2016-08-12 14:49:09 +00:00
|
|
|
// Copyright 2016 the V8 project authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
|
|
// found in the LICENSE file.
|
|
|
|
|
|
|
|
#ifndef V8_VALUE_SERIALIZER_H_
|
|
|
|
#define V8_VALUE_SERIALIZER_H_
|
|
|
|
|
|
|
|
#include <cstdint>
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
#include "include/v8.h"
|
|
|
|
#include "src/base/compiler-specific.h"
|
|
|
|
#include "src/base/macros.h"
|
2016-08-17 14:26:37 +00:00
|
|
|
#include "src/identity-map.h"
|
2016-09-02 15:16:26 +00:00
|
|
|
#include "src/messages.h"
|
2016-08-12 14:49:09 +00:00
|
|
|
#include "src/vector.h"
|
2016-09-20 16:07:25 +00:00
|
|
|
#include "src/zone/zone.h"
|
2016-08-12 14:49:09 +00:00
|
|
|
|
|
|
|
namespace v8 {
|
|
|
|
namespace internal {
|
|
|
|
|
2016-08-15 01:00:16 +00:00
|
|
|
class HeapNumber;
|
2016-08-12 14:49:09 +00:00
|
|
|
class Isolate;
|
2016-08-25 14:42:56 +00:00
|
|
|
class JSArrayBuffer;
|
2016-08-29 14:51:22 +00:00
|
|
|
class JSArrayBufferView;
|
2016-08-22 17:14:36 +00:00
|
|
|
class JSDate;
|
2016-08-24 15:58:34 +00:00
|
|
|
class JSMap;
|
2016-08-23 15:16:12 +00:00
|
|
|
class JSRegExp;
|
2016-08-24 15:58:34 +00:00
|
|
|
class JSSet;
|
2016-08-23 14:32:43 +00:00
|
|
|
class JSValue;
|
2016-08-12 14:49:09 +00:00
|
|
|
class Object;
|
|
|
|
class Oddball;
|
2016-08-15 01:00:16 +00:00
|
|
|
class Smi;
|
2017-10-13 19:12:48 +00:00
|
|
|
class WasmMemoryObject;
|
Reland of [wasm] Transferrable modules (patchset #1 id:1 of https://codereview.chromium.org/2762163002/ )
Reason for revert:
Temporarily disabled tests on chromium side (https://codereview.chromium.org/2764933002)
Original issue's description:
> Revert of [wasm] Transferrable modules (patchset #13 id:280001 of https://codereview.chromium.org/2748473004/ )
>
> Reason for revert:
> Breaks layout tests:
> https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14312
>
> See https://github.com/v8/v8/wiki/Blink-layout-tests
>
> Original issue's description:
> > [wasm] Transferrable modules
> >
> > We want to restrict structured cloning in Chrome to:
> > - postMessage senders and receivers that are co-located
> > in the same process
> > - indexedDB (just https).
> >
> > For context, on the Chrome side, we will achieve the postMessage part
> > by using a mechanism similar to transferrables: the
> > SerializedScriptValue will have a list of wasm modules, separate from
> > the serialized data stream; and this list won't be copied cross
> > process boundaries. The IDB part is achieved by explicitly opting in
> > reading/writing to the serialization stream. To block attack vectors
> > in IPC cases, the default for deserialization will be to expect data
> > in the wasm transfers list.
> >
> > This change is the V8 side necessary to enabling this design. We
> > introduce TransferrableModule, an opaque datatype exposed to the
> > embedder. Internally, TransferrableModules are just serialized data,
> > because we don't have a better mechanism, at the moment, for
> > de-contextualizing/re-contextualizing wasm modules (wrt Isolate and
> > Context).
> >
> > The chrome defaults will be implemented in the
> > serialization/deserialization delegates on that side. For the v8 side
> > of things, in the absence of a serialization delegate, the V8
> > serializer will write to serialization stream. In the absence of a
> > deserialization delegate, the deserializer won't work. This asymmetry
> > is intentional - it communicates to the embedder the need to make a
> > policy decision, otherwise wasm serialization/deserialization won't
> > work "out of the box".
