[ViewVC] Annotation of: cvs/CBOR-XS/README

NAME
    CBOR::XS - Concise Binary Object Representation (CBOR, RFC7049)

SYNOPSIS
     use CBOR::XS;

     $binary_cbor_data = encode_cbor $perl_value;
     $perl_value       = decode_cbor $binary_cbor_data;

     # OO-interface

     $coder = CBOR::XS->new;
     $binary_cbor_data = $coder->encode ($perl_value);
     $perl_value       = $coder->decode ($binary_cbor_data);

     # prefix decoding

     my $many_cbor_strings = ...;
     while (length $many_cbor_strings) {
        my ($data, $length) = $cbor->decode_prefix ($many_cbor_strings);
        # data was decoded
        substr $many_cbor_strings, 0, $length, ""; # remove decoded cbor string
     }

DESCRIPTION
    WARNING! This module is very new, and not very well tested (that's up to
    you to do). Furthermore, details of the implementation might change
    freely before version 1.0. And lastly, the object serialisation protocol
    depends on a pending IANA assignment, and until that assignment is
    official, this implementation is not interoperable with other
    implementations (even future versions of this module) until the
    assignment is done.

    You are still invited to try out CBOR, and this module.

    This module converts Perl data structures to the Concise Binary Object
    Representation (CBOR) and vice versa. CBOR is a fast binary
    serialisation format that aims to use a superset of the JSON data model,
    i.e. when you can represent something in JSON, you should be able to
    represent it in CBOR.

    In short, CBOR is a faster and very compact binary alternative to JSON,
    with the added ability of supporting serialisation of Perl objects.

    The primary goal of this module is to be *correct* and the secondary
    goal is to be *fast*. To reach the latter goal it was written in C.

    See MAPPING, below, on how CBOR::XS maps perl values to CBOR values and
    vice versa.

FUNCTIONAL INTERFACE
    The following convenience methods are provided by this module. They are
    exported by default:

    $cbor_data = encode_cbor $perl_scalar
        Converts the given Perl data structure to CBOR representation.
        Croaks on error.

    $perl_scalar = decode_cbor $cbor_data
        The opposite of "encode_cbor": expects a valid CBOR string to parse,
        returning the resulting perl scalar. Croaks on error.

OBJECT-ORIENTED INTERFACE
    The object oriented interface lets you configure your own encoding or
    decoding style, within the limits of supported formats.

    $cbor = new CBOR::XS
        Creates a new CBOR::XS object that can be used to de/encode CBOR
        strings. All boolean flags described below are by default
        *disabled*.

        The mutators for flags all return the CBOR object again and thus
        calls can be chained:

        #TODO my $cbor = CBOR::XS->new->encode ({a => [1,2]});

    $cbor = $cbor->max_depth ([$maximum_nesting_depth])
    $max_depth = $cbor->get_max_depth
        Sets the maximum nesting level (default 512) accepted while encoding
        or decoding. If a higher nesting level is detected in CBOR data or a
        Perl data structure, then the encoder and decoder will stop and
        croak at that point.

        Nesting level is defined by number of hash- or arrayrefs that the
        encoder needs to traverse to reach a given point or the number of
        "{" or "[" characters without their matching closing parenthesis
        crossed to reach a given character in a string.

        Setting the maximum depth to one disallows any nesting, so that
        ensures that the object is only a single hash/object or array.

        If no argument is given, the highest possible setting will be used,
        which is rarely useful.

        Note that nesting is implemented by recursion in C. The default
        value has been chosen to be as large as typical operating systems
        allow without crashing.

        See SECURITY CONSIDERATIONS, below, for more info on why this is
        useful.

    $cbor = $cbor->max_size ([$maximum_string_size])
    $max_size = $cbor->get_max_size
        Set the maximum length a CBOR string may have (in bytes) where
        decoding is being attempted. The default is 0, meaning no limit.
        When "decode" is called on a string that is longer then this many
        bytes, it will not attempt to decode the string but throw an
        exception. This setting has no effect on "encode" (yet).

        If no argument is given, the limit check will be deactivated (same
        as when 0 is specified).

        See SECURITY CONSIDERATIONS, below, for more info on why this is
        useful.

    $cbor_data = $cbor->encode ($perl_scalar)
        Converts the given Perl data structure (a scalar value) to its CBOR
        representation.

    $perl_scalar = $cbor->decode ($cbor_data)
        The opposite of "encode": expects CBOR data and tries to parse it,
        returning the resulting simple scalar or reference. Croaks on error.

