- Google Native Client
-
Google Native Client Developer(s) Google, others Preview release 1.0 / October 12, 2011 Development status Research Written in C++ Operating system Cross-platform: Microsoft Windows, Linux, Mac OS, Chrome OS Type Sandbox in web browsers for native code License New BSD license Website code.google.com/p/nativeclient Google Native Client (NaCl in an allusion to sodium chloride or common salt) is a sandboxing technology for running a subset of Intel x86 or ARM native code using software-based fault isolation.[1] Currently in development, it is proposed for safely running native code from a web browser, allowing web-based applications to run at near-native speeds[2], which aligns well with Google's plans about Chrome OS. It may also be used for securing browser plugins, and in the future parts of other applications or full applications.[3]
Contents
Overview
Native Client is an open source project being developed by Google.[4] To date, Quake, XaoS and MAME have been ported to Google Native Client Platform. Native Client was formerly available as an experimental disabled-by-default feature in the Google Chrome web browser.[2] The feature is enabled from version 14 of Chrome; at the same time, uploading native applications to Chrome Web Store is expected to be enabled, which will be the only way to run native client applications under Chrome for the time being.[5]
An ARM implementation was released in March 2010,[6] and x86-64 is also supported. However, As of March 2011[update], all three implementations can only use code compiled to the host's native instruction set. PNaCl (Portable Native Client, pronounced: pinnacle) is being developed to address this issue. To run an application portably under PNaCl, it must be compiled to an architecture-agnostic version of the LLVM intermediate representation bytecode.[7]
NaCl uses Software Fault Isolation for sandboxing on x86-64 and ARM.[8] The x86-32 implementation of Native Client is notable for its novel sandboxing method which makes use of the x86 architecture's rarely-used segmentation facility.[9] Native Client sets up x86 segments to restrict the memory range that the sandboxed code can access. It uses a code verifier to prevent use of unsafe instructions such as those that perform system calls. To prevent the code from jumping to an unsafe instruction hidden in the middle of a safe instruction, Native Client requires that all indirect jumps be jumps to the start of 32-byte-aligned blocks, and instructions are not allowed to straddle these blocks.[9] Because of these constraints, C code must be recompiled to run under Native Client, which provides customised versions of the GNU toolchain, specifically gcc and binutils.
Native Client is licensed under a BSD-style license.
Native Client uses Newlib as its C library, but a port of GNU libc is also available.[10]
Since release 0.5, Native Client has a stable ABI.[11] This roughly means that code compiled and running in the NaCl implementation of Google Chrome 14, will work in all future versions of Google Chrome.
Pepper
Pepper API is a cross-platform, open-source API for creating Native Client modules.[12] Pepper Plugin API, or PPAPI[13][14] is a cross-platform API for Native Client-secured web browser plugins, first based on Netscape's NPAPI, then rewritten from scratch. It is currently an experimental feature of Chromium and Google Chrome (there is a Chrome experiment in chrome://flags to enable the PPAPI version of Flash), though the built-in PDF-viewer already uses it[15].
Controversies
Some groups of browser developers support the Native Client technology, but others do not. This technology is controversial with x86 browser developers.
Supporters: Chad Austin (of IMVU) are praising the way Native Client can bring high-performance applications to the web (with about 5% penalty compared to native code) in a secure way, while also accelerating the evolution of client-side applications by giving a choice of the programming language used (beside JavaScript).[16]
Detractors: Other IT professionals are more critical of this sandboxing technology as it has substantial or substantive interoperability issues.
Mozilla's vice president of products, Jay Sullivan said it has no intention to run native code inside the browser, as
- "These native apps are just little black boxes in a webpage. [...] We really believe in HTML, and this is where we want to focus."[17]
Håkon Wium Lie, Opera's CTO believes that
- "NaCl seems to be 'yearning for the bad old days, before the web'", and that "Native Client is about building a new platform – or porting an old platform into the web [...] it will bring in complexity and security issues, and it will take away focus from the web platform."[3]
Christopher Blizzard, Mozilla's Open Source evangelist fears that without the source code, the pace of innovation will slow, and compares NaCl to Microsoft's ActiveX technology, plagued with DLL hell. In his views, even if it's secure, Native Client isn't a good thing.[3]
References
- ^ Efficient software-based fault isolation, Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham, 1993
- ^ a b Native Client: A Technology for Running Native Code on the Web
- ^ a b c Cade Metz (2011-09-12). "Google Native Client: The web of the future – or the past?". The Register. http://www.theregister.co.uk/2011/09/12/google_native_client_from_all_sides/. Retrieved 2011-09-17.
