1 .. _overview: 2 3 ################## 4 Technical Overview 5 ################## 6 7 .. contents:: 8 :local: 9 :backlinks: none 10 :depth: 2 11 12 Introduction 13 ============ 14 15 **Native Client** (NaCl) is an open-source technology for running native 16 compiled code in the browser, with the goal of maintaining the portability 17 and safety that users expect from web applications. Native Client expands web 18 programming beyond JavaScript, enabling developers to enhance their web 19 applications using their preferred language. This document describes some of 20 the key benefits and common use cases of Native Client. 21 22 Google has implemented the open-source `Native Client project 23 <http://www.chromium.org/nativeclient>`_ in the Chrome browser on Windows, Mac, 24 Linux, and Chrome OS. The :doc:`Native Client Software Development Kit (SDK) 25 <sdk/index>`, itself an open-source project, lets developers create web 26 applications that use NaCl and run in Chrome across multiple platforms. 27 28 A web application that uses Native Client generally consists of a combination of 29 JavaScript, HTML, CSS, and a NaCl module that is written in a language supported 30 by the SDK. The NaCl SDK currently supports C and C++; as compilers for 31 additional languages are developed, the SDK will be updated to support those 32 languages as well. 33 34 .. image:: /images/web-app-with-nacl.png 35 36 Why use Native Client? 37 ====================== 38 39 Native Client open-source technology is designed to run compiled code 40 securely inside a browser at near-native speeds. Native Client puts web 41 applications on the same playing field as traditional (locally-run) 42 software---it provides the means to fully harness the client's computational 43 resources for applications such as 3D games, multimedia editors, CAD modeling, 44 client-side data analytics, and interactive simulations. 45 Native Client also aims to give C and C++ (and eventually other languages) the 46 same level of portability and safety that JavaScript provides on the web today. 47 48 Here are a few of the key benefits that Native Client offers: 49 50 * **Graphics, audio, and much more:** Run native code modules that render 2D 51 and 3D graphics, play audio, respond to mouse and keyboard events, run on 52 multiple threads, and access memory directly---all without requiring 53 the user to install a plugin. 54 * **Portability:** Write your applications once and you'll be able to run them 55 across operating systems (Windows, Linux, Mac, and Chrome OS) and CPU 56 architectures (x86 and ARM). 57 * **Easy migration path to the web:** Many developers and companies have years 58 of work invested in existing desktop applications. Native Client makes the 59 transition from the desktop to a web application significantly easier because 60 it supports C and C++. 61 * **Security:** Native Client uses a double sandbox model designed to protect 62 the user's system from malicious or buggy applications. This model offers the 63 safety of traditional web applications without sacrificing performance and 64 without requiring users to install a plugin. 65 * **Performance:** Native Client allows web applications to run at speeds 66 comparable to desktop applications (within 5-15% of native speed). 67 Native Client also allows applications to harness all available CPU cores via 68 a threading API; this enables demanding applications such as console-quality 69 games to run inside the browser. 70 71 Common use cases 72 ================ 73 74 Typical use cases for Native Client include the following: 75 76 * **Existing software components:** With support for C and C++, Native 77 Client enables you to reuse existing software modules in 78 web applications---you don't need to rewrite and debug code 79 that's already proven to work well. 80 * **Legacy desktop applications:** Native Client provides a smooth migration 81 path from desktop applications to the web. You can port and recompile existing 82 code for the computation engine of your application directly to Native Client, 83 and need repurpose only the user interface and event handling portions to the 84 new browser platform. Native Client allows you to embed existing functionality 85 directly into the browser. At the same time, your application can take 86 advantage of things the browser does well: handling user interaction and 87 processing events, based on the latest developments in HTML5. 