UID, ..: un-inline methods to reduce header dependencies

Only 1% build time speedup, but still, it declutters the headers a bit.

Before this patch:

 2565.17user 141.83system 2:25.46elapsed 1860%CPU (0avgtext+0avgdata 1489076maxresident)k
 72576inputs+9130920outputs (1667major+49400430minor)pagefaults 0swaps

After this patch:

 2537.19user 142.94system 2:26.90elapsed 1824%CPU (0avgtext+0avgdata 1434268maxresident)k
 16240inputs+8887152outputs (1931major+48728888minor)pagefaults 0swaps

src/Anon.cc

@@ -9,6 +9,7 @@
 #include "net_util.h"
 #include "Val.h"
 #include "NetVar.h"
+#include "Reporter.h"
 
 
 AnonymizeIPAddr* ip_anonymizer[NUM_ADDR_ANONYMIZATION_METHODS] = {0};
@@ -67,6 +68,13 @@ ipaddr32_t AnonymizeIPAddr::Anonymize(ipaddr32_t addr)
 		}
 	}
 
+// Keep the specified prefix unchanged.
+int AnonymizeIPAddr::PreservePrefix(ipaddr32_t /* input */, int /* num_bits */)
+	{
+	reporter->InternalError("prefix preserving is not supported for the anonymizer");
+	return 0;
+	}
+
 int AnonymizeIPAddr::PreserveNet(ipaddr32_t input)
 	{
 	switch ( addr_to_class(ntohl(input)) ) {

src/Anon.h

@@ -13,8 +13,6 @@
 #include <vector>
 #include <map>
 
-#include "Reporter.h"
-
 using std::map;
 
 // TODO: Anon.h may not be the right place to put these functions ...
@@ -46,12 +44,7 @@ public:
 
 	ipaddr32_t Anonymize(ipaddr32_t addr);
 
-	// Keep the specified prefix unchanged.
+	virtual int PreservePrefix(ipaddr32_t input, int num_bits);
-	virtual int PreservePrefix(ipaddr32_t /* input */, int /* num_bits */)
-		{
-		reporter->InternalError("prefix preserving is not supported for the anonymizer");
-		return 0;
-		}
 
 	virtual ipaddr32_t anonymize(ipaddr32_t addr) = 0;
 	

src/Base64.cc

@@ -1,6 +1,8 @@
 #include "zeek-config.h"
 #include "Base64.h"
 #include "BroString.h"
+#include "Reporter.h"
+#include "Conn.h"
 
 #include <math.h>
 
@@ -217,6 +219,14 @@ int Base64Converter::Done(int* pblen, char** pbuf)
 	return 0;
 	}
 
+void Base64Converter::IllegalEncoding(const char* msg)
+		{
+		// strncpy(error_msg, msg, sizeof(error_msg));
+		if ( conn )
+			conn->Weird("base64_illegal_encoding", msg);
+		else
+			reporter->Error("%s", msg);
+		}
 
 BroString* decode_base64(const BroString* s, const BroString* a, Connection* conn)
 	{
@@ -268,4 +278,3 @@ BroString* encode_base64(const BroString* s, const BroString* a, Connection* con
 
 	return new BroString(1, (u_char*)outbuf, outlen);
 	}
-

src/Base64.h

@@ -1,9 +1,11 @@
 #pragma once
 
-#include "Reporter.h"
+#include <string>
-#include "Conn.h"
+
+using std::string;
 
 class BroString;
+class Connection;
 
 // Maybe we should have a base class for generic decoders?
 class Base64Converter {
@@ -36,14 +38,7 @@ public:
 	int Errored() const	{ return errored; }
 
 	const char* ErrorMsg() const	{ return error_msg; }
-	void IllegalEncoding(const char* msg)
+	void IllegalEncoding(const char* msg);
-		{
-		// strncpy(error_msg, msg, sizeof(error_msg));
-		if ( conn )
-			conn->Weird("base64_illegal_encoding", msg);
-		else
-			reporter->Error("%s", msg);
-		}
 
 protected:
 	char error_msg[256];

src/BroString.cc

@@ -10,6 +10,7 @@
 #include "Val.h"
 #include "Var.h"
 #include "Reporter.h"
+#include "util.h"
 
 #ifdef DEBUG
 #define DEBUG_STR(msg) DBG_LOG(DBG_STRING, msg)
@@ -274,6 +275,11 @@ void BroString::ToUpper()
 			b[i] = toupper(b[i]);
 	}
 
+unsigned int BroString::MemoryAllocation() const
+	{
+	return padded_sizeof(*this) + pad_size(n + final_NUL);
+	}
+
 BroString* BroString::GetSubstring(int start, int len) const
 	{
 	// This code used to live in zeek.bif's sub_bytes() routine.

src/BroString.h

@@ -2,8 +2,6 @@
 
 #pragma once
 
-#include "util.h"
-
 #include <vector>
 #include <string>
 #include <iosfwd>
@@ -114,8 +112,7 @@ public:
 	// XXX and to_upper; the latter doesn't use BroString::ToUpper().
 	void ToUpper();
 
-	unsigned int MemoryAllocation() const
+	unsigned int MemoryAllocation() const;
-		{ return padded_sizeof(*this) + pad_size(n + final_NUL); }
 