> >
> > BUG=v8:6079
> >
> > Review-Url: https://codereview.chromium.org/2748473004
> > Cr-Commit-Position: refs/heads/master@{#43955}
> > Committed: https://chromium.googlesource.com/v8/v8/+/99743ad460ea5b9795ba9d70a074e75d7362a3d1
>
> TBR=jbroman@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:6079
>
> Review-Url: https://codereview.chromium.org/2762163002
> Cr-Commit-Position: refs/heads/master@{#43981}
> Committed: https://chromium.googlesource.com/v8/v8/+/e538b70e1a45289dfe0fa9789563f023a5e9c22b
TBR=jbroman@chromium.org,bradnelson@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6079
Review-Url: https://codereview.chromium.org/2762273002
Cr-Commit-Position: refs/heads/master@{#43994}
2017-03-21 17:48:05 +00:00
|
|
|
class WasmModuleObject;
|
2016-08-12 14:49:09 +00:00
|
|
|
|
|
|
|
enum class SerializationTag : uint8_t;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Writes V8 objects in a binary format that allows the objects to be cloned
|
|
|
|
* according to the HTML structured clone algorithm.
|
|
|
|
*
|
|
|
|
* Format is based on Blink's previous serialization logic.
|
|
|
|
*/
|
|
|
|
class ValueSerializer {
|
|
|
|
public:
|
2016-09-02 15:16:26 +00:00
|
|
|
ValueSerializer(Isolate* isolate, v8::ValueSerializer::Delegate* delegate);
|
2016-08-12 14:49:09 +00:00
|
|
|
~ValueSerializer();
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Writes out a header, which includes the format version.
|
|
|
|
*/
|
|
|
|
void WriteHeader();
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Serializes a V8 object into the buffer.
|
|
|
|
*/
|
|
|
|
Maybe<bool> WriteObject(Handle<Object> object) WARN_UNUSED_RESULT;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Returns the stored data. This serializer should not be used once the buffer
|
|
|
|
* is released. The contents are undefined if a previous write has failed.
|
|
|
|
*/
|
2016-11-12 21:49:30 +00:00
|
|
|
std::vector<uint8_t> ReleaseBuffer();
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Returns the buffer, allocated via the delegate, and its size.
|
|
|
|
* Caller assumes ownership of the buffer.
|
|
|
|
*/
|
|
|
|
std::pair<uint8_t*, size_t> Release();
|
2016-08-12 14:49:09 +00:00
|
|
|
|
2016-08-26 15:47:15 +00:00
|
|
|
/*
|
|
|
|
* Marks an ArrayBuffer as havings its contents transferred out of band.
|
|
|
|
* Pass the corresponding JSArrayBuffer in the deserializing context to
|
|
|
|
* ValueDeserializer::TransferArrayBuffer.
|
|
|
|
*/
|
|
|
|
void TransferArrayBuffer(uint32_t transfer_id,
|
|
|
|
Handle<JSArrayBuffer> array_buffer);
|
|
|
|
|
2016-09-14 16:41:35 +00:00
|
|
|
/*
|
|
|
|
* Publicly exposed wire format writing methods.
|
|
|
|
* These are intended for use within the delegate's WriteHostObject method.
|
|
|
|
*/
|
|
|
|
void WriteUint32(uint32_t value);
|
|
|
|
void WriteUint64(uint64_t value);
|
|
|
|
void WriteRawBytes(const void* source, size_t length);
|
2016-10-04 13:44:19 +00:00
|
|
|
void WriteDouble(double value);
|
2016-09-14 16:41:35 +00:00
|
|
|
|
2017-02-17 14:19:39 +00:00
|
|
|
/*
|
|
|
|
* Indicate whether to treat ArrayBufferView objects as host objects,
|
|
|
|
* i.e. pass them to Delegate::WriteHostObject. This should not be
|
|
|
|
* called when no Delegate was passed.
|
|
|
|
*
|
|
|
|
* The default is not to treat ArrayBufferViews as host objects.
|
|
|
|
*/
|
|
|
|
void SetTreatArrayBufferViewsAsHostObjects(bool mode);
|
|
|
|
|
2016-08-12 14:49:09 +00:00
|
|
|
private:
|
2016-11-12 21:49:30 +00:00
|
|
|
// Managing allocations of the internal buffer.
|
2017-01-27 20:15:37 +00:00
|
|
|
Maybe<bool> ExpandBuffer(size_t required_capacity);
|
2016-11-12 21:49:30 +00:00
|
|
|
|
2016-08-12 14:49:09 +00:00
|
|
|
// Writing the wire format.
|
|
|
|
void WriteTag(SerializationTag tag);
|
|
|
|
template <typename T>
|
|
|
|
void WriteVarint(T value);
|
2016-08-15 01:00:16 +00:00
|
|
|
template <typename T>
|
|
|
|
void WriteZigZag(T value);
|
2016-08-15 15:26:39 +00:00
|
|
|
void WriteOneByteString(Vector<const uint8_t> chars);
|
|
|
|
void WriteTwoByteString(Vector<const uc16> chars);
|
2017-01-27 20:15:37 +00:00
|
|
|
Maybe<uint8_t*> ReserveRawBytes(size_t bytes);
|
2016-08-12 14:49:09 +00:00
|
|
|
|
|
|
|
// Writing V8 objects of various kinds.
