Refactor IPC fuzzer.

tools/ipc_fuzzer/replay/replay_process.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "tools/ipc_fuzzer/replay/replay_process.h"
+
 #include <limits.h>
-#include <list>
-
+#include <string>
 #include "base/bind.h"
 #include "base/command_line.h"
-#include "base/files/memory_mapped_file.h"
+#include "base/files/file_path.h"
 #include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
-#include "base/message_loop/message_loop.h"
 #include "base/posix/global_descriptors.h"

[Tom Sepez, 2013/12/05 19:05:49]

Ok.  Would be nice if we didn't need posix-specific stuff, but I guess this is
conditionalized in the .gyp files, right? Yet there's an ifdef posix below. 
Maybe this needs an ifdef posix as well?

[aedla, 2013/12/05 23:16:21]

Yes, I made ipc_fuzzer target linux-only. I would really like to stick to POSIX.
Windows doesn't support --renderer-cmd-prefix. But even without that, I probably
won't have the time  or motivation to support Windows.

Removed the ifdef below.

 #include "base/stl_util.h"
-#include "base/synchronization/waitable_event.h"
-#include "base/threading/thread.h"
-#include "base/timer/timer.h"
 #include "chrome/common/chrome_switches.h"
-#include "ipc/ipc_channel_proxy.h"
 #include "ipc/ipc_descriptors.h"
-#include "ipc/ipc_listener.h"
-#include "ipc/ipc_message.h"
-#include "ipc/ipc_platform_file.h"
 #include "ipc/ipc_switches.h"
 
-namespace {
+namespace ipc_fuzzer {
 
-class IpcFuzzerProcess : public IPC::Listener {
- public:
-  IpcFuzzerProcess();
-  virtual ~IpcFuzzerProcess();
-
-  // Set up command line, logging, IO thread.
-  void Initialize(int argc, const char **argv);
-
-  // Open a channel to the browser process. It will think we are a renderer.
-  void OpenChannel();
-
-  // Extract messages from a file specified by --ipc-fuzzer-testcase=.
-  bool OpenTestcase();
-
-  // Trigger the sending of messages to the browser.
-  void StartSendingMessages();
-
-  // IPC::Listener implementation.
-  virtual bool OnMessageReceived(const IPC::Message& message) OVERRIDE;
-  virtual void OnChannelError() OVERRIDE;
-
- private:
-  bool ExtractMessages(const char *data, size_t len);
-  void SendNextMessage();
-
-  scoped_ptr<IPC::ChannelProxy> channel_;
-  base::MessageLoop main_loop_;
-  base::Thread io_thread_;
-  base::WaitableEvent shutdown_event_;
-  scoped_ptr<base::Timer> timer_;
-  scoped_ptr<base::MemoryMappedFile> testcase_map_;
-  std::list<IPC::Message*> messages_;
-
-  DISALLOW_COPY_AND_ASSIGN(IpcFuzzerProcess);
-};
-
-IpcFuzzerProcess::IpcFuzzerProcess()
+ReplayProcess::ReplayProcess()
     : main_loop_(base::MessageLoop::TYPE_DEFAULT),
       io_thread_("Chrome_ChildIOThread"),
       shutdown_event_(true, false) {
 }
 
-IpcFuzzerProcess::~IpcFuzzerProcess() {
+ReplayProcess::~ReplayProcess() {
   channel_.reset();
   STLDeleteElements(&messages_);
 }
 
-void IpcFuzzerProcess::Initialize(int argc, const char **argv) {
+void ReplayProcess::Initialize(int argc, const char **argv) {
   CommandLine::Init(argc, argv);
 
   // Log to default destination.
   logging::SetMinLogLevel(logging::LOG_ERROR);
   logging::InitLogging(logging::LoggingSettings());
 
   io_thread_.StartWithOptions(
       base::Thread::Options(base::MessageLoop::TYPE_IO, 0));
 
 #if defined(OS_POSIX)
   base::GlobalDescriptors* g_fds = base::GlobalDescriptors::GetInstance();
   g_fds->Set(kPrimaryIPCChannel,
              kPrimaryIPCChannel + base::GlobalDescriptors::kBaseDescriptor);
 #endif
 }
 
