Google Native Client

Google Native Client (NaCl) is a sandboxing technology for running either a subset of Intel x86, ARM, or MIPS native code, or a portable executable, in a sandbox. It allows safely running native code from a web browser, independent of the user operating system, allowing web apps to run at near-native speeds, which aligns with Google's plans for Chrome OS. It may also be used for securing browser plugins, and parts of other applications or full applications[3] such as ZeroVM.[4]

To demonstrate the readiness of the technology, on 9 December 2011, Google announced the availability of several new Chrome-only versions of games known for their rich and processor-intensive graphics, including Bastion (no longer supported on the Chrome Web Store). NaCl runs hardware-accelerated 3D graphics (via OpenGL ES 2.0), sandboxed local file storage, dynamic loading, full screen mode, and mouse capture. There are also plans to make NaCl available on handheld devices.[5][6]

Portable Native Client (PNaCl) is an architecture-independent version. PNaCl apps are compiled ahead-of-time. PNaCl is recommended over NaCl for most use cases.[7] The general concept of NaCl (running native code in web browser) has been implemented before in ActiveX, which, while still in use, has full access to the system (disk, memory, user-interface, registry, etc.). Native Client avoids this issue by using sandboxing.

An alternative of sorts to NaCl is asm.js, which also allows applications written in C or C++ to be compiled to run in the browser (at more than half the native speed), and also supports ahead-of-time compilation, but is a subset of JavaScript and hence backwards-compatible with browsers that do not support it directly. Another alternative (while it may initially be powered by PNaCl) is WebAssembly.

On October 12, 2016, a comment on the Chromium issue tracker indicated that Google's Pepper and Native Client teams had been destaffed.[8] On May 30, 2017, Google announced deprecation of PNaCl in favor of WebAssembly.[9] Although initially Google planned to remove PNaCl in first quarter of 2018,[9] the removal is currently planned in the second quarter of 2019 (except for Chrome Apps).[10]

Google Native Client
Developer(s)Google, others
Initial releaseSeptember 16, 2011[1]
Stable release
SDK: Pepper 45 / 10 July 2015

Clients: Same as Google Chrome

Written inC, C++
Operating systemWindows, Linux, macOS, Chrome OS
Platformx86, ARM, MIPS
TypeSandbox in web browsers for native code
LicenseNew BSD


Native Client is an open-source project being developed by Google.[11] To date, Quake,[12] XaoS, Battle for Wesnoth,[13] Doom,[14] Lara Croft and the Guardian of Light,[15] From Dust,[16] and MAME, as well as the sound processing system Csound, have been ported to Native Client. Native Client has been available in the Google Chrome web browser since version 14, and has been enabled by default since version 31, when the Portable Native Client (PNaCl, pronounced: pinnacle) was released.[17][18][19]

An ARM implementation was released in March 2010.[20] x86-64, IA-32, and MIPS are also supported.

To run an application portably under PNaCl, it must be compiled to an architecture-agnostic and stable subset of the LLVM intermediate representation bytecode.[21] The executables are called PNaCl executables (pexes). The PNaCl Toolchain makes .pexe files; NaCl Toolchain .nexe files. The magic number of .nexe files is 0x7F 'E' 'L' 'F', which is ELF. In Chrome, they are translated to architecture-specific executables so that they can be run.

NaCl uses software fault detection and isolation for sandboxing on x86-64 and ARM.[22] The x86-32 implementation of Native Client is notable for its novel sandboxing method, which makes use of the x86 architecture's rarely used segmentation facility.[23] Native Client sets up x86 segments to restrict the memory range that the sandboxed code can access. It uses a code verifier to prevent use of unsafe instructions such as those that perform system calls. To prevent the code from jumping to an unsafe instruction hidden in the middle of a safe instruction, Native Client requires that all indirect jumps be jumps to the start of 32-byte-aligned blocks, and instructions are not allowed to straddle these blocks.[23] Because of these constraints, C and C++ code must be recompiled to run under Native Client, which provides customized versions of the GNU toolchain, specifically GNU Compiler Collection (GCC), GNU Binutils, and LLVM.

Native Client is licensed under a BSD-style license.

