Google Native Client

Last updated

Google Native Client
Developer(s) Google, others
Initial release16 September 2011;13 years ago (2011-09-16) [1]
Stable release
SDK: Pepper 45 / 10 July 2015;9 years ago (2015-07-10)

Clients: Same as Google Chrome

Repository
Written in C, C++
Operating system Windows, Linux, macOS, ChromeOS
Platform x86, ARM, MIPS
Successor WebAssembly
Type Sandbox in web browsers for native code
License New BSD
Website developer.chrome.com/docs/native-client/ OOjs UI icon edit-ltr-progressive.svg

Google Native Client (NaCl) is a discontinued sandboxing technology for running either a subset of Intel x86, ARM, or MIPS native code, or a portable executable, in a sandbox. It allows safely running native code from a web browser, independent of the user operating system, allowing web apps to run at near-native speeds, which aligns with Google's plans for ChromeOS. It may also be used for securing browser plugins, and parts of other applications or full applications [2] such as ZeroVM. [3]

Contents

To demonstrate the readiness of the technology, on 9 December 2011, Google announced the availability of several new Chrome-only versions of games known for their rich and processor-intensive graphics, including Bastion (no longer supported on the Chrome Web Store). NaCl runs hardware-accelerated 3D graphics (via OpenGL ES 2.0), sandboxed local file storage, dynamic loading, full screen mode, and mouse capture. There were also plans to make NaCl available on handheld devices. [4] [5]

Portable Native Client (PNaCl) is an architecture-independent version. PNaCl apps are compiled ahead-of-time. PNaCl is recommended over NaCl for most use cases. [6] The general concept of NaCl (running native code in web browser) has been implemented before in ActiveX, which, while still in use, has full access to the system (disk, memory, user-interface, registry, etc.). Native Client avoids this issue by using sandboxing.

An alternative by Mozilla was asm.js, which also allows applications written in C or C++ to be compiled to run in the browser and also supports ahead-of-time compilation, but is a subset of JavaScript and hence backwards-compatible with browsers that do not support it directly.

On 12 October 2016, a comment on the Chromium issue tracker indicated that Google's Pepper and Native Client teams had been destaffed. [7] On 30 May 2017, Google announced deprecation of PNaCl in favor of WebAssembly. [8] Although initially Google planned to remove PNaCl in first quarter of 2018, [8] and later in the second quarter of 2019, [9] it has been removed in June 2022 (together with Chrome Apps). [10] [11]

Overview

Native Client was an open-source project developed by Google. [12] Games such as Quake , [13] XaoS , Battle for Wesnoth , [14] Doom , [15] Lara Croft and the Guardian of Light , [16] From Dust , [17] and MAME, as well as the sound processing system Csound, have been ported to Native Client. Native Client has been available in the Google Chrome web browser since version 14, and has been enabled by default since version 31, when the Portable Native Client (PNaCl, pronounced: pinnacle) was released. [18] [19] [20] Native Client has also been used to safely run downloaded code in software other than web browsers, like in the Dæmon game engine [21] .

An ARM implementation was released in March 2010. [22] x86-64, IA-32, and MIPS were also supported.

To run an application portably under PNaCl, it must be compiled to an architecture-agnostic and stable subset of the LLVM intermediate representation bytecode. [23] The executables are called PNaCl executables (pexes). The PNaCl Toolchain makes .pexe files; NaCl Toolchain .nexe files. The magic number of .nexe files is 0x7F 'E' 'L' 'F', which is ELF. In Chrome, they are translated to architecture-specific executables so that they can be run.

NaCl uses software fault detection and isolation for sandboxing on x86-64 and ARM. [24] The x86-32 implementation of Native Client is notable for its novel sandboxing method, which makes use of the x86 architecture's rarely used segmentation facility. [25] Native Client sets up x86 segments to restrict the memory range that the sandboxed code can access. It uses a code verifier to prevent use of unsafe instructions such as those that perform system calls. To prevent the code from jumping to an unsafe instruction hidden in the middle of a safe instruction, Native Client requires that all indirect jumps be jumps to the start of 32-byte-aligned blocks, and instructions are not allowed to straddle these blocks. [25] Because of these constraints, C and C++ code must be recompiled to run under Native Client, which provides customized versions of the GNU toolchain, specifically GNU Compiler Collection (GCC), GNU Binutils, and LLVM.