-void IpcFuzzerProcess::OpenChannel() {
+void ReplayProcess::OpenChannel() {
   std::string channel_name =
       CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
           switches::kProcessChannelID);
 
   channel_.reset(
       new IPC::ChannelProxy(channel_name,
                             IPC::Channel::MODE_CLIENT,
                             this,
                             io_thread_.message_loop_proxy()));
 }
 
-bool IpcFuzzerProcess::ExtractMessages(const char *data, size_t len) {
+bool ReplayProcess::ExtractMessages(const char *data, size_t len) {
   const char* end = data + len;
 
   while (data < end) {
     const char* message_tail = IPC::Message::FindNext(data, end);
     if (!message_tail)
       break;
 
     size_t len = message_tail - data;
     if (len > INT_MAX) {
       LOG(ERROR) << "Message too large";
       break;

[Tom Sepez, 2013/12/05 19:05:49]

return false here with error.  This is the only way data < end, below, no?

[aedla, 2013/12/05 23:16:21]

Ah, good catch. Another way to data < end below was !message_tail. Changed that
case to directly error out as well.

     }
 
     IPC::Message* message = new IPC::Message(data, len);
     messages_.push_back(message);
     data = message_tail;
   }
 
   if (data < end) {
     unsigned long left = end - data;
     LOG(ERROR) << left << " bytes left while extracting messages";
     return false;
   }
 
   return true;
 }
 
-bool IpcFuzzerProcess::OpenTestcase() {
+bool ReplayProcess::OpenTestcase() {
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
 
   if (!command_line.HasSwitch(switches::kIpcFuzzerTestcase)) {
     LOG(ERROR) << "No IPC fuzzer testcase specified";
     return false;
   }
 
   base::FilePath path =
       command_line.GetSwitchValuePath(switches::kIpcFuzzerTestcase);
   testcase_map_.reset(new base::MemoryMappedFile());
   if (!testcase_map_->Initialize(path)) {
     LOG(ERROR) << "Failed to map testcase: " << path.value();
     return false;
   }
 
   const char* data = reinterpret_cast<const char *>(testcase_map_->data());
   size_t len = testcase_map_->length();
 
   return ExtractMessages(data, len);
 }
 
-void IpcFuzzerProcess::SendNextMessage() {
+void ReplayProcess::SendNextMessage() {
   if (messages_.empty()) {
     base::MessageLoop::current()->Quit();
     return;
   }
 
   IPC::Message* message = messages_.front();
   messages_.pop_front();
 
   channel_->Send(message);

[Tom Sepez, 2013/12/05 19:05:49]

check return value.  this could fail.

[aedla, 2013/12/05 23:16:21]

ChannelProxy::Send() doesn't actually return false. But yeah, that could change.

 }
 
-void IpcFuzzerProcess::StartSendingMessages() {
+void ReplayProcess::Run() {
   timer_.reset(new base::Timer(false, true));
   timer_->Start(FROM_HERE,
                 base::TimeDelta::FromMilliseconds(1),
-                base::Bind(&IpcFuzzerProcess::SendNextMessage,
+                base::Bind(&ReplayProcess::SendNextMessage,
                            base::Unretained(this)));
+  base::MessageLoop::current()->Run();
 }
 
-bool IpcFuzzerProcess::OnMessageReceived(const IPC::Message& msg) {
+bool ReplayProcess::OnMessageReceived(const IPC::Message& msg) {
   return true;
 }
 
-void IpcFuzzerProcess::OnChannelError() {
+void ReplayProcess::OnChannelError() {
   LOG(ERROR) << "Channel error, quitting";
   base::MessageLoop::current()->Quit();
 }
 
-}  // namespace
-
-int main(int argc, const char **argv) {
-  IpcFuzzerProcess fuzzer;
-  fuzzer.Initialize(argc, argv);
-  fuzzer.OpenChannel();
-
-  if (!fuzzer.OpenTestcase())
-    return 0;
-
-  fuzzer.StartSendingMessages();
-
-  base::MessageLoop::current()->Run();
-  return 0;
-}
+}  // namespace ipc_fuzzer