Deprecate RecordVal::Assign(int, Val*)

And adapt all usages to the existing overload taking IntrusivePtr.

src/file_analysis/File.cc

@@ -21,13 +21,13 @@
 
 using namespace file_analysis;
 
-static Val* empty_connection_table()
+static IntrusivePtr<Val> empty_connection_table()
 	{
 	auto tbl_index = make_intrusive<TypeList>(zeek::id::conn_id);
 	tbl_index->Append(zeek::id::conn_id);
 	auto tbl_type = make_intrusive<TableType>(std::move(tbl_index),
 	                                          zeek::id::connection);
-	return new TableVal(std::move(tbl_type));
+	return make_intrusive<TableVal>(std::move(tbl_type));
 	}
 
 static IntrusivePtr<RecordVal> get_conn_id_val(const Connection* conn)
@@ -133,8 +133,9 @@ bool File::UpdateConnectionFields(Connection* conn, bool is_orig)
 
 	if ( ! conns )
 		{
-		conns = empty_connection_table();
-		val->Assign(conns_idx, conns);
+		auto ect = empty_connection_table();
+		conns = ect.get();
+		val->Assign(conns_idx, std::move(ect));
 		}
 
 	auto idx = get_conn_id_val(conn);
@@ -315,8 +316,8 @@ void File::InferMetadata()
 			return;
 
 		BroString* bs = concatenate(bof_buffer.chunks);
-		bof_buffer_val = new StringVal(bs);
-		val->Assign(bof_buffer_idx, bof_buffer_val);
+		val->Assign<StringVal>(bof_buffer_idx, bs);
+		bof_buffer_val = val->Lookup(bof_buffer_idx);
 		}
 
 	if ( ! FileEventAvailable(file_sniff) )
@@ -332,8 +333,8 @@ void File::InferMetadata()
 
 	if ( ! matches.empty() )
 		{
-		meta->Assign(meta_mime_type_idx,
-		             new StringVal(*(matches.begin()->second.begin())));
+		meta->Assign<StringVal>(meta_mime_type_idx,
+		                        *(matches.begin()->second.begin()));
 		meta->Assign(meta_mime_types_idx,
 		             file_analysis::GenMIMEMatchesVal(matches));
 		}

src/file_analysis/analyzer/pe/pe-analyzer.pac

@@ -5,38 +5,42 @@
 %}
 
 %header{
-VectorVal* process_rvas(const RVAS* rvas);
+IntrusivePtr<VectorVal> process_rvas(const RVAS* rvas);
+IntrusivePtr<TableVal> characteristics_to_bro(uint32_t c, uint8_t len);
 %}
 
 %code{
-VectorVal* process_rvas(const RVAS* rva_table)
+IntrusivePtr<VectorVal> process_rvas(const RVAS* rva_table)
 	{
 	auto rvas = make_intrusive<VectorVal>(zeek::id::index_vec);
 
 	for ( uint16 i=0; i < rva_table->rvas()->size(); ++i )
 		rvas->Assign(i, val_mgr->Count((*rva_table->rvas())[i]->size()));
 
-	return rvas.release();
+	return rvas;
+	}
+
+IntrusivePtr<TableVal> characteristics_to_bro(uint32_t c, uint8_t len)
+	{
+	uint64 mask = (len==16) ? 0xFFFF : 0xFFFFFFFF;
+	auto char_set = make_intrusive<TableVal>(zeek::id::count_set);
+
+	for ( uint16 i=0; i < len; ++i )
+		{
+		if ( ((c >> i) & 0x1) == 1 )
+			{
+			auto ch = val_mgr->Count((1<<i)&mask);
+			char_set->Assign(ch.get(), 0);
+			}
+		}
+
+	return char_set;
 	}
 %}
 
 
 refine flow File += {
 
-	function characteristics_to_bro(c: uint32, len: uint8): TableVal
-		%{
-		uint64 mask = (len==16) ? 0xFFFF : 0xFFFFFFFF;
-		TableVal* char_set = new TableVal(zeek::id::count_set);
-		for ( uint16 i=0; i < len; ++i )
-			{
-			if ( ((c >> i) & 0x1) == 1 )
-				{
-				auto ch = val_mgr->Count((1<<i)&mask);
-				char_set->Assign(ch.get(), 0);
-				}
-			}
-		return char_set;
-		%}
 
