Merge remote-tracking branch 'origin/topic/vern/zval'

* origin/topic/vern/zval: (42 commits)
  whitespace tweaks
  resolved some TODO comments
  remove unnecessary casts, and change necessary ones to use static_cast<>
  explain cmp_func default
  change functions for ZVal type management to static members
  fix some unsigned/signed integer warnings
  address lint concern about uninitialized variable
  Remove use of obsolete forward-declaration macros
  fix #include's that lack zeek/ prefixes
  explicitly populate holes created in vectors
  fixes for now-incorrect assumption that GetField always returns an existing ValPtr
  memory management for assignment to vector elements
  memory management for assignment to record fields
  destructor cleanup from ZAM_vector/ZAM_record
  fix #include's that lack zeek/ prefixes
  overlooked another way in which vector holes can be created
  initialize vector holes to the correct corresponding type
  explicitly populate holes created in vectors
  fix other instances of GetField().get() assuming long-lived ValPtr's
  fix for now-incorrect assumption that GetField always returns an existing ValPtr
  ...

scripts/base/init-bare.zeek

@@ -3334,7 +3334,7 @@ export {
 		## The security mode field specifies whether SMB signing is enabled, required at the server, or both.
 		security_mode     : count;
 		## A globally unique identifier that is generate by the server to uniquely identify the server.
-		server_guid       : string;
+		server_guid       : SMB2::GUID;
 		## The system time of the SMB2 server when the SMB2 NEGOTIATE Request was processed.
 		system_time       : time;
 		## The SMB2 server start time.
@@ -3710,7 +3710,7 @@ type dns_edns_ecs: record {
 	family: string;	##< IP Family
 	source_prefix_len: count;	##< Source Prefix Length.
 	scope_prefix_len: count;	##< Scope Prefix Length.
-	address: string;	##< Client Subnet Address.
+	address: addr;	##< Client Subnet Address.
 };
 
 ## An DNS EDNS TCP KEEPALIVE (TCP KEEPALIVE) record.
@@ -4354,7 +4354,7 @@ export {
 		keyboard_function_key:  count;
 		ime_file_name:          string;
 		post_beta2_color_depth: count  &optional;
-		client_product_id:      string &optional;
+		client_product_id:      count  &optional;
 		serial_number:          count  &optional;
 		high_color_depth:       count  &optional;
 		supported_color_depths: count  &optional;

src/CMakeLists.txt

@@ -301,6 +301,7 @@ set(MAIN_SRCS
     WeirdState.cc
     ZeekArgs.cc
     ZeekString.cc
+    ZVal.cc
     bsd-getopt-long.c
     bro_inet_ntop.c
     in_cksum.cc

src/CompHash.cc

@@ -184,7 +184,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0,
 
 			for ( int i = 0; i < num_fields; ++i )
 				{
-				auto rv_i = rv->GetField(i).get();
+				auto rv_i = rv->GetField(i);
 
 				Attributes* a = rt->FieldDecl(i)->attrs.get();
 				bool optional_attr = (a && a->Find(ATTR_OPTIONAL));
@@ -194,7 +194,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0,
 
 				if ( ! (kp = SingleValHash(type_check, kp,
 							   rt->GetFieldType(i).get(),
-							   rv_i, optional_attr)) )
+							   rv_i.get(), optional_attr)) )
 					return nullptr;
 				}
 
@@ -265,7 +265,7 @@ char* CompositeHash::SingleValHash(bool type_check, char* kp0,
 			kp1 = reinterpret_cast<char*>(kp+1);
 			for ( unsigned int i = 0; i < vv->Size(); ++i )
 				{
-				const auto& val = vv->At(i);
+				auto val = vv->ValAt(i);
 				unsigned int* kp = AlignAndPadType<unsigned int>(kp1);
 				*kp = i;
 				kp1 = reinterpret_cast<char*>(kp+1);
@@ -517,8 +517,9 @@ int CompositeHash::SingleTypeKeySize(Type* bt, const Val* v,
 				Attributes* a = rt->FieldDecl(i)->attrs.get();
 				bool optional_attr = (a && a->Find(ATTR_OPTIONAL));
 
+				auto rv_v = rv ? rv->GetField(i) : nullptr;
 				sz = SingleTypeKeySize(rt->GetFieldType(i).get(),
-						       rv ? rv->GetField(i).get() : nullptr,
+						       rv_v.get(),
 						       type_check, sz, optional_attr,
 						       calc_static_size);
 				if ( ! sz )
@@ -566,7 +567,7 @@ int CompositeHash::SingleTypeKeySize(Type* bt, const Val* v,
 			VectorVal* vv = const_cast<VectorVal*>(v->AsVectorVal());
 			for ( unsigned int i = 0; i < vv->Size(); ++i )
 				{
-				const auto& val = vv->At(i);
+				auto val = vv->ValAt(i);
 				sz = SizeAlign(sz, sizeof(unsigned int));
 				sz = SizeAlign(sz, sizeof(unsigned int));
 				if ( val )

src/Conn.cc

@@ -343,23 +343,23 @@ const RecordValPtr& Connection::ConnVal()
 		id_val->Assign(3, val_mgr->Port(ntohs(resp_port), prot_type));
 
 		auto orig_endp = make_intrusive<RecordVal>(id::endpoint);
-		orig_endp->Assign(0, val_mgr->Count(0));
+		orig_endp->Assign(0, 0);
-		orig_endp->Assign(1, val_mgr->Count(0));
+		orig_endp->Assign(1, 0);
-		orig_endp->Assign(4, val_mgr->Count(orig_flow_label));
+		orig_endp->Assign(4, orig_flow_label);
 
 		const int l2_len = sizeof(orig_l2_addr);
 		char null[l2_len]{};
 
 		if ( memcmp(&orig_l2_addr, &null, l2_len) != 0 )
-			orig_endp->Assign(5, make_intrusive<StringVal>(fmt_mac(orig_l2_addr, l2_len)));
+			orig_endp->Assign(5, fmt_mac(orig_l2_addr, l2_len));
 
 		auto resp_endp = make_intrusive<RecordVal>(id::endpoint);
-		resp_endp->Assign(0, val_mgr->Count(0));
+		resp_endp->Assign(0, 0);
-		resp_endp->Assign(1, val_mgr->Count(0));
+		resp_endp->Assign(1, 0);
-		resp_endp->Assign(4, val_mgr->Count(resp_flow_label));
+		resp_endp->Assign(4, resp_flow_label);
 
 		if ( memcmp(&resp_l2_addr, &null, l2_len) != 0 )
-			resp_endp->Assign(5, make_intrusive<StringVal>(fmt_mac(resp_l2_addr, l2_len)));
+			resp_endp->Assign(5, fmt_mac(resp_l2_addr, l2_len));
 
 		conn_val->Assign(0, std::move(id_val));
 		conn_val->Assign(1, std::move(orig_endp));
@@ -371,25 +371,25 @@ const RecordValPtr& Connection::ConnVal()
 		if ( ! uid )
 			uid.Set(zeek::detail::bits_per_uid);
 
-		conn_val->Assign(7, make_intrusive<StringVal>(uid.Base62("C").c_str()));
+		conn_val->Assign(7, uid.Base62("C"));
 
 		if ( encapsulation && encapsulation->Depth() > 0 )
 			conn_val->Assign(8, encapsulation->ToVal());
 
 		if ( vlan != 0 )
-			conn_val->Assign(9, val_mgr->Int(vlan));
+			conn_val->Assign(9, vlan);
 
 		if ( inner_vlan != 0 )
-			conn_val->Assign(10, val_mgr->Int(inner_vlan));
+			conn_val->Assign(10, inner_vlan);
 
 		}
 
 	if ( root_analyzer )
 		root_analyzer->UpdateConnVal(conn_val.get());
 
-	conn_val->Assign(3, make_intrusive<TimeVal>(start_time));	// ###
+	conn_val->AssignTime(3, start_time);	// ###
-	conn_val->Assign(4, make_intrusive<IntervalVal>(last_time - start_time));
+	conn_val->AssignInterval(4, last_time - start_time);
-	conn_val->Assign(6, make_intrusive<StringVal>(history.c_str()));
+	conn_val->Assign(6, history);
 
 	conn_val->SetOrigin(this);
 
@@ -418,7 +418,7 @@ void Connection::AppendAddl(const char* str)
 	const char* old = cv->GetFieldAs<StringVal>(6)->CheckString();
 	const char* format = *old ? "%s %s" : "%s%s";
 
-	cv->Assign(6, make_intrusive<StringVal>(util::fmt(format, old, str)));
+	cv->Assign(6, util::fmt(format, old, str));
 	}
 
 // Returns true if the character at s separates a version number.
@@ -631,8 +631,8 @@ void Connection::CheckFlowLabel(bool is_orig, uint32_t flow_label)
 		{
 		if ( conn_val )
 			{
-			RecordVal* endp = conn_val->GetField(is_orig ? 1 : 2)->AsRecordVal();
+			RecordVal* endp = conn_val->GetFieldAs<RecordVal>(is_orig ? 1 : 2);
-			endp->Assign(4, val_mgr->Count(flow_label));
+			endp->Assign(4, flow_label);
 			}
 
 		if ( connection_flow_label_changed &&

src/DNS_Mgr.cc

@@ -718,10 +718,10 @@ ValPtr DNS_Mgr::BuildMappingVal(DNS_Mapping* dm)
 	{
 	auto r = make_intrusive<RecordVal>(dm_rec);
 
-	r->Assign(0, make_intrusive<TimeVal>(dm->CreationTime()));
+	r->AssignTime(0, dm->CreationTime());
-	r->Assign(1, make_intrusive<StringVal>(dm->ReqHost() ? dm->ReqHost() : ""));
+	r->Assign(1, dm->ReqHost() ? dm->ReqHost() : "");
 	r->Assign(2, make_intrusive<AddrVal>(dm->ReqAddr()));
-	r->Assign(3, val_mgr->Bool(dm->Valid()));
+	r->Assign(3, dm->Valid());
 
 	auto h = dm->Host();
 	r->Assign(4, h ? std::move(h) : make_intrusive<StringVal>("<none>"));

src/Expr.cc

@@ -277,7 +277,7 @@ const char* assign_to_index(ValPtr v1, ValPtr v2, ValPtr v3,
 
 			for ( auto idx = 0u; idx < v_vect->Size();
 			      idx++, first++ )
-				v1_vect->Insert(first, v_vect->At(idx));
+				v1_vect->Insert(first, v_vect->ValAt(idx));
 			}
 
 		else if ( ! v1_vect->Assign(lv->Idx(0)->CoerceToUnsigned(), std::move(v3)) )
@@ -619,8 +619,11 @@ ValPtr UnaryExpr::Eval(Frame* f) const
 
 		for ( unsigned int i = 0; i < v_op->Size(); ++i )
 			{
-			const auto& v_i = v_op->At(i);
+			auto vop = v_op->ValAt(i);
-			result->Assign(i, v_i ? Fold(v_i.get()) : nullptr);
+			if ( vop )
+				result->Assign(i, Fold(vop.get()));
+			else
+				result->Assign(i, nullptr);
 			}
 
 		return result;
@@ -708,11 +711,12 @@ ValPtr BinaryExpr::Eval(Frame* f) const
 
 		for ( unsigned int i = 0; i < v_op1->Size(); ++i )
 			{
-			if ( v_op1->At(i) && v_op2->At(i) )
+			auto v1_i = v_op1->ValAt(i);
-				v_result->Assign(i, Fold(v_op1->At(i).get(), v_op2->At(i).get()));
+			auto v2_i = v_op2->ValAt(i);
+			if ( v1_i && v2_i )
+				v_result->Assign(i, Fold(v_op1->ValAt(i).get(), v_op2->ValAt(i).get()));
 			else
 				v_result->Assign(i, nullptr);
-			// SetError("undefined element in vector operation");
 			}
 
 		return v_result;
@@ -725,13 +729,12 @@ ValPtr BinaryExpr::Eval(Frame* f) const
 
 		for ( unsigned int i = 0; i < vv->Size(); ++i )
 			{
-			if ( const auto& vv_i = vv->At(i) )
+			auto vv_i = vv->ValAt(i);
+			if ( vv_i )
 				v_result->Assign(i, is_vec1 ? Fold(vv_i.get(), v2.get())
 				                            : Fold(v1.get(), vv_i.get()));
 			else
 				v_result->Assign(i, nullptr);
-
-			// SetError("Undefined element in vector operation");
 			}
 
 		return v_result;
@@ -1235,12 +1238,8 @@ ValPtr IncrExpr::Eval(Frame* f) const
 
 		for ( unsigned int i = 0; i < v_vec->Size(); ++i )
 			{
-			const auto& elt = v_vec->At(i);
+			auto elt = v_vec->ValAt(i);
-
-			if ( elt )
 			v_vec->Assign(i, DoSingleEval(f, elt.get()));
-			else
-				v_vec->Assign(i, nullptr);
 			}
 
 		op->Assign(f, std::move(v_vec));
@@ -1863,19 +1862,14 @@ ValPtr BoolExpr::Eval(Frame* f) const
 
 	for ( unsigned int i = 0; i < vec_v1->Size(); ++i )
 		{
-		const auto& op1 = vec_v1->At(i);
+		const auto op1 = vec_v1->BoolAt(i);
-		const auto& op2 = vec_v2->At(i);
+		const auto op2 = vec_v2->BoolAt(i);
-		if ( op1 && op2 )
+
-			{
+		bool local_result =
-			bool local_result = (tag == EXPR_AND_AND) ?
+			(tag == EXPR_AND_AND) ? (op1 && op2) : (op1 || op2);
-				(! op1->IsZero() && ! op2->IsZero()) :
-				(! op1->IsZero() || ! op2->IsZero());
 
 		result->Assign(i, val_mgr->Bool(local_result));
 		}
-		else
-			result->Assign(i, nullptr);
-		}
 
 	return result;
 	}
@@ -2225,16 +2219,10 @@ ValPtr CondExpr::Eval(Frame* f) const
 
 	for ( unsigned int i = 0; i < cond->Size(); ++i )
 		{
-		const auto& local_cond = cond->At(i);
+		auto local_cond = cond->BoolAt(i);
-
+		auto v = local_cond ? a->ValAt(i) : b->ValAt(i);
-		if ( local_cond )
-			{
-			const auto& v = local_cond->IsZero() ? b->At(i) : a->At(i);
 		result->Assign(i, v);
 		}
-		else
-			result->Assign(i, nullptr);
-		}
 
 	return result;
 	}
@@ -2912,8 +2900,8 @@ ValPtr IndexExpr::Eval(Frame* f) const
 
 			for ( unsigned int i = 0; i < v_v2->Size(); ++i )
 				{
-				if ( v_v2->At(i)->AsBool() )
+				if ( v_v2->BoolAt(i) )
-					v_result->Assign(v_result->Size() + 1, v_v1->At(i));
+					v_result->Assign(v_result->Size() + 1, v_v1->ValAt(i));
 				}
 			}
 		else
@@ -2923,7 +2911,7 @@ ValPtr IndexExpr::Eval(Frame* f) const
 			// Probably only do this if *all* are negative.
 			v_result->Resize(v_v2->Size());
 			for ( unsigned int i = 0; i < v_v2->Size(); ++i )
-				v_result->Assign(i, v_v1->At(v_v2->At(i)->CoerceToInt()));
+				v_result->Assign(i, v_v1->ValAt(v_v2->ValAt(i)->CoerceToInt()));
 			}
 
 		return v_result;
@@ -2946,7 +2934,7 @@ ValPtr IndexExpr::Fold(Val* v1, Val* v2) const
 		const ListVal* lv = v2->AsListVal();
 
 		if ( lv->Length() == 1 )
-			v = vect->At(lv->Idx(0)->CoerceToUnsigned());
+			v = vect->ValAt(lv->Idx(0)->CoerceToUnsigned());
 		else
 			{
 			size_t len = vect->Size();
@@ -2961,7 +2949,7 @@ ValPtr IndexExpr::Fold(Val* v1, Val* v2) const
 				result->Resize(sub_length);
 
 				for ( bro_int_t idx = first; idx < last; idx++ )
-					result->Assign(idx - first, vect->At(idx));
+					result->Assign(idx - first, vect->ValAt(idx));
 				}
 
 			return result;
@@ -3161,7 +3149,7 @@ HasFieldExpr::~HasFieldExpr()
 ValPtr HasFieldExpr::Fold(Val* v) const
 	{
 	auto rv = v->AsRecordVal();
-	return val_mgr->Bool(rv->GetField(field) != nullptr);
+	return val_mgr->Bool(rv->HasField(field));
 	}
 
 void HasFieldExpr::ExprDescribe(ODesc* d) const
@@ -3749,7 +3737,8 @@ ValPtr ArithCoerceExpr::Fold(Val* v) const
 
 	for ( unsigned int i = 0; i < vv->Size(); ++i )
 		{
-		if ( const auto& elt = vv->At(i) )
+		auto elt = vv->ValAt(i);
+		if ( elt )
 			result->Assign(i, FoldSingleVal(elt.get(), t));
 		else
 			result->Assign(i, nullptr);
@@ -3917,7 +3906,7 @@ ValPtr RecordCoerceExpr::Fold(Val* v) const
 			if ( ! rhs )
 				{
 				// Optional field is missing.
-				val->Assign(i, nullptr);
+				val->Remove(i);
 				continue;
 				}
 
@@ -3964,7 +3953,7 @@ ValPtr RecordCoerceExpr::Fold(Val* v) const
 				val->Assign(i, std::move(def_val));
 				}
 			else
-				val->Assign(i, nullptr);
+				val->Remove(i);
 			}
 		}
 
@@ -4207,7 +4196,11 @@ ValPtr InExpr::Fold(Val* v1, Val* v2) const
 	bool res;
 
 	if ( is_vector(v2) )
-		res = (bool)v2->AsVectorVal()->At(v1->AsListVal()->Idx(0)->CoerceToUnsigned());
+		{
+		auto vv2 = v2->AsVectorVal();
+		auto ind = v1->AsListVal()->Idx(0)->CoerceToUnsigned();
+		res = ind < vv2->Size() && vv2->ValAt(ind);
+		}
 	else
 		res = (bool)v2->AsTableVal()->Find({NewRef{}, v1});
 
@@ -5087,7 +5080,7 @@ ValPtr CastExpr::Eval(Frame* f) const
 	d.Add("'");
 
 	if ( same_type(v->GetType(), Broker::detail::DataVal::ScriptDataType()) &&
-		 ! v->AsRecordVal()->GetField(0) )
+		 ! v->AsRecordVal()->HasField(0) )
 		d.Add(" (nil $data field)");
 
 	RuntimeError(d.Description());

src/File.cc

@@ -290,7 +290,7 @@ RecordVal* File::Rotate()
 		return nullptr;
 		}
 
-	info->Assign<TimeVal>(2, open_time);
+	info->AssignTime(2, open_time);
 
 	Unlink();
 

src/IP.cc

@@ -24,12 +24,12 @@ static VectorValPtr BuildOptionsVal(const u_char* data, int len)
 		static auto ip6_option_type = id::find_type<RecordType>("ip6_option");
 		const struct ip6_opt* opt = (const struct ip6_opt*) data;
 		auto rv = make_intrusive<RecordVal>(ip6_option_type);
-		rv->Assign(0, val_mgr->Count(opt->ip6o_type));
+		rv->Assign(0, opt->ip6o_type);
 
 		if ( opt->ip6o_type == 0 )
 			{
 			// Pad1 option
-			rv->Assign(1, val_mgr->Count(0));
+			rv->Assign(1, 0);
 			rv->Assign(2, val_mgr->EmptyString());
 			data += sizeof(uint8_t);
 			len -= sizeof(uint8_t);
@@ -38,9 +38,8 @@ static VectorValPtr BuildOptionsVal(const u_char* data, int len)
 			{
 			// PadN or other option
 			uint16_t off = 2 * sizeof(uint8_t);
-			rv->Assign(1, val_mgr->Count(opt->ip6o_len));
+			rv->Assign(1, opt->ip6o_len);
-			rv->Assign(2, make_intrusive<StringVal>(
+			rv->Assign(2, new String(data + off, opt->ip6o_len, true));
-				           new String(data + off, opt->ip6o_len, true)));
 			data += opt->ip6o_len + off;
 			len -= opt->ip6o_len + off;
 			}
@@ -61,11 +60,11 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		static auto ip6_hdr_type = id::find_type<RecordType>("ip6_hdr");
 		rv = make_intrusive<RecordVal>(ip6_hdr_type);
 		const struct ip6_hdr* ip6 = (const struct ip6_hdr*)data;
-		rv->Assign(0, val_mgr->Count((ntohl(ip6->ip6_flow) & 0x0ff00000)>>20));
+		rv->Assign(0, (ntohl(ip6->ip6_flow) & 0x0ff00000)>>20);
-		rv->Assign(1, val_mgr->Count(ntohl(ip6->ip6_flow) & 0x000fffff));
+		rv->Assign(1, ntohl(ip6->ip6_flow) & 0x000fffff);
-		rv->Assign(2, val_mgr->Count(ntohs(ip6->ip6_plen)));
+		rv->Assign(2, ntohs(ip6->ip6_plen));
-		rv->Assign(3, val_mgr->Count(ip6->ip6_nxt));
+		rv->Assign(3, ip6->ip6_nxt);
-		rv->Assign(4, val_mgr->Count(ip6->ip6_hlim));
+		rv->Assign(4, ip6->ip6_hlim);
 		rv->Assign(5, make_intrusive<AddrVal>(IPAddr(ip6->ip6_src)));
 		rv->Assign(6, make_intrusive<AddrVal>(IPAddr(ip6->ip6_dst)));
 		if ( ! chain )
@@ -80,8 +79,8 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		static auto ip6_hopopts_type = id::find_type<RecordType>("ip6_hopopts");
 		rv = make_intrusive<RecordVal>(ip6_hopopts_type);
 		const struct ip6_hbh* hbh = (const struct ip6_hbh*)data;
-		rv->Assign(0, val_mgr->Count(hbh->ip6h_nxt));
+		rv->Assign(0, hbh->ip6h_nxt);
-		rv->Assign(1, val_mgr->Count(hbh->ip6h_len));
+		rv->Assign(1, hbh->ip6h_len);
 		uint16_t off = 2 * sizeof(uint8_t);
 		rv->Assign(2, BuildOptionsVal(data + off, Length() - off));
 
@@ -93,8 +92,8 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		static auto ip6_dstopts_type = id::find_type<RecordType>("ip6_dstopts");
 		rv = make_intrusive<RecordVal>(ip6_dstopts_type);
 		const struct ip6_dest* dst = (const struct ip6_dest*)data;
-		rv->Assign(0, val_mgr->Count(dst->ip6d_nxt));
+		rv->Assign(0, dst->ip6d_nxt);
-		rv->Assign(1, val_mgr->Count(dst->ip6d_len));
+		rv->Assign(1, dst->ip6d_len);
 		uint16_t off = 2 * sizeof(uint8_t);
 		rv->Assign(2, BuildOptionsVal(data + off, Length() - off));
 		}
@@ -105,12 +104,12 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		static auto ip6_routing_type = id::find_type<RecordType>("ip6_routing");
 		rv = make_intrusive<RecordVal>(ip6_routing_type);
 		const struct ip6_rthdr* rt = (const struct ip6_rthdr*)data;
-		rv->Assign(0, val_mgr->Count(rt->ip6r_nxt));
+		rv->Assign(0, rt->ip6r_nxt);
-		rv->Assign(1, val_mgr->Count(rt->ip6r_len));
+		rv->Assign(1, rt->ip6r_len);
-		rv->Assign(2, val_mgr->Count(rt->ip6r_type));
+		rv->Assign(2, rt->ip6r_type);
-		rv->Assign(3, val_mgr->Count(rt->ip6r_segleft));
+		rv->Assign(3, rt->ip6r_segleft);
 		uint16_t off = 4 * sizeof(uint8_t);
-		rv->Assign(4, make_intrusive<StringVal>(new String(data + off, Length() - off, true)));
+		rv->Assign(4, new String(data + off, Length() - off, true));
 		}
 		break;
 
@@ -119,12 +118,12 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		static auto ip6_fragment_type = id::find_type<RecordType>("ip6_fragment");
 		rv = make_intrusive<RecordVal>(ip6_fragment_type);
 		const struct ip6_frag* frag = (const struct ip6_frag*)data;
-		rv->Assign(0, val_mgr->Count(frag->ip6f_nxt));
+		rv->Assign(0, frag->ip6f_nxt);
-		rv->Assign(1, val_mgr->Count(frag->ip6f_reserved));
+		rv->Assign(1, frag->ip6f_reserved);
-		rv->Assign(2, val_mgr->Count((ntohs(frag->ip6f_offlg) & 0xfff8)>>3));
+		rv->Assign(2, (ntohs(frag->ip6f_offlg) & 0xfff8)>>3);
-		rv->Assign(3, val_mgr->Count((ntohs(frag->ip6f_offlg) & 0x0006)>>1));
+		rv->Assign(3, (ntohs(frag->ip6f_offlg) & 0x0006)>>1);
-		rv->Assign(4, val_mgr->Bool(ntohs(frag->ip6f_offlg) & 0x0001));
+		rv->Assign(4, static_cast<bool>(ntohs(frag->ip6f_offlg) & 0x0001));
-		rv->Assign(5, val_mgr->Count(ntohl(frag->ip6f_ident)));
+		rv->Assign(5, ntohl(frag->ip6f_ident));
 		}
 		break;
 
@@ -132,18 +131,18 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		{
 		static auto ip6_ah_type = id::find_type<RecordType>("ip6_ah");
 		rv = make_intrusive<RecordVal>(ip6_ah_type);
-		rv->Assign(0, val_mgr->Count(((ip6_ext*)data)->ip6e_nxt));
+		rv->Assign(0, ((ip6_ext*)data)->ip6e_nxt);
-		rv->Assign(1, val_mgr->Count(((ip6_ext*)data)->ip6e_len));
+		rv->Assign(1, ((ip6_ext*)data)->ip6e_len);
-		rv->Assign(2, val_mgr->Count(ntohs(((uint16_t*)data)[1])));
+		rv->Assign(2, ntohs(((uint16_t*)data)[1]));
-		rv->Assign(3, val_mgr->Count(ntohl(((uint32_t*)data)[1])));
+		rv->Assign(3, ntohl(((uint32_t*)data)[1]));
 
 		if ( Length() >= 12 )
 			{
 			// Sequence Number and ICV fields can only be extracted if
 			// Payload Len was non-zero for this header.
-			rv->Assign(4, val_mgr->Count(ntohl(((uint32_t*)data)[2])));
+			rv->Assign(4, ntohl(((uint32_t*)data)[2]));
 			uint16_t off = 3 * sizeof(uint32_t);
-			rv->Assign(5, make_intrusive<StringVal>(new String(data + off, Length() - off, true)));
+			rv->Assign(5, new String(data + off, Length() - off, true));
 			}
 		}
 		break;
@@ -153,8 +152,8 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		static auto ip6_esp_type = id::find_type<RecordType>("ip6_esp");
 		rv = make_intrusive<RecordVal>(ip6_esp_type);
 		const uint32_t* esp = (const uint32_t*)data;
-		rv->Assign(0, val_mgr->Count(ntohl(esp[0])));
+		rv->Assign(0, ntohl(esp[0]));
-		rv->Assign(1, val_mgr->Count(ntohl(esp[1])));
+		rv->Assign(1, ntohl(esp[1]));
 		}
 		break;
 
@@ -164,15 +163,15 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		static auto ip6_mob_type = id::find_type<RecordType>("ip6_mobility_hdr");
 		rv = make_intrusive<RecordVal>(ip6_mob_type);
 		const struct ip6_mobility* mob = (const struct ip6_mobility*) data;
-		rv->Assign(0, val_mgr->Count(mob->ip6mob_payload));
+		rv->Assign(0, mob->ip6mob_payload);
-		rv->Assign(1, val_mgr->Count(mob->ip6mob_len));
+		rv->Assign(1, mob->ip6mob_len);
-		rv->Assign(2, val_mgr->Count(mob->ip6mob_type));
+		rv->Assign(2, mob->ip6mob_type);
-		rv->Assign(3, val_mgr->Count(mob->ip6mob_rsv));
+		rv->Assign(3, mob->ip6mob_rsv);
-		rv->Assign(4, val_mgr->Count(ntohs(mob->ip6mob_chksum)));
+		rv->Assign(4, ntohs(mob->ip6mob_chksum));
 
 		static auto ip6_mob_msg_type = id::find_type<RecordType>("ip6_mobility_msg");
 		auto msg = make_intrusive<RecordVal>(ip6_mob_msg_type);
-		msg->Assign(0, val_mgr->Count(mob->ip6mob_type));
+		msg->Assign(0, mob->ip6mob_type);
 
 		uint16_t off = sizeof(ip6_mobility);
 		const u_char* msg_data = data + off;
@@ -190,7 +189,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		case 0:
 			{
 			auto m = make_intrusive<RecordVal>(ip6_mob_brr_type);
-			m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
+			m->Assign(0, ntohs(*((uint16_t*)msg_data)));
 			off += sizeof(uint16_t);
 			m->Assign(1, BuildOptionsVal(data + off, Length() - off));
 			msg->Assign(1, std::move(m));
@@ -200,8 +199,8 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		case 1:
 			{
 			auto m = make_intrusive<RecordVal>(ip6_mob_hoti_type);
-			m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
+			m->Assign(0, ntohs(*((uint16_t*)msg_data)));
-			m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
+			m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
 			off += sizeof(uint16_t) + sizeof(uint64_t);
 			m->Assign(2, BuildOptionsVal(data + off, Length() - off));
 			msg->Assign(2, std::move(m));
@@ -211,8 +210,8 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		case 2:
 			{
 			auto m = make_intrusive<RecordVal>(ip6_mob_coti_type);
-			m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
+			m->Assign(0, ntohs(*((uint16_t*)msg_data)));
-			m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
+			m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
 			off += sizeof(uint16_t) + sizeof(uint64_t);
 			m->Assign(2, BuildOptionsVal(data + off, Length() - off));
 			msg->Assign(3, std::move(m));
@@ -222,9 +221,9 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		case 3:
 			{
 			auto m = make_intrusive<RecordVal>(ip6_mob_hot_type);
-			m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
+			m->Assign(0, ntohs(*((uint16_t*)msg_data)));
-			m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
+			m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
-			m->Assign(2, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))));
+			m->Assign(2, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t)))));
 			off += sizeof(uint16_t) + 2 * sizeof(uint64_t);
 			m->Assign(3, BuildOptionsVal(data + off, Length() - off));
 			msg->Assign(4, std::move(m));
@@ -234,9 +233,9 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		case 4:
 			{
 			auto m = make_intrusive<RecordVal>(ip6_mob_cot_type);
-			m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
+			m->Assign(0, ntohs(*((uint16_t*)msg_data)));
-			m->Assign(1, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t))))));
+			m->Assign(1, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t)))));
-			m->Assign(2, val_mgr->Count(ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t))))));
+			m->Assign(2, ntohll(*((uint64_t*)(msg_data + sizeof(uint16_t) + sizeof(uint64_t)))));
 			off += sizeof(uint16_t) + 2 * sizeof(uint64_t);
 			m->Assign(3, BuildOptionsVal(data + off, Length() - off));
 			msg->Assign(5, std::move(m));
@@ -246,12 +245,12 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		case 5:
 			{
 			auto m = make_intrusive<RecordVal>(ip6_mob_bu_type);
-			m->Assign(0, val_mgr->Count(ntohs(*((uint16_t*)msg_data))));
+			m->Assign(0, ntohs(*((uint16_t*)msg_data))));
-			m->Assign(1, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000));
+			m->Assign(1, static_cast<bool>(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x8000));
-			m->Assign(2, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000));
+			m->Assign(2, static_cast<bool>(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x4000));
-			m->Assign(3, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x2000));
+			m->Assign(3, static_cast<bool>(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x2000));
-			m->Assign(4, val_mgr->Bool(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x1000));
+			m->Assign(4, static_cast<bool>(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))) & 0x1000));
-			m->Assign(5, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))));
+			m->Assign(5, ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t)))));
 			off += 3 * sizeof(uint16_t);
 			m->Assign(6, BuildOptionsVal(data + off, Length() - off));
 			msg->Assign(6, std::move(m));
@@ -261,10 +260,10 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		case 6:
 			{
 			auto m = make_intrusive<RecordVal>(ip6_mob_back_type);
-			m->Assign(0, val_mgr->Count(*((uint8_t*)msg_data)));
+			m->Assign(0, *((uint8_t*)msg_data));
-			m->Assign(1, val_mgr->Bool(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80));
+			m->Assign(1, static_cast<bool>(*((uint8_t*)(msg_data + sizeof(uint8_t))) & 0x80));
-			m->Assign(2, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t))))));
+			m->Assign(2, ntohs(*((uint16_t*)(msg_data + sizeof(uint16_t)))));
-			m->Assign(3, val_mgr->Count(ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t))))));
+			m->Assign(3, ntohs(*((uint16_t*)(msg_data + 2*sizeof(uint16_t)))));
 			off += 3 * sizeof(uint16_t);
 			m->Assign(4, BuildOptionsVal(data + off, Length() - off));
 			msg->Assign(7, std::move(m));
@@ -274,7 +273,7 @@ RecordValPtr IPv6_Hdr::ToVal(VectorValPtr chain) const
 		case 7:
 			{
 			auto m = make_intrusive<RecordVal>(ip6_mob_be_type);
-			m->Assign(0, val_mgr->Count(*((uint8_t*)msg_data)));
+			m->Assign(0, *((uint8_t*)msg_data));
 			const in6_addr* hoa = (const in6_addr*)(msg_data + sizeof(uint16_t));
 			m->Assign(1, make_intrusive<AddrVal>(IPAddr(*hoa)));
 			off += sizeof(uint16_t) + sizeof(in6_addr);
@@ -331,12 +330,12 @@ RecordValPtr IP_Hdr::ToIPHdrVal() const
 		{
 		static auto ip4_hdr_type = id::find_type<RecordType>("ip4_hdr");
 		rval = make_intrusive<RecordVal>(ip4_hdr_type);
-		rval->Assign(0, val_mgr->Count(ip4->ip_hl * 4));
+		rval->Assign(0, ip4->ip_hl * 4);
-		rval->Assign(1, val_mgr->Count(ip4->ip_tos));
+		rval->Assign(1, ip4->ip_tos);
-		rval->Assign(2, val_mgr->Count(ntohs(ip4->ip_len)));
+		rval->Assign(2, ntohs(ip4->ip_len));
-		rval->Assign(3, val_mgr->Count(ntohs(ip4->ip_id)));
+		rval->Assign(3, ntohs(ip4->ip_id));
-		rval->Assign(4, val_mgr->Count(ip4->ip_ttl));
+		rval->Assign(4, ip4->ip_ttl);
-		rval->Assign(5, val_mgr->Count(ip4->ip_p));
+		rval->Assign(5, ip4->ip_p);
 		rval->Assign(6, make_intrusive<AddrVal>(ip4->ip_src.s_addr));
 		rval->Assign(7, make_intrusive<AddrVal>(ip4->ip_dst.s_addr));
 		}
@@ -380,13 +379,13 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
 
 		tcp_hdr->Assign(0, val_mgr->Port(ntohs(tp->th_sport), TRANSPORT_TCP));
 		tcp_hdr->Assign(1, val_mgr->Port(ntohs(tp->th_dport), TRANSPORT_TCP));
-		tcp_hdr->Assign(2, val_mgr->Count(uint32_t(ntohl(tp->th_seq))));
+		tcp_hdr->Assign(2, ntohl(tp->th_seq));
-		tcp_hdr->Assign(3, val_mgr->Count(uint32_t(ntohl(tp->th_ack))));
+		tcp_hdr->Assign(3, ntohl(tp->th_ack));
-		tcp_hdr->Assign(4, val_mgr->Count(tcp_hdr_len));
+		tcp_hdr->Assign(4, tcp_hdr_len);
-		tcp_hdr->Assign(5, val_mgr->Count(data_len));
+		tcp_hdr->Assign(5, data_len);
-		tcp_hdr->Assign(6, val_mgr->Count(tp->th_x2));
+		tcp_hdr->Assign(6, tp->th_x2);
-		tcp_hdr->Assign(7, val_mgr->Count(tp->th_flags));
+		tcp_hdr->Assign(7, tp->th_flags);
-		tcp_hdr->Assign(8, val_mgr->Count(ntohs(tp->th_win)));
+		tcp_hdr->Assign(8, ntohs(tp->th_win));
 
 		pkt_hdr->Assign(sindex + 2, std::move(tcp_hdr));
 		break;
@@ -399,7 +398,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
 
 		udp_hdr->Assign(0, val_mgr->Port(ntohs(up->uh_sport), TRANSPORT_UDP));
 		udp_hdr->Assign(1, val_mgr->Port(ntohs(up->uh_dport), TRANSPORT_UDP));
-		udp_hdr->Assign(2, val_mgr->Count(ntohs(up->uh_ulen)));
+		udp_hdr->Assign(2, ntohs(up->uh_ulen));
 
 		pkt_hdr->Assign(sindex + 3, std::move(udp_hdr));
 		break;
@@ -410,7 +409,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
 		const struct icmp* icmpp = (const struct icmp *) data;
 		auto icmp_hdr = make_intrusive<RecordVal>(icmp_hdr_type);
 
