Combine traits for IPC mutation and generation fuzzing plus other refactoring.

tools/ipc_fuzzer/mutate/fuzzer.h

Index: tools/ipc_fuzzer/mutate/fuzzer.h
diff --git a/tools/ipc_fuzzer/mutate/fuzzer.h b/tools/ipc_fuzzer/mutate/fuzzer.h
new file mode 100644
index 0000000000000000000000000000000000000000..17dd8f5ed0e0ed9ebaf1a75b2336b945c2d1e2f2
--- /dev/null
+++ b/tools/ipc_fuzzer/mutate/fuzzer.h
@@ -0,0 +1,87 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef TOOLS_IPC_FUZZER_MUTATE_FUZZER_H_
+#define TOOLS_IPC_FUZZER_MUTATE_FUZZER_H_
+
+#include <string>
+#include <vector>
+
+#include "base/basictypes.h"
+#include "base/strings/string_util.h"
+#include "ipc/ipc_message.h"
+#include "tools/ipc_fuzzer/message_lib/message_file.h"

[Tom Sepez, 2015/03/18 18:49:19]

Nit: does message_file.h need to be in this header, or can it move to a .cc
file?

+
+namespace ipc_fuzzer {
+
+// Interface implemented by those who generate basic types.  The types all
+// correspond to the types which a pickle from base/pickle.h can pickle,
+// plus the floating point types.
+class Fuzzer {
+ public:
+  // Functions for various data types.
+  virtual void FuzzBool(bool* value) = 0;
+  virtual void FuzzInt(int* value) = 0;
+  virtual void FuzzLong(long* value) = 0;
+  virtual void FuzzSize(size_t* value) = 0;
+  virtual void FuzzUChar(unsigned char* value) = 0;
+  virtual void FuzzWChar(wchar_t* value) = 0;
+  virtual void FuzzUInt16(uint16* value) = 0;
+  virtual void FuzzUInt32(uint32* value) = 0;
+  virtual void FuzzInt64(int64* value) = 0;
+  virtual void FuzzUInt64(uint64* value) = 0;
+  virtual void FuzzFloat(float* value) = 0;
+  virtual void FuzzDouble(double *value) = 0;
+  virtual void FuzzString(std::string* value) = 0;
+  virtual void FuzzString16(base::string16* value) = 0;
+  virtual void FuzzData(char* data, int length) = 0;
+  virtual void FuzzBytes(void* data, int data_len) = 0;
+
+  // Used to determine if a completely new value should be generated for
+  // certain types instead of attempting to modify the existing one.
+  virtual bool ShouldGenerate();
+};
+
+class NoOpFuzzer : public Fuzzer {
+ public:
+  NoOpFuzzer() {}
+  virtual ~NoOpFuzzer() {}
+
+  void FuzzBool(bool* value) override {}
+  void FuzzInt(int* value) override {}
+  void FuzzLong(long* value) override {}
+  void FuzzSize(size_t* value) override {}
+  void FuzzUChar(unsigned char* value) override {}
+  void FuzzWChar(wchar_t* value) override {}
+  void FuzzUInt16(uint16* value) override {}
+  void FuzzUInt32(uint32* value) override {}
+  void FuzzInt64(int64* value) override {}
+  void FuzzUInt64(uint64* value) override {}
+  void FuzzFloat(float* value) override {}
+  void FuzzDouble(double* value) override {}
+  void FuzzString(std::string* value) override {}
+  void FuzzString16(base::string16* value) override {}
+  void FuzzData(char* data, int length) override {}
+  void FuzzBytes(void* data, int data_len) override {}
+};
+
+typedef IPC::Message* (*FuzzerFunction)(IPC::Message*, Fuzzer*);
+
+// Used for mutating messages. Once populated, the map associates a message ID
+// with a FuzzerFunction used for mutation of that message type.
+typedef base::hash_map<uint32, FuzzerFunction> FuzzerFunctionMap;
+void PopulateFuzzerFunctionMap(FuzzerFunctionMap* map);
+
+// Used for generating new messages. Once populated, the vector contains
+// FuzzerFunctions for all message types that we know how to generate.
+typedef std::vector<FuzzerFunction> FuzzerFunctionVector;
+void PopulateFuzzerFunctionVector(FuzzerFunctionVector* function_vector);
+
+// Since IPC::Message can be serialized, we also track a global function vector
+// to handle generation of new messages while fuzzing.
+extern FuzzerFunctionVector g_function_vector;
+
+}  // namespace ipc_fuzzer
+
+#endif  // TOOLS_IPC_FUZZER_MUTATE_FUZZER_H_