Commit Graph

26 Commits

Author SHA1 Message Date
jbroman
0004733c08 ValueSerializer: Add more checks before trying to allocate memory for a dense array.
Found with libfuzzer. The length is automatically converted to int (thus
large sizes could become negative, even though they are legal "array sizes").
Besides that, the length is coerced to a SMI (which is an even tighter
constraint on 32-bit systems, where it limits the legal sizes to 2^30 - 1).

Add checks that the length of a dense array is below that threshold, and also
fail fast if a length that is provided obviously could not be the correct dense
length (because there isn't enough data left in the buffer to populate such an
array).

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2399873002
Cr-Commit-Position: refs/heads/master@{#40094}
2016-10-07 17:53:23 +00:00
jbroman
e4cc955780 ValueSerializer: Check for no matching ArrayBufferView type being found.
Previously this would result in applying trying to find a size modulo zero,
which causes SIGFPE. This approach was preferred over adding a default case
to preserve the ability of the compiler to detect unhandled switch cases
(within the valid range of the enum).

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2395073003
Cr-Commit-Position: refs/heads/master@{#40088}
2016-10-07 13:15:07 +00:00
jbroman
5fa2734d39 ValueSerializer: Expose reading/writing doubles to embedder.
BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2386233002
Cr-Commit-Position: refs/heads/master@{#39955}
2016-10-04 13:44:41 +00:00
jbroman
2a46990587 Follow object map transitions when deserializing object properties.
Similar to json-parser.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2334353002
Cr-Commit-Position: refs/heads/master@{#39429}
2016-09-14 19:11:39 +00:00
jbroman
d825492bb6 Support delegating serialization of host objects.
This exposes an interface for the embedder to provide a delegate which can
serialize or deserialize embedder-specific objects, like Blink's DOM wrappers.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2327653002
Cr-Commit-Position: refs/heads/master@{#39422}
2016-09-14 16:42:07 +00:00
jbroman
ef94aab22f ValueSerializer: Take advantage of fast elements in dense array serialization.
This yields a ~5% serialization time improvement on typical JSON-esque data.
The approach taken matches json-stringifier fairly closely.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2311063004
Cr-Commit-Position: refs/heads/master@{#39254}
2016-09-07 15:23:33 +00:00
jbroman
5a97e95520 Handle errors in v8::ValueDeserializer by throwing exceptions.
This restores the contract that all API methods that return Maybe<T> or
MaybeLocal<T> always throw an exception when they return nothing.

Since v8::ValueDeserializer::ReadHeader can now throw exceptions, it
needs a Local<Context> parameter so that it can set up execution state
(entering the context, etc.). The old method has been marked for
deprecation, but since this API is experimental I intend to remove it
as soon as I've removed the use from Blink.

value-serializer-unittest has been updated to expect an exception in
all decode failure cases.

BUG=chromium:148757,chromium:641964

Review-Url: https://codereview.chromium.org/2308053002
Cr-Commit-Position: refs/heads/master@{#39188}
2016-09-06 03:24:53 +00:00
jbroman
e2361954e5 Blink-compatible serialization of SharedArrayBuffer.
BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2290753002
Cr-Commit-Position: refs/heads/master@{#39017}
2016-08-30 14:05:49 +00:00
jbroman
248f3dafd0 Blink-compatible serialization of array buffer views.
The format of this is a little strange, and has to do with the previous
implementation maintaining a "stack" of objects as it works. As a result,
the format writes the array buffer before giving any hint that the reason
for doing so is to obtain a view wrapping it. Handling this without creating
an explicit on-heap stack requires checking whether the next tag is 'V'
after obtaining an array buffer.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2287653002
Cr-Commit-Position: refs/heads/master@{#38984}
2016-08-29 14:51:49 +00:00
jbroman
864728085d Blink-compatible serialization of ArrayBuffer transfer.
The embedder is expected to arrange for the array buffer contents to be
transferred into a v8::ArrayBuffer in the receiving context (generally by
assuming ownership of the externalized backing store).

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2275033003
Cr-Commit-Position: refs/heads/master@{#38948}
2016-08-26 15:47:41 +00:00
jbroman
58cac6501f Add an experimental public API for value serialization.
Suitably scary warnings attached, as this will yet evolve (notably to handle
host objects, which are not currently handled).

Unit tests adjusted to use the public version of ValueSerializer, eliminating
any need they have to access v8::internal.

With this, Blink can begin using this code experimentally behind a flag as it
develops.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2274693002
Cr-Commit-Position: refs/heads/master@{#38915}
2016-08-25 16:00:25 +00:00
jbroman
2646749cbc Blink-compatible serialization of ArrayBuffer.
Transferral is not included in this CL, nor is SharedArrayBuffer.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2264403004
Cr-Commit-Position: refs/heads/master@{#38913}
2016-08-25 14:43:54 +00:00
jyan
54f5558d52 Implement Big-Endian eqv test for DecodeDate and DecodeValueObjects
R=jkummerow@chromium.org, jbroman@chromium.org
BUG=

