[ViewVC] Contents of: cvs/CBOR-XS/README

NAME
    CBOR::XS - Concise Binary Object Representation (CBOR, RFC7049)

SYNOPSIS
     use CBOR::XS;

     $binary_cbor_data = encode_cbor $perl_value;
     $perl_value       = decode_cbor $binary_cbor_data;

     # OO-interface

     $coder = CBOR::XS->new;
     $binary_cbor_data = $coder->encode ($perl_value);
     $perl_value       = $coder->decode ($binary_cbor_data);

     # prefix decoding

     my $many_cbor_strings = ...;
     while (length $many_cbor_strings) {
        my ($data, $length) = $cbor->decode_prefix ($many_cbor_strings);
        # data was decoded
        substr $many_cbor_strings, 0, $length, ""; # remove decoded cbor string
     }

DESCRIPTION
    WARNING! This module is very new, and not very well tested (that's up to
    you to do). Furthermore, details of the implementation might change
    freely before version 1.0. And lastly, the object serialisation protocol
    depends on a pending IANA assignment, and until that assignment is
    official, this implementation is not interoperable with other
    implementations (even future versions of this module) until the
    assignment is done.

    You are still invited to try out CBOR, and this module.

    This module converts Perl data structures to the Concise Binary Object
    Representation (CBOR) and vice versa. CBOR is a fast binary
    serialisation format that aims to use a superset of the JSON data model,
    i.e. when you can represent something in JSON, you should be able to
    represent it in CBOR.

    In short, CBOR is a faster and very compact binary alternative to JSON,
    with the added ability of supporting serialisation of Perl objects.

    The primary goal of this module is to be *correct* and the secondary
    goal is to be *fast*. To reach the latter goal it was written in C.

    See MAPPING, below, on how CBOR::XS maps perl values to CBOR values and
    vice versa.

FUNCTIONAL INTERFACE
    The following convenience methods are provided by this module. They are
    exported by default:

    $cbor_data = encode_cbor $perl_scalar
        Converts the given Perl data structure to CBOR representation.
        Croaks on error.

    $perl_scalar = decode_cbor $cbor_data
        The opposite of "encode_cbor": expects a valid CBOR string to parse,
        returning the resulting perl scalar. Croaks on error.

OBJECT-ORIENTED INTERFACE
    The object oriented interface lets you configure your own encoding or
    decoding style, within the limits of supported formats.

    $cbor = new CBOR::XS
        Creates a new CBOR::XS object that can be used to de/encode CBOR
        strings. All boolean flags described below are by default
        *disabled*.

        The mutators for flags all return the CBOR object again and thus
        calls can be chained:

        #TODO my $cbor = CBOR::XS->new->encode ({a => [1,2]});

    $cbor = $cbor->max_depth ([$maximum_nesting_depth])
    $max_depth = $cbor->get_max_depth
        Sets the maximum nesting level (default 512) accepted while encoding
        or decoding. If a higher nesting level is detected in CBOR data or a
        Perl data structure, then the encoder and decoder will stop and
        croak at that point.

        Nesting level is defined by number of hash- or arrayrefs that the
        encoder needs to traverse to reach a given point or the number of
        "{" or "[" characters without their matching closing parenthesis
        crossed to reach a given character in a string.

        Setting the maximum depth to one disallows any nesting, so that
        ensures that the object is only a single hash/object or array.

        If no argument is given, the highest possible setting will be used,
        which is rarely useful.

        Note that nesting is implemented by recursion in C. The default
        value has been chosen to be as large as typical operating systems
        allow without crashing.

        See SECURITY CONSIDERATIONS, below, for more info on why this is
        useful.

    $cbor = $cbor->max_size ([$maximum_string_size])
    $max_size = $cbor->get_max_size
        Set the maximum length a CBOR string may have (in bytes) where
        decoding is being attempted. The default is 0, meaning no limit.
        When "decode" is called on a string that is longer then this many
        bytes, it will not attempt to decode the string but throw an
        exception. This setting has no effect on "encode" (yet).

        If no argument is given, the limit check will be deactivated (same
        as when 0 is specified).

        See SECURITY CONSIDERATIONS, below, for more info on why this is
        useful.

    $cbor_data = $cbor->encode ($perl_scalar)
        Converts the given Perl data structure (a scalar value) to its CBOR
        representation.

    $perl_scalar = $cbor->decode ($cbor_data)
        The opposite of "encode": expects CBOR data and tries to parse it,
        returning the resulting simple scalar or reference. Croaks on error.

