Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'"

This reverts commit 4e797ddbbc, reversing
changes made to 3ac28ba5a2.

CHANGES

@@ -1,17 +1,3 @@
-6.0.0-dev.673 | 2023-05-26 14:55:40 -0700
-
-  * change base scripts to use run-time if's or @if ... &analyze (Vern Paxson, Corelight)
-
-  * a number of BTests updated with @if ... &analyze (Vern Paxson, Corelight)
-
-  * BTests for new @if ... &analyze functionality (Vern Paxson, Corelight)
-
-  * "if ( ... ) &analyze" language feature (Vern Paxson, Corelight)
-
-  * classes for tracking "@if (...) &analyze" notion of code being/not being "activated" (Vern Paxson, Corelight)
-
-  * RemoveGlobal() method for Scope class + simplifying interfaces (Vern Paxson, Corelight)
-
 6.0.0-dev.662 | 2023-05-26 20:51:43 +0200
 
   * Update ZeekJS submodule to 0.9.1 (Arne Welzel, Corelight)

VERSION

@@ -1 +1 @@
-6.0.0-dev.673
+6.0.0-dev.664

doc

@@ -1 +1 @@
-Subproject commit b7007f4bd37d0616a60d24ec7440650dac31a036
+Subproject commit 3d2d9560b65031e095e5bb399067cde4ac53fbd8

scripts/base/files/x509/main.zeek

@@ -143,8 +143,10 @@ event zeek_init() &priority=5
 	Files::register_for_mime_type(Files::ANALYZER_SHA256, "application/x-x509-ca-cert");
 	Files::register_for_mime_type(Files::ANALYZER_SHA256, "application/pkix-cert");
 
-	if ( Cluster::is_enabled() && known_log_certs_use_broker )
+@if ( Cluster::is_enabled() )
+	if ( known_log_certs_use_broker )
 		known_log_certs = known_log_certs_with_broker;
+@endif
 	}
 
 hook Files::log_policy(rec: Files::Info, id: Log::ID, filter: Log::Filter) &priority=5

scripts/base/frameworks/cluster/broker-stores.zeek

@@ -18,11 +18,11 @@ export {
 
 # If we are not the manager, disable automatically generating masters. We will attach
 # clones instead.
-@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER ) &analyze
+@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
 redef Broker::table_store_master = F;
 @endif
 
-@if ( Broker::table_store_master ) &analyze
+@if ( Broker::table_store_master )
 
 global broker_backed_ids: set[string];
 

scripts/base/frameworks/cluster/main.zeek

@@ -347,7 +347,7 @@ function nodeid_topic(id: string): string
 	return nodeid_topic_prefix + id + "/";
 	}
 
-@if ( Cluster::is_enabled() ) &analyze
+@if ( Cluster::is_enabled() )
 
 event Cluster::hello(name: string, id: string) &priority=10
 	{
@@ -383,6 +383,9 @@ event Cluster::hello(name: string, id: string) &priority=10
 
 event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) &priority=10
 	{
+	if ( ! Cluster::is_enabled() )
+		return;
+
 	local e = Broker::make_event(Cluster::hello, node, Broker::node_id());
 	Broker::publish(nodeid_topic(endpoint$id), e);
 	}

scripts/base/frameworks/cluster/nodes/logger.zeek

@@ -64,7 +64,7 @@ function archiver_rotation_format_func(ri: Log::RotationFmtInfo): Log::RotationP
 	return rval;
 	}
 
-@if ( Supervisor::is_supervised() ) &analyze
+@if ( Supervisor::is_supervised() )
 
 redef Log::default_rotation_dir = "log-queue";
 

scripts/base/frameworks/cluster/nodes/manager.zeek

@@ -19,7 +19,7 @@ redef Log::enable_remote_logging = T;
 ## Log rotation interval.
 redef Log::default_rotation_interval = 24 hrs;
 
-@if ( ! Supervisor::is_supervised() ) &analyze
+@if ( ! Supervisor::is_supervised() )
 ## Use the cluster's delete-log script.
 redef Log::default_rotation_postprocessor_cmd = "delete-log";
 @endif

scripts/base/frameworks/cluster/nodes/proxy.zeek

@@ -13,7 +13,7 @@ redef Log::enable_remote_logging = T;
 
 redef Log::default_rotation_interval = 24hrs;
 
-@if ( ! Supervisor::is_supervised() ) &analyze
+@if ( ! Supervisor::is_supervised() )
 ## Use the cluster's delete-log script.
 redef Log::default_rotation_postprocessor_cmd = "delete-log";
 @endif

scripts/base/frameworks/cluster/nodes/worker.zeek

@@ -12,7 +12,7 @@ redef Log::enable_remote_logging = T;
 
 redef Log::default_rotation_interval = 24hrs;
 
-@if ( ! Supervisor::is_supervised() ) &analyze
+@if ( ! Supervisor::is_supervised() )
 ## Use the cluster's delete-log script.
 redef Log::default_rotation_postprocessor_cmd = "delete-log";
 @endif

scripts/base/frameworks/config/main.zeek

@@ -47,6 +47,7 @@ export {
 	global set_value: function(ID: string, val: any, location: string &default = ""): bool;
 }
 
+@if ( Cluster::is_enabled() )
 type OptionCacheValue: record {
 	val: any;
 	location: string;
@@ -56,21 +57,18 @@ global option_cache: table[string] of OptionCacheValue;
 
 global Config::cluster_set_option: event(ID: string, val: any, location: string);
 
-@if ( Cluster::is_enabled() ) &analyze
+function broadcast_option(ID: string, val: any, location: string) &is_used
-
-function broadcast_option(ID: string, val: any, location: string)
 	{
 	for ( topic in Cluster::broadcast_topics )
 		Broker::publish(topic, Config::cluster_set_option, ID, val, location);
 	}
 
-event Config::cluster_set_option(ID: string, val: any, location: string) &is_used
+event Config::cluster_set_option(ID: string, val: any, location: string)
 	{
-	if ( Cluster::local_node_type() == Cluster::MANAGER )
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
-		{
+	option_cache[ID] = OptionCacheValue($val=val, $location=location);
-		option_cache[ID] = OptionCacheValue($val=val, $location=location);
+	broadcast_option(ID, val, location);
-		broadcast_option(ID, val, location);
+@endif
-		}
 
 	Option::set(ID, val, location);
 	}
@@ -87,14 +85,13 @@ function set_value(ID: string, val: any, location: string &default = ""): bool
 	if ( ! Option::set(ID, val, location) )
 		return F;
 
-	if ( Cluster::local_node_type() == Cluster::MANAGER )
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
-		{
+	option_cache[ID] = OptionCacheValue($val=val, $location=location);
-		option_cache[ID] = OptionCacheValue($val=val, $location=location);
+	broadcast_option(ID, val, location);
-		broadcast_option(ID, val, location);
+@else
-		}
+	Broker::publish(Cluster::manager_topic, Config::cluster_set_option,
-	else
+	                ID, val, location);
-		Broker::publish(Cluster::manager_topic, Config::cluster_set_option,
+@endif
-				ID, val, location);
 
 	return T;
 	}
@@ -105,7 +102,7 @@ function set_value(ID: string, val: any, location: string &default = ""): bool
 	}
 @endif # Cluster::is_enabled
 
-@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
 # Handling of new worker nodes.
 event Cluster::node_up(name: string, id: string) &priority=-10
 	{
@@ -159,9 +156,10 @@ event zeek_init() &priority=10
 	Log::create_stream(LOG, [$columns=Info, $ev=log_config, $path="config", $policy=log_policy]);
 
 	# Limit logging to the manager - everyone else just feeds off it.
-	if ( !Cluster::is_enabled() || Cluster::local_node_type() == Cluster::MANAGER )
+@if ( !Cluster::is_enabled() || Cluster::local_node_type() == Cluster::MANAGER )
-		# Iterate over all existing options and add ourselves as change handlers
+	# Iterate over all existing options and add ourselves as change handlers
-		# with a low priority so that we can log the changes.
+	# with a low priority so that we can log the changes.
-		for ( opt in global_options() )
+	for ( opt in global_options() )
-			Option::set_change_handler(opt, config_option_changed, -100);
+		Option::set_change_handler(opt, config_option_changed, -100);
+@endif
 	}

scripts/base/frameworks/intel/cluster.zeek

@@ -17,11 +17,11 @@ global insert_indicator: event(item: Item) &is_used;
 const send_store_on_node_up = T &redef;
 
 # If this process is not a manager process, we don't want the full metadata.
-@if ( Cluster::local_node_type() != Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() != Cluster::MANAGER )
 redef have_full_data = F;
 @endif
 
-@if ( Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
 event zeek_init()
 	{
 	Broker::auto_publish(Cluster::worker_topic, remove_indicator);
@@ -73,7 +73,7 @@ event Intel::match_remote(s: Seen) &priority=5
 	}
 @endif
 
-@if ( Cluster::local_node_type() == Cluster::WORKER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::WORKER )
 event zeek_init()
 	{
 	Broker::auto_publish(Cluster::manager_topic, match_remote);
@@ -94,7 +94,7 @@ event Intel::insert_indicator(item: Intel::Item) &priority=5
 	}
 @endif
 
-@if ( Cluster::local_node_type() == Cluster::PROXY ) &analyze
+@if ( Cluster::local_node_type() == Cluster::PROXY )
 event Intel::insert_indicator(item: Intel::Item) &priority=5
 	{
 	# Just forwarding from manager to workers.

scripts/base/frameworks/netcontrol/cluster.zeek

@@ -16,7 +16,7 @@ export {
 	global cluster_netcontrol_delete_rule: event(id: string, reason: string);
 }
 
-@if ( Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
 event zeek_init()
 	{
 	Broker::auto_publish(Cluster::worker_topic, NetControl::rule_added);
@@ -93,7 +93,7 @@ function remove_rule(id: string, reason: string &default="") : bool
 		}
 	}
 
-@if ( Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
 event NetControl::cluster_netcontrol_delete_rule(id: string, reason: string)
 	{
 	delete_rule_impl(id, reason);
@@ -147,7 +147,7 @@ event rule_error(r: Rule, p: PluginState, msg: string) &priority=-5
 @endif
 
 # Workers use the events to keep track in their local state tables
-@if ( Cluster::local_node_type() != Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() != Cluster::MANAGER )
 
 event rule_new(r: Rule) &priority=5
 	{

scripts/base/frameworks/notice/actions/pp-alarms.zeek

@@ -153,17 +153,16 @@ function pretty_print_alarm(out: file, n: Info)
 	{
 	local pdescr = "";
 
-	if ( Cluster::is_enabled() )
+@if ( Cluster::is_enabled() )
-		{
+	pdescr = "local";
-		pdescr = "local";
 
-		if ( n?$peer_descr )
+	if ( n?$peer_descr )
-			pdescr = n$peer_descr;
+		pdescr = n$peer_descr;
-		else if ( n?$peer_name )
+	else if ( n?$peer_name )
-			pdescr = n$peer_name;
+		pdescr = n$peer_name;
 
-		pdescr = fmt("<%s> ", pdescr);
+	pdescr = fmt("<%s> ", pdescr);
-		}
+@endif
 
 	local msg = fmt( "%s%s", pdescr, n$msg);
 

scripts/base/frameworks/notice/main.zeek

@@ -539,9 +539,9 @@ hook Notice::notice(n: Notice::Info) &priority=-5
 		{
 		event Notice::begin_suppression(n$ts, n$suppress_for, n$note, n$identifier);
 		suppressing[n$note, n$identifier] = n$ts + n$suppress_for;
-
+@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
-		if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
+		event Notice::manager_begin_suppression(n$ts, n$suppress_for, n$note, n$identifier);
-			event Notice::manager_begin_suppression(n$ts, n$suppress_for, n$note, n$identifier);
+@endif
 		}
 	}
 
@@ -552,7 +552,7 @@ event Notice::begin_suppression(ts: time, suppress_for: interval, note: Type,
 	suppressing[note, identifier] = suppress_until;
 	}
 
-@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
 event zeek_init()
 	{
 	Broker::auto_publish(Cluster::worker_topic, Notice::begin_suppression);
@@ -566,7 +566,7 @@ event Notice::manager_begin_suppression(ts: time, suppress_for: interval, note:
 	}
 @endif
 
-@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER ) &analyze
+@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
 event zeek_init()
 	{
 	Broker::auto_publish(Cluster::manager_topic, Notice::manager_begin_suppression);
@@ -644,14 +644,13 @@ function apply_policy(n: Notice::Info)
 	if ( ! n?$ts )
 		n$ts = network_time();
 
-	if ( Cluster::is_enabled() )
+@if ( Cluster::is_enabled() )
-		{
+	if ( ! n?$peer_name )
-		if ( ! n?$peer_name )
+		n$peer_name = Cluster::node;
-			n$peer_name = Cluster::node;
 
