Google Native Client

Native Client was an open-source project developed by Google.{{cite web |url=https://code.google.com/p/nativeclient/ |title=Google Native Client on Google Code |access-date=25 April 2012}} Games such as Quake,{{cite web |url=https://github.com/davemichael/NaCl-Quake|title=GitHub - davemichael/NaCl-Quake: Quake for Native Client (based on the SDL Quake port)|author=davemichael|work=GitHub|date=3 October 2020}} XaoS, Battle for Wesnoth,{{cite web |url=https://chrome.google.com/webstore/detail/the-battle-for-wesnoth/pobnonecghmlpppkkjpdiiblmakhhldb|title=The Battle for Wesnoth}} Doom,{{cite web |url=http://doom.pdox.net|title=Index of /}} Lara Croft and the Guardian of Light,{{Cite web |url=https://chrome.google.com/webstore/detail/lara-croft-and-the-guardi/dcfdbmpeeihbpddkneaploeinlbaaodn |title=Chrome Web Store - Lara Croft and the Guardian of Light |access-date=26 November 2013 |archive-url=https://web.archive.org/web/20131208080414/https://chrome.google.com/webstore/detail/lara-croft-and-the-guardi/dcfdbmpeeihbpddkneaploeinlbaaodn |archive-date=8 December 2013 |url-status=dead}} From Dust,{{cite web|url=https://chrome.google.com/webstore/detail/from-dust/anelkojiepicmcldgnmkplocifmegpfj|title=From Dust|access-date=24 February 2016|archive-url=https://web.archive.org/web/20160312080315/https://chrome.google.com/webstore/detail/from-dust/anelkojiepicmcldgnmkplocifmegpfj|archive-date=12 March 2016|url-status=dead}} and MAME, as well as the sound processing system Csound, have been ported to Native Client. Native Client has been available in the Google Chrome web browser since version 14, and has been enabled by default since version 31, when the Portable Native Client (PNaCl, pronounced: pinnacle) was released.{{cite web |last=Chen |first=Brad |url=http://googlecode.blogspot.com/2008/12/native-client-technology-for-running.html |title=Native Client: A Technology for Running Native Code on the Web |publisher=Google-code-updates.blogspot.com |date=8 December 2008 |access-date=25 April 2012}}{{cite web |url=https://blog.chromium.org/2011/08/native-client-brings-sandboxed-native.html |title=The Chromium Blog: Native Client Brings Sandboxed Native Code to Chrome Web Store Apps |publisher=Blog.chromium.org |date=18 August 2011 |access-date=25 April 2012}}{{cite web |url=https://blog.chromium.org/2013/11/portable-native-client-pinnacle-of.html |title=Google Code Blog: Portable Native Client: The "pinnacle" of speed, security, and portability |publisher=blog.chromium.org |date=12 November 2013 |access-date=16 March 2014}} Native Client has also been used to safely run downloaded code in software other than web browsers, like in the Dæmon game engine.

An ARM implementation was released in March 2010.{{cite web |url=http://www.h-online.com/open/news/item/Google-s-Native-Client-goes-ARM-and-beyond-957478.html|title=Google's Native Client goes ARM and beyond|publisher=The H|date=18 March 2010|access-date=19 May 2010}} x86-64, IA-32, and MIPS were also supported.

To run an application portably under PNaCl, it must be compiled to an architecture-agnostic and stable subset of the LLVM intermediate representation bytecode.{{cite web|url=http://nativeclient.googlecode.com/svn/data/site/pnacl.pdf |title=PNaCl: Portable Native Client Executables|access-date=25 April 2012 |url-status=dead |archive-url=https://web.archive.org/web/20120502135033/http://nativeclient.googlecode.com/svn/data/site/pnacl.pdf |archive-date=2 May 2012}} The executables are called PNaCl executables (pexes). The PNaCl Toolchain makes .pexe files; NaCl Toolchain .nexe files. The magic number of .nexe files is 0x7F 'E' 'L' 'F', which is ELF. In Chrome, they are translated to architecture-specific executables so that they can be run.

