1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef V8_VALUE_SERIALIZER_H_
6 #define V8_VALUE_SERIALIZER_H_
7 
8 #include <cstdint>
9 #include <vector>
10 
11 #include "include/v8.h"
12 #include "src/base/compiler-specific.h"
13 #include "src/base/macros.h"
14 #include "src/identity-map.h"
15 #include "src/maybe-handles.h"
16 #include "src/messages.h"
17 #include "src/vector.h"
18 #include "src/zone/zone.h"
19 
20 namespace v8 {
21 namespace internal {
22 
23 class BigInt;
24 class HeapNumber;
25 class Isolate;
26 class JSArrayBuffer;
27 class JSArrayBufferView;
28 class JSDate;
29 class JSMap;
30 class JSRegExp;
31 class JSSet;
32 class JSValue;
33 class MutableHeapNumber;
34 class Object;
35 class Oddball;
36 class Smi;
37 class WasmMemoryObject;
38 class WasmModuleObject;
39 
40 enum class SerializationTag : uint8_t;
41 
42 /**
43  * Writes V8 objects in a binary format that allows the objects to be cloned
44  * according to the HTML structured clone algorithm.
45  *
46  * Format is based on Blink's previous serialization logic.
47  */
48 class ValueSerializer {
49  public:
50   ValueSerializer(Isolate* isolate, v8::ValueSerializer::Delegate* delegate);
51   ~ValueSerializer();
52 
53   /*
54    * Writes out a header, which includes the format version.
55    */
56   void WriteHeader();
57 
58   /*
59    * Serializes a V8 object into the buffer.
60    */
61   Maybe<bool> WriteObject(Handle<Object> object) V8_WARN_UNUSED_RESULT;
62 
63   /*
64    * Returns the stored data. This serializer should not be used once the buffer
65    * is released. The contents are undefined if a previous write has failed.
66    */
67   std::vector<uint8_t> ReleaseBuffer();
68 
69   /*
70    * Returns the buffer, allocated via the delegate, and its size.
71    * Caller assumes ownership of the buffer.
72    */
73   std::pair<uint8_t*, size_t> Release();
74 
75   /*
76    * Marks an ArrayBuffer as havings its contents transferred out of band.
77    * Pass the corresponding JSArrayBuffer in the deserializing context to
78    * ValueDeserializer::TransferArrayBuffer.
79    */
80   void TransferArrayBuffer(uint32_t transfer_id,
81                            Handle<JSArrayBuffer> array_buffer);
82 
83   /*
84    * Publicly exposed wire format writing methods.
85    * These are intended for use within the delegate's WriteHostObject method.
86    */
87   void WriteUint32(uint32_t value);
88   void WriteUint64(uint64_t value);
89   void WriteRawBytes(const void* source, size_t length);
90   void WriteDouble(double value);
91 
92   /*
93    * Indicate whether to treat ArrayBufferView objects as host objects,
94    * i.e. pass them to Delegate::WriteHostObject. This should not be
95    * called when no Delegate was passed.
96    *
97    * The default is not to treat ArrayBufferViews as host objects.
98    */
99   void SetTreatArrayBufferViewsAsHostObjects(bool mode);
100 
101  private:
102   // Managing allocations of the internal buffer.
103   Maybe<bool> ExpandBuffer(size_t required_capacity);
104 
105   // Writing the wire format.
106   void WriteTag(SerializationTag tag);
107   template <typename T>
108   void WriteVarint(T value);
109   template <typename T>
110   void WriteZigZag(T value);
111   void WriteOneByteString(Vector<const uint8_t> chars);
112   void WriteTwoByteString(Vector<const uc16> chars);
113   void WriteBigIntContents(BigInt* bigint);
114   Maybe<uint8_t*> ReserveRawBytes(size_t bytes);
115 
116   // Writing V8 objects of various kinds.
117   void WriteOddball(Oddball* oddball);
118   void WriteSmi(Smi* smi);
119   void WriteHeapNumber(HeapNumber* number);
120   void WriteMutableHeapNumber(MutableHeapNumber* number);
121   void WriteBigInt(BigInt* bigint);
122   void WriteString(Handle<String> string);
123   Maybe<bool> WriteJSReceiver(Handle<JSReceiver> receiver)
124       V8_WARN_UNUSED_RESULT;
125   Maybe<bool> WriteJSObject(Handle<JSObject> object) V8_WARN_UNUSED_RESULT;
126   Maybe<bool> WriteJSObjectSlow(Handle<JSObject> object) V8_WARN_UNUSED_RESULT;
127   Maybe<bool> WriteJSArray(Handle<JSArray> array) V8_WARN_UNUSED_RESULT;
128   void WriteJSDate(JSDate* date);
129   Maybe<bool> WriteJSValue(Handle<JSValue> value) V8_WARN_UNUSED_RESULT;
130   void WriteJSRegExp(JSRegExp* regexp);
131   Maybe<bool> WriteJSMap(Handle<JSMap> map) V8_WARN_UNUSED_RESULT;
132   Maybe<bool> WriteJSSet(Handle<JSSet> map) V8_WARN_UNUSED_RESULT;
133   Maybe<bool> WriteJSArrayBuffer(Handle<JSArrayBuffer> array_buffer)
134       V8_WARN_UNUSED_RESULT;
135   Maybe<bool> WriteJSArrayBufferView(JSArrayBufferView* array_buffer);
136   Maybe<bool> WriteWasmModule(Handle<WasmModuleObject> object)
137       V8_WARN_UNUSED_RESULT;
138   Maybe<bool> WriteWasmMemory(Handle<WasmMemoryObject> object)
139       V8_WARN_UNUSED_RESULT;
140   Maybe<bool> WriteHostObject(Handle<JSObject> object) V8_WARN_UNUSED_RESULT;
141 
142   /*
143    * Reads the specified keys from the object and writes key-value pairs to the
144    * buffer. Returns the number of keys actually written, which may be smaller
145    * if some keys are not own properties when accessed.