    ($perl_scalar, $octets) = $cbor->decode_prefix ($cbor_data)
        This works like the "decode" method, but instead of raising an
        exception when there is trailing garbage after the CBOR string, it
        will silently stop parsing there and return the number of characters
        consumed so far.

        This is useful if your CBOR texts are not delimited by an outer
        protocol and you need to know where the first CBOR string ends amd
        the next one starts.

           CBOR::XS->new->decode_prefix ("......")
           => ("...", 3)

MAPPING
    This section describes how CBOR::XS maps Perl values to CBOR values and
    vice versa. These mappings are designed to "do the right thing" in most
    circumstances automatically, preserving round-tripping characteristics
    (what you put in comes out as something equivalent).

    For the more enlightened: note that in the following descriptions,
    lowercase *perl* refers to the Perl interpreter, while uppercase *Perl*
    refers to the abstract Perl language itself.

  CBOR -> PERL
    integers
        CBOR integers become (numeric) perl scalars. On perls without 64 bit
        support, 64 bit integers will be truncated or otherwise corrupted.

    byte strings
        Byte strings will become octet strings in Perl (the byte values
        0..255 will simply become characters of the same value in Perl).

    UTF-8 strings
        UTF-8 strings in CBOR will be decoded, i.e. the UTF-8 octets will be
        decoded into proper Unicode code points. At the moment, the validity
        of the UTF-8 octets will not be validated - corrupt input will
        result in corrupted Perl strings.

    arrays, maps
        CBOR arrays and CBOR maps will be converted into references to a
        Perl array or hash, respectively. The keys of the map will be
        stringified during this process.

    null
        CBOR null becomes "undef" in Perl.

    true, false, undefined
        These CBOR values become "Types:Serialiser::true",
        "Types:Serialiser::false" and "Types::Serialiser::error",
        respectively. They are overloaded to act almost exactly like the
        numbers 1 and 0 (for true and false) or to throw an exception on
        access (for error). See the Types::Serialiser manpage for details.

    CBOR tag 256 (perl object)
        The tag value 256 (TODO: pending iana registration) will be used to
        deserialise a Perl object serialised with "FREEZE". See "OBJECT
        SERIALISATION", below, for details.

    CBOR tag 55799 (magic header)
        The tag 55799 is ignored (this tag implements the magic header).

    other CBOR tags
        Tagged items consists of a numeric tag and another CBOR value. Tags
        not handled internally are currently converted into a
        CBOR::XS::Tagged object, which is simply a blessed array reference
        consisting of the numeric tag value followed by the (decoded) CBOR
        value.

        In the future, support for user-supplied conversions might get
        added.

    anything else
        Anything else (e.g. unsupported simple values) will raise a decoding
        error.

  PERL -> CBOR
    The mapping from Perl to CBOR is slightly more difficult, as Perl is a
    truly typeless language, so we can only guess which CBOR type is meant
    by a Perl value.

    hash references
        Perl hash references become CBOR maps. As there is no inherent
        ordering in hash keys (or CBOR maps), they will usually be encoded
        in a pseudo-random order.

        Currently, tied hashes will use the indefinite-length format, while
        normal hashes will use the fixed-length format.

    array references
        Perl array references become fixed-length CBOR arrays.

    other references
        Other unblessed references are generally not allowed and will cause
        an exception to be thrown, except for references to the integers 0
        and 1, which get turned into false and true in CBOR.

    CBOR::XS::Tagged objects
        Objects of this type must be arrays consisting of a single "[tag,
        value]" pair. The (numerical) tag will be encoded as a CBOR tag, the
        value will be encoded as appropriate for the value.

    Types::Serialiser::true, Types::Serialiser::false,
    Types::Serialiser::error
        These special values become CBOR true, CBOR false and CBOR undefined
        values, respectively. You can also use "\1", "\0" and "\undef"
        directly if you want.

    other blessed objects
        Other blessed objects are serialised via "TO_CBOR" or "FREEZE". See
        "OBJECT SERIALISATION", below, for details.

    simple scalars
        TODO Simple Perl scalars (any scalar that is not a reference) are
        the most difficult objects to encode: CBOR::XS will encode undefined
        scalars as CBOR null values, scalars that have last been used in a
        string context before encoding as CBOR strings, and anything else as
        number value:

           # dump as number
           encode_cbor [2]                      # yields [2]
           encode_cbor [-3.0e17]                # yields [-3e+17]
           my $value = 5; encode_cbor [$value]  # yields [5]

           # used as string, so dump as string
           print $value;
           encode_cbor [$value]                 # yields ["5"]

           # undef becomes null
           encode_cbor [undef]                  # yields [null]

        You can force the type to be a CBOR string by stringifying it:

           my $x = 3.1; # some variable containing a number
           "$x";        # stringified
           $x .= "";    # another, more awkward way to stringify
           print $x;    # perl does it for you, too, quite often

        You can force the type to be a CBOR number by numifying it:

           my $x = "3"; # some variable containing a string
           $x += 0;     # numify it, ensuring it will be dumped as a number
           $x *= 1;     # same thing, the choice is yours.

