• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1.. _overview:
2
3##################
4Technical Overview
5##################
6
7.. contents::
8  :local:
9  :backlinks: none
10  :depth: 2
11
12Introduction
13============
14
15**Native Client** (NaCl) is an open-source technology for running native
16compiled code in the browser, with the goal of maintaining the portability
17and safety that users expect from web applications. Native Client expands web
18programming beyond JavaScript, enabling developers to enhance their web
19applications using their preferred language. This document describes some of
20the key benefits and common use cases of Native Client.
21
22Google has implemented the open-source `Native Client project
23<http://www.chromium.org/nativeclient>`_ in the Chrome browser on Windows, Mac,
24Linux, and Chrome OS. The :doc:`Native Client Software Development Kit (SDK)
25<sdk/index>`, itself an open-source project, lets developers create web
26applications that use NaCl and run in Chrome across multiple platforms.
27
28A web application that uses Native Client generally consists of a combination of
29JavaScript, HTML, CSS, and a NaCl module that is written in a language supported
30by the SDK. The NaCl SDK currently supports C and C++; as compilers for
31additional languages are developed, the SDK will be updated to support those
32languages as well.
33
34.. image:: /images/web-app-with-nacl.png
35
36Why use Native Client?
37======================
38
39Native Client open-source technology is designed to run compiled code
40securely inside a browser at near-native speeds. Native Client puts web
41applications on the same playing field as traditional (locally-run)
42software---it provides the means to fully harness the client's computational
43resources for applications such as 3D games, multimedia editors, CAD modeling,
44client-side data analytics, and interactive simulations.
45Native Client also aims to give C and C++ (and eventually other languages) the
46same level of portability and safety that JavaScript provides on the web today.
47
48Here are a few of the key benefits that Native Client offers:
49
50* **Graphics, audio, and much more:** Run native code modules that render 2D
51  and 3D graphics, play audio, respond to mouse and keyboard events, run on
52  multiple threads, and access memory directly---all without requiring
53  the user to install a plugin.
54* **Portability:** Write your applications once and you'll be able to run them
55  across operating systems (Windows, Linux, Mac, and Chrome OS) and CPU
56  architectures (x86 and ARM).
57* **Easy migration path to the web:** Many developers and companies have years
58  of work invested in existing desktop applications. Native Client makes the
59  transition from the desktop to a web application significantly easier because
60  it supports C and C++.
61* **Security:** Native Client uses a double sandbox model designed to protect
62  the user's system from malicious or buggy applications. This model offers the
63  safety of traditional web applications without sacrificing performance and
64  without requiring users to install a plugin.
65* **Performance:** Native Client allows web applications to run at speeds
66  comparable to desktop applications (within 5-15% of native speed).
67  Native Client also allows applications to harness all available CPU cores via
68  a threading API; this enables demanding applications such as console-quality
69  games to run inside the browser.
70
71Common use cases
72================
73
74Typical use cases for Native Client include the following:
75
76* **Existing software components:** With support for C and C++, Native
77  Client enables you to reuse existing software modules in
78  web applications---you don't need to rewrite and debug code
79  that's already proven to work well.
80* **Legacy desktop applications:** Native Client provides a smooth migration
81  path from desktop applications to the web. You can port and recompile existing
82  code for the computation engine of your application directly to Native Client,
83  and need repurpose only the user interface and event handling portions to the
84  new browser platform. Native Client allows you to embed existing functionality
85  directly into the browser. At the same time, your application can take
86  advantage of things the browser does well: handling user interaction and
87  processing events, based on the latest developments in HTML5.
88* **Heavy computation in enterprise applications:** Native Client can handle the
89  number crunching required by large-scale enterprise applications. To ensure
90  protection of user data, Native Client enables you to build complex
91  cryptographic algorithms directly into the browser so that unencrypted data
92  never goes out over the network.
93* **Multimedia applications:** Codecs for processing sounds, images, and movies
94  can be added to the browser in a Native Client module.
95* **Games:** Native Client lets web applications run at close to native
96  speed, reuse existing multithreaded/multicore C/C++ code bases, and
97  access low-latency audio, networking APIs, and OpenGL ES with programmable
98  shaders. Native Client is a natural fit for running a physics engine or
99  artificial intelligence module that powers a sophisticated web game.
100  Native Client also enables applications to run unchanged across
101  many platforms.
102* **Any application that requires acceleration**: Native Client fits seamlessly
103  into web applications---it's up to you to decide to what extent to use it.
104  Use of Native Client covers the full spectrum from complete applications to
105  small optimized routines that accelerate vital parts of web apps.
106
107.. _link_how_nacl_works:
108
109How Native Client works
110=======================
111
112Native Client is an umbrella name for a set of interrelated software components
113that work together to provide a way to develop C/C++ applications and run them
114securely on the web.
115
116At a high level, Native Client consists of:
117
118* **Toolchains**: collections of development tools (compilers, linkers, etc.)
119  that transform C/C++ code to Native Client modules.
120* **Runtime components**: components embedded in the browser or other
121  host platforms that allow execution of  Native Client modules
122  securely and efficiently.
123
124The following diagram shows how these components interact:
125
126.. image:: /images/nacl-pnacl-component-diagram.png
127
128The left side of the diagram shows how to use Portable Native Client
129(PNaCl, pronounced "pinnacle"). Developers use the PNaCl toolchain
130to produce a single, portable (**pexe**) module. At runtime, a translator
131built into the browser translates the pexe into native code for the
132relevant client architecture.