88 * **Heavy computation in enterprise applications:** Native Client can handle the 89 number crunching required by large-scale enterprise applications. To ensure 90 protection of user data, Native Client enables you to build complex 91 cryptographic algorithms directly into the browser so that unencrypted data 92 never goes out over the network. 93 * **Multimedia applications:** Codecs for processing sounds, images, and movies 94 can be added to the browser in a Native Client module. 95 * **Games:** Native Client lets web applications run at close to native 96 speed, reuse existing multithreaded/multicore C/C++ code bases, and 97 access low-latency audio, networking APIs, and OpenGL ES with programmable 98 shaders. Native Client is a natural fit for running a physics engine or 99 artificial intelligence module that powers a sophisticated web game. 100 Native Client also enables applications to run unchanged across 101 many platforms. 102 * **Any application that requires acceleration**: Native Client fits seamlessly 103 into web applications---it's up to you to decide to what extent to use it. 104 Use of Native Client covers the full spectrum from complete applications to 105 small optimized routines that accelerate vital parts of web apps. 106 107 .. _link_how_nacl_works: 108 109 How Native Client works 110 ======================= 111 112 Native Client is an umbrella name for a set of interrelated software components 113 that work together to provide a way to develop C/C++ applications and run them 114 securely on the web. 115 116 At a high level, Native Client consists of: 117 118 * **Toolchains**: collections of development tools (compilers, linkers, etc.) 119 that transform C/C++ code to Native Client modules. 120 * **Runtime components**: components embedded in the browser or other 121 host platforms that allow execution of Native Client modules 122 securely and efficiently. 123 124 The following diagram shows how these components interact: 125 126 .. image:: /images/nacl-pnacl-component-diagram.png 127 128 The left side of the diagram shows how to use Portable Native Client 129 (PNaCl, pronounced "pinnacle"). Developers use the PNaCl toolchain 130 to produce a single, portable (**pexe**) module. At runtime, a translator 131 built into the browser translates the pexe into native code for the 132 relevant client architecture. 133 134 The right side of the diagram shows how to use traditional (non-portable) 135 Native Client. Developers use a nacl-gcc based toolchain to produce multiple 136 architecture-dependent (**nexe**) modules, which are packaged into an 137 application. At runtime, the browser decides which nexe to load based 138 on the architecture of the client machine. 139 140 Security 141 -------- 142 143 Since Native Client permits the execution of native code on client machines, 144 special security measures have to be implemented: 145 146 * The NaCl sandbox ensures that code accesses system resources only through 147 safe, whitelisted APIs, and operates within its limits without attempting to 148 interfere with other code running either within the browser or outside it. 149 * The NaCl validator statically analyzes code prior to running it 150 to make sure it only uses code and data patterns that are permitted and safe. 151 152 The above security measures are in addition to the existing sandbox in the 153 Chrome browser---the Native Client module always executes in a process with 154 restricted permissions. The only interaction between this process and the 155 outside world is through sanctioned browser interfaces. Because of the 156 combination of the NaCl sandbox and the Chrome sandbox, we say that 157 Native Client employs a double sandbox design. 158 159 Portability 160 ----------- 161 162 Portable Native Client (PNaCl, prounounced "pinnacle") employs state-of-the-art 163 compiler technology to compile C/C++ source code to a portable bitcode 164 executable (**pexe**). PNaCl bitcode is an OS- and architecture-independent 165 format that can be freely distributed on the web and :ref:`embedded in web 166 applications<link_nacl_in_web_apps>`. 167 168 The PNaCl translator is a component embedded in the Chrome browser; its task is 169 to run pexe modules. Internally, the translator compiles a pexe to a nexe 170 (a native executable for the client platform's architecture), and then executes 171 the nexe within the Native Client sandbox as described above. It also uses 172 intelligent caching to avoid re-compiling the pexe if it was previously compiled 173 on the client's browser. 