1 // Copyright 2016 the V8 project authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef V8_OBJECTS_VALUE_SERIALIZER_H_ 6 #define V8_OBJECTS_VALUE_SERIALIZER_H_ 7 8 #include <cstdint> 9 #include <vector> 10 11 #include "include/v8.h" 12 #include "src/base/compiler-specific.h" 13 #include "src/base/macros.h" 14 #include "src/common/message-template.h" 15 #include "src/handles/maybe-handles.h" 16 #include "src/utils/identity-map.h" 17 #include "src/utils/vector.h" 18 #include "src/zone/zone.h" 19 20 namespace v8 { 21 namespace internal { 22 23 class BigInt; 24 class HeapNumber; 25 class Isolate; 26 class JSArrayBuffer; 27 class JSArrayBufferView; 28 class JSDate; 29 class JSMap; 30 class JSPrimitiveWrapper; 31 class JSRegExp; 32 class JSSet; 33 class Object; 34 class Oddball; 35 class Smi; 36 class WasmMemoryObject; 37 class WasmModuleObject; 38 39 enum class SerializationTag : uint8_t; 40 41 /** 42 * Writes V8 objects in a binary format that allows the objects to be cloned 43 * according to the HTML structured clone algorithm. 44 * 45 * Format is based on Blink's previous serialization logic. 46 */ 47 class ValueSerializer { 48 public: 49 ValueSerializer(Isolate* isolate, v8::ValueSerializer::Delegate* delegate); 50 ~ValueSerializer(); 51 ValueSerializer(const ValueSerializer&) = delete; 52 ValueSerializer& operator=(const ValueSerializer&) = delete; 53 54 /* 55 * Writes out a header, which includes the format version. 56 */ 57 void WriteHeader(); 58 59 /* 60 * Serializes a V8 object into the buffer. 61 */ 62 Maybe<bool> WriteObject(Handle<Object> object) V8_WARN_UNUSED_RESULT; 63 64 /* 65 * Returns the buffer, allocated via the delegate, and its size. 66 * Caller assumes ownership of the buffer. 67 */ 68 std::pair<uint8_t*, size_t> Release(); 69 70 /* 71 * Marks an ArrayBuffer as havings its contents transferred out of band. 72 * Pass the corresponding JSArrayBuffer in the deserializing context to 73 * ValueDeserializer::TransferArrayBuffer. 74 */ 75 void TransferArrayBuffer(uint32_t transfer_id, 76 Handle<JSArrayBuffer> array_buffer); 77 78 /* 79 * Publicly exposed wire format writing methods. 80 * These are intended for use within the delegate's WriteHostObject method. 81 */ 82 void WriteUint32(uint32_t value); 83 void WriteUint64(uint64_t value); 84 void WriteRawBytes(const void* source, size_t length); 85 void WriteDouble(double value); 86 87 /* 88 * Indicate whether to treat ArrayBufferView objects as host objects, 89 * i.e. pass them to Delegate::WriteHostObject. This should not be 90 * called when no Delegate was passed. 91 * 92 * The default is not to treat ArrayBufferViews as host objects. 93 */ 94 void SetTreatArrayBufferViewsAsHostObjects(bool mode); 95 96 private: 97 // Managing allocations of the internal buffer. 98 Maybe<bool> ExpandBuffer(size_t required_capacity); 99 100 // Writing the wire format. 101 void WriteTag(SerializationTag tag); 102 template <typename T> 103 void WriteVarint(T value); 104 template <typename T> 105 void WriteZigZag(T value); 106 void WriteOneByteString(Vector<const uint8_t> chars); 107 void WriteTwoByteString(Vector<const uc16> chars); 108 void WriteBigIntContents(BigInt bigint); 109 Maybe<uint8_t*> ReserveRawBytes(size_t bytes); 110 111 // Writing V8 objects of various kinds. 112 void WriteOddball(Oddball oddball); 113 void WriteSmi(Smi smi); 114 void WriteHeapNumber(HeapNumber number); 115 void WriteBigInt(BigInt bigint); 116 void WriteString(Handle<String> string); 117 Maybe<bool> WriteJSReceiver(Handle<JSReceiver> receiver) 118 V8_WARN_UNUSED_RESULT; 119 Maybe<bool> WriteJSObject(Handle<JSObject> object) V8_WARN_UNUSED_RESULT; 120 Maybe<bool> WriteJSObjectSlow(Handle<JSObject> object) V8_WARN_UNUSED_RESULT; 121 Maybe<bool> WriteJSArray(Handle<JSArray> array) V8_WARN_UNUSED_RESULT; 122 void WriteJSDate(JSDate date); 123 Maybe<bool> WriteJSPrimitiveWrapper(Handle<JSPrimitiveWrapper> value) 