    ($perl_scalar, $octets) = $cbor->decode_prefix ($cbor_data)
        This works like the "decode" method, but instead of raising an
        exception when there is trailing garbage after the CBOR string, it
        will silently stop parsing there and return the number of characters
        consumed so far.

        This is useful if your CBOR texts are not delimited by an outer
        protocol and you need to know where the first CBOR string ends amd
        the next one starts.

           CBOR::XS->new->decode_prefix ("......")
           => ("...", 3)

MAPPING
    This section describes how CBOR::XS maps Perl values to CBOR values and
    vice versa. These mappings are designed to "do the right thing" in most
    circumstances automatically, preserving round-tripping characteristics
    (what you put in comes out as something equivalent).

    For the more enlightened: note that in the following descriptions,
    lowercase *perl* refers to the Perl interpreter, while uppercase *Perl*
    refers to the abstract Perl language itself.

  CBOR -> PERL
    integers
        CBOR integers become (numeric) perl scalars. On perls without 64 bit
        support, 64 bit integers will be truncated or otherwise corrupted.

    byte strings
        Byte strings will become octet strings in Perl (the byte values
        0..255 will simply become characters of the same value in Perl).

    UTF-8 strings
        UTF-8 strings in CBOR will be decoded, i.e. the UTF-8 octets will be
        decoded into proper Unicode code points. At the moment, the validity
        of the UTF-8 octets will not be validated - corrupt input will
        result in corrupted Perl strings.

    arrays, maps
        CBOR arrays and CBOR maps will be converted into references to a
        Perl array or hash, respectively. The keys of the map will be
        stringified during this process.

    null
        CBOR null becomes "undef" in Perl.

    true, false, undefined
        These CBOR values become "Types:Serialiser::true",
        "Types:Serialiser::false" and "Types::Serialiser::error",
        respectively. They are overloaded to act almost exactly like the
        numbers 1 and 0 (for true and false) or to throw an exception on
        access (for error). See the Types::Serialiser manpage for details.

    CBOR tag 256 (perl object)
        The tag value 256 (TODO: pending iana registration) will be used to
        deserialise a Perl object serialised with "FREEZE". See "OBJECT
        SERIALISATION", below, for details.

    CBOR tag 55799 (magic header)
        The tag 55799 is ignored (this tag implements the magic header).

    other CBOR tags
        Tagged items consists of a numeric tag and another CBOR value. Tags
        not handled internally are currently converted into a
        CBOR::XS::Tagged object, which is simply a blessed array reference
        consisting of the numeric tag value followed by the (decoded) CBOR
        value.

        In the future, support for user-supplied conversions might get
        added.

    anything else
        Anything else (e.g. unsupported simple values) will raise a decoding
        error.

  PERL -> CBOR
    The mapping from Perl to CBOR is slightly more difficult, as Perl is a
    truly typeless language, so we can only guess which CBOR type is meant
    by a Perl value.

    hash references
        Perl hash references become CBOR maps. As there is no inherent
        ordering in hash keys (or CBOR maps), they will usually be encoded
        in a pseudo-random order.

        Currently, tied hashes will use the indefinite-length format, while
        normal hashes will use the fixed-length format.

    array references
        Perl array references become fixed-length CBOR arrays.

    other references
        Other unblessed references are generally not allowed and will cause
        an exception to be thrown, except for references to the integers 0
        and 1, which get turned into false and true in CBOR.

    CBOR::XS::Tagged objects
        Objects of this type must be arrays consisting of a single "[tag,
        value]" pair. The (numerical) tag will be encoded as a CBOR tag, the
        value will be encoded as appropriate for the value.

    Types::Serialiser::true, Types::Serialiser::false,
    Types::Serialiser::error
        These special values become CBOR true, CBOR false and CBOR undefined
        values, respectively. You can also use "\1", "\0" and "\undef"
        directly if you want.

    other blessed objects
        Other blessed objects are serialised via "TO_CBOR" or "FREEZE". See
        "OBJECT SERIALISATION", below, for details.

    simple scalars
        TODO Simple Perl scalars (any scalar that is not a reference) are
        the most difficult objects to encode: CBOR::XS will encode undefined
        scalars as CBOR null values, scalars that have last been used in a
        string context before encoding as CBOR strings, and anything else as
        number value:

           # dump as number
           encode_cbor [2]                      # yields [2]
           encode_cbor [-3.0e17]                # yields [-3e+17]
           my $value = 5; encode_cbor [$value]  # yields [5]

           # used as string, so dump as string
           print $value;
           encode_cbor [$value]                 # yields ["5"]

           # undef becomes null
           encode_cbor [undef]                  # yields [null]

        You can force the type to be a CBOR string by stringifying it:

           my $x = 3.1; # some variable containing a number
           "$x";        # stringified
           $x .= "";    # another, more awkward way to stringify
           print $x;    # perl does it for you, too, quite often

        You can force the type to be a CBOR number by numifying it:

           my $x = "3"; # some variable containing a string
           $x += 0;     # numify it, ensuring it will be dumped as a number
           $x *= 1;     # same thing, the choice is yours.