        You can not currently force the type in other, less obscure, ways.
        Tell me if you need this capability (but don't forget to explain why
        it's needed :).

        Perl values that seem to be integers generally use the shortest
        possible representation. Floating-point values will use either the
        IEEE single format if possible without loss of precision, otherwise
        the IEEE double format will be used. Perls that use formats other
        than IEEE double to represent numerical values are supported, but
        might suffer loss of precision.

  OBJECT SERIALISATION
    This module knows two way to serialise a Perl object: The CBOR-specific
    way, and the generic way.

    Whenever the encoder encounters a Perl object that it cnanot serialise
    directly (most of them), it will first look up the "TO_CBOR" method on
    it.

    If it has a "TO_CBOR" method, it will call it with the object as only
    argument, and expects exactly one return value, which it will then
    substitute and encode it in the place of the object.

    Otherwise, it will look up the "FREEZE" method. If it exists, it will
    call it with the object as first argument, and the constant string
    "CBOR" as the second argument, to distinguish it from other serialisers.

    The "FREEZE" method can return any number of values (i.e. zero or more).
    These will be encoded as CBOR perl object, together with the classname.

    If an object supports neither "TO_CBOR" nor "FREEZE", encoding will fail
    with an error.

    Objects encoded via "TO_CBOR" cannot be automatically decoded, but
    objects encoded via "FREEZE" can be decoded using the following
    protocol:

    When an encoded CBOR perl object is encountered by the decoder, it will
    look up the "THAW" method, by using the stored classname, and will fail
    if the method cannot be found.

    After the lookup it will call the "THAW" method with the stored
    classname as first argument, the constant string "CBOR" as second
    argument, and all values returned by "FREEZE" as remaining arguments.

   EXAMPLES
    Here is an example "TO_CBOR" method:

       sub My::Object::TO_CBOR {
          my ($obj) = @_;

          ["this is a serialised My::Object object", $obj->{id}]
       }

    When a "My::Object" is encoded to CBOR, it will instead encode a simple
    array with two members: a string, and the "object id". Decoding this
    CBOR string will yield a normal perl array reference in place of the
    object.

    A more useful and practical example would be a serialisation method for
    the URI module. CBOR has a custom tag value for URIs, namely 32:

      sub URI::TO_CBOR {
         my ($self) = @_;
         my $uri = "$self"; # stringify uri
         utf8::upgrade $uri; # make sure it will be encoded as UTF-8 string
         CBOR::XS::tagged 32, "$_[0]"
      }

    This will encode URIs as a UTF-8 string with tag 32, which indicates an
    URI.

    Decoding such an URI will not (currently) give you an URI object, but
    instead a CBOR::XS::Tagged object with tag number 32 and the string -
    exactly what was returned by "TO_CBOR".

    To serialise an object so it can automatically be deserialised, you need
    to use "FREEZE" and "THAW". To take the URI module as example, this
    would be a possible implementation:

       sub URI::FREEZE {
          my ($self, $serialiser) = @_;
          "$self" # encode url string
       }

       sub URI::THAW {
          my ($class, $serialiser, $uri) = @_;

          $class->new ($uri)
       }

    Unlike "TO_CBOR", multiple values can be returned by "FREEZE". For
    example, a "FREEZE" method that returns "type", "id" and "variant"
    values would cause an invocation of "THAW" with 5 arguments:

       sub My::Object::FREEZE {
          my ($self, $serialiser) = @_;

          ($self->{type}, $self->{id}, $self->{variant})
       }

       sub My::Object::THAW {
          my ($class, $serialiser, $type, $id, $variant) = @_;

          $class-<new (type => $type, id => $id, variant => $variant)
       }

MAGIC HEADER
    There is no way to distinguish CBOR from other formats programmatically.
    To make it easier to distinguish CBOR from other formats, the CBOR
    specification has a special "magic string" that can be prepended to any
    CBOR string without changing it's meaning.

    This string is available as $CBOR::XS::MAGIC. This module does not
    prepend this string tot he CBOR data it generates, but it will ignroe it
    if present, so users can prepend this string as a "file type" indicator
    as required.