 	// Returns new string containing the substring of this string,
 	// starting at @start >= 0 for going up to @length elements,

src/CCL.cc

@@ -43,3 +43,8 @@ void CCL::Sort()
 	{
 	std::sort(syms->begin(), syms->end());
 	}
+
+unsigned int CCL::MemoryAllocation() const
+	{
+	return padded_sizeof(*this) + padded_sizeof(*syms) + pad_size(syms->size() * sizeof(int_list::value_type));
+	}

src/CCL.h

@@ -25,8 +25,7 @@ public:
 	void ReplaceSyms(int_list* new_syms)
 				{ delete syms; syms = new_syms; }
 
-	unsigned int MemoryAllocation() const
+	unsigned int MemoryAllocation() const;
-		{ return padded_sizeof(*this) + padded_sizeof(*syms) + pad_size(syms->size() * sizeof(int_list::value_type)); }
 
 protected:
 	int_list* syms;

src/Event.cc

@@ -7,6 +7,7 @@
 #include "Func.h"
 #include "NetVar.h"
 #include "Trigger.h"
+#include "Val.h"
 #include "plugin/Manager.h"
 
 EventMgr mgr;
@@ -102,6 +103,19 @@ EventMgr::~EventMgr()
 	Unref(src_val);
 	}
 
+void EventMgr::QueueEvent(const EventHandlerPtr &h, val_list vl,
+			  SourceID src, analyzer::ID aid,
+			  TimerMgr* mgr, BroObj* obj)
+	{
+	if ( h )
+		QueueEvent(new Event(h, std::move(vl), src, aid, mgr, obj));
+	else
+		{
+		for ( const auto& v : vl )
+			Unref(v);
+		}
+	}
+
 void EventMgr::QueueEvent(Event* event)
 	{
 	bool done = PLUGIN_HOOK_WITH_RESULT(HOOK_QUEUE_EVENT, HookQueueEvent(event), false);
@@ -120,6 +134,13 @@ void EventMgr::QueueEvent(Event* event)
 	++num_events_queued;
 	}
 
+void EventMgr::Dispatch(Event* event, bool no_remote)
+	{
+	current_src = event->Source();
+	event->Dispatch(no_remote);
+	Unref(event);
+	}
+
 void EventMgr::Drain()
 	{
 	if ( event_queue_flush_point )

src/Event.h

@@ -2,8 +2,8 @@
 
 #pragma once
 
+#include "BroList.h"
 #include "analyzer/Analyzer.h"
-#include "Val.h"
 
 class EventMgr;
 
@@ -77,16 +77,7 @@ public:
 	// existence check.
 	void QueueEvent(const EventHandlerPtr &h, val_list vl,
 			SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0,
-			TimerMgr* mgr = 0, BroObj* obj = 0)
+			TimerMgr* mgr = 0, BroObj* obj = 0);
-		{
-		if ( h )
-			QueueEvent(new Event(h, std::move(vl), src, aid, mgr, obj));
-		else
-			{
-			for ( const auto& v : vl )
-				Unref(v);
-			}
-		}
 
 	// Same as QueueEvent, except taking the event's argument list via a
 	// pointer instead of by value.  This function takes ownership of the
@@ -100,12 +91,7 @@ public:
 		delete vl;
 		}
 
-	void Dispatch(Event* event, bool no_remote = false)
+	void Dispatch(Event* event, bool no_remote = false);
-		{
-		current_src = event->Source();
-		event->Dispatch(no_remote);
-		Unref(event);
-		}
 
 	void Drain();
 	bool IsDraining() const	{ return draining; }

src/Expr.cc

@@ -135,12 +135,32 @@ Val* Expr::InitVal(const BroType* t, Val* aggr) const
 	return check_and_promote(Eval(0), t, 1);
 	}
 
+int Expr::IsError() const
+	{
+	return type && type->Tag() == TYPE_ERROR;
+	}
+
+void Expr::SetError()
+	{
+	SetType(error_type());
+	}
+
 void Expr::SetError(const char* msg)
 	{
 	Error(msg);
 	SetError();
 	}
 
+int Expr::IsZero() const
+	{
+	return IsConst() && ExprVal()->IsZero();
+	}
+
+int Expr::IsOne() const
+	{
+	return IsConst() && ExprVal()->IsOne();
+	}
+
 void Expr::Describe(ODesc* d) const
 	{
 	if ( IsParen() && ! d->IsBinary() )
@@ -2079,6 +2099,11 @@ AssignExpr::AssignExpr(Expr* arg_op1, Expr* arg_op2, int arg_is_init,
 	SetLocationInfo(arg_op1->GetLocationInfo(), arg_op2->GetLocationInfo());
 	}
 
+AssignExpr::~AssignExpr()
+	{
+	Unref(val);
+	}
+
 bool AssignExpr::TypeCheck(attr_list* attrs)
 	{
 	TypeTag bt1 = op1->Type()->Tag();

src/Expr.h

@@ -7,7 +7,6 @@
 #include "BroList.h"
 #include "Timer.h"
 #include "Type.h"
-#include "Val.h"
 #include "EventHandler.h"
 #include "TraverseTypes.h"
 
@@ -119,10 +118,10 @@ public:
 	int IsConst() const	{ return tag == EXPR_CONST; }
 