|
|
|
|
void WriteOddball(Oddball* oddball);
|
2016-08-15 01:00:16 +00:00
|
|
|
void WriteSmi(Smi* smi);
|
|
|
|
void WriteHeapNumber(HeapNumber* number);
|
2016-08-15 15:26:39 +00:00
|
|
|
void WriteString(Handle<String> string);
|
2016-08-17 14:26:37 +00:00
|
|
|
Maybe<bool> WriteJSReceiver(Handle<JSReceiver> receiver) WARN_UNUSED_RESULT;
|
|
|
|
Maybe<bool> WriteJSObject(Handle<JSObject> object) WARN_UNUSED_RESULT;
|
2016-09-06 18:05:21 +00:00
|
|
|
Maybe<bool> WriteJSObjectSlow(Handle<JSObject> object) WARN_UNUSED_RESULT;
|
2016-08-18 22:30:26 +00:00
|
|
|
Maybe<bool> WriteJSArray(Handle<JSArray> array) WARN_UNUSED_RESULT;
|
2016-08-22 17:14:36 +00:00
|
|
|
void WriteJSDate(JSDate* date);
|
2016-08-23 14:32:43 +00:00
|
|
|
Maybe<bool> WriteJSValue(Handle<JSValue> value) WARN_UNUSED_RESULT;
|
2016-08-23 15:16:12 +00:00
|
|
|
void WriteJSRegExp(JSRegExp* regexp);
|
2016-08-24 15:58:34 +00:00
|
|
|
Maybe<bool> WriteJSMap(Handle<JSMap> map) WARN_UNUSED_RESULT;
|
|
|
|
Maybe<bool> WriteJSSet(Handle<JSSet> map) WARN_UNUSED_RESULT;
|
2017-01-03 22:52:17 +00:00
|
|
|
Maybe<bool> WriteJSArrayBuffer(Handle<JSArrayBuffer> array_buffer)
|
|
|
|
WARN_UNUSED_RESULT;
|
2016-08-29 14:51:22 +00:00
|
|
|
Maybe<bool> WriteJSArrayBufferView(JSArrayBufferView* array_buffer);
|
2017-07-07 12:27:56 +00:00
|
|
|
Maybe<bool> WriteWasmModule(Handle<WasmModuleObject> object)
|
|
|
|
WARN_UNUSED_RESULT;
|
2017-10-13 19:12:48 +00:00
|
|
|
Maybe<bool> WriteWasmMemory(Handle<WasmMemoryObject> object)
|
|
|
|
WARN_UNUSED_RESULT;
|
2016-09-14 16:41:35 +00:00
|
|
|
Maybe<bool> WriteHostObject(Handle<JSObject> object) WARN_UNUSED_RESULT;
|
2016-08-12 14:49:09 +00:00
|
|
|
|
2016-08-17 14:26:37 +00:00
|
|
|
/*
|
|
|
|
* Reads the specified keys from the object and writes key-value pairs to the
|
|
|
|
* buffer. Returns the number of keys actually written, which may be smaller
|
|
|
|
* if some keys are not own properties when accessed.
|
|
|
|
*/
|
2016-09-06 18:05:21 +00:00
|
|
|
Maybe<uint32_t> WriteJSObjectPropertiesSlow(
|
2016-08-17 14:26:37 +00:00
|
|
|
Handle<JSObject> object, Handle<FixedArray> keys) WARN_UNUSED_RESULT;
|
|
|
|
|
2016-09-02 15:16:26 +00:00
|
|
|
/*
|
|
|
|
* Asks the delegate to handle an error that occurred during data cloning, by
|
|
|
|
* throwing an exception appropriate for the host.
|
|
|
|
*/
|
|
|
|
void ThrowDataCloneError(MessageTemplate::Template template_index);
|
|
|
|
V8_NOINLINE void ThrowDataCloneError(MessageTemplate::Template template_index,
|
|
|
|
Handle<Object> arg0);
|
|
|
|
|
2017-01-27 20:15:37 +00:00
|
|
|
Maybe<bool> ThrowIfOutOfMemory();
|
|
|
|
|
2016-08-17 14:26:37 +00:00
|
|
|
Isolate* const isolate_;
|
2016-09-02 15:16:26 +00:00
|
|
|
v8::ValueSerializer::Delegate* const delegate_;
|
2017-02-17 14:19:39 +00:00
|
|
|
bool treat_array_buffer_views_as_host_objects_ = false;
|
2016-11-12 21:49:30 +00:00
|
|
|
uint8_t* buffer_ = nullptr;
|
|
|
|
size_t buffer_size_ = 0;
|
|
|
|
size_t buffer_capacity_ = 0;
|
2017-01-27 20:15:37 +00:00
|
|
|
bool out_of_memory_ = false;
|
2016-08-17 14:26:37 +00:00
|
|
|
Zone zone_;
|
|
|
|
|
|
|
|
// To avoid extra lookups in the identity map, ID+1 is actually stored in the
|
|
|
|
// map (checking if the used identity is zero is the fast way of checking if
|
|
|
|
// the entry is new).