CBOR and JSON
    CBOR is supposed to implement a superset of the JSON data model, and is,
    with some coercion, able to represent all JSON texts (something that
    other "binary JSON" formats such as BSON generally do not support).

    CBOR implements some extra hints and support for JSON interoperability,
    and the spec offers further guidance for conversion between CBOR and
    JSON. None of this is currently implemented in CBOR, and the guidelines
    in the spec do not result in correct round-tripping of data. If JSON
    interoperability is improved in the future, then the goal will be to
    ensure that decoded JSON data will round-trip encoding and decoding to
    CBOR intact.

SECURITY CONSIDERATIONS
    When you are using CBOR in a protocol, talking to untrusted potentially
    hostile creatures requires relatively few measures.

    First of all, your CBOR decoder should be secure, that is, should not
    have any buffer overflows. Obviously, this module should ensure that and
    I am trying hard on making that true, but you never know.

    Second, you need to avoid resource-starving attacks. That means you
    should limit the size of CBOR data you accept, or make sure then when
    your resources run out, that's just fine (e.g. by using a separate
    process that can crash safely). The size of a CBOR string in octets is
    usually a good indication of the size of the resources required to
    decode it into a Perl structure. While CBOR::XS can check the size of
    the CBOR text, it might be too late when you already have it in memory,
    so you might want to check the size before you accept the string.

    Third, CBOR::XS recurses using the C stack when decoding objects and
    arrays. The C stack is a limited resource: for instance, on my amd64
    machine with 8MB of stack size I can decode around 180k nested arrays
    but only 14k nested CBOR objects (due to perl itself recursing deeply on
    croak to free the temporary). If that is exceeded, the program crashes.
    To be conservative, the default nesting limit is set to 512. If your
    process has a smaller stack, you should adjust this setting accordingly
    with the "max_depth" method.

    Something else could bomb you, too, that I forgot to think of. In that
    case, you get to keep the pieces. I am always open for hints, though...

    Also keep in mind that CBOR::XS might leak contents of your Perl data
    structures in its error messages, so when you serialise sensitive
    information you might want to make sure that exceptions thrown by
    CBOR::XS will not end up in front of untrusted eyes.

CBOR IMPLEMENTATION NOTES
    This section contains some random implementation notes. They do not
    describe guaranteed behaviour, but merely behaviour as-is implemented
    right now.

    64 bit integers are only properly decoded when Perl was built with 64
    bit support.

    Strings and arrays are encoded with a definite length. Hashes as well,
    unless they are tied (or otherwise magical).

    Only the double data type is supported for NV data types - when Perl
    uses long double to represent floating point values, they might not be
    encoded properly. Half precision types are accepted, but not encoded.

    Strict mode and canonical mode are not implemented.

THREADS
    This module is *not* guaranteed to be thread safe and there are no plans
    to change this until Perl gets thread support (as opposed to the
    horribly slow so-called "threads" which are simply slow and bloated
    process simulations - use fork, it's *much* faster, cheaper, better).

    (It might actually work, but you have been warned).

BUGS
    While the goal of this module is to be correct, that unfortunately does
    not mean it's bug-free, only that I think its design is bug-free. If you
    keep reporting bugs they will be fixed swiftly, though.

    Please refrain from using rt.cpan.org or any other bug reporting
    service. I put the contact address into my modules for a reason.

SEE ALSO
    The JSON and JSON::XS modules that do similar, but human-readable,
    serialisation.

    The Types::Serialiser module provides the data model for true, false and
    error values.