 	// True if the expression is in error (to alleviate error propagation).
-	int IsError() const	{ return type && type->Tag() == TYPE_ERROR; }
+	int IsError() const;
 
 	// Mark expression as in error.
-	void SetError()		{ SetType(error_type()); }
+	void SetError();
 	void SetError(const char* msg);
 
 	// Returns the expression's constant value, or complains
@@ -130,16 +129,10 @@ public:
 	inline Val* ExprVal() const;
 
 	// True if the expression is a constant zero, false otherwise.
-	int IsZero() const
+	int IsZero() const;
-		{
-		return IsConst() && ExprVal()->IsZero();
-		}
 
 	// True if the expression is a constant one, false otherwise.
-	int IsOne() const
+	int IsOne() const;
-		{
-		return IsConst() && ExprVal()->IsOne();
-		}
 
 	// True if the expression supports the "add" or "delete" operations,
 	// false otherwise.
@@ -605,7 +598,7 @@ public:
 	// If val is given, evaluating this expression will always yield the val
 	// yet still perform the assignment.  Used for triggers.
 	AssignExpr(Expr* op1, Expr* op2, int is_init, Val* val = 0, attr_list* attrs = 0);
-	~AssignExpr() override { Unref(val); }
+	~AssignExpr() override;
 
 	Val* Eval(Frame* f) const override;
 	void EvalIntoAggregate(const BroType* t, Val* aggr, Frame* f) const override;

src/Frame.cc

@@ -9,6 +9,7 @@
 #include "Desc.h"
 #include "IntrusivePtr.h"
 #include "Trigger.h"
+#include "Val.h"
 
 vector<Frame*> g_frame_stack;
 
@@ -535,6 +536,14 @@ void Frame::ClearTrigger()
 	trigger = nullptr;
 	}
 
+void Frame::UnrefElement(int n)
+	{
+	if ( weak_refs && weak_refs[n] )
+		return;
+
+	Unref(frame[n]);
+	}
+
 bool Frame::IsOuterID(const ID* in) const
 	{
 	return std::any_of(outer_ids.begin(), outer_ids.end(),

src/Frame.h

@@ -3,7 +3,7 @@
 #pragma once
 
 #include "BroList.h" // for typedef val_list
-#include "Val.h"
+#include "Obj.h"
 
 #include <unordered_map>
 #include <string>
@@ -235,13 +235,7 @@ private:
 	/**
 	 * Unrefs the value at offset 'n' frame unless it's a weak reference.
 	 */
-	void UnrefElement(int n)
+	void UnrefElement(int n);
-		{
-		if ( weak_refs && weak_refs[n] )
-			return;
-
-		Unref(frame[n]);
-		}
 
 	/** Have we captured this id? */
 	bool IsOuterID(const ID* in) const;

src/ID.cc

@@ -3,12 +3,14 @@
 #include "zeek-config.h"
 
 #include "ID.h"
+#include "Attr.h"
 #include "Desc.h"
 #include "Expr.h"
 #include "Dict.h"
 #include "EventRegistry.h"
 #include "Func.h"
 #include "Scope.h"
+#include "Type.h"
 #include "File.h"
 #include "Scope.h"
 #include "Traverse.h"
@@ -56,6 +58,11 @@ string ID::ModuleName() const
 	return extract_module_name(name);
 	}
 
+void ID::SetType(BroType* t)
+	{
+	Unref(type); type = t;
+	}
+
 void ID::ClearVal()
 	{
 	if ( ! weak_ref )
@@ -148,6 +155,11 @@ void ID::SetVal(Expr* ev, init_class c)
 	EvalFunc(a->AttrExpr(), ev);
 	}
 
+bool ID::IsRedefinable() const
+	{
+	return FindAttr(ATTR_REDEF) != 0;
+	}
+
 void ID::SetAttrs(Attributes* a)
 	{
 	Unref(attrs);
@@ -194,6 +206,16 @@ void ID::UpdateValAttrs()
 		}
 	}
 
+Attr* ID::FindAttr(attr_tag t) const
+	{
+	return attrs ? attrs->FindAttr(t) : 0;
+	}
+
+bool ID::IsDeprecated() const
+	{
+	return FindAttr(ATTR_DEPRECATED) != 0;
+	}
+
 void ID::MakeDeprecated(Expr* deprecation)
 	{
 	if ( IsDeprecated() )

src/ID.h

@@ -3,7 +3,6 @@
 #pragma once
 
 #include "Obj.h"
-#include "Type.h"
 #include "Attr.h"
 #include "Notifier.h"
 #include "TraverseTypes.h"
@@ -36,7 +35,7 @@ public:
 
 	std::string ModuleName() const;
 
-	void SetType(BroType* t)	{ Unref(type); type = t; }
+	void SetType(BroType* t);
 	BroType* Type()			{ return type; }
 	const BroType* Type() const	{ return type; }
 
@@ -74,7 +73,7 @@ public:
 	void SetOffset(int arg_offset)	{ offset = arg_offset; }
 	int Offset() const		{ return offset; }
 
-	bool IsRedefinable() const	{ return FindAttr(ATTR_REDEF) != 0; }
+	bool IsRedefinable() const;
 
 	void SetAttrs(Attributes* attr);
 	void AddAttrs(Attributes* attr);
@@ -82,11 +81,9 @@ public:
 	void UpdateValAttrs();
 	Attributes* Attrs() const	{ return attrs; }
 