Native Client uses Newlib as its C library, but a port of GNU C Library (GNU libc) is also available.[24]


NaCl denotes sodium chloride, common table salt; as a pun, the name of pepper was also used. Pepper API is a cross-platform, open-source API for creating Native Client modules.[25] Pepper Plugin API, or PPAPI[26][27] is a cross-platform API for Native Client-secured web browser plugins, first based on Netscape's NPAPI, then rewritten from scratch. It is currently used in Chromium and Google Chrome to enable the PPAPI version of Adobe Flash[28] and the built-in PDF viewer.[29]


On 12 August 2009, a page on Google Code introduced a new project, Pepper, and the associated Pepper Plugin API (PPAPI),[30] "a set of modifications to NPAPI to make plugins more portable and more secure".[31] This extension is designed specifically to ease implementing out-of-process plugin execution. Further, the goals of the project are to provide a framework for making plugins fully cross-platform. Topics considered include:

  • Uniform semantics for NPAPI across browsers.
  • Execution in a separate process from the renderer-browser.
  • Standardize rendering using the browser's compositing process.
  • Defining standardized events, and 2D rasterizing functions.
  • Initial attempt to provide 3D graphics access.
  • Plugin registry.

The continuously evolving Pepper API also supports Gamepads (version 19) and WebSockets (version 18).[32]

As of 13 May 2010, Google's open source browser, Chromium, was the only web browser to use the new browser plug-in model.[33] As of 2015, Pepper is supported by Chrome, Chromium and Blink layout engine-based browsers such as Opera.

PPAPI in Firefox

Mozilla Firefox stated in 2014 that they would not support Pepper, as there is no full specification of the API beyond its implementation in Chrome, which itself is designed for use with Blink layout engine only, and has private APIs specific to the Flash Player plugin which are not documented.[34] In October 2016 Mozilla announced that it had re-considered and was exploring whether to incorporate the Pepper API and PDFium in future releases of Firefox,[35] however no such steps were taken.


One website[36] uses NaCL on the server to let users experiment with the Go programming language from their browsers.[37]


Some groups of browser developers support the Native Client technology, but others do not.


Chad Austin (of IMVU) praised the way Native Client can bring high-performance applications to the web (with about 5% penalty compared to native code) in a secure way, while also accelerating the evolution of client-side applications by giving a choice of the programming language used (besides JavaScript).[38]

Id Software's John D. Carmack praised Native Client at QuakeCon 2012, saying: "if you have to do something inside a browser, Native Client is much more interesting as something that started out as a really pretty darn clever x86 hack in the way that they could sandbox all of this in user mode interestingly. It's now dynamic recompilation, but something that you program in C or C++ and it compiles down to something that's going to be not your -O4 optimization level for completely native code but pretty damn close to native code. You could do all of your evil pointer chasings, and whatever you want to do as a to-the-metal game developer."[39]


Other IT professionals are more critical of this sandboxing technology as it has substantial or substantive interoperability issues.

Mozilla's vice president of products, Jay Sullivan, said that Mozilla has no plans to run native code inside the browser, as "These native apps are just little black boxes in a webpage. [...] We really believe in HTML, and this is where we want to focus."[40]

Mozilla's Christopher Blizzard criticized NaCl, claiming that native code cannot evolve in the same way that the source code-driven web can. He also compared NaCl to Microsoft's ActiveX technology, plagued with DLL Hell.[3]

Håkon Wium Lie, Opera's CTO, believes that "NaCl seems to be 'yearning for the bad old days, before the web'", and that "Native Client is about building a new platform – or porting an old platform into the web [...] it will bring in complexity and security issues, and it will take away focus from the web platform."[3]

Second Generation

Second Generation of Sandboxing developed in Google is gVisor.[41][42] It is intended to replace NaCl in Google Cloud, to be more exact in Google App Engine.

