Add a platform-specific syscall number iterator.

sandbox/linux/seccomp-bpf/syscall_iterator.h

Index: sandbox/linux/seccomp-bpf/syscall_iterator.h
diff --git a/sandbox/linux/seccomp-bpf/syscall_iterator.h b/sandbox/linux/seccomp-bpf/syscall_iterator.h
new file mode 100644
index 0000000000000000000000000000000000000000..6da63e5a851e2106a93e309cd9bba82fd88eb5ee
--- /dev/null
+++ b/sandbox/linux/seccomp-bpf/syscall_iterator.h
@@ -0,0 +1,44 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__
+#define SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__
+
+#include <stdint.h>
+
+namespace playground2 {
+
+class SyscallIterator {
+ public:
+  // Iterates over the entire system call range from 0..0xFFFFFFFFu. This

[jln (very slow on Chromium), 2012/10/12 20:26:52]

Style: This class comment should be above the class declaration

[Jorge Lucangeli Obes, 2012/10/13 01:39:30]

Done.

+  // iterator is aware of how system calls look like and will skip quickly
+  // over ranges that can't contain system calls. It iterates more slowly
+  // whenever it reaches a range that is potentially problematic. And it
+  // iterates over individual values whenever it is in the normal range for
+  // system calls (typically MIN_SYSCALL..MAX_SYSCALL).
+  // If "invalid_only" is "true", the iterator still iterates from
+  // 0..0xFFFFFFFFu, but it never returns values from the range of valid
+  // system call numbers. This feature can be used when verifying that all
+  // "impossible" system call values are treated the same.

[jln (very slow on Chromium), 2012/10/12 20:26:52]

This should be made more clear: with invalid_only, the iterator will only
iterate over invalid syscall number, and is at liberty to skip some system
calls.

[jln (very slow on Chromium), 2012/10/12 20:26:52]

The way to use the iterator is really weird:

You have to call iter.Next() at the beginning of a for loop to get an actual
value. Please give a short example here on how to use it.

I don't understand why this couldn't be a normal C++-style iterator with classic
iterator semantics.   Would you mind adding a TODO for Markus: investigate
switching to classic iterator smeantics ?

[Jorge Lucangeli Obes, 2012/10/13 01:39:30]

Done.

[Jorge Lucangeli Obes, 2012/10/13 01:39:30]

Done.

+  explicit SyscallIterator(bool invalid_only)
+        : invalid_only_(invalid_only),

[jln (very slow on Chromium), 2012/10/12 20:26:52]

Style: the colon should be indented 4 spaces.

[Jorge Lucangeli Obes, 2012/10/13 01:39:30]

Done.

+          done_(false),
+          num_(0) {}
+
+  bool Done() const { return done_; }
+  uint32_t Next();
+  static bool IsValid(uint32_t num);
+
+ private:
+  static bool IsArmPrivate(uint32_t num);
+
+  bool     invalid_only_;
+  bool     done_;
+  uint32_t num_;
+};

[jln (very slow on Chromium), 2012/10/12 20:26:52]

DISALLOW_COPY_AND_ASSIGN ?

[Jorge Lucangeli Obes, 2012/10/13 01:39:30]

Done.

+
+}  // namespace
+
+#endif  // SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__
+