-	Attr* FindAttr(attr_tag t) const
+	Attr* FindAttr(attr_tag t) const;
-		{ return attrs ? attrs->FindAttr(t) : 0; }
 
-	bool IsDeprecated() const
+	bool IsDeprecated() const;
-		{ return FindAttr(ATTR_DEPRECATED) != 0; }
 
 	void MakeDeprecated(Expr* deprecation);
 

src/IP.cc

@@ -6,9 +6,11 @@
 #include <netinet/in.h>
 #include <netinet/icmp6.h>
 
+#include "IPAddr.h"
 #include "Type.h"
 #include "Val.h"
 #include "Var.h"
+#include "Reporter.h"
 
 static RecordType* ip4_hdr_type = 0;
 static RecordType* ip6_hdr_type = 0;
@@ -305,6 +307,26 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const
 	return rv;
 	}
 
+IPAddr IP_Hdr::IPHeaderSrcAddr() const
+	{
+	return ip4 ? IPAddr(ip4->ip_src) : IPAddr(ip6->ip6_src);
+	}
+
+IPAddr IP_Hdr::IPHeaderDstAddr() const
+	{
+	return ip4 ? IPAddr(ip4->ip_dst) : IPAddr(ip6->ip6_dst);
+	}
+
+IPAddr IP_Hdr::SrcAddr() const
+	{
+	return ip4 ? IPAddr(ip4->ip_src) : ip6_hdrs->SrcAddr();
+	}
+
+IPAddr IP_Hdr::DstAddr() const
+	{
+	return ip4 ? IPAddr(ip4->ip_dst) : ip6_hdrs->DstAddr();
+	}
+
 RecordVal* IP_Hdr::BuildIPHdrVal() const
 	{
 	RecordVal* rval = 0;
@@ -447,6 +469,15 @@ static inline bool isIPv6ExtHeader(uint8_t type)
 	}
 	}
 
+IPv6_Hdr_Chain::~IPv6_Hdr_Chain()
+	{
+	for ( size_t i = 0; i < chain.size(); ++i ) delete chain[i];
+#ifdef ENABLE_MOBILE_IPV6
+	delete homeAddr;
+#endif
+	delete finalDst;
+	}
+
 void IPv6_Hdr_Chain::Init(const struct ip6_hdr* ip6, int total_len,
                           bool set_next, uint16_t next)
 	{
@@ -511,6 +542,46 @@ void IPv6_Hdr_Chain::Init(const struct ip6_hdr* ip6, int total_len,
 				  isIPv6ExtHeader(next_type) );
 	}
 
+bool IPv6_Hdr_Chain::IsFragment() const
+	{
+	if ( chain.empty() )
+		{
+		reporter->InternalWarning("empty IPv6 header chain");
+		return false;
+		}
+
+	return chain[chain.size()-1]->Type() == IPPROTO_FRAGMENT;
+	}
+
+IPAddr IPv6_Hdr_Chain::SrcAddr() const
+	{
+#ifdef ENABLE_MOBILE_IPV6
+	if ( homeAddr )
+		return IPAddr(*homeAddr);
+#endif
+	if ( chain.empty() )
+		{
+		reporter->InternalWarning("empty IPv6 header chain");
+		return IPAddr();
+		}
+
+	return IPAddr(((const struct ip6_hdr*)(chain[0]->Data()))->ip6_src);
+	}
+
+IPAddr IPv6_Hdr_Chain::DstAddr() const
+	{
+	if ( finalDst )
+		return IPAddr(*finalDst);
+
+	if ( chain.empty() )
+		{
+		reporter->InternalWarning("empty IPv6 header chain");
+		return IPAddr();
+		}
+
+	return IPAddr(((const struct ip6_hdr*)(chain[0]->Data()))->ip6_dst);
+	}
+
 void IPv6_Hdr_Chain::ProcessRoutingHeader(const struct ip6_rthdr* r, uint16_t len)
 	{
 	if ( finalDst )

src/IP.h

@@ -3,16 +3,23 @@
 #pragma once
 
 #include "zeek-config.h"
-#include "IPAddr.h"
+
-#include "Reporter.h"
 #include <vector>
 
 #include <sys/types.h> // for u_char
 #include <netinet/in.h>
 #include <netinet/ip.h>
 
+#ifdef HAVE_NETINET_IP6_H
+#include <netinet/ip6.h>
+#endif
+
 using std::vector;
 
+class IPAddr;
+class RecordVal;
+class VectorVal;
+
 #ifdef ENABLE_MOBILE_IPV6
 
 #ifndef IPPROTO_MOBILITY
@@ -148,14 +155,7 @@ public:
 		finalDst(0)
 		{ Init(ip6, len, false); }
 
-	~IPv6_Hdr_Chain()
+	~IPv6_Hdr_Chain();
-		{
-		for ( size_t i = 0; i < chain.size(); ++i ) delete chain[i];
-#ifdef ENABLE_MOBILE_IPV6
-		delete homeAddr;
-#endif
-		delete finalDst;
-		}
 
