Google Native Client
Encyclopedia
Google Native Client is a sandboxing
technology for running a subset of Intel x86 or ARM native code using software-based fault isolation. Currently in development, it is proposed for safely running native code from a web browser
, allowing web-based applications to run at near-native speeds, which aligns well with Google's plans about Chrome OS
. It may also be used for securing browser plugins, and in the future parts of other applications or full applications.
project being developed by Google
. To date, Quake, XaoS
and MAME
have been ported to Google Native Client Platform. Native Client was formerly available as an experimental disabled-by-default feature in the Google Chrome
web browser. The feature is enabled from version 14 of Chrome; at the same time, uploading native applications to Chrome Web Store
is expected to be enabled, which will be the only way to run native client applications under Chrome for the time being.
An ARM
implementation was released in March 2010, and x86-64
is also supported. However, , all three implementations can only use code compiled to the host's native instruction set
. PNaCl (Portable Native Client, pronounced: pinnacle) is being developed to address this issue. To run an application portably under PNaCl, it must be compiled to an architecture-agnostic version of the LLVM
intermediate representation bytecode
.
NaCl uses Software Fault Isolation for sandboxing on x86-64 and ARM. The x86-32 implementation of Native Client is notable for its novel sandboxing method which makes use of the x86 architecture's rarely-used segmentation facility. Native Client sets up x86 segments to restrict the memory range that the sandboxed code can access. It uses a code verifier to prevent use of unsafe instructions such as those that perform system calls. To prevent the code from jumping to an unsafe instruction hidden in the middle of a safe instruction, Native Client requires that all indirect jumps be jumps to the start of 32-byte-aligned blocks, and instructions are not allowed to straddle these blocks. Because of these constraints, C
code must be recompiled to run under Native Client, which provides customised versions of the GNU toolchain
, specifically gcc
and binutils.
Native Client is licensed under a BSD-style license
.
Native Client uses Newlib
as its C library
, but a port of GNU libc
is also available.
Since release 0.5, Native Client has a stable ABI
. This roughly means that code compiled and running in the NaCl implementation of Google Chrome 14, will work in all future versions of Google Chrome.
, then rewritten from scratch. It is currently an experimental feature of Chromium
and Google Chrome
(there is a Chrome experiment in chrome://flags to enable the PPAPI version of Flash
), though the built-in PDF-viewer already uses it.
Supporters: Chad Austin (of IMVU
) are praising the way Native Client can bring high-performance applications to the web (with about 5% penalty compared to native code) in a secure way, while also accelerating the evolution of client-side applications by giving a choice of the programming language used (beside JavaScript
).
Detractors: Other IT professionals are more critical of this sandboxing technology as it has substantial or substantive interoperability issues.
Mozilla
's vice president of products, Jay Sullivan said it has no intention to run native code inside the browser, as
Håkon Wium Lie
, Opera's CTO believes that
Christopher Blizzard
, Mozilla's Open Source evangelist fears that without the source code, the pace of innovation will slow, and compares NaCl to Microsoft's ActiveX
technology, plagued with DLL hell
. In his views, even if it's secure, Native Client isn't a good thing.
Sandbox (computer security)
In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites....
technology for running a subset of Intel x86 or ARM native code using software-based fault isolation. Currently in development, it is proposed for safely running native code from a web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
, allowing web-based applications to run at near-native speeds, which aligns well with Google's plans about Chrome OS
Google Chrome OS
Google Chrome OS is a Linux-based operating system designed by Google to work exclusively with web applications. Google announced the operating system on July 7, 2009 and made it an open source project, called Chromium OS, that November....
. It may also be used for securing browser plugins, and in the future parts of other applications or full applications.
Overview
Native Client is an open sourceOpen source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
project being developed by Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
. To date, Quake, XaoS
XaoS
XaoS is an interactive fractal zoomer program. It allows the user to continuously zoom in or out of a fractal in real-time.XaoS is licenced under GPL...
and MAME
MAME
MAME is an emulator application designed to recreate the hardware of arcade game systems in software on modern personal computers and other platforms. The intention is to preserve gaming history by preventing vintage games from being lost or forgotten...
have been ported to Google Native Client Platform. Native Client was formerly available as an experimental disabled-by-default feature in the Google Chrome
Google Chrome
Google Chrome is a web browser developed by Google that uses the WebKit layout engine. It was first released as a beta version for Microsoft Windows on September 2, 2008, and the public stable release was on December 11, 2008. The name is derived from the graphical user interface frame, or...
web browser. The feature is enabled from version 14 of Chrome; at the same time, uploading native applications to Chrome Web Store
Chrome Web Store
The Chrome Web Store is an online store from Google. It was announced at the Google I/O conference on May 19, 2010 by Vic Gundotra and released on December 6, 2010...
is expected to be enabled, which will be the only way to run native client applications under Chrome for the time being.