-		icmp_hdr->Assign(0, val_mgr->Count(icmpp->icmp_type));
+		icmp_hdr->Assign(0, icmpp->icmp_type);
 
 		pkt_hdr->Assign(sindex + 4, std::move(icmp_hdr));
 		break;
@@ -421,7 +420,7 @@ RecordValPtr IP_Hdr::ToPktHdrVal(RecordValPtr pkt_hdr, int sindex) const
 		const struct icmp6_hdr* icmpp = (const struct icmp6_hdr*) data;
 		auto icmp_hdr = make_intrusive<RecordVal>(icmp_hdr_type);
 
-		icmp_hdr->Assign(0, val_mgr->Count(icmpp->icmp6_type));
+		icmp_hdr->Assign(0, icmpp->icmp6_type);
 
 		pkt_hdr->Assign(sindex + 4, std::move(icmp_hdr));
 		break;
@@ -675,7 +674,7 @@ VectorValPtr IPv6_Hdr_Chain::ToVal() const
 		auto v = chain[i]->ToVal();
 		auto ext_hdr = make_intrusive<RecordVal>(ip6_ext_hdr_type);
 		uint8_t type = chain[i]->Type();
-		ext_hdr->Assign(0, val_mgr->Count(type));
+		ext_hdr->Assign(0, type);
 
 		switch (type) {
 		case IPPROTO_HOPOPTS:

src/RuleMatcher.cc

@@ -86,10 +86,10 @@ Val* RuleMatcher::BuildRuleStateValue(const Rule* rule,
 	{
 	static auto signature_state = id::find_type<RecordType>("signature_state");
 	auto* val = new RecordVal(signature_state);
-	val->Assign(0, make_intrusive<StringVal>(rule->ID()));
+	val->Assign(0, rule->ID());
 	val->Assign(1, state->GetAnalyzer()->ConnVal());
-	val->Assign(2, val_mgr->Bool(state->is_orig));
+	val->Assign(2, state->is_orig);
-	val->Assign(3, val_mgr->Count(state->payload_size));
+	val->Assign(3, state->payload_size);
 	return val;
 	}
 

src/Sessions.cc

@@ -344,8 +344,8 @@ Connection* NetSessions::FindConnection(Val* v)
 	const IPAddr& orig_addr = vl->GetFieldAs<AddrVal>(orig_h);
 	const IPAddr& resp_addr = vl->GetFieldAs<AddrVal>(resp_h);
 
-	const PortVal* orig_portv = vl->GetFieldAs<PortVal>(orig_p);
+	auto orig_portv = vl->GetFieldAs<PortVal>(orig_p);
-	const PortVal* resp_portv = vl->GetFieldAs<PortVal>(resp_p);
+	auto resp_portv = vl->GetFieldAs<PortVal>(resp_p);
 
 	ConnID id;
 

src/SmithWaterman.cc

@@ -74,7 +74,7 @@ VectorVal* Substring::VecToPolicy(Vec* vec)
 			Substring* bst = (*vec)[i];
 
 			auto st_val = make_intrusive<RecordVal>(sw_substring_type);
-			st_val->Assign(0, make_intrusive<StringVal>(new String(*bst)));
+			st_val->Assign(0, new String(*bst));
 
 			auto aligns = make_intrusive<VectorVal>(sw_align_vec_type);
 
@@ -83,15 +83,15 @@ VectorVal* Substring::VecToPolicy(Vec* vec)
 				const BSSAlign& align = (bst->GetAlignments())[j];
 
 				auto align_val = make_intrusive<RecordVal>(sw_align_type);
-				align_val->Assign(0, make_intrusive<StringVal>(new String(*align.string)));
+				align_val->Assign(0, new String(*align.string));
-				align_val->Assign(1, val_mgr->Count(align.index));
+				align_val->Assign(1, align.index);
 
-				aligns->Assign(j + 1, std::move(align_val));
+				aligns->Assign(j, std::move(align_val));
 				}
 
 			st_val->Assign(1, std::move(aligns));
-			st_val->Assign(2, val_mgr->Bool(bst->IsNewAlignment()));
+			st_val->Assign(2, bst->IsNewAlignment());
-			result->Assign(i + 1, std::move(st_val));
+			result->Assign(i, std::move(st_val));
 			}
 		}
 
@@ -102,26 +102,25 @@ Substring::Vec* Substring::VecFromPolicy(VectorVal* vec)
 	{
 	Vec* result = new Vec();
 
-	// VectorVals start at index 1!
+	for ( unsigned int i = 0; i < vec->Size(); ++i )
-	for ( unsigned int i = 1; i <= vec->Size(); ++i )
 		{
-		const auto& v = vec->At(i);	// get the RecordVal
+		auto v = vec->RecordValAt(i);
 		if ( ! v )
 			continue;
 
-		const String* str = v->AsRecordVal()->GetFieldAs<StringVal>(0);
+		const String* str = v->GetFieldAs<StringVal>(0);
 		auto* substr = new Substring(*str);
 
-		const VectorVal* aligns = v->AsRecordVal()->GetField(1)->AsVectorVal();
+		const VectorVal* aligns = v->GetFieldAs<VectorVal>(1);
 		for ( unsigned int j = 1; j <= aligns->Size(); ++j )
 			{
-			const RecordVal* align = aligns->AsVectorVal()->At(j)->AsRecordVal();
+			const RecordVal* align = aligns->AsVectorVal()->RecordValAt(j);
 			const String* str = align->GetFieldAs<StringVal>(0);
 			int index = align->GetFieldAs<CountVal>(1);
 			substr->AddAlignment(str, index);
 			}
 
-		bool new_alignment = v->AsRecordVal()->GetFieldAs<BoolVal>(2);
+		bool new_alignment = v->GetFieldAs<BoolVal>(2);
 		substr->MarkNewAlignment(new_alignment);
 
 		result->push_back(substr);

src/Stmt.cc

@@ -297,7 +297,7 @@ static void print_log(const std::vector<ValPtr>& vals)
 		vec->Assign(vec->Size(), make_intrusive<StringVal>(d.Description()));
 		}
 
-	record->Assign(0, make_intrusive<TimeVal>(run_state::network_time));
+	record->AssignTime(0, run_state::network_time);
 	record->Assign(1, std::move(vec));
 	log_mgr->Write(plval.get(), record.get());
 	}
@@ -1324,12 +1324,8 @@ ValPtr ForStmt::DoExec(Frame* f, Val* v, StmtFlowType& flow)
 		{
 		VectorVal* vv = v->AsVectorVal();
 
-		for ( auto i = 0u; i <= vv->Size(); ++i )
+		for ( auto i = 0u; i < vv->Size(); ++i )
 			{
-			// Skip unassigned vector indices.
-			if ( ! vv->At(i) )
-				continue;
-
 			// Set the loop variable to the current index, and make
 			// another pass over the loop body.
 			f->SetElement((*loop_vars)[0], val_mgr->Count(i));

src/TunnelEncapsulation.cc

@@ -30,7 +30,7 @@ RecordValPtr EncapsulatingConn::ToVal() const
 	rv->Assign(0, std::move(id_val));
 	rv->Assign(1, BifType::Enum::Tunnel::Type->GetEnumVal(type));
 
-	rv->Assign(2, make_intrusive<StringVal>(uid.Base62("C").c_str()));
+	rv->Assign(2, uid.Base62("C"));
 
 	return rv;
 	}

src/Type.cc

@@ -840,7 +840,16 @@ void TypeDecl::DescribeReST(ODesc* d, bool roles_only) const
 RecordType::RecordType(type_decl_list* arg_types) : Type(TYPE_RECORD)
 	{
 	types = arg_types;
-	num_fields = types ? types->length() : 0;
+
+	if ( types )
+		{
+		num_fields = types->length();
+
+		loop_over_list(*types, i)
+			AddField(i, (*types)[i]);
+		}
+	else
+		num_fields = 0;
 	}
 
 // in this case the clone is actually not so shallow, since
@@ -864,6 +873,13 @@ RecordType::~RecordType()
 		}
 	}
 
+void RecordType::AddField(unsigned int field, const TypeDecl* td)
+	{
+	ASSERT(field == managed_fields.size());
+
+	managed_fields.push_back(ZVal::IsManagedType(td->type));
+	}
+
 bool RecordType::HasField(const char* field) const
 	{
 	return FieldOffset(field) >= 0;
@@ -1001,8 +1017,8 @@ TableValPtr RecordType::GetRecordFieldsVal(const RecordVal* rv) const
 		auto nr = make_intrusive<RecordVal>(record_field);
 
 		string s = container_type_name(ft.get());
-		nr->Assign(0, make_intrusive<StringVal>(s));
+		nr->Assign(0, s);
-		nr->Assign(1, val_mgr->Bool(logged));
+		nr->Assign(1, logged);
 		nr->Assign(2, std::move(fv));
 		nr->Assign(3, FieldDefault(i));
 		auto field_name = make_intrusive<StringVal>(FieldName(i));
@@ -1037,7 +1053,9 @@ const char* RecordType::AddFields(const type_decl_list& others,
 			td->attrs->AddAttr(make_intrusive<detail::Attr>(detail::ATTR_LOG));
 			}
 
+		int field = types->size();
 		types->push_back(td);
+		AddField(field, td);
 		}
 
 	num_fields = types->length();

src/Type.h

@@ -605,6 +605,11 @@ public:
 	const TypeDecl* FieldDecl(int field) const;
 	TypeDecl* FieldDecl(int field);
 
+	// Returns flags corresponding to which fields in the record
+	// have types requiring memory management (reference counting).
+	const std::vector<bool>& ManagedFields() const
+		{ return managed_fields; }
+
 	int NumFields() const			{ return num_fields; }
 
 	/**
@@ -640,6 +645,12 @@ public:
 protected:
 	RecordType() { types = nullptr; }
 
+	void AddField(unsigned int field, const TypeDecl* td);
+
+	// If we were willing to bound the size of records, then we could
+	// use std::bitset here instead.
+	std::vector<bool> managed_fields;
+
 	int num_fields;
 	type_decl_list* types;
 };

src/Val.cc

@@ -590,7 +590,7 @@ static void BuildJSON(threading::formatter::JSON::NullDoubleWriter& writer, Val*
 			auto* vval = val->AsVectorVal();
 			size_t size = vval->SizeVal()->AsCount();
 			for (size_t i = 0; i < size; i++)
-				BuildJSON(writer, vval->At(i).get(), only_loggable, re);
+				BuildJSON(writer, vval->ValAt(i).get(), only_loggable, re);
 
 			writer.EndArray();
 			break;
@@ -2816,16 +2816,21 @@ TableVal::TableRecordDependencies TableVal::parse_time_table_record_dependencies
 
 RecordVal::RecordTypeValMap RecordVal::parse_time_records;
 
-RecordVal::RecordVal(RecordTypePtr t, bool init_fields) : Val(std::move(t))
+RecordVal::RecordVal(RecordTypePtr t, bool init_fields)
+: Val(t), is_managed(t->ManagedFields())
 	{
 	origin = nullptr;
-	auto rt = GetType()->AsRecordType();
+	rt = std::move(t);
+
 	int n = rt->NumFields();
-	auto vl = record_val = new std::vector<ValPtr>;
+
-	vl->reserve(n);
+	record_val = new std::vector<ZVal>;
+	record_val->reserve(n);
+
+	is_in_record = new std::vector<bool>(n, false);
 
 	if ( run_state::is_parsing )
-		parse_time_records[rt].emplace_back(NewRef{}, this);
+		parse_time_records[rt.get()].emplace_back(NewRef{}, this);
 
 	if ( ! init_fields )
 		return;
@@ -2846,9 +2851,10 @@ RecordVal::RecordVal(RecordTypePtr t, bool init_fields) : Val(std::move(t))
 			catch ( InterpreterException& )
 				{
 				if ( run_state::is_parsing )
-					parse_time_records[rt].pop_back();
+					parse_time_records[rt.get()].pop_back();
 
 				delete record_val;
+				delete is_in_record;
 				throw;
 				}
 
@@ -2879,13 +2885,29 @@ RecordVal::RecordVal(RecordTypePtr t, bool init_fields) : Val(std::move(t))
 				def = make_intrusive<VectorVal>(cast_intrusive<VectorType>(type));
 			}
 
-		vl->emplace_back(std::move(def));
+		if ( def )
+			{
+			record_val->emplace_back(ZVal(def, def->GetType()));
+			(*is_in_record)[i] = true;
+			}
+		else
+			{
+			record_val->emplace_back(ZVal());
+			(*is_in_record)[i] = false;
+			}
 		}
 	}
 
 RecordVal::~RecordVal()
 	{
+	auto n = record_val->size();
+
+	for ( unsigned int i = 0; i < n; ++i )
+		if ( HasField(i) && IsManaged(i) )
+			ZVal::DeleteManagedType((*record_val)[i]);
+
 	delete record_val;
+	delete is_in_record;
 	}
 
 ValPtr RecordVal::SizeVal() const
@@ -2895,13 +2917,36 @@ ValPtr RecordVal::SizeVal() const
 
 void RecordVal::Assign(int field, ValPtr new_val)
 	{
-	(*record_val)[field] = std::move(new_val);
+	if ( new_val )
+		{
+		DeleteFieldIfManaged(field);
+
+		auto t = rt->GetFieldType(field);
+		(*record_val)[field] = ZVal(new_val, t);
+		(*is_in_record)[field] = true;
 		Modified();
 		}
+	else
+		Remove(field);
+	}
+
+void RecordVal::Remove(int field)
+	{
+	if ( HasField(field) )
+		{
+		if ( IsManaged(field) )
+			ZVal::DeleteManagedType((*record_val)[field]);
+
+		(*record_val)[field] = ZVal();
+		(*is_in_record)[field] = false;
+
+		Modified();
+		}
+	}
 
 ValPtr RecordVal::GetFieldOrDefault(int field) const
 	{
-	const auto& val = (*record_val)[field];
+	auto val = GetField(field);
 
 	if ( val )
 		return val;
@@ -2909,9 +2954,9 @@ ValPtr RecordVal::GetFieldOrDefault(int field) const
 	return GetType()->AsRecordType()->FieldDefault(field);
 	}
 
-void RecordVal::ResizeParseTimeRecords(RecordType* rt)
+void RecordVal::ResizeParseTimeRecords(RecordType* revised_rt)
 	{
-	auto it = parse_time_records.find(rt);
+	auto it = parse_time_records.find(revised_rt);
 
 	if ( it == parse_time_records.end() )
 		return;
@@ -2921,14 +2966,14 @@ void RecordVal::ResizeParseTimeRecords(RecordType* rt)
 	for ( auto& rv : rvs )
 		{
 		int current_length = rv->NumFields();
-		auto required_length = rt->NumFields();
+		auto required_length = revised_rt->NumFields();
 
 		if ( required_length > current_length )
 			{
 			rv->Reserve(required_length);
 
 			for ( auto i = current_length; i < required_length; ++i )
-				rv->AppendField(rt->FieldDefault(i));
+				rv->AppendField(revised_rt->FieldDefault(i));
 			}
 		}
 	}
@@ -2938,7 +2983,7 @@ void RecordVal::DoneParsing()
 	parse_time_records.clear();
 	}
 
-const ValPtr& RecordVal::GetField(const char* field) const
+ValPtr RecordVal::GetField(const char* field) const
 	{
 	int idx = GetType()->AsRecordType()->FieldOffset(field);
 
@@ -3010,7 +3055,7 @@ RecordValPtr RecordVal::CoerceTo(RecordTypePtr t,
 		}
 
 	for ( i = 0; i < ar_t->NumFields(); ++i )
-		if ( ! aggr->GetField(i) &&
+		if ( ! aggr->HasField(i) &&
 		     ! ar_t->FieldDecl(i)->GetAttr(detail::ATTR_OPTIONAL) )
 			{
 			char buf[512];
@@ -3038,11 +3083,10 @@ TableValPtr RecordVal::GetRecordFieldsVal() const
 void RecordVal::Describe(ODesc* d) const
 	{
 	auto n = record_val->size();
-	auto record_type = GetType()->AsRecordType();
 
 	if ( d->IsBinary() || d->IsPortable() )
 		{
-		record_type->Describe(d);
+		rt->Describe(d);
 		d->SP();
 		d->Add(static_cast<uint64_t>(n));
 		d->SP();
@@ -3055,12 +3099,12 @@ void RecordVal::Describe(ODesc* d) const
 		if ( ! d->IsBinary() && i > 0 )
 			d->Add(", ");
 
-		d->Add(record_type->FieldName(i));
+		d->Add(rt->FieldName(i));
 
 		if ( ! d->IsBinary() )
 			d->Add("=");
 
-		const auto& v = (*record_val)[i];
+		auto v = GetField(i);
 
 		if ( v )
 			v->Describe(d);
@@ -3075,7 +3119,7 @@ void RecordVal::Describe(ODesc* d) const
 void RecordVal::DescribeReST(ODesc* d) const
 	{
 	auto n = record_val->size();
-	auto record_type = GetType()->AsRecordType();
+	auto rt = GetType()->AsRecordType();
 
 	d->Add("{");
 	d->PushIndent();
@@ -3085,10 +3129,10 @@ void RecordVal::DescribeReST(ODesc* d) const
 		if ( i > 0 )
 			d->NL();
 
-		d->Add(record_type->FieldName(i));
+		d->Add(rt->FieldName(i));
 		d->Add("=");
 
-		const auto& v = (*record_val)[i];
+		auto v = GetField(i);
 
 		if ( v )
 			v->Describe(d);
@@ -3111,9 +3155,11 @@ ValPtr RecordVal::DoClone(CloneState* state)
 	rv->origin = nullptr;
 	state->NewClone(this, rv);
 
-	for ( const auto& vlv : *record_val)
+	int n = NumFields();
+	for ( auto i = 0; i < n; ++i )
 		{
-		auto v = vlv ? vlv->Clone(state) : nullptr;
+		auto f_i = GetField(i);
+		auto v = f_i ? f_i->Clone(state) : nullptr;
   		rv->AppendField(std::move(v));
 		}
 
@@ -3123,16 +3169,25 @@ ValPtr RecordVal::DoClone(CloneState* state)
 unsigned int RecordVal::MemoryAllocation() const
 	{
 	unsigned int size = 0;
-	const auto& vl = *record_val;
 
-	for ( const auto& v : vl )
+	int n = NumFields();
+	for ( auto i = 0; i < n; ++i )
 		{
-		if ( v )
+		auto f_i = GetField(i);
-		    size += v->MemoryAllocation();
+		if ( f_i )
+			size += f_i->MemoryAllocation();
 		}
 
-	size += util::pad_size(vl.capacity() * sizeof(ValPtr));
+	size += util::pad_size(record_val->capacity() * sizeof(ZVal));
-	size += padded_sizeof(vl);
+	size += padded_sizeof(*record_val);
+
+	// It's tricky sizing is_in_record since it's a std::vector
+	// specialization.  We approximate this by not scaling capacity()
+	// by sizeof(bool) but just using its raw value.  That's still
+	// presumably going to be an overestimate.
+	size += util::pad_size(is_in_record->capacity());
+	size += padded_sizeof(*is_in_record);
+
 	return size + padded_sizeof(*this);
 	}
 
@@ -3168,13 +3223,32 @@ ValPtr TypeVal::DoClone(CloneState* state)
 	return {NewRef{}, this};
 	}
 
-VectorVal::VectorVal(VectorTypePtr t) : Val(std::move(t))
+VectorVal::VectorVal(VectorTypePtr t) : Val(t)
 	{
-	vector_val = new vector<ValPtr>();
+	vector_val = new vector<ZVal>();
+	yield_type = t->Yield();
+
+	auto y_tag = yield_type->Tag();
+	any_yield = (y_tag == TYPE_VOID || y_tag == TYPE_ANY);
+	managed_yield = ZVal::IsManagedType(yield_type);
 	}
 
 VectorVal::~VectorVal()
 	{
+	if ( yield_types )
+		{
+		int n = yield_types->size();
+		for ( auto i = 0; i < n; ++i )
+			ZVal::DeleteIfManaged((*vector_val)[i], (*yield_types)[i]);
+		delete yield_types;
+		}
+
+	else if ( managed_yield )
+		{
+		for ( auto& elem : *vector_val )
+			ZVal::DeleteManagedType(elem);
+		}
+
 	delete vector_val;
 	}
 
@@ -3183,16 +3257,72 @@ ValPtr VectorVal::SizeVal() const
 	return val_mgr->Count(uint32_t(vector_val->size()));
 	}
 
-bool VectorVal::Assign(unsigned int index, ValPtr element)
+bool VectorVal::CheckElementType(const ValPtr& element)
 	{
-	if ( element &&
+	if ( ! element )
-	     ! same_type(element->GetType(), GetType()->AsVectorType()->Yield(), false) )
+		// Insertion isn't actually going to happen.
+		return true;
+
+	if ( yield_types )
+		// We're already a heterogeneous vector-of-any.
+		return true;
+
+	if ( any_yield )
+		{
+		int n = vector_val->size();
+
+		if ( n == 0 )
+			// First addition to an empty vector-of-any, perhaps
+			// it will be homogeneous.
+			yield_type = element->GetType();
+
+		else
+			{
+			yield_types = new std::vector<TypePtr>();
+
+			// Since we're only now switching to the heterogeneous
+			// representation, capture the types of the existing
+			// elements.
+
+			for ( auto i = 0; i < n; ++i )
+				yield_types->emplace_back(yield_type);
+			}
+		}
+
+	else if ( ! same_type(element->GetType(), yield_type, false) )
 		return false;
 
-	if ( index >= vector_val->size() )
+	return true;
-		vector_val->resize(index + 1);
+	}
 
-	(*vector_val)[index] = std::move(element);
+bool VectorVal::Assign(unsigned int index, ValPtr element)
+	{
+	if ( ! CheckElementType(element) )
+		return false;
+
+	unsigned int n = vector_val->size();
+
+	if ( index >= n )
+		{
+		AddHoles(index - n);
+		vector_val->resize(index + 1);
+		if ( yield_types )
+			yield_types->resize(index + 1);
+		}
+
+	if ( yield_types )
+		{
+		const auto& t = element->GetType();
+		(*yield_types)[index] = t;
+		ZVal::DeleteIfManaged((*vector_val)[index], t);
+		(*vector_val)[index] = ZVal(std::move(element), t);
+		}
+	else
+		{
+		if ( managed_yield )
+			ZVal::DeleteManagedType((*vector_val)[index]);
+		(*vector_val)[index] = ZVal(std::move(element), yield_type);
+		}
 
 	Modified();
 	return true;
@@ -3212,31 +3342,73 @@ bool VectorVal::AssignRepeat(unsigned int index, unsigned int how_many,
 
 bool VectorVal::Insert(unsigned int index, ValPtr element)
 	{
-	if ( element &&
+	if ( ! CheckElementType(element) )
-	     ! same_type(element->GetType(), GetType()->AsVectorType()->Yield(), false) )
-		{
 		return false;
+
+	vector<ZVal>::iterator it;
+	vector<TypePtr>::iterator types_it;
+
+	auto n = vector_val->size();
+
+	if ( index < n )
+		{ // May need to delete previous element
+		it = std::next(vector_val->begin(), index);
+		if ( yield_types )
+			{
+			ZVal::DeleteIfManaged(*it, element->GetType());
+			types_it = std::next(yield_types->begin(), index);
+			}
+		else if ( managed_yield )
+			ZVal::DeleteManagedType(*it);
+		}
+	else
+		{
+		it = vector_val->end();
+		if ( yield_types )
+			types_it = yield_types->end();
+		AddHoles(index - n);
 		}
 
-	vector<ValPtr>::iterator it;
+	if ( yield_types )
-
+		{
-	if ( index < vector_val->size() )
+		const auto& t = element->GetType();
-		it = std::next(vector_val->begin(), index);
+		yield_types->insert(types_it, t);
+		vector_val->insert(it, ZVal(std::move(element), t));
+		}
 	else
-		it = vector_val->end();
+		vector_val->insert(it, ZVal(std::move(element), yield_type));
-
-	vector_val->insert(it, std::move(element));
 
 	Modified();
 	return true;
 	}
 
+void VectorVal::AddHoles(int nholes)
+	{
+	TypePtr fill_t = yield_type;
+	if ( yield_type->Tag() == TYPE_VOID )
+		fill_t = base_type(TYPE_ANY);
+
+	for ( auto i = 0; i < nholes; ++i )
+		vector_val->emplace_back(ZVal(fill_t));
+	}
+
 bool VectorVal::Remove(unsigned int index)
 	{
 	if ( index >= vector_val->size() )
 		return false;
 
 	auto it = std::next(vector_val->begin(), index);
+
+	if ( yield_types )
+		{
+		auto types_it = std::next(yield_types->begin(), index);
+		ZVal::DeleteIfManaged(*it, *types_it);
+		yield_types->erase(types_it);
+		}
+
+	else if ( managed_yield )
+		ZVal::DeleteManagedType(*it);
+
 	vector_val->erase(it);
 
 	Modified();
@@ -3267,17 +3439,173 @@ bool VectorVal::AddTo(Val* val, bool /* is_first_init */) const
 	return true;
 	}
 
-const ValPtr& VectorVal::At(unsigned int index) const
+ValPtr VectorVal::At(unsigned int index) const
 	{
 	if ( index >= vector_val->size() )
 		return Val::nil;
 
-	return (*vector_val)[index];
+	const auto& t = yield_types ? (*yield_types)[index] : yield_type;
+
+	return (*vector_val)[index].ToVal(t);
 	}
 
-void VectorVal::Sort(bool cmp_func(const ValPtr& a, const ValPtr& b))
+static Func* sort_function_comp = nullptr;
+
+// Used for indirect sorting to support order().
+static std::vector<const ZVal*> index_map;
+
+// The yield type of the vector being sorted.
+static TypePtr sort_type;
+static bool sort_type_is_managed = false;
+
+static bool sort_function(const ZVal& a, const ZVal& b)
 	{
-	sort(vector_val->begin(), vector_val->end(), cmp_func);
+	// Missing values are only applicable for managed types.
+	if ( sort_type_is_managed )
+		{
+		if ( ! a.ManagedVal() )
+			return 0;
+		if ( ! b.ManagedVal() )
+			return 1;
+		}
+
+	auto a_v = a.ToVal(sort_type);
+	auto b_v = b.ToVal(sort_type);
+
+	auto result = sort_function_comp->Invoke(a_v, b_v);
+	int int_result = result->CoerceToInt();
+
+	return int_result < 0;
+	}
+
+static bool signed_sort_function (const ZVal& a, const ZVal& b)
+	{
+	return a.AsInt() < b.AsInt();
+	}
+
+static bool unsigned_sort_function (const ZVal& a, const ZVal& b)
+	{
+	return a.AsCount() < b.AsCount();
+	}
+
+static bool double_sort_function (const ZVal& a, const ZVal& b)
+	{
+	return a.AsDouble() < b.AsDouble();
+	}
+
+static bool indirect_sort_function(size_t a, size_t b)
+	{
+	return sort_function(*index_map[a], *index_map[b]);
+	}
+
+static bool indirect_signed_sort_function(size_t a, size_t b)
+	{
+	return signed_sort_function(*index_map[a], *index_map[b]);
+	}
+
+static bool indirect_unsigned_sort_function(size_t a, size_t b)
+	{
+	return unsigned_sort_function(*index_map[a], *index_map[b]);
+	}
+
+static bool indirect_double_sort_function(size_t a, size_t b)
+	{
+	return double_sort_function(*index_map[a], *index_map[b]);
+	}
+
+void VectorVal::Sort(Func* cmp_func)
+	{
+	if ( yield_types )
+		reporter->RuntimeError(GetLocationInfo(), "cannot sort a vector-of-any");
+
+	sort_type = yield_type;
+	sort_type_is_managed = ZVal::IsManagedType(sort_type);
+
+	bool (*sort_func)(const ZVal&, const ZVal&);
+
+	if ( cmp_func )
+		{
+		sort_function_comp = cmp_func;
+		sort_func = sort_function;
+		}
+
+	else
+		{
+		auto eti = sort_type->InternalType();
+
+		if ( eti == TYPE_INTERNAL_INT )
+			sort_func = signed_sort_function;
+		else if ( eti == TYPE_INTERNAL_UNSIGNED )
+			sort_func = unsigned_sort_function;
+		else
+			{
+			ASSERT(eti == TYPE_INTERNAL_DOUBLE);
+			sort_func = double_sort_function;
+			}
+		}
+
+	sort(vector_val->begin(), vector_val->end(), sort_func);
+	}
+
+VectorValPtr VectorVal::Order(Func* cmp_func)
+	{
+	if ( yield_types )
+		{
+		reporter->RuntimeError(GetLocationInfo(), "cannot order a vector-of-any");
+		return nullptr;
+		}
+
+	sort_type = yield_type;
+	sort_type_is_managed = ZVal::IsManagedType(sort_type);
+
+	bool (*sort_func)(size_t, size_t);
+
+	if ( cmp_func )
+		{
+		sort_function_comp = cmp_func;
+		sort_func = indirect_sort_function;
+		}
+
+	else
+		{
+		auto eti = sort_type->InternalType();
+
+		if ( eti == TYPE_INTERNAL_INT )
+			sort_func = indirect_signed_sort_function;
+		else if ( eti == TYPE_INTERNAL_UNSIGNED )
+			sort_func = indirect_unsigned_sort_function;
+		else
+			{
+			ASSERT(eti == TYPE_INTERNAL_DOUBLE);
+			sort_func = indirect_double_sort_function;
+			}
+		}
+
+	int n = Size();
+
+	// Set up initial mapping of indices directly to corresponding
+	// elements.
+	vector<size_t> ind_vv(n);
+	int i;
+	for ( i = 0; i < n; ++i )
+		{
+		ind_vv[i] = i;
+		index_map.emplace_back(&(*vector_val)[i]);
+		}
+
+	sort(ind_vv.begin(), ind_vv.end(), sort_func);
+
+	index_map.clear();
+
+	// Now spin through ind_vv to read out the rearrangement.
+	auto result_v = make_intrusive<VectorVal>(zeek::id::index_vec);
+	for ( i = 0; i < n; ++i )
+		{
+		int ind = ind_vv[i];
+		result_v->Assign(i, zeek::val_mgr->Count(ind));
+		}
+
+	return result_v;
 	}
 
 unsigned int VectorVal::Resize(unsigned int new_num_elements)
@@ -3285,6 +3613,13 @@ unsigned int VectorVal::Resize(unsigned int new_num_elements)
 	unsigned int oldsize = vector_val->size();
 	vector_val->reserve(new_num_elements);
 	vector_val->resize(new_num_elements);
+
+	if ( yield_types )
+		{
+		yield_types->reserve(new_num_elements);
+		yield_types->resize(new_num_elements);
+		}
+
 	return oldsize;
 	}
 
@@ -3300,6 +3635,9 @@ unsigned int VectorVal::ResizeAtLeast(unsigned int new_num_elements)
 void VectorVal::Reserve(unsigned int num_elements)
 	{
 	vector_val->reserve(num_elements);
+
+	if ( yield_types )
+		yield_types->reserve(num_elements);
 	}
 
 ValPtr VectorVal::DoClone(CloneState* state)
@@ -3308,9 +3646,11 @@ ValPtr VectorVal::DoClone(CloneState* state)
 	vv->Reserve(vector_val->size());
 	state->NewClone(this, vv);
 
-	for ( const auto& e : *vector_val )
+	int n = vector_val->size();
+
+	for ( auto i = 0; i < n; ++i )
 		{
-		auto vc = e->Clone(state);
+		auto vc = At(i)->Clone(state);
 		vv->Append(std::move(vc));
 		}
 
@@ -3323,18 +3663,21 @@ void VectorVal::ValDescribe(ODesc* d) const
 
 	size_t vector_size = vector_val->size();
 
-	if ( vector_size != 0)
+	if ( vector_size != 0 )
 		{
-		for ( unsigned int i = 0; i < (vector_size - 1); ++i )
+		auto last_ind = vector_size - 1;
+		for ( unsigned int i = 0; i < last_ind; ++i )
 			{
-			if ( vector_val->at(i) )
+			auto v = At(i);
-				vector_val->at(i)->Describe(d);
+			if ( v )
+				v->Describe(d);
 			d->Add(", ");
 			}
-		}
 