 	/**
 	 * @return a copy of the header chain, but with pointers to individual
@@ -181,16 +181,7 @@ public:
 	/**
 	 * Returns whether the header chain indicates a fragmented packet.
 	 */
-	bool IsFragment() const
+	bool IsFragment() const;
-		{
-		if ( chain.empty() )
-			{
-			reporter->InternalWarning("empty IPv6 header chain");
-			return false;
-			}
-
-		return chain[chain.size()-1]->Type() == IPPROTO_FRAGMENT;
-		}
 
 	/**
 	 * Returns pointer to fragment header structure if the chain contains one.
@@ -225,39 +216,14 @@ public:
 	 * option as defined by Mobile IPv6 (RFC 6275), then return it, else
 	 * return the source address in the main IPv6 header.
 	 */
-	IPAddr SrcAddr() const
+	IPAddr SrcAddr() const;
-		{
-#ifdef ENABLE_MOBILE_IPV6
-		if ( homeAddr )
-			return IPAddr(*homeAddr);
-#endif
-		if ( chain.empty() )
-			{
-			reporter->InternalWarning("empty IPv6 header chain");
-			return IPAddr();
-			}
-
-		return IPAddr(((const struct ip6_hdr*)(chain[0]->Data()))->ip6_src);
-		}
 
 	/**
 	 * If the chain contains a Routing header with non-zero segments left,
 	 * then return the last address of the first such header, else return
 	 * the destination address of the main IPv6 header.
 	 */
-	IPAddr DstAddr() const
+	IPAddr DstAddr() const;
-		{
-		if ( finalDst )
-			return IPAddr(*finalDst);
-
-		if ( chain.empty() )
-			{
-			reporter->InternalWarning("empty IPv6 header chain");
-			return IPAddr();
-			}
-
-		return IPAddr(((const struct ip6_hdr*)(chain[0]->Data()))->ip6_dst);
-		}
 
 	/**
 	 * Returns a vector of ip6_ext_hdr RecordVals that includes script-layer
@@ -401,22 +367,19 @@ public:
 	/**
 	 * Returns the source address held in the IP header.
 	 */
-	IPAddr IPHeaderSrcAddr() const
+	IPAddr IPHeaderSrcAddr() const;
-		{ return ip4 ? IPAddr(ip4->ip_src) : IPAddr(ip6->ip6_src); }
 
 	/**
 	 * Returns the destination address held in the IP header.
 	 */
-	IPAddr IPHeaderDstAddr() const
+	IPAddr IPHeaderDstAddr() const;
-		{ return ip4 ? IPAddr(ip4->ip_dst) : IPAddr(ip6->ip6_dst); }
 
 	/**
 	 * For IPv4 or IPv6 headers that don't contain a Home Address option
 	 * (Mobile IPv6, RFC 6275), return source address held in the IP header.
 	 * For IPv6 headers that contain a Home Address option, return that address.
 	 */
-	IPAddr SrcAddr() const
+	IPAddr SrcAddr() const;
-		{ return ip4 ? IPAddr(ip4->ip_src) : ip6_hdrs->SrcAddr(); }
 
 	/**
 	 * For IPv4 or IPv6 headers that don't contain a Routing header with
@@ -424,8 +387,7 @@ public:
 	 * For IPv6 headers with a Routing header that has non-zero segments left,
 	 * return the last address in the first such Routing header.
 	 */
-	IPAddr DstAddr() const
+	IPAddr DstAddr() const;
-		{ return ip4 ? IPAddr(ip4->ip_dst) : ip6_hdrs->DstAddr(); }
 
 	/**
 	 * Returns a pointer to the payload of the IP packet, usually an

src/IPAddr.cc

@@ -5,7 +5,9 @@
 #include <vector>
 #include "IPAddr.h"
 #include "Reporter.h"
+#include "BroString.h"
 #include "Conn.h"
+#include "Hash.h"
 #include "bro_inet_ntop.h"
 
 #include "analyzer/Manager.h"
@@ -45,6 +47,16 @@ ConnIDKey BuildConnIDKey(const ConnID& id)
 	return key;
 	}
 
+IPAddr::IPAddr(const BroString& s)
+	{
+	Init(s.CheckString());
+	}
+
+HashKey* IPAddr::GetHashKey() const
+	{
+	return new HashKey((void*)in6.s6_addr, sizeof(in6.s6_addr));
+	}
+
 static inline uint32_t bit_mask32(int bottom_bits)
 	{
 	if ( bottom_bits >= 32 )
@@ -290,6 +302,19 @@ string IPPrefix::AsString() const
 	return prefix.AsString() +"/" + l;
 	}
 
+HashKey* IPPrefix::GetHashKey() const
+	{
+	struct {
+		in6_addr ip;
+		uint32_t len;
+	} key;
+
+	key.ip = prefix.in6;
+	key.len = Length();
+
+	return new HashKey(&key, sizeof(key));
+	}
+
 bool IPPrefix::ConvertString(const char* text, IPPrefix* result)
 	{
 	string s(text);

src/IPAddr.h

@@ -2,8 +2,6 @@
 
 #pragma once
 
-#include "BroString.h"
-#include "Hash.h"
 #include "threading/SerialTypes.h"
 
