.. _nacl-and-pnacl: ############## NaCl and PNaCl ############## This document describes the differences between **Native Client** and **Portable Native Client**, and provides recommendations for when to use each. .. contents:: :local: :backlinks: none :depth: 2 Native Client (NaCl) ==================== Native Client enables the execution of native code securely inside web applications through the use of advanced `Software Fault Isolation (SFI) techniques </native-client/community/talks#research>`_. Since its launch in 2011, Native Client has provided developers with the ability to harness a client machine's computational power to a much fuller extent than traditional web technologies, by running compiled C and C++ code at near-native speeds and taking advantage of multiple cores with shared memory. While Native Client provides operating system independence, it requires developers to generate architecture-specific executable modules (**nexe** modules) for each hardware platform. This is not only inconvenient for developers, but architecture-specific machine code is not portable and thus not well-suited for the open web. The traditional method of application distribution on the web is through a self-contained bundle of HTML, CSS, JavaScript, and other resources (images, etc.) that can be hosted on a server and run inside a web browser. With this type of distribution, a website created today should still work years later, on all platforms. Architecture-specific executables are clearly not a good fit for distribution on the web. As a consequence, Native Client has been restricted to applications and browser extensions that are installed through the Chrome Web Store. Portable Native Client (PNaCl) ============================== PNaCl solves the portability problem by splitting the compilation process into two parts: #. compiling the source code to a portable bitcode format, and #. translating the bitcode to a host-specific executable. PNaCl enables developers to distribute **portable executables** (**pexe** modules) that the hosting environment (e.g., the Chrome browser) can translate to native code before executing. This portability aligns Native Client with existing open web technologies such as JavaScript: A developer can distribute a **pexe** as part of an application (along with HTML, CSS, and JavaScript), and the user's machine is simply able to run it. With PNaCl, a developer generates a single **pexe** from source code, rather than multiple platform-specific nexes. The **pexe** provides both architecture- and OS-independence. Since the **pexe** uses an abstract, architecture-independent format, it does not suffer from the portability problem described above. Future versions of hosting environments should have no problem executing the **pexe**, even on new architectures. Moreover, if an existing architecture is subsequently enhanced, the **pexe** doesn't even have to be recompiled---in some cases the client-side translation will automatically be able to take advantage of the new capabilities. **In short, PNaCl combines the portability of existing web technologies with the performance and security benefits of Native Client.** With the advent of PNaCl, the distribution restriction of Native Client can be lifted. Specifically, a **pexe** module can be part of any web application---it does not have to be distributed through the Chrome Web Store. PNaCl is a new technology, and as such it still has a few limitations as compared to NaCl. These limitations are described below. When to use PNaCl ================= PNaCl is the preferred toolchain for Native Client, and the only way to deploy Native Client modules on the open web. Unless your project is subject to one of the narrow limitations described below (see :ref:`When to use NaCl<when-to-use-nacl>`), you should use PNaCl. Beginning with version 31, the Chrome browser supports translation of **pexe** modules and their use in web applications, without requiring any installation (either of a browser plugin or of the applications themselves). Native Client and PNaCl are open-source technologies, and our hope is that they will be added to other hosting platforms in the future. If controlled distribution through the Chrome Web Store is an important part of your product plan, the benefits of PNaCl are less critical for you. But you can still use the PNaCl toolchain and distribute your application through the Chrome Web Store, and thereby take advantage of the conveniences of PNaCl, such as not having to explicitly compile your application for all supported architectures. .. _when-to-use-nacl: When to use NaCl ================ The limitations below apply to the current release of PNaCl. If any of these limitations are critical for your application, you should use non-portable NaCl: * By its nature, PNaCl does not support architecture-specific instructions in an application (i.e., inline assembly), but tries to offer high-performance portable equivalents. One such example is PNaCl's :ref:`Portable SIMD Vectors <portable_simd_vectors>`. * Currently PNaCl only supports static linking with the ``newlib`` C standard library (the Native Client SDK provides a PNaCl port of ``newlib``). Dynamic linking and ``glibc`` are not yet supported. Work is under way to enable dynamic linking in future versions of PNaCl. * In the initial release, PNaCl does not support some GNU extensions like taking the address of a label for computed ``goto``, or nested functions.