Compute in the browser: Google’s Native Client (NaCl) Explained
Google Chrome has put the web in turbo mode. Native Client enables browser plug-ins to harvest immense CPU power for games, HD films and computing-intensive applications.
If everything goes according to Google’s plans, you will need only a browser on your system in the future. Without any additional tools, you will be able to do everything that you usually use your PC for: editing images, writing mails, burning discs, or playing action games with complex graphics. This all is enabled by a simple browser plug-in: The Native Client (NaCl). It runs programming code downloaded by the browser from the internet. Its main attraction is that such code can be written in C or C++, typically the former, which would enable even standalone applications like Nero or Photoshop.
Take a first look
Google’s plugin executes web applications on the PC in order for these applications to work as fast as local programs, Native Client must have direct access to the CPU and RAM without putting the system at risk. The client isolates the programing code with two safety rings so as to protect the operating system. The inner sandbox scans the .EXE for corrupt code, while the outer sandbox checks the system commands which are to be executed. The Inter Module Communication layer allocates memory to be shared between the browser and NaCl.
More Power: Direct access to the CPU and main memory
NaCl converts code into machine language, stores it in the RAM, and allows it to be processed by the CPU. It therefore achieves high performance while making it appear as if the applications are being executed by the operating system. Furthermore, as compared to the browser, it also features multithreading and can use the processor instruction sets such as MMX and SSE. As proof, Google compiled the Quake game engine for its client and compared the performance against the standalone version. The result: both versions achieve the same frame rate. According to Google’s calculations, even a worst-case scenario will show only a five percent loss in performance. These are values which other environments for Web code like Java, Silverlight, and AIR cannot even come close to. Additionally, the programs will have to be written freshly since the C languages do not cope well with them. Even languages like ActionScript are not powerful enough to be able to convert such sophisticated applications. But the Native Client has to overcome a different problem because of this: security. As a micro-kernel, NaCl assumes the role of the operating system for running its applications, allowing it to directly access the hardware resources. The code must be strictly checked so that it does not overwrite areas of the RAM where the operating system stores its data. This security aspect is critical and should be transparent to the user when the Native Client becomes active. It starts in the background as soon as it is required, without requiring user intervention.
Security: Two safety shields against corrupt code
The inner sandbox decomplies the code. During this process, a validator inspects the code for unsafe elements by identifying whether it belongs to the address area. It also checks whether the code can be reliably executed and only then does it authenticate that the code contains secured commands. It should not overwrite the EXE in the system memory since the address holding it is already defined. While the inner sandbox remains the same for all versions, the outer sandbox is customized for individual host operating systems. This layer verifies whether the commands run by the EXE are harmless. Google has reduced the number of approved system accesses in the NaCl application to 46: all the remaining ones are blocked by the outer sandbox. This is why developers cannot adapt available applications directly; they must be recompiled for the Native Client. Another layer called Inter Module Communication (IMC) is responsible for the communication between the EXE file and the browser or any other NaCl application. It ensures that all the involving components are accessing the same data. For example, in the case of image editing, an application using NaCl could immediately optimize a photo displayed in the browser. Furthermore, there is a multimedia interface available for displaying individual frames for films and games.
Native Client could operate in every browser
Google offers Native Client along with examples to demonstrate its efficiency under an open source license to the web community. It is now up to other browser developers to port it for their applications. At present, Native Client operates successfully on all browsers with the only exception being Internet Explorer. The final version, however, should not be bigger than 400 KB and will most likely to function in IE.
Allaying the suspicious of web forum members, Google completely denies that Native Client is the core of an independent operating system. “Although NaCl uses a computer’s CPU and RAM resources, it is not allowed to write data to the hard disk”, the company points out. NaCl was not conceptualized as an operating system, but it certainly has the potential to revolutionize Web usage, since it is far superior to all other solutions in terms of performance. And eventually, if in the future we are able to store all our data in the cloud using online storage services, then it’s possible that a future operating system may not even require hard disk access.
With Native Client, Google now allows for performance levels that are missing in all current online applications, thereby making them as fast as regular offline software. Should its security measures prove to be infallible, the browser plugin will once again reinvent the Web, provided enough developers customize their programs for it.