Merge remote-tracking branch 'origin/topic/awelzel/blank-identifer'

* origin/topic/awelzel/blank-identifer: scripts: Migrate table iteration to blank identifiers Introduce special treatment for the blank identifier _
2025-10-02 14:48:21 +00:00 · 2022-10-25 12:34:39 +02:00 · 2022-10-25 12:34:39 +02:00 · 9f3a234f40
commit 9f3a234f40
parent 92c758bd44 8c5896a74d
40 changed files with 391 additions and 68 deletions
--- a/26
+++ b/26
@ -1,3 +1,29 @@
+5.2.0-dev.140 | 2022-10-25 12:34:39 +0200
+
+  * scripts: Migrate table iteration to blank identifiers (Arne Welzel, Corelight)
+
+  * Introduce special treatment for the blank identifier _ (Arne Welzel, Corelight)
+
+    Mostly: Do not instantiate variables within for loops and allow
+    reusing differently typed blanks which previously wasn't possible.
+
+  * Management framework: bump zeek-client and cluster testsuite (Christian Kreibich, Corelight)
+
+  * Add new zeek-client dependency to Dockerfile: python3-websocket (Christian Kreibich, Corelight)
+
+    This is a required dependency of zeek-client, and available as a .deb on Debian.
+
+  * Management framework: add websocket support to controller (Christian Kreibich, Corelight)
+
+    The controller now listens on an additional port, defaulting to 2149, for Broker
+    connections via websockets. Configuration works as for the existing traditional
+    Broker port (2150), via ZEEK_CONTROLLER_WEBSOCKET_ADDR and
+    ZEEK_CONTROLLER_WEBSOCKET_PORT environment variables, as well as corresponding
+    redef'able constants.
+
+    To disable the websockets feature, leave ZEEK_CONTROLLER_WEBSOCKET_PORT unset
+    and redefine Management::Controller::default_port_websocket to 0/unknown.
+
 5.2.0-dev.134 | 2022-10-24 08:10:06 -0700

  * Re-enable ci-based benchmarking (Tim Wojtulewicz, Corelight)
--- a/31
+++ b/31
@ -17,6 +17,9 @@ Breaking Changes
  clusters running on FreeBSD, as that OS uses a different range for ephemeral
  ports.

+- The blank identifier ``_`` cannot be used in expressions and options anymore.
+  Outside of obfuscation exercises, this should have little real-world impact.
+
 New Functionality
 -----------------

@ -39,6 +42,34 @@ New Functionality
  been extended to work for packet and file analyzers. This now allows to
  leverage ``Analyzer::disabled_analyzers`` for these kinds of analyzers.

+- The blank identifier ``_`` can now be used to ignore loop variables of
+  different types without type clash errors. This allows to do the following
+  within the same scope:
+
+	local vec = vector("a", "b", "c");
+	for ( _, v in vec )
+		print v;
+
+	for ( i, _ in vec )
+		print v;
+
+  Iterating over only the values of a table can be done by ignoring the full
+  index with a single blank identifier. Due to the internal structure of Zeek
+  tables, this can result in a performance improvement.
+
+	local tab = table(["a", 1, T] = "a1T", ["b", 2, F] = "b2f");
+	for ( _, v in tab )
+		print v;
+
+  It's also possible ignore individual indices of different types with the
+  blank identifier ``_`` as follows:
+
+	for ( [_, i, _], v in tab )
+		print i, v;
+
+  As noted under breaking changes, the blank identifier ``_`` cannot be
+  referenced in expression anymore.
+
 Changed Functionality
 ---------------------

--- a/2
+++ b/2
@ -1 +1 @@
-5.2.0-dev.134
+5.2.0-dev.140
--- a/scripts/base/frameworks/cluster/pools.zeek
+++ b/scripts/base/frameworks/cluster/pools.zeek
@ -246,7 +246,7 @@ event Cluster::node_down(name: string, id: string) &priority=10

 function site_id_in_pool(pool: Pool, site_id: count): bool
 	{
-	for ( i, pn in pool$nodes )
+	for ( _, pn in pool$nodes )
 		{
 		if ( pn$site_id == site_id )
 			return T;
--- a/scripts/base/frameworks/intel/files.zeek
+++ b/scripts/base/frameworks/intel/files.zeek
@ -53,7 +53,7 @@ hook extend_match(info: Info, s: Seen, items: set[Item]) &priority=6

 		if ( s$f?$conns && |s$f$conns| == 1 )
 			{
-			for ( cid, c in s$f$conns )
+			for ( _, c in s$f$conns )
 				s$conn = c;
 			}

