docs/linux/instrumented_libraries.md - chromium/src - Git at Google

 # Linux Instrumented Libraries

 The instrumented libraries are a collection of Chromium's dependencies built
 with *SAN enabled. The MSAN libraries are required for an MSAN build to run. The
 others are optional, and are currently unused.

 ## Building the instrumented libraries

 ### Setting up a chroot

 Building the libraries requires `apt-get source`, so the build must be done from
 an Ubuntu 24.04 environment. The preferred way is using a chroot. To get
 started, install `debootstrap` and `schroot`. If you're running a Debian-based
 distro, run:

 ```shell
 sudo apt install debootstrap schroot
 ```

 Create a configuration for a Noble chroot:

 ```shell
 cat | sudo tee /etc/schroot/chroot.d/noble_amd64.conf > /dev/null <<EOF
 [noble_amd64]
 description=Ubuntu 24.04 Noble for amd64
 directory=/srv/chroot/noble_amd64
 personality=linux
 root-users=$USER
 type=directory
 users=$USER
 EOF
 ```

 Bootstrap the chroot:

 ```shell
 sudo mkdir -p /srv/chroot/noble_amd64
 sudo debootstrap --variant=buildd --arch=amd64 noble /srv/chroot/noble_amd64 http://archive.ubuntu.com/ubuntu/
 ```

 If your `$HOME` directory is not `/home` (as is the case on gLinux), then route
 `/home` to the real thing. `schroot` automatically mounts `/home`, which is
 where I'm assuming you keep your source tree and `depot_tools`.

 ```shell
 sudo mount --bind "$HOME" /home
 ```

 Populate `sources.list`:

 ```shell
 cat | sudo tee -a /srv/chroot/noble_amd64/etc/apt/sources.list > /dev/null <<EOF
 deb     http://archive.ubuntu.com/ubuntu/ noble          main restricted universe
 deb-src	http://archive.ubuntu.com/ubuntu/ noble          main restricted universe
 deb     http://archive.ubuntu.com/ubuntu/ noble-security main restricted universe
 deb-src http://archive.ubuntu.com/ubuntu/ noble-security main restricted universe
 deb     http://archive.ubuntu.com/ubuntu/ noble-updates  main restricted universe
 deb-src http://archive.ubuntu.com/ubuntu/ noble-updates  main restricted universe
 EOF
 ```

 Enter the chroot and install the necessary packages:

 ```shell
 schroot -c noble_amd64 -u root --directory /home/dev/chromium/src
 apt update
 apt upgrade
 apt install lsb-release sudo python-is-python3 pkg-config libgtk2.0-bin libdrm-dev help2man git fakeroot gyp patchelf
 ```

 Install library packages:

 ```shell
 third_party/instrumented_libs/noble/scripts/install-build-deps.sh
 ```

 Change to a non-root user:
 ```shell
 exit
 schroot -c noble_amd64 -u `whoami` --directory /home/dev/chromium/src
 ```

 On your host, mount `/dev/shm/`.  Replace `*` with the actual path if you have multiple chroots.
 ```shell
 sudo mount --bind /dev/shm /run/schroot/mount/noble_amd64-*/dev/shm
 ```

 Add `depot_tools` to your `PATH`. For example, I have it in `~/dev/depot_tools`,
 so I use:

 ```shell
 export PATH=/home/dev/depot_tools/:$PATH
 ```

 Now we're ready to build the libraries. A clean build takes a little over 8
 minutes on a 72-thread machine.

 ```shell
 third_party/instrumented_libs/scripts/build_and_package.py --parallel -j $(nproc) all noble
 ```

 ## Uploading the libraries

 This requires write permission on the `chromium-instrumented-libraries` GCS
 bucket. File a ticket at [go/pdeiosec-bug](https://goto.google.com/pdeiosec-bug)
 to request access.

 ```shell
 # Exit the chroot.
 exit

 # Move files into place.
 mv *.tgz third_party/instrumented_libs/binaries

 # Upload.
 upload_to_google_storage.py -b chromium-instrumented-libraries third_party/instrumented_libs/binaries/msan*.tgz
 ```

 ## Testing and uploading a CL

 After uploading, run `gclient sync` and test out a build with `is_msan = true`
 in your `args.gn`. Try running eg. `chrome` and `unit_tests` to make sure it's
 working. The binaries should work natively on gLinux.

 When uploading a CL, make sure to add the following in the description so that
 the MSAN bot will run on the CQ:

 ```
 CQ_INCLUDE_TRYBOTS=luci.chromium.try:linux_chromium_msan_rel_ng
 ```

 ## Cleaning up chroots

 This can be useful for restarting from scratch with a new chroot, e.g. to
 validate the build instructions above.

 ```shell
 sudo rm /etc/schroot/chroot.d/noble_amd64.conf
 sudo rm -rf /srv/chroot/noble_amd64
 ```

 If `rm` complains about active mount points, list the active chroot session(s):
 ```shell
 schroot --list --all-sessions
 ```
 Which should print something like:
 ```
 session:noble_amd64-714a3c01-9dbf-4c98-81c1-90ab8c4c61fe
 ```

 Then shutdown the chroot session with:
 ```shell
 schroot -e -c noble_amd64-714a3c01-9dbf-4c98-81c1-90ab8c4c61fe
 ```
	# Linux Instrumented Libraries

	The instrumented libraries are a collection of Chromium's dependencies built
	with *SAN enabled. The MSAN libraries are required for an MSAN build to run. The
	others are optional, and are currently unused.