146    */
147   Maybe<uint32_t> WriteJSObjectPropertiesSlow(
148       Handle<JSObject> object, Handle<FixedArray> keys) V8_WARN_UNUSED_RESULT;
149 
150   /*
151    * Asks the delegate to handle an error that occurred during data cloning, by
152    * throwing an exception appropriate for the host.
153    */
154   void ThrowDataCloneError(MessageTemplate::Template template_index);
155   V8_NOINLINE void ThrowDataCloneError(MessageTemplate::Template template_index,
156                                        Handle<Object> arg0);
157 
158   Maybe<bool> ThrowIfOutOfMemory();
159 
160   Isolate* const isolate_;
161   v8::ValueSerializer::Delegate* const delegate_;
162   bool treat_array_buffer_views_as_host_objects_ = false;
163   uint8_t* buffer_ = nullptr;
164   size_t buffer_size_ = 0;
165   size_t buffer_capacity_ = 0;
166   bool out_of_memory_ = false;
167   Zone zone_;
168 
169   // To avoid extra lookups in the identity map, ID+1 is actually stored in the
170   // map (checking if the used identity is zero is the fast way of checking if
171   // the entry is new).
172   IdentityMap<uint32_t, ZoneAllocationPolicy> id_map_;
173   uint32_t next_id_ = 0;
174 
175   // A similar map, for transferred array buffers.
176   IdentityMap<uint32_t, ZoneAllocationPolicy> array_buffer_transfer_map_;
177 
178   DISALLOW_COPY_AND_ASSIGN(ValueSerializer);
179 };
180 
181 /*
182  * Deserializes values from data written with ValueSerializer, or a compatible
183  * implementation.
184  */
185 class ValueDeserializer {
186  public:
187   ValueDeserializer(Isolate* isolate, Vector<const uint8_t> data,
188                     v8::ValueDeserializer::Delegate* delegate);
189   ~ValueDeserializer();
190 
191   /*
192    * Runs version detection logic, which may fail if the format is invalid.
193    */
194   Maybe<bool> ReadHeader() V8_WARN_UNUSED_RESULT;
195 
196   /*
197    * Reads the underlying wire format version. Likely mostly to be useful to
198    * legacy code reading old wire format versions. Must be called after
199    * ReadHeader.
200    */
GetWireFormatVersion()201   uint32_t GetWireFormatVersion() const { return version_; }
202 
203   /*
204    * Deserializes a V8 object from the buffer.
205    */
206   MaybeHandle<Object> ReadObject() V8_WARN_UNUSED_RESULT;
207 
208   /*
209    * Reads an object, consuming the entire buffer.
210    *
211    * This is required for the legacy "version 0" format, which did not allow
212    * reference deduplication, and instead relied on a "stack" model for
213    * deserializing, with the contents of objects and arrays provided first.
214    */
215   MaybeHandle<Object> ReadObjectUsingEntireBufferForLegacyFormat()
216       V8_WARN_UNUSED_RESULT;
217 
218   /*
219    * Accepts the array buffer corresponding to the one passed previously to
220    * ValueSerializer::TransferArrayBuffer.
221    */
222   void TransferArrayBuffer(uint32_t transfer_id,
223                            Handle<JSArrayBuffer> array_buffer);
224 
225   /*
226    * Publicly exposed wire format writing methods.
227    * These are intended for use within the delegate's WriteHostObject method.
228    */
229   bool ReadUint32(uint32_t* value) V8_WARN_UNUSED_RESULT;
230   bool ReadUint64(uint64_t* value) V8_WARN_UNUSED_RESULT;
231   bool ReadDouble(double* value) V8_WARN_UNUSED_RESULT;
232   bool ReadRawBytes(size_t length, const void** data) V8_WARN_UNUSED_RESULT;
set_expect_inline_wasm(bool expect_inline_wasm)233   void set_expect_inline_wasm(bool expect_inline_wasm) {
234     expect_inline_wasm_ = expect_inline_wasm;
235   }
236 
237  private:
238   // Reading the wire format.