--- a/scripts/base/frameworks/intel/main.zeek
+++ b/scripts/base/frameworks/intel/main.zeek
@ -246,7 +246,7 @@ function expire_host_data(data: table[addr] of MetaDataTable, idx: addr): interv
 	{
 	local meta_tbl: MetaDataTable = data[idx];
 	local metas: set[MetaData];
-	for ( src, md in meta_tbl )
+	for ( _, md in meta_tbl )
 		add metas[md];

 	return expire_item(cat(idx), ADDR, metas);
@ -256,7 +256,7 @@ function expire_subnet_data(data: table[subnet] of MetaDataTable, idx: subnet):
 	{
 	local meta_tbl: MetaDataTable = data[idx];
 	local metas: set[MetaData];
-	for ( src, md in meta_tbl )
+	for ( _, md in meta_tbl )
 		add metas[md];

 	return expire_item(cat(idx), SUBNET, metas);
@ -270,7 +270,7 @@ function expire_string_data(data: table[string, Type] of MetaDataTable, idx: any

 	local meta_tbl: MetaDataTable = data[indicator, indicator_type];
 	local metas: set[MetaData];
-	for ( src, md in meta_tbl )
+	for ( _, md in meta_tbl )
 		add metas[md];

 	return expire_item(indicator, indicator_type, metas);
@ -317,7 +317,7 @@ function get_items(s: Seen): set[Item]
 		if ( s$host in data_store$host_data )
 			{
 			mt = data_store$host_data[s$host];
-			for ( m, md in mt )
+			for ( _, md in mt )
 				{
 				add return_data[Item($indicator=cat(s$host), $indicator_type=ADDR, $meta=md)];
 				}
@ -327,7 +327,7 @@ function get_items(s: Seen): set[Item]
 		nets = filter_subnet_table(addr_to_subnet(s$host), data_store$subnet_data);
 		for ( n, mt in nets )
 			{
-				for ( m, md in mt )
+				for ( _, md in mt )
 					{
 					add return_data[Item($indicator=cat(n), $indicator_type=SUBNET, $meta=md)];
 					}
--- a/scripts/base/frameworks/packet-filter/main.zeek
+++ b/scripts/base/frameworks/packet-filter/main.zeek
@ -240,7 +240,7 @@ function build(): string
 	if ( |capture_filters| == 0 && ! enable_auto_protocol_capture_filters )
 		cfilter = default_capture_filter;

-	for ( id, cf in capture_filters )
+	for ( _, cf in capture_filters )
 		cfilter = combine_filters(cfilter, "or", cf);

 	if ( enable_auto_protocol_capture_filters )
@ -248,11 +248,11 @@ function build(): string

 	# Apply the restriction filters.
 	local rfilter = "";
-	for ( id, rf in restrict_filters )
+	for ( _, rf in restrict_filters )
 		rfilter = combine_filters(rfilter, "and", rf);

 	# Apply the dynamic restriction filters.
-	for ( filt, drf in dynamic_restrict_filters )
+	for ( _, drf in dynamic_restrict_filters )
 		rfilter = combine_filters(rfilter, "and", string_cat("not (", drf, ")"));

 	# Finally, join them into one filter.
--- a/scripts/base/protocols/dce-rpc/main.zeek
+++ b/scripts/base/protocols/dce-rpc/main.zeek
@ -222,7 +222,7 @@ hook finalize_dce_rpc(c: connection)
 		return;

 	# TODO: Go through any remaining dce_rpc requests that haven't been processed with replies.
-	for ( i, x in c$dce_rpc_backing )
+	for ( _, x in c$dce_rpc_backing )
 		{
 		set_state(c, x);

