Modern Software Experience

2008-09-08

Google Chrome

This is a quick overview of Google Chrome technologies. This text is aimed at developers assumes a basic familiarity with Google Chrome. The First Look and Google’s comic referenced therein should be enough.

process model

multi-threaded

Google Chrome is a multi-threaded browser. Google Chrome has its own internal process manager to run multiple processes that are isolated from each other. There is a separate process for each browser tab. The practical upshot of this should be improved speed an reliability; one hanging page should not hang the entire browser, but just be one hanging page.

This feature is not unique to Google Chrome. Google’s comic strip describes the Chrome browser, but its minimal rights one-process-per-tab security model is how all browsers should work, and this is indeed a direction into which browsers are evolving. For example, Microsoft’s Internet Explorer 8 is multi-process too. Microsoft calls this feature "Loosely Coupled IE" (LCIE).

more sophisticated

The Chrome process model is actually more sophisticated than the comic might lead you to believe. It is not just one process-per-tab, you can also configure it to do one process-per-site. Its default model is actually process-as-site, which is roughly the same as process-per-tab, but also creates a a new process when you switch site within that tab. You can even run Chrome with a single process for all sites and all tabs, like most other browsers today.

A single command line argument lets you pick one of the non-default models:
-process-per-site
-process-per-tab
-single-process

hanging and memory leaks

When one browser tab goes down, you get a "sad tab" icon that looks like a sad face, but the browser keeps working. When you close a tab, what you are really doing is terminating the process for that tab, and that will free all the memory it was using.

This helps to keep the browser’s memory usage down. If there is a memory leak associated with a particular tab, you will get the lost memory back when you close that particular tab. If you keep opening and closing tabs, you may never notice any memory leaks even if they are there.
While other browser allow the memory consumption from leaks to build up, finally necessitating a browser restart, Chrome’s cleans up leaks as you close tabs - or switch from one site to another.

Task Manager

Google Chrome features a Task Manager not unlike Windows Task Manager, to show you which tabs are using most memory, hogging the CPU, or constantly downloading stuff, and what plug-ins they are using. So, after using Chrome for a while, you will know which sites and plug-ins are dragging your browser down. There is no menu item for the Chrome Task Manager, you must bring it up by pressing the Shift+Esc key combination.

OpenSearch

Chrome is fairly open. It is not just open source, it allows you to pick your own home page and search engine. Like other modern browser, Chrome supports the OpenSearch API so that it work with many different search engines.

bookmarks

I encountered some problems importing bookmarks from other browser, but the biggest issue right now is that you cannot export bookmarks.

Google Chrome uses SQLite to store its bookmarks, and you could try to get it out yourself, but that should not be necessary. The best advice for now is to not rely Google Chrome bookmarks yet.

add-ons and plug-ins

Google Chrome does not support Firefox XPInstall (*.XPI) add-ons, but it does support the NetScape Plug-in API supported by most browser.

developers

Without add-ons, the early Chrome does not really address user needs. Google Chrome does address the most immediate need of developers with a built-in DOM-inspector.

browser engine

WebKit

Google did not develop its own browser engine. Google recently extended its deal with Mozilla, in which it pays Mozilla to configure Google as the default search engine. Firefox uses the Gecko browser engine, but Chrome does not.

Google Chrome does not introduce yet another rendering engine, but uses an existing one. Google Chrome uses WebKit, the same browser engine that Apple Safari uses. This is hardly a surprise decision; Google’s first browser, the one in Google Android is based on WebKit.

Because Google Chrome and Apple Safari both use WebKit, you might think that the web pages look pretty much the same in both browsers. That is indeed the case, up to a certain extent, as Apple has its own ideas of how to handle fonts. Both browsers should score the the same on web standard compliance tests, but only when they use the same version of WebKit.

The Chrome comic says Google picked WebKit because it is open source, fast, and used for Android already. It goes on to say that the Android team had picked it because it uses memory efficiently, and keep things simple. They found that it is easy to adapt WebKit to embedded devices and easy for new developers to get started with.