 #include <netinet/in.h>
@@ -13,6 +11,8 @@
 
 using std::string;
 struct ConnID;
+class BroString;
+class HashKey;
 namespace analyzer { class ExpectedConn; }
 
 typedef in_addr in4_addr;
@@ -112,10 +112,7 @@ public:
 	 * @param s String containing an IP address as either a dotted IPv4
 	 * address or a hex IPv6 address.
 	 */
-	explicit IPAddr(const BroString& s)
+	explicit IPAddr(const BroString& s);
-		{
-		Init(s.CheckString());
-		}
 
 	/**
 	 * Constructs an address instance from a raw byte representation.
@@ -254,10 +251,7 @@ public:
 	 * Returns a key that can be used to lookup the IP Address in a hash
 	 * table. Passes ownership to caller.
 	 */
-	HashKey* GetHashKey() const
+	HashKey* GetHashKey() const;
-		{
-		return new HashKey((void*)in6.s6_addr, sizeof(in6.s6_addr));
-		}
 
 	/**
 	 * Masks out lower bits of the address.
@@ -639,18 +633,7 @@ public:
 	 * Returns a key that can be used to lookup the IP Prefix in a hash
 	 * table. Passes ownership to caller.
 	 */
-	HashKey* GetHashKey() const
+	HashKey* GetHashKey() const;
-		{
-		struct {
-			in6_addr ip;
-			uint32_t len;
-		} key;
-
-		key.ip = prefix.in6;
-		key.len = Length();
-
-		return new HashKey(&key, sizeof(key));
-		}
 
 	/** Converts the prefix into the type used internally by the
 	  * inter-thread communication.

src/RuleAction.cc

@@ -12,6 +12,11 @@ using std::string;
 
 #include "analyzer/Manager.h"
 
+RuleActionEvent::RuleActionEvent(const char* arg_msg)
+	{
+	msg = copy_string(arg_msg);
+	}
+
 void RuleActionEvent::DoAction(const Rule* parent, RuleEndpointState* state,
 				const u_char* data, int len)
 	{
@@ -30,6 +35,12 @@ void RuleActionEvent::PrintDebug()
 	fprintf(stderr, "	RuleActionEvent: |%s|\n", msg);
 	}
 
+RuleActionMIME::RuleActionMIME(const char* arg_mime, int arg_strength)
+	{
+	mime = copy_string(arg_mime);
+	strength = arg_strength;
+	}
+
 void RuleActionMIME::PrintDebug()
 	{
 	fprintf(stderr, "	RuleActionMIME: |%s|\n", mime);

src/RuleAction.h

@@ -1,7 +1,5 @@
 #pragma once
 
-#include "util.h"
-
 #include "analyzer/Tag.h"
 
 #include <string>
@@ -27,7 +25,7 @@ public:
 // Implements the "event" keyword.
 class RuleActionEvent : public RuleAction {
 public:
-	explicit RuleActionEvent(const char* arg_msg)	{ msg = copy_string(arg_msg); }
+	explicit RuleActionEvent(const char* arg_msg);
 	~RuleActionEvent() override { delete [] msg; }
 
 	void DoAction(const Rule* parent, RuleEndpointState* state,
@@ -41,8 +39,7 @@ private:
 
 class RuleActionMIME : public RuleAction {
 public:
-	explicit RuleActionMIME(const char* arg_mime, int arg_strength = 0)
+	explicit RuleActionMIME(const char* arg_mime, int arg_strength = 0);
-		{ mime = copy_string(arg_mime); strength = arg_strength; }
 
 	~RuleActionMIME() override
 		{ delete [] mime; }

src/Stmt.cc

@@ -93,6 +93,14 @@ void Stmt::Describe(ODesc* d) const
 		AddTag(d);
 	}
 
+void Stmt::DecrBPCount()
+	{
+	if ( breakpoint_count )
+		--breakpoint_count;
+	else
+		reporter->InternalError("breakpoint count decremented below 0");
+	}
+
 void Stmt::AddTag(ODesc* d) const
 	{
 	if ( d->IsBinary() )
@@ -1643,6 +1651,13 @@ void EventBodyList::Describe(ODesc* d) const
 		StmtList::Describe(d);
 	}
 
+InitStmt::InitStmt(id_list* arg_inits) : Stmt(STMT_INIT)
+	{
+	inits = arg_inits;
+	if ( arg_inits && arg_inits->length() )
+		SetLocationInfo((*arg_inits)[0]->GetLocationInfo());
+	}
+
 InitStmt::~InitStmt()
 	{
 	for ( const auto& init : *inits )

src/Stmt.h

@@ -8,7 +8,6 @@
 #include "Dict.h"
 #include "ID.h"
 #include "Obj.h"
-#include "Reporter.h"
 
 #include "StmtEnums.h"
 
@@ -63,13 +62,7 @@ public:
 	void Describe(ODesc* d) const override;
 
 	virtual void IncrBPCount()	{ ++breakpoint_count; }
-	virtual void DecrBPCount()
+	virtual void DecrBPCount();
-		{
-		if ( breakpoint_count )
-			--breakpoint_count;
-		else
-			reporter->InternalError("breakpoint count decremented below 0");
-		}
 
 	virtual unsigned int BPCount() const	{ return breakpoint_count; }
 
@@ -436,12 +429,7 @@ protected:
 
 class InitStmt : public Stmt {
 public:
-	explicit InitStmt(id_list* arg_inits) : Stmt(STMT_INIT)
+	explicit InitStmt(id_list* arg_inits);
-		{
-		inits = arg_inits;
-		if ( arg_inits && arg_inits->length() )
-			SetLocationInfo((*arg_inits)[0]->GetLocationInfo());
-		}
 