--- a/scripts/base/protocols/dns/main.zeek
+++ b/scripts/base/protocols/dns/main.zeek
@ -191,7 +191,7 @@ function log_unmatched_msgs_queue(q: Queue::Queue)

 function log_unmatched_msgs(msgs: PendingMessages)
 	{
-	for ( trans_id, q in msgs )
+	for ( _, q in msgs )
 		{
 		log_unmatched_msgs_queue(q);
 		}
--- a/scripts/base/protocols/ftp/files.zeek
+++ b/scripts/base/protocols/ftp/files.zeek
@ -37,7 +37,7 @@ function describe_file(f: fa_file): string
 	if ( f$source != "FTP" )
 		return "";

-	for ( cid, c in f$conns )
+	for ( _, c in f$conns )
 		{
 		if ( c?$ftp )
 			return FTP::describe(c$ftp);
--- a/scripts/base/protocols/ftp/main.zeek
+++ b/scripts/base/protocols/ftp/main.zeek
@ -369,7 +369,7 @@ hook finalize_ftp(c: connection)
 	{
 	if ( ! c?$ftp ) return;

-	for ( ca, cmdarg in c$ftp$pending_commands )
+	for ( _, cmdarg in c$ftp$pending_commands )
 		{
 		c$ftp$cmdarg = cmdarg;
 		ftp_message(c$ftp);
--- a/scripts/base/protocols/http/files.zeek
+++ b/scripts/base/protocols/http/files.zeek
@ -40,7 +40,7 @@ function describe_file(f: fa_file): string
 	if ( f$source != "HTTP" )
 		return "";

-	for ( cid, c in f$conns )
+	for ( _, c in f$conns )
 		{
 		if ( c?$http )
 			return build_url_http(c$http);
--- a/scripts/base/protocols/krb/files.zeek
+++ b/scripts/base/protocols/krb/files.zeek
@ -48,7 +48,7 @@ function describe_file(f: fa_file): string
 	# are already populated).
 	#
 	# Just return a bit of our connection information and hope that that is good enough.
-	for ( cid, c in f$conns )
+	for ( _, c in f$conns )
 		{
 		if ( c?$krb )
 			{
--- a/scripts/base/protocols/smb/files.zeek
+++ b/scripts/base/protocols/smb/files.zeek
@ -39,7 +39,7 @@ function describe_file(f: fa_file): string
 	if ( f$source != "SMB" )
 		return "";

-	for ( cid, c in f$conns )
+	for ( _, c in f$conns )
 		{
 		if ( c?$smb_state && c$smb_state?$current_file && c$smb_state$current_file?$name )
 			return c$smb_state$current_file$name;
--- a/scripts/base/protocols/smb/main.zeek
+++ b/scripts/base/protocols/smb/main.zeek
@ -241,7 +241,7 @@ event file_state_remove(f: fa_file) &priority=-5
 	if ( f$source != "SMB" )
 		return;

-	for ( id, c in f$conns )
+	for ( _, c in f$conns )
 		{
 		if ( c?$smb_state && c$smb_state?$current_file)
 			{
--- a/scripts/base/protocols/smtp/files.zeek
+++ b/scripts/base/protocols/smtp/files.zeek
@ -31,7 +31,7 @@ function describe_file(f: fa_file): string
 	if ( f$source != "SMTP" )
 		return "";

-	for ( cid, c in f$conns )
+	for ( _, c in f$conns )
 		{
 		return SMTP::describe(c$smtp);
 		}
--- a/scripts/base/protocols/ssl/files.zeek
+++ b/scripts/base/protocols/ssl/files.zeek
@ -81,7 +81,7 @@ function describe_file(f: fa_file): string
 	# are already populated).
 	#
 	# Just return a bit of our connection information and hope that that is good enough.
-	for ( cid, c in f$conns )
+	for ( _, c in f$conns )
 		{
 		if ( c?$ssl )
 			{
@ -138,7 +138,7 @@ event file_sniff(f: fa_file, meta: fa_metadata) &priority=5

 	local c: connection &is_assigned;	# to help static analysis

-	for ( cid, c in f$conns )
+	for ( _, c in f$conns )
 		{
 		if ( ! c?$ssl )
 			return;
--- a/scripts/policy/protocols/smtp/entities-excerpt.zeek
+++ b/scripts/policy/protocols/smtp/entities-excerpt.zeek
@ -24,7 +24,7 @@ event file_new(f: fa_file) &priority=5
 	if ( ! f?$bof_buffer ) return;
 	if ( ! f?$conns ) return;