Native Client is licensed under a BSD-style license.

Native Client uses Newlib as its C library, but a port of GNU C Library (GNU libc) is also available. [26]

Pepper

NaCl denotes sodium chloride, common table salt; as a pun, the name of pepper was also used. Pepper API is a cross-platform, open-source API for creating Native Client modules. [27] Pepper Plugin API, or PPAPI [28] [29] is a cross-platform API for Native Client-secured web browser plugins, first based on Netscape's NPAPI, then rewritten from scratch. It was used in Chromium and Google Chrome to enable the PPAPI version of Adobe Flash [30] and the built-in PDF viewer. [31]

PPAPI

On 12 August 2009, a page on Google Code introduced a new project, Pepper, and the associated Pepper Plugin API (PPAPI), [32] "a set of modifications to NPAPI to make plugins more portable and more secure". [33] This extension is designed specifically to ease implementing out-of-process plugin execution. Further, the goals of the project are to provide a framework for making plugins fully cross-platform. Topics considered include:

The Pepper API also supports Gamepads (version 19) and WebSockets (version 18). [34]

As of 13 May 2010, Google's open source browser, Chromium, was the only web browser to use the new browser plug-in model. [35] As of 2020, Pepper is supported by Chrome, Chromium and Blink layout engine-based browsers such as Opera and Microsoft Edge.

In August 2020, Google announced that support for PPAPI would be removed from Google Chrome and Chromium in June 2022. [36]

PPAPI in Firefox

Firefox developers stated in 2014 that they would not support Pepper, as there were no full specification of the API beyond its implementation in Chrome, which itself was designed for use with Blink layout engine only, and had private APIs specific to the Flash Player plugin which were not documented. [37] In October 2016 Mozilla announced that it had re-considered and was exploring whether to incorporate the Pepper API and PDFium in future releases of Firefox, [38] however no such steps were taken. In July 2017, Adobe deprecated Flash and announced its end-of-life in the end of 2020. [39] By January 2021, Adobe Flash Player, Google Chrome, Firefox, Safari, and Windows [40] received updates disabling or entirely removing Flash.

Applications

One website [41] used NaCL on the server to let users experiment with the Go programming language from their browsers. [42]

Usage outside of web browsers

The open-source Unvanquished game makes use of Native Client in the Dæmon game engine [43] in replacement of the Q3VM (Quake III virtual machine) [44] [45] . In such game engine, the Native Client sandbox is used to safely run arbitrary game code (mods) downloaded from game servers. Using the Native Client technology makes possible for gameplay developers to use the C++ language for games running in the virtual machine, to use C++ libraries, to share code between the game and the engine and to get better performance than with the Q3VM [21] .

Reception

Some groups of browser developers supported the Native Client technology while others did not.

Supporters

Chad Austin (of IMVU) praised the way Native Client can bring high-performance applications to the web (with about 5% penalty compared to native code) in a secure way, while also accelerating the evolution of client-side applications by giving a choice of the programming language used (besides JavaScript). [46]

Id Software's John D. Carmack praised Native Client at QuakeCon 2012, saying: "if you have to do something inside a browser, Native Client is much more interesting as something that started out as a really pretty darn clever x86 hack in the way that they could sandbox all of this in user mode interestingly. It's now dynamic recompilation, but something that you program in C or C++ and it compiles down to something that's going to be not your -O4 optimization level for completely native code but pretty damn close to native code. You could do all of your evil pointer chasings, and whatever you want to do as a to-the-metal game developer." [47]

Detractors

Other IT professionals were more critical of this sandboxing technology as it had substantial or substantive interoperability issues.

Mozilla's vice president of products, Jay Sullivan, said that Mozilla has no plans to run native code inside the browser, as "These native apps are just little black boxes in a webpage. [...] We really believe in HTML, and this is where we want to focus." [48]

Mozilla's Christopher Blizzard criticized NaCl, claiming that native code cannot evolve in the same way that the source code-driven web can. He also compared NaCl to Microsoft's ActiveX technology, plagued with DLL Hell. [2]

Håkon Wium Lie, Opera's CTO, believed that "NaCl seems to be 'yearning for the bad old days, before the web'", and that "Native Client is about building a new platform – or porting an old platform into the web [...] it will bring in complexity and security issues, and it will take away focus from the web platform." [2]

Second generation

The second generation of sandboxing developed in Google is gVisor. [49] [50] It is intended to replace NaCl in Google Cloud, to be more exact in Google App Engine. Google has also been promoting WebAssembly. [51]

See also

Related Research Articles

A browser engine is a core software component of every major web browser. The primary job of a browser engine is to transform HTML documents and other resources of a web page into an interactive visual representation on a user's device.