124 V8_WARN_UNUSED_RESULT; 125 void WriteJSRegExp(Handle<JSRegExp> regexp); 126 Maybe<bool> WriteJSMap(Handle<JSMap> map) V8_WARN_UNUSED_RESULT; 127 Maybe<bool> WriteJSSet(Handle<JSSet> map) V8_WARN_UNUSED_RESULT; 128 Maybe<bool> WriteJSArrayBuffer(Handle<JSArrayBuffer> array_buffer) 129 V8_WARN_UNUSED_RESULT; 130 Maybe<bool> WriteJSArrayBufferView(JSArrayBufferView array_buffer); 131 Maybe<bool> WriteJSError(Handle<JSObject> error) V8_WARN_UNUSED_RESULT; 132 Maybe<bool> WriteWasmModule(Handle<WasmModuleObject> object) 133 V8_WARN_UNUSED_RESULT; 134 Maybe<bool> WriteWasmMemory(Handle<WasmMemoryObject> object) 135 V8_WARN_UNUSED_RESULT; 136 Maybe<bool> WriteHostObject(Handle<JSObject> object) V8_WARN_UNUSED_RESULT; 137 138 /* 139 * Reads the specified keys from the object and writes key-value pairs to the 140 * buffer. Returns the number of keys actually written, which may be smaller 141 * if some keys are not own properties when accessed. 142 */ 143 Maybe<uint32_t> WriteJSObjectPropertiesSlow( 144 Handle<JSObject> object, Handle<FixedArray> keys) V8_WARN_UNUSED_RESULT; 145 146 /* 147 * Asks the delegate to handle an error that occurred during data cloning, by 148 * throwing an exception appropriate for the host. 149 */ 150 void ThrowDataCloneError(MessageTemplate template_index); 151 V8_NOINLINE void ThrowDataCloneError(MessageTemplate template_index, 152 Handle<Object> arg0); 153 154 Maybe<bool> ThrowIfOutOfMemory(); 155 156 Isolate* const isolate_; 157 v8::ValueSerializer::Delegate* const delegate_; 158 uint8_t* buffer_ = nullptr; 159 size_t buffer_size_ = 0; 160 size_t buffer_capacity_ = 0; 161 bool treat_array_buffer_views_as_host_objects_ = false; 162 bool out_of_memory_ = false; 163 Zone zone_; 164 165 // To avoid extra lookups in the identity map, ID+1 is actually stored in the 166 // map (checking if the used identity is zero is the fast way of checking if 167 // the entry is new). 168 IdentityMap<uint32_t, ZoneAllocationPolicy> id_map_; 169 uint32_t next_id_ = 0; 170 171 // A similar map, for transferred array buffers. 172 IdentityMap<uint32_t, ZoneAllocationPolicy> array_buffer_transfer_map_; 173 }; 174 175 /* 176 * Deserializes values from data written with ValueSerializer, or a compatible 177 * implementation. 178 */ 179 class ValueDeserializer { 180 public: 181 ValueDeserializer(Isolate* isolate, Vector<const uint8_t> data, 182 v8::ValueDeserializer::Delegate* delegate); 183 ~ValueDeserializer(); 184 ValueDeserializer(const ValueDeserializer&) = delete; 185 ValueDeserializer& operator=(const ValueDeserializer&) = delete; 186 187 /* 188 * Runs version detection logic, which may fail if the format is invalid. 189 */ 190 Maybe<bool> ReadHeader() V8_WARN_UNUSED_RESULT; 191 192 /* 193 * Reads the underlying wire format version. Likely mostly to be useful to 194 * legacy code reading old wire format versions. Must be called after 195 * ReadHeader. 196 */ GetWireFormatVersion()197 uint32_t GetWireFormatVersion() const { return version_; } 198 199 /* 200 * Deserializes a V8 object from the buffer. 201 */ 202 MaybeHandle<Object> ReadObject() V8_WARN_UNUSED_RESULT; 203 204 /* 205 * Reads an object, consuming the entire buffer. 206 * 207 * This is required for the legacy "version 0" format, which did not allow 208 * reference deduplication, and instead relied on a "stack" model for 209 * deserializing, with the contents of objects and arrays provided first. 210 */ 211 MaybeHandle<Object> ReadObjectUsingEntireBufferForLegacyFormat() 212 V8_WARN_UNUSED_RESULT; 213 214 /* 215 * Accepts the array buffer corresponding to the one passed previously to 216 * ValueSerializer::TransferArrayBuffer. 217 */ 218 void TransferArrayBuffer(uint32_t transfer_id, 219 Handle<JSArrayBuffer> array_buffer); 220 221 /* 222 * Publicly exposed wire format writing methods. 223 * These are intended for use within the delegate's WriteHostObject method. 