Fast, idiomatic C# implementation of Flatbuffers
Перейти к файлу
James Courtney 7a97087e31
Add Object Depth Limit (#289)
Addresses a denial of service security vulnerability where FlatSharp could be induced to stack overflow given a schema with a loop (or simply too deep) along with a malicious input.
2022-04-23 23:43:03 -07:00
.github Rename Workflows Master -> Main (#260) 2021-12-25 16:19:45 -08:00
benchmarks 6.0.0 (#241) 2021-09-17 14:06:44 -07:00
misc Switch to Roslyn from IL Generation (#3) 2018-10-14 15:34:31 -07:00
samples Update samples to 6.2.0 (#281) 2022-02-20 17:18:31 -08:00
src Add Object Depth Limit (#289) 2022-04-23 23:43:03 -07:00
.gitignore XML Documentation (#280) 2022-02-15 00:41:20 -08:00
LICENSE.md Rev nuget package versions, v1.0 2019-04-15 23:30:36 -07:00
README.md Rename Workflows Master -> Main (#260) 2021-12-25 16:19:45 -08:00
codecov.yml Add Code Coverage (#160) 2021-06-02 03:18:39 -07:00

README.md

FlatSharp

Main codecov

FlatSharp is Google's FlatBuffers serialization format implemented in C#, for C#. FlatBuffers is a zero-copy binary serialization format intended for high-performance scenarios. FlatSharp leverages the latest and greatest from .NET in the form of Memory<T> and Span<T>. As such, FlatSharp's safe-code implementations are often faster than other implementations using unsafe code. FlatSharp aims to provide 4 core priorities:

  • Full safety (no unsafe code or IL generation -- more on that below).
  • Speed
  • FlatBuffers schema correctness
  • Compatibility with other C#-focused projects like Unity, Blazor, and Xamarin. If it supports .NET standard 2.0, it supports FlatSharp.

All FlatSharp packages are published on nuget.org:

  • FlatSharp.Runtime: The runtime library. You always need this.
  • FlatSharp: Support for runtime schemas with C# attributes. Includes FlatBufferSerializer.
  • FlatSharp.Compiler: Build time compiler for generating C# from an FBS schema.

As of version 3.3.1, FlatSharp is in production use at Microsoft.

Getting Started

If you're completely new to FlatBuffers, take a minute to look over the FlatBuffer overview. Additionally, it's worth the time to understand the different elements of FlatBuffer schemas.

1. Define a schema

There are two ways to define a FlatBuffer schema with FlatSharp. The first is to use C# attributes to annotate classes, like you would with other serializers:

// FlatSharp supports enums, but makes you promise not to change the underlying type.
[FlatBufferEnum(typeof(byte))]
public enum Color : byte { Red = 1, Green, Blue }

// Tables are flexible objects meant to allow schema changes. Numeric properties can have default values,
// and all properties can be deprecated. Each index may only be used once, so once the "Parent" property is
// deprecated, index 2 cannot be used again by a different property.
[FlatBufferTable]
public class Person : object
{   
    [FlatBufferItem(0)] public virtual int Id { get; set; }
    [FlatBufferItem(1)] public virtual string Name { get; set; }
    [FlatBufferItem(2, Deprecated = true)] public virtual Person Parent { get; set; }
    [FlatBufferItem(3)] public virtual IList<Person> Children { get; set; }
    [FlatBufferItem(4, DefaultValue = Color.Blue)] public virtual Color FavoriteColor { get; set; } = Color.Blue;
    [FlatBufferItem(5)] public virtual Location Position { get; set; }
}

// Structs are really fast, but may only contain scalars and other structs. Structs
// cannot be versioned, so use only when you're sure the schema won't change.
[FlatBufferStruct]
public class Location : object
{
    [FlatBufferItem(0)] public virtual float Latitude { get; set; }
    [FlatBufferItem(1)] public virtual float Longitude { get; set; }
}

The second way to define a schema is to use an FBS schema file and run the FlatSharp compiler at build-time with your project. This enables fancy options like precompiling your serializers, interop with FlatBuffers in other languages, and GRPC definitions.

namespace MyNamespace;

enum Color : ubyte { Red = 1, Green, Blue }

table Person (fs_serializer) {
    Id:int;
    Name:string;
    Parent:Person (deprecated);
    Children:[Person];
    FavoriteColor:Color = Blue;
    Position:Location;
}

struct Location {
    Latitude:float;
    Longitude:float;
}

rpc_service PersonService {
    GetParent(Person):Person;
}

2. Serialize your data

Serialization is easy!