In computing, cross-platform software is computer software that is designed to work in several computing platforms. Some cross-platform software requires a separate build for each platform, but some can be directly run on any platform without special preparation, being written in an interpreted language or compiled to portable bytecode for which the interpreters or run-time packages are common or standard components of all supported platforms.

<span class="mw-page-title-main">ActiveX</span> Software framework by Microsoft introduced in 1996

ActiveX is a deprecated software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide Web. Microsoft introduced ActiveX in 1996. In principle, ActiveX is not dependent on Microsoft Windows operating systems, but in practice, most ActiveX controls only run on Windows. Most also require the client to be running on an x86-based computer because ActiveX controls contain compiled code.

This is a comparison of both historical and current web browsers based on developer, engine, platform(s), releases, license, and cost.

In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading. The sandbox metaphor derives from the concept of a child's sandbox—a play area where children can build, destroy, and experiment without causing any real-world damage. It is often used to kill untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted.

Netscape Plugin Application Programming Interface (NPAPI) is a deprecated application programming interface (API) for web browser plugins, initially developed for Netscape Navigator 2.0 in 1995 and subsequently adopted by other browsers.

A JavaScript engine is a software component that executes JavaScript code. The first JavaScript engines were mere interpreters, but all relevant modern engines use just-in-time compilation for improved performance.

A browser extension is a software module for customizing a web browser. Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and styling of web pages.

Google Developers is Google's site for software development tools and platforms, application programming interfaces (APIs), and technical resources. The site contains documentation on using Google developer tools and APIs—including discussion groups and blogs for developers using Google's developer products.

Turbo is a set of software products and services developed by the Code Systems Corporation for application virtualization, portable application creation, and digital distribution. Code Systems Corporation is an American corporation headquartered in Seattle, Washington, and is best known for its Turbo products that include Browser Sandbox, Turbo Studio, TurboServer, and Turbo.

<span class="mw-page-title-main">Google Chrome</span> Web browser developed by Google

Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, and also for Android, where it is the default browser. The browser is also the main component of ChromeOS, where it serves as the platform for web applications.

<span class="mw-page-title-main">Chromium (web browser)</span> Open-source web browser project

Chromium is a free and open-source web browser project, primarily developed and maintained by Google. It is a widely-used codebase, providing the vast majority of code for Google Chrome and many other browsers, including Microsoft Edge, Samsung Internet, and Opera. The code is also used by several app frameworks.

The W3C Geolocation API is an effort by the World Wide Web Consortium (W3C) to standardize an interface to retrieve the geographical location information for a client-side device. It defines a set of objects, ECMAScript standard compliant, that executing in the client application give the client's device location through the consulting of Location Information Servers, which are transparent for the application programming interface (API). The most common sources of location information are IP address, Wi-Fi and Bluetooth MAC address, radio-frequency identification (RFID), Wi-Fi connection location, or device Global Positioning System (GPS) and GSM/CDMA cell IDs. The location is returned with a given accuracy depending on the best location information source available.

<span class="mw-page-title-main">WebGL</span> JavaScript bindings for OpenGL in web browsers

WebGL is a JavaScript API for rendering interactive 2D and 3D graphics within any compatible web browser without the use of plug-ins. WebGL is fully integrated with other web standards, allowing GPU-accelerated usage of physics, image processing, and effects in the HTML canvas. WebGL elements can be mixed with other HTML elements and composited with other parts of the page or page background.

Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. It is a Candidate Recommendation of the W3C working group on Web Application Security, widely supported by modern web browsers. CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features.