-	for ( cid, c in f$conns )
+	for ( _, c in f$conns )
 		{
 		if ( ! c?$smtp ) next;

--- a/scripts/policy/protocols/ssl/validate-sct.zeek
+++ b/scripts/policy/protocols/ssl/validate-sct.zeek
@ -97,7 +97,7 @@ event x509_ocsp_ext_signed_certificate_timestamp(f: fa_file, version: count, log

 	local c: connection &is_assigned;

-	for ( cid, c in f$conns )
+	for ( _, c in f$conns )
 		{
 		if ( ! c?$ssl )
 			return;
--- a/src/ID.cc
+++ b/src/ID.cc
@ -114,11 +114,15 @@ ID::ID(const char* arg_name, IDScope arg_scope, bool arg_is_export)
 	scope = arg_scope;
 	is_export = arg_is_export;
 	is_option = false;
+	is_blank = name && extract_var_name(name) == "_";
 	is_const = false;
 	is_enum_const = false;
 	is_type = false;
 	offset = 0;

+	if ( is_blank )
+		SetType(base_type(TYPE_ANY));
+
 	opt_info = new IDOptInfo(this);

 	infer_return_type = false;
--- a/src/ID.h
+++ b/src/ID.h
@ -105,6 +105,7 @@ public:

 	void SetOption();
 	bool IsOption() const { return is_option; }
+	bool IsBlank() const { return is_blank; };

 	void SetEnumConst() { is_enum_const = true; }
 	bool IsEnumConst() const { return is_enum_const; }
@ -162,7 +163,7 @@ protected:
 	bool is_export;
 	bool infer_return_type;
 	TypePtr type;
-	bool is_const, is_enum_const, is_type, is_option;
+	bool is_const, is_enum_const, is_type, is_option, is_blank;
 	int offset;
 	ValPtr val;
 	AttributesPtr attrs;
--- a/src/Stmt.cc
+++ b/src/Stmt.cc
@ -1221,7 +1221,17 @@ ForStmt::ForStmt(IDPList* arg_loop_vars, ExprPtr loop_expr)
 		{
 		const auto& indices = e->GetType()->AsTableType()->GetIndexTypes();

-		if ( static_cast<int>(indices.size()) != loop_vars->length() )
+		if ( loop_vars->length() == 1 && (*loop_vars)[0]->IsBlank() )
+			{
+			// Special case support for looping with a single loop_var
+			// ignoring the full index of a table.
+			//
+			//     for ( _, value )
+			//         ...
+			//
+			return;
+			}
+		else if ( static_cast<int>(indices.size()) != loop_vars->length() )
 			{
 			e->Error("wrong index size");
 			return;
@ -1233,7 +1243,10 @@ ForStmt::ForStmt(IDPList* arg_loop_vars, ExprPtr loop_expr)
 			const auto& lv = (*loop_vars)[i];
 			const auto& lvt = lv->GetType();

-			if ( lvt )
+			if ( lv->IsBlank() )
+				continue;
+
+			else if ( lvt )
 				{
 				if ( ! same_type(lvt, ind_type) )
 					lvt->Error("type clash in iteration", ind_type.get());
@ -1254,11 +1267,16 @@ ForStmt::ForStmt(IDPList* arg_loop_vars, ExprPtr loop_expr)
 			return;
 			}

-		const auto& t = (*loop_vars)[0]->GetType();
+		const auto& lv = (*loop_vars)[0];
+		const auto& t = lv->GetType();

-		if ( ! t )
-			add_local({NewRef{}, (*loop_vars)[0]}, base_type(TYPE_COUNT), INIT_NONE, nullptr,
-			          nullptr, VAR_REGULAR);
+		if ( lv->IsBlank() )
+			{
+			// nop
+			}
+		else if ( ! t )
+			add_local({NewRef{}, lv}, base_type(TYPE_COUNT), INIT_NONE, nullptr, nullptr,
+			          VAR_REGULAR);

 		else if ( ! IsIntegral(t->Tag()) )
 			{
@ -1275,9 +1293,14 @@ ForStmt::ForStmt(IDPList* arg_loop_vars, ExprPtr loop_expr)
 			return;
 			}