See also


  1. ^ "Google's Native Client goes live in Chrome". The Register. 2011-09-16. Retrieved 2016-03-12.
  2. ^ "[chrome] Revision 213999".
  3. ^ a b c Cade Metz (12 September 2011). "Google Native Client: The web of the future – or the past?". The Register. Retrieved 17 September 2011.
  4. ^ "ZeroVM Architecture". Retrieved 16 March 2014.
  5. ^ Seth Rosenblatt (9 December 2011). "Native Client turns Chrome into high-end gaming platform". CNET. Retrieved 9 December 2011.
  6. ^ "Google Code Blog: Games, apps and runtimes come to Native Client". 9 December 2011. Retrieved 25 April 2012.
  7. ^ "NaCl and PNaCl".
  8. ^ "". 12 October 2016. Retrieved 12 October 2016.
  9. ^ a b "Goodbye PNaCl, Hello WebAssembly!". Chromium Blog. Retrieved 2017-05-31.
  10. ^ "WebAssembly Migration Guide - Google Chrome". Retrieved 2018-12-20.
  11. ^ "Google Native Client on Google Code". Google. Retrieved 25 April 2012.
  12. ^ davemichael. "GitHub - davemichael/NaCl-Quake: Quake for Native Client (based on the SDL Quake port)". GitHub.
  13. ^ "The Battle for Wesnoth".
  14. ^ "Index of /".
  15. ^
  16. ^ "From Dust".
  17. ^ Chen, Brad (8 December 2008). "Native Client: A Technology for Running Native Code on the Web". Retrieved 25 April 2012.
  18. ^ "The Chromium Blog: Native Client Brings Sandboxed Native Code to Chrome Web Store Apps". 18 August 2011. Retrieved 25 April 2012.
  19. ^ "Google Code Blog: Portable Native Client: The "pinnacle" of speed, security, and portability". 12 November 2013. Retrieved 16 March 2014.
  20. ^ "Google's Native Client goes ARM and beyond". The H. 18 March 2010. Retrieved 19 May 2010.
  21. ^ "PNaCl: Portable Native Client Executables" (PDF). Archived from the original (PDF) on 2 May 2012. Retrieved 25 April 2012.
  22. ^ David Sehr; Robert Muth; Cliff L. Biffle; Victor Khimenko; Egor Pasko; Bennet Yee; Karl Schimpf; Brad Chen (2010). "Adapting Software Fault Isolation to Contemporary CPU Architectures". 19th USENIX Security Symposium. Retrieved 31 July 2011.
  23. ^ a b Bennet Yee; David Sehr; Greg Dardyk; Brad Chen; Robert Muth; Tavis Ormandy; Shiki Okasaka; Neha Narula; Nicholas Fullagar (2009). "Native Client: A Sandbox for Portable, Untrusted x86 Native Code". IEEE Symposium on Security and Privacy (Oakland'09). Retrieved 31 July 2011.
  24. ^ "Native Client: Building". Retrieved 16 March 2014.
  25. ^ "Technical Overview".
  26. ^ "Pepper Plugin API project at". Google. Retrieved 25 April 2012.
  27. ^ "Chrome Source: Index of /trunk/src/ppapi". Retrieved 25 April 2012.
  28. ^ "The road to safer, more stable, and flashier Flash". Google. 8 August 2012. Retrieved 10 August 2013.
  29. ^ Metz, Cade (18 June 2010). "Google hugs Adobe harder with Chrome-PDF merge". The Register. Retrieved 25 April 2012.
  30. ^ "Getting Started: Background and Basics – The Chromium Projects". Retrieved 25 April 2012.
  31. ^ Comment by (24 February 2012). "". Google. Retrieved 25 April 2012.
  32. ^ "Release Notes".
  33. ^ Metz, Cade (13 May 2010). "Google heats up native code for Chrome OS". Retrieved 25 April 2012.
  34. ^ Zbarsky, Boris. "Bug 729481 - Support the "Pepper" Plugin api". Retrieved 15 April 2016.
  35. ^ Metz, Cade (3 October 2016). "Project Mortar". Mozilla. Retrieved 30 October 2016.
  36. ^ "The Go Playground".
  37. ^ "Inside the Go Playground - The Go Blog". Retrieved 2016-08-27.
  38. ^ Austin, Chad (8 January 2011). "Chad Austin: In Defense of Language Democracy (Or: Why the Browser Needs a Virtual Machine)". Retrieved 25 April 2012.
  39. ^ Carmack, John (3 August 2012). "QuakeCon 2012". Retrieved 26 August 2012.
  40. ^ Metz, Cade (24 June 2010). "Mozilla: Our browser will not run native code". The Register. Retrieved 25 April 2012.
  41. ^
  42. ^

External links


ANGLE (software)

ANGLE (Almost Native Graphics Layer Engine) is an open source, BSD-licensed graphics engine abstraction layer developed by Google. The API is mainly designed to bring high-performance OpenGL compatibility to Windows computers and to web browsers such as Chromium by translating OpenGL calls to Direct3D, which has much better driver support. There are two backend renderers for ANGLE: the oldest one uses Direct3D 9.0c, while the newer one uses Direct3D 11.ANGLE is currently used by Google Chrome, Firefox, and the Qt Framework. The engine is also used by Windows 10 for compatibility with apps ported from Android.