|
2017-02-20 21:46:38 +00:00
|
|
|
IdentityMap<uint32_t, ZoneAllocationPolicy> id_map_;
|
2016-08-17 14:26:37 +00:00
|
|
|
uint32_t next_id_ = 0;
|
2016-08-12 14:49:09 +00:00
|
|
|
|
2016-08-26 15:47:15 +00:00
|
|
|
// A similar map, for transferred array buffers.
|
2017-02-20 21:46:38 +00:00
|
|
|
IdentityMap<uint32_t, ZoneAllocationPolicy> array_buffer_transfer_map_;
|
2016-08-26 15:47:15 +00:00
|
|
|
|
2016-08-12 14:49:09 +00:00
|
|
|
DISALLOW_COPY_AND_ASSIGN(ValueSerializer);
|
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Deserializes values from data written with ValueSerializer, or a compatible
|
|
|
|
* implementation.
|
|
|
|
*/
|
|
|
|
class ValueDeserializer {
|
|
|
|
public:
|
2016-09-14 16:41:35 +00:00
|
|
|
ValueDeserializer(Isolate* isolate, Vector<const uint8_t> data,
|
|
|
|
v8::ValueDeserializer::Delegate* delegate);
|
2016-08-12 14:49:09 +00:00
|
|
|
~ValueDeserializer();
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Runs version detection logic, which may fail if the format is invalid.
|
|
|
|
*/
|
|
|
|
Maybe<bool> ReadHeader() WARN_UNUSED_RESULT;
|
|
|
|
|
2016-08-25 15:59:44 +00:00
|
|
|
/*
|
|
|
|
* Reads the underlying wire format version. Likely mostly to be useful to
|
|
|
|
* legacy code reading old wire format versions. Must be called after
|
|
|
|
* ReadHeader.
|
|
|
|
*/
|
|
|
|
uint32_t GetWireFormatVersion() const { return version_; }
|
|
|
|
|
2016-08-12 14:49:09 +00:00
|
|
|
/*
|
|
|
|
* Deserializes a V8 object from the buffer.
|
|
|
|
*/
|
|
|
|
MaybeHandle<Object> ReadObject() WARN_UNUSED_RESULT;
|
|
|
|
|
2016-08-17 16:05:57 +00:00
|
|
|
/*
|
|
|
|
* Reads an object, consuming the entire buffer.
|
|
|
|
*
|
|
|
|
* This is required for the legacy "version 0" format, which did not allow
|
|
|
|
* reference deduplication, and instead relied on a "stack" model for
|
|
|
|
* deserializing, with the contents of objects and arrays provided first.
|
|
|
|
*/
|
|
|
|
MaybeHandle<Object> ReadObjectUsingEntireBufferForLegacyFormat()
|
|
|
|
WARN_UNUSED_RESULT;
|
|
|
|
|
2016-08-26 15:47:15 +00:00
|
|
|
/*
|
|
|
|
* Accepts the array buffer corresponding to the one passed previously to
|
|
|
|
* ValueSerializer::TransferArrayBuffer.
|
|
|
|
*/
|
|
|
|
void TransferArrayBuffer(uint32_t transfer_id,
|
|
|
|
Handle<JSArrayBuffer> array_buffer);
|
|
|
|
|
2016-09-14 16:41:35 +00:00
|
|
|
/*
|
|
|
|
* Publicly exposed wire format writing methods.
|
|
|
|
* These are intended for use within the delegate's WriteHostObject method.
|
|
|
|
*/
|
|
|
|
bool ReadUint32(uint32_t* value) WARN_UNUSED_RESULT;
|
|
|
|
bool ReadUint64(uint64_t* value) WARN_UNUSED_RESULT;
|
2016-10-04 13:44:19 +00:00
|
|
|
bool ReadDouble(double* value) WARN_UNUSED_RESULT;
|
2016-09-14 16:41:35 +00:00
|
|
|
bool ReadRawBytes(size_t length, const void** data) WARN_UNUSED_RESULT;
|
Reland of [wasm] Transferrable modules (patchset #1 id:1 of https://codereview.chromium.org/2762163002/ )
Reason for revert:
Temporarily disabled tests on chromium side (https://codereview.chromium.org/2764933002)
Original issue's description:
> Revert of [wasm] Transferrable modules (patchset #13 id:280001 of https://codereview.chromium.org/2748473004/ )
>
> Reason for revert:
> Breaks layout tests:
> https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14312
>
> See https://github.com/v8/v8/wiki/Blink-layout-tests
>
> Original issue's description:
> > [wasm] Transferrable modules
> >
> > We want to restrict structured cloning in Chrome to:
> > - postMessage senders and receivers that are co-located
> > in the same process
> > - indexedDB (just https).