Person person = new Person(...);
int maxBytesNeeded = FlatBufferSerializer.Default.GetMaxSize(person);
byte[] buffer = new byte[maxBytesNeeded];
int bytesWritten = FlatBufferSerializer.Default.Serialize(person, buffer);

3. Parse your data

Deserializing is easier!

// By default, FlatSharp deserializes greedily, so everything in the Person is read from the data buffer
// and copied into the Person object, and the data buffer is no longer used after the Parse method returns.
// However, FlatSharp supports a variety of Lazy modes that read data from the buffer on demand and are
// often faster. These are covered under advanced topics below.
Person p = FlatBufferSerializer.Default.Parse<Person>(data);

Samples & Documentation

FlatSharp supports some interesting features not covered here. Detailed documentation is in the wiki. The samples solution has full examples of:

Internals

FlatSharp works by generating subclasses of your data contracts based on the schema that you define. That is, when you attempt to deserialize a MonsterTable object, you actually get back a subclass of MonsterTable, which has properties defined in such a way as to index into the buffer, according to the deserialization mode specified (greedy, lazy, etc).

Security

Serializers are a common vector for security issues. FlatSharp takes the following approach to security:

  • All core operations are overflow-checked
  • No unsafe code
  • No IL generation
  • Use standard .NET libraries for reading and writing from memory

At its core, FlatSharp is a tool to convert a FlatBuffer schema into a pile of safe C# code that depends only upon standard .NET libraries. There is no "secret sauce". Buffer overflows are intended to be impossible by design, due to the features of .NET and the CLR. A malicious input may lead to corrupt data or an Exception being thrown, but the process will not be compromised. As always, a best practice is to encrypt data at rest, in transit, and decorate it with some checksums.

Performance & Benchmarks

FlatSharp is really, really fast. The FlatSharp benchmarks were run on .NET 5.0, using a C# approximation of Google's FlatBuffer benchmark, which can be found here.

The benchmarks test 4 different serialization frameworks, all using default settings:

  • FlatSharp -- 6.0.0
  • Protobuf.NET -- 3.0.101
  • Google's C# Flatbuffers -- 2.0.0
  • Message Pack C# -- 2.3.75

The full results for each version of FlatSharp can be viewed in the benchmarks folder. Additionally, the benchmark data contains performance data for many different configurations of FlatSharp and other features, such as sorted vectors and shared strings.

Word of Warning

Serialization benchmarks are not reflective of "real-world" performance, because processes rarely do serialization-only workflows. In reality, your serializer is going to be competing for L1 cache and other resources along with everything else in your program (and everything else on the machine). So while these benchmarks show that FlatSharp is faster by a wide margin, these benefits may not translate to any practical effect in your environment, depending completely upon your own workflows and data structures. Your choice of serialization format and library should be informed by your needs (Do you need lazy access? Do you care about compact message size?) and not by the results of a benchmark that shows best-case results for all serializers by virtue of that being the only thing running on the machine at that point in time.

Serialization

This data shows the mean time it takes to serialize a typical message containing a 30-item vector.

Library Time Relative Performance Data Size
FlatSharp (Optimized) 1,127 ns 63% 3085
FlatSharp (Default) 1,799 100% 3085
Message Pack C# 2,613 145% 2497
Google Flatbuffers 6,157 342% 3312
Google Flatbuffers (Object API) 6,490 361% 3312
Protobuf.NET 8,518 473% 2646

Deserialization

How much time does it take to parse and then fully enumerate the message from the serialization benchmark?

Library Time Relative Performance
FlatSharp (Optimized) 1,746 ns 79%
FlatSharp (Default) 2,211 100%
Message Pack C# 5,491 248%
Google Flatbuffers 4,928 223%
Google Flatbuffers (Object API) 7,734 350%
Protobuf.NET 8,464 383%

So What Packages Do I Need?

There are two main ways to use FlatSharp: Precompilation with .fbs files and runtime compilation using attributes on C# classes. Both of these produce and load the same code, so the performance will be identical. There are some good reasons to use precompilation over runtime compilation:

  • No runtime overhead -- Roslyn can take a little bit to spin up the first time
  • Fewer package dependencies
  • Better interop with other FlatBuffers languages via .fbs files
  • gRPC Support
  • Schema validation errors caught at build-time instead of runtime.
  • Better supported with other .NET toolchains (Unity / Blazor / etc)
Scenario FlatSharp.Runtime FlatSharp FlatSharp.Compiler
Ahead of Time Compilation
Runtime Compilation

License

FlatSharp is licensed under Apache 2.0.