-		if ( ! n?$peer_descr )
+	if ( ! n?$peer_descr )
-			n$peer_descr = Cluster::node;
+		n$peer_descr = Cluster::node;
-		}
+@endif
 
 	if ( n?$f )
 		populate_file_info(n$f, n);

scripts/base/frameworks/openflow/cluster.zeek

@@ -13,7 +13,7 @@ export {
 	global cluster_flow_clear: event(name: string);
 }
 
-@if ( Cluster::local_node_type() != Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() != Cluster::MANAGER )
 # Workers need ability to forward commands to manager.
 event zeek_init()
 	{
@@ -49,7 +49,7 @@ function flow_clear(controller: Controller): bool
 	return T;
 	}
 
-@if ( Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
 event OpenFlow::cluster_flow_mod(name: string, match: ofp_match, flow_mod: ofp_flow_mod)
 	{
 	if ( name !in name_to_controller )

scripts/base/frameworks/software/main.zeek

@@ -544,10 +544,11 @@ function found(id: conn_id, info: Info): bool
 		return F;
 		}
 
-	if ( Cluster::is_enabled() )
+	@if ( Cluster::is_enabled() )
 		Cluster::publish_hrw(Cluster::proxy_pool, info$host, Software::new, info);
-	else
+	@else
 		event Software::new(info);
+	@endif
 
 	return T;
 	}

scripts/base/frameworks/sumstats/cluster.zeek

@@ -59,7 +59,7 @@ export {
 # intermediate updates so they don't overwhelm the manager.
 global recent_global_view_keys: set[string, Key] &create_expire=1min;
 
-@if ( Cluster::local_node_type() != Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() != Cluster::MANAGER )
 
 event zeek_init() &priority=100
 	{
@@ -207,7 +207,7 @@ function request_key(ss_name: string, key: Key): Result
 @endif
 
 
-@if ( Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
 
 event zeek_init() &priority=100
 	{

scripts/base/frameworks/telemetry/cluster.zeek

@@ -12,7 +12,7 @@
 redef Broker::metrics_export_endpoint_name = Cluster::node;
 
 # The manager opens port 9911 and imports metrics from all nodes by default.
-@if ( Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
 redef Broker::metrics_port = 9911/tcp;
 redef Broker::metrics_import_topics = vector("zeek/cluster/metrics/");
 

scripts/base/misc/find-filtered-trace.zeek

@@ -28,7 +28,7 @@ function should_detect(): bool &is_used
 	return F;
 	}
 
-@if ( should_detect() ) &analyze
+@if ( should_detect() )
 
 global saw_tcp_conn_with_data: bool = F;
 global saw_a_tcp_conn: bool = F;

scripts/base/protocols/dhcp/main.zeek

@@ -134,7 +134,7 @@ event zeek_init() &priority=5
 	Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, ports);
 	}
 
-@if ( Cluster::is_enabled() ) &analyze
+@if ( Cluster::is_enabled() )
 event zeek_init()
 	{
 	Broker::auto_publish(Cluster::manager_topic, DHCP::aggregate_msgs);
@@ -180,7 +180,7 @@ global join_data: table[count] of Info = table()
 
 
 
-@if ( ! Cluster::is_enabled() || Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( ! Cluster::is_enabled() || Cluster::local_node_type() == Cluster::MANAGER )
 # We are handling this event at priority 1000 because we really want
 # the DHCP::log_info global to be set correctly before a user might try
 # to access it.

scripts/base/protocols/ftp/main.zeek

@@ -216,30 +216,27 @@ function ftp_message(c: connection)
 	delete s$data_channel;
 	}
 
-const cluster_is_enabled = Cluster::is_enabled();
-const should_publish =
-	Cluster::local_node_type() == Cluster::PROXY ||
-	Cluster::local_node_type() == Cluster::MANAGER;
-
 event sync_add_expected_data(s: Info, chan: ExpectedDataChannel) &is_used
 	{
-	if ( should_publish )
+@if ( Cluster::local_node_type() == Cluster::PROXY ||
-		Broker::publish(Cluster::worker_topic, sync_add_expected_data, minimize_info(s), chan);
+      Cluster::local_node_type() == Cluster::MANAGER )
-	else
+	Broker::publish(Cluster::worker_topic, sync_add_expected_data, minimize_info(s), chan);
-		{
+@else
-		ftp_data_expected[chan$resp_h, chan$resp_p] = s;
+	ftp_data_expected[chan$resp_h, chan$resp_p] = s;
-		Analyzer::schedule_analyzer(chan$orig_h, chan$resp_h, chan$resp_p,
+	Analyzer::schedule_analyzer(chan$orig_h, chan$resp_h, chan$resp_p,
-					    Analyzer::ANALYZER_FTP_DATA,
+	                            Analyzer::ANALYZER_FTP_DATA,
-					    5mins);
+	                            5mins);
-		}
+@endif
 	}
 
 event sync_remove_expected_data(resp_h: addr, resp_p: port) &is_used
 	{
-	if ( should_publish )
+@if ( Cluster::local_node_type() == Cluster::PROXY ||
-		Broker::publish(Cluster::worker_topic, sync_remove_expected_data, resp_h, resp_p);
+      Cluster::local_node_type() == Cluster::MANAGER )
-	else
+	Broker::publish(Cluster::worker_topic, sync_remove_expected_data, resp_h, resp_p);
-		delete ftp_data_expected[resp_h, resp_p];
+@else
+	delete ftp_data_expected[resp_h, resp_p];
+@endif
 	}
 
 function add_expected_data_channel(s: Info, chan: ExpectedDataChannel)
@@ -250,8 +247,9 @@ function add_expected_data_channel(s: Info, chan: ExpectedDataChannel)
 	Analyzer::schedule_analyzer(chan$orig_h, chan$resp_h, chan$resp_p,
 	                            Analyzer::ANALYZER_FTP_DATA,
 	                            5mins);
-	if ( cluster_is_enabled )
+@if ( Cluster::is_enabled() )
-		Broker::publish(ftp_relay_topic(), sync_add_expected_data, minimize_info(s), chan);
+	Broker::publish(ftp_relay_topic(), sync_add_expected_data, minimize_info(s), chan);
+@endif
 	}
 
 event ftp_request(c: connection, command: string, arg: string) &priority=5
@@ -466,8 +464,9 @@ hook finalize_ftp_data(c: connection)
 	if ( [c$id$resp_h, c$id$resp_p] in ftp_data_expected )
 		{
 		delete ftp_data_expected[c$id$resp_h, c$id$resp_p];
-		if ( cluster_is_enabled )
+@if ( Cluster::is_enabled() )
-			Broker::publish(ftp_relay_topic(), sync_remove_expected_data, c$id$resp_h, c$id$resp_p);
+		Broker::publish(ftp_relay_topic(), sync_remove_expected_data, c$id$resp_h, c$id$resp_p);
+@endif
 		}
 	}
 

scripts/base/protocols/irc/dcc-send.zeek

@@ -44,29 +44,26 @@ function dcc_relay_topic(): string &is_used
 	return rval;
 	}
 
-const cluster_is_enabled = Cluster::is_enabled();
-const should_publish =
-	Cluster::local_node_type() == Cluster::PROXY ||
-	Cluster::local_node_type() == Cluster::MANAGER;
-
 event dcc_transfer_add(host: addr, p: port, info: Info) &is_used
 	{
-	if ( should_publish )
+@if ( Cluster::local_node_type() == Cluster::PROXY ||
-		Broker::publish(Cluster::worker_topic, dcc_transfer_add, host, p, info);
+      Cluster::local_node_type() == Cluster::MANAGER )
-	else
+    Broker::publish(Cluster::worker_topic, dcc_transfer_add, host, p, info);
-		{
+@else
-		dcc_expected_transfers[host, p] = info;
+	dcc_expected_transfers[host, p] = info;
-		Analyzer::schedule_analyzer(0.0.0.0, host, p,
+	Analyzer::schedule_analyzer(0.0.0.0, host, p,
-					    Analyzer::ANALYZER_IRC_DATA, 5 min);
+	                            Analyzer::ANALYZER_IRC_DATA, 5 min);
-		}
+@endif
 	}
 
 event dcc_transfer_remove(host: addr, p: port) &is_used
 	{
-	if ( should_publish )
+@if ( Cluster::local_node_type() == Cluster::PROXY ||
-		Broker::publish(Cluster::worker_topic, dcc_transfer_remove, host, p);
+      Cluster::local_node_type() == Cluster::MANAGER )
-	else
+    Broker::publish(Cluster::worker_topic, dcc_transfer_remove, host, p);
-		delete dcc_expected_transfers[host, p];
+@else
+	delete dcc_expected_transfers[host, p];
+@endif
 	}
 
 function log_dcc(f: fa_file)
@@ -92,9 +89,10 @@ function log_dcc(f: fa_file)
 
 		delete dcc_expected_transfers[cid$resp_h, cid$resp_p];
 
-		if ( cluster_is_enabled )
+@if ( Cluster::is_enabled() )
-			Broker::publish(dcc_relay_topic(), dcc_transfer_remove,
+		Broker::publish(dcc_relay_topic(), dcc_transfer_remove,
-					cid$resp_h, cid$resp_p);
+		                cid$resp_h, cid$resp_p);
+@endif
 		return;
 		}
 	}
@@ -119,8 +117,9 @@ event irc_dcc_message(c: connection, is_orig: bool,
 	Analyzer::schedule_analyzer(0.0.0.0, address, p, Analyzer::ANALYZER_IRC_DATA, 5 min);
 	dcc_expected_transfers[address, p] = c$irc;
 
-	if ( cluster_is_enabled )
+@if ( Cluster::is_enabled() )
-		Broker::publish(dcc_relay_topic(), dcc_transfer_add, address, p, c$irc);
+	Broker::publish(dcc_relay_topic(), dcc_transfer_add, address, p, c$irc);
+@endif
 	}
 
 event scheduled_analyzer_applied(c: connection, a: Analyzer::Tag) &priority=10
@@ -139,8 +138,9 @@ hook finalize_irc_data(c: connection)
 		{
 		delete dcc_expected_transfers[c$id$resp_h, c$id$resp_p];
 
-		if ( cluster_is_enabled )
+@if ( Cluster::is_enabled() )
-			Broker::publish(dcc_relay_topic(), dcc_transfer_remove,
+		Broker::publish(dcc_relay_topic(), dcc_transfer_remove,
-					c$id$resp_h, c$id$resp_p);
+		                c$id$resp_h, c$id$resp_p);
+@endif
 		}
 	}

scripts/policy/frameworks/management/persistence.zeek

@@ -8,7 +8,7 @@
 
 # For testing, keep persistent state local to the current working directory,
 # and disable log rotation.
-@if ( getenv("ZEEK_MANAGEMENT_TESTING") != "" ) &analyze
+@if ( getenv("ZEEK_MANAGEMENT_TESTING") != "" )
 
 redef Management::spool_dir = ".";
 redef Management::state_dir = ".";
@@ -21,7 +21,7 @@ redef Log::default_rotation_interval = 0 secs;
 # config with the Supervisor; see base/frameworks/cluster/nodes/logger.zeek.
 redef Log::default_rotation_dir = build_path(Management::get_spool_dir(), "log-queue");
 
-@if ( getenv("ZEEK_MANAGEMENT_NODE") != "" ) &analyze
+@if ( getenv("ZEEK_MANAGEMENT_NODE") != "" )
 
 # Management agents and controllers don't have loggers, nor their configuration,
 # so establish a similar one here:

scripts/policy/frameworks/netcontrol/catch-and-release.zeek

@@ -198,25 +198,21 @@ function populate_log_record(ip: addr, bi: BlockInfo, action: CatchReleaseAction
 	return log;
 	}
 
-const cluster_is_enabled = Cluster::is_enabled();
-const is_mgr = cluster_is_enabled && Cluster::local_node_type() == Cluster::MANAGER;
-const is_not_mgr = cluster_is_enabled && Cluster::local_node_type() != Cluster::MANAGER;
-
-const single_enforcement_point = ! cluster_is_enabled || is_mgr;
-
 function per_block_interval(t: table[addr] of BlockInfo, idx: addr): interval
 	{
 	local remaining_time = t[idx]$watch_until - network_time();
 	if ( remaining_time < 0secs )
 		remaining_time = 0secs;
 
-	if ( single_enforcement_point && remaining_time == 0 secs )
+@if ( ! Cluster::is_enabled() || ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) )
+	if ( remaining_time == 0secs )
 		{
 		local log = populate_log_record(idx, t[idx], FORGOTTEN);
 		Log::write(CATCH_RELEASE, log);
 
 		event NetControl::catch_release_forgotten(idx, t[idx]);
 		}
+@endif
 
 	return remaining_time;
 	}
@@ -229,9 +225,9 @@ global blocks: table[addr] of BlockInfo = {}
 	&expire_func=per_block_interval;
 
