. As far as the build system is concerned trusted code is described in **/nacl.scons files. “untrusted code” lives in src/untrusted/** and also in tests/**

Some code can be compiled either as trusted or shared code, e.g. libraries that facilitate communication between trusted and untrusted code. Such code typically lives in src/shared/** and has both build.scons and nacl.scons files.

How do you use the MODE= setting when invoking SCons?

The MODE= setting or its equivalent --mode is used to select whether you want to compile trusted or untrusted code or both and how. Examples:

MODE=nacl * just build untrusted code * note that this doesn‘t build all of the untrusted code. If you don’t specify a trusted platform (e.g. MODE=opt-linux,nacl) most of the tests will not be built.

MODE=opt-linux * just build (optimized) trusted code - you must be on a Linux system

MODE=nacl,dbg-win * build both (trusted code will be unoptimized)- you must be on a Windows system

NOTE: if you do not specify MODE, “opt-<system-os>” will be assumed.

NOTE: if you want to run integration tests, you need to build both trusted and untrusted code simultaneously, because those tests involve running untrusted code under the control of trusted code.

What is the meaning of BUILD_ARCH, TARGET_ARCH, etc. ?

Just like any cross compilation environment, there are some hairy configuration issues which are controlled by BUILD_ARCH, TARGET_ARCH, etc. to force conditional compilation and linkage.

It helps to revisit the [terminology] (http://www.airs.com/ian/configure/configure_5.html) used by cross compilers to better understand Native Client:

BUILD_SYSTEM: The system on which the tools will be build (initially) is called the build system.

HOST_SYSTEM: The system on which the tools will run is called the host system.

TARGET_SYSTEM: The system for which the tools generate code is called the target system.

For NaCl we only have two of these, sadly they have confusing names:

BUILD_PLATFORM: The system on which the trusted code runs.

TARGET_PLATFORM: The sandbox system that is being enforced by the trusted code.

The BUILD_PLATFORM is closest in nature to the HOST_SYSTEM, the TARGET_PLATFORM is closest to the TARGET_SYSTEM. We do not have and an equivalent to BUILD_SYSTEM since we just assume and x86 (either 32 or 64 system).

What kind of BUILD_PLATFORM/TARGET_PLATFORM configurations are supported?

Conceptually we have

BUILD_PLATFORM = (BUILD_ARCH, BUILD_SUBARCH, BUILD_OS)

and

TARGET_PLATFORM = (TARGET_ARCH. TARGET_SUBARCH)

NOTE:

There is no TARGET_OS, since Native Client executables are OS independent.

The BUILD_OS is usually tested for using SCons expressions like “env.Bit(‘windows’)” you cannot really control it as it is inherited from the system you are building on, the BUILD_SYSTEM in cross compiler speak.

Enumeration of all BUILD_PLATFORMs:

(x86, 32, linux) (x86, 32, windows) (x86, 32, mac) (arm, 32, linux) // the 32 is implicit as there is no 64bit arm (x86, 64, windows)

Special note for Windows users: The Windows command-line build currently relies on vcvarsXX.bat being called to set up the environment. The compiler's target subarchitecture (32,64) is selected by the version of vcvars that you called (vcvars32/vcvars64). If you call vcvars32 and then build with platform=x86-64, you will get “target mismatch” errors.

Enumeration of all TARGET_PLATFORMs: (x86, 32) (x86, 64) (arm, 32) // the 32 is implicit as there is no 64bit arm

Usually BUILD_ARCH == TARGET_ARCH and BUILD_SUBARCH == TARGET_SUBARCH

There is ONLY ONE exception, you can build the ARM validator like so:

BUILD_ARCH = x86, BUILD_SUBARCH=, TARGET_ARCH=arm TARGET_SUBARCH=32

In particular it is NOT possible to use different SUBARCHs for BUILD and TARGET.

What is the relationship between TARGET_PLATFORM and untrusted code?

The flavor of the untrusted code is derived from the TARGET_PLATFORM

Why are BUILD_and ARCH_ used inconsistently?

Usually BUILD_ARCH == TARGET_ARCH and BUILD_SUBARCH == TARGET_SUBARCH so mistakes have no consequences.