<span class="mw-page-title-main">Chromium Embedded Framework</span> Free and open-source software framework

The Chromium Embedded Framework (CEF) is an open-source software framework for embedding a Chromium web browser within another application. This enables developers to add web browsing functionality to their application, as well as the ability to use HTML, CSS, and JavaScript to create the application's user interface.

asm.js is a subset of JavaScript designed to allow computer software written in languages such as C to be run as web applications while maintaining performance characteristics considerably better than standard JavaScript, which is the typical language used for such applications.

ANGLE is an open source, cross-platform graphics engine abstraction layer developed by Google. ANGLE translates OpenGL ES 2/3 calls to DirectX 9, 11, OpenGL or Vulkan API calls. It is a portable version of OpenGL but with limitations of OpenGL ES standard.

<span class="mw-page-title-main">Google App Runtime for Chrome</span> Compatibility layer and sandboxing technology

Android Runtime for Chrome (ARC) is a compatibility layer and sandboxing technology for running Android applications on desktop and laptop computers in an isolated environment. It allows applications to be safely run from a web browser, independent of user operating system, at near-native speeds.

<span class="mw-page-title-main">WebAssembly</span> Cross-platform assembly language and bytecode designed for execution in web browsers

WebAssembly (Wasm) defines a portable binary-code format and a corresponding text format for executable programs as well as software interfaces for facilitating communication between such programs and their host environment.

