Added a new Verifier class to the BPF compiler.

sandbox/linux/seccomp-bpf/sandbox_bpf.h

Index: sandbox/linux/seccomp-bpf/sandbox_bpf.h
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.h b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
index 3501e62807ffdb77882c354efe33b7625fb4e64b..0d8b754c1044fe80b025de9aca52c479b56bd640 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.h
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.h
@@ -108,6 +108,10 @@ struct arch_seccomp_data {
 #ifdef SECCOMP_BPF_STANDALONE
 #define arraysize(x) sizeof(x)/sizeof(*(x)))
 #define HANDLE_EINTR TEMP_FAILURE_RETRY
+#define DISALLOW_IMPLICIT_CONSTRUCTORS(TypeName) \

[jln (very slow on Chromium), 2012/06/08 19:28:22]

If/once we make demo.cc a proper test in Chrome, I think we should re-use what's
already provided in base::
But yes, it's convenient to have independent code for now.

+  TypeName();                                    \
+  TypeName(const TypeName&);                     \
+  void operator=(const TypeName&)
 #endif
 
 
@@ -115,6 +119,7 @@ namespace playground2 {
 
 class Sandbox {
   friend class Util;
+  friend class Verifier;
 
  public:
   enum SandboxStatus {
@@ -153,6 +158,7 @@ class Sandbox {
   typedef ErrorCode (*EvaluateSyscall)(int sysno);
   typedef int       (*EvaluateArguments)(int sysno, int arg,
                                          Constraint *constraint);
+  typedef std::vector<std::pair<EvaluateSyscall,EvaluateArguments> >Evaluators;
 
   // There are a lot of reasons why the Seccomp sandbox might not be available.
   // This could be because the kernel does not support Seccomp mode, or it
@@ -235,8 +241,7 @@ class Sandbox {
   static bool          suppressLogging_;
   static SandboxStatus status_;
   static int           proc_fd_;
-  static std::vector<std::pair<EvaluateSyscall,
-                               EvaluateArguments> > evaluators_;
+  static Evaluators    evaluators_;
 };
 
 }  // namespace