Sharing of SharedArrayBuffer via PostMessage transfer

Source/bindings/core/v8/ScriptValueSerializer.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "config.h"
 #include "bindings/core/v8/ScriptValueSerializer.h"
 
 #include "bindings/core/v8/V8ArrayBuffer.h"
 #include "bindings/core/v8/V8ArrayBufferView.h"
 #include "bindings/core/v8/V8Blob.h"
 #include "bindings/core/v8/V8CompositorProxy.h"
 #include "bindings/core/v8/V8File.h"
 #include "bindings/core/v8/V8FileList.h"
 #include "bindings/core/v8/V8ImageData.h"
 #include "bindings/core/v8/V8MessagePort.h"
+#include "bindings/core/v8/V8SharedArrayBuffer.h"
 #include "core/dom/CompositorProxy.h"
 #include "core/dom/DOMDataView.h"
+#include "core/dom/DOMSharedArrayBuffer.h"
+#include "core/dom/DOMTypedArray.h"
 #include "core/fileapi/Blob.h"
 #include "core/fileapi/File.h"
 #include "core/fileapi/FileList.h"
+#include "platform/RuntimeEnabledFeatures.h"
 #include "public/platform/Platform.h"
 #include "public/platform/WebBlobInfo.h"
 #include "wtf/DateMath.h"
 #include "wtf/text/StringHash.h"
 #include "wtf/text/StringUTF8Adaptor.h"
 
 // FIXME: consider crashing in debug mode on deserialization errors
 // NOTE: be sure to change wireFormatVersion as necessary!
 
 namespace blink {
@@ skipping 209 matching lines @@
 void SerializedScriptValueWriter::writeArrayBuffer(const DOMArrayBuffer& arrayBuffer)
 {
     append(ArrayBufferTag);
     doWriteArrayBuffer(arrayBuffer);
 }
 
 void SerializedScriptValueWriter::writeArrayBufferView(const DOMArrayBufferView& arrayBufferView)
 {
     append(ArrayBufferViewTag);
 #if ENABLE(ASSERT)
-    const DOMArrayBuffer& arrayBuffer = *arrayBufferView.buffer();
-    ASSERT(static_cast<const uint8_t*>(arrayBuffer.data()) + arrayBufferView.byteOffset() ==
+    ASSERT(static_cast<const uint8_t*>(arrayBufferView.bufferBase()->data()) + arrayBufferView.byteOffset() ==
         static_cast<const uint8_t*>(arrayBufferView.baseAddress()));
 #endif
     DOMArrayBufferView::ViewType type = arrayBufferView.type();
 
     switch (type) {
     case DOMArrayBufferView::TypeInt8:
         append(ByteArrayTag);
         break;
     case DOMArrayBufferView::TypeUint8Clamped:
         append(UnsignedByteClampedArrayTag);
@@ skipping 51 matching lines @@
     append(MessagePortTag);
     doWriteUint32(index);
 }
 
 void SerializedScriptValueWriter::writeTransferredArrayBuffer(uint32_t index)
 {
     append(ArrayBufferTransferTag);
     doWriteUint32(index);
 }
 
+void SerializedScriptValueWriter::writeTransferredSharedArrayBuffer(uint32_t index)
+{
+    ASSERT(RuntimeEnabledFeatures::sharedArrayBufferEnabled());
+    append(SharedArrayBufferTransferTag);
+    doWriteUint32(index);
+}
+
 void SerializedScriptValueWriter::writeObjectReference(uint32_t reference)
 {
     append(ObjectReferenceTag);
     doWriteUint32(reference);
 }
 
 void SerializedScriptValueWriter::writeObject(uint32_t numProperties)
 {
     append(ObjectTag);
     doWriteUint32(numProperties);
@@ skipping 287 matching lines @@
 {
     if (!impl)
         return v8::Local<v8::Object>();
     v8::Local<v8::Value> wrapper = toV8(impl, creationContext, isolate);
     if (wrapper.IsEmpty())
         return v8::Local<v8::Object>();
     ASSERT(wrapper->IsObject());
     return wrapper.As<v8::Object>();
 }
 
-static v8::Local<v8::ArrayBuffer> toV8Object(DOMArrayBuffer* impl, v8::Local<v8::Object> creationContext, v8::Isolate* isolate)
+static v8::Local<v8::Object> toV8Object(DOMArrayBufferBase* impl, v8::Local<v8::Object> creationContext, v8::Isolate* isolate)
 {
     if (!impl)
-        return v8::Local<v8::ArrayBuffer>();
+        return v8::Local<v8::Object>();
     v8::Local<v8::Value> wrapper = toV8(impl, creationContext, isolate);
     if (wrapper.IsEmpty())
-        return v8::Local<v8::ArrayBuffer>();
-    ASSERT(wrapper->IsArrayBuffer());
-    return wrapper.As<v8::ArrayBuffer>();
+        return v8::Local<v8::Object>();
+    return wrapper.As<v8::Object>();
 }
 
