[Ozone-Drm] Add support for async content protection
[chromium-blink-merge.git] / native_client_sdk / doc_generated / faq.html
blob8b05b15e31ef9e7f0737f766d526b7f48fecb2f7
1 {{+bindTo:partials.standard_nacl_article}}
3 <section id="frequently-asked-questions">
4 <h1 id="frequently-asked-questions">Frequently Asked Questions</h1>
5 <div class="contents local" id="contents" style="display: none">
6 <ul class="small-gap">
7 <li><p class="first"><a class="reference internal" href="#what-is-native-client-good-for" id="id1">What is Native Client Good For?</a></p>
8 <ul class="small-gap">
9 <li><a class="reference internal" href="#why-did-google-build-native-client" id="id2">Why did Google build Native Client?</a></li>
10 <li><a class="reference internal" href="#when-should-i-use-portable-native-client-instead-of-native-client" id="id3">When should I use Portable Native Client instead of Native Client?</a></li>
11 <li><a class="reference internal" href="#when-should-i-use-portable-native-client-native-client" id="id4">When should I use Portable Native Client / Native Client?</a></li>
12 <li><a class="reference internal" href="#how-fast-does-code-run-in-portable-native-client" id="id5">How fast does code run in Portable Native Client?</a></li>
13 <li><a class="reference internal" href="#why-use-portable-native-client-instead-of-technology-x" id="id6">Why use Portable Native Client instead of <em>&lt;technology X&gt;</em>?</a></li>
14 <li><a class="reference internal" href="#if-i-want-direct-access-to-the-os-should-i-use-native-client" id="id7">If I want direct access to the OS, should I use Native Client?</a></li>
15 </ul>
16 </li>
17 <li><p class="first"><a class="reference internal" href="#development-environments-and-tools" id="id8">Development Environments and Tools</a></p>
18 <ul class="small-gap">
19 <li><a class="reference internal" href="#what-development-environment-and-development-operating-system-do-you-recommend" id="id9">What development environment and development operating system do you recommend?</a></li>
20 <li><a class="reference internal" href="#i-m-not-familiar-with-native-development-tools-can-i-still-use-the-native-client-sdk" id="id10">I&#8217;m not familiar with native development tools, can I still use the Native Client SDK?</a></li>
21 </ul>
22 </li>
23 <li><p class="first"><a class="reference internal" href="#openness-and-supported-architectures-and-languages" id="id11">Openness, and Supported Architectures and Languages</a></p>
24 <ul class="small-gap">
25 <li><a class="reference internal" href="#is-native-client-open-is-it-a-standard" id="id12">Is Native Client open? Is it a standard?</a></li>
26 <li><a class="reference internal" href="#how-can-i-contribute-to-native-client" id="id13">How can I contribute to Native Client?</a></li>
27 <li><a class="reference internal" href="#what-are-the-supported-instruction-set-architectures" id="id14">What are the supported instruction set architectures?</a></li>
28 <li><a class="reference internal" href="#do-i-have-to-use-c-or-c-i-d-really-like-to-use-another-language" id="id15">Do I have to use C or C++? I&#8217;d really like to use another language.</a></li>
29 <li><a class="reference internal" href="#do-you-only-support-chrome-what-about-other-browsers" id="id16">Do you only support Chrome? What about other browsers?</a></li>
30 <li><a class="reference internal" href="#what-s-the-difference-between-npapi-and-pepper" id="id17">What&#8217;s the difference between NPAPI and Pepper?</a></li>
31 <li><a class="reference internal" href="#is-npapi-part-of-the-native-client-sdk" id="id18">Is NPAPI part of the Native Client SDK?</a></li>
32 <li><a class="reference internal" href="#does-native-client-support-simd-vector-instructions" id="id19">Does Native Client support SIMD vector instructions?</a></li>
33 <li><a class="reference internal" href="#can-i-use-native-client-for-3d-graphics" id="id20">Can I use Native Client for 3D graphics?</a></li>
34 <li><a class="reference internal" href="#does-native-client-support-concurrency-parallelism" id="id21">Does Native Client support concurrency/parallelism?</a></li>
35 </ul>
36 </li>
37 <li><p class="first"><a class="reference internal" href="#coming-soon" id="id22">Coming Soon</a></p>
38 <ul class="small-gap">
39 <li><a class="reference internal" href="#do-native-client-modules-have-access-to-external-devices" id="id23">Do Native Client modules have access to external devices?</a></li>
40 </ul>
41 </li>
42 <li><p class="first"><a class="reference internal" href="#security-and-privacy" id="id24">Security and Privacy</a></p>
43 <ul class="small-gap">
44 <li><a class="reference internal" href="#what-happens-to-my-data-when-i-use-native-client" id="id25">What happens to my data when I use Native Client?</a></li>
45 <li><a class="reference internal" href="#how-does-native-client-prevent-sandboxed-code-from-doing-bad-things" id="id26">How does Native Client prevent sandboxed code from doing Bad Things?</a></li>