        You can not currently force the type in other, less obscure, ways.
        Tell me if you need this capability (but don't forget to explain why
        it's needed :).

        Perl values that seem to be integers generally use the shortest
        possible representation. Floating-point values will use either the
        IEEE single format if possible without loss of precision, otherwise
        the IEEE double format will be used. Perls that use formats other
        than IEEE double to represent numerical values are supported, but
        might suffer loss of precision.

  OBJECT SERIALISATION
    This module knows two way to serialise a Perl object: The CBOR-specific
    way, and the generic way.

    Whenever the encoder encounters a Perl object that it cnanot serialise
    directly (most of them), it will first look up the "TO_CBOR" method on
    it.

    If it has a "TO_CBOR" method, it will call it with the object as only
    argument, and expects exactly one return value, which it will then
    substitute and encode it in the place of the object.

    Otherwise, it will look up the "FREEZE" method. If it exists, it will
    call it with the object as first argument, and the constant string
    "CBOR" as the second argument, to distinguish it from other serialisers.

    The "FREEZE" method can return any number of values (i.e. zero or more).
    These will be encoded as CBOR perl object, together with the classname.

    If an object supports neither "TO_CBOR" nor "FREEZE", encoding will fail
    with an error.

    Objects encoded via "TO_CBOR" cannot be automatically decoded, but
    objects encoded via "FREEZE" can be decoded using the following
    protocol:

    When an encoded CBOR perl object is encountered by the decoder, it will
    look up the "THAW" method, by using the stored classname, and will fail
    if the method cannot be found.

    After the lookup it will call the "THAW" method with the stored
    classname as first argument, the constant string "CBOR" as second
    argument, and all values returned by "FREEZE" as remaining arguments.

   EXAMPLES
    Here is an example "TO_CBOR" method:

       sub My::Object::TO_CBOR {
          my ($obj) = @_;

          ["this is a serialised My::Object object", $obj->{id}]
       }

    When a "My::Object" is encoded to CBOR, it will instead encode a simple
    array with two members: a string, and the "object id". Decoding this
    CBOR string will yield a normal perl array reference in place of the
    object.

    A more useful and practical example would be a serialisation method for
    the URI module. CBOR has a custom tag value for URIs, namely 32:

      sub URI::TO_CBOR {
         my ($self) = @_;
         my $uri = "$self"; # stringify uri
         utf8::upgrade $uri; # make sure it will be encoded as UTF-8 string
         CBOR::XS::tagged 32, "$_[0]"
      }

    This will encode URIs as a UTF-8 string with tag 32, which indicates an
    URI.

    Decoding such an URI will not (currently) give you an URI object, but
    instead a CBOR::XS::Tagged object with tag number 32 and the string -
    exactly what was returned by "TO_CBOR".

    To serialise an object so it can automatically be deserialised, you need
    to use "FREEZE" and "THAW". To take the URI module as example, this
    would be a possible implementation:

       sub URI::FREEZE {
          my ($self, $serialiser) = @_;
          "$self" # encode url string
       }

       sub URI::THAW {
          my ($class, $serialiser, $uri) = @_;

          $class->new ($uri)
       }

    Unlike "TO_CBOR", multiple values can be returned by "FREEZE". For
    example, a "FREEZE" method that returns "type", "id" and "variant"
    values would cause an invocation of "THAW" with 5 arguments:

       sub My::Object::FREEZE {
          my ($self, $serialiser) = @_;

          ($self->{type}, $self->{id}, $self->{variant})
       }

       sub My::Object::THAW {
          my ($class, $serialiser, $type, $id, $variant) = @_;

          $class-<new (type => $type, id => $id, variant => $variant)
       }

MAGIC HEADER
    There is no way to distinguish CBOR from other formats programmatically.
    To make it easier to distinguish CBOR from other formats, the CBOR
    specification has a special "magic string" that can be prepended to any
    CBOR string without changing it's meaning.