	## Building the instrumented libraries

	### Setting up a chroot

	Building the libraries requires `apt-get source`, so the build must be done from
	an Ubuntu 24.04 environment. The preferred way is using a chroot. To get
	started, install `debootstrap` and `schroot`. If you're running a Debian-based
	distro, run:

	```shell
	sudo apt install debootstrap schroot
	```

	Create a configuration for a Noble chroot:

	```shell
	cat \| sudo tee /etc/schroot/chroot.d/noble_amd64.conf > /dev/null <<EOF
	[noble_amd64]
	description=Ubuntu 24.04 Noble for amd64
	directory=/srv/chroot/noble_amd64
	personality=linux
	root-users=$USER
	type=directory
	users=$USER
	EOF
	```

	Bootstrap the chroot:

	```shell
	sudo mkdir -p /srv/chroot/noble_amd64
	sudo debootstrap --variant=buildd --arch=amd64 noble /srv/chroot/noble_amd64 http://archive.ubuntu.com/ubuntu/
	```

	If your `$HOME` directory is not `/home` (as is the case on gLinux), then route
	`/home` to the real thing. `schroot` automatically mounts `/home`, which is
	where I'm assuming you keep your source tree and `depot_tools`.

	```shell
	sudo mount --bind "$HOME" /home
	```

	Populate `sources.list`:

	```shell
	cat \| sudo tee -a /srv/chroot/noble_amd64/etc/apt/sources.list > /dev/null <<EOF
	deb http://archive.ubuntu.com/ubuntu/ noble main restricted universe
	deb-src http://archive.ubuntu.com/ubuntu/ noble main restricted universe
	deb http://archive.ubuntu.com/ubuntu/ noble-security main restricted universe
	deb-src http://archive.ubuntu.com/ubuntu/ noble-security main restricted universe
	deb http://archive.ubuntu.com/ubuntu/ noble-updates main restricted universe
	deb-src http://archive.ubuntu.com/ubuntu/ noble-updates main restricted universe
	EOF
	```

	Enter the chroot and install the necessary packages:

	```shell
	schroot -c noble_amd64 -u root --directory /home/dev/chromium/src
	apt update
	apt upgrade
	apt install lsb-release sudo python-is-python3 pkg-config libgtk2.0-bin libdrm-dev help2man git fakeroot gyp patchelf
	```

	Install library packages:

	```shell
	third_party/instrumented_libs/noble/scripts/install-build-deps.sh
	```

	Change to a non-root user:
	```shell
	exit
	schroot -c noble_amd64 -u `whoami` --directory /home/dev/chromium/src
	```

	On your host, mount `/dev/shm/`. Replace `*` with the actual path if you have multiple chroots.
	```shell
	sudo mount --bind /dev/shm /run/schroot/mount/noble_amd64-*/dev/shm
	```

	Add `depot_tools` to your `PATH`. For example, I have it in `~/dev/depot_tools`,
	so I use:

	```shell
	export PATH=/home/dev/depot_tools/:$PATH
	```

	Now we're ready to build the libraries. A clean build takes a little over 8
	minutes on a 72-thread machine.

	```shell
	third_party/instrumented_libs/scripts/build_and_package.py --parallel -j $(nproc) all noble
	```

	## Uploading the libraries

	This requires write permission on the `chromium-instrumented-libraries` GCS
	bucket. File a ticket at [go/pdeiosec-bug](https://goto.google.com/pdeiosec-bug)
	to request access.

	```shell
	# Exit the chroot.
	exit

	# Move files into place.
	mv *.tgz third_party/instrumented_libs/binaries

	# Upload.
	upload_to_google_storage.py -b chromium-instrumented-libraries third_party/instrumented_libs/binaries/msan*.tgz
	```

	## Testing and uploading a CL

	After uploading, run `gclient sync` and test out a build with `is_msan = true`
	in your `args.gn`. Try running eg. `chrome` and `unit_tests` to make sure it's
	working. The binaries should work natively on gLinux.

	When uploading a CL, make sure to add the following in the description so that
	the MSAN bot will run on the CQ:

	```
	CQ_INCLUDE_TRYBOTS=luci.chromium.try:linux_chromium_msan_rel_ng
	```

	## Cleaning up chroots

	This can be useful for restarting from scratch with a new chroot, e.g. to
	validate the build instructions above.

	```shell
	sudo rm /etc/schroot/chroot.d/noble_amd64.conf
	sudo rm -rf /srv/chroot/noble_amd64
	```

	If `rm` complains about active mount points, list the active chroot session(s):
	```shell
	schroot --list --all-sessions
	```
	Which should print something like:
	```
	session:noble_amd64-714a3c01-9dbf-4c98-81c1-90ab8c4c61fe
	```

	Then shutdown the chroot session with:
	```shell
	schroot -e -c noble_amd64-714a3c01-9dbf-4c98-81c1-90ab8c4c61fe
	```