> >
> > For context, on the Chrome side, we will achieve the postMessage part
> > by using a mechanism similar to transferrables: the
> > SerializedScriptValue will have a list of wasm modules, separate from
> > the serialized data stream; and this list won't be copied cross
> > process boundaries. The IDB part is achieved by explicitly opting in
> > reading/writing to the serialization stream. To block attack vectors
> > in IPC cases, the default for deserialization will be to expect data
> > in the wasm transfers list.
> >
> > This change is the V8 side necessary to enabling this design. We
> > introduce TransferrableModule, an opaque datatype exposed to the
> > embedder. Internally, TransferrableModules are just serialized data,
> > because we don't have a better mechanism, at the moment, for
> > de-contextualizing/re-contextualizing wasm modules (wrt Isolate and
> > Context).
> >
> > The chrome defaults will be implemented in the
> > serialization/deserialization delegates on that side. For the v8 side
> > of things, in the absence of a serialization delegate, the V8
> > serializer will write to serialization stream. In the absence of a
> > deserialization delegate, the deserializer won't work. This asymmetry
> > is intentional - it communicates to the embedder the need to make a
> > policy decision, otherwise wasm serialization/deserialization won't
> > work "out of the box".
> >
> > BUG=v8:6079
> >
> > Review-Url: https://codereview.chromium.org/2748473004
> > Cr-Commit-Position: refs/heads/master@{#43955}
> > Committed: https://chromium.googlesource.com/v8/v8/+/99743ad460ea5b9795ba9d70a074e75d7362a3d1
>
> TBR=jbroman@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:6079
>
> Review-Url: https://codereview.chromium.org/2762163002
> Cr-Commit-Position: refs/heads/master@{#43981}
> Committed: https://chromium.googlesource.com/v8/v8/+/e538b70e1a45289dfe0fa9789563f023a5e9c22b
TBR=jbroman@chromium.org,bradnelson@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6079
Review-Url: https://codereview.chromium.org/2762273002
Cr-Commit-Position: refs/heads/master@{#43994}
2017-03-21 17:48:05 +00:00
|
|
|
void set_expect_inline_wasm(bool expect_inline_wasm) {
|
|
|
|
expect_inline_wasm_ = expect_inline_wasm;
|
|
|
|
}
|
2016-09-14 16:41:35 +00:00
|
|
|
|
2016-08-12 14:49:09 +00:00
|
|
|
private:
|
2016-08-15 15:26:39 +00:00
|
|
|
// Reading the wire format.
|
2016-08-17 14:26:37 +00:00
|
|
|
Maybe<SerializationTag> PeekTag() const WARN_UNUSED_RESULT;
|
2016-08-17 16:05:57 +00:00
|
|
|
void ConsumeTag(SerializationTag peeked_tag);
|
2016-08-12 14:49:09 +00:00
|
|
|
Maybe<SerializationTag> ReadTag() WARN_UNUSED_RESULT;
|
|
|
|
template <typename T>
|
|
|
|
Maybe<T> ReadVarint() WARN_UNUSED_RESULT;
|
2016-08-15 01:00:16 +00:00
|
|
|
template <typename T>
|
|
|
|
Maybe<T> ReadZigZag() WARN_UNUSED_RESULT;
|
|
|
|
Maybe<double> ReadDouble() WARN_UNUSED_RESULT;
|
2016-08-15 15:26:39 +00:00
|
|
|
Maybe<Vector<const uint8_t>> ReadRawBytes(int size) WARN_UNUSED_RESULT;
|
Reland of [wasm] Transferrable modules (patchset #1 id:1 of https://codereview.chromium.org/2762163002/ )
Reason for revert:
Temporarily disabled tests on chromium side (https://codereview.chromium.org/2764933002)
Original issue's description:
> Revert of [wasm] Transferrable modules (patchset #13 id:280001 of https://codereview.chromium.org/2748473004/ )
>
> Reason for revert:
> Breaks layout tests:
> https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14312
>
> See https://github.com/v8/v8/wiki/Blink-layout-tests
>
> Original issue's description:
> > [wasm] Transferrable modules
> >
> > We want to restrict structured cloning in Chrome to:
> > - postMessage senders and receivers that are co-located
> > in the same process
> > - indexedDB (just https).
> >
> > For context, on the Chrome side, we will achieve the postMessage part
> > by using a mechanism similar to transferrables: the
> > SerializedScriptValue will have a list of wasm modules, separate from
> > the serialized data stream; and this list won't be copied cross
> > process boundaries. The IDB part is achieved by explicitly opting in
> > reading/writing to the serialization stream. To block attack vectors
> > in IPC cases, the default for deserialization will be to expect data
> > in the wasm transfers list.
