// Copyright (c) 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "content/renderer/pepper/v8_var_converter.h" #include <map> #include <stack> #include <string> #include "base/bind.h" #include "base/containers/hash_tables.h" #include "base/location.h" #include "base/logging.h" #include "base/memory/scoped_ptr.h" #include "content/public/renderer/renderer_ppapi_host.h" #include "content/renderer/pepper/host_array_buffer_var.h" #include "content/renderer/pepper/resource_converter.h" #include "ppapi/shared_impl/array_var.h" #include "ppapi/shared_impl/dictionary_var.h" #include "ppapi/shared_impl/var.h" #include "ppapi/shared_impl/var_tracker.h" #include "third_party/WebKit/public/platform/WebArrayBuffer.h" #include "third_party/WebKit/public/web/WebArrayBufferConverter.h" using ppapi::ArrayBufferVar; using ppapi::ArrayVar; using ppapi::DictionaryVar; using ppapi::ScopedPPVar; using ppapi::StringVar; using std::make_pair; namespace { template <class T> struct StackEntry { StackEntry(T v) : val(v), sentinel(false) {} T val; // Used to track parent nodes on the stack while traversing the graph. bool sentinel; }; struct HashedHandle { HashedHandle(v8::Handle<v8::Object> h) : handle(h) {} size_t hash() const { return handle->GetIdentityHash(); } bool operator==(const HashedHandle& h) const { return handle == h.handle; } bool operator<(const HashedHandle& h) const { return hash() < h.hash(); } v8::Handle<v8::Object> handle; }; } // namespace namespace BASE_HASH_NAMESPACE { #if defined(COMPILER_GCC) template <> struct hash<HashedHandle> { size_t operator()(const HashedHandle& handle) const { return handle.hash(); } }; #elif defined(COMPILER_MSVC) inline size_t hash_value(const HashedHandle& handle) { return handle.hash(); } #endif } // namespace BASE_HASH_NAMESPACE namespace content { namespace { // Maps PP_Var IDs to the V8 value handle they correspond to. typedef base::hash_map<int64_t, v8::Handle<v8::Value> > VarHandleMap; typedef base::hash_set<int64_t> ParentVarSet; // Maps V8 value handles to the PP_Var they correspond to. typedef base::hash_map<HashedHandle, ScopedPPVar> HandleVarMap; typedef base::hash_set<HashedHandle> ParentHandleSet; // Returns a V8 value which corresponds to a given PP_Var. If |var| is a // reference counted PP_Var type, and it exists in |visited_ids|, the V8 value // associated with it in the map will be returned, otherwise a new V8 value will // be created and added to the map. |did_create| indicates whether a new v8 // value was created as a result of calling the function. bool GetOrCreateV8Value(v8::Handle<v8::Context> context, const PP_Var& var, v8::Handle<v8::Value>* result, bool* did_create, VarHandleMap* visited_ids, ParentVarSet* parent_ids, ResourceConverter* resource_converter) { v8::Isolate* isolate = context->GetIsolate(); *did_create = false; if (ppapi::VarTracker::IsVarTypeRefcounted(var.type)) { if (parent_ids->count(var.value.as_id) != 0) return false; VarHandleMap::iterator it = visited_ids->find(var.value.as_id); if (it != visited_ids->end()) { *result = it->second; return true; } } switch (var.type) { case PP_VARTYPE_UNDEFINED: *result = v8::Undefined(isolate); break; case PP_VARTYPE_NULL: *result = v8::Null(isolate); break; case PP_VARTYPE_BOOL: *result = (var.value.as_bool == PP_TRUE) ? v8::True(isolate) : v8::False(isolate); break; case PP_VARTYPE_INT32: *result = v8::Integer::New(isolate, var.value.as_int); break; case PP_VARTYPE_DOUBLE: *result = v8::Number::New(isolate, var.value.as_double); break; case PP_VARTYPE_STRING: { StringVar* string = StringVar::FromPPVar(var); if (!string) { NOTREACHED(); result->Clear(); return false; } const std::string& value = string->value(); // Create a string primitive rather than a string object. This is lossy // in the sense that string primitives in JavaScript can't be referenced // in the same way that string vars can in pepper. But that information // isn't