 	function proc_dos_header(h: DOS_Header): bool
 		%{

src/file_analysis/analyzer/unified2/unified2-analyzer.pac

@@ -7,9 +7,43 @@
 #include "IPAddr.h"
 %}
 
+%code{
+IntrusivePtr<AddrVal> binpac::Unified2::Flow::unified2_addr_to_bro_addr(std::vector<uint32_t>* a)
+	{
+	if ( a->size() == 1 )
+		{
+		return make_intrusive<AddrVal>(IPAddr(IPv4, &(a->at(0)), IPAddr::Host));
+		}
+	else if ( a->size() == 4 )
+		{
+		uint32 tmp[4] = { a->at(0), a->at(1), a->at(2), a->at(3) };
+		return make_intrusive<AddrVal>(IPAddr(IPv6, tmp, IPAddr::Host));
+		}
+	else
+		{
+		// Should never reach here.
+		return make_intrusive<AddrVal>(1);
+		}
+	}
+
+IntrusivePtr<Val> binpac::Unified2::Flow::to_port(uint16_t n, uint8_t p)
+	{
+	TransportProto proto = TRANSPORT_UNKNOWN;
+	switch ( p ) {
+	case 1: proto = TRANSPORT_ICMP; break;
+	case 6: proto = TRANSPORT_TCP; break;
+	case 17: proto = TRANSPORT_UDP; break;
+	}
+
+	return val_mgr->Port(n, proto);
+	}
+%}
+
 refine flow Flow += {
 
 	%member{
+		IntrusivePtr<AddrVal> unified2_addr_to_bro_addr(std::vector<uint32_t>* a);
+		IntrusivePtr<Val> to_port(uint16_t n, uint8_t p);
 	%}
 
 	%init{
@@ -27,35 +61,6 @@ refine flow Flow += {
 		return t;
 		%}
 
-	function unified2_addr_to_bro_addr(a: uint32[]): AddrVal
-		%{
-		if ( a->size() == 1 )
-			{
-			return new AddrVal(IPAddr(IPv4, &(a->at(0)), IPAddr::Host));
-			}
-		else if ( a->size() == 4 )
-			{
-			uint32 tmp[4] = { a->at(0), a->at(1), a->at(2), a->at(3) };
-			return new AddrVal(IPAddr(IPv6, tmp, IPAddr::Host));
-			}
-		else
-			{
-			// Should never reach here.
-			return new AddrVal(1);
-			}
-		%}
-
-	function to_port(n: uint16, p: uint8): Val
-		%{
-		TransportProto proto = TRANSPORT_UNKNOWN;
-		switch ( p ) {
-		case 1: proto = TRANSPORT_ICMP; break;
-		case 6: proto = TRANSPORT_TCP; break;
-		case 17: proto = TRANSPORT_UDP; break;
-		}
-
-		return val_mgr->Port(n, proto)->Ref();
-		%}
 
 	#function proc_record(rec: Record) : bool
 	#	%{

src/file_analysis/analyzer/x509/X509.cc

@@ -336,10 +336,10 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
 		return;
 		}
 
-	VectorVal* names = nullptr;
-	VectorVal* emails = nullptr;
-	VectorVal* uris = nullptr;
-	VectorVal* ips = nullptr;
+	IntrusivePtr<VectorVal> names;
+	IntrusivePtr<VectorVal> emails;
+	IntrusivePtr<VectorVal> uris;
+	IntrusivePtr<VectorVal> ips;
 
 	bool otherfields = false;
 