 
-@if ( cluster_is_enabled ) &analyze
+@if ( Cluster::is_enabled() )
 
-@if ( is_mgr ) &analyze
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
 event zeek_init()
 	{
 	Broker::auto_publish(Cluster::worker_topic, NetControl::catch_release_block_new);
@@ -263,7 +259,7 @@ function cr_check_rule(r: Rule): bool
 		return F;
 	}
 
-@if ( single_enforcement_point ) &analyze
+@if ( ! Cluster::is_enabled() || ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) )
 
 event rule_added(r: Rule, p: PluginState, msg: string)
 	{
@@ -301,7 +297,7 @@ event rule_timeout(r: Rule, i: FlowInfo, p: PluginState)
 
 @endif
 
-@if ( is_mgr ) &analyze
+@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
 event catch_release_add(a: addr, location: string)
 	{
 	drop_address_catch_release(a, location);
@@ -318,7 +314,7 @@ event catch_release_encountered(a: addr)
 	}
 @endif
 
-@if ( is_not_mgr ) &analyze
+@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
 event catch_release_block_new(a: addr, b: BlockInfo)
 	{
 	blocks[a] = b;
@@ -331,7 +327,7 @@ event catch_release_block_delete(a: addr)
 	}
 @endif
 
-@if ( is_mgr ) &analyze
+@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
 @endif
 
 function get_catch_release_info(a: addr): BlockInfo
@@ -364,50 +360,46 @@ function drop_address_catch_release(a: addr, location: string &default=""): Bloc
 		bi = BlockInfo($watch_until=network_time()+catch_release_intervals[1], $current_interval=0, $current_block_id=r$id);
 		if ( location != "" )
 			bi$location = location;
-
+@if ( ! Cluster::is_enabled() || ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) )
-		if ( single_enforcement_point )
+		log = populate_log_record(a, bi, ADDED);
-			{
+		log$message = "Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic.";
-			log = populate_log_record(a, bi, ADDED);
+		Log::write(CATCH_RELEASE, log);
-			log$message = "Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic.";
+		blocks[a] = bi;
-			Log::write(CATCH_RELEASE, log);
+		event NetControl::catch_release_block_new(a, bi);
-			blocks[a] = bi;
+@endif
-			event NetControl::catch_release_block_new(a, bi);
+@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
-			}
+		event NetControl::catch_release_add(a, location);
-
+@endif
-		if ( is_not_mgr )
-			event NetControl::catch_release_add(a, location);
-
 		return bi;
 		}
 
 	local block_interval = catch_release_intervals[0];
 
-	if ( single_enforcement_point )
+@if ( ! Cluster::is_enabled() || ( Cluster::is_enabled()  && Cluster::local_node_type() == Cluster::MANAGER ) )
-		{
+	local ret = drop_address(a, block_interval, location);
-		local ret = drop_address(a, block_interval, location);
 
-		if ( ret != "" )
+	if ( ret != "" )
-			{
-			bi = BlockInfo($watch_until=network_time()+catch_release_intervals[1], $block_until=network_time()+block_interval, $current_interval=0, $current_block_id=ret);
-			if ( location != "" )
-				bi$location = location;
-			blocks[a] = bi;
-			event NetControl::catch_release_block_new(a, bi);
-			blocks[a] = bi;
-			log = populate_log_record(a, bi, DROP_REQUESTED);
-			Log::write(CATCH_RELEASE, log);
-			return bi;
-			}
-		Reporter::error(fmt("Catch and release could not add block for %s; failing.", a));
-		return BlockInfo($watch_until=double_to_time(0), $current_interval=0, $current_block_id="");
-		}
-
-	if ( is_not_mgr )
 		{
-		bi = BlockInfo($watch_until=network_time()+catch_release_intervals[1], $block_until=network_time()+block_interval, $current_interval=0, $current_block_id="");
+		bi = BlockInfo($watch_until=network_time()+catch_release_intervals[1], $block_until=network_time()+block_interval, $current_interval=0, $current_block_id=ret);
-		event NetControl::catch_release_add(a, location);
+		if ( location != "" )
+			bi$location = location;
+		blocks[a] = bi;
+		event NetControl::catch_release_block_new(a, bi);
+		blocks[a] = bi;
+		log = populate_log_record(a, bi, DROP_REQUESTED);
+		Log::write(CATCH_RELEASE, log);
 		return bi;
 		}
+	Reporter::error(fmt("Catch and release could not add block for %s; failing.", a));
+	return BlockInfo($watch_until=double_to_time(0), $current_interval=0, $current_block_id="");
+@endif
+
+@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
+	bi = BlockInfo($watch_until=network_time()+catch_release_intervals[1], $block_until=network_time()+block_interval, $current_interval=0, $current_block_id="");
+	event NetControl::catch_release_add(a, location);
+	return bi;
+@endif
+
 	}
 
 function unblock_address_catch_release(a: addr, reason: string &default=""): bool
@@ -415,22 +407,22 @@ function unblock_address_catch_release(a: addr, reason: string &default=""): boo
 	if ( a !in blocks )
 		return F;
 
-	if ( single_enforcement_point )
+@if ( ! Cluster::is_enabled() || ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) )
-		{
+	local bi = blocks[a];
-		local bi = blocks[a];
+	local log = populate_log_record(a, bi, UNBLOCK);
-		local log = populate_log_record(a, bi, UNBLOCK);
+	if ( reason != "" )
-		if ( reason != "" )
+		log$message = reason;
-			log$message = reason;
+	Log::write(CATCH_RELEASE, log);
-		Log::write(CATCH_RELEASE, log);
+	delete blocks[a];
-		delete blocks[a];
+	if ( bi?$block_until && bi$block_until > network_time() && bi$current_block_id != "" )
-		if ( bi?$block_until && bi$block_until > network_time() && bi$current_block_id != "" )
+		remove_rule(bi$current_block_id, reason);
-			remove_rule(bi$current_block_id, reason);
+@endif
-		}
+@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
-
+	event NetControl::catch_release_block_delete(a);
-	if ( is_mgr )
+@endif
-		event NetControl::catch_release_block_delete(a);
+@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
-	else if ( is_not_mgr )
+	event NetControl::catch_release_delete(a, reason);
-		event NetControl::catch_release_delete(a, reason);
+@endif
 
 	return T;
 	}
@@ -439,66 +431,66 @@ function catch_release_seen(a: addr)
 	{
 	if ( a in blocks )
 		{
+@if ( ! Cluster::is_enabled() || ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) )
 		local bi = blocks[a];
+		local log: CatchReleaseInfo;
+		local e = Entity($ty=ADDRESS, $ip=addr_to_subnet(a));
 
-		if ( single_enforcement_point )
+		if ( [e,DROP] in rule_entities )
 			{
-			local log: CatchReleaseInfo;
+			if ( catch_release_warn_blocked_ip_encountered == F )
-			local e = Entity($ty=ADDRESS, $ip=addr_to_subnet(a));
-
-			if ( [e,DROP] in rule_entities )
-				{
-				if ( catch_release_warn_blocked_ip_encountered == F )
-					return;
-
-				# This should be blocked - block has not been applied yet by hardware? Ignore for the moment...
-				log = populate_log_record(a, bi, INFO);
-				log$action = INFO;
-				log$message = "Block seen while in rule_entities. No action taken.";
-				Log::write(CATCH_RELEASE, log);
 				return;
-				}
 
-			# ok, this one returned again while still in the backoff period.
+			# This should be blocked - block has not been applied yet by hardware? Ignore for the moment...
-
+			log = populate_log_record(a, bi, INFO);
-			local try = bi$current_interval;
+			log$action = INFO;
-			if ( (try+1) in catch_release_intervals )
+			log$message = "Block seen while in rule_entities. No action taken.";
-				++try;
-
-			bi$current_interval = try;
-			if ( (try+1) in catch_release_intervals )
-				bi$watch_until = network_time() + catch_release_intervals[try+1];
-			else
-				bi$watch_until = network_time() + catch_release_intervals[try];
-
-			bi$block_until = network_time() + catch_release_intervals[try];
-			++bi$num_reblocked;
-
-			local block_interval = catch_release_intervals[try];
-			local location = "";
-			if ( bi?$location )
-				location = bi$location;
-			local drop = drop_address(a, block_interval, fmt("Re-drop by catch-and-release: %s", location));
-			bi$current_block_id = drop;
-
-			blocks[a] = bi;
-
-			log = populate_log_record(a, bi, SEEN_AGAIN);
 			Log::write(CATCH_RELEASE, log);
+			return;
 			}
 
-		if ( is_mgr )
+		# ok, this one returned again while still in the backoff period.
-			event NetControl::catch_release_block_new(a, bi);
 
-		else if ( is_not_mgr )
+		local try = bi$current_interval;
-			{
+		if ( (try+1) in catch_release_intervals )
-			if ( a in catch_release_recently_notified )
+			++try;
-				return;
 
-			event NetControl::catch_release_encountered(a);
+		bi$current_interval = try;
-			add catch_release_recently_notified[a];
+		if ( (try+1) in catch_release_intervals )
-			}
+			bi$watch_until = network_time() + catch_release_intervals[try+1];
+		else
+			bi$watch_until = network_time() + catch_release_intervals[try];
+
+		bi$block_until = network_time() + catch_release_intervals[try];
+		++bi$num_reblocked;
+
+		local block_interval = catch_release_intervals[try];
+		local location = "";
+		if ( bi?$location )
+			location = bi$location;
+		local drop = drop_address(a, block_interval, fmt("Re-drop by catch-and-release: %s", location));
+		bi$current_block_id = drop;
+
+		blocks[a] = bi;
+
+		log = populate_log_record(a, bi, SEEN_AGAIN);
+		Log::write(CATCH_RELEASE, log);
+@endif
+@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
+	event NetControl::catch_release_block_new(a, bi);
+@endif
+@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
+	if ( a in catch_release_recently_notified )
+		return;
+
+	event NetControl::catch_release_encountered(a);
+	add catch_release_recently_notified[a];
+@endif
+
+		return;
 		}
+
+	return;
 	}
 
 event new_connection(c: connection)

scripts/policy/misc/load-balancing.zeek

@@ -26,7 +26,7 @@ export {
 	};
 }
 
-@if ( Cluster::is_enabled() ) &analyze
+@if ( Cluster::is_enabled() )
 
 event zeek_init() &priority=5
 	{

scripts/policy/misc/weird-stats.zeek

@@ -77,7 +77,7 @@ function observe_weird_stats()
 		                  SumStats::Observation($dbl=(v + 0.0)));
 	}
 
-@if ( Cluster::is_enabled() ) &analyze
+@if ( Cluster::is_enabled() )
 
 # I'm not sure if this is a hack or not: the manager will generate this
 # event at the end of its epoch so workers can handle it just in time to

scripts/policy/protocols/conn/known-hosts.zeek

@@ -96,10 +96,6 @@ event Known::host_found(info: HostsInfo)
 		}
 	}
 
-const should_log_host =
-	! Cluster::is_enabled() ||
-	Cluster::local_node_type() == Cluster::PROXY;
-
 event known_host_add(info: HostsInfo)
 	{
 	if ( use_host_store )
@@ -110,8 +106,10 @@ event known_host_add(info: HostsInfo)
 
 	add Known::hosts[info$host];
 
-	if ( should_log_host )
+	@if ( ! Cluster::is_enabled() ||
+	      Cluster::local_node_type() == Cluster::PROXY )
 		Log::write(Known::HOSTS_LOG, info);
+	@endif
 	}
 
 event Cluster::node_up(name: string, id: string)

scripts/policy/protocols/conn/known-services.zeek

@@ -144,10 +144,6 @@ event service_info_commit(info: ServicesInfo)
 		}
 	}
 
-const should_log_service =
-	! Cluster::is_enabled() ||
-	Cluster::local_node_type() == Cluster::PROXY;
-
 event known_service_add(info: ServicesInfo)
 	{
 	if ( Known::use_service_store )
@@ -176,8 +172,10 @@ event known_service_add(info: ServicesInfo)
 			}
 		}
 
-	if ( should_log_service )
+	@if ( ! Cluster::is_enabled() ||
+	      Cluster::local_node_type() == Cluster::PROXY )
 		Log::write(Known::SERVICES_LOG, info_to_log);
+	@endif
 	}
 
 event Cluster::node_up(name: string, id: string)

scripts/policy/protocols/ssl/decryption.zeek

@@ -41,16 +41,17 @@ export {
 	global add_secret: event(client_random: string, secrets: string);
 }
 