An ARM
ARM architecture
ARM is a 32-bit reduced instruction set computer instruction set architecture developed by ARM Holdings. It was named the Advanced RISC Machine, and before that, the Acorn RISC Machine. The ARM architecture is the most widely used 32-bit ISA in numbers produced...
implementation was released in March 2010, and x86-64
X86-64
x86-64 is an extension of the x86 instruction set. It supports vastly larger virtual and physical address spaces than are possible on x86, thereby allowing programmers to conveniently work with much larger data sets. x86-64 also provides 64-bit general purpose registers and numerous other...
is also supported. However, , all three implementations can only use code compiled to the host's native instruction set
Instruction set
An instruction set, or instruction set architecture , is the part of the computer architecture related to programming, including the native data types, instructions, registers, addressing modes, memory architecture, interrupt and exception handling, and external I/O...
. PNaCl (Portable Native Client, pronounced: pinnacle) is being developed to address this issue. To run an application portably under PNaCl, it must be compiled to an architecture-agnostic version of the LLVM
Low Level Virtual Machine
The Low Level Virtual Machine is a compiler infrastructure written in C++ that is designed for compile-time, link-time, run-time, and "idle-time" optimization of programs written in arbitrary programming languages...
intermediate representation bytecode
Bytecode
Bytecode, also known as p-code , is a term which has been used to denote various forms of instruction sets designed for efficient execution by a software interpreter as well as being suitable for further compilation into machine code...
.
NaCl uses Software Fault Isolation for sandboxing on x86-64 and ARM. The x86-32 implementation of Native Client is notable for its novel sandboxing method which makes use of the x86 architecture's rarely-used segmentation facility. Native Client sets up x86 segments to restrict the memory range that the sandboxed code can access. It uses a code verifier to prevent use of unsafe instructions such as those that perform system calls. To prevent the code from jumping to an unsafe instruction hidden in the middle of a safe instruction, Native Client requires that all indirect jumps be jumps to the start of 32-byte-aligned blocks, and instructions are not allowed to straddle these blocks. Because of these constraints, C
C (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
code must be recompiled to run under Native Client, which provides customised versions of the GNU toolchain
GNU toolchain
The GNU toolchain is a blanket term for a collection of programming tools produced by the GNU Project. These tools form a toolchain used for developing applications and operating systems....
, specifically gcc
GNU Compiler Collection
The GNU Compiler Collection is a compiler system produced by the GNU Project supporting various programming languages. GCC is a key component of the GNU toolchain...
and binutils.
Native Client is licensed under a BSD-style license
BSD licenses
BSD licenses are a family of permissive free software licenses. The original license was used for the Berkeley Software Distribution , a Unix-like operating system after which it is named....
.
Native Client uses Newlib
Newlib
Newlib is a C standard library implementation intended for use on embedded systems. It is a conglomeration of several library parts, all under free software licenses that make them easily usable on embedded products....
as its C library
C standard library
The C Standard Library is the standard library for the programming language C, as specified in the ANSI C standard.. It was developed at the same time as the C POSIX library, which is basically a superset of it...
, but a port of GNU libc
GNU C Library
The GNU C Library, commonly known as glibc, is the C standard library released by the GNU Project. Originally written by the Free Software Foundation for the GNU operating system, the library's development has been overseen by a committee since 2001, with Ulrich Drepper from Red Hat as the lead...
is also available.
Since release 0.5, Native Client has a stable ABI
Application binary interface
In computer software, an application binary interface describes the low-level interface between an application program and the operating system or another application.- Description :...
. This roughly means that code compiled and running in the NaCl implementation of Google Chrome 14, will work in all future versions of Google Chrome.
Pepper
Pepper API is a cross-platform, open-source API for creating Native Client modules. Pepper Plugin API, or PPAPI is a cross-platform API for Native Client-secured web browser plugins, first based on Netscape's NPAPINPAPI
Netscape Plugin Application Programming Interface is a cross-platform plugin architecture used by many web browsers.It was first developed for the Netscape family of browsers starting with Netscape Navigator 2.0 but was subsequently implemented by many other browsers, including all of the browsers...