-		const auto& t = (*loop_vars)[0]->GetType();
+		const auto& lv = (*loop_vars)[0];
+		const auto& t = lv->GetType();

-		if ( ! t )
+		if ( lv->IsBlank() )
+			{
+			// nop
+			}
+		else if ( ! t )
 			add_local({NewRef{}, (*loop_vars)[0]}, base_type(TYPE_STRING), INIT_NONE, nullptr,
 			          nullptr, VAR_REGULAR);

@ -1312,7 +1335,10 @@ ForStmt::ForStmt(IDPList* arg_loop_vars, ExprPtr loop_expr, IDPtr val_var)
 		}

 	// Verify value_vars type if it's already been defined
-	if ( value_var->GetType() )
+	if ( value_var->IsBlank() )
+		value_var = ID::nil;
+
+	else if ( value_var->GetType() )
 		{
 		if ( ! same_type(value_var->GetType(), yield_type) )
 			value_var->GetType()->Error("type clash in iteration", yield_type.get());
@ -1340,17 +1366,30 @@ ValPtr ForStmt::DoExec(Frame* f, Val* v, StmtFlowType& flow)
 		if ( ! loop_vals->Length() )
 			return nullptr;

+		// If there are only blank loop_vars (iterating over just the values),
+		// we can avoid the RecreateIndex() overhead.
+		bool all_loop_vars_blank = true;
+		for ( const auto* lv : *loop_vars )
+			all_loop_vars_blank &= lv->IsBlank();
+
 		for ( const auto& lve : *loop_vals )
 			{
 			auto k = lve.GetHashKey();
 			auto* current_tev = lve.value;
-			auto ind_lv = tv->RecreateIndex(*k);

 			if ( value_var )
 				f->SetElement(value_var, current_tev->GetVal());

-			for ( int i = 0; i < ind_lv->Length(); i++ )
-				f->SetElement((*loop_vars)[i], ind_lv->Idx(i));
+			if ( ! all_loop_vars_blank )
+				{
+				auto ind_lv = tv->RecreateIndex(*k);
+				for ( int i = 0; i < ind_lv->Length(); i++ )
+					{
+					const auto* lv = (*loop_vars)[i];
+					if ( ! lv->IsBlank() )
+						f->SetElement(lv, ind_lv->Idx(i));
+					}
+				}

 			flow = FLOW_NEXT;
 			ret = body->Exec(f, flow);
@ -1375,7 +1414,10 @@ ValPtr ForStmt::DoExec(Frame* f, Val* v, StmtFlowType& flow)
 			if ( value_var )
 				f->SetElement(value_var, vv->ValAt(i));

-			f->SetElement((*loop_vars)[0], val_mgr->Count(i));
+			const auto* lv = (*loop_vars)[0];
+			if ( ! lv->IsBlank() )
+				f->SetElement(lv, val_mgr->Count(i));
+
 			flow = FLOW_NEXT;
 			ret = body->Exec(f, flow);

--- a/src/Var.cc
+++ b/src/Var.cc
@ -209,7 +209,7 @@ static void make_var(const IDPtr& id, TypePtr t, InitClass c, ExprPtr init,
 		init = expand_op(cast_intrusive<ListExpr>(init), init_t);
 		}

-	if ( id->GetType() )
+	if ( id->GetType() && ! id->IsBlank() )
 		{
 		if ( id->IsRedefinable() || (! init && attr && ! IsFunc(id->GetType()->Tag())) )
 			{
@ -247,7 +247,7 @@ static void make_var(const IDPtr& id, TypePtr t, InitClass c, ExprPtr init,
 			t = id->GetType();
 		}

-	if ( id->GetType() && id->GetType()->Tag() != TYPE_ERROR )
+	if ( id->GetType() && id->GetType()->Tag() != TYPE_ERROR && ! id->IsBlank() )
 		{
 		if ( dt != VAR_REDEF && (! init || ! do_init || (! t && ! (t = init_type(init)))) )
 			{
--- a/src/parse.y
+++ b/src/parse.y
@ -915,7 +915,12 @@ expr:
 				if ( id->IsDeprecated() )
 					reporter->Warning("%s", id->GetDeprecationWarning().c_str());