> >
> > This change is the V8 side necessary to enabling this design. We
> > introduce TransferrableModule, an opaque datatype exposed to the
> > embedder. Internally, TransferrableModules are just serialized data,
> > because we don't have a better mechanism, at the moment, for
> > de-contextualizing/re-contextualizing wasm modules (wrt Isolate and
> > Context).
> >
> > The chrome defaults will be implemented in the
> > serialization/deserialization delegates on that side. For the v8 side
> > of things, in the absence of a serialization delegate, the V8
> > serializer will write to serialization stream. In the absence of a
> > deserialization delegate, the deserializer won't work. This asymmetry
> > is intentional - it communicates to the embedder the need to make a
> > policy decision, otherwise wasm serialization/deserialization won't
> > work "out of the box".
> >
> > BUG=v8:6079
> >
> > Review-Url: https://codereview.chromium.org/2748473004
> > Cr-Commit-Position: refs/heads/master@{#43955}
> > Committed: https://chromium.googlesource.com/v8/v8/+/99743ad460ea5b9795ba9d70a074e75d7362a3d1
>
> TBR=jbroman@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:6079
>
> Review-Url: https://codereview.chromium.org/2762163002
> Cr-Commit-Position: refs/heads/master@{#43981}
> Committed: https://chromium.googlesource.com/v8/v8/+/e538b70e1a45289dfe0fa9789563f023a5e9c22b
TBR=jbroman@chromium.org,bradnelson@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6079
Review-Url: https://codereview.chromium.org/2762273002
Cr-Commit-Position: refs/heads/master@{#43994}
2017-03-21 17:48:05 +00:00
|
|
|
bool expect_inline_wasm() const { return expect_inline_wasm_; }
|
2016-08-15 15:26:39 +00:00
|
|
|
|
2016-09-14 19:10:01 +00:00
|
|
|
// Reads a string if it matches the one provided.
|
|
|
|
// Returns true if this was the case. Otherwise, nothing is consumed.
|
|
|
|
bool ReadExpectedString(Handle<String> expected) WARN_UNUSED_RESULT;
|
|
|
|
|
2016-08-29 14:51:22 +00:00
|
|
|
// Like ReadObject, but skips logic for special cases in simulating the
|
|
|
|
// "stack machine".
|
|
|
|
MaybeHandle<Object> ReadObjectInternal() WARN_UNUSED_RESULT;
|
|
|
|
|
2017-02-01 22:27:02 +00:00
|
|
|
// Reads a string intended to be part of a more complicated object.
|
|
|
|
// Before v12, these are UTF-8 strings. After, they can be any encoding
|
|
|
|
// permissible for a string (with the relevant tag).
|
|
|
|
MaybeHandle<String> ReadString() WARN_UNUSED_RESULT;
|
|
|
|
|
2016-08-15 15:26:39 +00:00
|
|
|
// Reading V8 objects of specific kinds.
|
|
|
|
// The tag is assumed to have already been read.
|
|
|
|
MaybeHandle<String> ReadUtf8String() WARN_UNUSED_RESULT;
|
2017-01-28 05:52:05 +00:00
|
|
|
MaybeHandle<String> ReadOneByteString() WARN_UNUSED_RESULT;
|
2016-08-15 15:26:39 +00:00
|
|
|
MaybeHandle<String> ReadTwoByteString() WARN_UNUSED_RESULT;
|
2016-08-17 14:26:37 +00:00
|
|
|
MaybeHandle<JSObject> ReadJSObject() WARN_UNUSED_RESULT;
|
2016-08-18 22:30:26 +00:00
|
|
|
MaybeHandle<JSArray> ReadSparseJSArray() WARN_UNUSED_RESULT;
|
|
|
|
MaybeHandle<JSArray> ReadDenseJSArray() WARN_UNUSED_RESULT;
|
2016-08-22 17:14:36 +00:00
|
|
|
MaybeHandle<JSDate> ReadJSDate() WARN_UNUSED_RESULT;
|
2016-08-23 14:32:43 +00:00
|
|
|
MaybeHandle<JSValue> ReadJSValue(SerializationTag tag) WARN_UNUSED_RESULT;
|
2016-08-23 15:16:12 +00:00
|
|
|
MaybeHandle<JSRegExp> ReadJSRegExp() WARN_UNUSED_RESULT;
|
2016-08-24 15:58:34 +00:00
|
|
|
MaybeHandle<JSMap> ReadJSMap() WARN_UNUSED_RESULT;
|
|
|
|
MaybeHandle<JSSet> ReadJSSet() WARN_UNUSED_RESULT;
|
2018-01-10 21:16:56 +00:00
|
|
|
MaybeHandle<JSArrayBuffer> ReadJSArrayBuffer(bool is_shared)
|
|
|
|
WARN_UNUSED_RESULT;
|
|
|
|
MaybeHandle<JSArrayBuffer> ReadTransferredJSArrayBuffer()
|
2016-08-30 14:05:37 +00:00
|
|
|
WARN_UNUSED_RESULT;
|
2016-08-29 14:51:22 +00:00
|
|
|
