Google Native Client
|Stable release||SDK: Pepper 29 (15 May 2013 ), Client: 31.0.1650.63 (December 4, 2013 ) [±]|
|Development status||Production (NaCl, PNaCl)|
|Written in||C, C++|
|Operating system||Cross-platform: Microsoft Windows, Linux, Mac OS, Chrome OS|
|Type||Sandbox in web browsers for native code|
|License||New BSD license|
Google Native Client (NaCl) is a sandboxing technology for running a subset of Intel x86 or ARM native code in a sandbox. It is proposed for safely running native code from a web browser, allowing web-based applications to run at near-native speeds, which aligns well with Google's plans with Chrome OS. It may also be used for securing browser plugins, and in the future parts of other applications or full applications.
To demonstrate the readiness of the technology, on 9 December 2011, Google announced the availability of several new Chrome-only versions of games known for their rich and processor-intensive graphics, including Bastion. NaCl runs hardware-accelerated 3D graphics (via OpenGL ES 2.0), sandboxed local file storage, dynamic loading, full screen mode, and mouse capture. There are also plans to make NaCl available on handheld devices.
The general concept of NaCl (running native code in web browser) has been implemented before in ActiveX, which, while still in use, has a legacy of DLL hell and security problems. Native Client avoids these issues by using sandboxing. Using PNaCl, Native Client is also architecture-independent, like Java. Unlike Java, PNaCl apps are compiled ahead-of-time in the browser, and not just-in-time. This can make performance more predictable.
Native Client is an open-source project being developed by Google. To date, Quake, XaoS, Battle for Wesnoth, Doom, Lara Croft and the Guardian of Light and MAME, as well as the sound processing system Csound, have been ported to Native Client. Native Client has been available as an experimental disabled-by-default feature in the Google Chrome web browser since version 14. Chrome previously requried Native Client to be enabled in chrome://flags to run from any web site. But with the release of Portable Native Client (PNaCl, pronounced: pinnacle), Chrome enabled it for all pages and web apps by default, including those distributed outside the Chrome Web Store.
To run an application portably under PNaCl, it must be compiled to an architecture-agnostic and stable subset of the LLVM intermediate representation bytecode. The executables are called PNaCl executables (pexes). In Chrome, they are translated to architecture-specific executables so that they can be run.
NaCl uses software fault isolation for sandboxing on x86-64 and ARM. The x86-32 implementation of Native Client is notable for its novel sandboxing method which makes use of the x86 architecture's rarely-used segmentation facility. Native Client sets up x86 segments to restrict the memory range that the sandboxed code can access. It uses a code verifier to prevent use of unsafe instructions such as those that perform system calls. To prevent the code from jumping to an unsafe instruction hidden in the middle of a safe instruction, Native Client requires that all indirect jumps be jumps to the start of 32-byte-aligned blocks, and instructions are not allowed to straddle these blocks. Because of these constraints, C/C++ code must be recompiled to run under Native Client, which provides customized versions of the GNU toolchain, specifically GCC and binutils as well as LLVM.
Native Client is licensed under a BSD-style license.
NaCl denotes table salt; as a pun, the name of pepper was also used. Pepper API is a cross-platform, open-source API for creating Native Client modules. Pepper Plugin API, or PPAPI is a cross-platform API for Native Client-secured web browser plugins, first based on Netscape's NPAPI, then rewritten from scratch. It is currently used in Chromium and Google Chrome to enable the PPAPI version of Flash and the built-in PDF viewer.
On 12 August 2009 a page on Google Code introduced a new project, Pepper with associated Pepper Plugin API (PPAPI), "a set of modifications to NPAPI to make plugins more portable and more secure". This extension is designed specifically to ease the implementation of out-of-process plugin execution. Further, the goals of the project are to provide a framework for making plugins fully cross-platform. Topics considered include:
- Uniform semantics for NPAPI across browsers.
- Execution in a separate process from the renderer/browser itself.
- Standardize rendering using the browser's compositing process.
- Defining standardized events, and 2D rasterization functions.
- Initial attempt at providing 3D graphics access.
- Plugin registry.
As of 13 May 2010[update], Google's open source browser, Chromium, was the only web browser to utilize the new browser plug-in model. Mozilla has announced that they are "not interested in or working on Pepper at this time."
Some groups of browser developers support the Native Client technology, but others do not.
Id Software's John Carmack praised Native Client at QuakeCon 2012, saying: "if you have to do something inside a browser, Native Client is much more interesting as something that started out as a really pretty darn clever x86 hack in the way that they could sandbox all of this in user mode interestingly. It's now dynamic recompilation, but something that you program in C or C++ and it compiles down to something that's going to be not your -O4 optimization level for completely native code but pretty damn close to native code. You could do all of your evil pointer chasings, and whatever you want to do as a to-the-metal game developer."