+@if ( keylog_file == "" )
+# If a keylog file was given via an environment variable, let's disable secret expiration - that does not
+# make sense for pcaps.
 global secrets: table[string] of string = {} &redef;
 global keys: table[string] of string = {} &redef;
-
+@else
-@if ( keylog_file != "" ) &analyze
+global secrets: table[string] of string = {} &read_expire=secret_expiration &redef;
-# If a keylog file was given directly (not via an environment variable),
+global keys: table[string] of string = {} &read_expire=secret_expiration &redef;
-# set up secret expiration (which doesn't make sense for PCAPs).
-redef secrets &read_expire=secret_expiration;
-redef keys &read_expire=secret_expiration;
 @endif
 
+
 redef record SSL::Info += {
 	# Decryption uses client_random as identifier
 	client_random: string &optional;

scripts/policy/protocols/ssl/known-certs.zeek

@@ -108,10 +108,6 @@ event Known::cert_found(info: CertsInfo, hash: string)
 		}
     }
 
-const should_log_cert =
-	! Cluster::is_enabled() ||
-	Cluster::local_node_type() == Cluster::PROXY;
-
 event known_cert_add(info: CertsInfo, hash: string)
 	{
 	if ( Known::use_cert_store )
@@ -122,8 +118,10 @@ event known_cert_add(info: CertsInfo, hash: string)
 
 	add Known::certs[info$host, hash];
 
-	if ( should_log_cert )
+	@if ( ! Cluster::is_enabled() ||
+	      Cluster::local_node_type() == Cluster::PROXY )
 		Log::write(Known::CERTS_LOG, info);
+	@endif
 	}
 
 event Known::cert_found(info: CertsInfo, hash: string)

scripts/policy/protocols/ssl/validate-certs.zeek

@@ -61,9 +61,7 @@ export {
 
 global intermediate_cache: table[string] of vector of opaque of x509;
 
-const cluster_is_enabled = Cluster::is_enabled();
+@if ( Cluster::is_enabled() )
-
-@if ( cluster_is_enabled ) &analyze
 event zeek_init()
 	{
 	Broker::auto_publish(Cluster::worker_topic, SSL::intermediate_add);
@@ -74,18 +72,19 @@ event zeek_init()
 function add_to_cache(key: string, value: vector of opaque of x509)
 	{
 	intermediate_cache[key] = value;
-	if ( cluster_is_enabled )
+@if ( Cluster::is_enabled() )
-		event SSL::new_intermediate(key, value);
+	event SSL::new_intermediate(key, value);
+@endif
 	}
 
-@if ( cluster_is_enabled && Cluster::local_node_type() != Cluster::MANAGER ) &analyze
+@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
 event SSL::intermediate_add(key: string, value: vector of opaque of x509)
 	{
 	intermediate_cache[key] = value;
 	}
 @endif
 
-@if ( cluster_is_enabled && Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
 event SSL::new_intermediate(key: string, value: vector of opaque of x509)
 	{
 	if ( key in intermediate_cache )

src/ActivationManager.cc

@@ -1,199 +0,0 @@
-#include "zeek/ActivationManager.h"
-
-#include "zeek/Desc.h"
-
-using namespace std;
-
-namespace zeek::detail
-	{
-
-void ActivationEvent::Dump(int indent_level) const
-	{
-	Indent(indent_level);
-
-	switch ( et )
-		{
-		case ActivationEvent::COND:
-			printf("Cond");
-			break;
-		case ActivationEvent::CREATE_GLOBAL:
-			printf("Create Global");
-			break;
-		case ActivationEvent::ADDING_GLOBAL_VAL:
-			printf("Add Global Val");
-			break;
-		case ActivationEvent::REDEF:
-			printf("Redef");
-			break;
-		case ActivationEvent::HANDLER_REDEF:
-			printf("Handler Redef");
-			break;
-		case ActivationEvent::BODY:
-			printf("Body");
-			break;
-		}
-
-	if ( id )
-		printf(" ID=%s", obj_desc(id.get()).c_str());
-
-	if ( expr )
-		printf(" expr=%s", obj_desc(expr.get()).c_str());
-
-	printf("\n");
-
-	if ( et != ActivationEvent::COND )
-		return;
-
-	Indent(indent_level);
-	printf("TRUE:\n");
-	for ( auto& s : T_sub_events )
-		s->Dump(indent_level + 1);
-
-	if ( ! in_true_branch )
-		{
-		Indent(indent_level);
-		printf("FALSE:\n");
-		for ( auto& s : F_sub_events )
-			s->Dump(indent_level + 1);
-		}
-
-	Indent(indent_level);
-	printf("END\n");
-	}
-
-void ActivationEvent::Indent(int indent_level) const
-	{
-	while ( indent_level-- > 0 )
-		printf("\t");
-	}
-
-Activation::Activation(ExprPtr cond, bool _is_activated, bool _parent_activated, int _cond_depth)
-	{
-	is_activated = _is_activated;
-	parent_activated = _parent_activated;
-	cond_depth = _cond_depth;
-
-	cond_event = std::make_shared<ActivationEvent>(ActivationEvent::COND);
-	cond_event->AddExpr(cond);
-	}
-
-Activation::~Activation()
-	{
-	ResetGlobals();
-	}
-
-void Activation::ResetGlobals()
-	{
-	if ( ! is_activated )
-		{ // undo changes we temporarily introduced
-		for ( auto& gv : global_vals )
-			gv->SetVal(nullptr);
-
-		auto gs = global_scope();
-
-		if ( gs )
-			for ( auto& gid : global_IDs )
-				gs->RemoveGlobal(gid->Name(), gid);
-		}
-
-	global_vals.clear();
-	global_IDs.clear();
-	}
-
-ActivationManager::~ActivationManager()
-	{
-#if 0
-	for ( auto& ae : activation_events )
-		ae->Dump(0);
-#endif
-	}
-
-void ActivationManager::Start(ExprPtr cond, bool activate, int cond_depth)
-	{
-	activate = activate && IsActivated();
-	auto a = std::make_unique<Activation>(cond, activate, IsActivated(), cond_depth);
-
-	auto ce = a->CondEvent();
-
-	if ( activation_stack.empty() )
-		activation_events.push_back(ce);
-	else
-		activation_stack.back()->CondEvent()->AddSubEvent(std::move(ce));
-
-	activation_stack.push_back(std::move(a));
-	}
-
-void ActivationManager::SwitchToElse()
-	{
-	ASSERT(! activation_stack.empty());
-	activation_stack.back()->SwitchToElse();
-	}
-
-void ActivationManager::End()
-	{
-	ASSERT(! activation_stack.empty());
-	activation_stack.pop_back();
-	}
-
-void ActivationManager::CreatingGlobalID(IDPtr gid)
-	{
-	if ( activation_stack.empty() )
-		return;
-
-	auto cg = std::make_shared<ActivationEvent>(ActivationEvent::CREATE_GLOBAL);
-	cg->AddID(gid);
-
-	activation_stack.back()->CondEvent()->AddSubEvent(std::move(cg));
-	activation_stack.back()->AddGlobalID(std::move(gid));
-	}
-
-void ActivationManager::AddingGlobalVal(IDPtr gid)
-	{
-	if ( activation_stack.empty() )
-		return;
-
-	auto gv = std::make_shared<ActivationEvent>(ActivationEvent::ADDING_GLOBAL_VAL);
-	gv->AddID(gid);
-
-	activation_stack.back()->CondEvent()->AddSubEvent(std::move(gv));
-	activation_stack.back()->AddGlobalVal(std::move(gid));
-	}
-
-void ActivationManager::AddingRedef(const IDPtr& id, InitClass c, ExprPtr init, AttrVec& attrs)
-	{
-	if ( activation_stack.empty() )
-		return;
-
-	auto r = std::make_shared<ActivationEvent>(ActivationEvent::REDEF);
-	r->AddID(id);
-	r->AddInitClass(c);
-	r->AddExpr(init);
-	r->AddAttrs(attrs);
-
-	activation_stack.back()->CondEvent()->AddSubEvent(std::move(r));
-	}
-
-void ActivationManager::RedefingHandler(const IDPtr& id)
-	{
-	if ( activation_stack.empty() )
-		return;
-
-	auto hr = std::make_shared<ActivationEvent>(ActivationEvent::HANDLER_REDEF);
-	hr->AddID(id);
-
-	activation_stack.back()->CondEvent()->AddSubEvent(std::move(hr));
-	}
-
-void ActivationManager::AddingBody(IDPtr func, std::shared_ptr<FunctionIngredients> ingr)
-	{
-	if ( activation_stack.empty() )
-		return;
-
-	auto b = std::make_shared<ActivationEvent>(ActivationEvent::BODY);
-	b->AddID(func);
-	b->AddIngredients(std::move(ingr));
-
-	activation_stack.back()->CondEvent()->AddSubEvent(std::move(b));
-	}
-
-	} // namespace zeek::detail