MaybeHandle<JSArrayBufferView> ReadJSArrayBufferView(
|
|
|
|
Handle<JSArrayBuffer> buffer) WARN_UNUSED_RESULT;
|
2016-11-04 15:35:13 +00:00
|
|
|
MaybeHandle<JSObject> ReadWasmModule() WARN_UNUSED_RESULT;
|
Reland of [wasm] Transferrable modules (patchset #1 id:1 of https://codereview.chromium.org/2762163002/ )
Reason for revert:
Temporarily disabled tests on chromium side (https://codereview.chromium.org/2764933002)
Original issue's description:
> Revert of [wasm] Transferrable modules (patchset #13 id:280001 of https://codereview.chromium.org/2748473004/ )
>
> Reason for revert:
> Breaks layout tests:
> https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14312
>
> See https://github.com/v8/v8/wiki/Blink-layout-tests
>
> Original issue's description:
> > [wasm] Transferrable modules
> >
> > We want to restrict structured cloning in Chrome to:
> > - postMessage senders and receivers that are co-located
> > in the same process
> > - indexedDB (just https).
> >
> > For context, on the Chrome side, we will achieve the postMessage part
> > by using a mechanism similar to transferrables: the
> > SerializedScriptValue will have a list of wasm modules, separate from
> > the serialized data stream; and this list won't be copied cross
> > process boundaries. The IDB part is achieved by explicitly opting in
> > reading/writing to the serialization stream. To block attack vectors
> > in IPC cases, the default for deserialization will be to expect data
> > in the wasm transfers list.
> >
> > This change is the V8 side necessary to enabling this design. We
> > introduce TransferrableModule, an opaque datatype exposed to the
> > embedder. Internally, TransferrableModules are just serialized data,
> > because we don't have a better mechanism, at the moment, for
> > de-contextualizing/re-contextualizing wasm modules (wrt Isolate and
> > Context).
> >
> > The chrome defaults will be implemented in the
> > serialization/deserialization delegates on that side. For the v8 side
> > of things, in the absence of a serialization delegate, the V8
> > serializer will write to serialization stream. In the absence of a
> > deserialization delegate, the deserializer won't work. This asymmetry
> > is intentional - it communicates to the embedder the need to make a
> > policy decision, otherwise wasm serialization/deserialization won't
> > work "out of the box".
> >
> > BUG=v8:6079
> >
> > Review-Url: https://codereview.chromium.org/2748473004
> > Cr-Commit-Position: refs/heads/master@{#43955}
> > Committed: https://chromium.googlesource.com/v8/v8/+/99743ad460ea5b9795ba9d70a074e75d7362a3d1
>
> TBR=jbroman@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:6079
>
> Review-Url: https://codereview.chromium.org/2762163002
> Cr-Commit-Position: refs/heads/master@{#43981}
> Committed: https://chromium.googlesource.com/v8/v8/+/e538b70e1a45289dfe0fa9789563f023a5e9c22b
TBR=jbroman@chromium.org,bradnelson@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6079
Review-Url: https://codereview.chromium.org/2762273002
Cr-Commit-Position: refs/heads/master@{#43994}
2017-03-21 17:48:05 +00:00
|
|
|
MaybeHandle<JSObject> ReadWasmModuleTransfer() WARN_UNUSED_RESULT;
|
2017-10-18 23:58:37 +00:00
|
|
|
MaybeHandle<WasmMemoryObject> ReadWasmMemory() WARN_UNUSED_RESULT;
|
2016-09-14 16:41:35 +00:00
|
|
|
MaybeHandle<JSObject> ReadHostObject() WARN_UNUSED_RESULT;
|
2016-08-17 14:26:37 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Reads key-value pairs into the object until the specified end tag is
|
|
|
|
* encountered. If successful, returns the number of properties read.
|
|
|
|
*/
|
|
|
|
Maybe<uint32_t> ReadJSObjectProperties(Handle<JSObject> object,
|
2016-09-14 19:10:01 +00:00
|
|
|
SerializationTag end_tag,
|
|
|
|
bool can_use_transitions);
|
2016-08-17 14:26:37 +00:00
|
|
|
|
|
|
|
// Manipulating the map from IDs to reified objects.
