exploring chrome internals
DESCRIPTION
Learn about Google Chrome's multi-process architecture and sandboxing technology. This talk will provide an overview of the processes, threads, and IPC involved with getting pixels on the screen in a system where the WebKit rendering engine is denied, via the sandbox, from having direct access to your computer.Watch a video at http://www.bestechvideos.com/2009/06/04/google-i-o-2009-exploring-chrome-internalsTRANSCRIPT
![Page 1: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/1.jpg)
![Page 2: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/2.jpg)
Exploring Chrome InternalsDarin FisherMay 28, 2009
![Page 3: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/3.jpg)
Simple interface, powerful core
![Page 4: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/4.jpg)
![Page 5: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/5.jpg)
“Modern browsers resemble the co-operatively multi-tasked operating systems of the past.”
Guiding sentiment, 2006
![Page 6: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/6.jpg)
Goals
Speed
Stability
Security
![Page 7: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/7.jpg)
Use multiple processes!
Speed: Separate threads for separate web apps
Stability: Separate address spaces for separate web apps
Security: Sandbox the web app's process
![Page 8: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/8.jpg)
Moar speed please
WebKitSuper fast, opensource rendering engineSmall footprint (witness: mobile browsers)
V8Optimized JavaScript engineOpportunity for web apps to do way more
![Page 9: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/9.jpg)
Under the hood...
![Page 10: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/10.jpg)
The major components
ChromiumUI: tab strip, omnibox, new tab page, ...Multi-process architecture History systemNetwork stackSandboxetc...
Skia
WebKit
V8
![Page 11: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/11.jpg)
Multi-process architecture
![Page 12: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/12.jpg)
Process Types
BrowserMain coordinatorIO proxyTrusted
Renderer, WorkerEmbeds WebKitUntrusted
Plugin:Embeds NPAPI (Flash, Java, Silverlight, etc.)Trusted :-(
![Page 13: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/13.jpg)
Inter-process Communication
Apartment modelPrimarily async communication over named pipesLimited blocking calls and call nesting
Some exchange of shared memoryEach process has a thread dedicated to IPC:
![Page 14: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/14.jpg)
Process assignments
Approximating process per tab
Tabs share processes when:They have a (potential) script connectionOpened via link click: <a target=_blank>The process limit is reached
New process for Omnibox navigations when domain doesn't match. Tossing the old process -- ultimate GC!
Process per domain would be nice, but...
![Page 15: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/15.jpg)
The sandbox
Primary goal:Protect the user's system by blocking malware
Restrictions:Limit access to the file system and networkLimit access to the windowing systemLimit access to input devices
Mechanism:Strip the user's tokenUse a job object to further restrictRun on a separate desktop
![Page 16: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/16.jpg)
The sandbox
But, but... a browser needs to access the file system!Supporting file uploadsSupporting file:// URLs
What isn't protected?CookiesPasswordsHTML5 database, local/session storageCross-site attacks (user data in the cloud)
![Page 17: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/17.jpg)
Rendering in a sandbox
Short version:Render to a bitmapSend bitmap to the browser processBrowser copies the bitmap to the screen
Complexities:Limited access to OS APIs (fonts, etc.)A hung renderer should not lock up the browserNeeds to be fast!
![Page 18: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/18.jpg)
Painting and scrolling
Lock free:Browser maintains a backingstoreRenderer sends updates to the backingstore via SHMBrowser paints to the screen from the backingstoreBrowser ACKs renderer to allow another update
Scrolling is similar (includes a scroll delta)
![Page 19: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/19.jpg)
Resource loading
Browser serves as proxy for all IORestricts access to file:// and chrome://Performs safe-browsing checksVends cookies
Before WebKit sees any data, the browser...Follows HTTP redirectsHandles HTTP authDetects MIME type (handles downloads browser-side)Performs security checks for SSL
![Page 20: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/20.jpg)
History system
Lock free visited links systemShared memory containing bitmapIndexed by hash(URL)Only the browser process can writeGrow map size by creating a copy
After a page loads,Text is extracted and fed into the FTS index (sqlite)Thumbnail is generated and stored
![Page 21: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/21.jpg)
Plugins
Supports:Netscape style pluginsWhitelist of ActiveX controls (only WMP now)
One process per plugin typeMimics the environment of a single-proc browserSome plugins take a while to load :-/
Challenge: NPAPI is a synchronous APICache rendering of windowless pluginsJump through hoops for windowed pluginsPorting!
![Page 22: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/22.jpg)
WebKit
![Page 23: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/23.jpg)
WebKit overview
Comprised of several modules:JavaScriptCore: JS engine (not used)WebCore: HTML+CSS rendering, DOM, etc.WebKit: embedding API layer (not used)
WebCore conditionals:PLATFORM(CHROMIUM) platform/chromiumPLATFORM(SKIA) platform/graphics/skiaUSE(V8) bindings/v8
WebKit versions:Chrome 1 ~ Safari 3Chrome 2 ~ Safari 4
![Page 24: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/24.jpg)
WebKit development
The Chromium devs on #webkit3 reviewersOver a dozen contributors and counting
Status: Unforked!!
Focus going forward:WebKit API for ChromiumOpen web platform (HTML5, etc.)Web compatibility improvementsPerformance
![Page 25: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/25.jpg)
Open web platform
In progress:Audio/videoApplication cachesDatabaseLocal storageSession storageNotificationsWeb workers: dedicated, persistent, shared
Multi-process arch and sandbox pose challenges
![Page 26: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/26.jpg)
Network stack
![Page 27: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/27.jpg)
Making a better wheel
From Wininet to Winhttp to src/net/http/
DNS prefetching
In development:Feature parity (client certs, socks, IPv6 literals, etc.)Sparse cachingPseudo-pipeliningDeferred connection bindingParallel proxy auto config
![Page 28: Exploring Chrome Internals](https://reader034.vdocuments.us/reader034/viewer/2022050904/5466a544b4af9ff5748b47db/html5/thumbnails/28.jpg)