Native Client:本地程序(C/C++和目前不支持的其他程序)沙箱


Native Client 适合纯计算(CPU+内存)本地程序,不适合 创建进程/直接访问文件/无限制访问网络 程序




(2)渲染引擎:调用RenderView::CreatePluginDelegate函数,创建一个针对application/x-nacl-srpc类型的NaCl插件。同时验证浏览器是否打开了Native Client功能,如果没有则阻止创建NaCl插件。










创建一个channel5的已连接socket对,创建一个Chrome IPC 通道。创建一个加载器进程,之后触发NaClProcessHost::OnProcessLaunched回调函数,发送一个ViewHostMsg_LaunchNacl消息,包含channel5句柄、加载器进程ID和加载进程句柄。之后再发送NaClProcessMsg_Start消息,这时,NaCl插件和加载器有了彼此的channel5句柄,可以相互通信了。







Native Client目前支持2D图形、立体音频、URL获取、沙箱化的本地文件访问和与JavaScript的异步消息通信








Native Client线程通过PepperAPI与浏览器的代理线程通信







To the Native Client runtime system, a Native Client module is simply a set of machine code, formatted to adhere to a few special rules. No matter whether the code starts out as C or C++ or any other language, the Native Client runtime system performs the steps shown in the following figure:

To ensure that system resources are untouched, the Native Client runtime system prevents the following unsafe activities:

  • Manipulating devices or files directly (instead, a special file system API is provided)
  • Directly accessing the operating system
  • Using self-modifying code to hide the code's intent (such as attempts to write to protected memory)

Native Client is ideal for application components requiring pure computation. It is not appropriate for modules requiring process creation, direct file system access, or unrestricted access to the network

Native Client executes code that is compiled by a special compiler that prevents you from using certain types of operations and provides some sandboxing and such; it is intended to allow you to write native code but still enforce many of the security restrictions that the browser already follows. For things that are possible, it's great -- as long as you can get it to work in the browser you want to use. Currently it's supported by Google Chrome, but I haven't heard for sure that it works in any other browser.

Conversely, with NPAPI or ActiveX (and see FireBreath which allows you to target both types simultaneously) you write native code and do more or less anything that a normal application could do (except in IE on Vista/Win7 w/ UAC enabled where you are in low integrity mode).

The biggest disadvantage to NaCl is probably that you can't access hardware; since it's sandboxed, you're a bit more limited as to what networking things you can do and a lot more limited as to what devices you can interface with.


Java’s security measures are chaperones. They’re always there and always checking your actions. NaCl’s mechanisms are just rules. They’re checked once, and then the program is on its own. NaCl promises to be faster than Java


running a subset of Intel x86 or ARM native code using software-based fault isolation


Native Client is specifically designed to run native code securely inside web browsers, it puts web applications on "the same playing field" as local applications, providing the raw speed needed to compete with traditional software on 3D games, video editing, and more


"If we're successful with this [Native Client] project, we will make other languages more useful in the context of the web. We want to create a system that gives languages like C and C++ – but eventually others as well – the same excellent level of portability and safety that JavaScript provides on the web today."

Native Client is a software "sandbox" meant to securely run native code inside a browser

native languages such as C and C++ – which have access to a machine's underlying components – were not. Native Client seeks to add such protection.





With the 32-bit x86 instruction set, Native Client uses the segment registers to restrict where in memory a program can read and write data and to ensure that a program doesn't jump to code outside a certain range of memory. But it also includes a modifiedcompiler and a code verifier that work to keep code jumps in line???????????????

An ordinary program will read a data value from memory into a register and then jump to the address that value represents. But with Native Client, the compiler performs a bit of arithmetic on that value before the jump to ensure it doesn't target bad instructions, and then the code verifier double-checks the compiler's work.

This proposition fits quite nicely with Chrome OS, the fledgling Google operating system that puts all applications inside the browser. With Chrome OS, running existing 3D games and other desktop applications isn't really an option. But the Native Client project pre-dates Google's operating system effort, and the ultimate goal is to bring a new breed of applications to the entire web.????????????????????

"Our goal is to have an execution arm that can have no side effects – zero interaction with the outside world – and that's what we think we have achieved with the sandbox," says Brad Chen. "But the thing is that if you can't interact with the outside world, including the browser, you can't actually do anything. That's where these Pepper interfaces come in. They're designed to expose to Native Client exactly what is also being exposed via JavaScript."


native code’s primary benefit lies in memory layout and access patterns, not instruction set benefits such as SIMD