239   Maybe<SerializationTag> PeekTag() const V8_WARN_UNUSED_RESULT;
240   void ConsumeTag(SerializationTag peeked_tag);
241   Maybe<SerializationTag> ReadTag() V8_WARN_UNUSED_RESULT;
242   template <typename T>
243   Maybe<T> ReadVarint() V8_WARN_UNUSED_RESULT;
244   template <typename T>
245   Maybe<T> ReadZigZag() V8_WARN_UNUSED_RESULT;
246   Maybe<double> ReadDouble() V8_WARN_UNUSED_RESULT;
247   Maybe<Vector<const uint8_t>> ReadRawBytes(int size) V8_WARN_UNUSED_RESULT;
expect_inline_wasm()248   bool expect_inline_wasm() const { return expect_inline_wasm_; }
249 
250   // Reads a string if it matches the one provided.
251   // Returns true if this was the case. Otherwise, nothing is consumed.
252   bool ReadExpectedString(Handle<String> expected) V8_WARN_UNUSED_RESULT;
253 
254   // Like ReadObject, but skips logic for special cases in simulating the
255   // "stack machine".
256   MaybeHandle<Object> ReadObjectInternal() V8_WARN_UNUSED_RESULT;
257 
258   // Reads a string intended to be part of a more complicated object.
259   // Before v12, these are UTF-8 strings. After, they can be any encoding
260   // permissible for a string (with the relevant tag).
261   MaybeHandle<String> ReadString() V8_WARN_UNUSED_RESULT;
262 
263   // Reading V8 objects of specific kinds.
264   // The tag is assumed to have already been read.
265   MaybeHandle<BigInt> ReadBigInt() V8_WARN_UNUSED_RESULT;
266   MaybeHandle<String> ReadUtf8String() V8_WARN_UNUSED_RESULT;
267   MaybeHandle<String> ReadOneByteString() V8_WARN_UNUSED_RESULT;
268   MaybeHandle<String> ReadTwoByteString() V8_WARN_UNUSED_RESULT;
269   MaybeHandle<JSObject> ReadJSObject() V8_WARN_UNUSED_RESULT;
270   MaybeHandle<JSArray> ReadSparseJSArray() V8_WARN_UNUSED_RESULT;
271   MaybeHandle<JSArray> ReadDenseJSArray() V8_WARN_UNUSED_RESULT;
272   MaybeHandle<JSDate> ReadJSDate() V8_WARN_UNUSED_RESULT;
273   MaybeHandle<JSValue> ReadJSValue(SerializationTag tag) V8_WARN_UNUSED_RESULT;
274   MaybeHandle<JSRegExp> ReadJSRegExp() V8_WARN_UNUSED_RESULT;
275   MaybeHandle<JSMap> ReadJSMap() V8_WARN_UNUSED_RESULT;
276   MaybeHandle<JSSet> ReadJSSet() V8_WARN_UNUSED_RESULT;
277   MaybeHandle<JSArrayBuffer> ReadJSArrayBuffer(bool is_shared)
278       V8_WARN_UNUSED_RESULT;
279   MaybeHandle<JSArrayBuffer> ReadTransferredJSArrayBuffer()
280       V8_WARN_UNUSED_RESULT;
281   MaybeHandle<JSArrayBufferView> ReadJSArrayBufferView(
282       Handle<JSArrayBuffer> buffer) V8_WARN_UNUSED_RESULT;
283   MaybeHandle<JSObject> ReadWasmModule() V8_WARN_UNUSED_RESULT;
284   MaybeHandle<JSObject> ReadWasmModuleTransfer() V8_WARN_UNUSED_RESULT;
285   MaybeHandle<WasmMemoryObject> ReadWasmMemory() V8_WARN_UNUSED_RESULT;
286   MaybeHandle<JSObject> ReadHostObject() V8_WARN_UNUSED_RESULT;
287 
288   /*
289    * Reads key-value pairs into the object until the specified end tag is
290    * encountered. If successful, returns the number of properties read.
291    */
292   Maybe<uint32_t> ReadJSObjectProperties(Handle<JSObject> object,
293                                          SerializationTag end_tag,
294                                          bool can_use_transitions);
295 
296   // Manipulating the map from IDs to reified objects.
297   bool HasObjectWithID(uint32_t id);
298   MaybeHandle<JSReceiver> GetObjectWithID(uint32_t id);
299   void AddObjectWithID(uint32_t id, Handle<JSReceiver> object);
300 
301   Isolate* const isolate_;
302   v8::ValueDeserializer::Delegate* const delegate_;
303   const uint8_t* position_;
304   const uint8_t* const end_;
305   PretenureFlag pretenure_;
306   uint32_t version_ = 0;
307   uint32_t next_id_ = 0;
308   bool expect_inline_wasm_ = false;
309 
310   // Always global handles.
311   Handle<FixedArray> id_map_;
312   MaybeHandle<SimpleNumberDictionary> array_buffer_transfer_map_;
313 
314   DISALLOW_COPY_AND_ASSIGN(ValueDeserializer);
315 };
316 
317 }  // namespace internal
318 }  // namespace v8
319 
320 #endif  // V8_VALUE_SERIALIZER_H_
321