-	if ( vector_size != 0 && vector_val->back() )
+		auto v = At(last_ind);
-		vector_val->back()->Describe(d);
+		if ( v )
+			v->Describe(d);
+		}
 
 	d->Add("]");
 	}

src/Val.h

@@ -15,6 +15,7 @@
 #include "zeek/Reporter.h"
 #include "zeek/net_util.h"
 #include "zeek/Dict.h"
+#include "zeek/ZVal.h"
 
 // We have four different port name spaces: TCP, UDP, ICMP, and UNKNOWN.
 // We distinguish between them based on the bits specified in the *_PORT_MASK
@@ -72,6 +73,7 @@ class EnumVal;
 class OpaqueVal;
 class VectorVal;
 class TableEntryVal;
+class TypeVal;
 
 using AddrValPtr = IntrusivePtr<AddrVal>;
 using EnumValPtr = IntrusivePtr<EnumVal>;
@@ -448,14 +450,19 @@ public:
 	// Returns a masked port number
 	static uint32_t Mask(uint32_t port_num, TransportProto port_type);
 
-	const PortVal* Get() const	{ return AsPortVal(); }
-
 protected:
 	friend class ValManager;
 	PortVal(uint32_t p);
 
 	void ValDescribe(ODesc* d) const override;
 	ValPtr DoClone(CloneState* state) override;
+
+private:
+	// This method is just here to trick the interface in
+	// `RecordVal::GetFieldAs` into returning the right type.
+	// It shouldn't actually be used for anything.
+	friend class RecordVal;
+	PortValPtr Get()	{ return {NewRef{}, this}; }
 };
 
 class AddrVal final : public Val {
@@ -1024,6 +1031,39 @@ private:
 	PDict<TableEntryVal>* table_val;
 };
 
+// This would be way easier with is_convertible_v, but sadly that won't
+// work here because Obj has deleted copy constructors (and for good
+// reason). Instead we make up our own type trait here that basically
+// combines a bunch of is_same traits into a single trait to make life
+// easier in the definitions of GetFieldAs().
+template <typename T>
+struct is_zeek_val
+	{
+	static const bool value = std::disjunction_v<
+		std::is_same<AddrVal, T>,
+		std::is_same<BoolVal, T>,
+		std::is_same<CountVal, T>,
+		std::is_same<DoubleVal, T>,
+		std::is_same<EnumVal, T>,
+		std::is_same<FileVal, T>,
+		std::is_same<FuncVal, T>,
+		std::is_same<IntVal, T>,
+		std::is_same<IntervalVal, T>,
+		std::is_same<ListVal, T>,
+		std::is_same<OpaqueVal, T>,
+		std::is_same<PatternVal, T>,
+		std::is_same<PortVal, T>,
+		std::is_same<RecordVal, T>,
+		std::is_same<StringVal, T>,
+		std::is_same<SubNetVal, T>,
+		std::is_same<TableVal, T>,
+		std::is_same<TimeVal, T>,
+		std::is_same<TypeVal, T>,
+		std::is_same<VectorVal, T>>;
+	};
+template <typename T>
+inline constexpr bool is_zeek_val_v = is_zeek_val<T>::value;
+
 class RecordVal final : public Val, public notifier::detail::Modifiable {
 public:
 	explicit RecordVal(RecordTypePtr t, bool init_fields = true);
@@ -1050,14 +1090,87 @@ public:
 	void Assign(int field, Ts&&... args)
 		{ Assign(field, make_intrusive<T>(std::forward<Ts>(args)...)); }
 
+	/**
+	 * Sets the given record field to not-in-record.  Equivalent to
+	 * Assign using a nil ValPtr.
+	 * @param field  The field index to remove.
+	 */
+	void Remove(int field);
+
+	// The following provide efficient record field assignments.
+	void Assign(int field, bool new_val)
+		{
+		(*record_val)[field].int_val = int(new_val);
+		AddedField(field);
+		}
+
+	void Assign(int field, int new_val)
+		{
+		(*record_val)[field].int_val = new_val;
+		AddedField(field);
+		}
+
+	// For unsigned, we provide both uint32_t and uint64_t versions
+	// for convenience, since sometimes the caller has one rather
+	// than the other.
+	void Assign(int field, uint32_t new_val)
+		{
+		(*record_val)[field].uint_val = new_val;
+		AddedField(field);
+		}
+	void Assign(int field, uint64_t new_val)
+		{
+		(*record_val)[field].uint_val = new_val;
+		AddedField(field);
+		}
+
+	void Assign(int field, double new_val)
+		{
+		(*record_val)[field].double_val = new_val;
+		AddedField(field);
+		}
+
+	// The following two are the same as the previous method,
+	// but we use the names so that in the future if it would
+	// be helpful, we can track the intent of the underlying
+	// value representing a time or an interval.
+	void AssignTime(int field, double new_val)
+		{ Assign(field, new_val); }
+	void AssignInterval(int field, double new_val)
+		{ Assign(field, new_val); }
+
+	void Assign(int field, StringVal* new_val)
+		{
+		ZVal::DeleteManagedType((*record_val)[field]);
+		(*record_val)[field].string_val = new_val;
+		AddedField(field);
+		}
+	void Assign(int field, const char* new_val)
+		{ Assign(field, new StringVal(new_val)); }
+	void Assign(int field, const std::string& new_val)
+		{ Assign(field, new StringVal(new_val)); }
+	void Assign(int field, String* new_val)
+		{ Assign(field, new StringVal(new_val)); }
+
 	/**
 	 * Appends a value to the record's fields.  The caller is responsible
-	 * for ensuring that fields are appended in the correct orer and
+	 * for ensuring that fields are appended in the correct order and
 	 * with the correct type.
 	 * @param v  The value to append.
 	 */
 	void AppendField(ValPtr v)
-		{ record_val->emplace_back(std::move(v)); }
+		{
+		if ( v )
+			{
+			(*is_in_record)[record_val->size()] = true;
+			record_val->emplace_back(ZVal(v, v->GetType()));
+			}
+		else
+			{
+			(*is_in_record)[record_val->size()] = false;
+			record_val->emplace_back(ZVal());
+			}
+		}
 
 	/**
 	 * Ensures that the record has enough internal storage for the
@@ -1065,22 +1178,44 @@ public:
 	 * @param n  The number of fields.
 	 */
 	void Reserve(unsigned int n)
-		{ record_val->reserve(n); }
+		{
+		record_val->reserve(n);
+		is_in_record->reserve(n);
+
+		for ( auto i = is_in_record->size(); i < n; ++i )
+			is_in_record->emplace_back(false);
+		}
 
 	/**
 	 * Returns the number of fields in the record.
 	 * @return  The number of fields in the record.
 	 */
-	unsigned int NumFields()
+	unsigned int NumFields() const
 		{ return record_val->size(); }
 
+	/**
+	 * Returns true if the given field is in the record, false if
+	 * it's missing.
+	 * @param field  The field index to retrieve.
+	 * @return  Whether there's a value for the given field index.
+	 */
+	bool HasField(int field) const
+		{
+		return (*is_in_record)[field];
+		}
+
 	/**
 	 * Returns the value of a given field index.
 	 * @param field  The field index to retrieve.
 	 * @return  The value at the given field index.
 	 */
-	const ValPtr& GetField(int field) const
+	ValPtr GetField(int field) const
-		{ return (*record_val)[field]; }
+		{
+		if ( ! HasField(field) )
+			return nullptr;
+
+		return (*record_val)[field].ToVal(rt->GetFieldType(field));
+		}
 
 	/**
 	 * Returns the value of a given field index as cast to type @c T.
@@ -1107,7 +1242,7 @@ public:
 	 * @return  The value of the given field.  If no such field name exists,
 	 * a fatal error occurs.
 	 */
-	const ValPtr& GetField(const char* field) const;
+	ValPtr GetField(const char* field) const;
 
 	/**
 	 * Returns the value of a given field name as cast to type @c T.
@@ -1143,22 +1278,79 @@ public:
 
 	// The following return the given field converted to a particular
 	// underlying value.  We provide these to enable efficient
-	// access to record fields (without requiring an intermediary Val)
+	// access to record fields (without requiring an intermediary Val).
-	// if we change the underlying representation of records.
+	// It is up to the caller to ensure that the field exists in the
-	template <typename T>
+	// record (using HasField(), if necessary).
+	template <typename T,
+	          typename std::enable_if_t<is_zeek_val_v<T>, bool> = true>
 	auto GetFieldAs(int field) const -> std::invoke_result_t<decltype(&T::Get), T>
 		{
-		auto& field_ptr = GetField(field);
+		if constexpr ( std::is_same_v<T, BoolVal> ||
-		auto field_val_ptr = static_cast<T*>(field_ptr.get());
+		               std::is_same_v<T, IntVal> ||
-		return field_val_ptr->Get();
+		               std::is_same_v<T, EnumVal> )
+			return record_val->at(field).int_val;
+		else if constexpr ( std::is_same_v<T, CountVal> )
+			return record_val->at(field).uint_val;
+		else if constexpr ( std::is_same_v<T, DoubleVal> ||
+		                    std::is_same_v<T, TimeVal> ||
+		                    std::is_same_v<T, IntervalVal> )
+			return record_val->at(field).double_val;
+		else if constexpr ( std::is_same_v<T, PortVal> )
+			return val_mgr->Port(record_val->at(field).uint_val);
+		else if constexpr ( std::is_same_v<T, StringVal> )
+			return record_val->at(field).string_val->Get();
+		else if constexpr ( std::is_same_v<T, AddrVal> )
+			return record_val->at(field).addr_val->Get();
+		else if constexpr ( std::is_same_v<T, SubNetVal> )
+			return record_val->at(field).subnet_val->Get();
+		else if constexpr ( std::is_same_v<T, File> )
+			return *(record_val->at(field).file_val);
+		else if constexpr ( std::is_same_v<T, Func> )
+			return *(record_val->at(field).func_val);
+		else if constexpr ( std::is_same_v<T, PatternVal> )
+			return record_val->at(field).re_val->Get();
+		else if constexpr ( std::is_same_v<T, RecordVal> )
+			return record_val->at(field).record_val;
+		else if constexpr ( std::is_same_v<T, VectorVal> )
+			return record_val->at(field).vector_val;
+		else if constexpr ( std::is_same_v<T, TableVal> )
+			return record_val->at(field).table_val->Get();
+		else
+			{
+			// It's an error to reach here, although because of
+			// the type trait we really shouldn't ever wind up
+			// here.
+			reporter->InternalError("bad type in GetFieldAs");
+			}
+		}
+
+	template <typename T,
+	          typename std::enable_if_t<!is_zeek_val_v<T>, bool> = true>
+	T GetFieldAs(int field) const
+		{
+		if constexpr ( std::is_integral_v<T> && std::is_signed_v<T> )
+			return record_val->at(field).int_val;
+		else if constexpr ( std::is_integral_v<T> &&
+					std::is_unsigned_v<T> )
+			return record_val->at(field).uint_val;
+		else if constexpr ( std::is_floating_point_v<T> )
+			return record_val->at(field).double_val;
+
+		// Note: we could add other types here using type traits,
+		// such as is_same_v<T, std::string>, etc.
+
+		return T{};
 		}
 
 	template <typename T>
-    auto GetFieldAs(const char* field) const -> std::invoke_result_t<decltype(&T::Get), T>
+	auto GetFieldAs(const char* field) const
 		{
-		auto& field_ptr = GetField(field);
+		int idx = GetType()->AsRecordType()->FieldOffset(field);
-		auto field_val_ptr = static_cast<T*>(field_ptr.get());
+
-		return field_val_ptr->Get();
+		if ( idx < 0 )
+			reporter->InternalError("missing record field: %s", field);
+
+		return GetFieldAs<T>(idx);
 		}
 
 	void Describe(ODesc* d) const override;
@@ -1205,13 +1397,43 @@ public:
 protected:
 	ValPtr DoClone(CloneState* state) override;
 
+	void AddedField(int field)
+		{
+		(*is_in_record)[field] = true;
+		Modified();
+		}
+
 	Obj* origin;
 
 	using RecordTypeValMap = std::unordered_map<RecordType*, std::vector<RecordValPtr>>;
 	static RecordTypeValMap parse_time_records;
 
 private:
-	std::vector<ValPtr>* record_val;
+	void DeleteFieldIfManaged(unsigned int field)
+		{
+		if ( HasField(field) && IsManaged(field) )
+			ZVal::DeleteManagedType((*record_val)[field]);
+		}
+
+	bool IsManaged(unsigned int offset) const
+		{ return is_managed[offset]; }
+
+	// Just for template inferencing.
+	RecordVal* Get()	{ return this; }
+
+	// Keep this handy for quick access during low-level operations.
+	RecordTypePtr rt;
+
+	// Low-level values of each of the fields.
+	std::vector<ZVal>* record_val;
+
+	// Whether a given field exists - for optional fields, and because
+	// Zeek does not enforce that non-optional fields are actually
+	// present.
+	std::vector<bool>* is_in_record;
+
+	// Whether a given field requires explicit memory management.
+	const std::vector<bool>& is_managed;
 };
 
 class EnumVal final : public detail::IntValImplementation {
@@ -1285,24 +1507,6 @@ public:
 	// Returns true if succcessful.
 	bool AddTo(Val* v, bool is_first_init) const override;
 
-	/**
-	 * Returns the element at a given index or nullptr if it does not exist.
-	 * @param index  The position in the vector of the element to return.
-	 * @return  The element at the given index or nullptr if the index
-	 * does not exist (it's greater than or equal to vector's current size).
-	 */
-	const ValPtr& At(unsigned int index) const;
-
-	/**
-	 * Returns the given element treated as a Count type, to efficiently
-	 * support a common type of vector access if we change the underlying
-	 * vector representation.
-	 * @param index  The position in the vector of the element to return.
-	 * @return  The element's value, as a Count underlying representation.
-	 */
-	bro_uint_t CountAt(unsigned int index) const
-		{ return At(index)->AsCount(); }
-
 	unsigned int Size() const { return vector_val->size(); }
 
 	// Is there any way to reclaim previously-allocated memory when you
@@ -1340,17 +1544,92 @@ public:
 	bool Remove(unsigned int index);
 
 	/**
-	 * Sorts the vector in place, using the given comparison function.
+	 * Sorts the vector in place, using the given optional
+	 * comparison function.
 	 * @param cmp_func  Comparison function for vector elements.
 	 */
-	void Sort(bool cmp_func(const ValPtr& a, const ValPtr& b));
+	void Sort(Func* cmp_func = nullptr);
+
+	/**
+	 * Returns a "vector of count" holding the indices of this
+	 * vector when sorted using the given (optional) comparison function.
+	 * @param cmp_func  Comparison function for vector elements.  If
+	 *                  nullptr, then the vector must be internally
+	 *                  of a numeric, and the usual '<' comparison
+	 *                  will be used.
+	 */
+	VectorValPtr Order(Func* cmp_func = nullptr);
+
+	ValPtr ValAt(unsigned int index) const	{ return At(index); }
+
+	/**
+	 * Returns the given element in a given underlying representation.
+	 * Enables efficient vector access.  Caller must ensure that the
+	 * index lies within the vector's range.
+	 * @param index  The position in the vector of the element to return.
+	 * @return  The element's underlying value.
+	 */
+	bro_uint_t CountAt(unsigned int index) const
+		{ return (*vector_val)[index].uint_val; }
+	const RecordVal* RecordValAt(unsigned int index) const
+		{ return (*vector_val)[index].record_val; }
+	bool BoolAt(unsigned int index) const
+		{ return static_cast<bool>((*vector_val)[index].uint_val); }
+	const StringVal* StringValAt(unsigned int index) const
+		{ return (*vector_val)[index].string_val; }
+	const String* StringAt(unsigned int index) const
+		{ return StringValAt(index)->AsString(); }
 
 protected:
+	/**
+	 * Returns the element at a given index or nullptr if it does not exist.
+	 * @param index  The position in the vector of the element to return.
+	 * @return  The element at the given index or nullptr if the index
+	 * does not exist (it's greater than or equal to vector's current size).
+	 *
+	 * Protected to ensure callers pick one of the differentiated accessors
+	 * above, as appropriate, with ValAt() providing the original semantics.
+	 */
+	ValPtr At(unsigned int index) const;
+
 	void ValDescribe(ODesc* d) const override;
 	ValPtr DoClone(CloneState* state) override;
 
 private:
-	std::vector<ValPtr>* vector_val;
+	// Just for template inferencing.
+	friend class RecordVal;
+	VectorVal* Get()	{ return this; }
+
+	// Check the type of the given element against our current
+	// yield type and adjust as necessary.  Returns whether the
+	// element type-checked.
+	bool CheckElementType(const ValPtr& element);
+
+	// Add the given number of "holes" to the end of a vector.
+	void AddHoles(int nholes);
+
+	std::vector<ZVal>* vector_val;
+
+	// For homogeneous vectors (the usual case), the type of the
+	// elements.  Will be TYPE_VOID for empty vectors created using
+	// "vector()".
+	TypePtr yield_type;
+
+	// True if this is a vector-of-any, or potentially one (which is
+	// the case for empty vectors created using "vector()").
+	bool any_yield;
+
+	// True if this is a vector-of-managed-types, requiring explicit
+	// memory management.
+	bool managed_yield;
+
+	// For heterogeneous vectors, the individual type of each element,
+	// parallel to vector_val.  Heterogeneous vectors can arise for
+	// "vector of any" when disparate elements are stored in the vector.
+	//
+	// Thus, if yield_types is non-nil, then we know this is a
+	// vector-of-any.
+	std::vector<TypePtr>* yield_types = nullptr;
 };
 
 #define UNDERLYING_ACCESSOR_DEF(ztype, ctype, name) \

src/ZVal.cc

@@ -0,0 +1,301 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include "zeek/ZeekString.h"
+#include "zeek/File.h"
+#include "zeek/Func.h"
+#include "zeek/OpaqueVal.h"
+#include "zeek/Reporter.h"
+#include "zeek/Desc.h"
+
+using namespace zeek;
+
+
+bool ZVal::zval_was_nil = false;
+
+
+ZVal::ZVal(ValPtr v, const TypePtr& t)
+	{
+	if ( ! v )
+		{
+		// This can happen for some forms of error propagation.
+		// We can deal with it iff the type is managed, and thus
+		// we can employ a "nil" placeholder.
+		ASSERT(IsManagedType(t));
+		managed_val = nullptr;
+		return;
+		}
+
+	auto vt = v->GetType();
+
+	if ( vt->Tag() != t->Tag() && t->Tag() != TYPE_ANY )
+		{
+		if ( t->InternalType() == TYPE_INTERNAL_OTHER ||
+		     t->InternalType() != vt->InternalType() )
+			reporter->InternalError("type inconsistency in ZVal constructor");
+		}
+
+	switch ( t->Tag() ) {
+	case TYPE_BOOL:
+	case TYPE_INT:
+	case TYPE_ENUM:
+		int_val = v->AsInt();
+		break;
+
+	case TYPE_COUNT:
+	case TYPE_PORT:
+		uint_val = v->AsCount();
+		break;
+
+	case TYPE_DOUBLE:
+	case TYPE_INTERVAL:
+	case TYPE_TIME:
+		double_val = v->AsDouble();
+		break;
+
+	case TYPE_FUNC:
+		func_val = v->AsFunc();
+		Ref(func_val);
+		break;
+
+	case TYPE_FILE:
+		file_val = v->AsFile();
+		Ref(file_val);
+		break;
+
+	case TYPE_LIST:
+		list_val = v.release()->AsListVal();
+		break;
+
+	case TYPE_OPAQUE:
+		opaque_val = v.release()->AsOpaqueVal();
+		break;
+
+	case TYPE_PATTERN:
+		re_val = v.release()->AsPatternVal();
+		break;
+
+	case TYPE_TABLE:
+		table_val = v.release()->AsTableVal();
+		break;
+
+	case TYPE_VECTOR:
+		vector_val = v.release()->AsVectorVal();
+		break;
+
+	case TYPE_RECORD:
+		record_val = v.release()->AsRecordVal();
+		break;
+
+	case TYPE_STRING:
+		string_val = v.release()->AsStringVal();
+		break;
+
+	case TYPE_ADDR:
+		addr_val = v.release()->AsAddrVal();
+		break;
+
+	case TYPE_SUBNET:
+		subnet_val = v.release()->AsSubNetVal();
+		break;
+
+	case TYPE_ANY:
+		any_val = v.release();
+		break;
+
+	case TYPE_TYPE:
+		type_val = t->Ref();
+		break;
+
+	case TYPE_ERROR:
+	case TYPE_TIMER:
+	case TYPE_UNION:
+	case TYPE_VOID:
+		reporter->InternalError("bad type in ZVal constructor");
+	}
+	}
+
+ZVal::ZVal(const TypePtr& t)
+	{
+	switch ( t->Tag() ) {
+	case TYPE_BOOL:
+	case TYPE_INT:
+	case TYPE_ENUM:
+		int_val = 0;
+		break;
+
+	case TYPE_COUNT:
+	case TYPE_PORT:
+		uint_val = 0;
+		break;
+
+	case TYPE_DOUBLE:
+	case TYPE_INTERVAL:
+	case TYPE_TIME:
+		double_val = 0.0;
+		break;
+
+	case TYPE_FUNC:
+		func_val = nullptr;
+		break;
+
+	case TYPE_FILE:
+		file_val = nullptr;
+		break;
+
+	case TYPE_LIST:
+		list_val = nullptr;
+		break;
+
+	case TYPE_OPAQUE:
+		opaque_val = nullptr;
+		break;
+
+	case TYPE_PATTERN:
+		re_val = nullptr;
+		break;
+
+	case TYPE_TABLE:
+		table_val = nullptr;
+		break;
+
+	case TYPE_VECTOR:
+		vector_val = nullptr;
+		break;
+
+	case TYPE_RECORD:
+		record_val = nullptr;
+		break;
+
+	case TYPE_STRING:
+		string_val = nullptr;
+		break;
+
+	case TYPE_ADDR:
+		addr_val = nullptr;
+		break;
+
+	case TYPE_SUBNET:
+		subnet_val = nullptr;
+		break;
+
+	case TYPE_ANY:
+		any_val = nullptr;
+		break;
+
+	case TYPE_TYPE:
+		type_val = nullptr;
+		break;
+
+	case TYPE_ERROR:
+	case TYPE_TIMER:
+	case TYPE_UNION:
+	case TYPE_VOID:
+		reporter->InternalError("bad type in ZVal constructor");
+	}
+	}
+
+ValPtr ZVal::ToVal(const TypePtr& t) const
+	{
+	Val* v;
+
+	switch ( t->Tag() ) {
+	case TYPE_INT:
+		return val_mgr->Int(int_val);
+
+	case TYPE_BOOL:
+		return val_mgr->Bool(int_val ? true : false);
+
+	case TYPE_PORT:
+		return val_mgr->Port(uint_val);
+
+	case TYPE_COUNT:
+		return val_mgr->Count(uint_val);
+
+	case TYPE_DOUBLE:
+		return make_intrusive<DoubleVal>(double_val);
+
+	case TYPE_INTERVAL:
+		return make_intrusive<IntervalVal>(double_val, Seconds);
+
+	case TYPE_TIME:
+		return make_intrusive<TimeVal>(double_val);
+
+	case TYPE_ENUM:
+		return t->AsEnumType()->GetEnumVal(int_val);
+
+	case TYPE_ANY:
+		return {NewRef{}, any_val};
+
+	case TYPE_TYPE:
+		{
+		TypePtr tp = {NewRef{}, type_val};
+		return make_intrusive<TypeVal>(tp);
+		}
+
+	case TYPE_FUNC:
+		if ( func_val )
+			{
+			FuncPtr fv_ptr = {NewRef{}, func_val};
+			return make_intrusive<FuncVal>(fv_ptr);
+			}
+
+		return nullptr;
+
+	case TYPE_FILE:
+		if ( file_val )
+			{
+			FilePtr fv_ptr = {NewRef{}, file_val};
+			return make_intrusive<FileVal>(fv_ptr);
+			}
+
+		return nullptr;
+
+	case TYPE_ADDR:		v = addr_val; break;
+	case TYPE_SUBNET:	v = subnet_val; break;
+	case TYPE_STRING:	v = string_val; break;
+	case TYPE_LIST:		v = list_val; break;
+	case TYPE_OPAQUE:	v = opaque_val; break;
+	case TYPE_TABLE:	v = table_val; break;
+	case TYPE_RECORD:	v = record_val; break;
+	case TYPE_VECTOR:	v = vector_val; break;
+	case TYPE_PATTERN:	v = re_val; break;
+
+	case TYPE_ERROR:
+	case TYPE_TIMER:
+	case TYPE_UNION:
+	case TYPE_VOID:
+		v = nullptr;
+		reporter->InternalError("bad ret type return tag");
+	}
+
+	if ( v )
+		return {NewRef{}, v};
+
+	zval_was_nil = true;
+
+	return nullptr;
+	}
+
+bool ZVal::IsManagedType(const TypePtr& t)
+	{
+	switch ( t->Tag() ) {
+	case zeek::TYPE_ADDR:
+	case zeek::TYPE_ANY:
+	case zeek::TYPE_FILE:
+	case zeek::TYPE_FUNC:
+	case zeek::TYPE_LIST:
+	case zeek::TYPE_OPAQUE:
+	case zeek::TYPE_PATTERN:
+	case zeek::TYPE_RECORD:
+	case zeek::TYPE_STRING:
+	case zeek::TYPE_SUBNET:
+	case zeek::TYPE_TABLE:
+	case zeek::TYPE_TYPE:
+	case zeek::TYPE_VECTOR:
+		return true;
+
+	default:
+		return false;
+
+	}
+	}

src/ZVal.h

@@ -0,0 +1,145 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+// Low-level representation of Zeek scripting values.
+
+#pragma once
+
+#include "zeek/zeek-config.h"
+
+#include <unordered_set>
+
+#include "zeek/Dict.h"
+#include "zeek/Expr.h"
+
+namespace zeek {
+
+class StringVal;
+class AddrVal;
+class SubNetVal;
+class File;
+class Func;
+class ListVal;
+class OpaqueVal;
+class PatternVal;
+class TableVal;
+class RecordVal;
+class VectorVal;
+class Type;
+class Val;
+
+// Note that a ZVal by itself is ambiguous: it doesn't track its type.
+// This makes them consume less memory and cheaper to copy.  It does
+// however require a separate way to determine the type.  Generally
+// this is doable using surrounding context, or can be statically
+// determined in the case of optimization/compilation.
+//
+// An alternative would be to use std::variant, but it will be larger
+// due to needing to track the variant type, and it won't allow access
+// to the managed_val member, which both simplifies memory management
+// and is also required for sharing of ZAM frame slots.
+
+union ZVal {
+	// Constructor for hand-populating the values.
+	ZVal() { managed_val = nullptr; }
+
+	// Construct from a given higher-level script value with a given type.
+	ZVal(ValPtr v, const TypePtr& t);
+
+	// Construct an empty value compatible with the given type.
+	ZVal(const TypePtr& t);
+
+	// Convert to a higher-level script value.  The caller needs to
+	// ensure that they're providing the correct type.
+	ValPtr ToVal(const TypePtr& t) const;
+
+	// Whether a ZVal was accessed that was missing (a nil pointer).
+	// Used to generate run-time error messages.
+	static bool ZValNilStatus()		{ return zval_was_nil; }
+
+	// Resets the notion of low-level-error-occurred.
+	static void ClearZValNilStatus()	{ zval_was_nil = false; }
+
+	bro_int_t AsInt() const		{ return int_val; }
+	bro_uint_t AsCount() const	{ return uint_val; }
+	double AsDouble() const		{ return double_val; }
+
+	StringVal* AsString() const	{ return string_val; }
+	AddrVal* AsAddr() const		{ return addr_val; }
+	SubNetVal* AsSubNet() const	{ return subnet_val; }
+	File* AsFile() const		{ return file_val; }
+	Func* AsFunc() const		{ return func_val; }
+	ListVal* AsList() const		{ return list_val; }
+	OpaqueVal* AsOpaque() const	{ return opaque_val; }
+	PatternVal* AsPattern() const	{ return re_val; }
+	TableVal* AsTable() const	{ return table_val; }
+	RecordVal* AsRecord() const	{ return record_val; }
+	VectorVal* AsVector() const	{ return vector_val; }
+	Type* AsType() const		{ return type_val; }
+	Val* AsAny() const		{ return any_val; }
+
+	Obj* ManagedVal() const		{ return managed_val; }
+
+	// True if a given type is one for which we manage the associated
+	// memory internally.
+	static bool IsManagedType(const TypePtr& t);
+
+	// Deletes a managed value.  Caller needs to ensure that the ZVal
+	// indeed holds such.
+	static void DeleteManagedType(ZVal& v)
+		{
+		Unref(v.ManagedVal());
+		}
+
+	// Deletes a possibly-managed value.
+	static void DeleteIfManaged(ZVal& v, const TypePtr& t)
+		{
+		if ( IsManagedType(t) )
+			DeleteManagedType(v);
+		}
+
+private:
+	friend class RecordVal;
+	friend class VectorVal;
+
+	// Used for bool, int, enum.
+	bro_int_t int_val;
+
+	// Used for count and port.
+	bro_uint_t uint_val;
+
+	// Used for double, time, interval.
+	double double_val;
+
+	// The types are all variants of Val, Type, or more fundamentally
+	// Obj.  They are raw pointers rather than IntrusivePtr's because
+	// unions can't contain the latter.  For memory management, we use
+	// Ref/Unref.
+	StringVal* string_val;
+	AddrVal* addr_val;
+	SubNetVal* subnet_val;
+	File* file_val;
+	Func* func_val;
+	ListVal* list_val;
+	OpaqueVal* opaque_val;
+	PatternVal* re_val;
+	TableVal* table_val;
+	RecordVal* record_val;
+	VectorVal* vector_val;
+	Type* type_val;
+
+	// Used for "any" values.
+	Val* any_val;
+
+	// Used for generic access to managed (derived-from-Obj) objects.
+	Obj* managed_val;
+
+	// A class-wide status variable set to true when a missing
+	// value was accessed.  Only germane for managed types, since
+	// we don't track the presence of non-managed types.  Static
+	// because often the caller won't have direct access to the
+	// particular ZVal that produces the issue, and just wants to
+	// know whether it occurred at some point.
+	static bool zval_was_nil;
+};
+
+} // zeek

src/ZeekArgs.cc

@@ -32,12 +32,12 @@ VectorValPtr MakeCallArgumentVector(const Args& vals,
 
 		static auto call_argument = id::find_type<RecordType>("call_argument");
 		auto rec = make_intrusive<RecordVal>(call_argument);
-		rec->Assign(0, make_intrusive<StringVal>(fname));
+		rec->Assign(0, fname);
 
 		ODesc d;
 		d.SetShort();
 		ftype->Describe(&d);
-		rec->Assign(1, make_intrusive<StringVal>(d.Description()));
+		rec->Assign(1, d.Description());
 
 		if ( fdefault )
 			rec->Assign(2, std::move(fdefault));

src/ZeekString.cc

@@ -352,7 +352,7 @@ VectorVal* String:: VecToPolicy(Vec* vec)
 		String* string = (*vec)[i];
 		auto val = make_intrusive<StringVal>(string->Len(),
 		                                     (const char*) string->Bytes());
-		result->Assign(i+1, std::move(val));
+		result->Assign(i, std::move(val));
 		}
 
 	return result.release();
@@ -362,14 +362,13 @@ String::Vec* String::VecFromPolicy(VectorVal* vec)
 	{
 	Vec* result = new Vec();
 
-	// VectorVals start at index 1!
+	for ( unsigned int i = 0; i < vec->Size(); ++i )
-	for ( unsigned int i = 1; i <= vec->Size(); ++i )
 		{
-		const auto& v = vec->At(i);	// get the RecordVal
+		auto v = vec->StringAt(i);
 		if ( ! v )
 			continue;
 
-		String* string = new String(*(v->AsString()));
+		String* string = new String(*v);
 		result->push_back(string);
 		}
 

src/analyzer/protocol/bittorrent/BitTorrentTracker.cc

@@ -500,7 +500,7 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name,
 	auto benc_value = make_intrusive<RecordVal>(bittorrent_benc_value);
 	auto name_ = make_intrusive<StringVal>(name_len, name);
 
-	benc_value->Assign(type, val_mgr->Int(value));
+	benc_value->Assign(type, static_cast<int>(value));
 	res_val_benc->Assign(std::move(name_), std::move(benc_value));
 	}
 

src/analyzer/protocol/conn-size/ConnSize.cc

@@ -171,8 +171,8 @@ void ConnSize_Analyzer::SetDurationThreshold(double duration)
 void ConnSize_Analyzer::UpdateConnVal(RecordVal *conn_val)
 	{
 	// RecordType *connection_type is decleared in NetVar.h
-	RecordVal* orig_endp = conn_val->GetField("orig")->AsRecordVal();
+	RecordVal* orig_endp = conn_val->GetFieldAs<RecordVal>("orig");
-	RecordVal* resp_endp = conn_val->GetField("resp")->AsRecordVal();
+	RecordVal* resp_endp = conn_val->GetFieldAs<RecordVal>("resp");
 
 	// endpoint is the RecordType from NetVar.h
 	int pktidx = id::endpoint->FieldOffset("num_pkts");
@@ -184,10 +184,10 @@ void ConnSize_Analyzer::UpdateConnVal(RecordVal *conn_val)
 	if ( bytesidx < 0 )
 		reporter->InternalError("'endpoint' record missing 'num_bytes_ip' field");
 
-	orig_endp->Assign(pktidx, val_mgr->Count(orig_pkts));
+	orig_endp->Assign(pktidx, orig_pkts);
-	orig_endp->Assign(bytesidx, val_mgr->Count(orig_bytes));
+	orig_endp->Assign(bytesidx, orig_bytes);
-	resp_endp->Assign(pktidx, val_mgr->Count(resp_pkts));
+	resp_endp->Assign(pktidx, resp_pkts);
-	resp_endp->Assign(bytesidx, val_mgr->Count(resp_bytes));
+	resp_endp->Assign(bytesidx, resp_bytes);
 