, then rewritten from scratch. It is currently an experimental feature of Chromium
Chromium
Chromium is a chemical element which has the symbol Cr and atomic number 24. It is the first element in Group 6. It is a steely-gray, lustrous, hard metal that takes a high polish and has a high melting point. It is also odorless, tasteless, and malleable...
and Google Chrome
Google Chrome
Google Chrome is a web browser developed by Google that uses the WebKit layout engine. It was first released as a beta version for Microsoft Windows on September 2, 2008, and the public stable release was on December 11, 2008. The name is derived from the graphical user interface frame, or...
(there is a Chrome experiment in chrome://flags to enable the PPAPI version of Flash
Adobe Flash
Adobe Flash is a multimedia platform used to add animation, video, and interactivity to web pages. Flash is frequently used for advertisements, games and flash animations for broadcast...
), though the built-in PDF-viewer already uses it.
Controversies
Some groups of browser developers support the Native Client technology, but others do not. This technology is controversial with x86 browser developers.Supporters: Chad Austin (of IMVU
IMVU
IMVU, Inc. is an online social entertainment destination in which members use 3D avatars to meet new people, chat, create, and play games created by Fydor Guthenschlag. IMVU has over 50 million registered users, 10 million unique visitors per month and three million monthly active users...
) are praising the way Native Client can bring high-performance applications to the web (with about 5% penalty compared to native code) in a secure way, while also accelerating the evolution of client-side applications by giving a choice of the programming language used (beside JavaScript
JavaScript
JavaScript is a prototype-based scripting language that is dynamic, weakly typed and has first-class functions. It is a multi-paradigm language, supporting object-oriented, imperative, and functional programming styles....
).
Detractors: Other IT professionals are more critical of this sandboxing technology as it has substantial or substantive interoperability issues.
Mozilla
Mozilla
Mozilla is a term used in a number of ways in relation to the Mozilla.org project and the Mozilla Foundation, their defunct commercial predecessor Netscape Communications Corporation, and their related application software....
's vice president of products, Jay Sullivan said it has no intention to run native code inside the browser, as
- "These native apps are just little black boxes in a webpage. [...] We really believe in HTML, and this is where we want to focus."
Håkon Wium Lie
Håkon Wium Lie
Håkon Wium Lie is a web pioneer, a standards activist, and, , the Chief Technology Officer of Opera Software.He is best known for proposing the concept of Cascading Style Sheets while working with Tim Berners-Lee and Robert Cailliau at CERN in 1994. As an employee at W3C, he developed CSS into a...
, Opera's CTO believes that
- "NaCl seems to be 'yearning for the bad old days, before the web'", and that "Native Client is about building a new platform – or porting an old platform into the web [...] it will bring in complexity and security issues, and it will take away focus from the web platform."
Christopher Blizzard
Christopher Blizzard
Christopher Blizzard is an Open Source Evangelist working for the Mozilla Corporation and a long-time contributor to Open Source projects, notably with Mozilla, Red Hat, and One Laptop Per Child....
, Mozilla's Open Source evangelist fears that without the source code, the pace of innovation will slow, and compares NaCl to Microsoft's ActiveX
ActiveX
ActiveX is a framework for defining reusable software components in a programming language-independent way. Software applications can then be composed from one or more of these components in order to provide their functionality....
technology, plagued with DLL hell
DLL hell
In computing, DLL Hell is a term for the complications that arise when working with dynamic link libraries used with Microsoft Windows operating systems, particularly legacy 16-bit editions which all run in a single memory space....
. In his views, even if it's secure, Native Client isn't a good thing.
External links
- GoNaCl.Com (Native Client Developer Site)
- Google Native Client Project Page - Technical talk at Google I/OGoogle I/OGoogle I/O is an annual two-day developer-focused conference held by Google in San Francisco, California. Google I/O features highly technical, in-depth sessions focused on building web, mobile, and enterprise applications with Google and open web technologies such as Android, Chrome, Chrome OS,...
2009 - NaClbox
- News4Geeks.net: Google Native Client: The web of the future – or the past? (a good overview)
Examples
- Native Client Gallery
- NACLBox, a port of DOSBoxDOSBoxDOSBox is emulator software that emulates an IBM PC compatible computer running MS-DOS. It is intended especially for use with old PC games. DOSBox is free software....
to Native Client - SodaSynth, a synthesizer for Native Client