@@ -367,21 +367,21 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
 				{
 				case GEN_DNS:
 					if ( names == nullptr )
-						names = new VectorVal(zeek::id::string_vec);
+						names = make_intrusive<VectorVal>(zeek::id::string_vec);
 
 					names->Assign(names->Size(), bs);
 					break;
 
 				case GEN_URI:
 					if ( uris == nullptr )
-						uris = new VectorVal(zeek::id::string_vec);
+						uris = make_intrusive<VectorVal>(zeek::id::string_vec);
 
 					uris->Assign(uris->Size(), bs);
 					break;
 
 				case GEN_EMAIL:
 					if ( emails == nullptr )
-						emails = new VectorVal(zeek::id::string_vec);
+						emails = make_intrusive<VectorVal>(zeek::id::string_vec);
 
 					emails->Assign(emails->Size(), bs);
 					break;
@@ -391,7 +391,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
 		else if ( gen->type == GEN_IPADD )
 			{
 				if ( ips == nullptr )
-					ips = new VectorVal(zeek::id::find_type<VectorType>("addr_vec"));
+					ips = make_intrusive<VectorVal>(zeek::id::find_type<VectorType>("addr_vec"));
 
 				uint32_t* addr = (uint32_t*) gen->d.ip->data;
 
@@ -439,13 +439,13 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
 	GENERAL_NAMES_free(altname);
 	}
 
-StringVal* file_analysis::X509::KeyCurve(EVP_PKEY *key)
+IntrusivePtr<StringVal> file_analysis::X509::KeyCurve(EVP_PKEY* key)
 	{
-	assert(key != NULL);
+	assert(key != nullptr);
 
 #ifdef OPENSSL_NO_EC
 	// well, we do not have EC-Support...
-	return NULL;
+	return nullptr;
 #else
 	if ( EVP_PKEY_base_id(key) != EVP_PKEY_EC )
 		{
@@ -468,7 +468,7 @@ StringVal* file_analysis::X509::KeyCurve(EVP_PKEY *key)
 	if ( curve_name == nullptr )
 		return nullptr;
 
-	return new StringVal(curve_name);
+	return make_intrusive<StringVal>(curve_name);
 #endif
 	}
 

src/file_analysis/analyzer/x509/X509.h

@@ -136,7 +136,7 @@ private:
 	std::string cert_data;
 
 	// Helpers for ParseCertificate.
-	static StringVal* KeyCurve(EVP_PKEY *key);
+	static IntrusivePtr<StringVal> KeyCurve(EVP_PKEY* key);
 	static unsigned int KeyLength(EVP_PKEY *key);
 	/** X509 stores associated with global script-layer values */
 	inline static std::map<Val*, X509_STORE*> x509_stores = std::map<Val*, X509_STORE*>();

src/file_analysis/analyzer/x509/functions.bif

@@ -11,14 +11,14 @@
 #include <openssl/err.h>
 
 // construct an error record
-IntrusivePtr<RecordVal> x509_result_record(uint64_t num, const char* reason, Val* chainVector = nullptr)
+static IntrusivePtr<RecordVal> x509_result_record(uint64_t num, const char* reason, IntrusivePtr<Val> chainVector = nullptr)
 	{
 	auto rrecord = make_intrusive<RecordVal>(zeek::BifType::Record::X509::Result);
 
 	rrecord->Assign(0, val_mgr->Int(num));
 	rrecord->Assign(1, make_intrusive<StringVal>(reason));
 	if ( chainVector )
-		rrecord->Assign(2, chainVector);
+		rrecord->Assign(2, std::move(chainVector));
 
 	return rrecord;
 	}
@@ -542,7 +542,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
 
 	int result = X509_verify_cert(csc);
 
-	VectorVal* chainVector = nullptr;
+	IntrusivePtr<VectorVal> chainVector;
 
 	if ( result == 1 ) // we have a valid chain. try to get it...
 		{
@@ -556,7 +556,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
 			}
 
 		int num_certs = sk_X509_num(chain);
-		chainVector = new VectorVal(zeek::id::find_type<VectorType>("x509_opaque_vector"));
+		chainVector = make_intrusive<VectorVal>(zeek::id::find_type<VectorType>("x509_opaque_vector"));
 
 		for ( int i = 0; i < num_certs; i++ )
 			{
@@ -578,7 +578,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
 
 x509_verify_chainerror:
 
-	auto rrecord = x509_result_record(X509_STORE_CTX_get_error(csc), X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc)), chainVector);
+	auto rrecord = x509_result_record(X509_STORE_CTX_get_error(csc), X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc)), std::move(chainVector));
 
 	X509_STORE_CTX_cleanup(csc);
 	X509_STORE_CTX_free(csc);