ActiveX is a software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide Web. Microsoft introduced ActiveX in 1996. In principle, ActiveX is not dependent on Microsoft Windows operating systems, but in practice, most ActiveX controls only run on Windows. Most also require the client to be running on an x86-based computer because ActiveX controls contain compiled code.ActiveX is still supported as of Windows 10 through Internet Explorer 11, while ActiveX is not supported in their default web browser Microsoft Edge (which has a different, incompatible extension system).


asm.js is a subset of JavaScript designed to allow computer software written in languages such as C to be run as web applications while maintaining performance characteristics considerably better than standard JavaScript, which is the typical language used for such applications.

asm.js consists of a strict subset of JavaScript, to which code written in statically-typed languages with manual memory management (such as C) is translated by a source-to-source compiler such as Emscripten (based on LLVM). Performance is improved by limiting language features to those amenable to ahead-of-time optimization and other performance improvements.

Mozilla Firefox was the first web browser to implement asm.js-specific optimizations, starting with version 22.

Comodo Dragon

Comodo Dragon is a freeware web browser. It is based on Chromium and is produced by Comodo Group. Sporting a similar interface to Google Chrome, Dragon does not implement Chrome's user tracking and some other potentially privacy-compromising features, substituting them for its own user tracking implementations, and provides additional security measures, such as indicating the authenticity and relative strength of a website's SSL certificate.


CrossBridge is an open-source toolset developed by Adobe Systems, that cross-compiles C and C++ code to run in Adobe Flash Player or Adobe AIR. Projects compiled with CrossBridge run up to 10 times faster than ActionScript 3 projects. CrossBridge was also known as "Alchemy" and the "Flash Runtime C++ Compiler", or "FlasCC".CrossBridge uses high-performance memory-access opcodes in the Flash Player (known as "Domain Memory") to work with in-memory data quickly. CrossBridge uses the LLVM and GCC as compiler backends, in order to compile C++ code, optimize it, and transform it to run within AVM2 (the ActionScript Virtual Machine). Programs built with CrossBridge are up to 10 times faster than normal ActionScript code, but up to 2× to 10× slower than native C++ code.CrossBridge can generate Flash Player movies (.swf files), or Flash Libraries (.swc files), which can then be used by larger projects written in ActionScript 3 and compiled using the free Apache Flex SDK (formerly the Adobe Flex SDK). CrossBridge also uses the GPU-based 3D rendering acceleration present in Flash Player 11 (known as Stage3D).Using CrossBridge, Adobe ported OpenGL for use within Flash Player Stage3D and released it as an open-source project in 2012. The Lua programming language (version 5.1) was also ported to run in Flash Player using CrossBridge, and released on Google Code. CrossBridge-compiled projects also enabled running client-side digital signal processing in real-time, including Fast Fourier Transform and Mexican hat wavelet transform.


DOSBox is an emulator program which emulates an IBM PC compatible computer running a DOS operating system. Many IBM PC compatible graphics and sound cards are also emulated. This means that original DOS programs (including PC games) are provided with an environment in which they can run correctly, even though the modern computers have dropped support for that old environment.


Emscripten is a source-to-source compiler that runs as a back end to the LLVM compiler and produces a subset of JavaScript known as asm.js. It can also produce WebAssembly. This allows applications and libraries originally designed to run as standard executables to be integrated into client side web applications. asm.js can be compiled by browsers ahead of time meaning that the compiled programs can run much faster than those traditionally written in JavaScript.

Emscripten has been used to port, among other things, Unreal Engine 3, SQLite, MeshLab, Bullet physics, AutoCAD, and the Qt application framework.


FMOD is a proprietary sound effects engine and authoring tool for video games and applications developed by Firelight Technologies, that play and mix sounds of diverse formats on many operating systems.

GNU C Library

The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library. Despite its name, it now also directly supports C++ (and, indirectly, other programming languages). It was started in the early 1990s by the Free Software Foundation (FSF) for their GNU operating system.

Released under the GNU Lesser General Public License, glibc is free software. The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit and more.


Gaikai (外海, lit. "open sea", i.e. an expansive outdoor space) is an American company which provides technology for the streaming of high-end video games. Founded in 2008, it was acquired by Sony Interactive Entertainment in 2012. Its technology has multiple applications, including in-home streaming over a local wired or wireless network (as in Remote Play between the PlayStation 4 and PlayStation Vita), as well as cloud-based gaming where video games are rendered on remote servers and delivered to end users via internet streaming (such as the PlayStation Now game streaming service.) As a startup, before its acquisition by Sony, the company announced many partners using the technology from 2010 through 2012 including game publishers, web portals, retailers and consumer electronics manufacturers. On July 2, 2012, Sony announced that a formal agreement had been reached to acquire the company for $380 million USD with plans of establishing their own new cloud-based gaming service, as well as integrating streaming technology built by Gaikai into PlayStation products, resulting in PlayStation Now and Remote Play.