- ^ Google Native Client on Google Code
- ^ The Chromium Blog: Native Client Brings Sandboxed Native Code to Chrome Web Store Apps
- ^ "Google's Native Client goes ARM and beyond". The H. 18 March 2010. http://www.h-online.com/open/news/item/Google-s-Native-Client-goes-ARM-and-beyond-957478.html. Retrieved 2010-05-19.
- ^ PNaCl: Portable Native Client Executables
- ^ David Sehr, Robert Muth, Cliff L. Biffle, Victor Khimenko, Egor Pasko, Bennet Yee, Karl Schimpf, Brad Chen (2010). "Adapting Software Fault Isolation to Contemporary CPU Architectures". 19th USENIX Security Symposium. http://research.google.com/pubs/pub35649.html. Retrieved July 31, 2011.
- ^ a b Bennet Yee, David Sehr, Greg Dardyk, Brad Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, Nicholas Fullagar (2009). "Native Client: A Sandbox for Portable, Untrusted x86 Native Code". IEEE Symposium on Security and Privacy (Oakland'09). http://research.google.com/pubs/pub34913.html. Retrieved July 31, 2011.
- ^ NativeClient: Plash Wiki
- ^ Official NaCl Release Notes
- ^ Native Client SDK: Pepper C API
- ^ Pepper Plugin API project at code.google.com
- ^ Chrome Source: Index of /trunk/src/ppapi
- ^ The Register: Google hugs Adobe harder with Chrome-PDF merge
- ^ Chad Austin: In Defense of Language Democracy (Or: Why the Browser Needs a Virtual Machine)
- ^ The Register: Mozilla: Our browser will not run native code
External links
- GoNaCl.Com (Native Client Developer Site)
- Google Native Client Project Page
- Google I/O 2009 Native Code for Compute Intensive Web Apps on YouTube - Technical talk at Google I/O 2009
- NaClbox
- News4Geeks.net: Google Native Client: The web of the future – or the past? (a good overview)
Examples
- Native Client Gallery
- NACLBox, a port of DOSBox to Native Client
- SodaSynth, a synthesizer for Native Client
Google Inc. Executive Chairman: Eric Schmidt · Director/Technology President/Co-founder: Sergey Brin · CEO/Co-founder: Larry Page
Other directors: John Doerr · John L. Hennessy · Ann Mather · Paul Otellini · Ram Shriram · Shirley M. Tilghman · Senior Advisor: Al GoreAdvertising Ad Manager · AdMob · Adscape · AdSense · Advertising Professionals · AdWords · Analytics · Checkout · DoubleClick · Offers · WalletCommunication Software Platforms Account · Android (Google TV · Google Nexus) · App Engine · Apps · BigTable · Body · Caja · Custom Search · Dart · Earth Engine · Gears · Go · GFS · Music · Native Client · OpenSocial · Public DNS · Wallet · WaveDevelopment tools AJAX APIs · App Inventor · AtGoogleTalks · Closure Tools · Code · Gadgets API · GData · Googlebot · Guice · GWS · KML · MapReduce · SketchUp Ruby · Sitemaps · Summer of Code · Web Toolkit · Website Optimizer · SwiffyPublishing Google 3D Warehouse · Blogger · Bookmarks · Docs · FeedBurner · iGoogle · Jaiku · Knol · Map Maker · Panoramio · Picasa Web Albums · Sites (JotSpot) · YouTube · ZagatSearch (PageRank) Appliance · Audio · Books (Library Project · eBooks) · Code · Finance · Images · Maps (Street View) · News · Patents · Products · Scholar · Usenet · Videos · Web Search (History · Personalized · Real-Time · Instant Search) · Analysis: Insights for Search · TrendsDiscontinued Aardvark · Answers · Browser Sync · Base · Buzz · Click-to-Call · Desktop · Dodgeball · Fast Flip · GOOG-411 · Health · Image Labeler · Labs · Lively · Mashup Editor · Notebook · Pack · Page Creator · PowerMeter · SearchWiki · Sidewiki · Slide · Video Marketplace · Wave · Web AcceleratorRelated Acquisitions · AI Challenge · Bomb · Criticism · Doodles · Driverless car · Fiber · Foundation · Google China · Google Grants · Google.org · Googleplex · History · Hoaxes · Illegal flower tribute · I'm Feeling Lucky · I/O · Logo · Lunar X Prize · Monopoly City Streets · Products · Searchology · Unity · Ventures · WiFiStock symbol: (NASDAQ: GOOG, NYSE: GOOG, FWB: GGQ1) · Motto: Don't be evil · Website: google.com Categories:
Wikimedia Foundation. 2010.