AUTHOR
     Marc Lehmann <schmorp@schmorp.de>
     http://home.schmorp.de/

Revision:	1.6
Committed:	Mon Oct 28 21:28:14 2013 UTC (10 years, 6 months ago) by root
Branch:	MAIN
CVS Tags:	rel-0_05
Changes since 1.5:	+11 -5 lines
Log Message:	0.05
#	User	Rev	Content
1	root	1.2	NAME
2			CBOR::XS - Concise Binary Object Representation (CBOR, RFC7049)
3
4			SYNOPSIS
5			use CBOR::XS;
6
7			$binary_cbor_data = encode_cbor $perl_value;
8			$perl_value = decode_cbor $binary_cbor_data;
9
10			# OO-interface
11
12			$coder = CBOR::XS->new;
13	root	1.5	$binary_cbor_data = $coder->encode ($perl_value);
14			$perl_value = $coder->decode ($binary_cbor_data);
15
16			# prefix decoding
17
18			my $many_cbor_strings = ...;
19			while (length $many_cbor_strings) {
20			my ($data, $length) = $cbor->decode_prefix ($many_cbor_strings);
21			# data was decoded
22			substr $many_cbor_strings, 0, $length, ""; # remove decoded cbor string
23			}
24	root	1.2
25			DESCRIPTION
26	root	1.6	WARNING! This module is very new, and not very well tested (that's up to
27			you to do). Furthermore, details of the implementation might change
28			freely before version 1.0. And lastly, the object serialisation protocol
29			depends on a pending IANA assignment, and until that assignment is
30			official, this implementation is not interoperable with other
31			implementations (even future versions of this module) until the
32			assignment is done.
33
34			You are still invited to try out CBOR, and this module.
35	root	1.2
36	root	1.4	This module converts Perl data structures to the Concise Binary Object
37			Representation (CBOR) and vice versa. CBOR is a fast binary
38			serialisation format that aims to use a superset of the JSON data model,
39			i.e. when you can represent something in JSON, you should be able to
40			represent it in CBOR.
41
42	root	1.6	In short, CBOR is a faster and very compact binary alternative to JSON,
43			with the added ability of supporting serialisation of Perl objects.
44	root	1.4
45			The primary goal of this module is to be correct and the secondary
46			goal is to be fast. To reach the latter goal it was written in C.
47	root	1.2
48			See MAPPING, below, on how CBOR::XS maps perl values to CBOR values and
49			vice versa.
50
51			FUNCTIONAL INTERFACE
52			The following convenience methods are provided by this module. They are
53			exported by default:
54
55			$cbor_data = encode_cbor $perl_scalar
56			Converts the given Perl data structure to CBOR representation.
57			Croaks on error.
58
59			$perl_scalar = decode_cbor $cbor_data
60			The opposite of "encode_cbor": expects a valid CBOR string to parse,
61			returning the resulting perl scalar. Croaks on error.
62
63			OBJECT-ORIENTED INTERFACE
64			The object oriented interface lets you configure your own encoding or
65			decoding style, within the limits of supported formats.
66
67			$cbor = new CBOR::XS
68			Creates a new CBOR::XS object that can be used to de/encode CBOR
69			strings. All boolean flags described below are by default
70			disabled.
71
72			The mutators for flags all return the CBOR object again and thus
73			calls can be chained:
74
75			#TODO my $cbor = CBOR::XS->new->encode ({a => [1,2]});
76
77			$cbor = $cbor->max_depth ([$maximum_nesting_depth])
78			$max_depth = $cbor->get_max_depth
79			Sets the maximum nesting level (default 512) accepted while encoding
80			or decoding. If a higher nesting level is detected in CBOR data or a
81			Perl data structure, then the encoder and decoder will stop and
82			croak at that point.
83
84			Nesting level is defined by number of hash- or arrayrefs that the
85			encoder needs to traverse to reach a given point or the number of
86			"{" or "[" characters without their matching closing parenthesis
87			crossed to reach a given character in a string.
88
89			Setting the maximum depth to one disallows any nesting, so that
90			ensures that the object is only a single hash/object or array.
91
92			If no argument is given, the highest possible setting will be used,
93			which is rarely useful.
94
95			Note that nesting is implemented by recursion in C. The default
96			value has been chosen to be as large as typical operating systems
97			allow without crashing.
98
99			See SECURITY CONSIDERATIONS, below, for more info on why this is
100			useful.
101
102			$cbor = $cbor->max_size ([$maximum_string_size])
103			$max_size = $cbor->get_max_size
104			Set the maximum length a CBOR string may have (in bytes) where
105			decoding is being attempted. The default is 0, meaning no limit.
106			When "decode" is called on a string that is longer then this many
107			bytes, it will not attempt to decode the string but throw an
108			exception. This setting has no effect on "encode" (yet).
109
110			If no argument is given, the limit check will be deactivated (same
111			as when 0 is specified).
112
113			See SECURITY CONSIDERATIONS, below, for more info on why this is
114			useful.
115
116			$cbor_data = $cbor->encode ($perl_scalar)
117			Converts the given Perl data structure (a scalar value) to its CBOR
118			representation.
119
120			$perl_scalar = $cbor->decode ($cbor_data)