 	Analyzer::UpdateConnVal(conn_val);
 	}

src/analyzer/protocol/dhcp/dhcp-analyzer.pac

@@ -54,16 +54,16 @@ refine flow DHCP_Flow += {
 			double secs = static_cast<double>(${msg.secs});
 
 			auto dhcp_msg_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::Msg);
-			dhcp_msg_val->Assign(0, zeek::val_mgr->Count(${msg.op}));
+			dhcp_msg_val->Assign(0, ${msg.op});
-			dhcp_msg_val->Assign(1, zeek::val_mgr->Count(${msg.type}));
+			dhcp_msg_val->Assign(1, ${msg.type});
-			dhcp_msg_val->Assign(2, zeek::val_mgr->Count(${msg.xid}));
+			dhcp_msg_val->Assign(2, ${msg.xid});
-			dhcp_msg_val->Assign(3, zeek::make_intrusive<zeek::IntervalVal>(secs));
+			dhcp_msg_val->AssignInterval(3, secs);
-			dhcp_msg_val->Assign(4, zeek::val_mgr->Count(${msg.flags}));
+			dhcp_msg_val->Assign(4, ${msg.flags});
 			dhcp_msg_val->Assign(5, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.ciaddr})));
 			dhcp_msg_val->Assign(6, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.yiaddr})));
 			dhcp_msg_val->Assign(7, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.siaddr})));
 			dhcp_msg_val->Assign(8, zeek::make_intrusive<zeek::AddrVal>(htonl(${msg.giaddr})));
-			dhcp_msg_val->Assign(9, zeek::make_intrusive<zeek::StringVal>(mac_str));
+			dhcp_msg_val->Assign(9, mac_str);
 
 			int last_non_null = 0;
 

src/analyzer/protocol/dhcp/dhcp-options.pac

@@ -34,7 +34,7 @@ refine casetype OptionValue += {
 refine flow DHCP_Flow += {
 	function process_time_offset_option(v: OptionValue): bool
 		%{
-		${context.flow}->options->Assign(25, zeek::val_mgr->Int(${v.time_offset}));
+		${context.flow}->options->Assign(25, ${v.time_offset});
 		return true;
 		%}
 };
@@ -250,7 +250,7 @@ refine casetype OptionValue += {
 refine flow DHCP_Flow += {
 	function process_forwarding_option(v: OptionValue): bool
 		%{
-		${context.flow}->options->Assign(6, zeek::val_mgr->Bool(${v.forwarding} == 0 ? false : true));
+		${context.flow}->options->Assign(6, ${v.forwarding} == 0 ? false : true);
 
 		return true;
 		%}
@@ -414,7 +414,7 @@ refine flow DHCP_Flow += {
 	function process_lease_option(v: OptionValue): bool
 		%{
 		double lease = static_cast<double>(${v.lease});
-		${context.flow}->options->Assign(11, zeek::make_intrusive<zeek::IntervalVal>(lease));
+		${context.flow}->options->AssignInterval(11, lease);
 
 		return true;
 		%}
@@ -521,7 +521,7 @@ refine casetype OptionValue += {
 refine flow DHCP_Flow += {
 	function process_max_message_size_option(v: OptionValue): bool
 		%{
-		${context.flow}->options->Assign(15, zeek::val_mgr->Count(${v.max_msg_size}));
+		${context.flow}->options->Assign(15, ${v.max_msg_size});
 
 		return true;
 		%}
@@ -546,7 +546,7 @@ refine flow DHCP_Flow += {
 	function process_renewal_time_option(v: OptionValue): bool
 		%{
 		double renewal_time = static_cast<double>(${v.renewal_time});
-		${context.flow}->options->Assign(16, zeek::make_intrusive<zeek::IntervalVal>(renewal_time));
+		${context.flow}->options->AssignInterval(16, renewal_time);
 
 		return true;
 		%}
@@ -571,7 +571,7 @@ refine flow DHCP_Flow += {
 	function process_rebinding_time_option(v: OptionValue): bool
 		%{
 		double rebinding_time = static_cast<double>(${v.rebinding_time});
-		${context.flow}->options->Assign(17, zeek::make_intrusive<zeek::IntervalVal>(rebinding_time));
+		${context.flow}->options->AssignInterval(17, rebinding_time);
 
 		return true;
 		%}
@@ -626,7 +626,7 @@ refine flow DHCP_Flow += {
 	function process_client_id_option(v: OptionValue): bool
 		%{
 		auto client_id = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::ClientID);
-		client_id->Assign(0, zeek::val_mgr->Count(${v.client_id.hwtype}));
+		client_id->Assign(0, ${v.client_id.hwtype});
 		zeek::StringValPtr sv;
 
 		if ( ${v.client_id.hwtype} == 0 )
@@ -695,9 +695,9 @@ refine flow DHCP_Flow += {
 	function process_client_fqdn_option(v: OptionValue): bool
 		%{
 		auto client_fqdn = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::ClientFQDN);
-		client_fqdn->Assign(0, zeek::val_mgr->Count(${v.client_fqdn.flags}));
+		client_fqdn->Assign(0, ${v.client_fqdn.flags});
-		client_fqdn->Assign(1, zeek::val_mgr->Count(${v.client_fqdn.rcode1}));
+		client_fqdn->Assign(1, ${v.client_fqdn.rcode1});
-		client_fqdn->Assign(2, zeek::val_mgr->Count(${v.client_fqdn.rcode2}));
+		client_fqdn->Assign(2, ${v.client_fqdn.rcode2});
 		const char* domain_name = reinterpret_cast<const char*>(${v.client_fqdn.domain_name}.begin());
 		client_fqdn->Assign(3, zeek::make_intrusive<zeek::StringVal>(${v.client_fqdn.domain_name}.length(), domain_name));
 
@@ -760,7 +760,7 @@ refine flow DHCP_Flow += {
 		      ptrsubopt != ${v.relay_agent_inf}->end(); ++ptrsubopt )
 			{
 			auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::SubOpt);
-			r->Assign(0, zeek::val_mgr->Count((*ptrsubopt)->code()));
+			r->Assign(0, (*ptrsubopt)->code());
 			r->Assign(1, to_stringval((*ptrsubopt)->value()));
 
 			relay_agent_sub_opt->Assign(i, std::move(r));
@@ -790,7 +790,7 @@ refine casetype OptionValue += {
 refine flow DHCP_Flow += {
 	function process_auto_config_option(v: OptionValue): bool
 		%{
-		${context.flow}->options->Assign(23, zeek::val_mgr->Bool(${v.auto_config} == 0 ? false : true));
+		${context.flow}->options->Assign(23, ${v.auto_config} == 0 ? false : true);
 
 		return true;
 		%}

src/analyzer/protocol/dns/DNS.cc

@@ -622,13 +622,13 @@ bool DNS_Interpreter::ParseRR_SOA(detail::DNS_MsgInfo* msg,
 		{
 		static auto dns_soa = id::find_type<RecordType>("dns_soa");
 		auto r = make_intrusive<RecordVal>(dns_soa);
-		r->Assign(0, make_intrusive<StringVal>(new String(mname, mname_end - mname, true)));
+		r->Assign(0, new String(mname, mname_end - mname, true));
-		r->Assign(1, make_intrusive<StringVal>(new String(rname, rname_end - rname, true)));
+		r->Assign(1, new String(rname, rname_end - rname, true));
-		r->Assign(2, val_mgr->Count(serial));
+		r->Assign(2, serial);
-		r->Assign(3, make_intrusive<IntervalVal>(double(refresh), Seconds));
+		r->AssignInterval(3, double(refresh));
-		r->Assign(4, make_intrusive<IntervalVal>(double(retry), Seconds));
+		r->AssignInterval(4, double(retry));
-		r->Assign(5, make_intrusive<IntervalVal>(double(expire), Seconds));
+		r->AssignInterval(5, double(expire));
-		r->Assign(6, make_intrusive<IntervalVal>(double(minimum), Seconds));
+		r->AssignInterval(6, double(minimum));
 
 		analyzer->EnqueueConnEvent(dns_SOA_reply,
 			analyzer->ConnVal(),
@@ -1849,19 +1849,19 @@ RecordValPtr DNS_MsgInfo::BuildHdrVal()
 	static auto dns_msg = id::find_type<RecordType>("dns_msg");
 	auto r = make_intrusive<RecordVal>(dns_msg);
 
-	r->Assign(0, val_mgr->Count(id));
+	r->Assign(0, id);
-	r->Assign(1, val_mgr->Count(opcode));
+	r->Assign(1, opcode);
-	r->Assign(2, val_mgr->Count(rcode));
+	r->Assign(2, rcode);
-	r->Assign(3, val_mgr->Bool(QR));
+	r->Assign(3, static_cast<bool>(QR));
-	r->Assign(4, val_mgr->Bool(AA));
+	r->Assign(4, static_cast<bool>(AA));
-	r->Assign(5, val_mgr->Bool(TC));
+	r->Assign(5, static_cast<bool>(TC));
-	r->Assign(6, val_mgr->Bool(RD));
+	r->Assign(6, static_cast<bool>(RD));
-	r->Assign(7, val_mgr->Bool(RA));
+	r->Assign(7, static_cast<bool>(RA));
-	r->Assign(8, val_mgr->Count(Z));
+	r->Assign(8, Z);
-	r->Assign(9, val_mgr->Count(qdcount));
+	r->Assign(9, qdcount);
-	r->Assign(10, val_mgr->Count(ancount));
+	r->Assign(10, ancount);
-	r->Assign(11, val_mgr->Count(nscount));
+	r->Assign(11, nscount);
-	r->Assign(12, val_mgr->Count(arcount));
+	r->Assign(12, arcount);
 
 	return r;
 	}
@@ -1871,11 +1871,11 @@ RecordValPtr DNS_MsgInfo::BuildAnswerVal()
 	static auto dns_answer = id::find_type<RecordType>("dns_answer");
 	auto r = make_intrusive<RecordVal>(dns_answer);
 
-	r->Assign(0, val_mgr->Count(int(answer_type)));
+	r->Assign(0, answer_type);
 	r->Assign(1, query_name);
-	r->Assign(2, val_mgr->Count(atype));
+	r->Assign(2, atype);
-	r->Assign(3, val_mgr->Count(aclass));
+	r->Assign(3, aclass);
-	r->Assign(4, make_intrusive<IntervalVal>(double(ttl), Seconds));
+	r->AssignInterval(4, double(ttl));
 
 	return r;
 	}
@@ -1887,14 +1887,14 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_Val()
 	static auto dns_edns_additional = id::find_type<RecordType>("dns_edns_additional");
 	auto r = make_intrusive<RecordVal>(dns_edns_additional);
 
-	r->Assign(0, val_mgr->Count(int(answer_type)));
+	r->Assign(0, answer_type);
 	r->Assign(1, query_name);
 
 	// type = 0x29 or 41 = EDNS
-	r->Assign(2, val_mgr->Count(atype));
+	r->Assign(2, atype);
 
 	// sender's UDP payload size, per RFC 2671 4.3
-	r->Assign(3, val_mgr->Count(aclass));
+	r->Assign(3, aclass);
 
 	// Need to break the TTL field into three components:
 	// initial: [------------- ttl (32) ---------------------]
@@ -1907,11 +1907,11 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_Val()
 
 	unsigned int return_error = (ercode << 8) | rcode;
 
-	r->Assign(4, val_mgr->Count(return_error));
+	r->Assign(4, return_error);
-	r->Assign(5, val_mgr->Count(version));
+	r->Assign(5, version);
-	r->Assign(6, val_mgr->Count(z));
+	r->Assign(6, z);
-	r->Assign(7, make_intrusive<IntervalVal>(double(ttl), Seconds));
+	r->AssignInterval(7, double(ttl));
-	r->Assign(8, val_mgr->Count(is_query));
+	r->Assign(8, is_query);
 
 	return r;
 	}
@@ -1922,8 +1922,8 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_ECS_Val(struct EDNS_ECS* opt)
 	auto r = make_intrusive<RecordVal>(dns_edns_ecs);
 
 	r->Assign(0, opt->ecs_family);
-	r->Assign(1, val_mgr->Count(opt->ecs_src_pfx_len));
+	r->Assign(1, opt->ecs_src_pfx_len);
-	r->Assign(2, val_mgr->Count(opt->ecs_scp_pfx_len));
+	r->Assign(2, opt->ecs_scp_pfx_len);
 	r->Assign(3, opt->ecs_addr);
 
 	return r;
@@ -1934,8 +1934,8 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_TCP_KA_Val(struct EDNS_TCP_KEEPALIVE* opt)
 	static auto dns_edns_tcp_keepalive = id::find_type<RecordType>("dns_edns_tcp_keepalive");
 	auto r = make_intrusive<RecordVal>(dns_edns_tcp_keepalive);
 
-	r->Assign(0, val_mgr->Bool(opt->keepalive_timeout_omitted));
+	r->Assign(0, opt->keepalive_timeout_omitted);
-	r->Assign(1, val_mgr->Count(opt->keepalive_timeout));
+	r->Assign(1, opt->keepalive_timeout);
 
 	return r;
 	}
@@ -1945,9 +1945,9 @@ RecordValPtr DNS_MsgInfo::BuildEDNS_COOKIE_Val(struct EDNS_COOKIE* opt)
 	static auto dns_edns_cookie = id::find_type<RecordType>("dns_edns_cookie");
 	auto r = make_intrusive<RecordVal>(dns_edns_cookie);
 
-	r->Assign(0, make_intrusive<StringVal>(opt->client_cookie));
+	r->Assign(0, opt->client_cookie);
 	if (opt->server_cookie != nullptr) {
-		r->Assign(1, make_intrusive<StringVal>(opt->server_cookie));
+		r->Assign(1, opt->server_cookie);
 	}
 
 	return r;
@@ -1959,16 +1959,16 @@ RecordValPtr DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
 	auto r = make_intrusive<RecordVal>(dns_tsig_additional);
 	double rtime = tsig->time_s + tsig->time_ms / 1000.0;
 
-	// r->Assign(0, val_mgr->Count(int(answer_type)));
+	// r->Assign(0, answer_type);
 	r->Assign(0, query_name);
-	r->Assign(1, val_mgr->Count(int(answer_type)));
+	r->Assign(1, answer_type);
-	r->Assign(2, make_intrusive<StringVal>(tsig->alg_name));
+	r->Assign(2, tsig->alg_name);
-	r->Assign(3, make_intrusive<StringVal>(tsig->sig));
+	r->Assign(3, tsig->sig);
-	r->Assign(4, make_intrusive<TimeVal>(rtime));
+	r->AssignTime(4, rtime);
-	r->Assign(5, make_intrusive<TimeVal>(double(tsig->fudge)));
+	r->AssignTime(5, double(tsig->fudge));
-	r->Assign(6, val_mgr->Count(tsig->orig_id));
+	r->Assign(6, tsig->orig_id);
-	r->Assign(7, val_mgr->Count(tsig->rr_error));
+	r->Assign(7, tsig->rr_error);
-	r->Assign(8, val_mgr->Count(is_query));
+	r->Assign(8, is_query);
 
 	return r;
 	}
@@ -1979,17 +1979,17 @@ RecordValPtr DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
 	auto r = make_intrusive<RecordVal>(dns_rrsig_rr);
 
 	r->Assign(0, query_name);
-	r->Assign(1, val_mgr->Count(int(answer_type)));
+	r->Assign(1, answer_type);
-	r->Assign(2, val_mgr->Count(rrsig->type_covered));
+	r->Assign(2, rrsig->type_covered);
-	r->Assign(3, val_mgr->Count(rrsig->algorithm));
+	r->Assign(3, rrsig->algorithm);
-	r->Assign(4, val_mgr->Count(rrsig->labels));
+	r->Assign(4, rrsig->labels);
-	r->Assign(5, make_intrusive<IntervalVal>(double(rrsig->orig_ttl), Seconds));
+	r->AssignInterval(5, double(rrsig->orig_ttl));
-	r->Assign(6, make_intrusive<TimeVal>(double(rrsig->sig_exp)));
+	r->AssignTime(6, double(rrsig->sig_exp));
-	r->Assign(7, make_intrusive<TimeVal>(double(rrsig->sig_incep)));
+	r->AssignTime(7, double(rrsig->sig_incep));
-	r->Assign(8, val_mgr->Count(rrsig->key_tag));
+	r->Assign(8, rrsig->key_tag);
-	r->Assign(9, make_intrusive<StringVal>(rrsig->signer_name));
+	r->Assign(9, rrsig->signer_name);
-	r->Assign(10, make_intrusive<StringVal>(rrsig->signature));
+	r->Assign(10, rrsig->signature);
-	r->Assign(11, val_mgr->Count(is_query));
+	r->Assign(11, is_query);
 
 	return r;
 	}
@@ -2000,12 +2000,12 @@ RecordValPtr DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
 	auto r = make_intrusive<RecordVal>(dns_dnskey_rr);
 
 	r->Assign(0, query_name);
-	r->Assign(1, val_mgr->Count(int(answer_type)));
+	r->Assign(1, answer_type);
-	r->Assign(2, val_mgr->Count(dnskey->dflags));
+	r->Assign(2, dnskey->dflags);
-	r->Assign(3, val_mgr->Count(dnskey->dprotocol));
+	r->Assign(3, dnskey->dprotocol);
-	r->Assign(4, val_mgr->Count(dnskey->dalgorithm));
+	r->Assign(4, dnskey->dalgorithm);
-	r->Assign(5, make_intrusive<StringVal>(dnskey->public_key));
+	r->Assign(5, dnskey->public_key);
-	r->Assign(6, val_mgr->Count(is_query));
+	r->Assign(6, is_query);
 
 	return r;
 	}
@@ -2016,16 +2016,16 @@ RecordValPtr DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
 	auto r = make_intrusive<RecordVal>(dns_nsec3_rr);
 
 	r->Assign(0, query_name);
-	r->Assign(1, val_mgr->Count(int(answer_type)));
+	r->Assign(1, answer_type);
-	r->Assign(2, val_mgr->Count(nsec3->nsec_flags));
+	r->Assign(2, nsec3->nsec_flags);
-	r->Assign(3, val_mgr->Count(nsec3->nsec_hash_algo));
+	r->Assign(3, nsec3->nsec_hash_algo);
-	r->Assign(4, val_mgr->Count(nsec3->nsec_iter));
+	r->Assign(4, nsec3->nsec_iter);
-	r->Assign(5, val_mgr->Count(nsec3->nsec_salt_len));
+	r->Assign(5, nsec3->nsec_salt_len);
-	r->Assign(6, make_intrusive<StringVal>(nsec3->nsec_salt));
+	r->Assign(6, nsec3->nsec_salt);
-	r->Assign(7, val_mgr->Count(nsec3->nsec_hlen));
+	r->Assign(7, nsec3->nsec_hlen);
-	r->Assign(8, make_intrusive<StringVal>(nsec3->nsec_hash));
+	r->Assign(8, nsec3->nsec_hash);
 	r->Assign(9, std::move(nsec3->bitmaps));
-	r->Assign(10, val_mgr->Count(is_query));
+	r->Assign(10, is_query);
 
 	return r;
 	}
@@ -2036,13 +2036,13 @@ RecordValPtr DNS_MsgInfo::BuildNSEC3PARAM_Val(NSEC3PARAM_DATA* nsec3param)
 	auto r = make_intrusive<RecordVal>(dns_nsec3param_rr);
 
 	r->Assign(0, query_name);
-	r->Assign(1, val_mgr->Count(int(answer_type)));
+	r->Assign(1, answer_type);
-	r->Assign(2, val_mgr->Count(nsec3param->nsec_flags));
+	r->Assign(2, nsec3param->nsec_flags);
-	r->Assign(3, val_mgr->Count(nsec3param->nsec_hash_algo));
+	r->Assign(3, nsec3param->nsec_hash_algo);
-	r->Assign(4, val_mgr->Count(nsec3param->nsec_iter));
+	r->Assign(4, nsec3param->nsec_iter);
-	r->Assign(5, val_mgr->Count(nsec3param->nsec_salt_len));
+	r->Assign(5, nsec3param->nsec_salt_len);
-	r->Assign(6, make_intrusive<StringVal>(nsec3param->nsec_salt));
+	r->Assign(6, nsec3param->nsec_salt);
-	r->Assign(7, val_mgr->Count(is_query));
+	r->Assign(7, is_query);
 
 	return r;
 	}
@@ -2053,12 +2053,12 @@ RecordValPtr DNS_MsgInfo::BuildDS_Val(DS_DATA* ds)
 	auto r = make_intrusive<RecordVal>(dns_ds_rr);
 
 	r->Assign(0, query_name);
-	r->Assign(1, val_mgr->Count(int(answer_type)));
+	r->Assign(1, answer_type);
-	r->Assign(2, val_mgr->Count(ds->key_tag));
+	r->Assign(2, ds->key_tag);
-	r->Assign(3, val_mgr->Count(ds->algorithm));
+	r->Assign(3, ds->algorithm);
-	r->Assign(4, val_mgr->Count(ds->digest_type));
+	r->Assign(4, ds->digest_type);
-	r->Assign(5, make_intrusive<StringVal>(ds->digest_val));
+	r->Assign(5, ds->digest_val);
-	r->Assign(6, val_mgr->Count(is_query));
+	r->Assign(6, is_query);
 
 	return r;
 	}
@@ -2069,12 +2069,12 @@ RecordValPtr DNS_MsgInfo::BuildBINDS_Val(BINDS_DATA* binds)
 	auto r = make_intrusive<RecordVal>(dns_binds_rr);
 
 	r->Assign(0, query_name);
-	r->Assign(1, val_mgr->Count(int(answer_type)));
+	r->Assign(1, answer_type);
-	r->Assign(2, val_mgr->Count(binds->algorithm));
+	r->Assign(2, binds->algorithm);
-	r->Assign(3, val_mgr->Count(binds->key_id));
+	r->Assign(3, binds->key_id);
-	r->Assign(4, val_mgr->Count(binds->removal_flag));
+	r->Assign(4, binds->removal_flag);
-	r->Assign(5, make_intrusive<StringVal>(binds->complete_flag));
+	r->Assign(5, binds->complete_flag);
-	r->Assign(6, val_mgr->Count(is_query));
+	r->Assign(6, is_query);
 
 	return r;
 	}
@@ -2085,15 +2085,15 @@ RecordValPtr DNS_MsgInfo::BuildLOC_Val(LOC_DATA* loc)
 	auto r = make_intrusive<RecordVal>(dns_loc_rr);
 
 	r->Assign(0, query_name);
-	r->Assign(1, val_mgr->Count(int(answer_type)));
+	r->Assign(1, answer_type);
-	r->Assign(2, val_mgr->Count(loc->version));
+	r->Assign(2, loc->version);
-	r->Assign(3, val_mgr->Count(loc->size));
+	r->Assign(3, loc->size);
-	r->Assign(4, val_mgr->Count(loc->horiz_pre));
+	r->Assign(4, loc->horiz_pre);
-	r->Assign(5, val_mgr->Count(loc->vert_pre));
+	r->Assign(5, loc->vert_pre);
-	r->Assign(6, val_mgr->Count(loc->latitude));
+	r->Assign(6, static_cast<uint64_t>(loc->latitude));
-	r->Assign(7, val_mgr->Count(loc->longitude));
+	r->Assign(7, static_cast<uint64_t>(loc->longitude));
-	r->Assign(8, val_mgr->Count(loc->altitude));
+	r->Assign(8, static_cast<uint64_t>(loc->altitude));
-	r->Assign(9, val_mgr->Count(is_query));
+	r->Assign(9, is_query);
 
 	return r;
 	}

src/analyzer/protocol/ftp/functions.bif

@@ -35,13 +35,13 @@ static zeek::ValPtr parse_port(const char* line)
 
 		r->Assign(0, zeek::make_intrusive<zeek::AddrVal>(htonl(addr)));
 		r->Assign(1, zeek::val_mgr->Port(port, TRANSPORT_TCP));
-		r->Assign(2, zeek::val_mgr->Bool(good));
+		r->Assign(2, good);
 		}
 	else
 		{
 		r->Assign(0, zeek::make_intrusive<zeek::AddrVal>(uint32_t(0)));
 		r->Assign(1, zeek::val_mgr->Port(0, TRANSPORT_TCP));
-		r->Assign(2, zeek::val_mgr->False());
+		r->Assign(2, false);
 		}
 
 	return r;
@@ -111,7 +111,7 @@ static zeek::ValPtr parse_eftp(const char* line)
 
 	r->Assign(0, zeek::make_intrusive<zeek::AddrVal>(addr));
 	r->Assign(1, zeek::val_mgr->Port(port, TRANSPORT_TCP));
-	r->Assign(2, zeek::val_mgr->Bool(good));
+	r->Assign(2, good);
 
 	return r;
 	}

src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac

@@ -9,21 +9,21 @@ zeek::RecordValPtr BuildGTPv1Hdr(const GTPv1_Header* pdu)
 	{
 	auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtpv1_hdr);
 
-	rv->Assign(0, zeek::val_mgr->Count(pdu->version()));
+	rv->Assign(0, pdu->version());
-	rv->Assign(1, zeek::val_mgr->Bool(pdu->pt_flag()));
+	rv->Assign(1, pdu->pt_flag());
-	rv->Assign(2, zeek::val_mgr->Bool(pdu->rsv()));
+	rv->Assign(2, pdu->rsv());
-	rv->Assign(3, zeek::val_mgr->Bool(pdu->e_flag()));
+	rv->Assign(3, pdu->e_flag());
-	rv->Assign(4, zeek::val_mgr->Bool(pdu->s_flag()));
+	rv->Assign(4, pdu->s_flag());
-	rv->Assign(5, zeek::val_mgr->Bool(pdu->pn_flag()));
+	rv->Assign(5, pdu->pn_flag());
-	rv->Assign(6, zeek::val_mgr->Count(pdu->msg_type()));
+	rv->Assign(6, pdu->msg_type());
-	rv->Assign(7, zeek::val_mgr->Count(pdu->length()));
+	rv->Assign(7, pdu->length());
-	rv->Assign(8, zeek::val_mgr->Count(pdu->teid()));
+	rv->Assign(8, pdu->teid());
 
 	if ( pdu->has_opt() )
 		{
-		rv->Assign(9, zeek::val_mgr->Count(pdu->opt_hdr()->seq()));
+		rv->Assign(9, pdu->opt_hdr()->seq());
-		rv->Assign(10, zeek::val_mgr->Count(pdu->opt_hdr()->n_pdu()));
+		rv->Assign(10, pdu->opt_hdr()->n_pdu());
-		rv->Assign(11, zeek::val_mgr->Count(pdu->opt_hdr()->next_type()));
+		rv->Assign(11, pdu->opt_hdr()->next_type());
 		}
 
 	return rv;
@@ -37,10 +37,10 @@ static zeek::ValPtr BuildIMSI(const InformationElement* ie)
 static zeek::ValPtr BuildRAI(const InformationElement* ie)
 	{
 	auto ev = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtp_rai);
-	ev->Assign(0, zeek::val_mgr->Count(ie->rai()->mcc()));
+	ev->Assign(0, ie->rai()->mcc());
-	ev->Assign(1, zeek::val_mgr->Count(ie->rai()->mnc()));
+	ev->Assign(1, ie->rai()->mnc());
-	ev->Assign(2, zeek::val_mgr->Count(ie->rai()->lac()));
+	ev->Assign(2, ie->rai()->lac());
-	ev->Assign(3, zeek::val_mgr->Count(ie->rai()->rac()));
+	ev->Assign(3, ie->rai()->rac());
 	return ev;
 	}
 
@@ -87,8 +87,8 @@ static zeek::ValPtr BuildTraceType(const InformationElement* ie)
 zeek::ValPtr BuildEndUserAddr(const InformationElement* ie)
 	{
 	auto ev = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::gtp_end_user_addr);
-	ev->Assign(0, zeek::val_mgr->Count(ie->end_user_addr()->pdp_type_org()));
+	ev->Assign(0, ie->end_user_addr()->pdp_type_org());
-	ev->Assign(1, zeek::val_mgr->Count(ie->end_user_addr()->pdp_type_num()));
+	ev->Assign(1, ie->end_user_addr()->pdp_type_num());
 
 	int len = ie->end_user_addr()->pdp_addr().length();
 
@@ -106,8 +106,7 @@ zeek::ValPtr BuildEndUserAddr(const InformationElement* ie)
 			  zeek::IPAddr(IPv6, (const uint32*) d, zeek::IPAddr::Network)));
 			break;
 		default:
-			ev->Assign(3, zeek::make_intrusive<zeek::StringVal>(
+			ev->Assign(3, new zeek::String((const u_char*) d, len, false));
-			  new zeek::String((const u_char*) d, len, false)));
 			break;
 		}
 		}
@@ -143,7 +142,7 @@ zeek::ValPtr BuildGSN_Addr(const InformationElement* ie)
 		ev->Assign(0, zeek::make_intrusive<zeek::AddrVal>(
 		  zeek::IPAddr(IPv6, (const uint32*) d, zeek::IPAddr::Network)));
 	else
-		ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new zeek::String((const u_char*) d, len, false)));
+		ev->Assign(1, new zeek::String((const u_char*) d, len, false));
 
 	return ev;
 	}
@@ -162,8 +161,8 @@ zeek::ValPtr BuildQoS_Profile(const InformationElement* ie)
 	const u_char* d = (const u_char*) ie->qos_profile()->data().data();
 	int len = ie->qos_profile()->data().length();
 
-	ev->Assign(0, zeek::val_mgr->Count(ie->qos_profile()->alloc_retention_priority()));
+	ev->Assign(0, ie->qos_profile()->alloc_retention_priority());
-	ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new zeek::String(d, len, false)));
+	ev->Assign(1, new zeek::String(d, len, false));
 
 	return ev;
 	}
@@ -196,8 +195,8 @@ zeek::ValPtr BuildPrivateExt(const InformationElement* ie)
 	const uint8* d = ie->private_ext()->value().data();
 	int len = ie->private_ext()->value().length();
 
-	ev->Assign(0, zeek::val_mgr->Count(ie->private_ext()->id()));
+	ev->Assign(0, ie->private_ext()->id());
-	ev->Assign(1, zeek::make_intrusive<zeek::StringVal>(new zeek::String((const u_char*) d, len, false)));
+	ev->Assign(1, new zeek::String((const u_char*) d, len, false));
 
 	return ev;
 	}

src/analyzer/protocol/http/HTTP.cc

@@ -626,12 +626,12 @@ RecordValPtr HTTP_Message::BuildMessageStat(bool interrupted, const char* msg)
 	static auto http_message_stat = id::find_type<RecordType>("http_message_stat");
 	auto stat = make_intrusive<RecordVal>(http_message_stat);
 	int field = 0;
-	stat->Assign(field++, make_intrusive<TimeVal>(start_time));
+	stat->AssignTime(field++, start_time);
-	stat->Assign(field++, val_mgr->Bool(interrupted));
+	stat->Assign(field++, interrupted);
-	stat->Assign(field++, make_intrusive<StringVal>(msg));
+	stat->Assign(field++, msg);
-	stat->Assign(field++, val_mgr->Count(body_length));
+	stat->Assign(field++, static_cast<uint64_t>(body_length));
-	stat->Assign(field++, val_mgr->Count(content_gap_length));
+	stat->Assign(field++, static_cast<uint64_t>(content_gap_length));
-	stat->Assign(field++, val_mgr->Count(header_length));
+	stat->Assign(field++, static_cast<uint64_t>(header_length));
 	return stat;
 	}
 
@@ -1165,10 +1165,10 @@ void HTTP_Analyzer::GenStats()
 		{
 		static auto http_stats_rec = id::find_type<RecordType>("http_stats_rec");
 		auto r = make_intrusive<RecordVal>(http_stats_rec);
-		r->Assign(0, val_mgr->Count(num_requests));
+		r->Assign(0, num_requests);
-		r->Assign(1, val_mgr->Count(num_replies));
+		r->Assign(1, num_replies);
-		r->Assign(2, make_intrusive<DoubleVal>(request_version.ToDouble()));
+		r->Assign(2, request_version.ToDouble());
-		r->Assign(3, make_intrusive<DoubleVal>(reply_version.ToDouble()));
+		r->Assign(3, reply_version.ToDouble());
 
 		// DEBUG_MSG("%.6f http_stats\n", run_state::network_time);
 		EnqueueConnEvent(http_stats, ConnVal(), std::move(r));

src/analyzer/protocol/icmp/ICMP.cc

@@ -224,11 +224,11 @@ RecordValPtr ICMP_Analyzer::BuildInfo(const struct icmp* icmpp, int len,
 	{
 	static auto icmp_info = id::find_type<RecordType>("icmp_info");
 	auto rval = make_intrusive<RecordVal>(icmp_info);
-	rval->Assign(0, val_mgr->Bool(icmpv6));
+	rval->Assign(0, static_cast<bool>(icmpv6));
-	rval->Assign(1, val_mgr->Count(icmpp->icmp_type));
+	rval->Assign(1, icmpp->icmp_type);
-	rval->Assign(2, val_mgr->Count(icmpp->icmp_code));
+	rval->Assign(2, icmpp->icmp_code);
-	rval->Assign(3, val_mgr->Count(len));
+	rval->Assign(3, len);
-	rval->Assign(4, val_mgr->Count(ip_hdr->TTL()));
+	rval->Assign(4, ip_hdr->TTL());
 	return rval;
 	}
 
@@ -355,13 +355,13 @@ RecordValPtr ICMP_Analyzer::ExtractICMP4Context(int len, const u_char*& data)
 	id_val->Assign(3, val_mgr->Port(dst_port, proto));
 
 	iprec->Assign(0, std::move(id_val));
-	iprec->Assign(1, val_mgr->Count(ip_len));
+	iprec->Assign(1, ip_len);
-	iprec->Assign(2, val_mgr->Count(proto));
+	iprec->Assign(2, proto);
-	iprec->Assign(3, val_mgr->Count(frag_offset));
+	iprec->Assign(3, frag_offset);
-	iprec->Assign(4, val_mgr->Bool(bad_hdr_len));
+	iprec->Assign(4, static_cast<bool>(bad_hdr_len));
-	iprec->Assign(5, val_mgr->Bool(bad_checksum));
+	iprec->Assign(5, static_cast<bool>(bad_checksum));
-	iprec->Assign(6, val_mgr->Bool(MF));
+	iprec->Assign(6, static_cast<bool>(MF));
-	iprec->Assign(7, val_mgr->Bool(DF));
+	iprec->Assign(7, static_cast<bool>(DF));
 
 	return iprec;
 	}
@@ -415,14 +415,14 @@ RecordValPtr ICMP_Analyzer::ExtractICMP6Context(int len, const u_char*& data)
 	id_val->Assign(3, val_mgr->Port(dst_port, proto));
 
 	iprec->Assign(0, std::move(id_val));
-	iprec->Assign(1, val_mgr->Count(ip_len));
+	iprec->Assign(1, ip_len);
-	iprec->Assign(2, val_mgr->Count(proto));
+	iprec->Assign(2, proto);
-	iprec->Assign(3, val_mgr->Count(frag_offset));
+	iprec->Assign(3, frag_offset);
-	iprec->Assign(4, val_mgr->Bool(bad_hdr_len));
+	iprec->Assign(4, static_cast<bool>(bad_hdr_len));
 	// bad_checksum is always false since IPv6 layer doesn't have a checksum.
-	iprec->Assign(5, val_mgr->False());
+	iprec->Assign(5, false);
-	iprec->Assign(6, val_mgr->Bool(MF));
+	iprec->Assign(6, static_cast<bool>(MF));
-	iprec->Assign(7, val_mgr->Bool(DF));
+	iprec->Assign(7, static_cast<bool>(DF));
 
 	return iprec;
 	}
@@ -472,14 +472,14 @@ void ICMP_Analyzer::UpdateEndpointVal(const ValPtr& endp_arg, bool is_orig)
 
 	if ( size < 0 )
 		{
-		endp->Assign(0, val_mgr->Count(0));
+		endp->Assign(0, 0);
-		endp->Assign(1, val_mgr->Count(int(ICMP_INACTIVE)));
+		endp->Assign(1, ICMP_INACTIVE);
 		}
 
 	else
 		{
-		endp->Assign(0, val_mgr->Count(size));
+		endp->Assign(0, size);
-		endp->Assign(1, val_mgr->Count(int(ICMP_ACTIVE)));
+		endp->Assign(1, ICMP_ACTIVE);
 		}
 	}
 