Google App Runtime for Chrome

Android Runtime for Chrome (ARC) is a discontinued compatibility layer and sandboxing technology for running Android applications on desktop and laptop computers in an isolated environment. It allowed applications to be safely run from a web browser, independent of user operating system, at near-native speeds. It has since been discontinued after Google developed another method to run Android apps on Chrome OS devices.

Irrlicht Engine

Irrlicht (pronounced [ˈʔɪɐ̯lɪçt] in German) is an open-source game engine written in C++. It is cross-platform, officially running on Windows, macOS, Linux and Windows CE and due to its open nature ports to other systems are available, including FreeBSD, Xbox (up to 1.8.1), PlayStation Portable, Symbian, iPhone and Google Native Client.Irrlicht is known for its small size and compatibility with new and older hardware alike, ease of learning, and a large friendly community. Unofficial bindings for many languages exist including AutoIt, C++Builder, FreeBASIC, GameMaker Language, Java, Lua, .NET, Object Pascal (Delphi), Perl, Python, and Ruby, though most of them have not been maintained for five years or more.

Irrlicht's development began in 2003 with one developer, Nikolaus Gebhardt. Only after the 1.0 release of Irrlicht in 2006 did the team grow to ten members as of 2011, most of them being developers.Irrlicht is a common German term for a will-o'-the-wisp.


Newlib is a C standard library implementation intended for use on embedded systems. It is a conglomeration of several library parts, all under free software licenses that make them easily usable on embedded products.

It was created by Cygnus Support as part of building the first GNU cross-development toolchains. It is now maintained by Red Hat developers Jeff Johnston and Corinna Vinschen, and is used in most commercial and non-commercial GCC ports for non-Linux embedded systems.

SRWare Iron

SRWare Iron is a Chromium-based web browser developed by the German company SRWare. It primarily aims to eliminate usage tracking and other privacy-compromising functionality that the Google Chrome browser includes. While Iron does not provide extra privacy compared to Chromium after proper settings are altered in the latter, it does implement some additional features that distinguish it from Google Chrome.


Sandboxie is a sandbox-based isolation program developed by Sophos (which acquired it from Invincea, which acquired it earlier from the original author Ronen Tzur), for 32- and 64-bit Windows NT-based operating systems. It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive. An isolated virtual environment allows controlled testing of untrusted programs and web surfing.


ShiVa3D is a 3D game engine with a graphical editor designed to create applications and video games for desktop PCs, the web, game consoles and mobile devices. Games made with ShiVa can be exported to over 20 target platforms, with new export targets being added regularly.

Numerous applications have been created using ShiVa, including the Prince of Persia 2 remake for Mobiles and Babel Rising published by Ubisoft.

With ShiVa 2.0, the next version of the Editor is currently under heavy development. ShiVa users with licenses newer than Jan 1st 2012 are invited to download the beta builds, test thoroughly and provide feedback.


WebAssembly (often shortened to Wasm) is a standard that defines a binary format and a corresponding assembly-like text format for executables used by web pages.

The purpose of Wasm is to enable the JavaScript engine of a web browser to execute page scripts nearly as fast as native machine code. But this is not a full replacement for JavaScript; rather, Wasm is only intended for performance-critical portions of page scripts. Wasm code runs in the same sandbox as regular script code, but only regular scripts have direct access to the DOM tree.

The World Wide Web Consortium (W3C) maintains the standard with contributions from Mozilla, Microsoft, Google, and Apple.

XAML Browser Applications

XAML Browser Applications (XBAP, pronounced "ex-bap") are Windows Presentation Foundation (.xbap) applications that are hosted and run inside a web browser such as Firefox or Internet Explorer. Hosted applications run in a partial trust sandbox environment and are not given full access to the computer's resources like opening a new network connection or saving a file to the computer disk and not all WPF functionality is available. The hosted environment is intended to protect the computer from malicious applications; however it can also run in full trust mode by the client changing the permission. Starting an XBAP from an HTML page is seamless (with no security or installation prompt). Although one perceives the application running in the browser, it actually runs in an out-of-process executable (PresentationHost.exe) managed by a virtual machine. In the initial release of .NET Framework 3.0, XBAPs only ran in Internet Explorer. With the release of .NET Framework 3.5 SP1, which includes an XBAP extension, they also run in Mozilla Firefox.


ZeroVM is an open source light-weight virtualization and sandboxing technology. It virtualizes a single process using the Google Native Client platform. Since only a single process is virtualized (instead of a full operating system), the startup overhead is in the order of 5 ms.


This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.