very useful and primitive strings are a more expected form in JS. *result = v8::String::NewFromUtf8( isolate, value.c_str(), v8::String::kNormalString, value.size()); break; } case PP_VARTYPE_ARRAY_BUFFER: { ArrayBufferVar* buffer = ArrayBufferVar::FromPPVar(var); if (!buffer) { NOTREACHED(); result->Clear(); return false; } HostArrayBufferVar* host_buffer = static_cast<HostArrayBufferVar*>(buffer); *result = blink::WebArrayBufferConverter::toV8Value( &host_buffer->webkit_buffer(), context->Global(), isolate); break; } case PP_VARTYPE_ARRAY: *result = v8::Array::New(isolate); break; case PP_VARTYPE_DICTIONARY: *result = v8::Object::New(isolate); break; case PP_VARTYPE_OBJECT: result->Clear(); return false; case PP_VARTYPE_RESOURCE: if (!resource_converter->ToV8Value(var, context, result)) { result->Clear(); return false; } break; } *did_create = true; if (ppapi::VarTracker::IsVarTypeRefcounted(var.type)) (*visited_ids)[var.value.as_id] = *result; return true; } // For a given V8 value handle, this returns a PP_Var which corresponds to it. // If the handle already exists in |visited_handles|, the PP_Var associated with // it will be returned, otherwise a new V8 value will be created and added to // the map. |did_create| indicates if a new PP_Var was created as a result of // calling the function. bool GetOrCreateVar(v8::Handle<v8::Value> val, v8::Handle<v8::Context> context, PP_Var* result, bool* did_create, HandleVarMap* visited_handles, ParentHandleSet* parent_handles, ResourceConverter* resource_converter) { CHECK(!val.IsEmpty()); *did_create = false; // Even though every v8 string primitive encountered will be a unique object, // we still add them to |visited_handles| so that the corresponding string // PP_Var created will be properly refcounted. if (val->IsObject() || val->IsString()) { if (parent_handles->count(HashedHandle(val->ToObject())) != 0) return false; HandleVarMap::const_iterator it = visited_handles->find(HashedHandle(val->ToObject())); if (it != visited_handles->end()) { *result = it->second.get(); return true; } } if (val->IsUndefined()) { *result = PP_MakeUndefined(); } else if (val->IsNull()) { *result = PP_MakeNull(); } else if (val->IsBoolean() || val->IsBooleanObject()) { *result = PP_MakeBool(PP_FromBool(val->ToBoolean()->Value())); } else if (val->IsInt32()) { *result = PP_MakeInt32(val->ToInt32()->Value()); } else if (val->IsNumber() || val->IsNumberObject()) { *result = PP_MakeDouble(val->ToNumber()->Value()); } else if (val->IsString() || val->IsStringObject()) { v8::String::Utf8Value utf8(val->ToString()); *result = StringVar::StringToPPVar(std::string(*utf8, utf8.length())); } else if (val->IsArray()) { *result = (new ArrayVar())->GetPPVar(); } else if (val->IsObject()) { scoped_ptr<blink::WebArrayBuffer> web_array_buffer( blink::WebArrayBufferConverter::createFromV8Value( val, context->GetIsolate())); if (web_array_buffer.get()) { scoped_refptr<HostArrayBufferVar> buffer_var( new HostArrayBufferVar(*web_array_buffer)); *result = buffer_var->GetPPVar(); } else { bool was_resource; if (!resource_converter->FromV8Value( val->ToObject(), context, result, &was_resource)) return false; if (!was_resource) { *result = (new DictionaryVar())->GetPPVar(); } } } else { // Silently ignore the case where we can't convert to a Var as we may // be trying to convert a type that doesn't have a corresponding // PP_Var type. return true; } *did_create = true; if (val->IsObject() || val->IsString()) { visited_handles->insert( make_pair(HashedHandle(val->ToObject()), ScopedPPVar(ScopedPPVar::PassRef(), *result))); } return true; } bool CanHaveChildren(PP_Var var) { return var.type == PP_VARTYPE_ARRAY || var.type == PP_VARTYPE_DICTIONARY; } } // namespace V8VarConverter::V8VarConverter(PP_Instance instance) : message_loop_proxy_(base::MessageLoopProxy::current()) { resource_converter_.reset(new