Review-Url: https://codereview.chromium.org/2274173003
Cr-Commit-Position: refs/heads/master@{#38910}
2016-08-25 14:11:31 +00:00
jbroman
78131aa1d5 Blink-compatible serialization of Map and Set objects.
BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2269923004
Cr-Commit-Position: refs/heads/master@{#38871}
2016-08-24 15:58:55 +00:00
jbroman
c4874b2fef Blink-compatible serialization of RegExp objects.
BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2262013002
Cr-Commit-Position: refs/heads/master@{#38835}
2016-08-23 15:16:29 +00:00
jbroman
4dce969078 Blink-compatible serialization of Boolean, Number and String objects.
BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2265603002
Cr-Commit-Position: refs/heads/master@{#38830}
2016-08-23 14:33:05 +00:00
jbroman
cff8e03d4d Blink-compatible serialization of dates.
BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2255973005
Cr-Commit-Position: refs/heads/master@{#38795}
2016-08-22 17:14:58 +00:00
jbroman
20a8ef0b92 Blink-compatible deserialization of "version 0" sparse arrays.
Version 0 dense arrays cannot be deserialized by current Chromium, which
suggests that this is not necessary.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2256413002
Cr-Commit-Position: refs/heads/master@{#38754}
2016-08-19 13:40:14 +00:00
jbroman
2d3a53c9c8 Blink-compatible serialization of arrays, both dense and sparse.
The current "dense" format is not expressive enough to distinguish between
an element that is not defined and one that has the value "undefined",
but in this CL the existing behaviour of Blink is used for such cases.
Format changes to fix these issues could be made later on.

Not included in this CL is compatibility with version 0 arrays.
Those will be implemented in a separate CL.

BUG=chromium:148757

Committed: https://crrev.com/2e000127df2e88e31d352ef70af397741d1f2298
Review-Url: https://codereview.chromium.org/2259633002
Cr-Original-Commit-Position: refs/heads/master@{#38729}
Cr-Commit-Position: refs/heads/master@{#38732}
2016-08-18 22:30:44 +00:00
jbroman
255971d3ac Revert of Blink-compatible serialization of arrays, both dense and sparse. (patchset #6 id:100001 of https://codereview.chromium.org/2259633002/ )
Reason for revert:
Broke MIPS compile due to an uninitialization warning:

https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/3110/steps/compile/logs/stdio

Original issue's description:
> Blink-compatible serialization of arrays, both dense and sparse.
>
> The current "dense" format is not expressive enough to distinguish between
> an element that is not defined and one that has the value "undefined",
> but in this CL the existing behaviour of Blink is used for such cases.
> Format changes to fix these issues could be made later on.
>
> Not included in this CL is compatibility with version 0 arrays.
> Those will be implemented in a separate CL.
>
> BUG=chromium:148757
>
> Committed: https://crrev.com/2e000127df2e88e31d352ef70af397741d1f2298
> Cr-Commit-Position: refs/heads/master@{#38729}

TBR=jkummerow@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2255313002
Cr-Commit-Position: refs/heads/master@{#38730}
2016-08-18 19:58:46 +00:00
jbroman
2e000127df Blink-compatible serialization of arrays, both dense and sparse.
The current "dense" format is not expressive enough to distinguish between
an element that is not defined and one that has the value "undefined",
but in this CL the existing behaviour of Blink is used for such cases.
Format changes to fix these issues could be made later on.

Not included in this CL is compatibility with version 0 arrays.
Those will be implemented in a separate CL.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2259633002
Cr-Commit-Position: refs/heads/master@{#38729}
2016-08-18 18:47:19 +00:00
jbroman
058a7ee01e Blink-compatible deserialization of old object format.
The "version 0" format did not deal with references, and used a stack model to
deserialize objects (conceptually, a postorder tree traversal). This requires
an explicit stack, so special logic is added to decode this format.

All subsequent versions also put an object marker at the beginning, which is
equivalent to how the current version serializes.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2248893003
Cr-Commit-Position: refs/heads/master@{#38686}
2016-08-17 16:06:12 +00:00
jbroman
1031a79f60 Blink-compatible serialization of dictionary-like objects.
As part of this CL, object reference tracking is implemented (and tested with a
self-referential object). This sort of reference tracking will be shared with
other receivers (array, date, regexp and host objects).

Not included in this CL is compatibility with version-0 objects (which don't
support a non-tree object graph, and require a little stack to correctly
deserialize).

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2246093003
Cr-Commit-Position: refs/heads/master@{#38683}
2016-08-17 14:26:56 +00:00
jbroman
c5701e166e Blink-compatible serialization of strings.
This includes UTF-8 strings and two-byte strings, both length-delimited
(in bytes, not characters). Two-byte strings are written/read in host byte
order.

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2245753002
Cr-Commit-Position: refs/heads/master@{#38636}
2016-08-15 15:27:11 +00:00
jbroman
39bbb6f22a Blink-compatible serialization of numbers.
This includes unsigned integers (encoded as base-128 varints), signed integers
(ZigZag-encoded, then varint-encoded) and doubles (written in host byte order).

BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2232323004
Cr-Commit-Position: refs/heads/master@{#38630}
2016-08-15 01:00:31 +00:00
jbroman
e6d1a80e79 Blink-compatible serialization of oddball values.
BUG=chromium:148757

Review-Url: https://codereview.chromium.org/2232243003
Cr-Commit-Position: refs/heads/master@{#38625}
2016-08-12 14:49:23 +00:00