46 <li><a class="reference internal" href="#how-does-google-know-that-the-safety-measures-in-native-client-are-sufficient" id="id27">How does Google know that the safety measures in Native Client are sufficient?</a></li>
47 </ul>
48 </li>
49 <li><p class="first"><a class="reference internal" href="#development" id="id28">Development</a></p>
50 <ul class="small-gap">
51 <li><a class="reference internal" href="#how-do-i-debug" id="id29">How do I debug?</a></li>
52 <li><a class="reference internal" href="#how-do-i-build-x86-32-x86-64-or-arm-nexes" id="id30">How do I build x86-32, x86-64 or ARM <code>.nexes</code>?</a></li>
53 <li><a class="reference internal" href="#how-can-my-web-application-determine-which-nexe-to-load" id="id31">How can my web application determine which <code>.nexe</code> to load?</a></li>
54 <li><a class="reference internal" href="#is-it-possible-to-build-a-native-client-module-with-just-plain-c-not-c" id="id32">Is it possible to build a Native Client module with just plain C (not C++)?</a></li>
55 <li><a class="reference internal" href="#what-unix-system-calls-can-i-make-through-native-client" id="id33">What UNIX system calls can I make through Native Client?</a></li>
56 <li><a class="reference internal" href="#is-my-favorite-third-party-library-available-for-native-client" id="id34">Is my favorite third-party library available for Native Client?</a></li>
57 <li><a class="reference internal" href="#do-all-the-files-in-an-application-need-to-be-served-from-the-same-domain" id="id35">Do all the files in an application need to be served from the same domain?</a></li>
58 </ul>
59 </li>
60 <li><p class="first"><a class="reference internal" href="#portability" id="id36">Portability</a></p>
61 <ul class="small-gap">
62 <li><a class="reference internal" href="#do-i-have-to-do-anything-special-to-make-my-application-run-on-different-operating-systems" id="id37">Do I have to do anything special to make my application run on different operating systems?</a></li>
63 <li><a class="reference internal" href="#how-easy-is-it-to-port-my-existing-native-code-to-native-client" id="id38">How easy is it to port my existing native code to Native Client?</a></li>
64 </ul>
65 </li>
66 <li><p class="first"><a class="reference internal" href="#troubleshooting" id="id39">Troubleshooting</a></p>
67 <ul class="small-gap">
68 <li><a class="reference internal" href="#my-pexe-isn-t-loading-help" id="id40">My <code>.pexe</code> isn&#8217;t loading, help!</a></li>
69 <li><a class="reference internal" href="#my-nexe-files-never-finish-loading-what-gives" id="id41">My <code>.nexe</code> files never finish loading. What gives?</a></li>
70 </ul>
71 </li>
72 </ul>
74 </div><p>This document answers some frequently asked questions about Native
75 Client (NaCl) and Portable Native Client (PNaCl, pronounced
76 &#8220;pinnacle&#8221;). For a high-level overview of Native Client, see the
77 <a class="reference internal" href="/native-client/overview.html"><em>Technical Overview</em></a>.</p>
78 <p>If you have questions that aren&#8217;t covered in this FAQ:</p>
79 <ul class="small-gap">
80 <li>Scan through the <a class="reference internal" href="/native-client/sdk/release-notes.html"><em>Release Notes</em></a>.</li>
81 <li>Search through or ask on the <a class="reference internal" href="/native-client/help.html"><em>Native Client Forums</em></a>.</li>
82 </ul>
83 <h2 id="what-is-native-client-good-for">What is Native Client Good For?</h2>
84 <h3 id="why-did-google-build-native-client">Why did Google build Native Client?</h3>
85 <ul class="small-gap">
86 <li><strong>Performance:</strong> Native Client modules run nearly as fast as native
87 compiled code.</li>
88 <li><strong>Security:</strong> Native Client lets users run native compiled code in the
89 browser with the same level of security and privacy as traditional web
90 applications.</li>
91 <li><p class="first"><strong>Convenience:</strong></p>
92 <ul class="small-gap">
93 <li>Developers can leverage existing code, written in C/C++ or other
94 languages, in their applications without forcing users to install a
95 plugin.</li>
96 <li>This code can interact with the embedding web page as part of an
97 HTML and JavaScript web application, or it can be a self-contained
98 and immersive experience.</li>
99 </ul>
100 </li>
101 <li><p class="first"><strong>Portability:</strong> Native Client and Portable Native Client applications
102 can execute on:</p>
103 <ul class="small-gap">
104 <li>The Windows, Mac, Linux or ChromeOS operating systems.</li>
105 <li>Processors with the x86-32, x86-64, or ARM instruction set
106 architectures. Native Client also has experimental support for MIPS.</li>
107 </ul>
108 </li>
109 </ul>
110 <p>Portable Native client further enhances the above:</p>
111 <ul class="small-gap">
112 <li><strong>Performance:</strong> Each PNaCl release brings with it more performance
113 enhancements. Already-released applications get faster over time,
114 conserving user&#8217;s battery.</li>
115 <li><strong>Security:</strong> Users are kept secure with an ever-improving sandbox
116 model which adapts to novel attacks, without affecting