 // Returns true if the provided object is to be considered a 'host object', as used in the
 // HTML5 structured clone algorithm.
 static bool isHostObject(v8::Local<v8::Object> object)
 {
     // If the object has any internal fields, then we won't be able to serialize or deserialize
     // them; conveniently, this is also a quick way to detect DOM wrapper objects, because
     // the mechanism for these relies on data stored in these fields. We should
     // catch external array data as a special case.
@@ skipping 77 matching lines @@
         writeString(value);
     } else if (V8MessagePort::hasInstance(value, isolate())) {
         uint32_t messagePortIndex;
         if (m_transferredMessagePorts.tryGet(value.As<v8::Object>(), &messagePortIndex)) {
             m_writer.writeTransferredMessagePort(messagePortIndex);
         } else {
             return handleError(DataCloneError, "A MessagePort could not be cloned.", next);
         }
     } else if (V8ArrayBuffer::hasInstance(value, isolate()) && m_transferredArrayBuffers.tryGet(value.As<v8::Object>(), &arrayBufferIndex)) {
         return writeTransferredArrayBuffer(value, arrayBufferIndex, next);
+    } else if (V8SharedArrayBuffer::hasInstance(value, isolate()) && m_transferredArrayBuffers.tryGet(value.As<v8::Object>(), &arrayBufferIndex)) {
+        return writeTransferredSharedArrayBuffer(value, arrayBufferIndex, next);
     } else {
         v8::Local<v8::Object> jsObject = value.As<v8::Object>();
         if (jsObject.IsEmpty())
             return handleError(DataCloneError, "An object could not be cloned.", next);
         greyObject(jsObject);
         if (value->IsDate()) {
             m_writer.writeDate(value.As<v8::Date>()->ValueOf());
         } else if (value->IsStringObject()) {
             writeStringObject(value);
         } else if (value->IsNumberObject()) {
@@ skipping 214 matching lines @@
     v8::Local<v8::RegExp> regExp = value.As<v8::RegExp>();
     m_writer.writeRegExp(regExp->GetSource(), regExp->GetFlags());
 }
 
 ScriptValueSerializer::StateBase* ScriptValueSerializer::writeAndGreyArrayBufferView(v8::Local<v8::Object> object, ScriptValueSerializer::StateBase* next)
 {
     ASSERT(!object.IsEmpty());
     DOMArrayBufferView* arrayBufferView = V8ArrayBufferView::toImpl(object);
     if (!arrayBufferView)
         return 0;
-    if (!arrayBufferView->buffer())
+    if (!arrayBufferView->bufferBase())
         return handleError(DataCloneError, "An ArrayBuffer could not be cloned.", next);
-    v8::Local<v8::Value> underlyingBuffer = toV8(arrayBufferView->buffer(), m_scriptState->context()->Global(), isolate());
+    v8::Local<v8::Value> underlyingBuffer = toV8(arrayBufferView->bufferBase(), m_scriptState->context()->Global(), isolate());
     if (underlyingBuffer.IsEmpty())
         return handleError(DataCloneError, "An ArrayBuffer could not be cloned.", next);
     StateBase* stateOut = doSerializeArrayBuffer(underlyingBuffer, next);
     if (stateOut)
         return stateOut;
     m_writer.writeArrayBufferView(*arrayBufferView);
     // This should be safe: we serialize something that we know to be a wrapper (see
     // the toV8 call above), so the call to doSerializeArrayBuffer should neither
     // cause the system stack to overflow nor should it have potential to reach
     // this ArrayBufferView again.
@@ skipping 23 matching lines @@
 {
     DOMArrayBuffer* arrayBuffer = V8ArrayBuffer::toImpl(value.As<v8::Object>());
     if (!arrayBuffer)
         return 0;
     if (arrayBuffer->isNeutered())
         return handleError(DataCloneError, "An ArrayBuffer is neutered and could not be cloned.", next);
     m_writer.writeTransferredArrayBuffer(index);
     return 0;
 }
 
+ScriptValueSerializer::StateBase* ScriptValueSerializer::writeTransferredSharedArrayBuffer(v8::Local<v8::Value> value, uint32_t index, ScriptValueSerializer::StateBase* next)
+{
+    ASSERT(RuntimeEnabledFeatures::sharedArrayBufferEnabled());
+    DOMSharedArrayBuffer* sharedArrayBuffer = V8SharedArrayBuffer::toImpl(value.As<v8::Object>());
+    if (!sharedArrayBuffer)
+        return 0;
+    m_writer.writeTransferredSharedArrayBuffer(index);
+    return 0;
+}
+
 bool ScriptValueSerializer::shouldSerializeDensely(uint32_t length, uint32_t propertyCount)
 {
     // Let K be the cost of serializing all property values that are there
     // Cost of serializing sparsely: 5*propertyCount + K (5 bytes per uint32_t key)
     // Cost of serializing densely: K + 1*(length - propertyCount) (1 byte for all properties that are not there)
     // so densely is better than sparsly whenever 6*propertyCount > length
     return 6 * propertyCount >= length;
 }
 