 	~InitStmt() override;
 

src/Trigger.cc

@@ -475,6 +475,11 @@ void Trigger::Disable()
 	disabled = true;
 	}
 
+void Trigger::Describe(ODesc* d) const
+	{
+	d->Add("<trigger>");
+	}
+
 void Trigger::Modified(notifier::Modifiable* m)
 	{
 	trigger_mgr->Queue(this);

src/Trigger.h

@@ -1,7 +1,6 @@
 #pragma once
 
 #include "Obj.h"
-#include "Desc.h"
 #include "Notifier.h"
 #include "iosource/IOSource.h"
 
@@ -15,6 +14,7 @@ class Stmt;
 class Frame;
 class Val;
 class ID;
+class ODesc;
 
 namespace trigger {
 // Triggers are the heart of "when" statements: expressions that when
@@ -69,8 +69,7 @@ public:
 
 	bool Disabled() const { return disabled; }
 
-	void Describe(ODesc* d) const override
+	void Describe(ODesc* d) const override;
-		{ d->Add("<trigger>"); }
 
 	// Overidden from Notifier.  We queue the trigger and evaluate it
 	// later to avoid race conditions.

src/Type.cc

@@ -273,6 +273,13 @@ void TypeList::Describe(ODesc* d) const
 		}
 	}
 
+unsigned int TypeList::MemoryAllocation() const
+	{
+	return BroType::MemoryAllocation()
+		+ padded_sizeof(*this) - padded_sizeof(BroType)
+		+ types.MemoryAllocation() - padded_sizeof(types);
+	}
+
 IndexType::~IndexType()
 	{
 	Unref(indices);

src/Type.h

@@ -318,12 +318,7 @@ public:
 
 	void Describe(ODesc* d) const override;
 
-	unsigned int MemoryAllocation() const override
+	unsigned int MemoryAllocation() const override;
-		{
-		return BroType::MemoryAllocation()
-			+ padded_sizeof(*this) - padded_sizeof(BroType)
-			+ types.MemoryAllocation() - padded_sizeof(types);
-		}
 
 protected:
 	BroType* pure_type;

src/UID.cc

@@ -1,6 +1,8 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "UID.h"
+#include "Reporter.h"
+#include "util.h"
 
 #include <cstdlib>
 
@@ -26,3 +28,15 @@ void UID::Set(bro_uint_t bits, const uint64_t* v, size_t n)
 	if ( res.rem )
 		uid[0] >>= 64 - res.rem;
 	}
+
+std::string UID::Base62(std::string prefix) const
+	{
+	if ( ! initialized )
+		reporter->InternalError("use of uninitialized UID");
+
+	char tmp[sizeof(uid) * 8 + 1];  // enough for even binary representation
+	for ( size_t i = 0; i < BRO_UID_LEN; ++i )
+		prefix.append(uitoa_n(uid[i], tmp, sizeof(tmp), 62));
+
+	return prefix;
+	}

src/UID.h

@@ -2,7 +2,6 @@
 
 #pragma once
 
-#include "Reporter.h"
 #include "util.h" // for bro_int_t
 
 #include <string>
@@ -99,16 +98,4 @@ inline UID& UID::operator=(const UID& other)
 	return *this;
 	}
 
-inline std::string UID::Base62(std::string prefix) const
-	{
-	if ( ! initialized )
-		reporter->InternalError("use of uninitialized UID");
-
-	char tmp[sizeof(uid) * 8 + 1];  // enough for even binary representation
-	for ( size_t i = 0; i < BRO_UID_LEN; ++i )
-		prefix.append(uitoa_n(uid[i], tmp, sizeof(tmp), 62));
-
-	return prefix;
-	}
-
 } // namespace Bro

src/Val.cc

@@ -13,11 +13,13 @@
 #include <stdio.h>
 #include <stdlib.h>
 
+#include "Attr.h"
 #include "Net.h"
 #include "File.h"
 #include "Func.h"
 #include "Desc.h"
 #include "IntrusivePtr.h"
+#include "ID.h"
 #include "RE.h"
 #include "Scope.h"
 #include "NetVar.h"
@@ -360,6 +362,14 @@ void Val::ValDescribeReST(ODesc* d) const
 	}
 
 
+#ifdef DEBUG
+void Val::SetID(ID* id)
+	{
+	delete [] bound_id;
+	bound_id = id ? copy_string(id->Name()) : 0;
+	}
+#endif
+
 bool Val::WouldOverflow(const BroType* from_type, const BroType* to_type, const Val* val)
 	{
 	if ( !to_type || !from_type )
@@ -1993,6 +2003,11 @@ ListVal* TableVal::ConvertToPureList() const
 	return ConvertToList((*tl)[0]->Tag());
 	}
 