133
134The right side of the diagram shows how to use traditional (non-portable)
135Native Client. Developers use a nacl-gcc based toolchain to produce multiple
136architecture-dependent (**nexe**) modules, which are packaged into an
137application. At runtime, the browser decides which nexe to load based
138on the architecture of the client machine.
139
140Security
141--------
142
143Since Native Client permits the execution of native code on client machines,
144special security measures have to be implemented:
145
146* The NaCl sandbox ensures that code accesses system resources only through
147  safe, whitelisted APIs, and operates within its limits without attempting to
148  interfere with other code running either within the browser or outside it.
149* The NaCl validator statically analyzes code prior to running it
150  to make sure it only uses code and data patterns that are permitted and safe.
151
152The above security measures are in addition to the existing sandbox in the
153Chrome browser---the Native Client module always executes in a process with
154restricted permissions. The only interaction between this process and the
155outside world is through sanctioned browser interfaces. Because of the
156combination of the NaCl sandbox and the Chrome sandbox, we say that
157Native Client employs a double sandbox design.
158
159Portability
160-----------
161
162Portable Native Client (PNaCl, prounounced "pinnacle") employs state-of-the-art
163compiler technology to compile C/C++ source code to a portable bitcode
164executable (**pexe**). PNaCl bitcode is an OS- and architecture-independent
165format that can be freely distributed on the web and :ref:`embedded in web
166applications<link_nacl_in_web_apps>`.
167
168The PNaCl translator is a component embedded in the Chrome browser; its task is
169to run pexe modules. Internally, the translator compiles a pexe to a nexe
170(a native executable for the client platform's architecture), and then executes
171the nexe within the Native Client sandbox as described above. It also uses
172intelligent caching to avoid re-compiling the pexe if it was previously compiled
173on the client's browser.
174
175Native Client also supports the execution of nexe modules directly in the
176browser. However, since nexes contain architecture-specific machine code,
177they are not allowed to be distributed on the open web---they can only be
178used as part of applications and extensions that are installed from the
179Chrome Web Store.
180
181For more details on the difference between NaCl and PNaCl, see
182:doc:`NaCl and PNaCl <nacl-and-pnacl>`.
183
184.. _toolchains:
185
186Toolchains
187----------
188
189A toolchain is a set of tools used to create an application from a set of
190source files. In the case of Native Client, a toolchain consists of a compiler,
191linker, assembler and other tools that are used to convert an
192application written in C/C++ into a module that is loadable by the browser.
193
194The Native Client SDK provides two toolchains:
195
196* a **PNaCl toolchain** for generating portable NaCl modules (pexe files)
197* a **gcc-based toolchain (nacl-gcc)** for generating non-portable NaCl modules
198  (nexe files)
199
200The PNaCl toolchain is recommended for most applications. The nacl-gcc
201toolchain should only be used for applications that will not be distributed
202on the open web.
203
204.. _link_nacl_in_web_apps:
205
206Native Client in a web application
207==================================
208
209.. _application_files:
210
211A Native Client application consists of a set of files:
212
213* **HTML**, **CSS**, and **JavaScript** files, as in any modern web
214  application. The JavaScript code is responsible for communicating with the
215  NaCl module.
216* A **pexe** (portable NaCl) file. This module uses the :ref:`Pepper
217  <link_pepper>` API, which provides the bridge to JavaScript and
218  browser resources.
219* A Native Client **manifest** file that specifies the pexe to load, along with
220  some loading options. This manifest file is embedded into the HTML page
221  through an ``<embed>`` tag, as shown in the figure below.
222
223.. image:: /images/nacl-in-a-web-app.png
224
225For more details, see :doc:`Application Structure
226<devguide/coding/application-structure>`.
227
228.. _link_pepper:
229
230Pepper Plugin API
231-----------------
232
233The Pepper Plugin API (PPAPI), called **Pepper** for convenience, is an
234open-source, cross-platform C/C++ API for web browser plugins. From the point
235of view of Native Client, Pepper allows a C/C++ module to communicate with
236the hosting browser and get access to system-level functions in a safe and
237portable way. One of the security constraints in Native Client is that modules
238cannot make any OS-level calls directly. Pepper provides analogous APIs that
239modules can target instead.
240
241You can use the Pepper APIs to gain access to the full array of browser
242capabilities, including:
243
244* :doc:`Talking to the JavaScript code in your application
245  <devguide/coding/message-system>` from the C++ code in your NaCl module.
246* :doc:`Doing file I/O <devguide/coding/file-io>`.
247* :doc:`Playing audio <devguide/coding/audio>`.
248* :doc:`Rendering 3D graphics <devguide/coding/3D-graphics>`.
249
250Pepper includes both a C API and a C++ API. The C++ API is a set of bindings
251written on top of the C API. For additional information about Pepper, see
252`Pepper Concepts <http://code.google.com/p/ppapi/wiki/Concepts>`_.
253
254Versioning
255==========
256
257Chrome is released on a six week cycle, and developer versions of Chrome are
258pushed to the public beta channel three weeks before each release. As with any
259software, each release of Chrome may include changes to Native Client and the
260Pepper interfaces that may require modification to existing applications.
261However, modules compiled for one version of Pepper/Chrome should work with
262subsequent versions of Pepper/Chrome. The SDK includes multiple `versions
263<https://developers.google.com/native-client/version>`_ of the Pepper APIs to
264help developers make adjustments to API changes and take advantage of new
265features.
266
267Where to start
268==============
269
270The :doc:`Quick Start <quick-start>` document provides links to downloads and
271documentation that should help you get started with developing and distributing
272Native Client applications.
273