 ScriptValueSerializer::StateBase* ScriptValueSerializer::startArrayState(v8::Local<v8::Array> array, ScriptValueSerializer::StateBase* next)
@@ skipping 298 matching lines @@
     case ArrayBufferTransferTag: {
         if (!m_version)
             return false;
         uint32_t index;
         if (!doReadUint32(&index))
             return false;
         if (!creator.tryGetTransferredArrayBuffer(index, value))
             return false;
         break;
     }
+    case SharedArrayBufferTransferTag: {
+        if (!m_version)
+            return false;
+        uint32_t index;
+        if (!doReadUint32(&index))
+            return false;
+        if (!creator.tryGetTransferredSharedArrayBuffer(index, value))
+            return false;
+        break;
+    }
     case ObjectReferenceTag: {
         if (!m_version)
             return false;
         uint32_t reference;
         if (!doReadUint32(&reference))
             return false;
         if (!creator.tryGetObjectFromObjectReference(reference, value))
             return false;
         break;
     }
@@ skipping 201 matching lines @@
         return false;
     *value = toV8(arrayBuffer.release(), m_scriptState->context()->Global(), isolate());
     return !value->IsEmpty();
 }
 
 bool SerializedScriptValueReader::readArrayBufferView(v8::Local<v8::Value>* value, ScriptValueCompositeCreator& creator)
 {
     ArrayBufferViewSubTag subTag;
     uint32_t byteOffset;
     uint32_t byteLength;
-    RefPtr<DOMArrayBuffer> arrayBuffer;
+    RefPtr<DOMArrayBufferBase> arrayBuffer;
     v8::Local<v8::Value> arrayBufferV8Value;
     if (!readArrayBufferViewSubTag(&subTag))
         return false;
     if (!doReadUint32(&byteOffset))
         return false;
     if (!doReadUint32(&byteLength))
         return false;
     if (!creator.consumeTopOfStack(&arrayBufferV8Value))
         return false;
     if (arrayBufferV8Value.IsEmpty())
         return false;
-    arrayBuffer = V8ArrayBuffer::toImpl(arrayBufferV8Value.As<v8::Object>());
-    if (!arrayBuffer)
-        return false;
+    if (arrayBufferV8Value->IsArrayBuffer()) {
+        arrayBuffer = V8ArrayBuffer::toImpl(arrayBufferV8Value.As<v8::Object>());
+        if (!arrayBuffer)
+            return false;
+    } else if (arrayBufferV8Value->IsSharedArrayBuffer()) {
+        arrayBuffer = V8SharedArrayBuffer::toImpl(arrayBufferV8Value.As<v8::Object>());
+        if (!arrayBuffer)
+            return false;
+    } else {
+        ASSERT_NOT_REACHED();
+    }
 
     // Check the offset, length and alignment.
     int elementByteSize;
     switch (subTag) {
     case ByteArrayTag:
         elementByteSize = sizeof(DOMInt8Array::ValueType);
         break;
     case UnsignedByteArrayTag:
         elementByteSize = sizeof(DOMUint8Array::ValueType);
         break;
@@ skipping 440 matching lines @@
         v8::Local<v8::Object> creationContext = m_reader.scriptState()->context()->Global();
         result = toV8(buffer.get(), creationContext, isolate);
         if (result.IsEmpty())
             return false;
         m_arrayBuffers[index] = result;
     }
     *object = result;
     return true;
 }
 
+bool ScriptValueDeserializer::tryGetTransferredSharedArrayBuffer(uint32_t index, v8::Local<v8::Value>* object)
+{
+    ASSERT(RuntimeEnabledFeatures::sharedArrayBufferEnabled());
+    if (!m_arrayBufferContents)
+        return false;
+    if (index >= m_arrayBuffers.size())
+        return false;
+    v8::Local<v8::Value> result = m_arrayBuffers.at(index);
+    if (result.IsEmpty()) {
+        RefPtr<DOMSharedArrayBuffer> buffer = DOMSharedArrayBuffer::create(m_arrayBufferContents->at(index));
+        v8::Isolate* isolate = m_reader.scriptState()->isolate();
+        v8::Local<v8::Object> creationContext = m_reader.scriptState()->context()->Global();
+        result = toV8(buffer.get(), creationContext, isolate);
+        if (result.IsEmpty())
+            return false;
+        m_arrayBuffers[index] = result;
+    }
+    *object = result;
+    return true;
+}
+
 bool ScriptValueDeserializer::tryGetObjectFromObjectReference(uint32_t reference, v8::Local<v8::Value>* object)
 {
     if (reference >= m_objectPool.size())
         return false;
     *object = m_objectPool[reference];
     return object;
 }
 
 uint32_t ScriptValueDeserializer::objectReferenceCount()
 {
@@ skipping 58 matching lines @@
         return false;
     uint32_t objectReference = m_openCompositeReferenceStack[m_openCompositeReferenceStack.size() - 1];
     m_openCompositeReferenceStack.shrink(m_openCompositeReferenceStack.size() - 1);
     if (objectReference >= m_objectPool.size())
         return false;
     *object = m_objectPool[objectReference];
     return true;
 }
 
 } // namespace blink