@@ -743,8 +743,8 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
 			}
 
 		auto rv = make_intrusive<RecordVal>(icmp6_nd_option_type);
-		rv->Assign(0, val_mgr->Count(type));
+		rv->Assign(0, type);
-		rv->Assign(1, val_mgr->Count(length));
+		rv->Assign(1, length);
 
 		// Adjust length to be in units of bytes, exclude type/length fields.
 		length = length * 8 - 2;
@@ -763,7 +763,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
 			if ( caplen >= length )
 				{
 				String* link_addr = new String(data, length, false);
-				rv->Assign(2, make_intrusive<StringVal>(link_addr));
+				rv->Assign(2, link_addr);
 				}
 			else
 				set_payload_field = true;
@@ -783,11 +783,11 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
 				uint32_t valid_life = *((const uint32_t*)(data + 2));
 				uint32_t prefer_life = *((const uint32_t*)(data + 6));
 				in6_addr prefix = *((const in6_addr*)(data + 14));
-				info->Assign(0, val_mgr->Count(prefix_len));
+				info->Assign(0, prefix_len);
-				info->Assign(1, val_mgr->Bool(L_flag));
+				info->Assign(1, L_flag);
-				info->Assign(2, val_mgr->Bool(A_flag));
+				info->Assign(2, A_flag);
-				info->Assign(3, make_intrusive<IntervalVal>((double)ntohl(valid_life), Seconds));
+				info->AssignInterval(3, double(ntohl(valid_life)));
-				info->Assign(4, make_intrusive<IntervalVal>((double)ntohl(prefer_life), Seconds));
+				info->AssignInterval(4, double(ntohl(prefer_life)));
 				info->Assign(5, make_intrusive<AddrVal>(IPAddr(prefix)));
 				rv->Assign(3, std::move(info));
 				}
@@ -816,7 +816,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
 			// MTU option
 			{
 			if ( caplen >= 6 )
-				rv->Assign(5, val_mgr->Count(ntohl(*((const uint32_t*)(data + 2)))));
+				rv->Assign(5, ntohl(*((const uint32_t*)(data + 2))));
 			else
 				set_payload_field = true;
 
@@ -833,7 +833,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
 		if ( set_payload_field )
 			{
 			String* payload = new String(data, std::min((int)length, caplen), false);
-			rv->Assign(6, make_intrusive<StringVal>(payload));
+			rv->Assign(6, payload);
 			}
 
 		data += length;

src/analyzer/protocol/irc/IRC.cc

@@ -841,14 +841,14 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		for ( size_t i = 0; i < channels.size(); ++i )
 			{
 			auto info = make_intrusive<RecordVal>(irc_join_info);
-			info->Assign(0, make_intrusive<StringVal>(nickname.c_str()));
+			info->Assign(0, nickname);
-			info->Assign(1, make_intrusive<StringVal>(channels[i].c_str()));
+			info->Assign(1, channels[i]);
 			if ( i < passwords.size() )
-				info->Assign(2, make_intrusive<StringVal>(passwords[i].c_str()));
+				info->Assign(2, passwords[i]);
 			else
-				info->Assign(2, make_intrusive<StringVal>(empty_string.c_str()));
+				info->Assign(2, empty_string);
 			// User mode.
-			info->Assign(3, make_intrusive<StringVal>(empty_string.c_str()));
+			info->Assign(3, empty_string);
 			list->Assign(std::move(info), nullptr);
 			}
 
@@ -903,12 +903,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				mode = "voice";
 				}
 
-			info->Assign(0, make_intrusive<StringVal>(nick.c_str()));
+			info->Assign(0, nick);
-			info->Assign(1, make_intrusive<StringVal>(channel.c_str()));
+			info->Assign(1, channel);
 			// Password:
-			info->Assign(2, make_intrusive<StringVal>(empty_string.c_str()));
+			info->Assign(2, empty_string);
 			// User mode:
-			info->Assign(3, make_intrusive<StringVal>(mode.c_str()));
+			info->Assign(3, mode);
 			list->Assign(std::move(info), nullptr);
 			}
 

src/analyzer/protocol/krb/krb-analyzer.pac

@@ -10,19 +10,19 @@ zeek::RecordValPtr proc_krb_kdc_options(const KRB_KDC_Options* opts)
 {
 	auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::KDC_Options);
 
-	rv->Assign(0, zeek::val_mgr->Bool(opts->forwardable()));
+	rv->Assign(0, opts->forwardable());
-	rv->Assign(1, zeek::val_mgr->Bool(opts->forwarded()));
+	rv->Assign(1, opts->forwarded());
-	rv->Assign(2, zeek::val_mgr->Bool(opts->proxiable()));
+	rv->Assign(2, opts->proxiable());
-	rv->Assign(3, zeek::val_mgr->Bool(opts->proxy()));
+	rv->Assign(3, opts->proxy());
-	rv->Assign(4, zeek::val_mgr->Bool(opts->allow_postdate()));
+	rv->Assign(4, opts->allow_postdate());
-	rv->Assign(5, zeek::val_mgr->Bool(opts->postdated()));
+	rv->Assign(5, opts->postdated());
-	rv->Assign(6, zeek::val_mgr->Bool(opts->renewable()));
+	rv->Assign(6, opts->renewable());
-	rv->Assign(7, zeek::val_mgr->Bool(opts->opt_hardware_auth()));
+	rv->Assign(7, opts->opt_hardware_auth());
-	rv->Assign(8, zeek::val_mgr->Bool(opts->disable_transited_check()));
+	rv->Assign(8, opts->disable_transited_check());
-	rv->Assign(9, zeek::val_mgr->Bool(opts->renewable_ok()));
+	rv->Assign(9, opts->renewable_ok());
-	rv->Assign(10, zeek::val_mgr->Bool(opts->enc_tkt_in_skey()));
+	rv->Assign(10, opts->enc_tkt_in_skey());
-	rv->Assign(11, zeek::val_mgr->Bool(opts->renew()));
+	rv->Assign(11, opts->renew());
-	rv->Assign(12, zeek::val_mgr->Bool(opts->validate()));
+	rv->Assign(12, opts->validate());
 
 	return rv;
 }
@@ -259,8 +259,8 @@ refine connection KRB_Conn += {
 		if ( krb_ap_request )
 			{
 			auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::AP_Options);
-			rv->Assign(0, zeek::val_mgr->Bool(${msg.ap_options.use_session_key}));
+			rv->Assign(0, ${msg.ap_options.use_session_key});
-			rv->Assign(1, zeek::val_mgr->Bool(${msg.ap_options.mutual_required}));
+			rv->Assign(1, ${msg.ap_options.mutual_required});
 
 			auto rvticket = proc_ticket(${msg.ticket});
 			auto authenticationinfo = zeek_analyzer()->GetAuthenticationInfo(

src/analyzer/protocol/krb/krb-padata.pac

@@ -21,7 +21,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly
 	for ( uint i = 0; i < data->data()->padata_elems()->size(); ++i)
 		{
 		KRB_PA_Data* element = (*data->data()->padata_elems())[i];
-		int64 data_type = element->data_type();
+		uint64_t data_type = element->data_type();
 
 		if ( is_error && ( data_type == PA_PW_AS_REQ || data_type == PA_PW_AS_REP ) )
 			data_type = 0;
@@ -37,7 +37,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly
 			case PA_PW_SALT:
 				{
 				auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value);
-				type_val->Assign(0, zeek::val_mgr->Count(element->data_type()));
+				type_val->Assign(0, data_type);
 				type_val->Assign(1, to_stringval(element->pa_data_element()->pa_pw_salt()->encoding()->content()));
 				vv->Assign(vv->Size(), std::move(type_val));
 				break;
@@ -45,7 +45,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly
 			case PA_ENCTYPE_INFO:
 				{
 				auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value);
-				type_val->Assign(0, zeek::val_mgr->Count(element->data_type()));
+				type_val->Assign(0, data_type);
 				type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info()->salt()));
 				vv->Assign(vv->Size(), std::move(type_val));
 				break;
@@ -53,7 +53,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly
 			case PA_ENCTYPE_INFO2:
 				{
 				auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value);
-				type_val->Assign(0, zeek::val_mgr->Count(element->data_type()));
+				type_val->Assign(0, data_type);
 				type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info2()->salt()));
 				vv->Assign(vv->Size(), std::move(type_val));
 				break;
@@ -113,7 +113,7 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly
 				if ( ! is_error && element->pa_data_element()->unknown()->meta()->length() > 0 )
 					{
 					auto type_val = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Type_Value);
-					type_val->Assign(0, zeek::val_mgr->Count(element->data_type()));
+					type_val->Assign(0, data_type);
 					type_val->Assign(1, to_stringval(element->pa_data_element()->unknown()->content()));
 					vv->Assign(vv->Size(), std::move(type_val));
 					}

src/analyzer/protocol/modbus/modbus-analyzer.pac

@@ -30,10 +30,10 @@
 	zeek::RecordValPtr HeaderToVal(ModbusTCP_TransportHeader* header)
 		{
 		auto modbus_header = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ModbusHeaders);
-		modbus_header->Assign(0, zeek::val_mgr->Count(header->tid()));
+		modbus_header->Assign(0, header->tid());
-		modbus_header->Assign(1, zeek::val_mgr->Count(header->pid()));
+		modbus_header->Assign(1, header->pid());
-		modbus_header->Assign(2, zeek::val_mgr->Count(header->uid()));
+		modbus_header->Assign(2, header->uid());
-		modbus_header->Assign(3, zeek::val_mgr->Count(header->fc()));
+		modbus_header->Assign(3, header->fc());
 		return modbus_header;
 		}
 

src/analyzer/protocol/mqtt/commands/connack.pac

@@ -16,8 +16,8 @@ refine flow MQTT_Flow += {
 		if ( mqtt_connack )
 			{
 			auto m = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::MQTT::ConnectAckMsg);
-			m->Assign(0, zeek::val_mgr->Count(${msg.return_code}));
+			m->Assign(0, ${msg.return_code});
-			m->Assign(1, zeek::val_mgr->Bool(${msg.session_present}));
+			m->Assign(1, ${msg.session_present});
 			zeek::BifEvent::enqueue_mqtt_connack(connection()->zeek_analyzer(),
 			                               connection()->zeek_analyzer()->Conn(),
 			                               std::move(m));

src/analyzer/protocol/mqtt/commands/connect.pac

@@ -47,14 +47,14 @@ refine flow MQTT_Flow += {
 			auto m = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::MQTT::ConnectMsg);
 			m->Assign(0, zeek::make_intrusive<zeek::StringVal>(${msg.protocol_name.str}.length(),
 			                           reinterpret_cast<const char*>(${msg.protocol_name.str}.begin())));
-			m->Assign(1, zeek::val_mgr->Count(${msg.protocol_version}));
+			m->Assign(1, ${msg.protocol_version});
 			m->Assign(2, zeek::make_intrusive<zeek::StringVal>(${msg.client_id.str}.length(),
 			                           reinterpret_cast<const char*>(${msg.client_id.str}.begin())));
-			m->Assign(3, zeek::make_intrusive<zeek::IntervalVal>(double(${msg.keep_alive}), Seconds));
+			m->AssignInterval(3, double(${msg.keep_alive}));
 
-			m->Assign(4, zeek::val_mgr->Bool(${msg.clean_session}));
+			m->Assign(4, ${msg.clean_session});
-			m->Assign(5, zeek::val_mgr->Bool(${msg.will_retain}));
+			m->Assign(5, ${msg.will_retain});
-			m->Assign(6, zeek::val_mgr->Count(${msg.will_qos}));
+			m->Assign(6, ${msg.will_qos});
 
 			if ( ${msg.will_flag} )
 				{

src/analyzer/protocol/mqtt/commands/publish.pac

@@ -24,9 +24,9 @@ refine flow MQTT_Flow += {
 		if ( mqtt_publish )
 			{
 			auto m = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::MQTT::PublishMsg);
-			m->Assign(0, zeek::val_mgr->Bool(${msg.dup}));
+			m->Assign(0, ${msg.dup});
-			m->Assign(1, zeek::val_mgr->Count(${msg.qos}));
+			m->Assign(1, ${msg.qos});
-			m->Assign(2, zeek::val_mgr->Bool(${msg.retain}));
+			m->Assign(2, ${msg.retain});
 			m->Assign<zeek::StringVal>(3, ${msg.topic.str}.length(),
 			                     reinterpret_cast<const char*>(${msg.topic.str}.begin()));
 
@@ -40,7 +40,7 @@ refine flow MQTT_Flow += {
 			m->Assign<zeek::StringVal>(4, len,
 			                     reinterpret_cast<const char*>(${msg.payload}.begin()));
 
-			m->Assign(5, zeek::val_mgr->Count(${msg.payload}.length()));
+			m->Assign(5, ${msg.payload}.length());
 
 			zeek::BifEvent::enqueue_mqtt_publish(connection()->zeek_analyzer(),
 			                               connection()->zeek_analyzer()->Conn(),

src/analyzer/protocol/ntlm/ntlm-analyzer.pac

@@ -20,10 +20,10 @@
 	zeek::RecordValPtr build_version_record(NTLM_Version* val)
 		{
 		auto result = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTLM::Version);
-		result->Assign(0, zeek::val_mgr->Count(${val.major_version}));
+		result->Assign(0, ${val.major_version});
-		result->Assign(1, zeek::val_mgr->Count(${val.minor_version}));
+		result->Assign(1, ${val.minor_version});
-		result->Assign(2, zeek::val_mgr->Count(${val.build_number}));
+		result->Assign(2, ${val.build_number});
-		result->Assign(3, zeek::val_mgr->Count(${val.ntlm_revision}));
+		result->Assign(3, ${val.ntlm_revision});
 
 		return result;
 		}
@@ -31,28 +31,28 @@
 	zeek::RecordValPtr build_negotiate_flag_record(NTLM_Negotiate_Flags* val)
 		{
 		auto flags = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTLM::NegotiateFlags);
-		flags->Assign(0, zeek::val_mgr->Bool(${val.negotiate_56}));
+		flags->Assign(0, ${val.negotiate_56});
-		flags->Assign(1, zeek::val_mgr->Bool(${val.negotiate_key_exch}));
+		flags->Assign(1, ${val.negotiate_key_exch});
-		flags->Assign(2, zeek::val_mgr->Bool(${val.negotiate_128}));
+		flags->Assign(2, ${val.negotiate_128});
-		flags->Assign(3, zeek::val_mgr->Bool(${val.negotiate_version}));
+		flags->Assign(3, ${val.negotiate_version});
-		flags->Assign(4, zeek::val_mgr->Bool(${val.negotiate_target_info}));
+		flags->Assign(4, ${val.negotiate_target_info});
-		flags->Assign(5, zeek::val_mgr->Bool(${val.request_non_nt_session_key}));
+		flags->Assign(5, ${val.request_non_nt_session_key});
-		flags->Assign(6, zeek::val_mgr->Bool(${val.negotiate_identify}));
+		flags->Assign(6, ${val.negotiate_identify});
-		flags->Assign(7, zeek::val_mgr->Bool(${val.negotiate_extended_sessionsecurity}));
+		flags->Assign(7, ${val.negotiate_extended_sessionsecurity});
-		flags->Assign(8, zeek::val_mgr->Bool(${val.target_type_server}));
+		flags->Assign(8, ${val.target_type_server});
-		flags->Assign(9, zeek::val_mgr->Bool(${val.target_type_domain}));
+		flags->Assign(9, ${val.target_type_domain});
-		flags->Assign(10, zeek::val_mgr->Bool(${val.negotiate_always_sign}));
+		flags->Assign(10, ${val.negotiate_always_sign});
-		flags->Assign(11, zeek::val_mgr->Bool(${val.negotiate_oem_workstation_supplied}));
+		flags->Assign(11, ${val.negotiate_oem_workstation_supplied});
-		flags->Assign(12, zeek::val_mgr->Bool(${val.negotiate_oem_domain_supplied}));
+		flags->Assign(12, ${val.negotiate_oem_domain_supplied});
-		flags->Assign(13, zeek::val_mgr->Bool(${val.negotiate_anonymous_connection}));
+		flags->Assign(13, ${val.negotiate_anonymous_connection});
-		flags->Assign(14, zeek::val_mgr->Bool(${val.negotiate_ntlm}));
+		flags->Assign(14, ${val.negotiate_ntlm});
-		flags->Assign(15, zeek::val_mgr->Bool(${val.negotiate_lm_key}));
+		flags->Assign(15, ${val.negotiate_lm_key});
-		flags->Assign(16, zeek::val_mgr->Bool(${val.negotiate_datagram}));
+		flags->Assign(16, ${val.negotiate_datagram});
-		flags->Assign(17, zeek::val_mgr->Bool(${val.negotiate_seal}));
+		flags->Assign(17, ${val.negotiate_seal});
-		flags->Assign(18, zeek::val_mgr->Bool(${val.negotiate_sign}));
+		flags->Assign(18, ${val.negotiate_sign});
-		flags->Assign(19, zeek::val_mgr->Bool(${val.request_target}));
+		flags->Assign(19, ${val.request_target});
-		flags->Assign(20, zeek::val_mgr->Bool(${val.negotiate_oem}));
+		flags->Assign(20, ${val.negotiate_oem});
-		flags->Assign(21, zeek::val_mgr->Bool(${val.negotiate_unicode}));
+		flags->Assign(21, ${val.negotiate_unicode});
 
 		return flags;
 		}
@@ -96,13 +96,13 @@ refine connection NTLM_Conn += {
 					result->Assign(4, utf16_to_utf8_val(zeek_analyzer()->Conn(), ${val.pairs[i].dns_tree_name.data}));
 					break;
 				case 6:
-					result->Assign(5, zeek::val_mgr->Bool(${val.pairs[i].constrained_auth}));
+					result->Assign(5, ${val.pairs[i].constrained_auth});
 					break;
 				case 7:
 					result->Assign(6, filetime2zeektime(${val.pairs[i].timestamp}));
 					break;
 				case 8:
-					result->Assign(7, zeek::val_mgr->Count(${val.pairs[i].single_host.machine_id}));
+					result->Assign(7, ${val.pairs[i].single_host.machine_id});
 					break;
 				case 9:
 					result->Assign(8, utf16_to_utf8_val(zeek_analyzer()->Conn(), ${val.pairs[i].target_name.data}));

src/analyzer/protocol/ntp/ntp-analyzer.pac

@@ -36,9 +36,9 @@
 		{
 		auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTP::StandardMessage);
 
-		rv->Assign(0, zeek::val_mgr->Count(${nsm.stratum}));
+		rv->Assign(0, ${nsm.stratum});
-		rv->Assign(1, zeek::make_intrusive<zeek::IntervalVal>(pow(2, ${nsm.poll})));
+		rv->AssignInterval(1, pow(2, ${nsm.poll}));
-		rv->Assign(2, zeek::make_intrusive<zeek::IntervalVal>(pow(2, ${nsm.precision})));
+		rv->AssignInterval(2, pow(2, ${nsm.precision}));
 		rv->Assign(3, proc_ntp_short(${nsm.root_delay}));
 		rv->Assign(4, proc_ntp_short(${nsm.root_dispersion}));
 
@@ -66,19 +66,19 @@
 
 		if ( ${nsm.mac_len} == 20 )
 			{
-			rv->Assign(12, zeek::val_mgr->Count(${nsm.mac.key_id}));
+			rv->Assign(12, ${nsm.mac.key_id});
 			rv->Assign(13, to_stringval(${nsm.mac.digest}));
 			}
 		else if ( ${nsm.mac_len} == 24 )
 			{
-			rv->Assign(12, zeek::val_mgr->Count(${nsm.mac_ext.key_id}));
+			rv->Assign(12, ${nsm.mac_ext.key_id});
 			rv->Assign(13, to_stringval(${nsm.mac_ext.digest}));
 			}
 
 		if ( ${nsm.has_exts} )
 			{
 			// TODO: add extension fields
-			rv->Assign(14, zeek::val_mgr->Count((uint32) ${nsm.exts}->size()));
+			rv->Assign(14, static_cast<uint32>(${nsm.exts}->size()));
 			}
 
 		return rv;
@@ -89,20 +89,20 @@
 		{
 		auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTP::ControlMessage);
 
-		rv->Assign(0, zeek::val_mgr->Count(${ncm.OpCode}));
+		rv->Assign(0, ${ncm.OpCode});
-		rv->Assign(1, zeek::val_mgr->Bool(${ncm.R}));
+		rv->Assign(1, ${ncm.R});
-		rv->Assign(2, zeek::val_mgr->Bool(${ncm.E}));
+		rv->Assign(2, ${ncm.E});
-		rv->Assign(3, zeek::val_mgr->Bool(${ncm.M}));
+		rv->Assign(3, ${ncm.M});
-		rv->Assign(4, zeek::val_mgr->Count(${ncm.sequence}));
+		rv->Assign(4, ${ncm.sequence});
-		rv->Assign(5, zeek::val_mgr->Count(${ncm.status}));
+		rv->Assign(5, ${ncm.status});
-		rv->Assign(6, zeek::val_mgr->Count(${ncm.association_id}));
+		rv->Assign(6, ${ncm.association_id});
 
 		if ( ${ncm.c} > 0 )
 			rv->Assign(7, to_stringval(${ncm.data}));
 
 		if ( ${ncm.has_control_mac} )
 			{
-			rv->Assign(8, zeek::val_mgr->Count(${ncm.mac.key_id}));
+			rv->Assign(8, ${ncm.mac.key_id});
 			rv->Assign(9, to_stringval(${ncm.mac.crypto_checksum}));
 			}
 
@@ -114,11 +114,11 @@
 		{
 		auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTP::Mode7Message);
 
-		rv->Assign(0, zeek::val_mgr->Count(${m7.request_code}));
+		rv->Assign(0, ${m7.request_code});
-		rv->Assign(1, zeek::val_mgr->Bool(${m7.auth_bit}));
+		rv->Assign(1, ${m7.auth_bit});
-		rv->Assign(2, zeek::val_mgr->Count(${m7.sequence}));
+		rv->Assign(2, ${m7.sequence});
-		rv->Assign(3, zeek::val_mgr->Count(${m7.implementation}));
+		rv->Assign(3, ${m7.implementation});
-		rv->Assign(4, zeek::val_mgr->Count(${m7.error_code}));
+		rv->Assign(4, ${m7.error_code});
 
 		if ( ${m7.data_len} > 0 )
 			rv->Assign(5, to_stringval(${m7.data}));
@@ -139,8 +139,8 @@ refine flow NTP_Flow += {
 			return false;
 
 		auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::NTP::Message);
-		rv->Assign(0, zeek::val_mgr->Count(${msg.version}));
+		rv->Assign(0, ${msg.version});
-		rv->Assign(1, zeek::val_mgr->Count(${msg.mode}));
+		rv->Assign(1, ${msg.mode});
 
 		// The standard record
 		if ( ${msg.mode} >=1 && ${msg.mode} <= 5 )

src/analyzer/protocol/radius/radius-analyzer.pac

@@ -8,8 +8,8 @@ refine flow RADIUS_Flow += {
 			return false;
 
 		auto result = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RADIUS::Message);
-		result->Assign(0, zeek::val_mgr->Count(${msg.code}));
+		result->Assign(0, ${msg.code});
-		result->Assign(1, zeek::val_mgr->Count(${msg.trans_id}));
+		result->Assign(1, ${msg.trans_id});
 		result->Assign(2, to_stringval(${msg.authenticator}));
 
 		if ( ${msg.attributes}->size() )

src/analyzer/protocol/rdp/rdp-analyzer.pac

@@ -66,35 +66,35 @@ refine flow RDP_Flow += {
 		if ( rdp_client_core_data )
 			{
 			auto ec_flags = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::EarlyCapabilityFlags);
-			ec_flags->Assign(0, zeek::val_mgr->Bool(${ccore.SUPPORT_ERRINFO_PDU}));
+			ec_flags->Assign(0, ${ccore.SUPPORT_ERRINFO_PDU});
-			ec_flags->Assign(1, zeek::val_mgr->Bool(${ccore.WANT_32BPP_SESSION}));
+			ec_flags->Assign(1, ${ccore.WANT_32BPP_SESSION});
-			ec_flags->Assign(2, zeek::val_mgr->Bool(${ccore.SUPPORT_STATUSINFO_PDU}));
+			ec_flags->Assign(2, ${ccore.SUPPORT_STATUSINFO_PDU});
-			ec_flags->Assign(3, zeek::val_mgr->Bool(${ccore.STRONG_ASYMMETRIC_KEYS}));
+			ec_flags->Assign(3, ${ccore.STRONG_ASYMMETRIC_KEYS});
-			ec_flags->Assign(4, zeek::val_mgr->Bool(${ccore.SUPPORT_MONITOR_LAYOUT_PDU}));
+			ec_flags->Assign(4, ${ccore.SUPPORT_MONITOR_LAYOUT_PDU});
-			ec_flags->Assign(5, zeek::val_mgr->Bool(${ccore.SUPPORT_NETCHAR_AUTODETECT}));
+			ec_flags->Assign(5, ${ccore.SUPPORT_NETCHAR_AUTODETECT});
-			ec_flags->Assign(6, zeek::val_mgr->Bool(${ccore.SUPPORT_DYNVC_GFX_PROTOCOL}));
+			ec_flags->Assign(6, ${ccore.SUPPORT_DYNVC_GFX_PROTOCOL});
-			ec_flags->Assign(7, zeek::val_mgr->Bool(${ccore.SUPPORT_DYNAMIC_TIME_ZONE}));
+			ec_flags->Assign(7, ${ccore.SUPPORT_DYNAMIC_TIME_ZONE});
-			ec_flags->Assign(8, zeek::val_mgr->Bool(${ccore.SUPPORT_HEARTBEAT_PDU}));
+			ec_flags->Assign(8, ${ccore.SUPPORT_HEARTBEAT_PDU});
 
 			auto ccd = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::ClientCoreData);
-			ccd->Assign(0, zeek::val_mgr->Count(${ccore.version_major}));
+			ccd->Assign(0, ${ccore.version_major});
-			ccd->Assign(1, zeek::val_mgr->Count(${ccore.version_minor}));
+			ccd->Assign(1, ${ccore.version_minor});
-			ccd->Assign(2, zeek::val_mgr->Count(${ccore.desktop_width}));
+			ccd->Assign(2, ${ccore.desktop_width});
-			ccd->Assign(3, zeek::val_mgr->Count(${ccore.desktop_height}));
+			ccd->Assign(3, ${ccore.desktop_height});
-			ccd->Assign(4, zeek::val_mgr->Count(${ccore.color_depth}));
+			ccd->Assign(4, ${ccore.color_depth});
-			ccd->Assign(5, zeek::val_mgr->Count(${ccore.sas_sequence}));
+			ccd->Assign(5, ${ccore.sas_sequence});
-			ccd->Assign(6, zeek::val_mgr->Count(${ccore.keyboard_layout}));
+			ccd->Assign(6, ${ccore.keyboard_layout});
-			ccd->Assign(7, zeek::val_mgr->Count(${ccore.client_build}));
+			ccd->Assign(7, ${ccore.client_build});
 			ccd->Assign(8, utf16_to_utf8_val(connection()->zeek_analyzer()->Conn(), ${ccore.client_name}));
-			ccd->Assign(9, zeek::val_mgr->Count(${ccore.keyboard_type}));
+			ccd->Assign(9, ${ccore.keyboard_type});
-			ccd->Assign(10, zeek::val_mgr->Count(${ccore.keyboard_sub}));
+			ccd->Assign(10, ${ccore.keyboard_sub});
-			ccd->Assign(11, zeek::val_mgr->Count(${ccore.keyboard_function_key}));
+			ccd->Assign(11, ${ccore.keyboard_function_key});
 			ccd->Assign(12, utf16_to_utf8_val(connection()->zeek_analyzer()->Conn(), ${ccore.ime_file_name}));
-			ccd->Assign(13, zeek::val_mgr->Count(${ccore.post_beta2_color_depth}));
+			ccd->Assign(13, ${ccore.post_beta2_color_depth});
-			ccd->Assign(14, zeek::val_mgr->Count(${ccore.client_product_id}));
+			ccd->Assign(14, ${ccore.client_product_id});
-			ccd->Assign(15, zeek::val_mgr->Count(${ccore.serial_number}));
+			ccd->Assign(15, ${ccore.serial_number});
-			ccd->Assign(16, zeek::val_mgr->Count(${ccore.high_color_depth}));
+			ccd->Assign(16, ${ccore.high_color_depth});
-			ccd->Assign(17, zeek::val_mgr->Count(${ccore.supported_color_depths}));
+			ccd->Assign(17, ${ccore.supported_color_depths});
 			ccd->Assign(18, std::move(ec_flags));
 			ccd->Assign(19, utf16_to_utf8_val(connection()->zeek_analyzer()->Conn(), ${ccore.dig_product_id}));
 
@@ -112,8 +112,8 @@ refine flow RDP_Flow += {
 			return false;
 
 		auto csd = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::ClientSecurityData);
-		csd->Assign(0, zeek::val_mgr->Count(${csec.encryption_methods}));
+		csd->Assign(0, ${csec.encryption_methods});
-		csd->Assign(1, zeek::val_mgr->Count(${csec.ext_encryption_methods}));
+		csd->Assign(1, ${csec.ext_encryption_methods});
 
 		zeek::BifEvent::enqueue_rdp_client_security_data(connection()->zeek_analyzer(),
 		                                           connection()->zeek_analyzer()->Conn(),
@@ -135,19 +135,19 @@ refine flow RDP_Flow += {
 				auto channel_def = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::ClientChannelDef);
 
 				channel_def->Assign(0, to_stringval(${cnetwork.channel_def_array[i].name}));
-				channel_def->Assign(1, zeek::val_mgr->Count(${cnetwork.channel_def_array[i].options}));
+				channel_def->Assign(1, ${cnetwork.channel_def_array[i].options});
 
-				channel_def->Assign(2, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_INITIALIZED}));
+				channel_def->Assign(2, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_INITIALIZED});
-				channel_def->Assign(3, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_RDP}));
+				channel_def->Assign(3, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_RDP});
-				channel_def->Assign(4, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_SC}));
+				channel_def->Assign(4, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_SC});
-				channel_def->Assign(5, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_CS}));
+				channel_def->Assign(5, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_CS});
-				channel_def->Assign(6, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_HIGH}));
+				channel_def->Assign(6, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_HIGH});
-				channel_def->Assign(7, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_MED}));
+				channel_def->Assign(7, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_MED});
-				channel_def->Assign(8, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_LOW}));
+				channel_def->Assign(8, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_LOW});
-				channel_def->Assign(9, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS_RDP}));
+				channel_def->Assign(9, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS_RDP});
-				channel_def->Assign(10, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS}));
+				channel_def->Assign(10, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS});
-				channel_def->Assign(11, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].CHANNEL_OPTION_SHOW_PROTOCOL}));
+				channel_def->Assign(11, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_SHOW_PROTOCOL});
-				channel_def->Assign(12, zeek::val_mgr->Bool(${cnetwork.channel_def_array[i].REMOTE_CONTROL_PERSISTENT}));
+				channel_def->Assign(12, ${cnetwork.channel_def_array[i].REMOTE_CONTROL_PERSISTENT});
 
 				channels->Assign(channels->Size(), std::move(channel_def));
 				}
@@ -166,12 +166,12 @@ refine flow RDP_Flow += {
 			return false;
 
 		auto ccld = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::ClientClusterData);
-		ccld->Assign(0, zeek::val_mgr->Count(${ccluster.flags}));
+		ccld->Assign(0, ${ccluster.flags});
-		ccld->Assign(1, zeek::val_mgr->Count(${ccluster.redir_session_id}));
+		ccld->Assign(1, ${ccluster.redir_session_id});
-		ccld->Assign(2, zeek::val_mgr->Bool(${ccluster.REDIRECTION_SUPPORTED}));
+		ccld->Assign(2, ${ccluster.REDIRECTION_SUPPORTED});
-		ccld->Assign(3, zeek::val_mgr->Count(${ccluster.SERVER_SESSION_REDIRECTION_VERSION_MASK}));
+		ccld->Assign(3, ${ccluster.SERVER_SESSION_REDIRECTION_VERSION_MASK});
-		ccld->Assign(4, zeek::val_mgr->Bool(${ccluster.REDIRECTED_SESSIONID_FIELD_VALID}));
+		ccld->Assign(4, ${ccluster.REDIRECTED_SESSIONID_FIELD_VALID});
-		ccld->Assign(5, zeek::val_mgr->Bool(${ccluster.REDIRECTED_SMARTCARD}));
+		ccld->Assign(5, ${ccluster.REDIRECTED_SMARTCARD});
 
 		zeek::BifEvent::enqueue_rdp_client_cluster_data(connection()->zeek_analyzer(),
 		                                          connection()->zeek_analyzer()->Conn(),

src/analyzer/protocol/rpc/MOUNT.cc

@@ -188,16 +188,16 @@ Args MOUNT_Interp::event_common_vl(RPC_CallInfo *c,
 	auto info = make_intrusive<RecordVal>(BifType::Record::MOUNT3::info_t);
 	info->Assign(0, BifType::Enum::rpc_status->GetEnumVal(rpc_status));
 	info->Assign(1, BifType::Enum::MOUNT3::status_t->GetEnumVal(mount_status));
-	info->Assign(2, make_intrusive<TimeVal>(c->StartTime()));
+	info->AssignTime(2, c->StartTime());
-	info->Assign(3, make_intrusive<IntervalVal>(c->LastTime() - c->StartTime()));
+	info->AssignInterval(3, c->LastTime() - c->StartTime());
-	info->Assign(4, val_mgr->Count(c->RPCLen()));
+	info->Assign(4, c->RPCLen());
-	info->Assign(5, make_intrusive<TimeVal>(rep_start_time));
+	info->AssignTime(5, rep_start_time);
-	info->Assign(6, make_intrusive<IntervalVal>(rep_last_time - rep_start_time));
+	info->AssignInterval(6, rep_last_time - rep_start_time);
-	info->Assign(7, val_mgr->Count(reply_len));
+	info->Assign(7, reply_len);
-	info->Assign(8, val_mgr->Count(c->Uid()));
+	info->Assign(8, c->Uid());
-	info->Assign(9, val_mgr->Count(c->Gid()));
+	info->Assign(9, c->Gid());
-	info->Assign(10, val_mgr->Count(c->Stamp()));
+	info->Assign(10, c->Stamp());
-	info->Assign(11, make_intrusive<StringVal>(c->MachineName()));
+	info->Assign(11, c->MachineName());
 	info->Assign(12, std::move(auxgids));
 
 	vl.emplace_back(std::move(info));
@@ -259,7 +259,7 @@ RecordValPtr MOUNT_Interp::mount3_mnt_reply(const u_char*& buf, int& n,
 			auth_flavors_count = max_auth_flavors;
 			}
 