    This string is available as $CBOR::XS::MAGIC. This module does not
    prepend this string tot he CBOR data it generates, but it will ignroe it
    if present, so users can prepend this string as a "file type" indicator
    as required.

CBOR and JSON
    CBOR is supposed to implement a superset of the JSON data model, and is,
    with some coercion, able to represent all JSON texts (something that
    other "binary JSON" formats such as BSON generally do not support).

    CBOR implements some extra hints and support for JSON interoperability,
    and the spec offers further guidance for conversion between CBOR and
    JSON. None of this is currently implemented in CBOR, and the guidelines
    in the spec do not result in correct round-tripping of data. If JSON
    interoperability is improved in the future, then the goal will be to
    ensure that decoded JSON data will round-trip encoding and decoding to
    CBOR intact.

SECURITY CONSIDERATIONS
    When you are using CBOR in a protocol, talking to untrusted potentially
    hostile creatures requires relatively few measures.

    First of all, your CBOR decoder should be secure, that is, should not
    have any buffer overflows. Obviously, this module should ensure that and
    I am trying hard on making that true, but you never know.

    Second, you need to avoid resource-starving attacks. That means you
    should limit the size of CBOR data you accept, or make sure then when
    your resources run out, that's just fine (e.g. by using a separate
    process that can crash safely). The size of a CBOR string in octets is
    usually a good indication of the size of the resources required to
    decode it into a Perl structure. While CBOR::XS can check the size of
    the CBOR text, it might be too late when you already have it in memory,
    so you might want to check the size before you accept the string.

    Third, CBOR::XS recurses using the C stack when decoding objects and
    arrays. The C stack is a limited resource: for instance, on my amd64
    machine with 8MB of stack size I can decode around 180k nested arrays
    but only 14k nested CBOR objects (due to perl itself recursing deeply on
    croak to free the temporary). If that is exceeded, the program crashes.
    To be conservative, the default nesting limit is set to 512. If your
    process has a smaller stack, you should adjust this setting accordingly
    with the "max_depth" method.

    Something else could bomb you, too, that I forgot to think of. In that
    case, you get to keep the pieces. I am always open for hints, though...

    Also keep in mind that CBOR::XS might leak contents of your Perl data
    structures in its error messages, so when you serialise sensitive
    information you might want to make sure that exceptions thrown by
    CBOR::XS will not end up in front of untrusted eyes.

CBOR IMPLEMENTATION NOTES
    This section contains some random implementation notes. They do not
    describe guaranteed behaviour, but merely behaviour as-is implemented
    right now.

    64 bit integers are only properly decoded when Perl was built with 64
    bit support.

    Strings and arrays are encoded with a definite length. Hashes as well,
    unless they are tied (or otherwise magical).

    Only the double data type is supported for NV data types - when Perl
    uses long double to represent floating point values, they might not be
    encoded properly. Half precision types are accepted, but not encoded.

    Strict mode and canonical mode are not implemented.

THREADS
    This module is *not* guaranteed to be thread safe and there are no plans
    to change this until Perl gets thread support (as opposed to the
    horribly slow so-called "threads" which are simply slow and bloated
    process simulations - use fork, it's *much* faster, cheaper, better).

    (It might actually work, but you have been warned).

BUGS
    While the goal of this module is to be correct, that unfortunately does
    not mean it's bug-free, only that I think its design is bug-free. If you
    keep reporting bugs they will be fixed swiftly, though.

    Please refrain from using rt.cpan.org or any other bug reporting
    service. I put the contact address into my modules for a reason.

SEE ALSO
    The JSON and JSON::XS modules that do similar, but human-readable,
    serialisation.

    The Types::Serialiser module provides the data model for true, false and
    error values.