Google did not snub Gecko, it is just easier to stick with the one engine you know and use already than to use two different ones, but a plug-in that lets you switch between various engines cannot be far away.
Users will want something like the IE Tab for Firefox and the ability to switch between Gecko and WebKit would make Chrome an instant with web developers.

mobile

By the way, Google Chrome and Apple Safari are not the only two WebKit-based browsers. TorchMobile offers their Iris Browser Windows Mobile, which is also based on WebKit. It is a fairly new product, the final preview was released on 2008 Aug 4. But with both Opera for Windows Mobile and Iris available, even Windows Mobile users can be expected to have a real browser. 

JavaScript

usage

Google believes that JavaScript (as most people keep calling ECMAScript) is important to the web. I do not agree with them.

We have CSS and server-side scripting already. JavaScript is a major security threat and the subtle differences between browsers are a incompatibility nightmare for anyone making JavaScript sites. The web does not need JavaScript at all, and we are all better off without its problems.

Google uses JavaScript more than enough to know about its many problems, but instead of switching to better approaches, they decided to improve the JavaScript performance. Google made its own JavaScript virtual machine, called V8.

JavaScript machines

Google suggests that existing JavaScript virtual machines were created to support small programs, a bit of silly stuff on some web page, where performance and interactivity are not all that important. Although that may be true for the original JavaScript engines, I am not so sure that it is a fair characterisation of the modern ones.

The Firefox and Safari teams have been paying attention to JavaScript performance and reliability for some time now. Firefox 3’s SpiderMonkey is about 3 times as fast as Firefox 2’s SpiderMonkey, and Mozilla is working on TraceMonkey, which adds native compilation to SpiderMonkey. Safari 4 will be using WebKit’s SquirrelFish, a new JavaScript engine that is faster than the fairly simple one Safari 3.x uses.

Google V8

Google Chrome uses WebKit, and WebKit comes with a JavaScript engine, known as SquirrelMonkey. Chromes use WebKit, but Chrome does not use SquirrelMonkey. Chrome uses Google V8 instead.

Google V8 compiles JavaScript to native code for maximum performance. It also features incremental garbage collection to avoid introducing second-long pauses.

By the way, Google’s V8 engine is used by Google Chrome, but is independent from it. Google Chrome relies on V8 for JavaScript, but V8 does not rely on Google Chrome for anything. Google V8 is an independent project and other browsers can incorporate V8 as their JavaScript engine.

JavaScript

Google’s fixation on JavaScript performance instead of browser performance is ludicrous. A JavaScript engine does not make your pages download faster. It does not make the rendering engine faster. All faster JavaScript execution accomplishes is masking the design blunders of sites that overly dependent on JavaScript.

In the long run, we all need to move away from JavaScript as we know. In the short run, Google decision to focus on JavaScript performance makes perfect sense; are you going to switch back to some browser with an old JavaScript engine after experiencing a browser with V8?

V8

Google’s V8 is different from existing JavaScript engines. One of JavaScript’s fundamental problems is that it is a typeless language. Google’s V8 features so-called hidden class transitions, which means that it will automatically recognise classes anyway, and then apply optimisations based on that.

That may be a smart performance fix for a poor language, but the smarter thing is to use a better language, such as ECMAScript Edition 4 (ES4). Alas, The ECMAScript committee decided to focus on ECMAScript 3.1 for now.

The Omnibox is the real home turf now.

home page

Google’s adoption of Opera’s Speed Dial as the boringly named Most Visited Pages may seem to signal a move away from the battle for the home page, but do not be fooled. Google has merely moved the battle from the start page to the address bar. The Omnibox is the real home turf now. Google is Chrome’s default search engine, and that is a setting users are much less likely to change than a home page.

User Interface

Chrome increases reliability by using separate process for each tab. In some sense, each tab is a browser, and Chrome is just a container around a collection of browser tabs. The Chrome browser is not just a window that uses tabs as interface to multiple views, it is more like an elastic string that keeps a bundle of tab window together. You can remove tab windows from that bundle.

Safe Browsing

Because Google Chrome for Windows uses WebKit like Safari for Window does, it is inevitable that the two browsers will be compared to each other. One thing such a comparison will have to highlight is that Google Chrome includes anti-phishing technology while Safari does not.

Chrome protect against malware and phishing just like Firefox does. Chrome uses the same Google Safe Browsing API as Firefox does. This API is a public free service, available to all comers, including competing browsers.