src/ActivationManager.h

@@ -1,311 +0,0 @@
-// See the file "COPYING" in the main distribution directory for copyright.
-
-// Classes for supporting @if &analyze constructs.
-
-#pragma once
-
-#include "zeek/Expr.h"
-#include "zeek/Func.h"
-
-namespace zeek::detail
-	{
-
-using ScriptFuncPtr = IntrusivePtr<ScriptFunc>;
-using AttrVec = std::unique_ptr<std::vector<AttrPtr>>;
-
-class ActivationManager;
-
-/**
- * Expresses an event (of one of the AE_Type types below) occurring during an
- * @if &analyze.  Events reflect what *could* have happened rather than
- * what *did* happen, so events will be present even for @if &analyze blocks
- * that were skipped due to their condition evaluating to false.
- *
- * The current use for these events is to enable the CPP script compiler
- * to generate run-time execution of @if &analyze conditionals.  To do that,
- * it needs a record of their associated effects.
- *
- * We use a "flat" class that encompasses all of the possibilities, rather
- * than subclassing on the different types.  This is because ActivationEvent's
- * are a record for *reading* rather than conducting further processing
- * directly; hence there aren't apt active methods to virtualize.  If we
- * used subclasses, we'd wind up having to cast to get to the specifics
- * elements of a given event, which is clunky enough that it's not clear
- * we gain anything useful.
- */
-class ActivationEvent
-	{
-public:
-	/**
-	 * The different types of ActivationEvent's.
-	 */
-	enum AE_Type
-		{
-		// Represents an @if &analyze conditional, with a corresponding
-		// condition expression, and sub-events (i.e., other
-		// ActivationEvent's) for what occurs in the "true" and
-		// "false" branches.
-		COND,
-
-		// Represents the introduction of a new global identifier.
-		CREATE_GLOBAL,
-
-		// Represents adding a value (in particular, a ScriptFunc) to
-		// a particular global.
-		ADDING_GLOBAL_VAL,
-
-		// Represents a global having its initialization value and/or
-		// attributes redef'd.
-		REDEF,
-
-		// Represents an event handler being redef'd (which discards
-		// its current value).
-		HANDLER_REDEF,
-
-		// Represents adding a body to a function/hook/event handler.
-		BODY,
-		};
-
-	// ActivationEvent's always have a type.  All the other fields
-	// are optional, and are populated depending on the type.
-	ActivationEvent(AE_Type _et) : et(_et) { }
-
-	// Type of the activation event.
-	AE_Type Type() const { return et; }
-
-	// An associated expression associated.
-	void AddExpr(ExprPtr _expr) { expr = std::move(_expr); }
-	ExprPtr GetExpr() const { return expr; }
-
-	// An associated identifier.
-	void AddID(IDPtr _id) { id = std::move(_id); }
-	IDPtr GetID() const { return id; }
-
-	// An associated initialization class (equivalent to =/+=/-=).
-	void AddInitClass(InitClass _c) { c = _c; }
-	InitClass GetInitClass() const { return c; }
-
-	// A set of associated attributes, or none if a nil pointer.
-	void AddAttrs(AttrVec& _attrs)
-		{
-		// It's a pity that the code base has settled on unique_ptr's
-		// for collections of attributes rather than shared_ptr's ...
-		if ( _attrs )
-			{
-			attrs = std::make_unique<std::vector<AttrPtr>>();
-			*attrs = *_attrs;
-			}
-		}
-	const auto& GetAttrs() const { return attrs; }
-
-	// A set of associated "ingredients" for building a function.
-	void AddIngredients(std::shared_ptr<FunctionIngredients> _ingr) { ingr = std::move(_ingr); }
-	const auto& GetIngredients() const { return ingr; }
-
-	// Adds a "subevent" to this event, only valid for events that are
-	// themselves conditionals.  Note that the subevent might itself
-	// be a (nested) conditional.
-	void AddSubEvent(std::shared_ptr<ActivationEvent> ae)
-		{
-		ASSERT(et == COND);
-		CurrSubEvents().push_back(std::move(ae));
-		}
-
-	// Changes this event's accrual of subevents to correspond to its
-	// "else" branch rather than its main/true branch.
-	void SwitchToElse()
-		{
-		ASSERT(et == COND);
-		ASSERT(in_true_branch);
-		in_true_branch = false;
-		}
-
-	// Prints out the event (and any subevents) for debug purposes.
-	void Dump(int indent_level) const;
-
-private:
-	// Manages indentation when dumping events.
-	void Indent(int indent_level) const;
-
-	using SubEvents = std::vector<std::shared_ptr<ActivationEvent>>;
-
-	SubEvents& CurrSubEvents() { return in_true_branch ? T_sub_events : F_sub_events; }
-
-	AE_Type et;
-	ExprPtr expr;
-	IDPtr id;
-	InitClass c = INIT_NONE;
-	AttrVec attrs;
-	std::shared_ptr<FunctionIngredients> ingr;
-
-	// For events corresponding to conditionals, we track two sets
-	// of sub_events, one for the main (true) branch of the conditional,
-	// and one for the else (false) branch, if any, with in_true_branch
-	// reflecting which one we're working on (per CurrSubEvents()).
-	bool in_true_branch = true; // tells us which one to use
-	SubEvents T_sub_events;
-	SubEvents F_sub_events;
-	};
-
-/**
- * An "Activation" object tracks the status of a current @if &analyze
- * conditional as it's being parsed.  Its role is to keep track of what's
- * up with the conditional for the live parsing, as opposed to what *could*
- * have happened (which is instead reflected in a set of ActivationEvent's).
- */
-class Activation
-	{
-public:
-	Activation(ExprPtr cond, bool _is_activated, bool _parent_activated, int _cond_depth);
-	~Activation();
-
-	// True if we're in the part of the @if &analyze conditional for
-	// which we should be incorporating statements (making changes to
-	// globals, adding function bodies, etc.).
-	bool IsActivated() const { return is_activated; }
-
-	// Returns the @if (not @if &analyze) conditional depth associated
-	// with this activation.  Used to tell whether a given @else or @endif
-	// corresponds to this @if &analyze, or something nested within it.
-	int CondDepth() const { return cond_depth; }
-
-	// Returns the ActivationEvent associated with this @if &analyze.
-	auto CondEvent() const { return cond_event; }
-
-	// Tells the Activation to switch from its main (conditinal-is-true)
-	// processing to its "else" (conditional-is-false) processing.
-	void SwitchToElse()
-		{
-		// We're done tracking globals for the current body.
-		ResetGlobals();
-
-		// Toggle our activation status *unless* our parent (another
-		// @if &analyze) was itself not active, in which case we
-		// stay inactive.
-		if ( parent_activated )
-			is_activated = ! is_activated;
-
-		// Keep the ActivationEvent in synch.
-		cond_event->SwitchToElse();
-		}
-
-	void AddGlobalID(IDPtr gid) { global_IDs.push_back(std::move(gid)); }
-	void AddGlobalVal(IDPtr gid) { global_vals.push_back(std::move(gid)); }
-
-private:
-	// If we weren't active, then undo the effects that the parser had
-	// to make (installing new globals and event handlers) in order
-	// to assess the correctness of the code within the block.
-	void ResetGlobals();
-
-	std::shared_ptr<ActivationEvent> cond_event;
-
-	// True if our parent was itself activated.  Always true if there
-	// wasn't an outer @if &analyze.
-	bool parent_activated;
-
-	// Whether we're currently activated.
-	bool is_activated;
-
-	// Depth of @if conditionals when this activation began.
-	int cond_depth;
-
-	// Set of globals that were added during processing of the current body.
-	std::vector<IDPtr> global_IDs;
-
-	// Similar: set of globals for which we added values.  We track
-	// this only for function/hook/event handler bodies.
-	std::vector<IDPtr> global_vals;
-	};
-
-/**
- * Class for managing the processing of @if &analyze's.  Deals with
- * potential nesting, and with constructing a trace of the associated
- * ActivationEvents.
- */
-class ActivationManager
-	{
-public:
-	ActivationManager() = default;
-	~ActivationManager();
-
-	// True if we are currently inside an @if &analyze.
-	bool InsideConditional() const { return ! activation_stack.empty(); }
-
-	// True if the current @if &analyze corresponds to the given
-	// @if conditional-depth.  Needed to disambiguate @else and @endif
-	// tokens in the presence of possible inter-nesting of @if and
-	// @if &analyze constructs.
-	bool InsideConditional(int cond_depth) const
-		{
-		if ( activation_stack.empty() )
-			return false;
-
-		return activation_stack.back()->CondDepth() == cond_depth;
-		}
-
-	// True if processing of the current script is "activated".  This
-	// is the usual state of things, other than when inside the branch
-	// of an @if &analyze that doesn't correspond to its condition.
-	bool IsActivated() const
-		{
-		return activation_stack.empty() || activation_stack.back()->IsActivated();
-		}
-
-	// Returns the nesting level of @if &analyze's.  Used by the scanner
-	// to find dangling conditionals at the end of files.  Typed as an
-	// integer to match similar other structures in the scanner.
-	int ActivationDepth() const { return static_cast<int>(activation_stack.size()); }
-
-	// Tells the manager to begin a new @if &analyze conditional.
-	// "cond" is the associated condition, "activate" reflects whether
-	// the condition is true, and "cond_depth" is the depth of any
-	// parent @if constructs.
-	void Start(ExprPtr cond, bool activate, int cond_depth);
-
-	// Tells the manager that an @else has been seen for its innermost
-	// @if &analyze.
-	void SwitchToElse();
-
-	// Tells the manager that an @endif has been seen for its innermost
-	// @if &analyze.
-	void End();
-
-	// Tells the manager that the parser is creating a new global
-	// identifier.
-	void CreatingGlobalID(IDPtr gid);
-
-	// Tells the manager that the parser is adding a value to a global.
-	void AddingGlobalVal(IDPtr gid);
-
-	// Tells the manager that the parser is redef'ing an identifier using
-	// the associated values.
-	void AddingRedef(const IDPtr& id, InitClass c, ExprPtr init, AttrVec& attrs);
-
-	// Tells the manger that the given identifier's event handler is
-	// being redef'd.
-	void RedefingHandler(const IDPtr& id);
-
-	// Tells the manager that the parser is adding a function body to
-	// the given function.
-	void AddingBody(IDPtr func, std::shared_ptr<FunctionIngredients> ingr);
-
-	// Returns a list of top-level ActivationEvent's.  These will all
-	// be COND events, which in general should be traversed recursively
-	// to extract what happened inside the conditionals, including
-	// additional conditionals potentially nested inside.
-	const auto& ActivationEvents() const { return activation_events; }
-
-private:
-	// Currently live @if &analyze information.
-	std::vector<std::unique_ptr<Activation>> activation_stack;
-
-	// A trace of all of the top-level @if &analyze events.  Any
-	// nested @if &analyze's are available from the top-level events
-	// as sub-events.
-	std::vector<std::shared_ptr<ActivationEvent>> activation_events;
-	};
-
-extern ActivationManager* activation_mgr;
-
-	} // namespace zeek::detail

src/CMakeLists.txt

@@ -282,7 +282,6 @@ set(MAIN_SRCS
     module_util.cc
     zeek-affinity.cc
     zeek-setup.cc
-    ActivationManager.cc
     Anon.cc
     Attr.cc
     Base64.cc

src/Expr.cc

@@ -3193,7 +3193,7 @@ HasFieldExpr::HasFieldExpr(ExprPtr arg_op, const char* arg_field_name)
 
 HasFieldExpr::~HasFieldExpr()
 	{
-	delete[] field_name;
+	delete field_name;
 	}
 
 ValPtr HasFieldExpr::Fold(Val* v) const

src/Scope.cc

@@ -46,19 +46,6 @@ const IDPtr& Scope::Find(std::string_view name) const
 	return ID::nil;
 	}
 
-void Scope::RemoveGlobal(std::string name, IDPtr /* gid */)
-	{
-	ASSERT(this == global_scope());
-
-	local.erase(name);
-
-	// We could remove the identifier from ordered_vars, but for now
-	// we skip doing so because (1) the only removals we do are for global
-	// scope (per the method name), and the only use of ordered_vars is
-	// for traversing function parameters (i.e., non-global scope), and
-	// (2) it would be a pain to do so given the current data structure.
-	}
-
 IDPtr Scope::GenerateTemporary(const char* name)
 	{
 	return make_intrusive<ID>(name, SCOPE_FUNCTION, false);

src/Scope.h

@@ -37,15 +37,12 @@ public:
 
 	const IDPtr& Find(std::string_view name) const;
 
-	void Insert(std::string name, IDPtr id)
+	template <typename N, typename I> void Insert(N&& name, I&& id)
 		{
-		local[name] = id;
+		local[std::forward<N>(name)] = std::forward<I>(id);
-		ordered_vars.push_back(id);
+		ordered_vars.push_back(std::forward<I>(id));
 		}
 
-	// Must only be called for the global scope.
-	void RemoveGlobal(std::string name, IDPtr gid);
-
 	const IDPtr& GetID() const { return scope_id; }
 
 	const std::unique_ptr<std::vector<AttrPtr>>& Attrs() const { return attrs; }

src/Var.cc

@@ -6,7 +6,6 @@
 
 #include <memory>
 
-#include "zeek/ActivationManager.h"
 #include "zeek/Desc.h"
 #include "zeek/EventRegistry.h"
 #include "zeek/Expr.h"
@@ -235,7 +234,7 @@ static void make_var(const IDPtr& id, TypePtr t, InitClass c, ExprPtr init,
 			{
 			if ( IsFunc(id->GetType()->Tag()) )
 				add_prototype(id, t.get(), attr.get(), init);
-			else if ( activation_mgr->IsActivated() )
+			else
 				id->Error("already defined", init.get());
 
 			return;
@@ -406,18 +405,7 @@ static void make_var(const IDPtr& id, TypePtr t, InitClass c, ExprPtr init,
 void add_global(const IDPtr& id, TypePtr t, InitClass c, ExprPtr init,
                 std::unique_ptr<std::vector<AttrPtr>> attr, DeclType dt)
 	{
-	bool do_init = activation_mgr->IsActivated();
+	make_var(id, std::move(t), c, std::move(init), std::move(attr), dt, true);
-
-	if ( dt == VAR_REDEF )
-		{
-		activation_mgr->AddingRedef(id, c, init, attr);
-
-		if ( ! do_init )
-			// Don't actually change the attributes.
-			attr = nullptr;
-		}
-
-	make_var(id, std::move(t), c, std::move(init), std::move(attr), dt, do_init);
 	}
 
 StmtPtr add_local(IDPtr id, TypePtr t, InitClass c, ExprPtr init,
@@ -723,8 +711,6 @@ void begin_func(IDPtr id, const char* module_name, FunctionFlavor flavor, bool i
 	else if ( is_redef )
 		id->Error("redef of not-previously-declared value");
 
-	bool is_activated = activation_mgr->IsActivated();
-
 	if ( id->HasVal() )
 		{
 		FunctionFlavor id_flavor = id->GetVal()->AsFunc()->Flavor();
@@ -738,17 +724,12 @@ void begin_func(IDPtr id, const char* module_name, FunctionFlavor flavor, bool i
 			case FUNC_FLAVOR_EVENT:
 			case FUNC_FLAVOR_HOOK:
 				if ( is_redef )
-					{
+					// Clear out value so it will be replaced.
-					activation_mgr->RedefingHandler(id);
+					id->SetVal(nullptr);
-
-					if ( ! is_activated )
-						// Clear out value so it will be replaced.
-						id->SetVal(nullptr);
-					}
 				break;
 
 			case FUNC_FLAVOR_FUNCTION:
-				if ( ! id->IsRedefinable() && is_activated )
+				if ( ! id->IsRedefinable() )
 					id->Error("already defined", t.get());
 				break;
 
@@ -772,15 +753,12 @@ void begin_func(IDPtr id, const char* module_name, FunctionFlavor flavor, bool i
 		if ( ! check_params(i, prototype, args, canon_args, module_name) )
 			break;
 
-	if ( is_activated )
+	if ( Attr* depr_attr = find_attr(current_scope()->Attrs().get(), ATTR_DEPRECATED) )
-		{
+		current_scope()->GetID()->MakeDeprecated(depr_attr->GetExpr());
-		if ( Attr* depr_attr = find_attr(current_scope()->Attrs().get(), ATTR_DEPRECATED) )
-			current_scope()->GetID()->MakeDeprecated(depr_attr->GetExpr());
 
-		// Reset the AST node statistics to track afresh for this function.
+	// Reset the AST node statistics to track afresh for this function.
-		Stmt::ResetNumStmts();
+	Stmt::ResetNumStmts();
-		Expr::ResetNumExprs();
+	Expr::ResetNumExprs();
-		}
 	}
 
 class OuterIDBindingFinder : public TraversalCallback
@@ -868,7 +846,7 @@ void end_func(StmtPtr body, const char* module_name, bool free_of_conditionals)
 	oi->num_stmts = Stmt::GetNumStmts();
 	oi->num_exprs = Expr::GetNumExprs();
 
