Prefer explicit construction to coercion in record initialization

While we support initializing records via coercion from an expression list, e.g., local x: X = [$x1=1, $x2=2]; this can sometimes obscure the code to readers, e.g., when assigning to value declared and typed elsewhere. The language runtime has a similar overhead since instead of just constructing a known type it needs to check at runtime that the coercion from the expression list is valid; this can be slower than just writing the readible code in the first place, see #4559. With this patch we use explicit construction, e.g., local x = X($x1=1, $x2=2);
2025-10-13 03:58:20 +00:00 · 2025-07-10 09:42:44 +02:00 · 2025-07-10 09:42:44 +02:00 · d5fd29edcd
commit d5fd29edcd
parent 54f9e45597
139 changed files with 786 additions and 788 deletions
--- a/scripts/policy/misc/detect-traceroute/main.zeek
+++ b/scripts/policy/misc/detect-traceroute/main.zeek
@ -57,35 +57,35 @@ export {

 event zeek_init() &priority=5
 	{
-	Log::create_stream(Traceroute::LOG, [$columns=Info, $ev=log_traceroute, $path="traceroute", $policy=log_policy]);
+	Log::create_stream(Traceroute::LOG, Log::Stream($columns=Info, $ev=log_traceroute, $path="traceroute", $policy=log_policy));

-	local r1: SumStats::Reducer = [$stream="traceroute.time_exceeded", $apply=set(SumStats::UNIQUE)];
-	local r2: SumStats::Reducer = [$stream="traceroute.low_ttl_packet", $apply=set(SumStats::SUM)];
-	SumStats::create([$name="traceroute-detection",
-	                  $epoch=icmp_time_exceeded_interval,
-	                  $reducers=set(r1, r2),
-	                  $threshold_val(key: SumStats::Key, result: SumStats::Result) =
-	                  	{
-	                  	# Give a threshold value of zero depending on if the host
-	                  	# sends a low ttl packet.
-	                  	if ( require_low_ttl_packets && result["traceroute.low_ttl_packet"]$sum == 0 )
-	                  		return 0.0;
-	                  	else
-	                  		return result["traceroute.time_exceeded"]$unique+0;
-	                  	},
-	                  $threshold=icmp_time_exceeded_threshold,
-	                  $threshold_crossed(key: SumStats::Key, result: SumStats::Result) =
-	                  	{
-	                  	local parts = split_string_n(key$str, /-/, F, 2);
-	                  	local src = to_addr(parts[0]);
-	                  	local dst = to_addr(parts[1]);
-	                  	local proto = parts[2];
-	                  	Log::write(LOG, [$ts=network_time(), $src=src, $dst=dst, $proto=proto]);
-	                  	NOTICE([$note=Traceroute::Detected,
-	                  	        $msg=fmt("%s seems to be running traceroute using %s", src, proto),
-	                  	        $src=src,
-	                  	        $identifier=cat(src,proto)]);
-	                  	}]);
+	local r1 = SumStats::Reducer($stream="traceroute.time_exceeded", $apply=set(SumStats::UNIQUE));
+	local r2 = SumStats::Reducer($stream="traceroute.low_ttl_packet", $apply=set(SumStats::SUM));
+	SumStats::create(SumStats::SumStat($name="traceroute-detection",
+		$epoch=icmp_time_exceeded_interval,
+		$reducers=set(r1, r2),
+		$threshold_val(key: SumStats::Key, result: SumStats::Result) =
+			{
+			# Give a threshold value of zero depending on if the host
+			# sends a low ttl packet.
+			if ( require_low_ttl_packets && result["traceroute.low_ttl_packet"]$sum == 0 )
+				return 0.0;
+			else
+				return result["traceroute.time_exceeded"]$unique+0;
+			},
+		$threshold=icmp_time_exceeded_threshold,
+		$threshold_crossed(key: SumStats::Key, result: SumStats::Result) =
+			{
+			local parts = split_string_n(key$str, /-/, F, 2);
+			local src = to_addr(parts[0]);
+			local dst = to_addr(parts[1]);
+			local proto = parts[2];
+			Log::write(LOG, Info($ts=network_time(), $src=src, $dst=dst, $proto=proto));
+			NOTICE(Notice::Info($note=Traceroute::Detected,
+			                    $msg=fmt("%s seems to be running traceroute using %s", src, proto),
+			                    $src=src,
+			                    $identifier=cat(src,proto)));
+			}));
 	}

 # Low TTL packets are detected with a signature.
@ -93,11 +93,11 @@ event signature_match(state: signature_state, msg: string, data: string)
 	{
 	if ( state$sig_id == /traceroute-detector.*/ )
 		{
-		SumStats::observe("traceroute.low_ttl_packet", [$str=cat(state$conn$id$orig_h,"-",state$conn$id$resp_h,"-",get_port_transport_proto(state$conn$id$resp_p))], [$num=1]);
+		SumStats::observe("traceroute.low_ttl_packet", SumStats::Key($str=cat(state$conn$id$orig_h,"-", state$conn$id$resp_h, "-", get_port_transport_proto(state$conn$id$resp_p))), SumStats::Observation($num=1));
 		}
 	}

 event icmp_time_exceeded(c: connection, info: icmp_info, code: count, context: icmp_context)
 	{
-	SumStats::observe("traceroute.time_exceeded", [$str=cat(context$id$orig_h,"-",context$id$resp_h,"-",get_port_transport_proto(context$id$resp_p))], [$str=cat(c$id$orig_h)]);
+	SumStats::observe("traceroute.time_exceeded", SumStats::Key($str=cat(context$id$orig_h,"-", context$id$resp_h, "-", get_port_transport_proto(context$id$resp_p))), SumStats::Observation($str=cat(c$id$orig_h)));
 	}