117 already-released applications.</li>
118 <li><strong>Convenience:</strong> Developers only need to ship a single <code>.pexe</code> file,
119 not one <code>.nexe</code> file per supported architecture.</li>
120 <li><strong>Portability:</strong> Developers and users don&#8217;t need to worry about
121 already-released applications not working on new hardware: PNaCl
122 already supports all architectures NaCl does, and as PNaCl evolves it
123 gains support for new processors and fully uses their capabilities.</li>
124 </ul>
125 <p>For more details, refer to the <a class="reference internal" href="/native-client/nacl-and-pnacl.html"><em>history behind and comparison of
126 NaCl and PNaCl</em></a>.</p>
127 <h3 id="when-should-i-use-portable-native-client-instead-of-native-client">When should I use Portable Native Client instead of Native Client?</h3>
128 <p>See <a class="reference internal" href="/native-client/nacl-and-pnacl.html"><em>NaCl and PNaCl</em></a>. In short: PNaCl works on the Open
129 Web platform delivered by Chrome whereas NaCl only works on the Chrome Web
130 Store.</p>
131 <h3 id="when-should-i-use-portable-native-client-native-client">When should I use Portable Native Client / Native Client?</h3>
132 <p>The following are some typical use cases. For details, see the
133 <a class="reference internal" href="/native-client/overview.html"><em>Technical Overview</em></a>.</p>
134 <ul class="small-gap">
135 <li>Porting existing applications or software components, written in C/C++ or
136 virtual machines written in C/C++, for use in a web application.</li>
137 <li><p class="first">Using compute-intensive applications, including threads and SIMD, such as:</p>
138 <ul class="small-gap">
139 <li>Scientific computing.</li>
140 <li>Handling multimedia for a web application.</li>
141 <li>Various aspects of web-based games, including physics engines and AI.</li>
142 </ul>
143 </li>
144 <li>Running untrusted code on a server or within an application (such as a plugin
145 system for a game).</li>
146 </ul>
147 <p>Portable Native Client and Native Client are versatile technologies which are
148 used in many other contexts outside of Chrome.</p>
149 <h3 id="how-fast-does-code-run-in-portable-native-client">How fast does code run in Portable Native Client?</h3>
150 <p>Fast! The SPEC2k benchmarks (C, C++ and floating-point benchmarks) give
151 the following overhead for optimized PNaCl compared to regular optimized
152 LLVM:</p>
153 <table border="1" class="docutils">
154 <colgroup>
155 </colgroup>
156 <tbody valign="top">
157 <tr class="row-odd"><td>x86-32</td>
158 <td>15%</td>
159 </tr>
160 <tr class="row-even"><td>x86-64</td>
161 <td>25%</td>
162 </tr>
163 <tr class="row-odd"><td>ARM</td>
164 <td>10%</td>
165 </tr>
166 </tbody>
167 </table>
168 <p>Note that benchmark performance is sometimes bimodal, so different use
169 cases are likely to achieve better or worse performance than the above
170 averages. For example floating-point heavy code usually exhibits much
171 lower overheads whereas very branch-heavy code often performs worse.</p>
172 <p>Note that PNaCl supports performance features that are often used in
173 native code such as <a class="reference internal" href="/native-client/reference/pnacl-c-cpp-language-support.html#language-support-threading"><em>threading</em></a> and
174 <a class="reference internal" href="/native-client/reference/pnacl-c-cpp-language-support.html#portable-simd-vectors"><em>Portable SIMD Vectors</em></a>.</p>
175 <p>For details, see:</p>
176 <ul class="small-gap">
177 <li><a class="reference external" href="https://www.youtube.com/watch?v=675znN6tntw&amp;list=PLOU2XLYxmsIIwGK7v7jg3gQvIAWJzdat_">PNaCl SIMD: Speed on the Web</a>.</li>
178 <li><a class="reference external" href="https://nativeclient.googlecode.com/svn/data/site/NaCl_SFI.pdf">Adapting Software Fault Isolation to Contemporary CPU Architectures</a> (PDF).</li>
179 <li><a class="reference external" href="http://research.google.com/pubs/pub34913.html">Native Client: A Sandbox for Portable, Untrusted x86 Code</a> (PDF).</li>
180 </ul>
181 <p>If your code isn&#8217;t performing as close to native speed as you&#8217;d expect,
182 <a class="reference internal" href="/native-client/help.html"><em>let us know</em></a>!</p>
183 <h3 id="why-use-portable-native-client-instead-of-technology-x">Why use Portable Native Client instead of <em>&lt;technology X&gt;</em>?</h3>
184 <p>Many other technologies can be compared to Portable Native Client:
185 Flash, Java, Silverlight, ActiveX, .NET, asm.js, etc...</p>
186 <p>Different technologies have different strengths and weaknesses. In
187 appropriate contexts, Portable Native Client can be faster, more secure,
188 and/or more compatible across operating systems and architectures than
189 other technologies.</p>
190 <p>Portable Native Client complement other technologies by giving web
191 developers a new capability: the ability to run fast, secure native code
192 from a web browser in an architecture-independent way.</p>