-	auto ingredients = std::make_shared<FunctionIngredients>(pop_scope(), std::move(body),
+	auto ingredients = std::make_unique<FunctionIngredients>(pop_scope(), std::move(body),
 	                                                         module_name);
 	auto id = ingredients->GetID();
 	if ( ! id->HasVal() )
@@ -876,27 +854,27 @@ void end_func(StmtPtr body, const char* module_name, bool free_of_conditionals)
 		auto f = make_intrusive<ScriptFunc>(id);
 		id->SetVal(make_intrusive<FuncVal>(std::move(f)));
 		id->SetConst();
-		activation_mgr->AddingGlobalVal(id);
 		}
 
+	id->GetVal()->AsFunc()->AddBody(ingredients->Body(), ingredients->Inits(),
+	                                ingredients->FrameSize(), ingredients->Priority(),
+	                                ingredients->Groups());
+
 	script_coverage_mgr.AddFunction(id, ingredients->Body());
 
 	auto func_ptr = cast_intrusive<FuncVal>(id->GetVal())->AsFuncPtr();
 	auto func = cast_intrusive<ScriptFunc>(func_ptr);
 	func->SetScope(ingredients->Scope());
 
-	activation_mgr->AddingBody(id, ingredients);
+	for ( const auto& group : ingredients->Groups() )
+		group->AddFunc(func);
 
-	if ( activation_mgr->IsActivated() )
+	analyze_func(std::move(func));
-		{
-		func->AddBody(ingredients->Body(), ingredients->Inits(), ingredients->FrameSize(),
-		              ingredients->Priority(), ingredients->Groups());
 
-		for ( const auto& group : ingredients->Groups() )
+	// Note: ideally, something would take ownership of this memory until the
-			group->AddFunc(func);
+	// end of script execution, but that's essentially the same as the
-
+	// lifetime of the process at the moment, so ok to "leak" it.
-		analyze_func(std::move(func));
+	ingredients.release();
-		}
 	}
 
 IDPList gather_outer_ids(ScopePtr scope, StmtPtr body)

src/input.h

@@ -23,7 +23,7 @@ extern void add_to_name_list(char* s, char delim, zeek::name_list& nl);
 
 extern void begin_RE();
 
-extern void do_atif(zeek::detail::Expr* expr, bool is_activate);
+extern void do_atif(zeek::detail::Expr* expr);
 extern void do_atifdef(const char* id);
 extern void do_atifndef(const char* id);
 extern void do_atelse();

src/parse.y

@@ -31,18 +31,6 @@
 %token TOK_ATTR_TYPE_COLUMN TOK_ATTR_DEPRECATED
 %token TOK_ATTR_IS_ASSIGNED TOK_ATTR_IS_USED TOK_ATTR_ORDERED
 
-// Heads-up, this one is a weirdo.  It combines both the attribute and
-// a leading ')' before it (the two can be separated by spaces/tabs, but
-// no newlines).  This is necessary because if we use the more natural
-//
-//	TOK_ATIF '(' expr ')' TOK_ATTR_ANALYZE
-//
-// then the parser needs to look ahead past the ')' to see if the attribute
-// is there.  If it *isn't*, then the scanner will return the first token
-// of the conditional block for the look-ahead ... which will break the parse
-// if that block should in fact have been skipped.
-%token TOK_ATTR_ANALYZE
-
 %token TOK_DEBUG
 
 %token TOK_NO_TEST
@@ -110,7 +98,6 @@
 #include "zeek/RE.h"
 #include "zeek/Scope.h"
 #include "zeek/Reporter.h"
-#include "zeek/ActivationManager.h"
 #include "zeek/ScriptCoverageManager.h"
 #include "zeek/ScriptValidation.h"
 #include "zeek/zeekygen/Manager.h"
@@ -152,19 +139,16 @@ extern const char* g_curr_debug_error;
 extern int in_when_cond;
 
 static int in_hook = 0;
-static int in_init = 0;
+int in_init = 0;
-static int in_body = 0;
+int in_record = 0;
-static int in_global_stmts = 0;
-static int in_record = 0;
 static int in_record_redef = 0;
 static int in_enum_redef = 0;
-static bool resolving_global_ID = false;
+bool resolving_global_ID = false;
-static bool defining_global_ID = false;
+bool defining_global_ID = false;
-static bool is_activated = true;
+std::vector<int> saved_in_init;
-static std::vector<int> saved_in_init;
 static int expr_list_has_opt_comma = 0;
 
-static std::vector<std::set<const ID*>> locals_at_this_scope;
+std::vector<std::set<const ID*>> locals_at_this_scope;
 static std::unordered_set<const ID*> out_of_scope_locals;
 
 static Location func_hdr_location;
@@ -337,9 +321,6 @@ static void build_global(ID* id, Type* t, InitClass ic, Expr* e,
 
 	add_global(id_ptr, std::move(t_ptr), ic, e_ptr, std::move(attrs_ptr), dt);
 
-	if ( ! activation_mgr->IsActivated() )
-		return;
-
 	if ( dt == VAR_REDEF )
 		zeekygen_mgr->Redef(id, ::filename, ic, std::move(e_ptr));
 	else
@@ -411,13 +392,9 @@ zeek:
 			auto loc = zeek::detail::GetCurrentLocation();
 			if ( loc.filename )
 				set_location(loc);
-
-			++in_global_stmts;
 			}
 		stmt_list
 			{
-			--in_global_stmts;
-
 			if ( stmts )
 				stmts->AsStmtList()->Stmts().push_back($3);
 			else
@@ -1423,49 +1400,29 @@ decl:
 			}
 
 	|	TOK_REDEF TOK_ENUM global_id TOK_ADD_TO '{'
-			{
+			{ ++in_enum_redef; parse_redef_enum($3); zeekygen_mgr->Redef($3, ::filename); }
-			++in_enum_redef;
-			parse_redef_enum($3);
-			zeekygen_mgr->Redef($3, ::filename);
-			}
 		enum_body '}' ';'
 			{
-			if ( activation_mgr->InsideConditional() )
-				reporter->Error("enum redef cannot appear inside @if &analyze");
 			--in_enum_redef;
 			// Zeekygen already grabbed new enum IDs as the type created them.
 			}
 
 	|	TOK_REDEF TOK_RECORD  global_id '$' TOK_ID
-			{
+			{ cur_decl_type_id = $3; zeekygen_mgr->Redef($3, ::filename, INIT_EXTRA); }
-			cur_decl_type_id = $3;
-			zeekygen_mgr->Redef($3, ::filename, INIT_EXTRA);
-			}
 		TOK_ADD_TO '{' attr_list '}' ';'
 			{
-			if ( activation_mgr->InsideConditional() )
-				reporter->Error("record redef cannot appear inside @if &analyze");
 			cur_decl_type_id = 0;
 			parse_redef_record_field($3, $5, INIT_EXTRA, std::unique_ptr<std::vector<AttrPtr>>($9));
 			}
-
 	|	TOK_REDEF TOK_RECORD  global_id '$' TOK_ID
-			{
+			{ cur_decl_type_id = $3; zeekygen_mgr->Redef($3, ::filename, INIT_REMOVE); }
-			cur_decl_type_id = $3;
-			zeekygen_mgr->Redef($3, ::filename, INIT_REMOVE);
-			}
 		TOK_REMOVE_FROM '{' attr_list '}' ';'
 			{
-			if ( activation_mgr->InsideConditional() )
-				reporter->Error("record redef cannot appear inside @if &analyze");
 			cur_decl_type_id = 0;
 			parse_redef_record_field($3, $5, INIT_REMOVE, std::unique_ptr<std::vector<AttrPtr>>($9));
 			}
 	|	TOK_REDEF TOK_RECORD global_id
-			{
+			{ cur_decl_type_id = $3; zeekygen_mgr->Redef($3, ::filename); }
-			cur_decl_type_id = $3;
-			zeekygen_mgr->Redef($3, ::filename);
-			}
 		TOK_ADD_TO '{'
 			{ ++in_record; ++in_record_redef; }
 		type_decl_list
@@ -1476,8 +1433,6 @@ decl:
 
 			if ( ! $3->GetType() )
 				$3->Error("unknown identifier");
-			else if ( activation_mgr->InsideConditional() )
-				reporter->Error("record redef cannot appear inside @if &analyze");
 			else
 				extend_record($3, std::unique_ptr<type_decl_list>($8),
 				              std::unique_ptr<std::vector<AttrPtr>>($11));
@@ -1510,13 +1465,7 @@ conditional_list:
 
 conditional:
 		TOK_ATIF '(' expr ')'
-			{ do_atif($3, false); }
+			{ do_atif($3); }
-	|	TOK_ATIF '(' expr TOK_ATTR_ANALYZE
-			{
-			if ( in_body )
-				reporter->Error("@if &analyze cannot appear inside a function body");
-			do_atif($3, true);
-			}
 	|	TOK_ATIFDEF '(' TOK_ID ')'
 			{ do_atifdef($3); }
 	|	TOK_ATIFNDEF '(' TOK_ID ')'
@@ -1567,7 +1516,6 @@ func_body:
 			{
 			saved_in_init.push_back(in_init);
 			in_init = 0;
-			++in_body;
 
 			locals_at_this_scope.clear();
 			out_of_scope_locals.clear();
@@ -1577,7 +1525,6 @@ func_body:
 			{
 			in_init = saved_in_init.back();
 			saved_in_init.pop_back();
-			--in_body;
 			}
 
 		'}'
@@ -1598,14 +1545,12 @@ lambda_body:
 			{
 			saved_in_init.push_back(in_init);
 			in_init = 0;
-			++in_body;
 			}
 
 		stmt_list
 			{
 			in_init = saved_in_init.back();
 			saved_in_init.pop_back();
-			--in_body;
 			}
 
 		'}'
@@ -2018,21 +1963,11 @@ stmt:
 	;
 
 stmt_list:
-		stmt_list { is_activated = activation_mgr->IsActivated(); } stmt
+		stmt_list stmt
 			{
-			set_location(@1, @3);
+			set_location(@1, @2);
-
+			$1->AsStmtList()->Stmts().push_back($2);
-			// We can't simply test activation_mgr->IsActivated()
+			$1->UpdateLocationEndInfo(@2);
-			// here because the parser can wind up looking ahead
-			// to the @endif token and restoring activation that
-			// in fact was off for the statement.  So we capture
-			// the activation state prior to parsing the statement
-			// in "is_activated" and test that instead.
-			if ( ! in_global_stmts || is_activated )
-				{
-				$1->AsStmtList()->Stmts().push_back($3);
-				$1->UpdateLocationEndInfo(@3);
-				}
 			}
 	|
 			{ $$ = new StmtList(); }
@@ -2272,10 +2207,8 @@ global_or_event_id:
 					resolving_global_ID ?
 						current_module.c_str() : 0;
 
-				auto gid = install_ID($1, module_name,
+				$$ = install_ID($1, module_name,
-				                              true, is_export);
+				                              true, is_export).release();
-				activation_mgr->CreatingGlobalID(gid);
-				$$ = gid.release();
 				}
 			}
 	;

src/scan.l

@@ -29,6 +29,8 @@
 #include "zeek/DNS_Mgr.h"
 #include "zeek/Expr.h"
 #include "zeek/Func.h"
+#include "zeek/Stmt.h"
+#include "zeek/IntrusivePtr.h"
 #include "zeek/Val.h"
 #include "zeek/Var.h"
 #include "zeek/Debug.h"
@@ -39,7 +41,6 @@
 #include "zeek/Traverse.h"
 #include "zeek/module_util.h"
 #include "zeek/ScannedFile.h"
-#include "zeek/ActivationManager.h"
 
 #include "zeek/analyzer/Analyzer.h"
 #include "zeek/zeekygen/Manager.h"
@@ -54,10 +55,9 @@ extern YYLTYPE yylloc;	// holds start line and column of token
 extern zeek::EnumType* cur_enum_type;
 
 // Track the @if... depth.
-static int conditional_depth = 0;
+static std::intptr_t conditional_depth = 0;
 
 zeek::detail::int_list entry_cond_depth; // @if depth upon starting file
-zeek::detail::int_list entry_act_depth; // @if &analyze depth upon starting file
 zeek::detail::int_list entry_pragma_stack_depth; // @pragma push depth upon starting file
 static std::vector<std::string> pragma_stack; // stack of @pragma pushes
 
@@ -127,9 +127,6 @@ static std::string find_relative_script_file(const std::string& filename)
 
 static void start_conditional()
 	{
-	if ( activation_mgr->InsideConditional() )
-		zeek::reporter->Warning("@conditional inside @if &analyze");
-
 	++conditional_depth;
 	++conditional_epoch;
 