Detractors: Other IT professionals are more critical of this sandboxing technology as it has substantial or substantive interoperability issues.
Mozilla's vice president of products, Jay Sullivan, said that Mozilla has no intention of running native code inside the browser, as "These native apps are just little black boxes in a webpage. [...] We really believe in HTML, and this is where we want to focus."
Håkon Wium Lie, Opera's CTO, believes that "NaCl seems to be 'yearning for the bad old days, before the web'", and that "Native Client is about building a new platform – or porting an old platform into the web [...] it will bring in complexity and security issues, and it will take away focus from the web platform."
- Laforge, Anthony (December 4, 2013). "Stable Channel Update". Chrome Releases. Blogger. Retrieved December 4, 2013.
- Chrome Revision 213999
- Marchak, Mike (8 December 2008). "Native Client: A Technology for Running Native Code on the Web". Google-code-updates.blogspot.com. Retrieved 25 April 2012.
- Cade Metz (12 September 2011). "Google Native Client: The web of the future – or the past?". The Register. Retrieved 17 September 2011.
- Seth Rosenblatt (9 December 2011). "Native Client turns Chrome into high-end gaming platform". CNET. Retrieved 9 December 2011.
- "Google Code Blog: Games, apps and runtimes come to Native Client". Googlecode.blogspot.com. 9 December 2011. Retrieved 25 April 2012.
- "Google Native Client on Google Code". Google. Retrieved 25 April 2012.
- "The Chromium Blog: Native Client Brings Sandboxed Native Code to Chrome Web Store Apps". Blog.chromium.org. 18 August 2011. Retrieved 25 April 2012.
- "Distributing Your Application". developers.google.com.
- "Google's Native Client goes ARM and beyond". The H. 18 March 2010. Retrieved 19 May 2010.
- "PNaCl: Portable Native Client Executables" (PDF). Retrieved 25 April 2012.
- David Sehr, Robert Muth, Cliff L. Biffle, Victor Khimenko, Egor Pasko, Bennet Yee, Karl Schimpf, Brad Chen (2010). "Adapting Software Fault Isolation to Contemporary CPU Architectures". 19th USENIX Security Symposium. Retrieved 31 July 2011.
- Bennet Yee, David Sehr, Greg Dardyk, Brad Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, Nicholas Fullagar (2009). "Native Client: A Sandbox for Portable, Untrusted x86 Native Code". IEEE Symposium on Security and Privacy (Oakland'09). Retrieved 31 July 2011.
- "NativeClient: Plash Wiki". Plash.beasts.org. 2 October 2009. Retrieved 25 April 2012.
- Native Client: Technical Overview
- "Pepper Plugin API project at". Google. Retrieved 25 April 2012.
- "Chrome Source: Index of /trunk/src/ppapi". Src.chromium.org. Retrieved 25 April 2012.
- "The road to safer, more stable, and flashier Flash". Google. 8 August 2012. Retrieved 10 August 2013.
- Metz, Cade (18 June 2010). "Google hugs Adobe harder with Chrome-PDF merge". The Register. Retrieved 25 April 2012.
- "Getting Started: Background and Basics – The Chromium Projects". Chromium.org. Retrieved 25 April 2012.
- Comment by t.hajdu....@gmail.com (24 February 2012). "Pepper.wiki". Google. Retrieved 25 April 2012.
- Native Client: News & Announcements
- Metz, Cade (13 May 2010). "Google heats up native code for Chrome OS". Theregister.co.uk. Retrieved 25 April 2012.
- "NPAPI:Pepper – MozillaWiki". Wiki.mozilla.org. 26 May 2011. Retrieved 25 April 2012.
- Austin, Chad (8 January 2011). "Chad Austin: In Defense of Language Democracy (Or: Why the Browser Needs a Virtual Machine)". Chadaustin.me. Retrieved 25 April 2012.
- Carmack, John (3 August 2012). "QuakeCon 2012". youtube.com. Retrieved 26 August 2012.
- Metz, Cade (24 June 2010). "Mozilla: Our browser will not run native code". The Register. Retrieved 25 April 2012.
- Native Client - Google Developers (Native Client Developer Site)
- Google Native Client Project Page
- Google I/O 2013 - Introduction to Portable Native Client (PNaCl) on YouTube
- Google I/O 2009 Native Code for Compute Intensive Web Apps on YouTube – Technical talk at Google I/O 2009
- News4Geeks.net: Google Native Client: The web of the future – or the past? (a good overview)
- PNaCl examples (runs in Chrome 31+, no installation needed)
- Application Gallery (links to Chrome Web Store)
- Native Client SDK Gallery
- torapp.info, vector editor, especially powerful for security printing
- NACLBox, a port of DOSBox to Native Client
- SodaSynth, a synthesizer for Native Client