193 <h3 id="if-i-want-direct-access-to-the-os-should-i-use-native-client">If I want direct access to the OS, should I use Native Client?</h3>
194 <p>No&#8212;Native Client does not provide direct access to the OS or devices,
195 or otherwise bypass the JavaScript security model. For more information,
196 see later sections of this FAQ.</p>
197 <h2 id="development-environments-and-tools">Development Environments and Tools</h2>
198 <h3 id="what-development-environment-and-development-operating-system-do-you-recommend">What development environment and development operating system do you recommend?</h3>
199 <p>You can develop on Windows, Mac, or Linux, and the resulting Native Client or
200 Portable Native Client application will run inside the Google Chrome browser on
201 all those platforms as well as ChromeOS. You can also develop on ChromeOS with
202 <a class="reference external" href="https://github.com/dnschneid/crouton">Crouton</a> or our <a class="reference external" href="https://www.youtube.com/watch?v=OzNuzBDEWzk&amp;list=PLOU2XLYxmsIIwGK7v7jg3gQvIAWJzdat_">experimental development environment which runs within NaCl</a>,
203 and we&#8217;re working on self-hosting a full development environment on Portable
204 Native Client.</p>
205 <p>Any editor+shell combination should work as well as IDEs like Eclipse,
206 Visual Studio with the <a class="reference internal" href="/native-client/devguide/devcycle/vs-addin.html"><em>Native Client Add-In</em></a> on Windows, or Xcode on Mac OSX.</p>
207 <h3 id="i-m-not-familiar-with-native-development-tools-can-i-still-use-the-native-client-sdk">I&#8217;m not familiar with native development tools, can I still use the Native Client SDK?</h3>
208 <p>You may find our <a class="reference internal" href="/native-client/devguide/tutorial/index.html"><em>Tutorial</em></a> and <a class="reference internal" href="/native-client/devguide/devcycle/building.html"><em>Building
209 instructions</em></a> useful, and you can look at
210 the code and Makefiles for the SDK examples to understand how the
211 examples are built and run.</p>
212 <p>You&#8217;ll need to learn how to use some tools (like GCC, LLVM, make, Eclipse,
213 Visual Studio, or Xcode) before you can get very far with the SDK. Try seaching
214 for an <a class="reference external" href="https://www.google.com/search?q=gcc+introduction">introduction to GCC</a>.</p>
215 <h2 id="openness-and-supported-architectures-and-languages">Openness, and Supported Architectures and Languages</h2>
216 <h3 id="is-native-client-open-is-it-a-standard">Is Native Client open? Is it a standard?</h3>
217 <p>Native Client is completely open: the executable format is open and the
218 <a class="reference external" href="https://code.google.com/p/nativeclient/">source code is open</a>. Right
219 now the Native Client project is in its early stages, so it&#8217;s premature
220 to consider Native Client for standardization.</p>
221 <p>We consistenly try to document our design and implementation and hope to
222 standardize Portable Native Client when it gains more traction. A good
223 example is our <a class="reference internal" href="/native-client/reference/pnacl-bitcode-abi.html"><em>PNaCl bitcode reference manual</em></a>.</p>
224 <h3 id="how-can-i-contribute-to-native-client">How can I contribute to Native Client?</h3>
225 <p>Read about <a class="reference internal" href="/native-client/reference/ideas.html"><em>contributor ideas</em></a>.</p>
226 <h3 id="what-are-the-supported-instruction-set-architectures">What are the supported instruction set architectures?</h3>
227 <p>Portable Native Client uses an architecture-independent format (the
228 <code>.pexe</code>) which can currently be translated to execute on processors
229 with the x86-32, x86-64, and ARM instruction set architectures, as well
230 as experimental support for MIPS. As new architectures come along and
231 become popular we expect Portable Native Client to support them without
232 developers having to recompile their code.</p>
233 <p>Native Client can currently execute on the same architectures as
234 Portable Native Client but is only supported on the Chrome Web
235 Store. Native Client&#8217;s <code>.nexe</code> files are architecture-dependent and
236 cannot adapt to new architectures without recompilation, we therefore
237 deem them better suited to a web store than to the open web.</p>
238 <p>With Portable Native Client we deliver a system that has comparable
239 portability to JavaScript and can adapt to new instruction set
240 architectures without requiring recompilation. The web is better when
241 it&#8217;s platform-independent, and we&#8217;d like it to stay that way.</p>
242 <h3 id="do-i-have-to-use-c-or-c-i-d-really-like-to-use-another-language"><span id="other-languages"></span>Do I have to use C or C++? I&#8217;d really like to use another language.</h3>
243 <p>Right now only C and C++ are supported directly by the toolchain in the SDK. C#
244 and other languages in the .NET family are supported via the <a class="reference external" href="https://github.com/elijahtaylor/mono">Mono port</a> for
