Posted Jul 28, 2011 9:05 UTC (Thu) by khim
Parent article: Google's Native Client forges ahead
Disclaimer: I'm NaCl developer and we KNOW our documentation suck. We are working on it.
The NaCl plugin isolates code in the sandbox by using the memory segmentation available in processes, thus providing a contiguous, private address space for each component currently 256MB in size.
This is old information (year or so old). Today we provide 1GB on x86 and ARM and 4GB on x86-64. 256MB are reserved for code and 768MB are available for data.
Loaded modules are also read-only in memory, to prevent self-modifying code.
We support some very limited modifications using specialized "syscalls". Enough to support V8 and Mono.
NaCl also provides two higher-level mechanisms built on top of IMC: the Simple Remote Procedure Call (SRPC) facility, and an implementation of the traditional Netscape Plugin API (NPAPI).
Direct SRPC access is deprecated and NPAPI was completely replaced with PPAPI. This is the change I personally don't like all that much, but it was price to pay to be accepted by Chrome :-(
to post comments)