-				if ( ! id->GetType() )
+				if ( id->IsBlank() )
+					{
+					$$ = new NameExpr(std::move(id));
+					$$->SetError("blank identifier used in expression");
+					}
+				else if ( ! id->GetType() )
 					{
 					id->Error("undeclared variable");
 					id->SetType(error_type());
@ -1330,7 +1335,10 @@ decl:

 	|	TOK_OPTION def_global_id opt_type init_class opt_init opt_attr ';'
 			{
-			build_global($2, $3, $4, $5, $6, VAR_OPTION);
+			if ( $2->IsBlank() )
+				$2->Error("blank identifier used as option");
+			else
+				build_global($2, $3, $4, $5, $6, VAR_OPTION);
 			}

 	|	TOK_CONST def_global_id opt_type init_class opt_init opt_attr ';'
@ -1873,6 +1881,7 @@ stmt:
 	|	TOK_CONST local_id opt_type init_class opt_init opt_attr ';' opt_no_test
 			{
 			set_location(@1, @6);
+
 			$$ = build_local($2, $3, $4, $5, $6, VAR_CONST, ! $8).release();
 			}

@ -2093,10 +2102,10 @@ local_id:

 			if ( $$ )
 				{
-				if ( $$->IsGlobal() )
+				if ( $$->IsGlobal() && ! $$->IsBlank() )
 					$$->Error("already a global identifier");

-				if ( $$->IsConst() )
+				if ( $$->IsConst() && ! $$->IsBlank() )
 					$$->Error("already a const identifier");