AUTHOR
     Marc Lehmann <schmorp@schmorp.de>
     http://home.schmorp.de/

Revision:	1.6
Committed:	Mon Oct 28 21:28:14 2013 UTC (10 years, 6 months ago) by root
Branch:	MAIN
CVS Tags:	rel-0_05
Changes since 1.5:	+11 -5 lines
Log Message:	0.05
#	Content
1	NAME
2	CBOR::XS - Concise Binary Object Representation (CBOR, RFC7049)
3
4	SYNOPSIS
5	use CBOR::XS;
6
7	$binary_cbor_data = encode_cbor $perl_value;
8	$perl_value = decode_cbor $binary_cbor_data;
9
10	# OO-interface
11
12	$coder = CBOR::XS->new;
13	$binary_cbor_data = $coder->encode ($perl_value);
14	$perl_value = $coder->decode ($binary_cbor_data);
15
16	# prefix decoding
17
18	my $many_cbor_strings = ...;
19	while (length $many_cbor_strings) {
20	my ($data, $length) = $cbor->decode_prefix ($many_cbor_strings);
21	# data was decoded
22	substr $many_cbor_strings, 0, $length, ""; # remove decoded cbor string
23	}
24
25	DESCRIPTION
26	WARNING! This module is very new, and not very well tested (that's up to
27	you to do). Furthermore, details of the implementation might change
28	freely before version 1.0. And lastly, the object serialisation protocol
29	depends on a pending IANA assignment, and until that assignment is
30	official, this implementation is not interoperable with other
31	implementations (even future versions of this module) until the
32	assignment is done.
33
34	You are still invited to try out CBOR, and this module.
35
36	This module converts Perl data structures to the Concise Binary Object
37	Representation (CBOR) and vice versa. CBOR is a fast binary
38	serialisation format that aims to use a superset of the JSON data model,
39	i.e. when you can represent something in JSON, you should be able to
40	represent it in CBOR.
41
42	In short, CBOR is a faster and very compact binary alternative to JSON,
43	with the added ability of supporting serialisation of Perl objects.
44
45	The primary goal of this module is to be correct and the secondary
46	goal is to be fast. To reach the latter goal it was written in C.
47
48	See MAPPING, below, on how CBOR::XS maps perl values to CBOR values and
49	vice versa.
50
51	FUNCTIONAL INTERFACE
52	The following convenience methods are provided by this module. They are
53	exported by default:
54
55	$cbor_data = encode_cbor $perl_scalar
56	Converts the given Perl data structure to CBOR representation.
57	Croaks on error.
58
59	$perl_scalar = decode_cbor $cbor_data
60	The opposite of "encode_cbor": expects a valid CBOR string to parse,
61	returning the resulting perl scalar. Croaks on error.
62
63	OBJECT-ORIENTED INTERFACE
64	The object oriented interface lets you configure your own encoding or
65	decoding style, within the limits of supported formats.
66
67	$cbor = new CBOR::XS
68	Creates a new CBOR::XS object that can be used to de/encode CBOR
69	strings. All boolean flags described below are by default
70	disabled.
71
72	The mutators for flags all return the CBOR object again and thus
73	calls can be chained:
74
75	#TODO my $cbor = CBOR::XS->new->encode ({a => [1,2]});
76
77	$cbor = $cbor->max_depth ([$maximum_nesting_depth])
78	$max_depth = $cbor->get_max_depth
79	Sets the maximum nesting level (default 512) accepted while encoding
80	or decoding. If a higher nesting level is detected in CBOR data or a
81	Perl data structure, then the encoder and decoder will stop and
82	croak at that point.
83
84	Nesting level is defined by number of hash- or arrayrefs that the
85	encoder needs to traverse to reach a given point or the number of
86	"{" or "[" characters without their matching closing parenthesis
87	crossed to reach a given character in a string.
88
89	Setting the maximum depth to one disallows any nesting, so that
90	ensures that the object is only a single hash/object or array.
91
92	If no argument is given, the highest possible setting will be used,
93	which is rarely useful.
94
95	Note that nesting is implemented by recursion in C. The default
96	value has been chosen to be as large as typical operating systems
97	allow without crashing.
98
99	See SECURITY CONSIDERATIONS, below, for more info on why this is
100	useful.
101
102	$cbor = $cbor->max_size ([$maximum_string_size])
103	$max_size = $cbor->get_max_size
104	Set the maximum length a CBOR string may have (in bytes) where
105	decoding is being attempted. The default is 0, meaning no limit.
106	When "decode" is called on a string that is longer then this many
107	bytes, it will not attempt to decode the string but throw an
108	exception. This setting has no effect on "encode" (yet).
109
110	If no argument is given, the limit check will be deactivated (same
111	as when 0 is specified).
112
113	See SECURITY CONSIDERATIONS, below, for more info on why this is
114	useful.
115
116	$cbor_data = $cbor->encode ($perl_scalar)
117	Converts the given Perl data structure (a scalar value) to its CBOR
118	representation.
119
120	$perl_scalar = $cbor->decode ($cbor_data)