@@ -158,18 +155,17 @@ static void do_pragma(const std::string& pragma)
 
 	if ( parts[0] == "push" )
 		{
-		if ( parts.size() < 2 )
+			if ( parts.size() < 2 )
-			{
+				{
-			zeek::reporter->FatalError("@pragma push without value");
+				zeek::reporter->FatalError("@pragma push without value");
-			return;
+				return;
-			}
+				}
 
-		if ( known_stack_pragmas.count(parts[1]) == 0 )
+			if ( known_stack_pragmas.count(parts[1]) == 0 )
-			zeek::reporter->Warning("pushing unknown @pragma value '%s'", parts[1].c_str());
+				zeek::reporter->Warning("pushing unknown @pragma value '%s'", parts[1].c_str());
 
-		pragma_stack.push_back(parts[1]);
+			pragma_stack.push_back(parts[1]);
 		}
-
 	else if ( parts[0] == "pop" )
 		{
 		if ( pragma_stack.empty() || pragma_stack.size() == entry_pragma_stack_depth.back() )
@@ -180,11 +176,10 @@ static void do_pragma(const std::string& pragma)
 
 		// Popping with a value: Verify it's popping the right thing. Not providing
 		// a pop value itself is valid. Don't return, probably blows up below anyway.
-		if ( parts.size() > 1 && pragma_stack.back() != parts[1] )
+		if ( parts.size() > 1 && pragma_stack.back() != parts[1] ) {
-			{
 			zeek::reporter->Error("@pragma pop with unexpected '%s', expected '%s'",
 			                      parts[1].c_str(), pragma_stack.back().c_str());
-			}
+		}
 
 		// Just pop anything
 		pragma_stack.pop_back();
@@ -402,8 +397,6 @@ when	return TOK_WHEN;
 &backend	return TOK_ATTR_BACKEND;
 &ordered    return TOK_ATTR_ORDERED;
 
-")"{OWS}&analyze	return TOK_ATTR_ANALYZE; // see parse.y for discussion of weirdness
-
 @deprecated.* {
 	auto num_files = file_stack.length();
 	auto comment = zeek::util::skip_whitespace(yytext + 11);
@@ -541,12 +534,11 @@ when	return TOK_WHEN;
 @endif	do_atendif();
 
 <IGNORE>@if	start_conditional();
-<IGNORE>&analyze	zeek::reporter->Warning("@if &analyze inside regular @if");
 <IGNORE>@ifdef	start_conditional();
 <IGNORE>@ifndef	start_conditional();
 <IGNORE>@else   return TOK_ATELSE;
 <IGNORE>@endif	return TOK_ATENDIF;
-<IGNORE>[^@&\r\n]+	/* eat */
+<IGNORE>[^@\r\n]+	/* eat */
 <IGNORE>.	/* eat */
 
 T	RET_CONST(zeek::val_mgr->True()->Ref())
@@ -810,7 +802,6 @@ static int load_files(const char* orig_file)
 	current_file_has_conditionals = files_with_conditionals.count(filename) > 0;
 
 	entry_cond_depth.push_back(conditional_depth);
-	entry_act_depth.push_back(activation_mgr->ActivationDepth());
 	entry_pragma_stack_depth.push_back(pragma_stack.size());
 
 	return 1;
@@ -855,8 +846,10 @@ static void resume_processing()
 	BEGIN(INITIAL);
 	}
 
-void do_atif(zeek::detail::Expr* expr, bool is_activate)
+void do_atif(zeek::detail::Expr* expr)
 	{
+	start_conditional();
+
 	LocalNameFinder cb;
 	expr->Traverse(&cb);
 	zeek::ValPtr val;
@@ -872,28 +865,11 @@ void do_atif(zeek::detail::Expr* expr, bool is_activate)
 	if ( ! val )
 		{
 		expr->Error("invalid expression in @if");
-
-		if ( ! is_activate )
-			start_conditional();
-
 		return;
 		}
 
-	bool is_true = val->AsBool();
+	if ( ! val->AsBool() )
-
+		begin_ignoring();
-	if ( is_activate )
-		{
-		if ( conditional_depth > 0 )
-			zeek::reporter->Warning("@if &analyze inside conditional");
-		activation_mgr->Start({zeek::NewRef{}, expr}, is_true, conditional_depth);
-		}
-	else
-		{
-		start_conditional();
-
-		if ( ! is_true )
-			begin_ignoring();
-		}
 	}
 
 void do_atifdef(const char* id)
@@ -928,12 +904,6 @@ void do_atifndef(const char *id)
 
 void do_atelse()
 	{
-	if ( activation_mgr->InsideConditional(conditional_depth) )
-		{ // This is the @else corresponding to an @if &analyze.
-		activation_mgr->SwitchToElse();
-		return;
-		}
-
 	if ( conditional_depth == 0 )
 		zeek::reporter->Error("@else without @if...");
 
@@ -948,15 +918,6 @@ void do_atelse()
 
 void do_atendif()
 	{
-	if ( activation_mgr->InsideConditional(conditional_depth) )
-		{ // We're ending an @if &analyze.
-		if ( activation_mgr->ActivationDepth() <= entry_act_depth.back() )
-			zeek::reporter->Error("unbalanced @if &analyze... @endif");
-		else
-			activation_mgr->End();
-		return;
-		}
-
 	if ( conditional_depth <= entry_cond_depth.back() )
 		zeek::reporter->Error("unbalanced @if... @endif");
 
@@ -1039,13 +1000,6 @@ int yywrap()
 		entry_cond_depth.pop_back();
 		}
 
-	if ( entry_act_depth.size() > 0 )
-		{
-		if ( activation_mgr->ActivationDepth() > entry_act_depth.back() )
-			zeek::reporter->FatalError("unbalanced @if &analyze... @endif");
-		entry_act_depth.pop_back();
-		}
-
 	if ( entry_pragma_stack_depth.size() > 0 )
 		{
 		if ( pragma_stack.size() > entry_pragma_stack_depth.back() )

src/zeek-setup.cc

@@ -23,7 +23,6 @@
 #define DOCTEST_CONFIG_IMPLEMENT
 
 #include "zeek/3rdparty/doctest.h"
-#include "zeek/ActivationManager.h"
 #include "zeek/Anon.h"
 #include "zeek/DFA.h"
 #include "zeek/DNS_Mgr.h"
@@ -184,7 +183,6 @@ zeek::plugin::Manager* zeek::plugin_mgr = nullptr;
 zeek::detail::RuleMatcher* zeek::detail::rule_matcher = nullptr;
 zeek::detail::DNS_Mgr* zeek::detail::dns_mgr = nullptr;
 zeek::detail::TimerMgr* zeek::detail::timer_mgr = nullptr;
-zeek::detail::ActivationManager* zeek::detail::activation_mgr = nullptr;
 
 zeek::logging::Manager* zeek::log_mgr = nullptr;
 zeek::threading::Manager* zeek::thread_mgr = nullptr;
@@ -445,7 +443,6 @@ static void terminate_zeek()
 	delete session_mgr;
 	delete fragment_mgr;
 	delete telemetry_mgr;
-	delete activation_mgr;
 #ifdef HAVE_SPICY
 	delete spicy_mgr;
 #endif
@@ -676,7 +673,6 @@ SetupResult setup(int argc, char** argv, Options* zopts)
 
 	auto zeekygen_cfg = options.zeekygen_config_file.value_or("");
 	zeekygen_mgr = new zeekygen::detail::Manager(zeekygen_cfg, zeek_argv[0]);
-	activation_mgr = new ActivationManager();
 
 	add_essential_input_file("base/init-bare.zeek");
 	add_essential_input_file("builtin-plugins/__preload__.zeek");

testing/btest/Baseline/core.check-unused-event-handlers/.stderr

@@ -1,6 +1,9 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ### NOTE: This file has been sorted with diff-sort.
 warning in <...>/check-unused-event-handlers.test, line 7: handler for non-existing event cannot be invoked (this_is_never_used)
+warning in <params>, line 1: event handler never invoked: Cluster::hello
+warning in <params>, line 1: event handler never invoked: Cluster::node_down
+warning in <params>, line 1: event handler never invoked: Cluster::node_up
 warning in <params>, line 1: event handler never invoked: Control::configuration_update
 warning in <params>, line 1: event handler never invoked: Control::configuration_update_request
 warning in <params>, line 1: event handler never invoked: Control::configuration_update_response

testing/btest/Baseline/coverage.zeek-profiler-file/step1.out

@@ -1,5 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 1	./profiling-test1.zeek, line 2	print new conn;
-0	./profiling-test1.zeek, line 6	print hidden new conn;
 1	./profiling-test1.zeek, lines 1-2	event new_connection BODY
-0	./profiling-test1.zeek, lines 5-6	event new_connection BODY

testing/btest/Baseline/coverage.zeek-profiler-file/step2.out

@@ -1,5 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 2	./profiling-test1.zeek, line 2	print new conn;
-0	./profiling-test1.zeek, line 6	print hidden new conn;
 2	./profiling-test1.zeek, lines 1-2	event new_connection BODY
-0	./profiling-test1.zeek, lines 5-6	event new_connection BODY

testing/btest/Baseline/coverage.zeek-profiler-file/step3.out

@@ -1,9 +1,5 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 2	./profiling-test1.zeek, line 2	print new conn;
-0	./profiling-test1.zeek, line 6	print hidden new conn;
 2	./profiling-test1.zeek, lines 1-2	event new_connection BODY
-0	./profiling-test1.zeek, lines 5-6	event new_connection BODY
 1	./profiling-test2.zeek, line 2	print new conn;
-0	./profiling-test2.zeek, line 6	print hidden new conn;
 1	./profiling-test2.zeek, lines 1-2	event new_connection BODY
-0	./profiling-test2.zeek, lines 5-6	event new_connection BODY

testing/btest/Baseline/language.at-if-analyze-invalid-10/out

@@ -1,3 +0,0 @@
-### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-warning in <...>/at-if-analyze-invalid.zeek, line 6: @if &analyze inside conditional
-error in <...>/at-if-analyze-invalid.zeek, line 7: unknown identifier warning_and_noticed_syntax_err_F, at or near "warning_and_noticed_syntax_err_F"

testing/btest/Baseline/language.at-if-analyze-invalid-2/out

@@ -1,3 +0,0 @@
-### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-error in <...>/at-if-analyze-invalid.zeek, line 4: @if &analyze cannot appear inside a function body
-error in <...>/at-if-analyze-invalid.zeek, line 6: unknown identifier warning_and_noticed_syntax_error_F, at or near "warning_and_noticed_syntax_error_F"

testing/btest/Baseline/language.at-if-analyze-invalid-3/out

@@ -1,2 +0,0 @@
-### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-error in <...>/at-if-analyze-invalid.zeek, line 4: unknown identifier noticed_syntax_error_T, at or near "noticed_syntax_error_T"

testing/btest/Baseline/language.at-if-analyze-invalid-4/out

@@ -1,2 +0,0 @@
-### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-error in <...>/at-if-analyze-invalid.zeek, line 4: unknown identifier noticed_syntax_error_F, at or near "noticed_syntax_error_F"

testing/btest/Baseline/language.at-if-analyze-invalid-5/out

@@ -1,5 +0,0 @@
-### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-error in <...>/at-if-analyze-invalid.zeek, line 8: record redef cannot appear inside @if &analyze
-error in <...>/at-if-analyze-invalid.zeek, line 9: record redef cannot appear inside @if &analyze
-error in <...>/at-if-analyze-invalid.zeek, line 10: record redef cannot appear inside @if &analyze
-error in <...>/at-if-analyze-invalid.zeek, line 11: enum redef cannot appear inside @if &analyze

testing/btest/Baseline/language.at-if-analyze-invalid-6/out

@@ -1,3 +0,0 @@
-### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-warning in <...>/at-if-analyze-invalid.zeek, line 3: @if &analyze inside regular @if
-error in <...>/at-if-analyze-invalid.zeek, line 11: unknown identifier but_a_syntax_error_here1, at or near "but_a_syntax_error_here1"

testing/btest/Baseline/language.at-if-analyze-invalid-7/out

@@ -1,3 +0,0 @@
-### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-warning in <...>/at-if-analyze-invalid.zeek, line 3: @if &analyze inside conditional
-error in <...>/at-if-analyze-invalid.zeek, line 7: unknown identifier warning_and_noticed_syntax_err_F, at or near "warning_and_noticed_syntax_err_F"

testing/btest/Baseline/language.at-if-analyze-invalid-8/out

@@ -1,3 +0,0 @@
-### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-warning in <...>/at-if-analyze-invalid.zeek, line 5: @if &analyze inside regular @if
-error in <...>/at-if-analyze-invalid.zeek, line 10: unknown identifier but_a_syntax_error_here, at or near "but_a_syntax_error_here"

testing/btest/Baseline/language.at-if-analyze-invalid-9/out

@@ -1,3 +0,0 @@
-### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-warning in <...>/at-if-analyze-invalid.zeek, line 6: @if &analyze inside conditional
-error in <...>/at-if-analyze-invalid.zeek, line 7: unknown identifier warning_and_noticed_syntax_err_T, at or near "warning_and_noticed_syntax_err_T"

testing/btest/Baseline/language.at-if-analyze-invalid/out

@@ -1,3 +0,0 @@
-### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-error in <...>/at-if-analyze-invalid.zeek, line 8: @if &analyze cannot appear inside a function body
-error in <...>/at-if-analyze-invalid.zeek, line 10: unknown identifier warning_and_noticed_syntax_error_T, at or near "warning_and_noticed_syntax_error_T"

testing/btest/Baseline/language.at-if-analyze/.stderr

@@ -1 +0,0 @@
-### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.