 				delete [] $1;
--- a/testing/btest/Baseline/language.blank-expr-errors-2/.stderr
+++ b/testing/btest/Baseline/language.blank-expr-errors-2/.stderr
@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error in <...>/blank-expr-errors.zeek, line 4: blank identifier used in expression (_)
--- a/testing/btest/Baseline/language.blank-expr-errors-3/.stderr
+++ b/testing/btest/Baseline/language.blank-expr-errors-3/.stderr
@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error in <...>/blank-expr-errors.zeek, line 6: blank identifier used in expression (MyModule::_)
--- a/testing/btest/Baseline/language.blank-expr-errors-4/.stderr
+++ b/testing/btest/Baseline/language.blank-expr-errors-4/.stderr
@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error in <...>/blank-expr-errors.zeek, line 11: blank identifier used in expression (MyModule::_)
--- a/testing/btest/Baseline/language.blank-expr-errors-5/.stderr
+++ b/testing/btest/Baseline/language.blank-expr-errors-5/.stderr
@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error in <...>/blank-expr-errors.zeek, line 6: blank identifier used in expression (MyModule::_)
--- a/testing/btest/Baseline/language.blank-expr-errors/.stderr
+++ b/testing/btest/Baseline/language.blank-expr-errors/.stderr
@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error in <...>/blank-expr-errors.zeek, line 9: blank identifier used in expression (_)
--- a/testing/btest/Baseline/language.blank-for/output
+++ b/testing/btest/Baseline/language.blank-for/output
@ -0,0 +1,31 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+== vec 1
+a
+b
+c
+== vec 2
+idxsum(vec), 3
+== vec 3
+veclen(vec), 3
+== t1 1
+c
+b
+a
+== t1 2
+keyc
+keyb
+keya
+== t1 3
+t1len, 3
+== t2 1
+1, a1a
+3, c3c
+2, b2b
+== t2 2
+a, T
+c, T
+b, F
+== t2 3
+t2concat, a1ac3cb2b
+== s
+strlen(s), 10
--- a/testing/btest/Baseline/language.blank-local-2/.stderr
+++ b/testing/btest/Baseline/language.blank-local-2/.stderr
@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
--- a/testing/btest/Baseline/language.blank-local-3/.stderr
+++ b/testing/btest/Baseline/language.blank-local-3/.stderr
@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
--- a/testing/btest/Baseline/language.blank-local-4/.stderr
+++ b/testing/btest/Baseline/language.blank-local-4/.stderr
@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
--- a/testing/btest/Baseline/language.blank-local/.stderr
+++ b/testing/btest/Baseline/language.blank-local/.stderr
@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
--- a/testing/btest/Baseline/language.blank-option-error/.stderr
+++ b/testing/btest/Baseline/language.blank-option-error/.stderr
@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+error in <...>/blank-option-error.zeek, line 9: blank identifier used as option (MyModule::_)
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@ -179,15 +179,15 @@
 0.000000   MetaHookPost  CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_X509, application/x-x509-ca-cert)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_X509, application/x-x509-user-cert)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Files::register_for_mime_types, <frame>, (Files::ANALYZER_PE, {application/x-dosexec})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ <init> FTP::cid, FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ <init> HTTP::cid, HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::_] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ <init> FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::_] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ <init> HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::_] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=lambda_<15770440363500096069>{ return ()}])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified_raw : 0)return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ <init> SMB::cid, SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::cid] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ <init> SMTP::cid, SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::_] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::_] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified_raw : 0)return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ <init> SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::_] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ <init> SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::_] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::_] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(FilteredTraceDetection::should_detect, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=broker, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=cluster, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
@ -1694,15 +1694,15 @@
 0.000000   MetaHookPre   CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_X509, application/x-x509-ca-cert))
 0.000000   MetaHookPre   CallFunction(Files::register_for_mime_type, <frame>, (Files::ANALYZER_X509, application/x-x509-user-cert))
 0.000000   MetaHookPre   CallFunction(Files::register_for_mime_types, <frame>, (Files::ANALYZER_PE, {application/x-dosexec}))
-0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}]))
-0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ <init> FTP::cid, FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}]))
-0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ <init> HTTP::cid, HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::_] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ <init> FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::_] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ <init> HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::_] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}]))
 0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=lambda_<15770440363500096069>{ return ()}]))
-0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}]))
-0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}]))
-0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified_raw : 0)return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ <init> SMB::cid, SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::cid] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}]))
-0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ <init> SMTP::cid, SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}]))
-0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::_] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::_] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified_raw : 0)return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ <init> SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::_] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ <init> SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::_] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}]))
+0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::_] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}]))