121			The opposite of "encode": expects CBOR data and tries to parse it,
122			returning the resulting simple scalar or reference. Croaks on error.
123
124			($perl_scalar, $octets) = $cbor->decode_prefix ($cbor_data)
125			This works like the "decode" method, but instead of raising an
126			exception when there is trailing garbage after the CBOR string, it
127			will silently stop parsing there and return the number of characters
128			consumed so far.
129
130			This is useful if your CBOR texts are not delimited by an outer
131			protocol and you need to know where the first CBOR string ends amd
132			the next one starts.
133
134			CBOR::XS->new->decode_prefix ("......")
135			=> ("...", 3)
136
137			MAPPING
138			This section describes how CBOR::XS maps Perl values to CBOR values and
139			vice versa. These mappings are designed to "do the right thing" in most
140			circumstances automatically, preserving round-tripping characteristics
141			(what you put in comes out as something equivalent).
142
143			For the more enlightened: note that in the following descriptions,
144			lowercase perl refers to the Perl interpreter, while uppercase Perl
145			refers to the abstract Perl language itself.
146
147			CBOR -> PERL
148	root	1.4	integers
149			CBOR integers become (numeric) perl scalars. On perls without 64 bit
150			support, 64 bit integers will be truncated or otherwise corrupted.
151
152			byte strings
153			Byte strings will become octet strings in Perl (the byte values
154			0..255 will simply become characters of the same value in Perl).
155
156			UTF-8 strings
157			UTF-8 strings in CBOR will be decoded, i.e. the UTF-8 octets will be
158			decoded into proper Unicode code points. At the moment, the validity
159			of the UTF-8 octets will not be validated - corrupt input will
160			result in corrupted Perl strings.
161
162			arrays, maps
163			CBOR arrays and CBOR maps will be converted into references to a
164			Perl array or hash, respectively. The keys of the map will be
165			stringified during this process.
166
167	root	1.5	null
168			CBOR null becomes "undef" in Perl.
169
170			true, false, undefined
171			These CBOR values become "Types:Serialiser::true",
172			"Types:Serialiser::false" and "Types::Serialiser::error",
173	root	1.2	respectively. They are overloaded to act almost exactly like the
174	root	1.5	numbers 1 and 0 (for true and false) or to throw an exception on
175			access (for error). See the Types::Serialiser manpage for details.
176
177			CBOR tag 256 (perl object)
178			The tag value 256 (TODO: pending iana registration) will be used to
179			deserialise a Perl object serialised with "FREEZE". See "OBJECT
180			SERIALISATION", below, for details.
181
182			CBOR tag 55799 (magic header)
183			The tag 55799 is ignored (this tag implements the magic header).
184
185			other CBOR tags
186			Tagged items consists of a numeric tag and another CBOR value. Tags
187			not handled internally are currently converted into a
188			CBOR::XS::Tagged object, which is simply a blessed array reference
189			consisting of the numeric tag value followed by the (decoded) CBOR
190			value.
191	root	1.2
192	root	1.5	In the future, support for user-supplied conversions might get
193			added.
194	root	1.4
195			anything else
196			Anything else (e.g. unsupported simple values) will raise a decoding
197			error.
198	root	1.2
199			PERL -> CBOR
200			The mapping from Perl to CBOR is slightly more difficult, as Perl is a
201			truly typeless language, so we can only guess which CBOR type is meant
202			by a Perl value.
203
204			hash references
205			Perl hash references become CBOR maps. As there is no inherent
206			ordering in hash keys (or CBOR maps), they will usually be encoded
207			in a pseudo-random order.
208
209	root	1.4	Currently, tied hashes will use the indefinite-length format, while
210			normal hashes will use the fixed-length format.
211
212	root	1.2	array references
213	root	1.4	Perl array references become fixed-length CBOR arrays.
214	root	1.2
215			other references
216			Other unblessed references are generally not allowed and will cause
217			an exception to be thrown, except for references to the integers 0
218	root	1.4	and 1, which get turned into false and true in CBOR.
219
220			CBOR::XS::Tagged objects
221			Objects of this type must be arrays consisting of a single "[tag,
222			value]" pair. The (numerical) tag will be encoded as a CBOR tag, the
223			value will be encoded as appropriate for the value.
224	root	1.2
225	root	1.5	Types::Serialiser::true, Types::Serialiser::false,
226			Types::Serialiser::error
227			These special values become CBOR true, CBOR false and CBOR undefined
228			values, respectively. You can also use "\1", "\0" and "\undef"
229			directly if you want.
230
231			other blessed objects
232			Other blessed objects are serialised via "TO_CBOR" or "FREEZE". See
233			"OBJECT SERIALISATION", below, for details.
234	root	1.2
235			simple scalars
236			TODO Simple Perl scalars (any scalar that is not a reference) are
237			the most difficult objects to encode: CBOR::XS will encode undefined
238	root	1.4	scalars as CBOR null values, scalars that have last been used in a