245 Native Client. Moreover, there are several ongoing projects to support
246 additional language runtimes (e.g. <a class="reference external" href="https://code.google.com/p/naclports/source/browse#svn%2Ftrunk%2Fsrc%2Fexamples%2Ftools">naclports supports Lua, Python and Ruby</a>)
247 as well as to compile more languages to LLVM&#8217;s intermediate representation
248 (e.g. support <a class="reference external" href="http://halide-lang.org/">Halide</a>, Haskell with <a class="reference external" href="http://www.haskell.org/ghc/docs/latest/html/users_guide/code-generators.html">GHC</a> or support Fortran with <a class="reference external" href="https://flang-gsoc.blogspot.ie/2013/09/end-of-gsoc-report.html">flang</a>), or
249 transpile languages to C/C++ (source-to-source compilation). Even JavaScript is
250 supported by compiling <a class="reference external" href="https://code.google.com/p/v8/">V8</a> to target PNaCl.</p>
251 <p>The PNaCl toolchain is built on LLVM and can therefore generate code from
252 languages such as <a class="reference external" href="http://www.rust-lang.org/">Rust</a>, <a class="reference external" href="https://golang.org">Go</a>, or Objective-C, but there may still be a few rough
253 edges.</p>
254 <p>If you&#8217;re interested in getting other languages working, please contact the
255 Native Client team by way of the <a class="reference external" href="https://groups.google.com/group/native-client-discuss">native-client-discuss</a> mailing list, and read
256 through <a class="reference internal" href="/native-client/reference/ideas.html"><em>contributor ideas</em></a>.</p>
257 <h3 id="do-you-only-support-chrome-what-about-other-browsers">Do you only support Chrome? What about other browsers?</h3>
258 <p>We aim to support multiple browsers. However, a number of features that
259 we consider requirements for a production-quality system that keeps the
260 user safe are difficult to implement without help from the
261 browser. Specific examples are an out-of-process plugin architecture and
262 appropriate interfaces for integrated 3D graphics. We have worked
263 closely with Chromium developers to deliver these features and we are
264 eager to collaborate with developers from other browsers.</p>
265 <h3 id="what-s-the-difference-between-npapi-and-pepper">What&#8217;s the difference between NPAPI and Pepper?</h3>
266 <p><a class="reference internal" href="/native-client/pepper_stable/index.html"><em>Pepper</em></a> (also known as PPAPI) is a new API that
267 lets Native Client modules communicate with the browser. Pepper supports
268 various features that don&#8217;t have robust support in NPAPI, such as event
269 handling, out-of-process plugins, and asynchronous interfaces. Native
270 Client has transitioned from using NPAPI to using Pepper.</p>
271 <h3 id="is-npapi-part-of-the-native-client-sdk">Is NPAPI part of the Native Client SDK?</h3>
272 <p>NPAPI is not supported by the Native Client SDK, and is <a class="reference external" href="http://blog.chromium.org/2013/09/saying-goodbye-to-our-old-friend-npapi.html">deprecated in Chrome</a>.</p>
273 <h3 id="does-native-client-support-simd-vector-instructions">Does Native Client support SIMD vector instructions?</h3>
274 <p>Portable Native Client supports portable SIMD vectors, as detailed in
275 <a class="reference internal" href="/native-client/reference/pnacl-c-cpp-language-support.html#portable-simd-vectors"><em>Portable SIMD Vectors</em></a>.</p>
276 <p>Native Client supports SSE, AVX1, FMA3 and AVX2 (except for <cite>VGATHER</cite>) on x86
277 and NEON on ARM.</p>
278 <h3 id="can-i-use-native-client-for-3d-graphics">Can I use Native Client for 3D graphics?</h3>
279 <p>Yes. Native Client supports <a class="reference external" href="https://www.khronos.org/opengles/">OpenGL ES 2.0</a>.</p>
280 <p>To alert the user regarding their hardware platform&#8217;s 3D feature set
281 before loading a large NaCl application, see <a class="reference internal" href="/native-client/devguide/coding/3D-graphics.html"><em>Vetting the driver in
282 Javascript</em></a>.</p>
283 <p>Some GL extensions are exposed to Native Client applications, see the <a class="reference external" href="https://code.google.com/p/chromium/codesearch#chromium/src/ppapi/lib/gl/gles2/gles2.c">GLES2
284 file</a>. This file is part of the GL wrapper supplied by the library
285 <code>ppapi_gles2</code> which you&#8217;ll want to include in your project. In most cases
286 extensions map to extensions available on other platforms, or differ very
287 slightly (if they differ, the extension is usually CHROMIUM or ANGLE instead of
288 EXT).</p>
289 <h3 id="does-native-client-support-concurrency-parallelism">Does Native Client support concurrency/parallelism?</h3>
290 <p>Native Client and Portable Native Client both support pthreads,
291 C11/C++11 threads, and low-level synchronization primitives (mutex,
292 barriers, atomic read/modify/write, compare-and-exchange, etc...), thus
293 allowing your Native Client application to utilize several CPU cores.