NaCl uses software fault detection and isolation for sandboxing on x86-64 and ARM.{{cite web |url=http://research.google.com/pubs/pub35649.html|title=Adapting Software Fault Isolation to Contemporary CPU Architectures|first1=David |last1=Sehr |first2=Robert |last2=Muth |first3=Cliff L. |last3=Biffle |first4=Victor |last4=Khimenko |first5=Egor |last5=Pasko |first6=Bennet |last6=Yee |first7=Karl |last7=Schimpf |first8=Brad |last8=Chen |year=2010|publisher= 19th USENIX Security Symposium|access-date=31 July 2011}} The x86-32 implementation of Native Client is notable for its novel sandboxing method, which makes use of the x86 architecture's rarely used segmentation facility.{{cite web |url=http://research.google.com/pubs/pub34913.html|title=Native Client: A Sandbox for Portable, Untrusted x86 Native Code|access-date=31 July 2011|first1=Bennet |last1=Yee |first2=David |last2=Sehr |first3=Greg |last3=Dardyk |first4=Brad |last4=Chen |first5=Robert |last5=Muth |first6=Tavis |last6=Ormandy |first7=Shiki |last7=Okasaka |first8=Neha |last8=Narula |first9=Nicholas |last9=Fullagar |publisher= IEEE Symposium on Security and Privacy (Oakland'09)|year=2009}} Native Client sets up x86 segments to restrict the memory range that the sandboxed code can access. It uses a code verifier to prevent use of unsafe instructions such as those that perform system calls. To prevent the code from jumping to an unsafe instruction hidden in the middle of a safe instruction, Native Client requires that all indirect jumps be jumps to the start of 32-byte-aligned blocks, and instructions are not allowed to straddle these blocks. Because of these constraints, C and C++ code must be recompiled to run under Native Client, which provides customized versions of the GNU toolchain, specifically GNU Compiler Collection (GCC), GNU Binutils, and LLVM.

Native Client is licensed under a BSD-style license.

Native Client uses Newlib as its C library, but a port of GNU C Library (GNU libc) is also available.{{cite web |url=http://developer.chrome.com/native-client/devguide/devcycle/building |title=Native Client: Building |publisher=developer.chrome.com |access-date=16 March 2014}}

{{See also|NPAPI#PPAPI}}

NaCl denotes sodium chloride, common table salt; as a pun, the name of pepper was also used. Pepper API is a cross-platform, open-source API for creating Native Client modules.{{cite web|url=https://developer.chrome.com/native-client/overview|archive-url=https://web.archive.org/web/20140228181744/http://developer.chrome.com/native-client/overview|url-status=dead|archive-date=28 February 2014|title=Technical Overview}} Pepper Plugin API, or PPAPI{{cite web |url=https://developer.chrome.com/native-client/pepper_stable/index |title=Pepper Plugin API project at |access-date=25 April 2012 |archive-date=9 September 2016 |archive-url=https://web.archive.org/web/20160909014923/https://developer.chrome.com/native-client/pepper_stable/index |url-status=dead }}{{cite web |url=https://src.chromium.org/viewvc/chrome/trunk/src/ppapi/ |title=Chrome Source: Index of /trunk/src/ppapi |publisher=Src.chromium.org |access-date=25 April 2012}} is a cross-platform API for Native Client-secured web browser plugins, first based on Netscape's NPAPI, then rewritten from scratch. It was used in Chromium and Google Chrome to enable the PPAPI version of Adobe Flash{{cite web |url=https://blog.chromium.org/2012/08/the-road-to-safer-more-stable-and.html |title=The road to safer, more stable, and flashier Flash |date=8 August 2012 |access-date=10 August 2013}} and the built-in PDF viewer.{{cite web |last=Metz |first=Cade |url=https://www.theregister.co.uk/2010/06/18/chrome_dev_builds_get_built_in_pdf_reader/ |title=Google hugs Adobe harder with Chrome-PDF merge |publisher=The Register |date=18 June 2010 |access-date=25 April 2012}}