-		auto enum_vector = make_intrusive<VectorType>(base_type(TYPE_ENUM));
+		auto enum_vector = make_intrusive<VectorType>(BifType::Enum::MOUNT3::auth_flavor_t);
 		auto auth_flavors = make_intrusive<VectorVal>(std::move(enum_vector));
 
 		for ( auto i = 0u; i < auth_flavors_count; ++i )
@@ -272,11 +272,6 @@ RecordValPtr MOUNT_Interp::mount3_mnt_reply(const u_char*& buf, int& n,
 
 		rep->Assign(1, std::move(auth_flavors));
 		}
-	else
-		{
-		rep->Assign(0, nullptr);
-		rep->Assign(1, nullptr);
-		}
 
 	return rep;
 	}

src/analyzer/protocol/rpc/NFS.cc

@@ -321,16 +321,16 @@ Args NFS_Interp::event_common_vl(RPC_CallInfo *c, BifEnum::rpc_status rpc_status
 	auto info = make_intrusive<RecordVal>(BifType::Record::NFS3::info_t);
 	info->Assign(0, BifType::Enum::rpc_status->GetEnumVal(rpc_status));
 	info->Assign(1, BifType::Enum::NFS3::status_t->GetEnumVal(nfs_status));
-	info->Assign(2, make_intrusive<TimeVal>(c->StartTime()));
+	info->AssignTime(2, c->StartTime());
-	info->Assign(3, make_intrusive<IntervalVal>(c->LastTime()-c->StartTime()));
+	info->AssignInterval(3, c->LastTime()-c->StartTime());
-	info->Assign(4, val_mgr->Count(c->RPCLen()));
+	info->Assign(4, c->RPCLen());
-	info->Assign(5, make_intrusive<TimeVal>(rep_start_time));
+	info->AssignTime(5, rep_start_time);
-	info->Assign(6, make_intrusive<IntervalVal>(rep_last_time-rep_start_time));
+	info->AssignInterval(6, rep_last_time-rep_start_time);
-	info->Assign(7, val_mgr->Count(reply_len));
+	info->Assign(7, reply_len);
-	info->Assign(8, val_mgr->Count(c->Uid()));
+	info->Assign(8, c->Uid());
-	info->Assign(9, val_mgr->Count(c->Gid()));
+	info->Assign(9, c->Gid());
-	info->Assign(10, val_mgr->Count(c->Stamp()));
+	info->Assign(10, c->Stamp());
-	info->Assign(11, make_intrusive<StringVal>(c->MachineName()));
+	info->Assign(11, c->MachineName());
 	info->Assign(12, std::move(auxgids));
 
 	vl.emplace_back(std::move(info));
@@ -353,22 +353,18 @@ RecordValPtr NFS_Interp::nfs3_sattr(const u_char*& buf, int& n)
 	{
 	auto attrs = make_intrusive<RecordVal>(BifType::Record::NFS3::sattr_t);
 
-	attrs->Assign(0, nullptr); // mode
 	int mode_set_it =  extract_XDR_uint32(buf, n);
 	if ( mode_set_it )
 		attrs->Assign(0, ExtractUint32(buf, n)); // mode
 
-	attrs->Assign(1, nullptr); // uid
 	int uid_set_it =  extract_XDR_uint32(buf, n);
 	if ( uid_set_it )
 		attrs->Assign(1, ExtractUint32(buf, n)); // uid
 
-	attrs->Assign(2, nullptr); // gid
 	int gid_set_it =  extract_XDR_uint32(buf, n);
 	if ( gid_set_it )
 		attrs->Assign(2, ExtractUint32(buf, n)); // gid
 
-	attrs->Assign(3, nullptr); // size
 	int size_set_it =  extract_XDR_uint32(buf, n);
 	if ( size_set_it )
 		attrs->Assign(3, ExtractTime(buf, n));	 // size
@@ -389,11 +385,6 @@ RecordValPtr NFS_Interp::nfs3_sattr_reply(const u_char*& buf, int& n, BifEnum::N
 		rep->Assign(0, nfs3_pre_op_attr(buf, n));
 		rep->Assign(1, nfs3_post_op_attr(buf, n));
 		}
-	else
-		{
-		rep->Assign(1, nullptr);
-		rep->Assign(2, nullptr);
-		}
 
 	return rep;
 	}
@@ -536,8 +527,6 @@ RecordValPtr NFS_Interp::nfs3_lookup_reply(const u_char*& buf, int& n, BifEnum::
 		}
 	else
 		{
-		rep->Assign(0, nullptr);
-		rep->Assign(1, nullptr);
 		rep->Assign(2, nfs3_post_op_attr(buf, n));
 		}
 	return rep;
@@ -565,7 +554,7 @@ RecordValPtr NFS_Interp::nfs3_read_reply(const u_char*& buf, int& n, BifEnum::NF
 
 		rep->Assign(0, nfs3_post_op_attr(buf, n));
 		bytes_read = extract_XDR_uint32(buf, n);
-		rep->Assign(1, val_mgr->Count(bytes_read));
+		rep->Assign(1, bytes_read);
 		rep->Assign(2, ExtractBool(buf, n));
 		rep->Assign(3, nfs3_file_data(buf, n, offset, bytes_read));
 		}
@@ -648,9 +637,9 @@ RecordValPtr NFS_Interp::nfs3_writeargs(const u_char*& buf, int& n)
 
 	writeargs->Assign(0, nfs3_fh(buf, n));
 	offset = extract_XDR_uint64(buf, n);
-	writeargs->Assign(1, val_mgr->Count(offset));  // offset
+	writeargs->Assign(1, offset);  // offset
 	bytes = extract_XDR_uint32(buf, n);
-	writeargs->Assign(2, val_mgr->Count(bytes));   // size
+	writeargs->Assign(2, bytes);   // size
 
 	writeargs->Assign(3, nfs3_stable_how(buf, n));
 	writeargs->Assign(4, nfs3_file_data(buf, n, offset, bytes));
@@ -698,8 +687,6 @@ RecordValPtr NFS_Interp::nfs3_newobj_reply(const u_char*& buf, int& n, BifEnum::
 		}
 	else
 		{
-		rep->Assign(0, nullptr);
-		rep->Assign(1, nullptr);
 		rep->Assign(2, nfs3_pre_op_attr(buf, n));
 		rep->Assign(3, nfs3_post_op_attr(buf, n));
 		}
@@ -735,7 +722,7 @@ RecordValPtr NFS_Interp::nfs3_readdirargs(bool isplus, const u_char*& buf, int&n
 	{
 	auto args = make_intrusive<RecordVal>(BifType::Record::NFS3::readdirargs_t);
 
-	args->Assign(0, val_mgr->Bool(isplus));
+	args->Assign(0, isplus);
 	args->Assign(1, nfs3_fh(buf, n));
 	args->Assign(2, ExtractUint64(buf,n));	// cookie
 	args->Assign(3, ExtractUint64(buf,n));	// cookieverf
@@ -752,7 +739,7 @@ RecordValPtr NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf,
 	{
 	auto rep = make_intrusive<RecordVal>(BifType::Record::NFS3::readdir_reply_t);
 
-	rep->Assign(0, val_mgr->Bool(isplus));
+	rep->Assign(0, isplus);
 
 	if ( status == BifEnum::NFS3::NFS3ERR_OK )
 		{
@@ -792,29 +779,29 @@ RecordValPtr NFS_Interp::nfs3_readdir_reply(bool isplus, const u_char*& buf,
 	return rep;
 	}
 
-ValPtr NFS_Interp::ExtractUint32(const u_char*& buf, int& n)
+uint32_t NFS_Interp::ExtractUint32(const u_char*& buf, int& n)
 	{
-	return val_mgr->Count(extract_XDR_uint32(buf, n));
+	return extract_XDR_uint32(buf, n);
 	}
 
-ValPtr NFS_Interp::ExtractUint64(const u_char*& buf, int& n)
+uint64_t NFS_Interp::ExtractUint64(const u_char*& buf, int& n)
 	{
-	return val_mgr->Count(extract_XDR_uint64(buf, n));
+	return extract_XDR_uint64(buf, n);
 	}
 
-ValPtr NFS_Interp::ExtractTime(const u_char*& buf, int& n)
+double NFS_Interp::ExtractTime(const u_char*& buf, int& n)
 	{
-	return make_intrusive<TimeVal>(extract_XDR_time(buf, n));
+	return extract_XDR_time(buf, n);
 	}
 
-ValPtr NFS_Interp::ExtractInterval(const u_char*& buf, int& n)
+double NFS_Interp::ExtractInterval(const u_char*& buf, int& n)
 	{
-	return make_intrusive<IntervalVal>(double(extract_XDR_uint32(buf, n)), 1.0);
+	return double(extract_XDR_uint32(buf, n));
 	}
 
-ValPtr NFS_Interp::ExtractBool(const u_char*& buf, int& n)
+bool NFS_Interp::ExtractBool(const u_char*& buf, int& n)
 	{
-	return val_mgr->Bool(extract_XDR_uint32(buf, n));
+	return extract_XDR_uint32(buf, n);
 	}
 
 } // namespace detail

src/analyzer/protocol/rpc/NFS.h

@@ -73,11 +73,11 @@ protected:
 	//   * size is the amount of bytes read (or requested to be written),
 	StringValPtr nfs3_file_data(const u_char*& buf, int& n, uint64_t offset, int size);
 
-	ValPtr ExtractUint32(const u_char*& buf, int& n);
+	uint32_t ExtractUint32(const u_char*& buf, int& n);
-	ValPtr ExtractUint64(const u_char*& buf, int& n);
+	uint64_t ExtractUint64(const u_char*& buf, int& n);
-	ValPtr ExtractTime(const u_char*& buf, int& n);
+	double ExtractTime(const u_char*& buf, int& n);
-	ValPtr ExtractInterval(const u_char*& buf, int& n);
+	double ExtractInterval(const u_char*& buf, int& n);
-	ValPtr ExtractBool(const u_char*& buf, int& n);
+	bool ExtractBool(const u_char*& buf, int& n);
 };
 
 } // namespace detail

src/analyzer/protocol/rpc/Portmap.cc

@@ -126,8 +126,8 @@ bool PortmapperInterp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status statu
 				return false;
 
 			RecordVal* rv = c->RequestVal()->AsRecordVal();
-			const auto& is_tcp = rv->GetField(2);
+			auto is_tcp = rv->GetFieldAs<BoolVal>(2);
-			reply = val_mgr->Port(CheckPort(port), is_tcp->IsOne() ?
+			reply = val_mgr->Port(CheckPort(port), is_tcp ?
 			                      TRANSPORT_TCP : TRANSPORT_UDP);
 			event = pm_request_getport;
 			}
@@ -195,8 +195,8 @@ ValPtr PortmapperInterp::ExtractMapping(const u_char*& buf, int& len)
 	static auto pm_mapping = id::find_type<RecordType>("pm_mapping");
 	auto mapping = make_intrusive<RecordVal>(pm_mapping);
 
-	mapping->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
+	mapping->Assign(0, extract_XDR_uint32(buf, len));
-	mapping->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
+	mapping->Assign(1, extract_XDR_uint32(buf, len));
 
 	bool is_tcp = extract_XDR_uint32(buf, len) == IPPROTO_TCP;
 	uint32_t port = extract_XDR_uint32(buf, len);
@@ -213,11 +213,11 @@ ValPtr PortmapperInterp::ExtractPortRequest(const u_char*& buf, int& len)
 	static auto pm_port_request = id::find_type<RecordType>("pm_port_request");
 	auto pr = make_intrusive<RecordVal>(pm_port_request);
 
-	pr->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
+	pr->Assign(0, extract_XDR_uint32(buf, len));
-	pr->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
+	pr->Assign(1, extract_XDR_uint32(buf, len));
 
 	bool is_tcp = extract_XDR_uint32(buf, len) == IPPROTO_TCP;
-	pr->Assign(2, val_mgr->Bool(is_tcp));
+	pr->Assign(2, is_tcp);
 	(void) extract_XDR_uint32(buf, len);	// consume the bogus port
 
 	if ( ! buf )
@@ -231,13 +231,13 @@ ValPtr PortmapperInterp::ExtractCallItRequest(const u_char*& buf, int& len)
 	static auto pm_callit_request = id::find_type<RecordType>("pm_callit_request");
 	auto c = make_intrusive<RecordVal>(pm_callit_request);
 
-	c->Assign(0, val_mgr->Count(extract_XDR_uint32(buf, len)));
+	c->Assign(0, extract_XDR_uint32(buf, len));
-	c->Assign(1, val_mgr->Count(extract_XDR_uint32(buf, len)));
+	c->Assign(1, extract_XDR_uint32(buf, len));
-	c->Assign(2, val_mgr->Count(extract_XDR_uint32(buf, len)));
+	c->Assign(2, extract_XDR_uint32(buf, len));
 
 	int arg_n;
 	(void) extract_XDR_opaque(buf, len, arg_n);
-	c->Assign(3, val_mgr->Count(arg_n));
+	c->Assign(3, arg_n);
 
 	if ( ! buf )
 		return nullptr;

src/analyzer/protocol/smb/smb-time.pac

@@ -1,21 +1,20 @@
 %header{
-zeek::ValPtr filetime2zeektime(uint64_t ts);
+double filetime2zeektime(uint64_t ts);
-zeek::ValPtr time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz);
+double time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz);
 
 zeek::RecordValPtr SMB_BuildMACTimes(uint64_t modify, uint64_t access,
                                      uint64_t create, uint64_t change);
 %}
 
 %code{
-zeek::ValPtr filetime2zeektime(uint64_t ts)
+double filetime2zeektime(uint64_t ts)
 	{
 	// Zeek can't support times back to the 1600's
 	// so we subtract a lot of seconds.
-	double secs = (ts / 10000000.0L) - 11644473600.0L;
+	return (ts / 10000000.0L) - 11644473600.0L;
-	return zeek::make_intrusive<zeek::TimeVal>(secs);
 	}
 
-zeek::ValPtr time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz)
+double time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz)
 	{
 	tm lTime;
 	lTime.tm_sec = ${t.two_seconds} * 2;
@@ -25,8 +24,7 @@ zeek::ValPtr time_from_lanman(SMB_time* t, SMB_date* d, uint16_t tz)
 	lTime.tm_mon = ${d.month};
 	lTime.tm_year = 1980 + ${d.year};
 	lTime.tm_isdst = -1;
-	double lResult = mktime(&lTime);
+	return mktime(&lTime) + tz;
-	return zeek::make_intrusive<zeek::TimeVal>(lResult + tz);
 	}
 
 zeek::RecordValPtr SMB_BuildMACTimes(uint64_t modify, uint64_t access,

src/analyzer/protocol/smb/smb1-com-negotiate.pac

@@ -42,7 +42,7 @@ refine connection SMB_Conn += {
 				case 0x01:
 					{
 					auto core = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseCore);
-					core->Assign(0, zeek::val_mgr->Count(${val.dialect_index}));
+					core->Assign(0, ${val.dialect_index});
 
 					response->Assign(0, std::move(core));
 					}
@@ -51,23 +51,23 @@ refine connection SMB_Conn += {
 				case 0x0d:
 					{
 					auto security = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseSecurity);
-					security->Assign(0, zeek::val_mgr->Bool(${val.lanman.security_user_level}));
+					security->Assign(0, ${val.lanman.security_user_level});
-					security->Assign(1, zeek::val_mgr->Bool(${val.lanman.security_challenge_response}));
+					security->Assign(1, ${val.lanman.security_challenge_response});
 
 					auto raw = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateRawMode);
-					raw->Assign(0, zeek::val_mgr->Bool(${val.lanman.raw_read_supported}));
+					raw->Assign(0, ${val.lanman.raw_read_supported});
-					raw->Assign(1, zeek::val_mgr->Bool(${val.lanman.raw_write_supported}));
+					raw->Assign(1, ${val.lanman.raw_write_supported});
 
 					auto lanman = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseLANMAN);
-					lanman->Assign(0, zeek::val_mgr->Count(${val.word_count}));
+					lanman->Assign(0, ${val.word_count});
-					lanman->Assign(1, zeek::val_mgr->Count(${val.dialect_index}));
+					lanman->Assign(1, ${val.dialect_index});
 					lanman->Assign(2, std::move(security));
-					lanman->Assign(3, zeek::val_mgr->Count(${val.lanman.max_buffer_size}));
+					lanman->Assign(3, ${val.lanman.max_buffer_size});
-					lanman->Assign(4, zeek::val_mgr->Count(${val.lanman.max_mpx_count}));
+					lanman->Assign(4, ${val.lanman.max_mpx_count});
 
-					lanman->Assign(5, zeek::val_mgr->Count(${val.lanman.max_number_vcs}));
+					lanman->Assign(5, ${val.lanman.max_number_vcs});
 					lanman->Assign(6, std::move(raw));
-					lanman->Assign(7, zeek::val_mgr->Count(${val.lanman.session_key}));
+					lanman->Assign(7, ${val.lanman.session_key});
 					lanman->Assign(8, time_from_lanman(${val.lanman.server_time}, ${val.lanman.server_date}, ${val.lanman.server_tz}));
 					lanman->Assign(9, to_stringval(${val.lanman.encryption_key}));
 
@@ -80,44 +80,44 @@ refine connection SMB_Conn += {
 				case 0x11:
 					{
 					auto security = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseSecurity);
-					security->Assign(0, zeek::val_mgr->Bool(${val.ntlm.security_user_level}));
+					security->Assign(0, ${val.ntlm.security_user_level});
-					security->Assign(1, zeek::val_mgr->Bool(${val.ntlm.security_challenge_response}));
+					security->Assign(1, ${val.ntlm.security_challenge_response});
-					security->Assign(2, zeek::val_mgr->Bool(${val.ntlm.security_signatures_enabled}));
+					security->Assign(2, ${val.ntlm.security_signatures_enabled});
-					security->Assign(3, zeek::val_mgr->Bool(${val.ntlm.security_signatures_required}));
+					security->Assign(3, ${val.ntlm.security_signatures_required});
 
 					auto capabilities = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateCapabilities);
-					capabilities->Assign(0, zeek::val_mgr->Bool(${val.ntlm.capabilities_raw_mode}));
+					capabilities->Assign(0, ${val.ntlm.capabilities_raw_mode});
-					capabilities->Assign(1, zeek::val_mgr->Bool(${val.ntlm.capabilities_mpx_mode}));
+					capabilities->Assign(1, ${val.ntlm.capabilities_mpx_mode});
-					capabilities->Assign(2, zeek::val_mgr->Bool(${val.ntlm.capabilities_unicode}));
+					capabilities->Assign(2, ${val.ntlm.capabilities_unicode});
-					capabilities->Assign(3, zeek::val_mgr->Bool(${val.ntlm.capabilities_large_files}));
+					capabilities->Assign(3, ${val.ntlm.capabilities_large_files});
-					capabilities->Assign(4, zeek::val_mgr->Bool(${val.ntlm.capabilities_nt_smbs}));
+					capabilities->Assign(4, ${val.ntlm.capabilities_nt_smbs});
 
-					capabilities->Assign(5, zeek::val_mgr->Bool(${val.ntlm.capabilities_rpc_remote_apis}));
+					capabilities->Assign(5, ${val.ntlm.capabilities_rpc_remote_apis});
-					capabilities->Assign(6, zeek::val_mgr->Bool(${val.ntlm.capabilities_status32}));
+					capabilities->Assign(6, ${val.ntlm.capabilities_status32});
-					capabilities->Assign(7, zeek::val_mgr->Bool(${val.ntlm.capabilities_level_2_oplocks}));
+					capabilities->Assign(7, ${val.ntlm.capabilities_level_2_oplocks});
-					capabilities->Assign(8, zeek::val_mgr->Bool(${val.ntlm.capabilities_lock_and_read}));
+					capabilities->Assign(8, ${val.ntlm.capabilities_lock_and_read});
-					capabilities->Assign(9, zeek::val_mgr->Bool(${val.ntlm.capabilities_nt_find}));
+					capabilities->Assign(9, ${val.ntlm.capabilities_nt_find});
 
-					capabilities->Assign(10, zeek::val_mgr->Bool(${val.ntlm.capabilities_dfs}));
+					capabilities->Assign(10, ${val.ntlm.capabilities_dfs});
-					capabilities->Assign(11, zeek::val_mgr->Bool(${val.ntlm.capabilities_infolevel_passthru}));
+					capabilities->Assign(11, ${val.ntlm.capabilities_infolevel_passthru});
-					capabilities->Assign(12, zeek::val_mgr->Bool(${val.ntlm.capabilities_large_readx}));
+					capabilities->Assign(12, ${val.ntlm.capabilities_large_readx});
-					capabilities->Assign(13, zeek::val_mgr->Bool(${val.ntlm.capabilities_large_writex}));
+					capabilities->Assign(13, ${val.ntlm.capabilities_large_writex});
-					capabilities->Assign(14, zeek::val_mgr->Bool(${val.ntlm.capabilities_unix}));
+					capabilities->Assign(14, ${val.ntlm.capabilities_unix});
 
-					capabilities->Assign(15, zeek::val_mgr->Bool(${val.ntlm.capabilities_bulk_transfer}));
+					capabilities->Assign(15, ${val.ntlm.capabilities_bulk_transfer});
-					capabilities->Assign(16, zeek::val_mgr->Bool(${val.ntlm.capabilities_compressed_data}));
+					capabilities->Assign(16, ${val.ntlm.capabilities_compressed_data});
-					capabilities->Assign(17, zeek::val_mgr->Bool(${val.ntlm.capabilities_extended_security}));
+					capabilities->Assign(17, ${val.ntlm.capabilities_extended_security});
 
 					auto ntlm = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::NegotiateResponseNTLM);
-					ntlm->Assign(0, zeek::val_mgr->Count(${val.word_count}));
+					ntlm->Assign(0, ${val.word_count});
-					ntlm->Assign(1, zeek::val_mgr->Count(${val.dialect_index}));
+					ntlm->Assign(1, ${val.dialect_index});
 					ntlm->Assign(2, std::move(security));
-					ntlm->Assign(3, zeek::val_mgr->Count(${val.ntlm.max_buffer_size}));
+					ntlm->Assign(3, ${val.ntlm.max_buffer_size});
-					ntlm->Assign(4, zeek::val_mgr->Count(${val.ntlm.max_mpx_count}));
+					ntlm->Assign(4, ${val.ntlm.max_mpx_count});
 
-					ntlm->Assign(5, zeek::val_mgr->Count(${val.ntlm.max_number_vcs}));
+					ntlm->Assign(5, ${val.ntlm.max_number_vcs});
-					ntlm->Assign(6, zeek::val_mgr->Count(${val.ntlm.max_raw_size}));
+					ntlm->Assign(6, ${val.ntlm.max_raw_size});
-					ntlm->Assign(7, zeek::val_mgr->Count(${val.ntlm.session_key}));
+					ntlm->Assign(7, ${val.ntlm.session_key});
 					ntlm->Assign(8, std::move(capabilities));
 					ntlm->Assign(9, filetime2zeektime(${val.ntlm.server_time}));
 

src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac

@@ -14,13 +14,13 @@ refine connection SMB_Conn += {
 			{
 			auto request = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXRequest);
 
-			request->Assign(0, zeek::val_mgr->Count(${val.word_count}));
+			request->Assign(0, ${val.word_count});
 			switch ( ${val.word_count} ) {
 				case 10:	// pre NT LM 0.12
-					request->Assign(1, zeek::val_mgr->Count(${val.lanman.max_buffer_size}));
+					request->Assign(1, ${val.lanman.max_buffer_size});
-					request->Assign(2, zeek::val_mgr->Count(${val.lanman.max_mpx_count}));
+					request->Assign(2, ${val.lanman.max_mpx_count});
-					request->Assign(3, zeek::val_mgr->Count(${val.lanman.vc_number}));
+					request->Assign(3, ${val.lanman.vc_number});
-					request->Assign(4, zeek::val_mgr->Count(${val.lanman.session_key}));
+					request->Assign(4, ${val.lanman.session_key});
 
 					request->Assign(5, smb_string2stringval(${val.lanman.native_os}));
 					request->Assign(6, smb_string2stringval(${val.lanman.native_lanman}));
@@ -32,17 +32,17 @@ refine connection SMB_Conn += {
 				case 12:	// NT LM 0.12 with extended security
 					{
 					auto capabilities = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities);
-				 	capabilities->Assign(0, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.unicode}));
+					capabilities->Assign(0, ${val.ntlm_extended_security.capabilities.unicode});
-				 	capabilities->Assign(1, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.large_files}));
+					capabilities->Assign(1, ${val.ntlm_extended_security.capabilities.large_files});
-				 	capabilities->Assign(2, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.nt_smbs}));
+					capabilities->Assign(2, ${val.ntlm_extended_security.capabilities.nt_smbs});
-				 	capabilities->Assign(3, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.status32}));
+					capabilities->Assign(3, ${val.ntlm_extended_security.capabilities.status32});
-				 	capabilities->Assign(4, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.level_2_oplocks}));
+					capabilities->Assign(4, ${val.ntlm_extended_security.capabilities.level_2_oplocks});
-				 	capabilities->Assign(5, zeek::val_mgr->Bool(${val.ntlm_extended_security.capabilities.nt_find}));
+					capabilities->Assign(5, ${val.ntlm_extended_security.capabilities.nt_find});
 
-					request->Assign(1, zeek::val_mgr->Count(${val.ntlm_extended_security.max_buffer_size}));
+					request->Assign(1, ${val.ntlm_extended_security.max_buffer_size});
-					request->Assign(2, zeek::val_mgr->Count(${val.ntlm_extended_security.max_mpx_count}));
+					request->Assign(2, ${val.ntlm_extended_security.max_mpx_count});
-					request->Assign(3, zeek::val_mgr->Count(${val.ntlm_extended_security.vc_number}));
+					request->Assign(3, ${val.ntlm_extended_security.vc_number});
-					request->Assign(4, zeek::val_mgr->Count(${val.ntlm_extended_security.session_key}));
+					request->Assign(4, ${val.ntlm_extended_security.session_key});
 
 					request->Assign(5, smb_string2stringval(${val.ntlm_extended_security.native_os}));
 					request->Assign(6, smb_string2stringval(${val.ntlm_extended_security.native_lanman}));
@@ -54,17 +54,17 @@ refine connection SMB_Conn += {
 				case 13: // NT LM 0.12 without extended security
 					{
 					auto capabilities = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXCapabilities);
-				 	capabilities->Assign(0, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.unicode}));
+					capabilities->Assign(0, ${val.ntlm_nonextended_security.capabilities.unicode});
-				 	capabilities->Assign(1, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.large_files}));
+					capabilities->Assign(1, ${val.ntlm_nonextended_security.capabilities.large_files});
-				 	capabilities->Assign(2, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.nt_smbs}));
+					capabilities->Assign(2, ${val.ntlm_nonextended_security.capabilities.nt_smbs});
-				 	capabilities->Assign(3, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.status32}));
+					capabilities->Assign(3, ${val.ntlm_nonextended_security.capabilities.status32});
-				 	capabilities->Assign(4, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.level_2_oplocks}));
+					capabilities->Assign(4, ${val.ntlm_nonextended_security.capabilities.level_2_oplocks});
-				 	capabilities->Assign(5, zeek::val_mgr->Bool(${val.ntlm_nonextended_security.capabilities.nt_find}));
+					capabilities->Assign(5, ${val.ntlm_nonextended_security.capabilities.nt_find});
 
-					request->Assign(1, zeek::val_mgr->Count(${val.ntlm_nonextended_security.max_buffer_size}));
+					request->Assign(1, ${val.ntlm_nonextended_security.max_buffer_size});
-					request->Assign(2, zeek::val_mgr->Count(${val.ntlm_nonextended_security.max_mpx_count}));
+					request->Assign(2, ${val.ntlm_nonextended_security.max_mpx_count});
-					request->Assign(3, zeek::val_mgr->Count(${val.ntlm_nonextended_security.vc_number}));
+					request->Assign(3, ${val.ntlm_nonextended_security.vc_number});
-					request->Assign(4, zeek::val_mgr->Count(${val.ntlm_nonextended_security.session_key}));
+					request->Assign(4, ${val.ntlm_nonextended_security.session_key});
 
 					request->Assign(5, smb_string2stringval(${val.ntlm_nonextended_security.native_os}));
 					request->Assign(6, smb_string2stringval(${val.ntlm_nonextended_security.native_lanman}));
@@ -91,18 +91,18 @@ refine connection SMB_Conn += {
 		if ( smb1_session_setup_andx_response )
 			{
 			auto response = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::SessionSetupAndXResponse);
-			response->Assign(0, zeek::val_mgr->Count(${val.word_count}));
+			response->Assign(0, ${val.word_count});
 
 			switch ( ${val.word_count} )
 				{
 				case 3: // pre NT LM 0.12
-					response->Assign(1, zeek::val_mgr->Bool(${val.lanman.is_guest}));
+					response->Assign(1, ${val.lanman.is_guest});
 					response->Assign(2, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_os[0]}));
 					response->Assign(3, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.native_lanman[0]}));
 					response->Assign(4, ${val.lanman.byte_count} == 0 ? zeek::val_mgr->EmptyString() : smb_string2stringval(${val.lanman.primary_domain[0]}));
 					break;
 				case 4: // NT LM 0.12
-					response->Assign(1, zeek::val_mgr->Bool(${val.ntlm.is_guest}));
+					response->Assign(1, ${val.ntlm.is_guest});
 					response->Assign(2, smb_string2stringval(${val.ntlm.native_os}));
 					response->Assign(3, smb_string2stringval(${val.ntlm.native_lanman}));
 					//response->Assign(4, smb_string2stringval(${val.ntlm.primary_domain}));

src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac

@@ -6,14 +6,14 @@ refine connection SMB_Conn += {
 		return false;
 
 	auto args = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::Trans_Sec_Args);
-	args->Assign(0, zeek::val_mgr->Count(${val.total_param_count}));
+	args->Assign(0, ${val.total_param_count});
-	args->Assign(1, zeek::val_mgr->Count(${val.total_data_count}));
+	args->Assign(1, ${val.total_data_count});
-	args->Assign(2, zeek::val_mgr->Count(${val.param_count}));
+	args->Assign(2, ${val.param_count});
-	args->Assign(3, zeek::val_mgr->Count(${val.param_offset}));
+	args->Assign(3, ${val.param_offset});
-	args->Assign(4, zeek::val_mgr->Count(${val.param_displacement}));
+	args->Assign(4, ${val.param_displacement});
-	args->Assign(5, zeek::val_mgr->Count(${val.data_count}));
+	args->Assign(5, ${val.data_count});
-	args->Assign(6, zeek::val_mgr->Count(${val.data_offset}));
+	args->Assign(6, ${val.data_offset});
-	args->Assign(7, zeek::val_mgr->Count(${val.data_displacement}));
+	args->Assign(7, ${val.data_displacement});
 
 	auto parameters = zeek::make_intrusive<zeek::StringVal>(${val.parameters}.length(),
 	                                            (const char*)${val.parameters}.data());

src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac

@@ -6,15 +6,15 @@ refine connection SMB_Conn += {
 		return false;
 
 	auto args = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::Trans2_Sec_Args);
-	args->Assign(0, zeek::val_mgr->Count(${val.total_param_count}));
+	args->Assign(0, ${val.total_param_count});
-	args->Assign(1, zeek::val_mgr->Count(${val.total_data_count}));
+	args->Assign(1, ${val.total_data_count});
-	args->Assign(2, zeek::val_mgr->Count(${val.param_count}));
+	args->Assign(2, ${val.param_count});
-	args->Assign(3, zeek::val_mgr->Count(${val.param_offset}));
+	args->Assign(3, ${val.param_offset});
-	args->Assign(4, zeek::val_mgr->Count(${val.param_displacement}));
+	args->Assign(4, ${val.param_displacement});
-	args->Assign(5, zeek::val_mgr->Count(${val.data_count}));
+	args->Assign(5, ${val.data_count});
-	args->Assign(6, zeek::val_mgr->Count(${val.data_offset}));
+	args->Assign(6, ${val.data_offset});
-	args->Assign(7, zeek::val_mgr->Count(${val.data_displacement}));
+	args->Assign(7, ${val.data_displacement});
-	args->Assign(8, zeek::val_mgr->Count(${val.FID}));
+	args->Assign(8, ${val.FID});
 
 	auto parameters = zeek::make_intrusive<zeek::StringVal>(${val.parameters}.length(), (const char*)${val.parameters}.data());
 	auto payload = zeek::make_intrusive<zeek::StringVal>(${val.data}.length(), (const char*)${val.data}.data());

src/analyzer/protocol/smb/smb1-com-transaction2.pac

@@ -25,18 +25,18 @@ refine connection SMB_Conn += {
 		if ( smb1_transaction2_request )
 			{
 			auto args = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::Trans2_Args);
-			args->Assign(0, zeek::val_mgr->Count(${val.total_param_count}));
+			args->Assign(0, ${val.total_param_count});
-			args->Assign(1, zeek::val_mgr->Count(${val.total_data_count}));
+			args->Assign(1, ${val.total_data_count});
-			args->Assign(2, zeek::val_mgr->Count(${val.max_param_count}));
+			args->Assign(2, ${val.max_param_count});
-			args->Assign(3, zeek::val_mgr->Count(${val.max_data_count}));
+			args->Assign(3, ${val.max_data_count});
-			args->Assign(4, zeek::val_mgr->Count(${val.max_setup_count}));
+			args->Assign(4, ${val.max_setup_count});
-			args->Assign(5, zeek::val_mgr->Count(${val.flags}));
+			args->Assign(5, ${val.flags});
-			args->Assign(6, zeek::val_mgr->Count(${val.timeout}));
+			args->Assign(6, ${val.timeout});
-			args->Assign(7, zeek::val_mgr->Count(${val.param_count}));
+			args->Assign(7, ${val.param_count});
-			args->Assign(8, zeek::val_mgr->Count(${val.param_offset}));
+			args->Assign(8, ${val.param_offset});
-			args->Assign(9, zeek::val_mgr->Count(${val.data_count}));
+			args->Assign(9, ${val.data_count});
-			args->Assign(10, zeek::val_mgr->Count(${val.data_offset}));
+			args->Assign(10, ${val.data_offset});
-			args->Assign(11, zeek::val_mgr->Count(${val.setup_count}));
+			args->Assign(11, ${val.setup_count});
 
 			zeek::BifEvent::enqueue_smb1_transaction2_request(zeek_analyzer(),
 			                                            zeek_analyzer()->Conn(),
@@ -132,11 +132,11 @@ refine connection SMB_Conn += {
 		if ( smb1_trans2_find_first2_request )
 			{
 			auto result = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB1::Find_First2_Request_Args);
-			result->Assign(0, zeek::val_mgr->Count(${val.search_attrs}));
+			result->Assign(0, ${val.search_attrs});
-			result->Assign(1, zeek::val_mgr->Count(${val.search_count}));
+			result->Assign(1, ${val.search_count});
-			result->Assign(2, zeek::val_mgr->Count(${val.flags}));
+			result->Assign(2, ${val.flags});
-			result->Assign(3, zeek::val_mgr->Count(${val.info_level}));
+			result->Assign(3, ${val.info_level});
-			result->Assign(4, zeek::val_mgr->Count(${val.search_storage_type}));
+			result->Assign(4, ${val.search_storage_type});
 			result->Assign(5, smb_string2stringval(${val.file_name}));
 			zeek::BifEvent::enqueue_smb1_trans2_find_first2_request(zeek_analyzer(),
 			                                                        zeek_analyzer()->Conn(),

src/analyzer/protocol/smb/smb1-protocol.pac

@@ -25,14 +25,14 @@
 		//	{ // do nothing
 		//	}
 
-		r->Assign(0, zeek::val_mgr->Count(${hdr.command}));
+		r->Assign(0, ${hdr.command});
-		r->Assign(1, zeek::val_mgr->Count(${hdr.status}));
+		r->Assign(1, ${hdr.status});
-		r->Assign(2, zeek::val_mgr->Count(${hdr.flags}));
+		r->Assign(2, ${hdr.flags});
-		r->Assign(3, zeek::val_mgr->Count(${hdr.flags2}));
+		r->Assign(3, ${hdr.flags2});
-		r->Assign(4, zeek::val_mgr->Count(${hdr.tid}));
+		r->Assign(4, ${hdr.tid});
-		r->Assign(5, zeek::val_mgr->Count(${hdr.pid}));
+		r->Assign(5, ${hdr.pid});
-		r->Assign(6, zeek::val_mgr->Count(${hdr.uid}));
+		r->Assign(6, ${hdr.uid});
-		r->Assign(7, zeek::val_mgr->Count(${hdr.mid}));
+		r->Assign(7, ${hdr.mid});
 
 		return r;
 		}

src/analyzer/protocol/smb/smb2-com-close.pac

@@ -22,8 +22,8 @@ refine connection SMB_Conn += {
 			{
 			auto resp = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::CloseResponse);
 