121	The opposite of "encode": expects CBOR data and tries to parse it,
122	returning the resulting simple scalar or reference. Croaks on error.
123
124	($perl_scalar, $octets) = $cbor->decode_prefix ($cbor_data)
125	This works like the "decode" method, but instead of raising an
126	exception when there is trailing garbage after the CBOR string, it
127	will silently stop parsing there and return the number of characters
128	consumed so far.
129
130	This is useful if your CBOR texts are not delimited by an outer
131	protocol and you need to know where the first CBOR string ends amd
132	the next one starts.
133
134	CBOR::XS->new->decode_prefix ("......")
135	=> ("...", 3)
136
137	MAPPING
138	This section describes how CBOR::XS maps Perl values to CBOR values and
139	vice versa. These mappings are designed to "do the right thing" in most
140	circumstances automatically, preserving round-tripping characteristics
141	(what you put in comes out as something equivalent).
142
143	For the more enlightened: note that in the following descriptions,
144	lowercase perl refers to the Perl interpreter, while uppercase Perl
145	refers to the abstract Perl language itself.
146
147	CBOR -> PERL
148	integers
149	CBOR integers become (numeric) perl scalars. On perls without 64 bit
150	support, 64 bit integers will be truncated or otherwise corrupted.
151
152	byte strings
153	Byte strings will become octet strings in Perl (the byte values
154	0..255 will simply become characters of the same value in Perl).
155
156	UTF-8 strings
157	UTF-8 strings in CBOR will be decoded, i.e. the UTF-8 octets will be
158	decoded into proper Unicode code points. At the moment, the validity
159	of the UTF-8 octets will not be validated - corrupt input will
160	result in corrupted Perl strings.
161
162	arrays, maps
163	CBOR arrays and CBOR maps will be converted into references to a
164	Perl array or hash, respectively. The keys of the map will be
165	stringified during this process.
166
167	null
168	CBOR null becomes "undef" in Perl.
169
170	true, false, undefined
171	These CBOR values become "Types:Serialiser::true",
172	"Types:Serialiser::false" and "Types::Serialiser::error",
173	respectively. They are overloaded to act almost exactly like the
174	numbers 1 and 0 (for true and false) or to throw an exception on
175	access (for error). See the Types::Serialiser manpage for details.
176
177	CBOR tag 256 (perl object)
178	The tag value 256 (TODO: pending iana registration) will be used to
179	deserialise a Perl object serialised with "FREEZE". See "OBJECT
180	SERIALISATION", below, for details.
181
182	CBOR tag 55799 (magic header)
183	The tag 55799 is ignored (this tag implements the magic header).
184
185	other CBOR tags
186	Tagged items consists of a numeric tag and another CBOR value. Tags
187	not handled internally are currently converted into a
188	CBOR::XS::Tagged object, which is simply a blessed array reference
189	consisting of the numeric tag value followed by the (decoded) CBOR
190	value.
191
192	In the future, support for user-supplied conversions might get
193	added.
194
195	anything else
196	Anything else (e.g. unsupported simple values) will raise a decoding
197	error.
198
199	PERL -> CBOR
200	The mapping from Perl to CBOR is slightly more difficult, as Perl is a
201	truly typeless language, so we can only guess which CBOR type is meant
202	by a Perl value.
203
204	hash references
205	Perl hash references become CBOR maps. As there is no inherent
206	ordering in hash keys (or CBOR maps), they will usually be encoded
207	in a pseudo-random order.
208
209	Currently, tied hashes will use the indefinite-length format, while
210	normal hashes will use the fixed-length format.
211
212	array references
213	Perl array references become fixed-length CBOR arrays.
214
215	other references
216	Other unblessed references are generally not allowed and will cause
217	an exception to be thrown, except for references to the integers 0
218	and 1, which get turned into false and true in CBOR.
219
220	CBOR::XS::Tagged objects
221	Objects of this type must be arrays consisting of a single "[tag,
222	value]" pair. The (numerical) tag will be encoded as a CBOR tag, the
223	value will be encoded as appropriate for the value.
224
225	Types::Serialiser::true, Types::Serialiser::false,
226	Types::Serialiser::error
227	These special values become CBOR true, CBOR false and CBOR undefined
228	values, respectively. You can also use "\1", "\0" and "\undef"
229	directly if you want.
230
231	other blessed objects
232	Other blessed objects are serialised via "TO_CBOR" or "FREEZE". See
233	"OBJECT SERIALISATION", below, for details.
234
235	simple scalars
236	TODO Simple Perl scalars (any scalar that is not a reference) are
237	the most difficult objects to encode: CBOR::XS will encode undefined
238	scalars as CBOR null values, scalars that have last been used in a
239	string context before encoding as CBOR strings, and anything else as