On 12 August 2009, a page on Google Code introduced a new project, Pepper, and the associated Pepper Plugin API (PPAPI),{{cite web |url=https://www.chromium.org/nativeclient/getting-started/getting-started-background-and-basics#TOC-Pepper-Plugin-API-PPAPI- |title=Getting Started: Background and Basics – The Chromium Projects |publisher=Chromium.org |access-date=25 April 2012}} "a set of modifications to NPAPI to make plugins more portable and more secure".{{cite web |url=https://code.google.com/p/ppapi/wiki/Concepts |title=Pepper.wiki |date=24 February 2012 |access-date=25 April 2012}} This extension is designed specifically to ease implementing out-of-process plugin execution. Further, the goals of the project are to provide a framework for making plugins fully cross-platform. Topics considered include:

• Uniform semantics for NPAPI across browsers.
• Execution in a separate process from the renderer-browser.
• Standardize rendering using the browser's compositing process.
• Defining standardized events, and 2D rasterizing functions.
• Initial attempt to provide 3D graphics access.
• Plugin registry.

The Pepper API also supports Gamepads (version 19) and WebSockets (version 18).{{cite web |url=https://developer.chrome.com/native-client/sdk/release-notes|title=Release Notes}}

{{As of|2010|5|13}}, Google's open source browser, Chromium, was the only web browser to use the new browser plug-in model.{{cite web |last=Metz |first=Cade |url=https://www.theregister.co.uk/2010/05/13/google_native_client_sdk/ |title=Google heats up native code for Chrome OS |publisher=Theregister.co.uk |date=13 May 2010 |access-date=25 April 2012}} As of 2020, Pepper is supported by Chrome, Chromium and Blink layout engine-based browsers such as Opera and Microsoft Edge.

In August 2020, Google announced that support for PPAPI would be removed from Google Chrome and Chromium in June 2022.{{cite web |url=https://blog.chromium.org/2020/08/changes-to-chrome-app-support-timeline.html |title=Changes to the Chrome App Support Timeline |date=10 August 2020 |author=Anthony Laforge |website=Chromium Blog }}

Firefox developers stated in 2014 that they would not support Pepper, as there were no full specification of the API beyond its implementation in Chrome, which itself was designed for use with Blink layout engine only, and had private APIs specific to the Flash Player plugin which were not documented.{{cite web |last1=Zbarsky|first1=Boris|title=Bug 729481 - Support the "Pepper" Plugin api|url=https://bugzilla.mozilla.org/show_bug.cgi?id=729481#c83|access-date=15 April 2016}} In October 2016 Mozilla announced that it had re-considered and was exploring whether to incorporate the Pepper API and PDFium in future releases of Firefox,{{cite web |last=Metz |first=Cade |url=https://wiki.mozilla.org/Mortar_Project |title=Project Mortar |publisher=Mozilla |date=3 October 2016 |access-date=30 October 2016}} however no such steps were taken. In July 2017, Adobe deprecated Flash and announced its end-of-life in the end of 2020.{{Cite web |date=July 25, 2017 |title=Flash & The Future of Interactive Content |url=https://theblog.adobe.com/adobe-flash-update/ |url-status=dead |archive-url=https://web.archive.org/web/20171202123704/https://theblog.adobe.com/adobe-flash-update/ |archive-date=December 2, 2017 |access-date=July 31, 2023 |publisher=Adobe Inc.}} By January 2021, Adobe Flash Player, Google Chrome, Firefox, Safari, and Windows{{Cite web |last=Salter |first=Jim |date=2021-05-04 |title=Goodbye again, Flash—Microsoft makes removal from Windows 10 mandatory |url=https://arstechnica.com/gadgets/2021/05/microsoft-will-remove-adobe-flash-from-windows-10-this-summer/ |access-date=2023-08-01 |website=Ars Technica |language=en-us}} received updates disabling or entirely removing Flash.