ResourceConverterImpl( instance, RendererPpapiHost::GetForPPInstance(instance))); } V8VarConverter::V8VarConverter(PP_Instance instance, scoped_ptr<ResourceConverter> resource_converter) : message_loop_proxy_(base::MessageLoopProxy::current()), resource_converter_(resource_converter.release()) {} V8VarConverter::~V8VarConverter() {} // To/FromV8Value use a stack-based DFS search to traverse V8/Var graph. Each // iteration, the top node on the stack examined. If the node has not been // visited yet (i.e. sentinel == false) then it is added to the list of parents // which contains all of the nodes on the path from the start node to the // current node. Each of the current nodes children are examined. If they appear // in the list of parents it means we have a cycle and we return NULL. // Otherwise, if they can have children, we add them to the stack. If the // node at the top of the stack has already been visited, then we pop it off the // stack and erase it from the list of parents. // static bool V8VarConverter::ToV8Value(const PP_Var& var, v8::Handle<v8::Context> context, v8::Handle<v8::Value>* result) { v8::Context::Scope context_scope(context); v8::Isolate* isolate = context->GetIsolate(); v8::EscapableHandleScope handle_scope(isolate); VarHandleMap visited_ids; ParentVarSet parent_ids; std::stack<StackEntry<PP_Var> > stack; stack.push(StackEntry<PP_Var>(var)); v8::Local<v8::Value> root; bool is_root = true; while (!stack.empty()) { const PP_Var& current_var = stack.top().val; v8::Handle<v8::Value> current_v8; if (stack.top().sentinel) { stack.pop(); if (CanHaveChildren(current_var)) parent_ids.erase(current_var.value.as_id); continue; } else { stack.top().sentinel = true; } bool did_create = false; if (!GetOrCreateV8Value(context, current_var, ¤t_v8, &did_create, &visited_ids, &parent_ids, resource_converter_.get())) { return false; } if (is_root) { is_root = false; root = current_v8; } // Add child nodes to the stack. if (current_var.type == PP_VARTYPE_ARRAY) { parent_ids.insert(current_var.value.as_id); ArrayVar* array_var = ArrayVar::FromPPVar(current_var); if (!array_var) { NOTREACHED(); return false; } DCHECK(current_v8->IsArray()); v8::Handle<v8::Array> v8_array = current_v8.As<v8::Array>(); for (size_t i = 0; i < array_var->elements().size(); ++i) { const PP_Var& child_var = array_var->elements()[i].get(); v8::Handle<v8::Value> child_v8; if (!GetOrCreateV8Value(context, child_var, &child_v8, &did_create, &visited_ids, &parent_ids, resource_converter_.get())) { return false; } if (did_create && CanHaveChildren(child_var)) stack.push(child_var); v8::TryCatch try_catch; v8_array->Set(static_cast<uint32>(i), child_v8); if (try_catch.HasCaught()) { LOG(ERROR) << "Setter for index " << i << " threw an exception."; return false; } } } else if (current_var.type == PP_VARTYPE_DICTIONARY) { parent_ids.insert(current_var.value.as_id); DictionaryVar* dict_var = DictionaryVar::FromPPVar(current_var); if (!dict_var) { NOTREACHED(); return false; } DCHECK(current_v8->IsObject()); v8::Handle<v8::Object> v8_object = current_v8->ToObject(); for (DictionaryVar::KeyValueMap::const_iterator iter = dict_var->key_value_map().begin(); iter != dict_var->key_value_map().end(); ++iter) { const std::string& key = iter->first; const PP_Var& child_var = iter->second.get(); v8::Handle<v8::Value> child_v8; if (!GetOrCreateV8Value(context, child_var, &child_v8, &did_create, &visited_ids, &parent_ids, resource_converter_.get())) { return false; } if (did_create && CanHaveChildren(child_var)) stack.push(child_var); v8::TryCatch try_catch; v8_object->Set( v8::String::NewFromUtf8( isolate, key.c_str(), v8::String::kNormalString, key.length()), child_v8); if (try_catch.HasCaught()) { LOG(ERROR) << "Setter for property " << key.c_str() << " threw an " << "exception."; return false; } } } } *result = handle_scope.Escape(root); return true; } V8VarConverter::VarResult