{{+bindTo:partials.standard_nacl_article}}

Technical Overview

Native Client (NaCl) is an open-source technology for running native compiled code in the browser, with the goal of maintaining the portability and safety that users expect from web applications. Native Client expands web programming beyond JavaScript, enabling you to enhance your web applications using your preferred language. This document describes some of the key benefits and common use cases of Native Client.

Google has implemented the open-source Native Client project in the Chrome browser on Windows, Mac, Linux, and Chrome OS. The Native Client Software Development Kit (SDK), itself an open-source project, lets you create web applications that use NaCl and run in Chrome across multiple platforms.

A Native Client web application consists of JavaScript, HTML, CSS, and a NaCl module written in a language supported by the SDK. The NaCl SDK currently supports C and C++; as compilers for additional languages are developed, the SDK will be updated.

A web application with and without Native Client

A web application with and without Native Client

Native Client comes in two flavors: traditional (NaCl) and portable (PNaCl). Traditional, which must be distributed through the Chrome Web Store lets you target a specific hardware platform. Portable can run on the open web. A bitcode file that can be loaded from any web server is downloaded to a client machine and converted to hardware-specific code before any execution. For details, see NaCl and PNaCl.

Why use Native Client?

Native Client open-source technology is designed to run compiled code securely inside a browser at near-native speeds. Native Client gives web applications some advantages of desktop software. Specifically, it provides the means to fully harness the client’s computational resources for applications such as:

Native Client gives C and C++ (and other languages targeting it) the same level of portability and safety as JavaScript.

Benefits of Native Client

Benefits of Native Client include:

Common use cases

Typical use cases for Native Client include the following:

How Native Client works

Native Client is an umbrella name for a set of related software components for developing C/C++ applications and running them securely on the web. At a high level, Native Client consists of:

The following diagram shows how these components interact:

The Native Client toolchains and their outputs

The Native Client toolchains and their outputs

Toolchains

A Native Client toolchain consists of a compiler, a linker, an assembler and other tools that are used to convert C/C++ source code into a module that is loadable by a browser.

The Native Client SDK provides two toolchains:

The PNaCl toolchain is recommended for most applications. The NaCl-GCC toolchain should only be used for applications that won’t be distributed on the open web.

Security

Since Native Client permits the execution of native code on client machines, special security measures have to be implemented:

These security measures are in addition to the existing sandbox in the Chrome browser. The Native Client module always executes in a process with restricted permissions. The only interaction between this process and the outside world is through defined browser interfaces. Because of the combination of the NaCl sandbox and the Chrome sandbox, we say that Native Client employs a double sandbox design.

Portable Native Client (PNaCl, prounounced “pinnacle”) employs state-of-the-art compiler technology to compile C/C++ source code to a portable bitcode executable (pexe). PNaCl bitcode is an OS- and architecture-independent format that can be freely distributed on the web and embedded in web applications.

The PNaCl translator is a component embedded in the Chrome browser; its task is to run pexe modules. Internally, the translator compiles a pexe to a nexe (described above), and then executes the nexe within the Native Client sandbox as described above. The translator uses intelligent caching to avoid re-compiling the pexe if it was previously compiled on the client’s browser.

Native Client also supports the execution of nexe modules directly in the browser. However, since nexes contain architecture-specific machine code, they are not allowed to be distributed on the open web. They can only be used as part of applications and extensions that are installed from the Chrome Web Store.

For more details on the difference between NaCl and PNaCl, see NaCl and PNaCl.

Structure of a web application

A Native Client application consists of a set of files:

Structure of a web application

Structure of a web application

For more details, see Application Structure.

Pepper plug-in API

The Pepper plug-in API (PPAPI), called Pepper for convenience, is an open-source, cross-platform C/C++ API for web browser plug-ins. Pepper allows a C/C++ module to communicate with the hosting browser and to access system-level functions in a safe and portable way. One of the security constraints in Native Client is that modules cannot make OS-level calls. Pepper provides analogous APIs that modules can use instead.

You can use the Pepper APIs to gain access to the full array of browser capabilities, including:

Pepper includes both a C API and a C++ API. The C++ API is a set of bindings written on top of the C API. For additional information about Pepper, see Pepper Concepts.

Where to start

The Quick Start document provides links to downloads and documentation to help you get started with developing and distributing Native Client applications.

{{/partials.standard_nacl_article}}