240	number value:
241
242	# dump as number
243	encode_cbor [2] # yields [2]
244	encode_cbor [-3.0e17] # yields [-3e+17]
245	my $value = 5; encode_cbor [$value] # yields [5]
246
247	# used as string, so dump as string
248	print $value;
249	encode_cbor [$value] # yields ["5"]
250
251	# undef becomes null
252	encode_cbor [undef] # yields [null]
253
254	You can force the type to be a CBOR string by stringifying it:
255
256	my $x = 3.1; # some variable containing a number
257	"$x"; # stringified
258	$x .= ""; # another, more awkward way to stringify
259	print $x; # perl does it for you, too, quite often
260
261	You can force the type to be a CBOR number by numifying it:
262
263	my $x = "3"; # some variable containing a string
264	$x += 0; # numify it, ensuring it will be dumped as a number
265	$x *= 1; # same thing, the choice is yours.
266
267	You can not currently force the type in other, less obscure, ways.
268	Tell me if you need this capability (but don't forget to explain why
269	it's needed :).
270
271	Perl values that seem to be integers generally use the shortest
272	possible representation. Floating-point values will use either the
273	IEEE single format if possible without loss of precision, otherwise
274	the IEEE double format will be used. Perls that use formats other
275	than IEEE double to represent numerical values are supported, but
276	might suffer loss of precision.
277
278	OBJECT SERIALISATION
279	This module knows two way to serialise a Perl object: The CBOR-specific
280	way, and the generic way.
281
282	Whenever the encoder encounters a Perl object that it cnanot serialise
283	directly (most of them), it will first look up the "TO_CBOR" method on
284	it.
285
286	If it has a "TO_CBOR" method, it will call it with the object as only
287	argument, and expects exactly one return value, which it will then
288	substitute and encode it in the place of the object.
289
290	Otherwise, it will look up the "FREEZE" method. If it exists, it will
291	call it with the object as first argument, and the constant string
292	"CBOR" as the second argument, to distinguish it from other serialisers.
293
294	The "FREEZE" method can return any number of values (i.e. zero or more).
295	These will be encoded as CBOR perl object, together with the classname.
296
297	If an object supports neither "TO_CBOR" nor "FREEZE", encoding will fail
298	with an error.
299
300	Objects encoded via "TO_CBOR" cannot be automatically decoded, but
301	objects encoded via "FREEZE" can be decoded using the following
302	protocol:
303
304	When an encoded CBOR perl object is encountered by the decoder, it will
305	look up the "THAW" method, by using the stored classname, and will fail
306	if the method cannot be found.
307
308	After the lookup it will call the "THAW" method with the stored
309	classname as first argument, the constant string "CBOR" as second
310	argument, and all values returned by "FREEZE" as remaining arguments.
311
312	EXAMPLES
313	Here is an example "TO_CBOR" method:
314
315	sub My::Object::TO_CBOR {
316	my ($obj) = @_;
317
318	["this is a serialised My::Object object", $obj->{id}]
319	}
320
321	When a "My::Object" is encoded to CBOR, it will instead encode a simple
322	array with two members: a string, and the "object id". Decoding this
323	CBOR string will yield a normal perl array reference in place of the
324	object.
325
326	A more useful and practical example would be a serialisation method for
327	the URI module. CBOR has a custom tag value for URIs, namely 32:
328
329	sub URI::TO_CBOR {
330	my ($self) = @_;
331	my $uri = "$self"; # stringify uri
332	utf8::upgrade $uri; # make sure it will be encoded as UTF-8 string
333	CBOR::XS::tagged 32, "$_[0]"
334	}
335
336	This will encode URIs as a UTF-8 string with tag 32, which indicates an
337	URI.
338
339	Decoding such an URI will not (currently) give you an URI object, but
340	instead a CBOR::XS::Tagged object with tag number 32 and the string -
341	exactly what was returned by "TO_CBOR".
342
343	To serialise an object so it can automatically be deserialised, you need
344	to use "FREEZE" and "THAW". To take the URI module as example, this
345	would be a possible implementation:
346
347	sub URI::FREEZE {
348	my ($self, $serialiser) = @_;
349	"$self" # encode url string
350	}
351
352	sub URI::THAW {
353	my ($class, $serialiser, $uri) = @_;
354
355	$class->new ($uri)
356	}
357
358	Unlike "TO_CBOR", multiple values can be returned by "FREEZE". For
359	example, a "FREEZE" method that returns "type", "id" and "variant"
360	values would cause an invocation of "THAW" with 5 arguments:
361
362	sub My::Object::FREEZE {
363	my ($self, $serialiser) = @_;
364
365	($self->{type}, $self->{id}, $self->{variant})
366	}
367
368	sub My::Object::THAW {
369	my ($class, $serialiser, $type, $id, $variant) = @_;
370
371	$class-<new (type => $type, id => $id, variant => $variant)
372	}
373