V8VarConverter::FromV8Value( v8::Handle<v8::Value> val, v8::Handle<v8::Context> context, const base::Callback<void(const ScopedPPVar&, bool)>& callback) { VarResult result; result.success = FromV8ValueInternal(val, context, &result.var); if (!result.success) resource_converter_->Reset(); result.completed_synchronously = !resource_converter_->NeedsFlush(); if (!result.completed_synchronously) resource_converter_->Flush(base::Bind(callback, result.var)); return result; } bool V8VarConverter::FromV8ValueSync( v8::Handle<v8::Value> val, v8::Handle<v8::Context> context, ppapi::ScopedPPVar* result_var) { bool success = FromV8ValueInternal(val, context, result_var); if (!success || resource_converter_->NeedsFlush()) { resource_converter_->Reset(); return false; } return true; } bool V8VarConverter::FromV8ValueInternal( v8::Handle<v8::Value> val, v8::Handle<v8::Context> context, ppapi::ScopedPPVar* result_var) { v8::Context::Scope context_scope(context); v8::HandleScope handle_scope(context->GetIsolate()); HandleVarMap visited_handles; ParentHandleSet parent_handles; std::stack<StackEntry<v8::Handle<v8::Value> > > stack; stack.push(StackEntry<v8::Handle<v8::Value> >(val)); ScopedPPVar root; *result_var = PP_MakeUndefined(); bool is_root = true; while (!stack.empty()) { v8::Handle<v8::Value> current_v8 = stack.top().val; PP_Var current_var; if (stack.top().sentinel) { stack.pop(); if (current_v8->IsObject()) parent_handles.erase(HashedHandle(current_v8->ToObject())); continue; } else { stack.top().sentinel = true; } bool did_create = false; if (!GetOrCreateVar(current_v8, context, ¤t_var, &did_create, &visited_handles, &parent_handles, resource_converter_.get())) { return false; } if (is_root) { is_root = false; root = current_var; } // Add child nodes to the stack. if (current_var.type == PP_VARTYPE_ARRAY) { DCHECK(current_v8->IsArray()); v8::Handle<v8::Array> v8_array = current_v8.As<v8::Array>(); parent_handles.insert(HashedHandle(v8_array)); ArrayVar* array_var = ArrayVar::FromPPVar(current_var); if (!array_var) { NOTREACHED(); return false; } for (uint32 i = 0; i < v8_array->Length(); ++i) { v8::TryCatch try_catch; v8::Handle<v8::Value> child_v8 = v8_array->Get(i); if (try_catch.HasCaught()) return false; if (!v8_array->HasRealIndexedProperty(i)) continue; PP_Var child_var; if (!GetOrCreateVar(child_v8, context, &child_var, &did_create, &visited_handles, &parent_handles, resource_converter_.get())) { return false; } if (did_create && child_v8->IsObject()) stack.push(child_v8); array_var->Set(i, child_var); } } else if (current_var.type == PP_VARTYPE_DICTIONARY) { DCHECK(current_v8->IsObject()); v8::Handle<v8::Object> v8_object = current_v8->ToObject(); parent_handles.insert(HashedHandle(v8_object)); DictionaryVar* dict_var = DictionaryVar::FromPPVar(current_var); if (!dict_var) { NOTREACHED(); return false; } v8::Handle<v8::Array> property_names(v8_object->GetOwnPropertyNames()); for (uint32 i = 0; i < property_names->Length(); ++i) { v8::Handle<v8::Value> key(property_names->Get(i)); // Extend this test to cover more types as necessary and if sensible. if (!key->IsString() && !key->IsNumber()) { NOTREACHED() << "Key \"" << *v8::String::Utf8Value(key) << "\" " "is neither a string nor a number"; return false; } // Skip all callbacks: crbug.com/139933 if (v8_object->HasRealNamedCallbackProperty(key->ToString())) continue; v8::String::Utf8Value name_utf8(key->ToString()); v8::TryCatch try_catch; v8::Handle<v8::Value> child_v8 = v8_object->Get(key); if (try_catch.HasCaught()) return false; PP_Var child_var; if (!GetOrCreateVar(child_v8, context, &child_var, &did_create, &visited_handles, &parent_handles, resource_converter_.get())) { return false; } if (did_create && child_v8->IsObject()) stack.push(child_v8); bool success = dict_var->SetWithStringKey( std::string(*name_utf8, name_utf8.length()), child_var); DCHECK(success); } } } *result_var = root; return true; } } // namespace content