|
|
|
|
bool HasObjectWithID(uint32_t id);
|
|
|
|
MaybeHandle<JSReceiver> GetObjectWithID(uint32_t id);
|
|
|
|
void AddObjectWithID(uint32_t id, Handle<JSReceiver> object);
|
2016-08-12 14:49:09 +00:00
|
|
|
|
|
|
|
Isolate* const isolate_;
|
2016-09-14 16:41:35 +00:00
|
|
|
v8::ValueDeserializer::Delegate* const delegate_;
|
2016-08-12 14:49:09 +00:00
|
|
|
const uint8_t* position_;
|
|
|
|
const uint8_t* const end_;
|
2016-09-14 02:34:55 +00:00
|
|
|
PretenureFlag pretenure_;
|
2016-08-12 14:49:09 +00:00
|
|
|
uint32_t version_ = 0;
|
2016-08-17 14:26:37 +00:00
|
|
|
uint32_t next_id_ = 0;
|
Reland of [wasm] Transferrable modules (patchset #1 id:1 of https://codereview.chromium.org/2762163002/ )
Reason for revert:
Temporarily disabled tests on chromium side (https://codereview.chromium.org/2764933002)
Original issue's description:
> Revert of [wasm] Transferrable modules (patchset #13 id:280001 of https://codereview.chromium.org/2748473004/ )
>
> Reason for revert:
> Breaks layout tests:
> https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14312
>
> See https://github.com/v8/v8/wiki/Blink-layout-tests
>
> Original issue's description:
> > [wasm] Transferrable modules
> >
> > We want to restrict structured cloning in Chrome to:
> > - postMessage senders and receivers that are co-located
> > in the same process
> > - indexedDB (just https).
> >
> > For context, on the Chrome side, we will achieve the postMessage part
> > by using a mechanism similar to transferrables: the
> > SerializedScriptValue will have a list of wasm modules, separate from
> > the serialized data stream; and this list won't be copied cross
> > process boundaries. The IDB part is achieved by explicitly opting in
> > reading/writing to the serialization stream. To block attack vectors
> > in IPC cases, the default for deserialization will be to expect data
> > in the wasm transfers list.
> >
> > This change is the V8 side necessary to enabling this design. We
> > introduce TransferrableModule, an opaque datatype exposed to the
> > embedder. Internally, TransferrableModules are just serialized data,
> > because we don't have a better mechanism, at the moment, for
> > de-contextualizing/re-contextualizing wasm modules (wrt Isolate and
> > Context).
> >
> > The chrome defaults will be implemented in the
> > serialization/deserialization delegates on that side. For the v8 side
> > of things, in the absence of a serialization delegate, the V8
> > serializer will write to serialization stream. In the absence of a
> > deserialization delegate, the deserializer won't work. This asymmetry
> > is intentional - it communicates to the embedder the need to make a
> > policy decision, otherwise wasm serialization/deserialization won't
> > work "out of the box".
> >
> > BUG=v8:6079
> >
> > Review-Url: https://codereview.chromium.org/2748473004
> > Cr-Commit-Position: refs/heads/master@{#43955}
> > Committed: https://chromium.googlesource.com/v8/v8/+/99743ad460ea5b9795ba9d70a074e75d7362a3d1
>
> TBR=jbroman@chromium.org,bradnelson@chromium.org,mtrofin@chromium.org
> # Skipping CQ checks because original CL landed less than 1 days ago.
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> BUG=v8:6079
>
> Review-Url: https://codereview.chromium.org/2762163002
> Cr-Commit-Position: refs/heads/master@{#43981}
> Committed: https://chromium.googlesource.com/v8/v8/+/e538b70e1a45289dfe0fa9789563f023a5e9c22b
TBR=jbroman@chromium.org,bradnelson@chromium.org,machenbach@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6079
Review-Url: https://codereview.chromium.org/2762273002
Cr-Commit-Position: refs/heads/master@{#43994}
2017-03-21 17:48:05 +00:00
|
|
|
bool expect_inline_wasm_ = false;
|
2016-08-12 14:49:09 +00:00
|
|
|
|
2016-08-26 15:47:15 +00:00
|
|
|
// Always global handles.
|
2016-09-17 05:45:42 +00:00
|
|
|
Handle<FixedArray> id_map_;
|
2018-01-25 08:42:56 +00:00
|
|
|
MaybeHandle<SimpleNumberDictionary> array_buffer_transfer_map_;
|
2016-08-26 15:47:15 +00:00
|
|
|
|
2016-08-12 14:49:09 +00:00
|
|
|
DISALLOW_COPY_AND_ASSIGN(ValueDeserializer);
|
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace internal
|
|
|
|
} // namespace v8
|
|
|
|
|
|
|
|
#endif // V8_VALUE_SERIALIZER_H_
|