testing/btest/Baseline/language.at-if-analyze/out

@@ -1,6 +0,0 @@
-### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-I got called!, should happen
-redef #1
-T/!F
-!F/T
-hi #2!, F, 0, 4

testing/btest/bifs/hll_cluster.zeek

@@ -26,7 +26,7 @@ redef Log::default_rotation_interval = 0secs;
 
 global hll_data: event(data: opaque of cardinality);
 
-@if ( Cluster::local_node_type() == Cluster::WORKER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::WORKER )
 
 event zeek_init()
 	{
@@ -89,7 +89,7 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 
 @endif
 
-@if ( Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
 
 global result_count = 0;
 global hll: opaque of cardinality;

testing/btest/coverage/zeek-profiler-file.zeek

@@ -15,19 +15,9 @@
 @TEST-START-FILE profiling-test1.zeek
 event new_connection(c: connection)
 	{ print "new conn"; }
-
-@if ( F ) &analyze
-event new_connection(c: connection)
-	{ print "hidden new conn"; }
-@endif
 @TEST-END-FILE
 
 @TEST-START-FILE profiling-test2.zeek
 event new_connection(c: connection)
 	{ print "new conn"; }
-
-@if ( F ) &analyze
-event new_connection(c: connection)
-	{ print "hidden new conn"; }
-@endif
 @TEST-END-FILE

testing/btest/language/at-if-analyze-invalid.zeek

@@ -1,108 +0,0 @@
-# @TEST-DOC: Tests that @if/&analyze correctly validates code in non-activated branches
-# @TEST-EXEC: cat %INPUT
-# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1
-# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
-
-event zeek_init()
-	{
-	@if ( T ) &analyze
-	# This should complain because it's inside a body
-	warning_and_noticed_syntax_error_T
-	@endif
-	}
-
-@TEST-START-NEXT
-
-event zeek_init()
-	{
-	@if ( F ) &analyze
-	# This should also complain because it's inside a body
-	warning_and_noticed_syntax_error_F
-	@endif
-	}
-
-@TEST-START-NEXT
-
-@if ( T ) &analyze
-# This should definitely complain ...
-noticed_syntax_error_T
-@endif
-
-@TEST-START-NEXT
-
-@if ( F ) &analyze
-# ... and so should this, even though it's in a non-activated body
-noticed_syntax_error_F
-@endif
-
-@TEST-START-NEXT
-
-type r: record { a: count; };
-type e: enum { FOO };
-
-@if ( F ) &analyze
-# Try a bunch of forbidden redef's: adding a record field, adding/removing
-# attributes, extending an enum.  All should yield complaints.
-redef record r += { redef_disallowed_even_though_F: bool; };
-redef record r$a += { &log };
-redef record r$a -= { &log };
-redef enum e += { redef_disallowed_even_though_F };
-@endif
-
-@TEST-START-NEXT
-
-@if ( F )
-@if ( T ) &analyze
-# Generates a warning because of if-analyze inside a non-if-analyze -
-# but doesn't then analyze the body.
-warning_and_unnoticed_syntax_err_T
-@endif
-@endif
-
-# We add this to make sure there's *some* non-empty output.
-but_a_syntax_error_here1
-
-@TEST-START-NEXT
-
-@if ( T )
-@if ( F ) &analyze
-# In this case, both a warning for the mixed nesting *and*, because the
-# outer conditional is true, a complaint since we go ahead with the
-# if-analyze
-warning_and_noticed_syntax_err_F
-@endif
-@endif
-
-@TEST-START-NEXT
-
-# Similar test but for "@else" branches.
-@if ( T )
-@else
-@if ( F ) &analyze
-warning_and_unnoticed_syntax_err_F
-@endif
-@endif
-
-but_a_syntax_error_here
-
-@TEST-START-NEXT
-
-# Similar test but for "@else" branches.
-@if ( F )
-blah blah blah
-@else
-@if ( T ) &analyze
-warning_and_noticed_syntax_err_T
-@endif
-@endif
-
-@TEST-START-NEXT
-
-# Similar test but for "@else" branches.
-@if ( F )
-blah blah blah
-@else
-@if ( F ) &analyze
-warning_and_noticed_syntax_err_F
-@endif
-@endif

testing/btest/language/at-if-analyze.zeek

@@ -1,93 +0,0 @@
-# @TEST-DOC: Makes sure that code inside not-taken @if/&analyze blocks has its effects correctly unwound
-# @TEST-REQUIRES: test "${ZEEK_USE_CPP}" != "1"
-# @TEST-EXEC: zeek -b %INPUT >out
-# @TEST-EXEC: btest-diff out
-# @TEST-EXEC: btest-diff .stderr
-
-global yep = T &redef;
-global nope = F &redef;
-global redef_me = 0 &redef;
-
-@if ( nope ) &analyze
-	redef nope = F;
-	event zeek_init() # this should not run
-		{
-		print "hi #1!", nope, redef_me;
-		}
-
-	# Neither of these redef's should have lasting effect.
-	@if ( nope ) &analyze
-		redef redef_me = 1;
-	@else
-		redef redef_me = 2;
-	@endif
-@endif
-
-@if ( yep ) &analyze
-	redef yep = F;
-	global old_redef_me = redef_me;
-	event zeek_init() # this should run
-		{
-		print "hi #2!", yep, old_redef_me, redef_me;
-		}
-
-	@if ( yep ) &analyze
-		redef redef_me = 3;
-	@else
-		redef redef_me = 4; # we expect this, since we redef'd "yep"
-	@endif
-@endif
-
-function side_effects(msg: string): bool
-	{
-	print "I got called!", msg;
-	return T;
-	}
-
-global my_table: table[count] of string &default="no redef" &redef;
-
-@if ( T ) &analyze
-global z = side_effects("should happen");
-redef my_table: table[count] of string &default="redef #1";
-@endif
-
-@if ( F ) &analyze
-# Tricky - need to parse/validate the declaration, but not do the init
-global z = side_effects("shouldn't happen");
-redef my_table: table[count] of string &default="redef #2";
-@endif
-
-# Okay, which &default did we actually pick up?
-print my_table[5];
-
-@if ( T ) &analyze
-	@if ( F ) &analyze
-		print "T/F";
-	@else
-		# We expect this one
-		print "T/!F";
-	@endif
-@else
-	# We expect none of these
-	@if ( F ) &analyze
-		print "!T/F";
-	@else
-		print "!T/!F";
-	@endif
-@endif
-
-@if ( F ) &analyze
-	# We expect none of these
-	@if ( F ) &analyze
-		print "F/F";
-	@else
-		print "F/!F";
-	@endif
-@else
-	@if ( T ) &analyze
-		# We expect this one
-		print "!F/T";
-	@else
-		print "!F/!T";
-	@endif
-@endif

testing/btest/scripts/base/files/x509/log-caching-cluster.test

@@ -33,7 +33,7 @@ event terminate_me() {
 	terminate();
 }
 
-@if ( Cluster::local_node_type() == Cluster::WORKER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::WORKER )
 event zeek_init()
 	{
 	suspend_processing();

testing/btest/scripts/base/files/x509/log-caching-disabled-cluster.test

@@ -35,7 +35,7 @@ event terminate_me() {
 	terminate();
 }
 
-@if ( Cluster::local_node_type() == Cluster::WORKER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::WORKER )
 event zeek_init()
 	{
 	suspend_processing();

testing/btest/scripts/base/frameworks/config/basic_cluster.zeek

@@ -43,7 +43,7 @@ event zeek_init()
 	Broker::auto_publish(Cluster::worker_topic, ready_for_data);
 	}
 
-@if ( Cluster::node == "worker-1" ) &analyze
+@if ( Cluster::node == "worker-1" )
 event Cluster::Experimental::cluster_started()
 	{
 	Config::set_value("testport", 44/tcp);

testing/btest/scripts/base/frameworks/config/cluster_resend.zeek

@@ -38,14 +38,14 @@ global n = 0;
 
 event ready_for_data()
 	{
-	if ( Cluster::node == "manager-1" )
+@if ( Cluster::node == "manager-1" )
-		Config::set_value("testcount", 1);
+	Config::set_value("testcount", 1);
+@endif
 
-	if ( Cluster::node == "worker-1" )
+@if ( Cluster::node == "worker-1" )
-		{
+	Config::set_value("testport", 44/tcp);
-		Config::set_value("testport", 44/tcp);
+	Config::set_value("teststring", "b", "comment");
-		Config::set_value("teststring", "b", "comment");
+@endif
-		}
 	}
 
 global option_changed_count = 0;
@@ -72,7 +72,7 @@ event zeek_init() &priority=5
 	Option::set_change_handler("testcount", option_changed, -100);
 	}
 
-@if ( Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
 
 global peer_count = 0;
 event Cluster::node_up(name: string, id: string) &priority=-5

testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek

@@ -94,7 +94,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	terminate();
 	}
 
-@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
 event die()
 	{
 	terminate();

testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek

@@ -33,7 +33,7 @@ redef Log::default_rotation_interval=0sec;
 
 module Intel;
 
-@if ( Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
 redef Intel::read_files += { "../intel.dat" };
 @endif
 

testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek

@@ -20,7 +20,7 @@ redef Cluster::nodes = {
 @load base/frameworks/reporter
 @load base/protocols/conn
 
-@if ( Cluster::node == "worker-1" ) &analyze
+@if ( Cluster::node == "worker-1" )
 redef exit_only_after_terminate = T;
 @endif
 

testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek

@@ -18,7 +18,7 @@ redef Cluster::nodes = {
 @load base/protocols/http
 @load base/frameworks/cluster
 
-@if ( Cluster::node == "worker-1" ) &analyze
+@if ( Cluster::node == "worker-1" )
 redef exit_only_after_terminate = T;
 @endif
 

testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek

@@ -26,7 +26,7 @@ redef exit_only_after_terminate = T;
 
 @load base/frameworks/netcontrol
 
-@if ( Cluster::local_node_type() == Cluster::WORKER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::WORKER )
 event zeek_init()
 	{
 	suspend_processing();

testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek

@@ -61,7 +61,7 @@ event Notice::begin_suppression(ts: time, suppress_for: interval, note: Notice::
 		Broker::publish(Cluster::node_topic("manager-1"), proceed);
 	}
 
-@if ( Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
 
 event Cluster::Experimental::cluster_started()
 	{

testing/btest/scripts/base/frameworks/openflow/log-cluster.zeek

@@ -21,7 +21,7 @@ redef Log::default_rotation_interval = 0secs;
 
 global of_controller: OpenFlow::Controller;
 
-@if ( Cluster::local_node_type() == Cluster::WORKER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::WORKER )
 event zeek_init()
 	{
 	suspend_processing();

testing/btest/scripts/base/frameworks/sumstats/manual-epoch-cluster.zeek

@@ -78,7 +78,7 @@ event ready_for_data()
 	did_data = T;
 	}
 
-@if ( Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
 
 event second_test()
 	{

testing/btest/scripts/base/frameworks/telemetry/cluster.zeek

@@ -66,7 +66,7 @@ event run_test()
 		}
 	}
 
-@if ( Cluster::node == "manager-1" ) &analyze
+@if ( Cluster::node == "manager-1" )
 # Use a dynamic metrics port for testing to avoid colliding on 9911/tcp
 # when running tests in parallel.
 global orig_metrics_port = Broker::metrics_port;

testing/btest/scripts/policy/frameworks/management/controller/agent-checkin.zeek

@@ -22,7 +22,7 @@ redef Management::Agent::name = "agent";
 # Tell the agent where to locate the controller.
 redef Management::Agent::controller = [$address="127.0.0.1", $bound_port=to_port(getenv("ZEEK_CONTROLLER_PORT"))];
 
-@if ( Supervisor::is_supervised() ) &analyze
+@if ( Supervisor::is_supervised() )
 
 @load policy/frameworks/management/agent/api
 

testing/btest/supervisor/config-cluster-pcap.zeek

@@ -11,7 +11,7 @@
 
 redef Log::default_rotation_interval = 0sec;
 
-@if ( Supervisor::is_supervisor() ) &analyze
+@if ( Supervisor::is_supervisor() )
 
 redef SupervisorControl::enable_listen = T;