JSConf 2014

Ejecutando código C++ nativo en el navegador gracias a JavaScript

Nick Bray  · 

Transcripción

Extracto de la transcripción automática del vídeo realizada por YouTube.

we need native code on the web right now you can write applications in any language you want as long as it's JavaScript so this is a funny thing to complain about as this is jas conf but if you think a look at the larger arc right now javascript has a

very privileged position on the web and all other platforms usually have a way that they can call out to C or C++ or some other language and this creates a lot of lost opportunity costs such as integrating with existing libraries or making it easy to port

between cell phone applications and the web and things along those lines so before we get into the Nitty Gritty of native code it's worth remembering why we love the web the web is secure and by secure we mean that you can point your web browser at nearly

any website run the application and not worry that will upload your financial information to some arbitrary website so cat videos no theft that's a good thing the web is portable you can view it on any computer in the operating system as long as there's

a web browser you can view it from your cell phone it's it just runs everywhere there's a web browser this is great it's ephemeral so you don't have to install anything you just point your web browser go you don't have to uninstall anything

you don't have to have automatic computer clean up or anything like that that's all done in the cache and the web is well not very compatible with other platforms it's kind of it's an own Island so the reason this is is because of all the things

that make the web good so the web is secure well this doesn't mean that native applications are insecure it just means that they have an entirely different definition of what this means so on the web it assumes your application is running on behalf of

where you get it from whereas when you run your native application it assumes it's running on behalf of you so the native application can access your financial information because it's you and native applications are typically compiled down onto the

machine so they aren't they haven't traditionally been built for portability and you typically install these so we'll get the plugins in a moment but if you have to install something on the web you lose ninety percent of your user seventy ninety

percent of you users right there so if we want native code to work on the web it has to behave like the web it has to be secure portable and ephemeral we've tried this so everyone remembers NPAPI flash java activex some people even even tried to hack the

browser in order to get this working and these ultimately these approaches fall down because it's JavaScript its web content which calls into native code and then the native code tries to do its best job pretending it's just as secure as JavaScript

but ultimately there are security exploits and you only get security that's as good as the weakest link in the chain so gen 2 is people finally learn from the pain and said why don't we try to do things which behave as if they are web content they're

secure portable ephemeral so there is portable Native Client which is in chrome and allows you to take a portable binary essentially and run it inside your web browser and then there's Emscripten which compiles native code into JavaScript and this is one

of the main reasons that this is going to be talked about at JS conf is because it concerns JavaScript and what the future of JavaScript could be to support this kind of workflow and a lot of you have probably heard of as MJ s and this is actually what happens

after em scripting gets a hold of it is it describes a specific format that M script and generates so for this talk I will be talking about Emscripten but in your mind you can wildcard that too as MJS if you wish pinnacle portable Native Client works like

a traditional compiler is you take a bunch of C++ source files you pass it to a slightly modified version of llvm and it produces a portable executable this portable executable is a serialization of lv M's internal format then inside the browser your web

page says hey I want to embed this portable executable so chrome grabs it downloads it and then looks at it and says hey I can't actually run portable code you know my processor isn't portable it's a real processor so then it goes and translates

it into what the local code is and it does a few tricks to make sure we can verify the code is safe so at runtime you get a set up that's a little bit like this is that there is a Knakal process running these specially generating machine instructions which

is your native code executing and then when one is interact when it wants to interact with the web page it does postmessage so javascript is sitting there can send messages back and forth and one of the issues is that you don't have direct access to the

dome so the dom is very much single threaded only accessible by javascript and it's very jealous of this fact so you typically have to have some glue if you want to modify the actual web page an interesting thing is that when you have an apple process

it can only talk to the browser it cannot talk directly to the operating system and this means that the browser notion of security is preserved so you can't access an arbitrary file on the disk but you can get any Earl that JavaScript would be able to

get and the API that this done with is called pepper and it's essentially functionally equivalent with what javascript has in terms of xml httprequest WebGL it's just a different language binding for that M scripting on the other hand takes the approach

where it says here's some C code and I'm going to do some transformations on it so it's actually semantically equivalent JavaScript so this is an add function which is pretty dup a little bit to use pointers so we actually see some memory operations

in the output but it's more or less what you'd expect if you kind of squint through all the cruft in there there's a load from memory another load from memory and then it adds together so you'll see there's a lot of or zeros in there and

[ ... ]

Nota: se han omitido las otras 3.086 palabras de la transcripción completa para cumplir con las normas de «uso razonable» de YouTube.