References

  1. "Google's Native Client goes live in Chrome". The Register . 16 September 2011. Retrieved 12 March 2016.
  2. 1 2 3 Metz, Cade (12 September 2011). "Google Native Client: The web of the future – or the past?". The Register. Retrieved 17 September 2011.
  3. "ZeroVM Architecture". Archived from the original on 8 February 2014. Retrieved 16 March 2014.
  4. Rosenblatt, Seth (9 December 2011). "Native Client turns Chrome into high-end gaming platform". CNET. Archived from the original on 28 August 2012. Retrieved 9 December 2011.
  5. "Google Code Blog: Games, apps and runtimes come to Native Client". Googlecode.blogspot.com. 9 December 2011. Retrieved 25 April 2012.
  6. "NaCl and PNaCl".
  7. "Bugs.chromium.org". 12 October 2016. Retrieved 12 October 2016.
  8. 1 2 "Goodbye PNaCl, Hello WebAssembly!". Chromium Blog. Retrieved 31 May 2017.
  9. "WebAssembly Migration Guide - Google Chrome". developer.chrome.com. Retrieved 20 December 2018.
  10. "Changes to the Chrome App Support Timeline". Chromium Blog. 10 August 2020.
  11. Li, Abner (10 August 2020). "Google delays deprecation of Chrome Apps on all platforms". 9to5Google . Retrieved 2 October 2021.
  12. "Google Native Client on Google Code" . Retrieved 25 April 2012.
  13. davemichael (3 October 2020). "GitHub - davemichael/NaCl-Quake: Quake for Native Client (based on the SDL Quake port)". GitHub.
  14. "The Battle for Wesnoth".
  15. "Index of /".
  16. "Chrome Web Store - Lara Croft and the Guardian of Light". Archived from the original on 8 December 2013. Retrieved 26 November 2013.
  17. "From Dust". Archived from the original on 12 March 2016. Retrieved 24 February 2016.
  18. Chen, Brad (8 December 2008). "Native Client: A Technology for Running Native Code on the Web". Google-code-updates.blogspot.com. Retrieved 25 April 2012.
  19. "The Chromium Blog: Native Client Brings Sandboxed Native Code to Chrome Web Store Apps". Blog.chromium.org. 18 August 2011. Retrieved 25 April 2012.
  20. "Google Code Blog: Portable Native Client: The "pinnacle" of speed, security, and portability". blog.chromium.org. 12 November 2013. Retrieved 16 March 2014.
  21. 1 2 "Unvanquished Continues Work On Its PNaCl Support". Phoronix . 15 March 2014. Retrieved 3 December 2024. PNaCl sandboxes allow game-play developers to use modern C++ and C/C++ libraries directly within their virtual machines and will allow for better code sharing between the engine code and game logic. PNaCl is also reported to offer better performance than the original Quake III virtual machines.
  22. "Google's Native Client goes ARM and beyond". The H. 18 March 2010. Retrieved 19 May 2010.
  23. "PNaCl: Portable Native Client Executables" (PDF). Archived from the original (PDF) on 2 May 2012. Retrieved 25 April 2012.
  24. Sehr, David; Muth, Robert; Biffle, Cliff L.; Khimenko, Victor; Pasko, Egor; Yee, Bennet; Schimpf, Karl; Chen, Brad (2010). "Adapting Software Fault Isolation to Contemporary CPU Architectures". 19th USENIX Security Symposium. Retrieved 31 July 2011.
  25. 1 2 Yee, Bennet; Sehr, David; Dardyk, Greg; Chen, Brad; Muth, Robert; Ormandy, Tavis; Okasaka, Shiki; Narula, Neha; Fullagar, Nicholas (2009). "Native Client: A Sandbox for Portable, Untrusted x86 Native Code". IEEE Symposium on Security and Privacy (Oakland'09). Retrieved 31 July 2011.
  26. "Native Client: Building". developer.chrome.com. Retrieved 16 March 2014.
  27. "Technical Overview".[ permanent dead link ]
  28. "Pepper Plugin API project at". Archived from the original on 9 September 2016. Retrieved 25 April 2012.
  29. "Chrome Source: Index of /trunk/src/ppapi". Src.chromium.org. Retrieved 25 April 2012.
  30. "The road to safer, more stable, and flashier Flash". 8 August 2012. Retrieved 10 August 2013.
  31. Metz, Cade (18 June 2010). "Google hugs Adobe harder with Chrome-PDF merge". The Register. Retrieved 25 April 2012.
  32. "Getting Started: Background and Basics – The Chromium Projects". Chromium.org. Retrieved 25 April 2012.
  33. "Pepper.wiki". 24 February 2012. Retrieved 25 April 2012.
  34. "Release Notes".
  35. Metz, Cade (13 May 2010). "Google heats up native code for Chrome OS". Theregister.co.uk. Retrieved 25 April 2012.
  36. Anthony Laforge (10 August 2020). "Changes to the Chrome App Support Timeline". Chromium Blog.
  37. Zbarsky, Boris. "Bug 729481 - Support the "Pepper" Plugin api" . Retrieved 15 April 2016.
  38. Metz, Cade (3 October 2016). "Project Mortar". Mozilla. Retrieved 30 October 2016.
  39. "Flash & The Future of Interactive Content". Adobe Inc. 25 July 2017. Archived from the original on 2 December 2017. Retrieved 31 July 2023.
  40. Salter, Jim (4 May 2021). "Goodbye again, Flash—Microsoft makes removal from Windows 10 mandatory". Ars Technica. Retrieved 1 August 2023.
  41. "The Go Playground".
  42. "Inside the Go Playground - The Go Blog". blog.golang.org. Retrieved 27 August 2016.
  43. Larabel, Michael (9 July 2015). "Unvanquished Alpha 41 Released, Still Moving Towards NaCl VM Usage". Phoronix . Retrieved 3 December 2024. They've continued moving along with their open-source game and Daemon engine. […] their libRocket implementation has moved into the NaCl VM.
  44. "Unvanquished Continues Work On Its PNaCl Support". Phoronix . 15 March 2014. Retrieved 3 December 2024. Open-source Unvanquished developers continue working on support for using Google's Portable Native Client (PNaCl) to replace Quake III QVMs.
  45. "Unvanquished Alpha 34 Brings Fixes, Still Being Ported To PNaCl". Phoronix . 8 December 2014. Retrieved 3 December 2024. Under the hood, they remain hard at work on porting the game logic from QVMs to Portable Native Client (PNaCl).
  46. Austin, Chad (8 January 2011). "Chad Austin: In Defense of Language Democracy (Or: Why the Browser Needs a Virtual Machine)". Chadaustin.me. Retrieved 25 April 2012.
  47. Carmack, John (3 August 2012). "QuakeCon 2012". youtube.com. Retrieved 26 August 2012.
  48. Metz, Cade (24 June 2010). "Mozilla: Our browser will not run native code". The Register. Retrieved 25 April 2012.
  49. "Beta release of PHP 7.2 in the Google App Engine standard environment | Hacker News".
  50. "Google/Gvisor". GitHub . 15 October 2021.
  51. Avram, Abel (31 May 2017). "Google Is to Remove Support for PNaCl". InfoQ. Retrieved 1 August 2020. As a replacement, Google is now pushing WebAssembly.

Examples

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.