Chrome still sports a Beta moniker and although the Google Safe Browsing API is more than a year old already, its home page still describes it as experimental. That is a bit silly, as both seem here to stay.

security

Google does not assume Chrome is impervious to attacks. Instead, it assumes that your browser will get compromised eventually. That may not be what the marketroid want to hear, but it is the right approach.

For everything a web program wants to do on a user’s machine, the user needs to give permission.

minimal rights

To increase safety, the browser processes run with minimal rights. The comic says stripped away all their rights, That’s a minor goof up, they really stripped away all privileges, not all rights, so that the code has to run with minimal rights. Code without privileges cannot do much, code without rights cannot do anything.

By the way, running with minimal rights sounds simple in theory, but there is one practical reason other browsers are not doing this yet; writing code that doesn’t require any privileges is hard work.

plug-ins

Plug-ins may run at a higher privilege level than the browser itself. To allow that, without increasing the privileges for the entire browser, Chrome gives each plug-in its own separate process. The plug-in process may have some privileges, but the process for the tab window using the plug-in still runs on minimal rights. Moreover, if either plug-in or the tab process crashes, it does not take the other process with it.

ActiveX

You can’t use Chrome to visit Windows Update, but when you type "about:plugins" in the Omnibox, you will see that Chrome has an plug-in that provides an ActiveX shim to support some ActiveX component controls.

user-agent string

According to Chrome’s Web developer FAQ, the user agent string is:

Mozilla/5.0 (Windows ; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.X.Y.Z Safari/525.13.

This madness of including so many different browser names isn’t specific to Chrome, and That’s the only reason I refrain from commenting upon it.

Open Source

Google likes to say that Google Chrome is Open Source, but that is not entirely correct. Google Chrome is the Google-branded and Google-licensed variant of Chromium. Chromium is the Open Source project, available under a BSD license.

license

Google’s attitude towards its open source Chromium project is roughly please still this browser. Google does not mind if Chrome gets popular, but Google aims to influence all browsers. Google seems particularly eager for other browsers to adopt Gears.

Google is also making a lot of noise about its "V8" JavaScript engine, and seems to be hoping that other vendors will adopt it, but most are already busy improving their own JavaScript engines.

Although Chrome’s license may not stop other browser vendors from taking Chrome code, corporate pride does. Each vendors likes to think that their code is inherently better than anything some other organisation can come up with.

In the short term, it is not any particular technology used in Chrome, but the Google’s adoption of the multi-process model for its Chrome that is likely to have the biggest impact, and encourage the developers of competing browser makers to accelerate their plans to do them same.

Google Update

The most annoying part about Google Chrome is the GoogleUpdate process it installs. It is installed without asking permission and there is no uninstall function. It has been made hard to get rid of it too.

patching practice

We have not seen Google’s patching practice yet. Swift patching of reported defects to mitigate threats is essential. Google needs to demonstrate its browser patching savvy and so far, Google’s performance is below par. Google Chrome started out with an embarrassing months-old defect. The fix is nothing more than upgrading to a more recent version of WebKit, yet Google is not hurrying to patch it.

Google Gears

Google’s Chrome includes Google Gears. The practical upshot is that Google Chrome is not just a browser, but an environment for web applications. Google Gears changes the browser into a web application engine. Google Chrome is the Google Operating System, version 0.1.

Calling it an operating system is a bit grandiose, but it is does seem that Google Gears is what Google Chrome is all about. Because Chrome has Gears built-in, many Google Apps will perform better in Chrome than other browsers. That will not just encourage users to install the Gears plug-in their browser, it also encourages other browser makers to adopt Google Gears and build into their browser.

A serious issue with Google Gears is that is not HTML 5…

HTML 5 database API

removing HTML 5 support

Google Chrome does not support the HTML 5 database API. Now, HTML 5 isn’t a standard yet, but like many other browser engines, WebKit already supports the HTML 5 database API. However, although WebKit supports it, Google Chrome does not. To be blunt: the Google Chrome team spent time and trouble to take this out.

not built on WebKit

I’d go so far as to say that this invalidates Google claim that Chrome is built on WebKit. I say it is built on WebKit minus he HTML 5 database API, and that what they took out is not a minor feature. I think the WebKit team needs to call Google to order and make them admit the facts in their user-level and press-oriented documentation.

developer FAQ

The Chrome developer FAQ admits the lack of support for the HTML 5 database API and notes that that the Chrome team plans to support it in a future release, but it does not explain why the initial release doesn’t support it.