294 Note that this allows you to modify datastructures concurrently without
295 needing to copy them, which is often a limitation of shared-nothing
296 systems. For more information see <a class="reference internal" href="/native-client/reference/pnacl-c-cpp-language-support.html#memory-model-and-atomics"><em>memory model and atomics</em></a> and <a class="reference internal" href="/native-client/reference/pnacl-c-cpp-language-support.html#language-support-threading"><em>threading</em></a>.</p>
297 <p>Native Client doesn&#8217;t support HTML5 Web Workers directly but can
298 interact with JavaScript code which does.</p>
299 <h2 id="coming-soon">Coming Soon</h2>
300 <h3 id="do-native-client-modules-have-access-to-external-devices">Do Native Client modules have access to external devices?</h3>
301 <p>At this time Native Client modules do not have access to serial ports,
302 camera devices, or microphones: Native Client can only use native
303 resources that today&#8217;s browsers can access. However, we intend to
304 recommend such features to the standards bodies and piggyback on their
305 efforts to make these resources available inside the browser.</p>
306 <p>You can generally think of Pepper as the C/C++ bindings to the
307 capabilities of HTML5. The goal is for Pepper and JavaScript to evolve
308 together and stay on par with each other with respect to features and
309 capabilities.</p>
310 <h2 id="security-and-privacy">Security and Privacy</h2>
311 <h3 id="what-happens-to-my-data-when-i-use-native-client">What happens to my data when I use Native Client?</h3>
312 <p>Users can opt-in to sending usage statistics and crash information in
313 Chrome, which includes usage statistics and crash information about
314 Native Client. Crashes in your code won&#8217;t otherwise send your
315 information to Google: Google counts the number of such crashes, but
316 does so anonymously without sending your application&#8217;s data or its debug
317 information.</p>
318 <p>For additional information about privacy and Chrome, see the <a class="reference external" href="https://www.google.com/chrome/intl/en/privacy.html">Google Chrome
319 privacy policy</a> and the <a class="reference external" href="https://www.google.com/chrome/intl/en/eula_text.html">Google Chrome Terms of Service</a>.</p>
320 <h3 id="how-does-native-client-prevent-sandboxed-code-from-doing-bad-things">How does Native Client prevent sandboxed code from doing Bad Things?</h3>
321 <p>Native Client&#8217;s sandbox works by validating the untrusted code (the
322 compiled Native Client module) before running it. The validator checks
323 the following:</p>
324 <ul class="small-gap">
325 <li><strong>Data integrity:</strong> No loads or stores are permitted outside of the
326 data sandbox. In particular this means that once loaded into memory,
327 the binary is not writable. This is enforced by operating system
328 protection mechanisms. While new instructions can be inserted at
329 runtime to support things like JIT compilers, such instructions will
330 be subject to runtime verification according to the following
331 constraints before they are executed.</li>
332 <li><strong>No unsafe instructions:</strong> The validator ensures that the Native
333 Client application does not contain any unsafe instructions. Examples
334 of unsafe instructions are <code>syscall</code>, <code>int</code>, and <code>lds</code>.</li>
335 <li><strong>Control flow integrity:</strong> The validator ensures that all direct and
336 indirect branches target a safe instruction.</li>
337 </ul>
338 <p>The beauty of the Native Client sandbox is in reducing &#8220;safe&#8221; code to a
339 few simple rules that can be verified by a small trusted validator: the
340 compiler isn&#8217;t trusted. The same applies to Portable Native Client where
341 even the <code>.pexe</code> to <code>.nexe</code> translator, a simplified compiler
342 backend, isn&#8217;t trusted: it is validated before executing, and so is its
343 output.</p>
344 <p>In addition to static analysis of untrusted code, the Native Client runtime also
345 includes an outer sandbox that mediates system calls. For more details about
346 both sandboxes, see <a class="reference external" href="http://research.google.com/pubs/pub34913.html">Native Client: A Sandbox for Portable, Untrusted x86 Code</a>
347 (PDF).</p>
348 <h3 id="how-does-google-know-that-the-safety-measures-in-native-client-are-sufficient">How does Google know that the safety measures in Native Client are sufficient?</h3>
349 <p>Google has taken several steps to ensure that Native Client&#8217;s security works,
350 including:</p>
351 <ul class="small-gap">
352 <li>Open source, peer-reviewed papers describing the design.</li>
353 <li>A <a class="reference internal" href="/native-client/community/security-contest/index.html"><em>security contest</em></a>.</li>
354 <li>Multiple internal and external security reviews.</li>
355 <li>The ongoing vigilance of our engineering and developer community.</li>
356 </ul>
357 <p>Google is committed to making Native Client safer than JavaScript and other
358 popular browser technologies. If you have suggestions for security improvements,
359 let the team know, by way of the <a class="reference external" href="https://groups.google.com/group/native-client-discuss">native-client-discuss</a> mailing list.</p>
360 <h2 id="development">Development</h2>
361 <h3 id="how-do-i-debug">How do I debug?</h3>
362 <p>Instructions on <a class="reference internal" href="/native-client/sdk/examples.html#debugging-the-sdk-examples"><em>debugging the SDK examples</em></a> using GDB are available. You can also