239	root	1.2	string context before encoding as CBOR strings, and anything else as
240			number value:
241
242			# dump as number
243			encode_cbor [2] # yields [2]
244			encode_cbor [-3.0e17] # yields [-3e+17]
245			my $value = 5; encode_cbor [$value] # yields [5]
246
247			# used as string, so dump as string
248			print $value;
249			encode_cbor [$value] # yields ["5"]
250
251			# undef becomes null
252			encode_cbor [undef] # yields [null]
253
254			You can force the type to be a CBOR string by stringifying it:
255
256			my $x = 3.1; # some variable containing a number
257			"$x"; # stringified
258			$x .= ""; # another, more awkward way to stringify
259			print $x; # perl does it for you, too, quite often
260
261			You can force the type to be a CBOR number by numifying it:
262
263			my $x = "3"; # some variable containing a string
264			$x += 0; # numify it, ensuring it will be dumped as a number
265			$x *= 1; # same thing, the choice is yours.
266
267			You can not currently force the type in other, less obscure, ways.
268			Tell me if you need this capability (but don't forget to explain why
269			it's needed :).
270
271	root	1.4	Perl values that seem to be integers generally use the shortest
272			possible representation. Floating-point values will use either the
273			IEEE single format if possible without loss of precision, otherwise
274			the IEEE double format will be used. Perls that use formats other
275			than IEEE double to represent numerical values are supported, but
276			might suffer loss of precision.
277	root	1.2
278	root	1.5	OBJECT SERIALISATION
279			This module knows two way to serialise a Perl object: The CBOR-specific
280			way, and the generic way.
281
282			Whenever the encoder encounters a Perl object that it cnanot serialise
283			directly (most of them), it will first look up the "TO_CBOR" method on
284			it.
285
286			If it has a "TO_CBOR" method, it will call it with the object as only
287			argument, and expects exactly one return value, which it will then
288			substitute and encode it in the place of the object.
289
290			Otherwise, it will look up the "FREEZE" method. If it exists, it will
291			call it with the object as first argument, and the constant string
292			"CBOR" as the second argument, to distinguish it from other serialisers.
293
294			The "FREEZE" method can return any number of values (i.e. zero or more).
295			These will be encoded as CBOR perl object, together with the classname.
296
297			If an object supports neither "TO_CBOR" nor "FREEZE", encoding will fail
298			with an error.
299
300			Objects encoded via "TO_CBOR" cannot be automatically decoded, but
301			objects encoded via "FREEZE" can be decoded using the following
302			protocol:
303
304			When an encoded CBOR perl object is encountered by the decoder, it will
305			look up the "THAW" method, by using the stored classname, and will fail
306			if the method cannot be found.
307
308			After the lookup it will call the "THAW" method with the stored
309			classname as first argument, the constant string "CBOR" as second
310			argument, and all values returned by "FREEZE" as remaining arguments.
311
312			EXAMPLES
313			Here is an example "TO_CBOR" method:
314
315			sub My::Object::TO_CBOR {
316			my ($obj) = @_;
317
318			["this is a serialised My::Object object", $obj->{id}]
319			}
320
321			When a "My::Object" is encoded to CBOR, it will instead encode a simple
322			array with two members: a string, and the "object id". Decoding this
323			CBOR string will yield a normal perl array reference in place of the
324			object.
325
326			A more useful and practical example would be a serialisation method for
327			the URI module. CBOR has a custom tag value for URIs, namely 32:
328
329			sub URI::TO_CBOR {
330			my ($self) = @_;
331			my $uri = "$self"; # stringify uri
332			utf8::upgrade $uri; # make sure it will be encoded as UTF-8 string
333			CBOR::XS::tagged 32, "$_[0]"
334			}
335
336			This will encode URIs as a UTF-8 string with tag 32, which indicates an
337			URI.
338
339			Decoding such an URI will not (currently) give you an URI object, but
340			instead a CBOR::XS::Tagged object with tag number 32 and the string -
341			exactly what was returned by "TO_CBOR".
342
343			To serialise an object so it can automatically be deserialised, you need
344			to use "FREEZE" and "THAW". To take the URI module as example, this
345			would be a possible implementation:
346
347			sub URI::FREEZE {
348			my ($self, $serialiser) = @_;
349			"$self" # encode url string
350			}
351
352			sub URI::THAW {
353			my ($class, $serialiser, $uri) = @_;
354
355			$class->new ($uri)
356			}
357
358			Unlike "TO_CBOR", multiple values can be returned by "FREEZE". For
359			example, a "FREEZE" method that returns "type", "id" and "variant"
360			values would cause an invocation of "THAW" with 5 arguments:
361
362			sub My::Object::FREEZE {
363			my ($self, $serialiser) = @_;
364
365			($self->{type}, $self->{id}, $self->{variant})
366			}
367
368			sub My::Object::THAW {
369			my ($class, $serialiser, $type, $id, $variant) = @_;
370