One website{{cite web |url=https://play.golang.org|title=The Go Playground}} used NaCL on the server to let users experiment with the Go programming language from their browsers.{{cite web |url=https://blog.golang.org/playground#TOC_3.|title=Inside the Go Playground - The Go Blog|website=blog.golang.org|access-date=2016-08-27}}

The open-source Unvanquished game makes use of Native Client in the Dæmon game engine{{cite web|title=Unvanquished Alpha 41 Released, Still Moving Towards NaCl VM Usage|quote=They've continued moving along with their open-source game and Daemon engine. […] their libRocket implementation has moved into the NaCl VM.|url=https://www.phoronix.com/news/Unvanquished-Alpha-41|first=Michael|last=Larabel|date=2015-07-09|access-date=2024-12-03|website=Phoronix}} in replacement of the Q3VM (Quake III virtual machine).{{cite web|title=Unvanquished Continues Work On Its PNaCl Support|quote=Open-source Unvanquished developers continue working on support for using Google's Portable Native Client (PNaCl) to replace Quake III QVMs.|url=https://www.phoronix.com/news/MTYzMDk|date=2014-03-15|access-date=2024-12-03|website=Phoronix}}{{cite web|title=Unvanquished Alpha 34 Brings Fixes, Still Being Ported To PNaCl|quote=Under the hood, they remain hard at work on porting the game logic from QVMs to Portable Native Client (PNaCl).|url=https://www.phoronix.com/news/MTg1NzA|date=2014-12-08|access-date=2024-12-03|website=Phoronix}} In such game engine, the Native Client sandbox is used to safely run arbitrary game code (mods) downloaded from game servers. Using the Native Client technology makes possible for gameplay developers to use the C++ language for games running in the virtual machine, to use C++ libraries, to share code between the game and the engine and to get better performance than with the Q3VM.{{cite web|title=Unvanquished Continues Work On Its PNaCl Support|quote=PNaCl sandboxes allow game-play developers to use modern C++ and C/C++ libraries directly within their virtual machines and will allow for better code sharing between the engine code and game logic. PNaCl is also reported to offer better performance than the original Quake III virtual machines.|url=https://www.phoronix.com/news/MTYzMDk|date=2014-03-15|access-date=2024-12-03|website=Phoronix}}

Some groups of browser developers supported the Native Client technology while others did not.

Chad Austin (of IMVU) praised the way Native Client can bring high-performance applications to the web (with about 5% penalty compared to native code) in a secure way, while also accelerating the evolution of client-side applications by giving a choice of the programming language used (besides JavaScript).{{cite web |last=Austin |first=Chad |url=http://chadaustin.me/2011/01/in-defense-of-language-democracy/ |title=Chad Austin: In Defense of Language Democracy (Or: Why the Browser Needs a Virtual Machine) |publisher=Chadaustin.me |date=8 January 2011 |access-date=25 April 2012}}

Id Software's John D. Carmack praised Native Client at QuakeCon 2012, saying: "if you have to do something inside a browser, Native Client is much more interesting as something that started out as a really pretty darn clever x86 hack in the way that they could sandbox all of this in user mode interestingly. It's now dynamic recompilation, but something that you program in C or C++ and it compiles down to something that's going to be not your -O4 optimization level for completely native code but pretty damn close to native code. You could do all of your evil pointer chasings, and whatever you want to do as a to-the-metal game developer."{{cite web |last=Carmack |first=John |url=https://www.youtube.com/watch?v=wt-iVFxgFWk&t=2h36m18s |title=QuakeCon 2012 |publisher=youtube.com |date=3 August 2012 |access-date=26 August 2012}}

Other IT professionals were more critical of this sandboxing technology as it had substantial or substantive interoperability issues.

Mozilla's vice president of products, Jay Sullivan, said that Mozilla has no plans to run native code inside the browser, as "These native apps are just little black boxes in a webpage. [...] We really believe in HTML, and this is where we want to focus."{{cite web |last=Metz |first=Cade |url=https://www.theregister.co.uk/2010/06/24/jay_sullivan_on_firefox/ |title=Mozilla: Our browser will not run native code |publisher=The Register |date=24 June 2010 |access-date=25 April 2012}}

Mozilla's Christopher Blizzard criticized NaCl, claiming that native code cannot evolve in the same way that the source code-driven web can. He also compared NaCl to Microsoft's ActiveX technology, plagued with DLL Hell.

