Google Native Client

Google Native Client (NaCl) is a sandboxing technology for running either a subset of Intel x86, ARM, or MIPS native code, or a portable executable, in a sandbox. It allows safely running native code from a web browser, independent of the user operating system, allowing web apps to run at near-native speeds, which aligns with Google's plans for Chrome OS. It may also be used for securing browser plugins, and parts of other applications or full applications such as ZeroVM.

To demonstrate the readiness of the technology, on 9 December 2011, Google announced the availability of several new Chrome-only versions of games known for their rich and processor-intensive graphics, including Bastion (no longer supported on the Chrome Web Store). NaCl runs hardware-accelerated 3D graphics (via OpenGL ES 2.0), sandboxed local file storage, dynamic loading, full screen mode, and mouse capture. There are also plans to make NaCl available on handheld devices.

Portable Native Client (PNaCl) is an architecture-independent version. PNaCl apps are compiled ahead-of-time. PNaCl is recommended over NaCl for most use cases. The general concept of NaCl (running native code in web browser) has been implemented before in ActiveX, which, while still in use, has full access to the system (disk, memory, user-interface, registry, etc.). Native Client avoids this issue by using sandboxing.

An alternative of sorts to NaCl is asm.js, which also allows applications written in C or C++ to be compiled to run in the browser (at more than half the native speed), and also supports ahead-of-time compilation, but is a subset of JavaScript and hence backwards-compatible with browsers that do not support it directly. Another alternative (while it may initially be powered by PNaCl) is WebAssembly.

On October 12, 2016, a comment on the Chromium issue tracker indicated that Google's Pepper and Native Client teams had been destaffed. On May 30, 2017, Google announced deprecation of PNaCl in favor of WebAssembly. Although initially Google planned to remove PNaCl in first quarter of 2018, and later in the second quarter of 2019, it is currently planned for removal in June 2022 (together with Chrome Apps).

Overview
Native Client is an open-source project being developed by Google. To date, Quake, XaoS, Battle for Wesnoth, Doom, Lara Croft and the Guardian of Light, From Dust, and MAME, as well as the sound processing system Csound, have been ported to Native Client. Native Client has been available in the Google Chrome web browser since version 14, and has been enabled by default since version 31, when the Portable Native Client (PNaCl, pronounced: pinnacle) was released.

An ARM implementation was released in March 2010. x86-64, IA-32, and MIPS are also supported.

To run an application portably under PNaCl, it must be compiled to an architecture-agnostic and stable subset of the LLVM intermediate representation bytecode. The executables are called PNaCl executables (pexes). The PNaCl Toolchain makes .pexe files; NaCl Toolchain .nexe files. The magic number of .nexe files is 0x7F 'E' 'L' 'F', which is ELF. In Chrome, they are translated to architecture-specific executables so that they can be run.

NaCl uses software fault detection and isolation for sandboxing on x86-64 and ARM. The x86-32 implementation of Native Client is notable for its novel sandboxing method, which makes use of the x86 architecture's rarely used segmentation facility. Native Client sets up x86 segments to restrict the memory range that the sandboxed code can access. It uses a code verifier to prevent use of unsafe instructions such as those that perform system calls. To prevent the code from jumping to an unsafe instruction hidden in the middle of a safe instruction, Native Client requires that all indirect jumps be jumps to the start of 32-byte-aligned blocks, and instructions are not allowed to straddle these blocks. Because of these constraints, C and C++ code must be recompiled to run under Native Client, which provides customized versions of the GNU toolchain, specifically GNU Compiler Collection (GCC), GNU Binutils, and LLVM.

Native Client is licensed under a BSD-style license.

Native Client uses Newlib as its C library, but a port of GNU C Library (GNU libc) is also available.

Pepper
NaCl denotes sodium chloride, common table salt; as a pun, the name of pepper was also used. Pepper API is a cross-platform, open-source API for creating Native Client modules. Pepper Plugin API, or PPAPI is a cross-platform API for Native Client-secured web browser plugins, first based on Netscape's NPAPI, then rewritten from scratch. It is currently used in Chromium and Google Chrome to enable the PPAPI version of Adobe Flash and the built-in PDF viewer.