371			$class-<new (type => $type, id => $id, variant => $variant)
372			}
373
374			MAGIC HEADER
375	root	1.3	There is no way to distinguish CBOR from other formats programmatically.
376			To make it easier to distinguish CBOR from other formats, the CBOR
377			specification has a special "magic string" that can be prepended to any
378			CBOR string without changing it's meaning.
379
380			This string is available as $CBOR::XS::MAGIC. This module does not
381			prepend this string tot he CBOR data it generates, but it will ignroe it
382			if present, so users can prepend this string as a "file type" indicator
383			as required.
384
385	root	1.5	CBOR and JSON
386	root	1.4	CBOR is supposed to implement a superset of the JSON data model, and is,
387			with some coercion, able to represent all JSON texts (something that
388			other "binary JSON" formats such as BSON generally do not support).
389
390			CBOR implements some extra hints and support for JSON interoperability,
391			and the spec offers further guidance for conversion between CBOR and
392			JSON. None of this is currently implemented in CBOR, and the guidelines
393			in the spec do not result in correct round-tripping of data. If JSON
394			interoperability is improved in the future, then the goal will be to
395			ensure that decoded JSON data will round-trip encoding and decoding to
396			CBOR intact.
397	root	1.2
398			SECURITY CONSIDERATIONS
399			When you are using CBOR in a protocol, talking to untrusted potentially
400			hostile creatures requires relatively few measures.
401
402			First of all, your CBOR decoder should be secure, that is, should not
403			have any buffer overflows. Obviously, this module should ensure that and
404			I am trying hard on making that true, but you never know.
405
406			Second, you need to avoid resource-starving attacks. That means you
407			should limit the size of CBOR data you accept, or make sure then when
408			your resources run out, that's just fine (e.g. by using a separate
409			process that can crash safely). The size of a CBOR string in octets is
410			usually a good indication of the size of the resources required to
411			decode it into a Perl structure. While CBOR::XS can check the size of
412			the CBOR text, it might be too late when you already have it in memory,
413			so you might want to check the size before you accept the string.
414
415			Third, CBOR::XS recurses using the C stack when decoding objects and
416			arrays. The C stack is a limited resource: for instance, on my amd64
417			machine with 8MB of stack size I can decode around 180k nested arrays
418			but only 14k nested CBOR objects (due to perl itself recursing deeply on
419			croak to free the temporary). If that is exceeded, the program crashes.
420			To be conservative, the default nesting limit is set to 512. If your
421			process has a smaller stack, you should adjust this setting accordingly
422			with the "max_depth" method.
423
424			Something else could bomb you, too, that I forgot to think of. In that
425			case, you get to keep the pieces. I am always open for hints, though...
426
427			Also keep in mind that CBOR::XS might leak contents of your Perl data
428			structures in its error messages, so when you serialise sensitive
429			information you might want to make sure that exceptions thrown by
430			CBOR::XS will not end up in front of untrusted eyes.
431
432			CBOR IMPLEMENTATION NOTES
433			This section contains some random implementation notes. They do not
434			describe guaranteed behaviour, but merely behaviour as-is implemented
435			right now.
436
437			64 bit integers are only properly decoded when Perl was built with 64
438			bit support.
439
440			Strings and arrays are encoded with a definite length. Hashes as well,
441			unless they are tied (or otherwise magical).
442
443			Only the double data type is supported for NV data types - when Perl
444			uses long double to represent floating point values, they might not be
445			encoded properly. Half precision types are accepted, but not encoded.
446
447			Strict mode and canonical mode are not implemented.
448
449			THREADS
450			This module is not guaranteed to be thread safe and there are no plans
451			to change this until Perl gets thread support (as opposed to the
452			horribly slow so-called "threads" which are simply slow and bloated
453			process simulations - use fork, it's much faster, cheaper, better).
454
455			(It might actually work, but you have been warned).
456
457			BUGS
458			While the goal of this module is to be correct, that unfortunately does
459			not mean it's bug-free, only that I think its design is bug-free. If you
460			keep reporting bugs they will be fixed swiftly, though.
461
462			Please refrain from using rt.cpan.org or any other bug reporting
463			service. I put the contact address into my modules for a reason.
464
465			SEE ALSO
466			The JSON and JSON::XS modules that do similar, but human-readable,
467			serialisation.
468
469	root	1.5	The Types::Serialiser module provides the data model for true, false and
470			error values.
471
472	root	1.2	AUTHOR
473			Marc Lehmann <schmorp@schmorp.de>
474			http://home.schmorp.de/
475