Håkon Wium Lie, Opera's CTO, believed that "NaCl seems to be 'yearning for the bad old days, before the web'", and that "Native Client is about building a new platform – or porting an old platform into the web [...] it will bring in complexity and security issues, and it will take away focus from the web platform."

The second generation of sandboxing developed in Google is gVisor.{{Cite web|url=https://news.ycombinator.com/item?id=17810591|title=Beta release of PHP 7.2 in the Google App Engine standard environment | Hacker News}}{{Cite web|url=https://github.com/google/gvisor|title = Google/Gvisor|website = GitHub|date = 15 October 2021}} It is intended to replace NaCl in Google Cloud, to be more exact in Google App Engine. Google has also been promoting WebAssembly.{{Cite web|last=Avram|first=Abel|date=31 May 2017|title=Google Is to Remove Support for PNaCl|url=https://www.infoq.com/news/2017/05/pnacl-webassembly-google/|access-date=2020-08-01|website=InfoQ|language=en|quote=As a replacement, Google is now pushing WebAssembly.}}

{{Portal|Free and open-source software}}

• Application virtualization
• Emscripten
• Sandboxie, running Windows programs in a sandbox
• WebAssembly, a bytecode standard for web browsers
• XAML Browser Applications (XBAP)

{{reflist|colwidth=30em}}

• {{Official website}}
• {{cite web| url=https://bugs.chromium.org/p/nativeclient/issues/list| title=Issues - nativeclient| website=bugs.chromium.org| accessdate=2022-07-02}}
• {{YouTube|id=5RFjOec-TI0|title=Google I/O 2013 - Introduction to Portable Native Client (PNaCl)}}
• {{YouTube|id=2xV_0pTpNj0|title=Google I/O 2009 Native Code for Compute Intensive Web Apps}} – Technical talk at Google I/O 2009
• [https://code.google.com/p/naclports/wiki/PortList A list of OSS projects ported to Native Client]
• [https://chromium.googlesource.com/native_client/src/native_client.git Native Client source code in Git]
• [https://kangz.net/posts/2014/03/15/moving-the-server-side-gamelogic-to-pnacl/first=Corentin Game engine-focused introduction to Native Client with a comparison between the Quake3 Virtual Machine and PNaCL]
  {{cite web|title=Moving the server-side gamelogic to PNaCl|url=https://kangz.net/posts/2014/03/15/moving-the-server-side-gamelogic-to-pnacl/|first=Corentin|last=Wallez|date=2014-03-15|access-date=2024-12-03}}

• [http://folding.stanford.edu/nacl/ Folding@home]
• [https://gonativeclient.appspot.com/demo PNaCl examples] (runs in Chrome 31+, PNaCl, i.e. no installation needed)
• [https://developer.chrome.com/native-client/sdk/examples Native Client SDK Gallery]
• [https://web.archive.org/web/20180627170813/http://www.torapp.info/ torapp.info], vector editor, especially powerful for security printing (not PNaCl)
• [http://www.naclbox.com/ NACLBox], a port of DOSBox to Native Client (PNaCl)
• [https://chrome.google.com/webstore/detail/moehcjggbedbobepfihdamhnlneanioe SodaSynth], a synthesizer for Native Client (not PNaCl)
• [https://luzbel.github.io/vigasocosdl-la-abadia-del-crimen.pruebas/ Abadía del crimen], a port of the SDL version of Vigasoco (remake of La Abadía del Crimen) to Native Client (PNaCl)
• [http://coldev.webs.com/ Bennugd], a port of Bennugd Videogames examples to Native Client (PNaCl)

{{Google FOSS}}

{{Web interfaces}}

Category:Computer security software

Category:Software using the BSD license

Native Client

Category:Cross-platform free software