-			resp->Assign(0, zeek::val_mgr->Count(${val.alloc_size}));
+			resp->Assign(0, ${val.alloc_size});
-			resp->Assign(1, zeek::val_mgr->Count(${val.eof}));
+			resp->Assign(1, ${val.eof});
 			resp->Assign(2, SMB_BuildMACTimes(${val.last_write_time},
 			                                  ${val.last_access_time},
 			                                  ${val.creation_time},

src/analyzer/protocol/smb/smb2-com-create.pac

@@ -18,8 +18,8 @@ refine connection SMB_Conn += {
 			{
 			auto requestinfo = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::CreateRequest);
 			requestinfo->Assign(0, std::move(filename));
-			requestinfo->Assign(1, zeek::val_mgr->Count(${val.disposition}));
+			requestinfo->Assign(1, ${val.disposition});
-			requestinfo->Assign(2, zeek::val_mgr->Count(${val.create_options}));
+			requestinfo->Assign(2, ${val.create_options});
 			zeek::BifEvent::enqueue_smb2_create_request(zeek_analyzer(),
 			                                      zeek_analyzer()->Conn(),
 			                                      BuildSMB2HeaderVal(h),
@@ -35,13 +35,13 @@ refine connection SMB_Conn += {
 			{
 			auto responseinfo = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::CreateResponse);
 			responseinfo->Assign(0, BuildSMB2GUID(${val.file_id}));
-			responseinfo->Assign(1, zeek::val_mgr->Count(${val.eof}));
+			responseinfo->Assign(1, ${val.eof});
 			responseinfo->Assign(2, SMB_BuildMACTimes(${val.last_write_time},
 			                                          ${val.last_access_time},
 			                                          ${val.creation_time},
 			                                          ${val.change_time}));
 			responseinfo->Assign(3, smb2_file_attrs_to_zeek(${val.file_attrs}));
-			responseinfo->Assign(4, zeek::val_mgr->Count(${val.create_action}));
+			responseinfo->Assign(4, ${val.create_action});
 			zeek::BifEvent::enqueue_smb2_create_response(zeek_analyzer(),
 			                                       zeek_analyzer()->Conn(),
 			                                       BuildSMB2HeaderVal(h),

src/analyzer/protocol/smb/smb2-com-negotiate.pac

@@ -41,12 +41,12 @@ refine connection SMB_Conn += {
 			{
 			auto nr = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::NegotiateResponse);
 
-			nr->Assign(0, zeek::val_mgr->Count(${val.dialect_revision}));
+			nr->Assign(0, ${val.dialect_revision});
-			nr->Assign(1, zeek::val_mgr->Count(${val.security_mode}));
+			nr->Assign(1, ${val.security_mode});
 			nr->Assign(2, BuildSMB2GUID(${val.server_guid}));
 			nr->Assign(3, filetime2zeektime(${val.system_time}));
 			nr->Assign(4, filetime2zeektime(${val.server_start_time}));
-			nr->Assign(5, zeek::val_mgr->Count(${val.negotiate_context_count}));
+			nr->Assign(5, ${val.negotiate_context_count});
 
 			auto cv = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::SMB2::NegotiateContextValues);
 

src/analyzer/protocol/smb/smb2-com-session-setup.pac

@@ -5,7 +5,7 @@ refine connection SMB_Conn += {
 		if ( smb2_session_setup_request )
 			{
 			auto req = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::SessionSetupRequest);
-			req->Assign(0, zeek::val_mgr->Count(${val.security_mode}));
+			req->Assign(0, ${val.security_mode});
 
 			zeek::BifEvent::enqueue_smb2_session_setup_request(zeek_analyzer(),
 			                                             zeek_analyzer()->Conn(),
@@ -21,9 +21,9 @@ refine connection SMB_Conn += {
 		if ( smb2_session_setup_response )
 			{
 			auto flags = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::SessionSetupFlags);
-			flags->Assign(0, zeek::val_mgr->Bool(${val.flag_guest}));
+			flags->Assign(0, ${val.flag_guest});
-			flags->Assign(1, zeek::val_mgr->Bool(${val.flag_anonymous}));
+			flags->Assign(1, ${val.flag_anonymous});
-			flags->Assign(2, zeek::val_mgr->Bool(${val.flag_encrypt}));
+			flags->Assign(2, ${val.flag_encrypt});
 
 			auto resp = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::SessionSetupResponse);
 			resp->Assign(0, std::move(flags));

src/analyzer/protocol/smb/smb2-com-set-info.pac

@@ -193,12 +193,12 @@ refine connection SMB_Conn += {
 		if ( smb2_file_fscontrol )
 			{
 			auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::Fscontrol);
-			r->Assign(0, zeek::val_mgr->Int(${val.free_space_start_filtering}));
+			r->Assign(0, static_cast<int>(${val.free_space_start_filtering}));
-			r->Assign(1, zeek::val_mgr->Int(${val.free_space_start_threshold}));
+			r->Assign(1, static_cast<int>(${val.free_space_start_threshold}));
-			r->Assign(2, zeek::val_mgr->Int(${val.free_space_stop_filtering}));
+			r->Assign(2, static_cast<int>(${val.free_space_stop_filtering}));
-			r->Assign(3, zeek::val_mgr->Count(${val.default_quota_threshold}));
+			r->Assign(3, ${val.default_quota_threshold});
-			r->Assign(4, zeek::val_mgr->Count(${val.default_quota_limit}));
+			r->Assign(4, ${val.default_quota_limit});
-			r->Assign(5, zeek::val_mgr->Count(${val.file_system_control_flags}));
+			r->Assign(5, ${val.file_system_control_flags});
 
 			zeek::BifEvent::enqueue_smb2_file_fscontrol(zeek_analyzer(),
 			                                      zeek_analyzer()->Conn(),

src/analyzer/protocol/smb/smb2-com-transform-header.pac

@@ -7,9 +7,9 @@ refine connection SMB_Conn += {
 			auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::Transform_header);
 			r->Assign(0, to_stringval(${hdr.signature}));
 			r->Assign(1, to_stringval(${hdr.nonce}));
-			r->Assign(2, zeek::val_mgr->Count(${hdr.orig_msg_size}));
+			r->Assign(2, ${hdr.orig_msg_size});
-			r->Assign(3, zeek::val_mgr->Count(${hdr.flags}));
+			r->Assign(3, ${hdr.flags});
-			r->Assign(4, zeek::val_mgr->Count(${hdr.session_id}));
+			r->Assign(4, ${hdr.session_id});
 
 			zeek::BifEvent::enqueue_smb2_transform_header(zeek_analyzer(),
 			                                        zeek_analyzer()->Conn(),

src/analyzer/protocol/smb/smb2-com-tree-connect.pac

@@ -19,7 +19,7 @@ refine connection SMB_Conn += {
 		if ( smb2_tree_connect_response )
 			{
 			auto resp = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::TreeConnectResponse);
-			resp->Assign(0, zeek::val_mgr->Count(${val.share_type}));
+			resp->Assign(0, ${val.share_type});
 
 			zeek::BifEvent::enqueue_smb2_tree_connect_response(zeek_analyzer(),
 			                                             zeek_analyzer()->Conn(),

src/analyzer/protocol/smb/smb2-protocol.pac

@@ -12,15 +12,15 @@ zeek::RecordValPtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv);
 zeek::RecordValPtr BuildSMB2HeaderVal(SMB2_Header* hdr)
 	{
 	auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::Header);
-	r->Assign(0, zeek::val_mgr->Count(${hdr.credit_charge}));
+	r->Assign(0, ${hdr.credit_charge});
-	r->Assign(1, zeek::val_mgr->Count(${hdr.status}));
+	r->Assign(1, ${hdr.status});
-	r->Assign(2, zeek::val_mgr->Count(${hdr.command}));
+	r->Assign(2, ${hdr.command});
-	r->Assign(3, zeek::val_mgr->Count(${hdr.credits}));
+	r->Assign(3, ${hdr.credits});
-	r->Assign(4, zeek::val_mgr->Count(${hdr.flags}));
+	r->Assign(4, ${hdr.flags});
-	r->Assign(5, zeek::val_mgr->Count(${hdr.message_id}));
+	r->Assign(5, ${hdr.message_id});
-	r->Assign(6, zeek::val_mgr->Count(${hdr.process_id}));
+	r->Assign(6, ${hdr.process_id});
-	r->Assign(7, zeek::val_mgr->Count(${hdr.tree_id}));
+	r->Assign(7, ${hdr.tree_id});
-	r->Assign(8, zeek::val_mgr->Count(${hdr.session_id}));
+	r->Assign(8, ${hdr.session_id});
 	r->Assign(9, to_stringval(${hdr.signature}));
 	return r;
 	}
@@ -28,29 +28,29 @@ zeek::RecordValPtr BuildSMB2HeaderVal(SMB2_Header* hdr)
 zeek::RecordValPtr BuildSMB2GUID(SMB2_guid* file_id)
 	{
 	auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::GUID);
-	r->Assign(0, zeek::val_mgr->Count(${file_id.persistent}));
+	r->Assign(0, ${file_id.persistent});
-	r->Assign(1, zeek::val_mgr->Count(${file_id._volatile}));
+	r->Assign(1, ${file_id._volatile});
 	return r;
 	}
 
 zeek::RecordValPtr smb2_file_attrs_to_zeek(SMB2_file_attributes* val)
 	{
 	auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::FileAttrs);
-	r->Assign(0, zeek::val_mgr->Bool(${val.read_only}));
+	r->Assign(0, ${val.read_only});
-	r->Assign(1, zeek::val_mgr->Bool(${val.hidden}));
+	r->Assign(1, ${val.hidden});
-	r->Assign(2, zeek::val_mgr->Bool(${val.system}));
+	r->Assign(2, ${val.system});
-	r->Assign(3, zeek::val_mgr->Bool(${val.directory}));
+	r->Assign(3, ${val.directory});
-	r->Assign(4, zeek::val_mgr->Bool(${val.archive}));
+	r->Assign(4, ${val.archive});
-	r->Assign(5, zeek::val_mgr->Bool(${val.normal}));
+	r->Assign(5, ${val.normal});
-	r->Assign(6, zeek::val_mgr->Bool(${val.temporary}));
+	r->Assign(6, ${val.temporary});
-	r->Assign(7, zeek::val_mgr->Bool(${val.sparse_file}));
+	r->Assign(7, ${val.sparse_file});
-	r->Assign(8, zeek::val_mgr->Bool(${val.reparse_point}));
+	r->Assign(8, ${val.reparse_point});
-	r->Assign(9, zeek::val_mgr->Bool(${val.compressed}));
+	r->Assign(9, ${val.compressed});
-	r->Assign(10, zeek::val_mgr->Bool(${val.offline}));
+	r->Assign(10, ${val.offline});
-	r->Assign(11, zeek::val_mgr->Bool(${val.not_content_indexed}));
+	r->Assign(11, ${val.not_content_indexed});
-	r->Assign(12, zeek::val_mgr->Bool(${val.encrypted}));
+	r->Assign(12, ${val.encrypted});
-	r->Assign(13, zeek::val_mgr->Bool(${val.integrity_stream}));
+	r->Assign(13, ${val.integrity_stream});
-	r->Assign(14, zeek::val_mgr->Bool(${val.no_scrub_data}));
+	r->Assign(14, ${val.no_scrub_data});
 	return r;
 	}
 
@@ -58,15 +58,15 @@ zeek::RecordValPtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
 	{
 	auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::NegotiateContextValue);
 
-	r->Assign(0, zeek::val_mgr->Count(${ncv.context_type}));
+	r->Assign(0, ${ncv.context_type});
-	r->Assign(1, zeek::val_mgr->Count(${ncv.data_length}));
+	r->Assign(1, ${ncv.data_length});
 
 	switch ( ${ncv.context_type} ) {
 	case SMB2_PREAUTH_INTEGRITY_CAPABILITIES:
 		{
 		auto rpreauth = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::PreAuthIntegrityCapabilities);
-		rpreauth->Assign(0, zeek::val_mgr->Count(${ncv.preauth_integrity_capabilities.hash_alg_count}));
+		rpreauth->Assign(0, ${ncv.preauth_integrity_capabilities.hash_alg_count});
-		rpreauth->Assign(1, zeek::val_mgr->Count(${ncv.preauth_integrity_capabilities.salt_length}));
+		rpreauth->Assign(1, ${ncv.preauth_integrity_capabilities.salt_length});
 
 		auto ha = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
 
@@ -85,7 +85,7 @@ zeek::RecordValPtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
 	case SMB2_ENCRYPTION_CAPABILITIES:
 		{
 		auto rencr = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::EncryptionCapabilities);
-		rencr->Assign(0, zeek::val_mgr->Count(${ncv.encryption_capabilities.cipher_count}));
+		rencr->Assign(0, ${ncv.encryption_capabilities.cipher_count});
 
 		auto c = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
 
@@ -103,7 +103,7 @@ zeek::RecordValPtr BuildSMB2ContextVal(SMB3_negotiate_context_value* ncv)
 	case SMB2_COMPRESSION_CAPABILITIES:
 		{
 		auto rcomp = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SMB2::CompressionCapabilities);
-		rcomp->Assign(0, zeek::val_mgr->Count(${ncv.compression_capabilities.alg_count}));
+		rcomp->Assign(0, ${ncv.compression_capabilities.alg_count});
 
 		auto c = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
 

src/analyzer/protocol/snmp/snmp-analyzer.pac

@@ -47,7 +47,7 @@ zeek::ValPtr asn1_obj_to_val(const ASN1Encoding* obj)
 	zeek::RecordValPtr rval = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SNMP::ObjectValue);
 	uint8 tag = obj->meta()->tag();
 
-	rval->Assign(0, zeek::val_mgr->Count(tag));
+	rval->Assign(0, tag);
 
 	switch ( tag ) {
 	case VARBIND_UNSPECIFIED_TAG:
@@ -93,7 +93,7 @@ zeek::ValPtr time_ticks_to_val(const TimeTicks* tt)
 zeek::RecordValPtr build_hdr(const Header* header)
 	{
 	auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SNMP::Header);
-	rv->Assign(0, zeek::val_mgr->Count(header->version()));
+	rv->Assign(0, static_cast<uint64_t>(header->version()));
 
 	switch ( header->version() ) {
 	case SNMPV1_TAG:
@@ -132,10 +132,10 @@ zeek::RecordValPtr build_hdrV3(const Header* header)
 
 	v3->Assign(0, asn1_integer_to_val(global_data->id(), zeek::TYPE_COUNT));
 	v3->Assign(1, asn1_integer_to_val(global_data->max_size(), zeek::TYPE_COUNT));
-	v3->Assign(2, zeek::val_mgr->Count(flags_byte));
+	v3->Assign(2, flags_byte);
-	v3->Assign(3, zeek::val_mgr->Bool(flags_byte & 0x01));
+	v3->Assign(3, static_cast<bool>(flags_byte & 0x01));
-	v3->Assign(4, zeek::val_mgr->Bool(flags_byte & 0x02));
+	v3->Assign(4, static_cast<bool>(flags_byte & 0x02));
-	v3->Assign(5, zeek::val_mgr->Bool(flags_byte & 0x04));
+	v3->Assign(5, static_cast<bool>(flags_byte & 0x04));
 	v3->Assign(6, asn1_integer_to_val(global_data->security_model(), zeek::TYPE_COUNT));
 	v3->Assign(7, asn1_octet_string_to_val(v3hdr->security_parameters()));
 

src/analyzer/protocol/ssh/ssh-analyzer.pac

@@ -111,7 +111,7 @@ refine flow SSH_Flow += {
 			}
 
 
-		result->Assign(6, zeek::val_mgr->Bool(!${msg.is_orig}));
+		result->Assign(6, !${msg.is_orig});
 
 		zeek::BifEvent::enqueue_ssh_capabilities(connection()->zeek_analyzer(),
 			connection()->zeek_analyzer()->Conn(), to_stringval(${msg.cookie}),

src/analyzer/protocol/ssh/ssh-protocol.pac

@@ -456,11 +456,11 @@ refine connection SSH_Conn += {
 			{
 			for ( unsigned int j = 0; j < server_list->Size(); ++j )
 				{
-				if ( *(client_list->At(i)->AsStringVal()->AsString()) == *(server_list->At(j)->AsStringVal()->AsString()) )
+				if ( *(client_list->StringAt(i)) == *(server_list->StringAt(j)) )
 					{
 					kex_algorithm_.free();
-					kex_algorithm_.init((const uint8 *) client_list->At(i)->AsStringVal()->Bytes(),
+					kex_algorithm_.init((const uint8 *) client_list->StringAt(i)->Bytes(),
-						client_list->At(i)->AsStringVal()->Len());
+						client_list->StringAt(i)->Len());
 
 					// UNTESTED
 					if ( update_kex_state_if_equal("rsa1024-sha1", KEX_RSA) )

src/analyzer/protocol/ssl/tls-handshake-analyzer.pac

@@ -161,8 +161,8 @@ refine connection Handshake_Conn += {
 			for ( unsigned int i = 0; i < supported_signature_algorithms->size(); ++i )
 				{
 				auto el = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm);
-				el->Assign(0, zeek::val_mgr->Count((*supported_signature_algorithms)[i]->HashAlgorithm()));
+				el->Assign(0, (*supported_signature_algorithms)[i]->HashAlgorithm());
-				el->Assign(1, zeek::val_mgr->Count((*supported_signature_algorithms)[i]->SignatureAlgorithm()));
+				el->Assign(1, (*supported_signature_algorithms)[i]->SignatureAlgorithm());
 				slist->Assign(i, std::move(el));
 				}
 			}
@@ -345,14 +345,14 @@ refine connection Handshake_Conn += {
 
 			if ( ${kex.signed_params.uses_signature_and_hashalgorithm} )
 				{
-				ha->Assign(0, zeek::val_mgr->Count(${kex.signed_params.algorithm.HashAlgorithm}));
+				ha->Assign(0, ${kex.signed_params.algorithm.HashAlgorithm});
-				ha->Assign(1, zeek::val_mgr->Count(${kex.signed_params.algorithm.SignatureAlgorithm}));
+				ha->Assign(1, ${kex.signed_params.algorithm.SignatureAlgorithm});
 				}
 			else
 				{
 				// set to impossible value
-				ha->Assign(0, zeek::val_mgr->Count(256));
+				ha->Assign(0, 256);
-				ha->Assign(1, zeek::val_mgr->Count(256));
+				ha->Assign(1, 256);
 				}
 
 			zeek::BifEvent::enqueue_ssl_server_signature(zeek_analyzer(),
@@ -414,8 +414,8 @@ refine connection Handshake_Conn += {
 			return true;
 
 		auto ha = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SSL::SignatureAndHashAlgorithm);
-		ha->Assign(0, zeek::val_mgr->Count(digitally_signed_algorithms->HashAlgorithm()));
+		ha->Assign(0, digitally_signed_algorithms->HashAlgorithm());
-		ha->Assign(1, zeek::val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm()));
+		ha->Assign(1, digitally_signed_algorithms->SignatureAlgorithm());
 
 		zeek::BifEvent::enqueue_ssl_extension_signed_certificate_timestamp(zeek_analyzer(),
 			zeek_analyzer()->Conn(), ${rec.is_orig},
@@ -445,14 +445,14 @@ refine connection Handshake_Conn += {
 
 			if ( ${signed_params.uses_signature_and_hashalgorithm} )
 				{
-				ha->Assign(0, zeek::val_mgr->Count(${signed_params.algorithm.HashAlgorithm}));
+				ha->Assign(0, ${signed_params.algorithm.HashAlgorithm});
-				ha->Assign(1, zeek::val_mgr->Count(${signed_params.algorithm.SignatureAlgorithm}));
+				ha->Assign(1, ${signed_params.algorithm.SignatureAlgorithm});
 				}
 				else
 				{
 				// set to impossible value
-				ha->Assign(0, zeek::val_mgr->Count(256));
+				ha->Assign(0, 256);
-				ha->Assign(1, zeek::val_mgr->Count(256));
+				ha->Assign(1, 256);
 				}
 
 			zeek::BifEvent::enqueue_ssl_server_signature(zeek_analyzer(),
@@ -499,7 +499,7 @@ refine connection Handshake_Conn += {
 				{
 				auto el = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::SSL::PSKIdentity);
 				el->Assign(0, zeek::make_intrusive<zeek::StringVal>(identity->identity().length(), (const char*) identity->identity().data()));
-				el->Assign(1, zeek::val_mgr->Count(identity->obfuscated_ticket_age()));
+				el->Assign(1, identity->obfuscated_ticket_age());
 				slist->Assign(slist->Size(), std::move(el));
 				}
 			}

src/analyzer/protocol/tcp/TCP.cc

@@ -109,14 +109,14 @@ static RecordVal* build_syn_packet_val(bool is_orig, const IP_Hdr* ip,
 	static auto SYN_packet = id::find_type<RecordType>("SYN_packet");
 	auto* v = new RecordVal(SYN_packet);
 
-	v->Assign(0, val_mgr->Bool(is_orig));
+	v->Assign(0, is_orig);
-	v->Assign(1, val_mgr->Bool(int(ip->DF())));
+	v->Assign(1, static_cast<bool>(ip->DF()));
-	v->Assign(2, val_mgr->Count((ip->TTL())));
+	v->Assign(2, ip->TTL());
-	v->Assign(3, val_mgr->Count((ip->TotalLen())));
+	v->Assign(3, ip->TotalLen());
-	v->Assign(4, val_mgr->Count(ntohs(tcp->th_win)));
+	v->Assign(4, ntohs(tcp->th_win));
-	v->Assign(5, val_mgr->Int(winscale));
+	v->Assign(5, winscale);
-	v->Assign(6, val_mgr->Count(MSS));
+	v->Assign(6, MSS);
-	v->Assign(7, val_mgr->Bool(SACK));
+	v->Assign(7, static_cast<bool>(SACK));
 
 	return v;
 	}
@@ -1099,7 +1099,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 		{
 		SynWeirds(flags, endpoint, len);
 		RecordVal* SYN_vals = build_syn_packet_val(is_orig, ip, tp);
-		init_window(endpoint, peer, flags, SYN_vals->GetField(5)->CoerceToInt(),
+		init_window(endpoint, peer, flags, SYN_vals->GetFieldAs<IntVal>(5),
 		            base_seq, ack_seq);
 
 		if ( connection_SYN_packet )
@@ -1282,13 +1282,13 @@ void TCP_Analyzer::FlipRoles()
 
 void TCP_Analyzer::UpdateConnVal(RecordVal *conn_val)
 	{
-	RecordVal* orig_endp_val = conn_val->GetField("orig")->AsRecordVal();
+	auto orig_endp_val = conn_val->GetFieldAs<RecordVal>("orig");
-	RecordVal* resp_endp_val = conn_val->GetField("resp")->AsRecordVal();
+	auto resp_endp_val = conn_val->GetFieldAs<RecordVal>("resp");
 
-	orig_endp_val->Assign(0, val_mgr->Count(orig->Size()));
+	orig_endp_val->Assign(0, orig->Size());
-	orig_endp_val->Assign(1, val_mgr->Count(int(orig->state)));
+	orig_endp_val->Assign(1, orig->state);
-	resp_endp_val->Assign(0, val_mgr->Count(resp->Size()));
+	resp_endp_val->Assign(0, resp->Size());
-	resp_endp_val->Assign(1, val_mgr->Count(int(resp->state)));
+	resp_endp_val->Assign(1, resp->state);
 
 	// Call children's UpdateConnVal
 	Analyzer::UpdateConnVal(conn_val);
@@ -1369,8 +1369,8 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
 			auto length = kind < 2 ? 1 : o[1];
 			auto option_record = make_intrusive<RecordVal>(BifType::Record::TCP::Option);
 			option_list->Assign(option_list->Size(), option_record);
-			option_record->Assign(0, val_mgr->Count(kind));
+			option_record->Assign(0, kind);
-			option_record->Assign(1, val_mgr->Count(length));
+			option_record->Assign(1, length);
 
 			switch ( kind ) {
 			case 2:
@@ -1378,7 +1378,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
 				if ( length == 4 )
 					{
 					auto mss = ntohs(*reinterpret_cast<const uint16_t*>(o + 2));
-					option_record->Assign(3, val_mgr->Count(mss));
+					option_record->Assign(3, mss);
 					}
 				else
 					{
@@ -1392,7 +1392,7 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
 				if ( length == 3 )
 					{
 					auto scale = o[2];
-					option_record->Assign(4, val_mgr->Count(scale));
+					option_record->Assign(4, scale);
 					}
 				else
 					{
@@ -1438,8 +1438,8 @@ int TCP_Analyzer::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
 					{
 					auto send = ntohl(*reinterpret_cast<const uint32_t*>(o + 2));
 					auto echo = ntohl(*reinterpret_cast<const uint32_t*>(o + 6));
-					option_record->Assign(6, val_mgr->Count(send));
+					option_record->Assign(6, send);
-					option_record->Assign(7, val_mgr->Count(echo));
+					option_record->Assign(7, echo);
 					}
 				else
 					{
@@ -2076,13 +2076,13 @@ RecordVal* TCPStats_Endpoint::BuildStats()
 	static auto endpoint_stats = id::find_type<RecordType>("endpoint_stats");
 	auto* stats = new RecordVal(endpoint_stats);
 
-	stats->Assign(0, val_mgr->Count(num_pkts));
+	stats->Assign(0, num_pkts);
-	stats->Assign(1, val_mgr->Count(num_rxmit));
+	stats->Assign(1, num_rxmit);
-	stats->Assign(2, val_mgr->Count(num_rxmit_bytes));
+	stats->Assign(2, num_rxmit_bytes);
-	stats->Assign(3, val_mgr->Count(num_in_order));
+	stats->Assign(3, num_in_order);
-	stats->Assign(4, val_mgr->Count(num_OO));
+	stats->Assign(4, num_OO);
-	stats->Assign(5, val_mgr->Count(num_repl));
+	stats->Assign(5, num_repl);
-	stats->Assign(6, val_mgr->Count(endian_type));
+	stats->Assign(6, endian_type);
 
 	return stats;
 	}

src/analyzer/protocol/teredo/Teredo.cc

@@ -109,12 +109,10 @@ RecordValPtr TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const
 		uint8_t au_len = *((uint8_t*)(auth + 3));
 		uint64_t nonce = ntohll(*((uint64_t*)(auth + 4 + id_len + au_len)));
 		uint8_t conf = *((uint8_t*)(auth + 4 + id_len + au_len + 8));
-		teredo_auth->Assign(0, make_intrusive<StringVal>(
+		teredo_auth->Assign(0, new String(auth + 4, id_len, true));
-		    new String(auth + 4, id_len, true)));
+		teredo_auth->Assign(1, new String(auth + 4 + id_len, au_len, true));
-		teredo_auth->Assign(1, make_intrusive<StringVal>(
+		teredo_auth->Assign(2, nonce);
-		    new String(auth + 4 + id_len, au_len, true)));
+		teredo_auth->Assign(3, conf);
-		teredo_auth->Assign(2, val_mgr->Count(nonce));
-		teredo_auth->Assign(3, val_mgr->Count(conf));
 		teredo_hdr->Assign(0, std::move(teredo_auth));
 		}
 

src/analyzer/protocol/udp/UDP.cc

@@ -220,8 +220,8 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 
 void UDP_Analyzer::UpdateConnVal(RecordVal* conn_val)
 	{
-	RecordVal* orig_endp = conn_val->GetField("orig")->AsRecordVal();
+	auto orig_endp = conn_val->GetFieldAs<RecordVal>("orig");
-	RecordVal* resp_endp = conn_val->GetField("resp")->AsRecordVal();
+	auto resp_endp = conn_val->GetFieldAs<RecordVal>("resp");
 
 	UpdateEndpointVal(orig_endp, true);
 	UpdateEndpointVal(resp_endp, false);
@@ -235,14 +235,14 @@ void UDP_Analyzer::UpdateEndpointVal(RecordVal* endp, bool is_orig)
 	bro_int_t size = is_orig ? request_len : reply_len;
 	if ( size < 0 )
 		{
-		endp->Assign(0, val_mgr->Count(0));
+		endp->Assign(0, 0);
-		endp->Assign(1, val_mgr->Count(int(UDP_INACTIVE)));
+		endp->Assign(1, UDP_INACTIVE);
 		}
 
 	else
 		{
-		endp->Assign(0, val_mgr->Count(size));
+		endp->Assign(0, static_cast<uint64_t>(size));
-		endp->Assign(1, val_mgr->Count(int(UDP_ACTIVE)));
+		endp->Assign(1, UDP_ACTIVE);
 		}
 	}
 

src/broker/Data.cc

@@ -430,7 +430,7 @@ struct val_converter {
 
 				if ( caf::get_if<broker::none>(&a[idx]) != nullptr )
 					{
-					rval->Assign(i, nullptr);
+					rval->Remove(i);
 					++idx;
 					continue;
 					}
@@ -972,7 +972,7 @@ broker::expected<broker::data> val_to_data(const Val* v)
 
 		for ( auto i = 0u; i < vec->Size(); ++i )
 			{
-			const auto& item_val = vec->At(i);
+			auto item_val = vec->ValAt(i);
 
 			if ( ! item_val )
 				continue;

src/broker/Manager.cc

@@ -433,17 +433,17 @@ bool Manager::PublishEvent(string topic, RecordVal* args)
 	if ( peer_count == 0 )
 		return true;
 
-	if ( ! args->GetField(0) )
+	if ( ! args->HasField(0) )
 		return false;
 
 	auto event_name = args->GetFieldAs<StringVal>(0)->CheckString();
-	auto vv = args->GetField(1)->AsVectorVal();
+	auto vv = args->GetFieldAs<VectorVal>(1);
 	broker::vector xs;
 	xs.reserve(vv->Size());
 
 	for ( auto i = 0u; i < vv->Size(); ++i )
 		{
-		const auto& val = vv->At(i)->AsRecordVal()->GetField(0);
+		const auto& val = vv->RecordValAt(i)->GetField(0);
 		auto data_val = static_cast<detail::DataVal*>(val.get());
 		xs.emplace_back(data_val->data);
 		}
@@ -784,7 +784,7 @@ RecordVal* Manager::MakeEvent(ValPList* args, zeek::detail::Frame* frame)
 				return rval;
 				}
 
-			rval->Assign(0, make_intrusive<StringVal>(func->Name()));
+			rval->Assign(0, func->Name());
 			continue;
 			}
 
@@ -793,7 +793,7 @@ RecordVal* Manager::MakeEvent(ValPList* args, zeek::detail::Frame* frame)
 
 		if ( ! same_type(got_type, expected_type) )
 			{
-			rval->Assign(0, nullptr);
+			rval->Remove(0);
 			Error("event parameter #%d type mismatch, got %s, expect %s", i,
 			      type_name(got_type->Tag()),
 			      type_name(expected_type->Tag()));
@@ -807,9 +807,9 @@ RecordVal* Manager::MakeEvent(ValPList* args, zeek::detail::Frame* frame)
 		else
 			data_val = detail::make_data_val((*args)[i]);
 
-		if ( ! data_val->GetField(0) )
+		if ( ! data_val->HasField(0) )
 			{
-			rval->Assign(0, nullptr);
+			rval->Remove(0);
 			Error("failed to convert param #%d of type %s to broker data",
 				  i, type_name(got_type->Tag()));
 			return rval;
@@ -1453,20 +1453,20 @@ void Manager::ProcessStatus(broker::status_view stat)
 
 	if ( ctx )
 		{
-		endpoint_info->Assign(0, make_intrusive<StringVal>(to_string(ctx->node)));
+		endpoint_info->Assign(0, to_string(ctx->node));
 		static auto ni = id::find_type<RecordType>("Broker::NetworkInfo");
 		auto network_info = make_intrusive<RecordVal>(ni);
 
 		if ( ctx->network )
 			{
-			network_info->Assign(0, make_intrusive<StringVal>(ctx->network->address.data()));
+			network_info->Assign(0, ctx->network->address.data());
 			network_info->Assign(1, val_mgr->Port(ctx->network->port, TRANSPORT_TCP));
 			}
 		else
 			{
 			// TODO: are there any status messages where the ctx->network
 			// is not set and actually could be?
-			network_info->Assign(0, make_intrusive<StringVal>("<unknown>"));
+			network_info->Assign(0, "<unknown>");
 			network_info->Assign(1, val_mgr->Port(0, TRANSPORT_TCP));
 			}
 

src/broker/Store.cc

@@ -67,7 +67,7 @@ broker::backend_options to_backend_options(broker::backend backend,
 	switch ( backend ) {
 	case broker::backend::sqlite:
 		{
-		auto path = options->GetField(0)->AsRecordVal()
+		auto path = options->GetFieldAs<RecordVal>(0)
 			->GetFieldAs<StringVal>(0)->CheckString();
 		return {{"path", path}};
 		}

src/broker/comm.bif

@@ -126,7 +126,7 @@ function Broker::__peers%(%): PeerInfos
 			network_info->Assign(1, zeek::val_mgr->Port(0, TRANSPORT_TCP));
 			}
 