363 debug Native Client modules with some <a class="reference internal" href="/native-client/devguide/devcycle/debugging.html"><em>alternative approaches</em></a>.</p>
364 <h3 id="how-do-i-build-x86-32-x86-64-or-arm-nexes">How do I build x86-32, x86-64 or ARM <code>.nexes</code>?</h3>
365 <p>By default, the applications in the <code>/examples</code> folder create
366 architecture-independent <code>.pexe</code> for Portable Native Client. To
367 generate a <code>.nexe</code> targetting one specific architecture using the
368 Native Client or Portable Native Client toolchains, see the
369 <a class="reference internal" href="/native-client/devguide/devcycle/building.html"><em>Building instructions</em></a>.</p>
370 <h3 id="how-can-my-web-application-determine-which-nexe-to-load">How can my web application determine which <code>.nexe</code> to load?</h3>
371 <p>Your application does not need to make the decision of loading an
372 x86-32, x86-64 or ARM <code>.nexe</code> explicitly&#8212;the Native Client runtime
373 examines a manifest file (<code>.nmf</code>) to pick the right <code>.nexe</code> file for
374 a given user. You can generate a manifest file using a Python script
375 that&#8217;s included in the SDK (see the <code>Makefile</code> in any of the SDK
376 examples for an illustration of how to do so). Your HTML file specifies
377 the manifest filename in the <code>src</code> attribute of the <code>&lt;embed&gt;</code>
378 tag. You can see the way the pieces fit together by examining the
379 examples included in the SDK.</p>
380 <h3 id="is-it-possible-to-build-a-native-client-module-with-just-plain-c-not-c">Is it possible to build a Native Client module with just plain C (not C++)?</h3>
381 <p>Yes. See the <code>&quot;Hello, World!&quot;</code> in C example in the SDK under
382 <code>examples/tutorial/using_ppapi_simple/</code>, or the Game of Life example
383 under <code>examples/demo/life/life.c</code>.</p>
384 <h3 id="what-unix-system-calls-can-i-make-through-native-client">What UNIX system calls can I make through Native Client?</h3>
385 <p>Native Client doesn&#8217;t directly expose any system calls from the host OS
386 because of the inherent security risks and because the resulting
387 application would not be portable across operating systems. Instead,
388 Native Client provides portable cross-OS abstractions wrapping or
389 proxying OS functionality or emulating UNIX system calls. For example,
390 Native Client provides an <code>mmap()</code> system call that behaves much like
391 the standard UNIX <code>mmap()</code> system call.</p>
392 <h3 id="is-my-favorite-third-party-library-available-for-native-client">Is my favorite third-party library available for Native Client?</h3>
393 <p>Google has ported several third-party libraries to Native Client; such libraries
394 are available in the <a class="reference external" href="https://code.google.com/p/naclports">naclports</a> project. We encourage you to contribute
395 libraries to naclports, and/or to host your own ported libraries, and to let the
396 team know about it on <a class="reference external" href="https://groups.google.com/group/native-client-discuss">native-client-discuss</a> when you do. You can also read
397 through <a class="reference internal" href="/native-client/reference/ideas.html"><em>contributor ideas</em></a> to find ideas of new projects
398 to port.</p>
399 <h3 id="do-all-the-files-in-an-application-need-to-be-served-from-the-same-domain">Do all the files in an application need to be served from the same domain?</h3>
400 <p>The <code>.nmf</code>, and <code>.nexe</code> or <code>.pexe</code> files must either be served from the
401 same origin as the embedding page or an origin that has been configured
402 correctly using <a class="reference external" href="http://en.wikipedia.org/wiki/Cross-origin_resource_sharing">CORS</a>.</p>
403 <p>For applications installed from the Chrome Web Store the Web Store manifest
404 must include the correct, verified domain of the embedding page.</p>
405 <h2 id="portability">Portability</h2>
406 <h3 id="do-i-have-to-do-anything-special-to-make-my-application-run-on-different-operating-systems">Do I have to do anything special to make my application run on different operating systems?</h3>
407 <p>No. Native Client and Portable Native Client applications run without
408 modification on all supported operating systems.</p>
409 <p>However, to run on different instruction set architectures (such as
410 x86-32, x86-64 or ARM), you currently have to either:</p>
411 <ul class="small-gap">
412 <li>Use Portable Native Client.</li>
413 <li>Build and supply a separate <code>.nexe</code> file for each architecture, and
414 make them available on the Chrome Web Store. See <a class="reference internal" href="/native-client/devguide/devcycle/building.html"><em>target
415 architectures</em></a> for details about which
416 <code>.nexe</code> files will run on which architectures.</li>
417 </ul>
418 <h3 id="how-easy-is-it-to-port-my-existing-native-code-to-native-client">How easy is it to port my existing native code to Native Client?</h3>
419 <p>In most cases you won&#8217;t have to rewrite much, if any, code. The Native
420 Client-specific tools, such as <code>pnacl-clang++</code> or <code>x86_64-nacl-g++</code>,
421 take care of most of the necessary changes. You may need to make some
422 changes to your operating system calls and interactions with external
423 devices to work with the web. Porting existing Linux libraries is
424 generally straightforward, with large libraries often requiring no
425 source change.</p>
426 <p>The following kinds of code may be more challenging to port:</p>
427 <ul class="small-gap">
