In order to increase the performance of CPU-intensive web applications, Google is developing Native Client, a browser technology used to run native code. Unlike Netscape’s NPAPI or Microsoft’s ActiveX plug-in technologies, Native Client runs in a double sandbox prohibiting access to the underlying operating system.
One of the ways to increase the performance of web applications is to allow the browser to run native applications. Instead of running JavaScript code, such an approach could run native code which is normally faster that its JS correspondent. The problem is that such code raises serious security issues like accessing the data or creating undesired network connections. That is one of the main complaints about NPAPI and ActiveX. Native Client intends to solve that problem by running the native application in a special sandbox preventing access to the underlying operating system. Native apps would only be able to use the CPU and communicate with the Native Client environment.
Native applications will run in a double sandbox: an outer one which is similar to other sandboxes used by browsers, and an inner one based on Software-Based Fault Isolation theory and using x86 memory segmentation forcing the native code to abide within the confines of allocated memory segments.
The Native Client has these goals, according to Portable Native Client Executables (PDF) whitepaper:
1. Provide an ISA-neutral format for compiled NaCl modules supporting a wide variety of target platforms without recompilation from source.
2. Make it easy for NaCl developers to build, test and deploy portable executable modules.
3. Support the x86-32, x86-64 and ARM instruction sets initially, but make it straightforward to support other popular general-purpose CPUs in future.
4. Preserve the security and performance properties of Native Client.
To ease the life of developers, Native Client modules are to be written in an any language then compiled to LLVM (Low Level Virtual Machine) bitcode. LLVM is a compiler infrastructure providing ISA neutrality, so the original code does not need to be ported to various target platforms. The bitcode is further optimized and saved in a file. If a web page contains an <object> tag whose type is Native Client, the browser will create the corresponding environment and will download the LLVM file. The bitcode is then translated into native code and analyzed to make sure it does not intend to perform illegal operations. Then it is run to execute the supposedly intensive CPU operations. The developers will need to write only once and deploy on multiple architectures, and the intermediary LLVM layer makes it possible to run the module even on newer architectures that did not exist at the time the code was written extending the reach of the application.
Google has created Native Client packages for Windows, Max OS X, and Linux for x86-32, x86-64 and ARM, and it is open to address any architecture of interest. The benchmarks (PDF) show that Native Client apps run at 97% the speed of an unmodified application both on x86 and ARM. Native Client works on Firefox, Safari, Opera, and Google Chrome. Examples of applications running on Native Client are Quake, a classic game, XaoS, an interactive fractal viewer, and Lua – a scripting engine.