224 */ 225 bool ReadUint32(uint32_t* value) V8_WARN_UNUSED_RESULT; 226 bool ReadUint64(uint64_t* value) V8_WARN_UNUSED_RESULT; 227 bool ReadDouble(double* value) V8_WARN_UNUSED_RESULT; 228 bool ReadRawBytes(size_t length, const void** data) V8_WARN_UNUSED_RESULT; 229 230 private: 231 // Reading the wire format. 232 Maybe<SerializationTag> PeekTag() const V8_WARN_UNUSED_RESULT; 233 void ConsumeTag(SerializationTag peeked_tag); 234 Maybe<SerializationTag> ReadTag() V8_WARN_UNUSED_RESULT; 235 template <typename T> 236 Maybe<T> ReadVarint() V8_WARN_UNUSED_RESULT; 237 template <typename T> 238 Maybe<T> ReadZigZag() V8_WARN_UNUSED_RESULT; 239 Maybe<double> ReadDouble() V8_WARN_UNUSED_RESULT; 240 Maybe<Vector<const uint8_t>> ReadRawBytes(int size) V8_WARN_UNUSED_RESULT; 241 242 // Reads a string if it matches the one provided. 243 // Returns true if this was the case. Otherwise, nothing is consumed. 244 bool ReadExpectedString(Handle<String> expected) V8_WARN_UNUSED_RESULT; 245 246 // Like ReadObject, but skips logic for special cases in simulating the 247 // "stack machine". 248 MaybeHandle<Object> ReadObjectInternal() V8_WARN_UNUSED_RESULT; 249 250 // Reads a string intended to be part of a more complicated object. 251 // Before v12, these are UTF-8 strings. After, they can be any encoding 252 // permissible for a string (with the relevant tag). 253 MaybeHandle<String> ReadString() V8_WARN_UNUSED_RESULT; 254 255 // Reading V8 objects of specific kinds. 256 // The tag is assumed to have already been read. 257 MaybeHandle<BigInt> ReadBigInt() V8_WARN_UNUSED_RESULT; 258 MaybeHandle<String> ReadUtf8String() V8_WARN_UNUSED_RESULT; 259 MaybeHandle<String> ReadOneByteString() V8_WARN_UNUSED_RESULT; 260 MaybeHandle<String> ReadTwoByteString() V8_WARN_UNUSED_RESULT; 261 MaybeHandle<JSObject> ReadJSObject() V8_WARN_UNUSED_RESULT; 262 MaybeHandle<JSArray> ReadSparseJSArray() V8_WARN_UNUSED_RESULT; 263 MaybeHandle<JSArray> ReadDenseJSArray() V8_WARN_UNUSED_RESULT; 264 MaybeHandle<JSDate> ReadJSDate() V8_WARN_UNUSED_RESULT; 265 MaybeHandle<JSPrimitiveWrapper> ReadJSPrimitiveWrapper(SerializationTag tag) 266 V8_WARN_UNUSED_RESULT; 267 MaybeHandle<JSRegExp> ReadJSRegExp() V8_WARN_UNUSED_RESULT; 268 MaybeHandle<JSMap> ReadJSMap() V8_WARN_UNUSED_RESULT; 269 MaybeHandle<JSSet> ReadJSSet() V8_WARN_UNUSED_RESULT; 270 MaybeHandle<JSArrayBuffer> ReadJSArrayBuffer(bool is_shared) 271 V8_WARN_UNUSED_RESULT; 272 MaybeHandle<JSArrayBuffer> ReadTransferredJSArrayBuffer() 273 V8_WARN_UNUSED_RESULT; 274 MaybeHandle<JSArrayBufferView> ReadJSArrayBufferView( 275 Handle<JSArrayBuffer> buffer) V8_WARN_UNUSED_RESULT; 276 MaybeHandle<Object> ReadJSError() V8_WARN_UNUSED_RESULT; 277 MaybeHandle<JSObject> ReadWasmModuleTransfer() V8_WARN_UNUSED_RESULT; 278 MaybeHandle<WasmMemoryObject> ReadWasmMemory() V8_WARN_UNUSED_RESULT; 279 MaybeHandle<JSObject> ReadHostObject() V8_WARN_UNUSED_RESULT; 280 281 /* 282 * Reads key-value pairs into the object until the specified end tag is 283 * encountered. If successful, returns the number of properties read. 284 */ 285 Maybe<uint32_t> ReadJSObjectProperties(Handle<JSObject> object, 286 SerializationTag end_tag, 287 bool can_use_transitions); 288 289 // Manipulating the map from IDs to reified objects. 290 bool HasObjectWithID(uint32_t id); 291 MaybeHandle<JSReceiver> GetObjectWithID(uint32_t id); 292 void AddObjectWithID(uint32_t id, Handle<JSReceiver> object); 293 294 Isolate* const isolate_; 295 v8::ValueDeserializer::Delegate* const delegate_; 296 const uint8_t* position_; 297 const uint8_t* const end_; 298 uint32_t version_ = 0; 299 uint32_t next_id_ = 0; 300 301 // Always global handles. 302 Handle<FixedArray> id_map_; 303 MaybeHandle<SimpleNumberDictionary> array_buffer_transfer_map_; 304 }; 305 306 } // namespace internal 307 } // namespace v8 308 309 #endif // V8_OBJECTS_VALUE_SERIALIZER_H_ 310