428 <li>Code that does direct <a class="reference external" href="pepper_stable/cpp/classpp_1_1_t_c_p_socket">TCP</a> or
429 <a class="reference external" href="pepper_stable/cpp/classpp_1_1_u_d_p_socket">UDP</a> networking. For security
430 reasons these APIs are only available to <a class="reference external" href="/apps">Chrome apps</a> after asking
431 for the appropriate permissions, not on the open web. Native Client is
432 otherwise restricted to the networking APIs available in the browser. You may
433 want to use to <a class="reference external" href="nacl_io">nacl_io library</a> to use POSIX-like sockets.</li>
434 <li>Code that creates processes, including UNIX <code>fork</code>, won&#8217;t function
435 as-is. However, threads are supported. You can nonetheless create new
436 <code>&lt;embed&gt;</code> tags in your HTML page to launch new PNaCl processes. You can even
437 use new <code>.pexe</code> files that your existing <code>.pexe</code> saved in a local
438 filesystem. This is somewhat akin to <code>execve</code>, but the process management
439 has to go through <code>postMessage</code> to JavaScript in order to create the new
440 <code>&lt;embed&gt;</code>.</li>
441 <li>Code that needs to do local file I/O. Native Client is restricted to accessing
442 URLs and to local storage in the browser (the Pepper <a class="reference internal" href="/native-client/devguide/coding/file-io.html"><em>File IO API</em></a> has access to the same per-application storage that
443 JavaScript has via Local Storage). HTML5 File System can be used, among
444 others. For POSIX compatabiliy the Native Client SDK includes a library called
445 nacl_io which allows the application to interact with all these types of files
446 via standard POSIX I/O functions (e.g. <code>open</code> / <code>fopen</code> / <code>read</code> /
447 <code>write</code> / ...). See <a class="reference internal" href="/native-client/devguide/coding/nacl_io.html"><em>Using NaCl I/O</em></a> for more
448 details.</li>
449 </ul>
450 <h2 id="troubleshooting"><span id="faq-troubleshooting"></span>Troubleshooting</h2>
451 <h3 id="my-pexe-isn-t-loading-help">My <code>.pexe</code> isn&#8217;t loading, help!</h3>
452 <ul class="small-gap">
453 <li>You must use Google Chrome version 31 or greater for Portable Native
454 Client. Find your version of chrome by opening <code>about:chrome</code>, and <a class="reference external" href="http://www.google.com/chrome/">update
455 Chrome</a> if you are on an older version. If
456 you&#8217;re already using a recent version, open <code>about:components</code> and &#8220;Check
457 for update&#8221; for PNaCl. Note that on ChromeOS PNaCl is always up to date,
458 whereas on other operating systems it updates shortly after Chrome updates.</li>
459 <li>A PNaCl <code>.pexe</code> must be compiled with pepper_31 SDK or higher. <a class="reference internal" href="/native-client/sdk/download.html#updating-bundles"><em>Update
460 your bundles</em></a> and make sure you&#8217;re using a version of
461 Chrome that matches the SDK version.</li>
462 <li>Your application can verify that Portable Native Client is supported
463 in JavaScript with <code>navigator.mimeTypes['application/x-pnacl'] !==
464 undefined</code>. This is preferred over checking the Chrome version.</li>
465 </ul>
466 <h3 id="my-nexe-files-never-finish-loading-what-gives">My <code>.nexe</code> files never finish loading. What gives?</h3>
467 <p>Here are ways to resolve some common problems that can prevent loading:</p>
468 <ul class="small-gap">
469 <li>You must use Google Chrome version 14 or greater for Native Client.</li>
470 <li>If you haven&#8217;t already done so, enable the Native Client flag in
471 Google Chrome. Type <code>about:flags</code> in the Chrome address bar, scroll
472 down to &#8220;Native Client&#8221;, click the &#8220;Enable&#8221; link, scroll down to the
473 bottom of the page, and click the &#8220;Relaunch Now&#8221; button (all browser
474 windows will restart).</li>
475 <li>Verify that the Native Client plugin is enabled in Google Chrome. Type
476 <code>about:plugins</code> in the Chrome address bar, scroll down to &#8220;Native
477 Client&#8221;, and click the &#8220;Enable&#8221; link. (You do not need to relaunch
478 Chrome after you enable the Native Client plugin).</li>
479 <li>Make sure that the <code>.nexe</code> files are being served from a web
480 server. Native Client uses the same-origin security policy, which
481 means that modules will not load in pages opened with the <code>file://</code>
482 protocol. In particular, you can&#8217;t run the examples in the SDK by
483 simply dragging the HTML files from the desktop into the browser. See
484 <a class="reference internal" href="/native-client/devguide/devcycle/running.html"><em>Running Native Client Applications</em></a>
485 for instructions on how to run the httpd.py mini-server included in
486 the SDK.</li>
487 <li>The <code>.nexe</code> files must have been compiled using SDK version 0.5 or
488 greater.</li>
489 <li>You must load the correct <code>.nexe</code> file for your machine&#8217;s specific
490 instruction set architecture (x86-32, x86-64 or ARM). You can ensure
491 you&#8217;re loading the correct <code>.nexe</code> file by building a separate
492 <code>.nexe</code> for each architecture, and using a <code>.nmf</code> manifest file to
493 let the browser select the correct <code>.nexe</code> file. Note: the need to
494 select a processor-specific <code>.nexe</code> goes away with Portable Native
495 Client.</li>
496 <li>If things still aren&#8217;t working, <a class="reference internal" href="/native-client/help.html"><em>ask for help</em></a>!</li>
497 </ul>
498 </section>
500 {{/partials.standard_nacl_article}}