+Attr* TableVal::FindAttr(attr_tag t) const
+	{
+	return attrs ? attrs->FindAttr(t) : 0;
+	}
+
 void TableVal::Describe(ODesc* d) const
 	{
 	const PDict<TableEntryVal>* tbl = AsTable();

src/Val.h

@@ -6,9 +6,7 @@
 #include "Dict.h"
 #include "CompHash.h"
 #include "BroString.h"
-#include "Attr.h"
 #include "Timer.h"
-#include "ID.h"
 #include "Scope.h"
 #include "Notifier.h"
 #include "RE.h"
@@ -293,11 +291,7 @@ public:
 		return bound_id ? global_scope()->Lookup(bound_id) : 0;
 		}
 
-	void SetID(ID* id)
+	void SetID(ID* id);
-		{
-		delete [] bound_id;
-		bound_id = id ? copy_string(id->Name()) : 0;
-		}
 #endif
 
 	static bool WouldOverflow(const BroType* from_type, const BroType* to_type, const Val* val);
@@ -792,8 +786,7 @@ public:
 	ListVal* ConvertToPureList() const;	// must be single index type
 
 	void SetAttrs(Attributes* attrs);
-	Attr* FindAttr(attr_tag t) const
+	Attr* FindAttr(attr_tag t) const;
-		{ return attrs ? attrs->FindAttr(t) : 0; }
 	Attributes* Attrs()	{ return attrs; }
 
 	// Returns the size of the table.

src/broker/Data.cc

@@ -1,5 +1,6 @@
 #include "Data.h"
 #include "File.h"
+#include "Desc.h"
 #include "IntrusivePtr.h"
 #include "module_util.h"
 #include "3rdparty/doctest.h"
@@ -1150,6 +1151,13 @@ broker::data& bro_broker::opaque_field_to_data(RecordVal* v, Frame* f)
 	return static_cast<DataVal*>(d)->data;
 	}
 
+void bro_broker::DataVal::ValDescribe(ODesc* d) const
+	{
+	d->Add("broker::data{");
+	d->Add(broker::to_string(data));
+	d->Add("}");
+	}
+
 bool bro_broker::DataVal::canCastTo(BroType* t) const
 	{
 	return data_type_check(data, t);

src/broker/Data.h

@@ -4,12 +4,13 @@
 #include "Reporter.h"
 #include "Frame.h"
 #include "Expr.h"
-#include "Desc.h"
 #include "Var.h" // for internal_type()
 
 template <class T>
 class IntrusivePtr;
 
+class ODesc;
+
 namespace bro_broker {
 
 extern OpaqueType* opaque_of_data_type;
@@ -102,12 +103,7 @@ public:
 		: OpaqueVal(bro_broker::opaque_of_data_type), data(std::move(arg_data))
 		{}
 
-	void ValDescribe(ODesc* d) const override
+	void ValDescribe(ODesc* d) const override;
-		{
-		d->Add("broker::data{");
-		d->Add(broker::to_string(data));
-		d->Add("}");
-		}
 
 	IntrusivePtr<Val> castTo(BroType* t);
 	bool canCastTo(BroType* t) const;

src/iosource/Packet.cc

@@ -1,7 +1,7 @@
-
 #include "Packet.h"
 #include "Sessions.h"
 #include "Desc.h"
+#include "IP.h"
 #include "iosource/Manager.h"
 
 extern "C" {
@@ -62,6 +62,11 @@ void Packet::Init(int arg_link_type, pkt_timeval *arg_ts, uint32_t arg_caplen,
 		ProcessLayer2();
 	}
 
+const IP_Hdr Packet::IP() const
+	{
+	return IP_Hdr((struct ip *) (data + hdr_size), false);
+	}
+
 void Packet::Weird(const char* name)
 	{
 	sessions->Weird(name, this);

src/iosource/Packet.h

@@ -1,7 +1,5 @@
 #pragma once
 
-#include "IP.h"
-
 #include <string>
 
 #include <stdint.h>
@@ -16,6 +14,8 @@ typedef struct timeval pkt_timeval;
 
 class Val;
 class ODesc;
+class IP_Hdr;
+class RecordVal;
 
 /**
  * The Layer 3 type of a packet, as determined by the parsing code in Packet.
@@ -119,8 +119,7 @@ public:
 	 * Interprets the Layer 3 of the packet as IP and returns a
 	 * correspondign object.
 	 */
-	const IP_Hdr IP() const
+	const IP_Hdr IP() const;
-		{ return IP_Hdr((struct ip *) (data + hdr_size), false); }
 
 	/**
 	 * Returns a \c raw_pkt_hdr RecordVal, which includes layer 2 and

src/zeekygen/IdentifierInfo.cc

@@ -180,3 +180,8 @@ IdentifierInfo::Redefinition::~Redefinition()
 	{
 	Unref(init_expr);
 	}
+
+IdentifierInfo::RecordField::~RecordField()
+	{
+	delete field;
+	}

src/zeekygen/IdentifierInfo.h

@@ -4,7 +4,6 @@
 
 #include "Info.h"
 #include "ID.h"
-#include "Type.h"
 
 #include <string>
 #include <vector>
@@ -167,8 +166,7 @@ private:
 	std::string DoReStructuredText(bool roles_only) const override;
 
 	struct RecordField {
-		~RecordField()
+		~RecordField();
-			{ delete field; }
 
 		TypeDecl* field;
 		std::string from_script;