374	MAGIC HEADER
375	There is no way to distinguish CBOR from other formats programmatically.
376	To make it easier to distinguish CBOR from other formats, the CBOR
377	specification has a special "magic string" that can be prepended to any
378	CBOR string without changing it's meaning.
379
380	This string is available as $CBOR::XS::MAGIC. This module does not
381	prepend this string tot he CBOR data it generates, but it will ignroe it
382	if present, so users can prepend this string as a "file type" indicator
383	as required.
384
385	CBOR and JSON
386	CBOR is supposed to implement a superset of the JSON data model, and is,
387	with some coercion, able to represent all JSON texts (something that
388	other "binary JSON" formats such as BSON generally do not support).
389
390	CBOR implements some extra hints and support for JSON interoperability,
391	and the spec offers further guidance for conversion between CBOR and
392	JSON. None of this is currently implemented in CBOR, and the guidelines
393	in the spec do not result in correct round-tripping of data. If JSON
394	interoperability is improved in the future, then the goal will be to
395	ensure that decoded JSON data will round-trip encoding and decoding to
396	CBOR intact.
397
398	SECURITY CONSIDERATIONS
399	When you are using CBOR in a protocol, talking to untrusted potentially
400	hostile creatures requires relatively few measures.
401
402	First of all, your CBOR decoder should be secure, that is, should not
403	have any buffer overflows. Obviously, this module should ensure that and
404	I am trying hard on making that true, but you never know.
405
406	Second, you need to avoid resource-starving attacks. That means you
407	should limit the size of CBOR data you accept, or make sure then when
408	your resources run out, that's just fine (e.g. by using a separate
409	process that can crash safely). The size of a CBOR string in octets is
410	usually a good indication of the size of the resources required to
411	decode it into a Perl structure. While CBOR::XS can check the size of
412	the CBOR text, it might be too late when you already have it in memory,
413	so you might want to check the size before you accept the string.
414
415	Third, CBOR::XS recurses using the C stack when decoding objects and
416	arrays. The C stack is a limited resource: for instance, on my amd64
417	machine with 8MB of stack size I can decode around 180k nested arrays
418	but only 14k nested CBOR objects (due to perl itself recursing deeply on
419	croak to free the temporary). If that is exceeded, the program crashes.
420	To be conservative, the default nesting limit is set to 512. If your
421	process has a smaller stack, you should adjust this setting accordingly
422	with the "max_depth" method.
423
424	Something else could bomb you, too, that I forgot to think of. In that
425	case, you get to keep the pieces. I am always open for hints, though...
426
427	Also keep in mind that CBOR::XS might leak contents of your Perl data
428	structures in its error messages, so when you serialise sensitive
429	information you might want to make sure that exceptions thrown by
430	CBOR::XS will not end up in front of untrusted eyes.
431
432	CBOR IMPLEMENTATION NOTES
433	This section contains some random implementation notes. They do not
434	describe guaranteed behaviour, but merely behaviour as-is implemented
435	right now.
436
437	64 bit integers are only properly decoded when Perl was built with 64
438	bit support.
439
440	Strings and arrays are encoded with a definite length. Hashes as well,
441	unless they are tied (or otherwise magical).
442
443	Only the double data type is supported for NV data types - when Perl
444	uses long double to represent floating point values, they might not be
445	encoded properly. Half precision types are accepted, but not encoded.
446
447	Strict mode and canonical mode are not implemented.
448
449	THREADS
450	This module is not guaranteed to be thread safe and there are no plans
451	to change this until Perl gets thread support (as opposed to the
452	horribly slow so-called "threads" which are simply slow and bloated
453	process simulations - use fork, it's much faster, cheaper, better).
454
455	(It might actually work, but you have been warned).
456
457	BUGS
458	While the goal of this module is to be correct, that unfortunately does
459	not mean it's bug-free, only that I think its design is bug-free. If you
460	keep reporting bugs they will be fixed swiftly, though.
461
462	Please refrain from using rt.cpan.org or any other bug reporting
463	service. I put the contact address into my modules for a reason.
464
465	SEE ALSO
466	The JSON and JSON::XS modules that do similar, but human-readable,
467	serialisation.
468
469	The Types::Serialiser module provides the data model for true, false and
470	error values.
471
472	AUTHOR
473	Marc Lehmann <schmorp@schmorp.de>
474	http://home.schmorp.de/
475