 0.000000   MetaHookPre   CallFunction(FilteredTraceDetection::should_detect, <null>, ())
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=broker, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=cluster, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
@ -3208,15 +3208,15 @@
 0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_X509, application/x-x509-ca-cert)
 0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_X509, application/x-x509-user-cert)
 0.000000 | HookCallFunction Files::register_for_mime_types(Files::ANALYZER_PE, {application/x-dosexec})
-0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])
-0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ <init> FTP::cid, FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}])
-0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ <init> HTTP::cid, HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}])
+0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::_] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])
+0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ <init> FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::_] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}])
+0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ <init> HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::_] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}])
 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=lambda_<15770440363500096069>{ return ()}])
-0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}])
-0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}])
-0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified_raw : 0)return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ <init> SMB::cid, SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::cid] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}])
-0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ <init> SMTP::cid, SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}])
-0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])
+0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::_] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}])
+0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ <init> KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::_] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial,  Subject: , KRB::f$info$x509$certificate$subject,  Issuer: , KRB::f$info$x509$certificate$issuer))}}])
+0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified_raw : 0)return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ <init> SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::_] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}])
+0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ <init> SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::_] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}])
+0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::_] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])
 0.000000 | HookCallFunction FilteredTraceDetection::should_detect()
 0.000000 | HookCallFunction Log::__add_filter(Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=broker, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=cluster, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
--- a/testing/btest/language/blank-expr-errors.zeek
+++ b/testing/btest/language/blank-expr-errors.zeek
@ -0,0 +1,54 @@
+# @TEST-DOC: Do not allow to reference the blank identifier.
+
+# @TEST-EXEC-FAIL: zeek -b %INPUT
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
+event zeek_init()
+	{
+	local vec = vector( "1", "2", "3" );
+	for ( _, v in vec )
+		print _;
+	}
+
+@TEST-START-NEXT
+event zeek_init()
+	{
+	local _ = vector( "1", "2", "3" );
+	print _;
+	}
+
+@TEST-START-NEXT
+# Ensure it does not work in a module, either.
+module MyModule;
+event zeek_init()
+	{
+	local _ = vector( "1", "2", "3" );
+	print _;
+	}
+
+@TEST-START-NEXT
+# Ensure _ can not referenced when it's a const in an export section.
+# Adding the const _ isn't an error though.
+module MyModule;
+
+export {
+	const _: count = 1;
+}
+
+event zeek_init()
+	{
+	print MyModule::_;
+	}
+
+@TEST-START-NEXT
+# Ensure it does not work in a function.
+module MyModule;
+function helper()
+	{
+	local _ = vector( "1", "2", "3" );
+	print _;
+	}
+
+event zeek_init()
+	{
+	helper();
+	}
--- a/testing/btest/language/blank-for.zeek
+++ b/testing/btest/language/blank-for.zeek
@ -0,0 +1,70 @@
+# @TEST-DOC: Some blank identifier tests iterating over vectors, tables and strings.
+# @TEST-EXEC: zeek -b %INPUT > output
+# @TEST-EXEC: btest-diff output
+event zeek_init()
+	{
+	local vec = vector("a", "b", "c");
+	local t1 = table(["keya"] = "a", ["keyb"] = "b", ["keyc"] = "c");
+	local t2 = table(["a",1,T] = "a1a", ["b",2,F] = "b2b", ["c",3,T] = "c3c");
+	local s = "the string";
+
+	# Ignore just the index.
+	print "== vec 1";
+	for ( _, v in vec )
+		print v;
+
+	# Ignore just the value.
+	print "== vec 2";
+	local idxsum = 0;
+	for ( idx, _ in vec )
+		idxsum += idx;
+	print "idxsum(vec)", idxsum;
+
+	# Ignore index and value
+	print "== vec 3";
+	local veclen = 0;
+	for ( _, _ in vec )
+		++veclen;
+	print "veclen(vec)", veclen;
+
+	# Ignore just the key
+	print "== t1 1";
+	for ( _, v in t1 )
+		print v;
+
+	# Ignore just the value
+	print "== t1 2";
+	for ( k, _ in t1 )
+		print k;
+
+	# Ignore index and value
+	local t1len = 0;
+	print "== t1 3";
+	for ( _, _ in t1 )
+		++t1len;
+	print "t1len", t1len;
+
+	# Ignore part of the index and the value.
+	print "== t2 1";
+	for ( [_,c,_], v in t2 )
+		print c, v;
+
+	# Ignore part of the index and the value.
+	print "== t2 2";
+	for ( [t2a,_,t2b], _ in t2 )
+		print t2a, t2b;
+
+	# Ignore the whole index with a single _
+	print "== t2 3";
+	local t2concat = "";
+	for ( _, v in t2 )
+		t2concat += v;
+	print "t2concat", t2concat;
+
+	# String iteration ignoring the value
+	print "== s";
+	local i = 0;
+	for ( _ in s )
+		++i;
+	print "strlen(s)", i;
+	}
--- a/testing/btest/language/blank-local.zeek
+++ b/testing/btest/language/blank-local.zeek
@ -0,0 +1,29 @@
+# @TEST-DOC: Locals work with the blank identifier, but can not be referenced.
+
+# @TEST-EXEC: zeek -b %INPUT
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
+event zeek_init()
+	{
+	local _ = "1";
+	}
+
+#@TEST-START-NEXT
+event zeek_init()
+	{
+	local _: string = "1";
+	local _: count = 1;
+	}
+
+#@TEST-START-NEXT
+event zeek_init()
+	{
+	local _: string = "1";
+	const _: count = 1;
+	}
+
+#@TEST-START-NEXT
+event zeek_init()
+	{
+	const _: string = "1";
+	const _: count = 1;
+	}
--- a/testing/btest/language/blank-option-error.zeek
+++ b/testing/btest/language/blank-option-error.zeek
@ -0,0 +1,10 @@
+# @TEST-DOC: Do not allow blank options.
+
+# @TEST-EXEC-FAIL: zeek -b %INPUT
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
+
+module MyModule;
+
+export {
+	option _: count = 42;
+}
				`@ -0,0 +1 @@`
				`### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.`