PPAPI
On 12 August 2009, a page on Google Code introduced a new project, Pepper, and the associated Pepper Plugin API (PPAPI), "a set of modifications to NPAPI to make plugins more portable and more secure". This extension is designed specifically to ease implementing out-of-process plugin execution. Further, the goals of the project are to provide a framework for making plugins fully cross-platform. Topics considered include:
 * Uniform semantics for NPAPI across browsers.
 * Execution in a separate process from the renderer-browser.
 * Standardize rendering using the browser's compositing process.
 * Defining standardized events, and 2D rasterizing functions.
 * Initial attempt to provide 3D graphics access.
 * Plugin registry.

The Pepper API also supports Gamepads (version 19) and WebSockets (version 18).

, Google's open source browser, Chromium, was the only web browser to use the new browser plug-in model. As of 2020, Pepper is supported by Chrome, Chromium and Blink layout engine-based browsers such as Opera and Microsoft Edge.

In August 2020, Google announced that support for PPAPI would be removed from Google Chrome and Chromium in June 2022.

PPAPI in Firefox
Mozilla Firefox stated in 2014 that they would not support Pepper, as there is no full specification of the API beyond its implementation in Chrome, which itself is designed for use with Blink layout engine only, and has private APIs specific to the Flash Player plugin which are not documented. In October 2016 Mozilla announced that it had re-considered and was exploring whether to incorporate the Pepper API and PDFium in future releases of Firefox, however no such steps were taken.

Applications
One website uses NaCL on the server to let users experiment with the Go programming language from their browsers.

Reception
Some groups of browser developers support the Native Client technology, but others do not.

Supporters
Chad Austin (of IMVU) praised the way Native Client can bring high-performance applications to the web (with about 5% penalty compared to native code) in a secure way, while also accelerating the evolution of client-side applications by giving a choice of the programming language used (besides JavaScript).

Id Software's John D. Carmack praised Native Client at QuakeCon 2012, saying: "if you have to do something inside a browser, Native Client is much more interesting as something that started out as a really pretty darn clever x86 hack in the way that they could sandbox all of this in user mode interestingly. It's now dynamic recompilation, but something that you program in C or C++ and it compiles down to something that's going to be not your -O4 optimization level for completely native code but pretty damn close to native code. You could do all of your evil pointer chasings, and whatever you want to do as a to-the-metal game developer."

Detractors
Other IT professionals are more critical of this sandboxing technology as it has substantial or substantive interoperability issues.

Mozilla's vice president of products, Jay Sullivan, said that Mozilla has no plans to run native code inside the browser, as "These native apps are just little black boxes in a webpage. [...] We really believe in HTML, and this is where we want to focus."

Mozilla's Christopher Blizzard criticized NaCl, claiming that native code cannot evolve in the same way that the source code-driven web can. He also compared NaCl to Microsoft's ActiveX technology, plagued with DLL Hell.

Håkon Wium Lie, Opera's CTO, believes that "NaCl seems to be 'yearning for the bad old days, before the web'", and that "Native Client is about building a new platform – or porting an old platform into the web [...] it will bring in complexity and security issues, and it will take away focus from the web platform."

Second generation
The second generation of sandboxing developed in Google is gVisor. It is intended to replace NaCl in Google Cloud, to be more exact in Google App Engine. Google also has been promoting WebAssembly.

Examples

 * Folding@home
 * PNaCl examples (runs in Chrome 31+, PNaCl, i.e. no installation needed)
 * Native Client SDK Gallery
 * torapp.info, vector editor, especially powerful for security printing (not PNaCl)
 * NACLBox, a port of DOSBox to Native Client (PNaCl)
 * SodaSynth, a synthesizer for Native Client (not PNaCl)
 * pnacl-amiga-emulator, a port of UAE, an Amiga 500 emulator
 * Abadía del crimen, a port of the SDL version of Vigasoco (remake of La Abadía del Crimen) to Native Client (PNaCl)
 * Bennugd, a port of Bennugd Videogames examples to Native Client (PNaCl)