Google Gears

The Chrome team did add Google Gears, and Chrome does support Google’s proprietary Gears database API. Adding the proprietary Gears API while taking out the standard HTML 5 API is an action that is in less than complete alignment with Google's Do No Evil mantra.

evil

I wouldn’t be surprised to find out that the Chrome team wants to implement the standard HTML 5 API on top of the Google Gears database API. That way, both APIs would write their data to the same database, and thus be interoperable with each other. However, That’s still evil. It ensures that the standard HTML 5 API is always slower than their proprietary one. And why would any need or want a proprietary API when there already is a standard?

tips for Google and the competition

Here is a tip to Google: scrap the proprietary API completely and replace it with the standard one. Tip to the browser competition: make tests that highlight HTML 5 database API performance. Tip to web developers: do not use Google Gears when you can use a standard instead.

convergence?

A post by Dion Almaer, a Google employee involved with the Google Gears team, suggests that Google Gears is likely to converge to the HTML 5 specification. He does not see HTML 5 and Gears as competitors, but thinks of Gears as an early implementation of the still evolving HTML 5 spec. I hope he is right, and Gears will morph from a proprietary Google platform into an implementation of HTML 5 functionality.

Chrome development

Agile process

The comic does not use that word, but surely gives the impression that Google is treating Google Chrome as an agile project. The comic tells us that they are using test-driven design. They make regular builds, after which their "Chrome Bot" starts testing the new build against millions of pages. Testing with millions of pages sound nice, but Google has a database including millions of pages. Google use its own PageRank to make sure Chrome gets tested against all the important pages, such as the sites you use everyday. The comic mentions unit tests, automated functional tests and fuzz testing.
The post on the Google’s web log confirms the agile process impression in its first sentence: launch early and iterate.

solid testing

I am happy to see fuzz testing mentioned. I am a great fan of fuzz testing. Fuzz testing is sending random erroneous input, to see how stable the product is. A product that can withstand intensive fuzz testing is a robust product indeed. The comic underscores Google dedication to a solid product by having one unnamed engineer state that I don’t care about if there’s one fewer cool feature. I just want this product to be ROCK SOLID.
I do not think Google Chrome is there yet, but I certainly agree with the sentiment and the use of fuzz testing to improve product stability.

Google Mail

Really, I wish Google spend that kind of effort on Google Mail. I do not doubt they tested Google Mail in Chrome, but I do not want to hear that using Chrome is the only way to get a smooth user experience. Google’s web sites should not demand or favour a particular browser. They need to make sure it works smoothly in all browsers, and that includes Firefox 3.
It is just incredible how often Google Mail manages to hang in Firefox 3. Perhaps Google should not be developing a browser, but improve the quality of their existing products firsts.

Visual Studio

The Chromium source is delivered as Visual Studio 2005 project. That is the ideal environment for Chrome for Windows, but developers working on the MacOS or Linux variant will probably prefer to use some native development package as well.
Google will have to morph Chromium into a multi-tool project that reflects the multiple platforms it is targeting.

There is no Chrome for Mac OS X or Linux yet, but Chromium does have Mac OS X and Linux subprojects, where you can view the current status and contribute.

conclusion

The introduction of Google Chrome is interesting, as are some of its design decisions an features. It is sure to impact the development of other browsers.

updates

2008-11-14 Safari 3.2 anti-phishing

Apple Safari 3.2 now includes anti-phishing by using Google’s Safe Browsing API.

2008-12-09 native code for the web

Google does understand that JavaScript is far from ideal. Google just announced the Native Client, a browser plug-in that allows running untrusted native x86 code. That sounds good, but the current version is only 0.1 and does not even install if do not install Python first.
Google is deliberately releasing Native Client early, among other things to get community feedback on security concerns. The Native Client development team currently recommends Firefox 3 for trying it out, and recommends the in-browser quake demo. Google Native Client seems set to compete with the likes of Java, Flash and Silverlight, even JavaScript, but is perhaps best compared to ActiveX.

2011-07-16 Google Gears

Google ended the Gears project on 2011-03-1 to focus on HTML5 instead.

2012-05-22 Gears link removed

All Google Gears links have been removed.

links

Google Chrome

Chromium

Native Client

WebKit

Internet Explorer

standards & technology