+ All Categories
Home > Documents > Exploring Chrome Internals

Exploring Chrome Internals

Date post: 15-Nov-2014
Category:
Upload: best-tech-videos
View: 123 times
Download: 1 times
Share this document with a friend
Description:
Learn about Google Chrome's multi-process architecture and sandboxing technology. This talk will provide an overview of the processes, threads, and IPC involved with getting pixels on the screen in a system where the WebKit rendering engine is denied, via the sandbox, from having direct access to your computer.Watch a video at http://www.bestechvideos.com/2009/06/04/google-i-o-2009-exploring-chrome-internals
Popular Tags:
28
Transcript
Page 1: Exploring Chrome Internals
Page 2: Exploring Chrome Internals

Exploring Chrome InternalsDarin FisherMay 28, 2009

Page 3: Exploring Chrome Internals

Simple interface, powerful core

Page 4: Exploring Chrome Internals
Page 5: Exploring Chrome Internals

“Modern browsers resemble the co-operatively multi-tasked operating systems of the past.”

Guiding sentiment, 2006

Page 6: Exploring Chrome Internals

Goals

Speed

Stability

Security

Page 7: Exploring Chrome Internals

Use multiple processes!

Speed: Separate threads for separate web apps

Stability: Separate address spaces for separate web apps

Security: Sandbox the web app's process

Page 8: Exploring Chrome Internals

Moar speed please

WebKitSuper fast, opensource rendering engineSmall footprint (witness: mobile browsers)

V8Optimized JavaScript engineOpportunity for web apps to do way more

Page 9: Exploring Chrome Internals

Under the hood...

Page 10: Exploring Chrome Internals

The major components

ChromiumUI: tab strip, omnibox, new tab page, ...Multi-process architecture History systemNetwork stackSandboxetc...

Skia

WebKit

V8

Page 11: Exploring Chrome Internals

Multi-process architecture

Page 12: Exploring Chrome Internals

Process Types

BrowserMain coordinatorIO proxyTrusted

Renderer, WorkerEmbeds WebKitUntrusted

Plugin:Embeds NPAPI (Flash, Java, Silverlight, etc.)Trusted :-(

Page 13: Exploring Chrome Internals

Inter-process Communication

Apartment modelPrimarily async communication over named pipesLimited blocking calls and call nesting

Some exchange of shared memoryEach process has a thread dedicated to IPC:

Page 14: Exploring Chrome Internals

Process assignments

Approximating process per tab

Tabs share processes when:They have a (potential) script connectionOpened via link click: <a target=_blank>The process limit is reached

New process for Omnibox navigations when domain doesn't match. Tossing the old process -- ultimate GC!

Process per domain would be nice, but...

Page 15: Exploring Chrome Internals

The sandbox

Primary goal:Protect the user's system by blocking malware

Restrictions:Limit access to the file system and networkLimit access to the windowing systemLimit access to input devices

Mechanism:Strip the user's tokenUse a job object to further restrictRun on a separate desktop

Page 16: Exploring Chrome Internals

The sandbox

But, but... a browser needs to access the file system!Supporting file uploadsSupporting file:// URLs

What isn't protected?CookiesPasswordsHTML5 database, local/session storageCross-site attacks (user data in the cloud)

Page 17: Exploring Chrome Internals

Rendering in a sandbox

Short version:Render to a bitmapSend bitmap to the browser processBrowser copies the bitmap to the screen

Complexities:Limited access to OS APIs (fonts, etc.)A hung renderer should not lock up the browserNeeds to be fast!

Page 18: Exploring Chrome Internals

Painting and scrolling

Lock free:Browser maintains a backingstoreRenderer sends updates to the backingstore via SHMBrowser paints to the screen from the backingstoreBrowser ACKs renderer to allow another update

Scrolling is similar (includes a scroll delta)

Page 19: Exploring Chrome Internals

Resource loading

Browser serves as proxy for all IORestricts access to file:// and chrome://Performs safe-browsing checksVends cookies

Before WebKit sees any data, the browser...Follows HTTP redirectsHandles HTTP authDetects MIME type (handles downloads browser-side)Performs security checks for SSL

Page 20: Exploring Chrome Internals

History system

Lock free visited links systemShared memory containing bitmapIndexed by hash(URL)Only the browser process can writeGrow map size by creating a copy

After a page loads,Text is extracted and fed into the FTS index (sqlite)Thumbnail is generated and stored

Page 21: Exploring Chrome Internals

Plugins

Supports:Netscape style pluginsWhitelist of ActiveX controls (only WMP now)

One process per plugin typeMimics the environment of a single-proc browserSome plugins take a while to load :-/

Challenge: NPAPI is a synchronous APICache rendering of windowless pluginsJump through hoops for windowed pluginsPorting!

Page 22: Exploring Chrome Internals

WebKit

Page 23: Exploring Chrome Internals

WebKit overview

Comprised of several modules:JavaScriptCore: JS engine (not used)WebCore: HTML+CSS rendering, DOM, etc.WebKit: embedding API layer (not used)

WebCore conditionals:PLATFORM(CHROMIUM) platform/chromiumPLATFORM(SKIA) platform/graphics/skiaUSE(V8) bindings/v8

WebKit versions:Chrome 1 ~ Safari 3Chrome 2 ~ Safari 4

Page 24: Exploring Chrome Internals

WebKit development

The Chromium devs on #webkit3 reviewersOver a dozen contributors and counting

Status: Unforked!!

Focus going forward:WebKit API for ChromiumOpen web platform (HTML5, etc.)Web compatibility improvementsPerformance

Page 25: Exploring Chrome Internals

Open web platform

In progress:Audio/videoApplication cachesDatabaseLocal storageSession storageNotificationsWeb workers: dedicated, persistent, shared

Multi-process arch and sandbox pose challenges

Page 26: Exploring Chrome Internals

Network stack

Page 27: Exploring Chrome Internals

Making a better wheel

From Wininet to Winhttp to src/net/http/

DNS prefetching

In development:Feature parity (client certs, socks, IPv6 literals, etc.)Sparse cachingPseudo-pipeliningDeferred connection bindingParallel proxy auto config

Page 28: Exploring Chrome Internals

Recommended