174 175 Native Client also supports the execution of nexe modules directly in the 176 browser. However, since nexes contain architecture-specific machine code, 177 they are not allowed to be distributed on the open web---they can only be 178 used as part of applications and extensions that are installed from the 179 Chrome Web Store. 180 181 For more details on the difference between NaCl and PNaCl, see 182 :doc:`NaCl and PNaCl <nacl-and-pnacl>`. 183 184 .. _toolchains: 185 186 Toolchains 187 ---------- 188 189 A toolchain is a set of tools used to create an application from a set of 190 source files. In the case of Native Client, a toolchain consists of a compiler, 191 linker, assembler and other tools that are used to convert an 192 application written in C/C++ into a module that is loadable by the browser. 193 194 The Native Client SDK provides two toolchains: 195 196 * a **PNaCl toolchain** for generating portable NaCl modules (pexe files) 197 * a **gcc-based toolchain (nacl-gcc)** for generating non-portable NaCl modules 198 (nexe files) 199 200 The PNaCl toolchain is recommended for most applications. The nacl-gcc 201 toolchain should only be used for applications that will not be distributed 202 on the open web. 203 204 .. _link_nacl_in_web_apps: 205 206 Native Client in a web application 207 ================================== 208 209 .. _application_files: 210 211 A Native Client application consists of a set of files: 212 213 * **HTML**, **CSS**, and **JavaScript** files, as in any modern web 214 application. The JavaScript code is responsible for communicating with the 215 NaCl module. 216 * A **pexe** (portable NaCl) file. This module uses the :ref:`Pepper 217 <link_pepper>` API, which provides the bridge to JavaScript and 218 browser resources. 219 * A Native Client **manifest** file that specifies the pexe to load, along with 220 some loading options. This manifest file is embedded into the HTML page 221 through an ``<embed>`` tag, as shown in the figure below. 222 223 .. image:: /images/nacl-in-a-web-app.png 224 225 For more details, see :doc:`Application Structure 226 <devguide/coding/application-structure>`. 227 228 .. _link_pepper: 229 230 Pepper Plugin API 231 ----------------- 232 233 The Pepper Plugin API (PPAPI), called **Pepper** for convenience, is an 234 open-source, cross-platform C/C++ API for web browser plugins. From the point 235 of view of Native Client, Pepper allows a C/C++ module to communicate with 236 the hosting browser and get access to system-level functions in a safe and 237 portable way. One of the security constraints in Native Client is that modules 238 cannot make any OS-level calls directly. Pepper provides analogous APIs that 239 modules can target instead. 240 241 You can use the Pepper APIs to gain access to the full array of browser 242 capabilities, including: 243 244 * :doc:`Talking to the JavaScript code in your application 245 <devguide/coding/message-system>` from the C++ code in your NaCl module. 246 * :doc:`Doing file I/O <devguide/coding/file-io>`. 247 * :doc:`Playing audio <devguide/coding/audio>`. 248 * :doc:`Rendering 3D graphics <devguide/coding/3D-graphics>`. 249 250 Pepper includes both a C API and a C++ API. The C++ API is a set of bindings 251 written on top of the C API. For additional information about Pepper, see 252 `Pepper Concepts <http://code.google.com/p/ppapi/wiki/Concepts>`_. 253 254 Versioning 255 ========== 256 257 Chrome is released on a six week cycle, and developer versions of Chrome are 258 pushed to the public beta channel three weeks before each release. As with any 259 software, each release of Chrome may include changes to Native Client and the 260 Pepper interfaces that may require modification to existing applications. 261 However, modules compiled for one version of Pepper/Chrome should work with 262 subsequent versions of Pepper/Chrome. The SDK includes multiple `versions 263 <https://developers.google.com/native-client/version>`_ of the Pepper APIs to 264 help developers make adjustments to API changes and take advantage of new 265 features. 266 267 Where to start 268 ============== 269 270 The :doc:`Quick Start <quick-start>` document provides links to downloads and 271 documentation that should help you get started with developing and distributing 272 Native Client applications. 273