-		endpoint_info->Assign(0, zeek::make_intrusive<zeek::StringVal>(to_string(p.peer.node)));
+		endpoint_info->Assign(0, to_string(p.peer.node));
 		endpoint_info->Assign(1, std::move(network_info));
 
 		auto ps = (BifEnum::Broker::PeerStatus)p.status;

src/file_analysis/File.cc

@@ -92,12 +92,12 @@ File::File(const std::string& file_id, const std::string& source_name, Connectio
 	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Creating new File object", file_id.c_str());
 
 	val = make_intrusive<RecordVal>(id::fa_file);
-	val->Assign(id_idx, make_intrusive<StringVal>(file_id.c_str()));
+	val->Assign(id_idx, file_id);
 	SetSource(source_name);
 
 	if ( conn )
 		{
-		val->Assign(is_orig_idx, val_mgr->Bool(is_orig));
+		val->Assign(is_orig_idx, is_orig);
 		UpdateConnectionFields(conn, is_orig);
 		}
 
@@ -115,7 +115,7 @@ File::~File()
 
 void File::UpdateLastActivityTime()
 	{
-	val->Assign(last_active_idx, make_intrusive<TimeVal>(run_state::network_time));
+	val->AssignTime(last_active_idx, run_state::network_time);
 	}
 
 double File::GetLastActivityTime() const
@@ -128,12 +128,12 @@ bool File::UpdateConnectionFields(Connection* conn, bool is_orig)
 	if ( ! conn )
 		return false;
 
-	Val* conns = val->GetField(conns_idx).get();
+	auto conns = val->GetField(conns_idx);
 
 	if ( ! conns )
 		{
 		auto ect = empty_connection_table();
-		conns = ect.get();
+		conns = ect;
 		val->Assign(conns_idx, std::move(ect));
 		}
 
@@ -190,7 +190,7 @@ std::string File::GetSource() const
 
 void File::SetSource(const std::string& source)
 	{
-	val->Assign(source_idx, make_intrusive<StringVal>(source.c_str()));
+	val->Assign(source_idx, source);
 	}
 
 double File::GetTimeoutInterval() const
@@ -200,7 +200,7 @@ double File::GetTimeoutInterval() const
 
 void File::SetTimeoutInterval(double interval)
 	{
-	val->Assign(timeout_interval_idx, make_intrusive<IntervalVal>(interval));
+	val->AssignInterval(timeout_interval_idx, interval);
 	}
 
 bool File::SetExtractionLimit(RecordValPtr args, uint64_t bytes)
@@ -223,13 +223,13 @@ bool File::SetExtractionLimit(RecordValPtr args, uint64_t bytes)
 void File::IncrementByteCount(uint64_t size, int field_idx)
 	{
 	uint64_t old = LookupFieldDefaultCount(field_idx);
-	val->Assign(field_idx, val_mgr->Count(old + size));
+	val->Assign(field_idx, old + size);
 	}
 
 void File::SetTotalBytes(uint64_t size)
 	{
 	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Total bytes %" PRIu64, id.c_str(), size);
-	val->Assign(total_bytes_idx, val_mgr->Count(size));
+	val->Assign(total_bytes_idx, size);
 	}
 
 bool File::IsComplete() const
@@ -298,8 +298,8 @@ bool File::SetMime(const std::string& mime_type)
 		return false;
 
 	auto meta = make_intrusive<RecordVal>(id::fa_metadata);
-	meta->Assign(meta_mime_type_idx, make_intrusive<StringVal>(mime_type));
+	meta->Assign(meta_mime_type_idx, mime_type);
-	meta->Assign(meta_inferred_idx, val_mgr->False());
+	meta->Assign(meta_inferred_idx, false);
 
 	FileEvent(file_sniff, {val, std::move(meta)});
 	return true;
@@ -309,7 +309,7 @@ void File::InferMetadata()
 	{
 	did_metadata_inference = true;
 
-	Val* bof_buffer_val = val->GetField(bof_buffer_idx).get();
+	auto bof_buffer_val = val->GetField(bof_buffer_idx);
 
 	if ( ! bof_buffer_val )
 		{
@@ -317,8 +317,8 @@ void File::InferMetadata()
 			return;
 
 		String* bs = concatenate(bof_buffer.chunks);
-		val->Assign<StringVal>(bof_buffer_idx, bs);
+		val->Assign(bof_buffer_idx, bs);
-		bof_buffer_val = val->GetField(bof_buffer_idx).get();
+		bof_buffer_val = val->GetField(bof_buffer_idx);
 		}
 
 	if ( ! FileEventAvailable(file_sniff) )
@@ -334,7 +334,7 @@ void File::InferMetadata()
 
 	if ( ! matches.empty() )
 		{
-		meta->Assign<StringVal>(meta_mime_type_idx,
+		meta->Assign(meta_mime_type_idx,
 		                        *(matches.begin()->second.begin()));
 		meta->Assign(meta_mime_types_idx,
 		             file_analysis::GenMIMEMatchesVal(matches));
@@ -361,7 +361,7 @@ bool File::BufferBOF(const u_char* data, uint64_t len)
 	if ( bof_buffer.size > 0 )
 		{
 		String* bs = concatenate(bof_buffer.chunks);
-		val->Assign(bof_buffer_idx, make_intrusive<StringVal>(bs));
+		val->Assign(bof_buffer_idx, bs);
 		}
 
 	return false;

src/file_analysis/Manager.cc

@@ -524,8 +524,8 @@ VectorValPtr GenMIMEMatchesVal(const zeek::detail::RuleMatcher::MIME_Matches& m)
 		for ( set<string>::const_iterator it2 = it->second.begin();
 		      it2 != it->second.end(); ++it2 )
 			{
-			element->Assign(0, val_mgr->Int(it->first));
+			element->Assign(0, it->first);
-			element->Assign(1, make_intrusive<StringVal>(*it2));
+			element->Assign(1, *it2);
 			}
 
 		rval->Assign(rval->Size(), std::move(element));

src/file_analysis/analyzer/entropy/Entropy.cc

@@ -63,11 +63,11 @@ void Entropy::Finalize()
 
 	static auto entropy_test_result = id::find_type<RecordType>("entropy_test_result");
 	auto ent_result = make_intrusive<RecordVal>(entropy_test_result);
-	ent_result->Assign<DoubleVal>(0, ent);
+	ent_result->Assign(0, ent);
-	ent_result->Assign<DoubleVal>(1, chisq);
+	ent_result->Assign(1, chisq);
-	ent_result->Assign<DoubleVal>(2, mean);
+	ent_result->Assign(2, mean);
-	ent_result->Assign<DoubleVal>(3, montepi);
+	ent_result->Assign(3, montepi);
-	ent_result->Assign<DoubleVal>(4, scc);
+	ent_result->Assign(4, scc);
 
 	event_mgr.Enqueue(file_entropy,
 	                  GetFile()->ToVal(),

src/file_analysis/analyzer/extract/Extract.cc

@@ -47,7 +47,7 @@ Extract::~Extract()
 		}
 	}
 
-static const ValPtr& get_extract_field_val(const RecordValPtr& args,
+static ValPtr get_extract_field_val(const RecordValPtr& args,
                                     const char* name)
 	{
 	const auto& rval = args->GetField(name);

src/file_analysis/analyzer/pe/pe-analyzer.pac

@@ -49,22 +49,22 @@ refine flow File += {
 			{
 			auto dh = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::PE::DOSHeader);
 			dh->Assign(0, zeek::make_intrusive<zeek::StringVal>(${h.signature}.length(), (const char*) ${h.signature}.data()));
-			dh->Assign(1, zeek::val_mgr->Count(${h.UsedBytesInTheLastPage}));
+			dh->Assign(1, ${h.UsedBytesInTheLastPage});
-			dh->Assign(2, zeek::val_mgr->Count(${h.FileSizeInPages}));
+			dh->Assign(2, ${h.FileSizeInPages});
-			dh->Assign(3, zeek::val_mgr->Count(${h.NumberOfRelocationItems}));
+			dh->Assign(3, ${h.NumberOfRelocationItems});
-			dh->Assign(4, zeek::val_mgr->Count(${h.HeaderSizeInParagraphs}));
+			dh->Assign(4, ${h.HeaderSizeInParagraphs});
-			dh->Assign(5, zeek::val_mgr->Count(${h.MinimumExtraParagraphs}));
+			dh->Assign(5, ${h.MinimumExtraParagraphs});
-			dh->Assign(6, zeek::val_mgr->Count(${h.MaximumExtraParagraphs}));
+			dh->Assign(6, ${h.MaximumExtraParagraphs});
-			dh->Assign(7, zeek::val_mgr->Count(${h.InitialRelativeSS}));
+			dh->Assign(7, ${h.InitialRelativeSS});
-			dh->Assign(8, zeek::val_mgr->Count(${h.InitialSP}));
+			dh->Assign(8, ${h.InitialSP});
-			dh->Assign(9, zeek::val_mgr->Count(${h.Checksum}));
+			dh->Assign(9, ${h.Checksum});
-			dh->Assign(10, zeek::val_mgr->Count(${h.InitialIP}));
+			dh->Assign(10, ${h.InitialIP});
-			dh->Assign(11, zeek::val_mgr->Count(${h.InitialRelativeCS}));
+			dh->Assign(11, ${h.InitialRelativeCS});
-			dh->Assign(12, zeek::val_mgr->Count(${h.AddressOfRelocationTable}));
+			dh->Assign(12, ${h.AddressOfRelocationTable});
-			dh->Assign(13, zeek::val_mgr->Count(${h.OverlayNumber}));
+			dh->Assign(13, ${h.OverlayNumber});
-			dh->Assign(14, zeek::val_mgr->Count(${h.OEMid}));
+			dh->Assign(14, ${h.OEMid});
-			dh->Assign(15, zeek::val_mgr->Count(${h.OEMinfo}));
+			dh->Assign(15, ${h.OEMinfo});
-			dh->Assign(16, zeek::val_mgr->Count(${h.AddressOfNewExeHeader}));
+			dh->Assign(16, ${h.AddressOfNewExeHeader});
 
 			zeek::event_mgr.Enqueue(pe_dos_header,
 			    connection()->zeek_analyzer()->GetFile()->ToVal(),
@@ -98,11 +98,11 @@ refine flow File += {
 		if ( pe_file_header )
 			{
 			auto fh = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::PE::FileHeader);
-			fh->Assign(0, zeek::val_mgr->Count(${h.Machine}));
+			fh->Assign(0, ${h.Machine});
-			fh->Assign(1, zeek::make_intrusive<zeek::TimeVal>(static_cast<double>(${h.TimeDateStamp})));
+			fh->AssignTime(1, double(${h.TimeDateStamp}));
-			fh->Assign(2, zeek::val_mgr->Count(${h.PointerToSymbolTable}));
+			fh->Assign(2, ${h.PointerToSymbolTable});
-			fh->Assign(3, zeek::val_mgr->Count(${h.NumberOfSymbols}));
+			fh->Assign(3, ${h.NumberOfSymbols});
-			fh->Assign(4, zeek::val_mgr->Count(${h.SizeOfOptionalHeader}));
+			fh->Assign(4, ${h.SizeOfOptionalHeader});
 			fh->Assign(5, characteristics_to_zeek(${h.Characteristics}, 16));
 
 			zeek::event_mgr.Enqueue(pe_file_header,
@@ -127,31 +127,31 @@ refine flow File += {
 			{
 			auto oh = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::PE::OptionalHeader);
 
-			oh->Assign(0, zeek::val_mgr->Count(${h.magic}));
+			oh->Assign(0, ${h.magic});
-			oh->Assign(1, zeek::val_mgr->Count(${h.major_linker_version}));
+			oh->Assign(1, ${h.major_linker_version});
-			oh->Assign(2, zeek::val_mgr->Count(${h.minor_linker_version}));
+			oh->Assign(2, ${h.minor_linker_version});
-			oh->Assign(3, zeek::val_mgr->Count(${h.size_of_code}));
+			oh->Assign(3, ${h.size_of_code});
-			oh->Assign(4, zeek::val_mgr->Count(${h.size_of_init_data}));
+			oh->Assign(4, ${h.size_of_init_data});
-			oh->Assign(5, zeek::val_mgr->Count(${h.size_of_uninit_data}));
+			oh->Assign(5, ${h.size_of_uninit_data});
-			oh->Assign(6, zeek::val_mgr->Count(${h.addr_of_entry_point}));
+			oh->Assign(6, ${h.addr_of_entry_point});
-			oh->Assign(7, zeek::val_mgr->Count(${h.base_of_code}));
+			oh->Assign(7, ${h.base_of_code});
 
 			if ( ${h.pe_format} != PE32_PLUS )
-				oh->Assign(8, zeek::val_mgr->Count(${h.base_of_data}));
+				oh->Assign(8, ${h.base_of_data});
 
-			oh->Assign(9, zeek::val_mgr->Count(${h.image_base}));
+			oh->Assign(9, ${h.image_base});
-			oh->Assign(10, zeek::val_mgr->Count(${h.section_alignment}));
+			oh->Assign(10, ${h.section_alignment});
-			oh->Assign(11, zeek::val_mgr->Count(${h.file_alignment}));
+			oh->Assign(11, ${h.file_alignment});
-			oh->Assign(12, zeek::val_mgr->Count(${h.os_version_major}));
+			oh->Assign(12, ${h.os_version_major});
-			oh->Assign(13, zeek::val_mgr->Count(${h.os_version_minor}));
+			oh->Assign(13, ${h.os_version_minor});
-			oh->Assign(14, zeek::val_mgr->Count(${h.major_image_version}));
+			oh->Assign(14, ${h.major_image_version});
-			oh->Assign(15, zeek::val_mgr->Count(${h.minor_image_version}));
+			oh->Assign(15, ${h.minor_image_version});
-			oh->Assign(16, zeek::val_mgr->Count(${h.major_subsys_version}));
+			oh->Assign(16, ${h.major_subsys_version});
-			oh->Assign(17, zeek::val_mgr->Count(${h.minor_subsys_version}));
+			oh->Assign(17, ${h.minor_subsys_version});
-			oh->Assign(18, zeek::val_mgr->Count(${h.size_of_image}));
+			oh->Assign(18, ${h.size_of_image});
-			oh->Assign(19, zeek::val_mgr->Count(${h.size_of_headers}));
+			oh->Assign(19, ${h.size_of_headers});
-			oh->Assign(20, zeek::val_mgr->Count(${h.checksum}));
+			oh->Assign(20, ${h.checksum});
-			oh->Assign(21, zeek::val_mgr->Count(${h.subsystem}));
+			oh->Assign(21, ${h.subsystem});
 			oh->Assign(22, characteristics_to_zeek(${h.dll_characteristics}, 16));
 
 			oh->Assign(23, process_rvas(${h.rvas}));
@@ -178,14 +178,14 @@ refine flow File += {
 				name_len = first_null - ${h.name}.data();
 			section_header->Assign(0, zeek::make_intrusive<zeek::StringVal>(name_len, (const char*) ${h.name}.data()));
 
-			section_header->Assign(1, zeek::val_mgr->Count(${h.virtual_size}));
+			section_header->Assign(1, ${h.virtual_size});
-			section_header->Assign(2, zeek::val_mgr->Count(${h.virtual_addr}));
+			section_header->Assign(2, ${h.virtual_addr});
-			section_header->Assign(3, zeek::val_mgr->Count(${h.size_of_raw_data}));
+			section_header->Assign(3, ${h.size_of_raw_data});
-			section_header->Assign(4, zeek::val_mgr->Count(${h.ptr_to_raw_data}));
+			section_header->Assign(4, ${h.ptr_to_raw_data});
-			section_header->Assign(5, zeek::val_mgr->Count(${h.non_used_ptr_to_relocs}));
+			section_header->Assign(5, ${h.non_used_ptr_to_relocs});
-			section_header->Assign(6, zeek::val_mgr->Count(${h.non_used_ptr_to_line_nums}));
+			section_header->Assign(6, ${h.non_used_ptr_to_line_nums});
-			section_header->Assign(7, zeek::val_mgr->Count(${h.non_used_num_of_relocs}));
+			section_header->Assign(7, ${h.non_used_num_of_relocs});
-			section_header->Assign(8, zeek::val_mgr->Count(${h.non_used_num_of_line_nums}));
+			section_header->Assign(8, ${h.non_used_num_of_line_nums});
 			section_header->Assign(9, characteristics_to_zeek(${h.characteristics}, 32));
 
 			zeek::event_mgr.Enqueue(pe_section_header,

src/file_analysis/analyzer/unified2/unified2-analyzer.pac

@@ -73,19 +73,19 @@ refine flow Flow += {
 		if ( ::unified2_event )
 			{
 			auto ids_event = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
-			ids_event->Assign(0, zeek::val_mgr->Count(${ev.sensor_id}));
+			ids_event->Assign(0, ${ev.sensor_id});
-			ids_event->Assign(1, zeek::val_mgr->Count(${ev.event_id}));
+			ids_event->Assign(1, ${ev.event_id});
-			ids_event->Assign(2, zeek::make_intrusive<zeek::TimeVal>(ts_to_double(${ev.ts})));
+			ids_event->AssignTime(2, ts_to_double(${ev.ts}));
-			ids_event->Assign(3, zeek::val_mgr->Count(${ev.signature_id}));
+			ids_event->Assign(3, ${ev.signature_id});
-			ids_event->Assign(4, zeek::val_mgr->Count(${ev.generator_id}));
+			ids_event->Assign(4, ${ev.generator_id});
-			ids_event->Assign(5, zeek::val_mgr->Count(${ev.signature_revision}));
+			ids_event->Assign(5, ${ev.signature_revision});
-			ids_event->Assign(6, zeek::val_mgr->Count(${ev.classification_id}));
+			ids_event->Assign(6, ${ev.classification_id});
-			ids_event->Assign(7, zeek::val_mgr->Count(${ev.priority_id}));
+			ids_event->Assign(7, ${ev.priority_id});
 			ids_event->Assign(8, unified2_addr_to_zeek_addr(${ev.src_ip}));
 			ids_event->Assign(9, unified2_addr_to_zeek_addr(${ev.dst_ip}));
 			ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol}));
 			ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol}));
-			ids_event->Assign(17, zeek::val_mgr->Count(${ev.packet_action}));
+			ids_event->Assign(17, ${ev.packet_action});
 
 			zeek::event_mgr.Enqueue(::unified2_event,
 					connection()->zeek_analyzer()->GetFile()->ToVal(),
@@ -99,23 +99,23 @@ refine flow Flow += {
 		if ( ::unified2_event )
 			{
 			auto ids_event = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::Unified2::IDSEvent);
-			ids_event->Assign(0, zeek::val_mgr->Count(${ev.sensor_id}));
+			ids_event->Assign(0, ${ev.sensor_id});
-			ids_event->Assign(1, zeek::val_mgr->Count(${ev.event_id}));
+			ids_event->Assign(1, ${ev.event_id});
-			ids_event->Assign(2, zeek::make_intrusive<zeek::TimeVal>(ts_to_double(${ev.ts})));
+			ids_event->AssignTime(2, ts_to_double(${ev.ts}));
-			ids_event->Assign(3, zeek::val_mgr->Count(${ev.signature_id}));
+			ids_event->Assign(3, ${ev.signature_id});
-			ids_event->Assign(4, zeek::val_mgr->Count(${ev.generator_id}));
+			ids_event->Assign(4, ${ev.generator_id});
-			ids_event->Assign(5, zeek::val_mgr->Count(${ev.signature_revision}));
+			ids_event->Assign(5, ${ev.signature_revision});
-			ids_event->Assign(6, zeek::val_mgr->Count(${ev.classification_id}));
+			ids_event->Assign(6, ${ev.classification_id});
-			ids_event->Assign(7, zeek::val_mgr->Count(${ev.priority_id}));
+			ids_event->Assign(7, ${ev.priority_id});
 			ids_event->Assign(8, unified2_addr_to_zeek_addr(${ev.src_ip}));
 			ids_event->Assign(9, unified2_addr_to_zeek_addr(${ev.dst_ip}));
 			ids_event->Assign(10, to_port(${ev.src_p}, ${ev.protocol}));
 			ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol}));
-			ids_event->Assign(12, zeek::val_mgr->Count(${ev.impact_flag}));
+			ids_event->Assign(12, ${ev.impact_flag});
-			ids_event->Assign(13, zeek::val_mgr->Count(${ev.impact}));
+			ids_event->Assign(13, ${ev.impact});
-			ids_event->Assign(14, zeek::val_mgr->Count(${ev.blocked}));
+			ids_event->Assign(14, ${ev.blocked});
-			ids_event->Assign(15, zeek::val_mgr->Count(${ev.mpls_label}));
+			ids_event->Assign(15, ${ev.mpls_label});
-			ids_event->Assign(16, zeek::val_mgr->Count(${ev.vlan_id}));
+			ids_event->Assign(16, ${ev.vlan_id});
 
 			zeek::event_mgr.Enqueue(::unified2_event,
 					connection()->zeek_analyzer()->GetFile()->ToVal(),
@@ -130,11 +130,11 @@ refine flow Flow += {
 		if ( ::unified2_packet )
 			{
 			auto packet = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::Unified2::Packet);
-			packet->Assign(0, zeek::val_mgr->Count(${pkt.sensor_id}));
+			packet->Assign(0, ${pkt.sensor_id});
-			packet->Assign(1, zeek::val_mgr->Count(${pkt.event_id}));
+			packet->Assign(1, ${pkt.event_id});
-			packet->Assign(2, zeek::val_mgr->Count(${pkt.event_second}));
+			packet->Assign(2, ${pkt.event_second});
-			packet->Assign(3, zeek::make_intrusive<zeek::TimeVal>(ts_to_double(${pkt.packet_ts})));
+			packet->AssignTime(3, ts_to_double(${pkt.packet_ts}));
-			packet->Assign(4, zeek::val_mgr->Count(${pkt.link_type}));
+			packet->Assign(4, ${pkt.link_type});
 			packet->Assign(5, to_stringval(${pkt.packet_data}));
 
 			zeek::event_mgr.Enqueue(::unified2_packet,

src/file_analysis/analyzer/x509/X509.cc

@@ -124,7 +124,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val,
 	auto pX509Cert = make_intrusive<RecordVal>(BifType::Record::X509::Certificate);
 	BIO *bio = BIO_new(BIO_s_mem());
 
-	pX509Cert->Assign(0, val_mgr->Count((uint64_t) X509_get_version(ssl_cert) + 1));
+	pX509Cert->Assign(0, static_cast<uint64_t>(X509_get_version(ssl_cert) + 1));
 	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(ssl_cert));
 	int len = BIO_read(bio, buf, sizeof(buf));
 	pX509Cert->Assign(1, make_intrusive<StringVal>(len, buf));
@@ -161,8 +161,8 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val,
 	pX509Cert->Assign(3, make_intrusive<StringVal>(len, buf));
 	BIO_free(bio);
 
-	pX509Cert->Assign(5, make_intrusive<TimeVal>(GetTimeFromAsn1(X509_get_notBefore(ssl_cert), f, reporter)));
+	pX509Cert->AssignTime(5, GetTimeFromAsn1(X509_get_notBefore(ssl_cert), f, reporter));
-	pX509Cert->Assign(6, make_intrusive<TimeVal>(GetTimeFromAsn1(X509_get_notAfter(ssl_cert), f, reporter)));
+	pX509Cert->AssignTime(6, GetTimeFromAsn1(X509_get_notAfter(ssl_cert), f, reporter));
 
 	// we only read 255 bytes because byte 256 is always 0.
 	// if the string is longer than 255, that will be our null-termination,
@@ -172,7 +172,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val,
 	if ( ! i2t_ASN1_OBJECT(buf, 255, algorithm) )
 		buf[0] = 0;
 
-	pX509Cert->Assign(7, make_intrusive<StringVal>(buf));
+	pX509Cert->Assign(7, buf);
 
 	// Special case for RDP server certificates. For some reason some (all?) RDP server
 	// certificates like to specify their key algorithm as md5WithRSAEncryption, which
@@ -194,25 +194,25 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val,
 	if ( ! i2t_ASN1_OBJECT(buf, 255, OBJ_nid2obj(X509_get_signature_nid(ssl_cert))) )
 		buf[0] = 0;
 
-	pX509Cert->Assign(8, make_intrusive<StringVal>(buf));
+	pX509Cert->Assign(8, buf);
 
 	// Things we can do when we have the key...
 	EVP_PKEY *pkey = X509_extract_key(ssl_cert);
 	if ( pkey != NULL )
 		{
 		if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA )
-			pX509Cert->Assign(9, make_intrusive<StringVal>("dsa"));
+			pX509Cert->Assign(9, "dsa");
 
 		else if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA )
 			{
-			pX509Cert->Assign(9, make_intrusive<StringVal>("rsa"));
+			pX509Cert->Assign(9, "rsa");
 
 			const BIGNUM *e;
 			RSA_get0_key(EVP_PKEY_get0_RSA(pkey), NULL, &e, NULL);
 			char *exponent = BN_bn2dec(e);
 			if ( exponent != NULL )
 				{
-				pX509Cert->Assign(11, make_intrusive<StringVal>(exponent));
+				pX509Cert->Assign(11, exponent);
 				OPENSSL_free(exponent);
 				exponent = NULL;
 				}
@@ -220,7 +220,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val,
 #ifndef OPENSSL_NO_EC
 		else if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_EC )
 			{
-			pX509Cert->Assign(9, make_intrusive<StringVal>("ecdsa"));
+			pX509Cert->Assign(9, "ecdsa");
 			pX509Cert->Assign(12, KeyCurve(pkey));
 			}
 #endif
@@ -232,7 +232,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val,
 
 		unsigned int length = KeyLength(pkey);
 		if ( length > 0 )
-			pX509Cert->Assign(10, val_mgr->Count(length));
+			pX509Cert->Assign(10, length);
 
 		EVP_PKEY_free(pkey);
 		}
@@ -292,10 +292,10 @@ void X509::ParseBasicConstraints(X509_EXTENSION* ex)
 		if ( x509_ext_basic_constraints )
 			{
 			auto pBasicConstraint = make_intrusive<RecordVal>(BifType::Record::X509::BasicConstraints);
-			pBasicConstraint->Assign(0, val_mgr->Bool(constr->ca));
+			pBasicConstraint->Assign(0, constr->ca);
 
 			if ( constr->pathlen )
-				pBasicConstraint->Assign(1, val_mgr->Count((int32_t) ASN1_INTEGER_get(constr->pathlen)));
+				pBasicConstraint->Assign(1, static_cast<int32_t>(ASN1_INTEGER_get(constr->pathlen)));
 
 			event_mgr.Enqueue(x509_ext_basic_constraints,
 			                  GetFile()->ToVal(),
@@ -436,7 +436,7 @@ void X509::ParseSAN(X509_EXTENSION* ext)
 		if ( ips != nullptr )
 			sanExt->Assign(3, ips);
 
-		sanExt->Assign(4, val_mgr->Bool(otherfields));
+		sanExt->Assign(4, otherfields);
 
 		event_mgr.Enqueue(x509_ext_subject_alternative_name,
 		                        GetFile()->ToVal(),

src/file_analysis/analyzer/x509/X509Common.cc

@@ -273,13 +273,13 @@ void X509Common::ParseExtension(X509_EXTENSION* ex, const EventHandlerPtr& h, bo
 		ext_val = make_intrusive<StringVal>(0, "");
 
 	auto pX509Ext = make_intrusive<RecordVal>(BifType::Record::X509::Extension);
-	pX509Ext->Assign(0, make_intrusive<StringVal>(name));
+	pX509Ext->Assign(0, name);
 
 	if ( short_name and strlen(short_name) > 0 )
-		pX509Ext->Assign(1, make_intrusive<StringVal>(short_name));
+		pX509Ext->Assign(1, short_name);
 
-	pX509Ext->Assign(2, make_intrusive<StringVal>(oid));
+	pX509Ext->Assign(2, oid);
-	pX509Ext->Assign(3, val_mgr->Bool(critical));
+	pX509Ext->Assign(3, critical);
 	pX509Ext->Assign(4, ext_val);
 
 	// send off generic extension event

src/file_analysis/analyzer/x509/functions.bif

@@ -16,8 +16,8 @@ static zeek::RecordValPtr x509_result_record(uint64_t num, const char* reason, z
 	{
 	auto rrecord = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::X509::Result);
 
-	rrecord->Assign(0, zeek::val_mgr->Int(num));
+	rrecord->Assign(0, num);
-	rrecord->Assign(1, zeek::make_intrusive<zeek::StringVal>(reason));
+	rrecord->Assign(1, reason);
 	if ( chainVector )
 		rrecord->Assign(2, std::move(chainVector));
 
@@ -37,7 +37,7 @@ STACK_OF(X509)* x509_get_untrusted_stack(zeek::VectorVal* certs_vec)
 
 	for ( int i = 1; i < (int) certs_vec->Size(); ++i ) // start at 1 - 0 is host cert
 		{
-		const auto& sv = certs_vec->At(i);
+		auto sv = certs_vec->ValAt(i);
 
 		if ( ! sv )
 			continue;
@@ -232,7 +232,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
 
 	// host certificate
 	unsigned int index = 0; // to prevent overloading to 0pointer
-	const auto& sv = certs_vec->At(index);
+	auto sv = certs_vec->ValAt(index);
 	if ( ! sv )
 		{
 		zeek::emit_builtin_error("undefined value in certificate vector");
@@ -518,7 +518,7 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str
 
 	// host certificate
 	unsigned int index = 0; // to prevent overloading to 0pointer
-	const auto& sv = certs_vec->At(index);
+	auto sv = certs_vec->ValAt(index);
 	if ( !sv )
 		{
 		zeek::emit_builtin_error("undefined value in certificate vector");

src/iosource/Packet.cc

@@ -117,12 +117,12 @@ RecordValPtr Packet::ToRawPktHdrVal() const
 		l2_hdr->Assign(4, FmtEUI48(data));  	// dst
 
 		if ( vlan )
-			l2_hdr->Assign(5, val_mgr->Count(vlan));
+			l2_hdr->Assign(5, vlan);
 
 		if ( inner_vlan )
-			l2_hdr->Assign(6, val_mgr->Count(inner_vlan));
+			l2_hdr->Assign(6, inner_vlan);
 
-		l2_hdr->Assign(7, val_mgr->Count(eth_type));
+		l2_hdr->Assign(7, eth_type);
 
 		if ( eth_type == ETHERTYPE_ARP || eth_type == ETHERTYPE_REVARP )
 			// We also identify ARP for L3 over ethernet
@@ -131,8 +131,8 @@ RecordValPtr Packet::ToRawPktHdrVal() const
 	else
 		l2_hdr->Assign(0, BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_UNKNOWN));
 
-	l2_hdr->Assign(1, val_mgr->Count(len));
+	l2_hdr->Assign(1, len);
-	l2_hdr->Assign(2, val_mgr->Count(cap_len));
+	l2_hdr->Assign(2, cap_len);
 
 	l2_hdr->Assign(8, BifType::Enum::layer3_proto->GetEnumVal(l3));
 

src/iosource/pcap/pcap.bif

@@ -127,9 +127,9 @@ function findalldevs%(%): Pcap::Interfaces
 		{
 		auto r = make_intrusive<RecordVal>(iface_type);
 
-		r->Assign(0, make_intrusive<StringVal>(d->name));
+		r->Assign(0, d->name);
 		if ( d->description )
-			r->Assign(1, make_intrusive<StringVal>(d->description));
+			r->Assign(1, d->description);
 
 		auto addrs = make_intrusive<ListVal>(TYPE_ADDR);
 		for ( auto addr = d->addresses; addr != NULL; addr = addr->next )
@@ -146,11 +146,11 @@ function findalldevs%(%): Pcap::Interfaces
 				}
 			}
 		r->Assign(2, addrs->ToSetVal());
-		r->Assign(3, val_mgr->Bool(d->flags & PCAP_IF_LOOPBACK));
+		r->Assign(3, static_cast<bool>(d->flags & PCAP_IF_LOOPBACK));
 #ifdef PCAP_IF_UP
 		// These didn't become available until libpcap 1.6.1
-		r->Assign(4, val_mgr->Bool(d->flags & PCAP_IF_UP));
+		r->Assign(4, static_cast<bool>(d->flags & PCAP_IF_UP));
-		r->Assign(5, val_mgr->Bool(d->flags & PCAP_IF_RUNNING));
+		r->Assign(5, static_cast<bool>(d->flags & PCAP_IF_RUNNING));
 #endif
 
 		pcap_interfaces->Assign(std::move(r), nullptr);

src/logging/Manager.cc

@@ -1045,7 +1045,7 @@ threading::Value* Manager::ValToLogVal(Val* val, Type* ty)
 		for ( bro_int_t i = 0; i < lval->val.vector_val.size; i++ )
 			{
 			lval->val.vector_val.vals[i] =
-				ValToLogVal(vec->At(i).get(),
+				ValToLogVal(vec->ValAt(i).get(),
 					    vec->GetType()->Yield().get());
 			}
 
@@ -1095,9 +1095,12 @@ threading::Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter,
 		// potentially be nested inside other records.
 		list<int>& indices = filter->indices[i];
 
+		ValPtr val_ptr;
+
 		for ( list<int>::iterator j = indices.begin(); j != indices.end(); ++j )
 			{
-			val = val->AsRecordVal()->GetField(*j).get();
+			val_ptr = val->AsRecordVal()->GetField(*j);
+			val = val_ptr.get();
 
 			if ( ! val )
 				{
@@ -1514,9 +1517,9 @@ std::string Manager::FormatRotationPath(EnumValPtr writer,
 	auto ri = make_intrusive<RecordVal>(BifType::Record::Log::RotationFmtInfo);
 	ri->Assign(0, std::move(writer));
 	ri->Assign<StringVal>(1, path.size(), path.data());
-	ri->Assign<TimeVal>(2, open);
+	ri->AssignTime(2, open);
-	ri->Assign<TimeVal>(3, close);
+	ri->AssignTime(3, close);
-	ri->Assign(4, val_mgr->Bool(terminating));
+	ri->Assign(4, terminating);
 	ri->Assign<FuncVal>(5, std::move(postprocessor));
 
 	std::string rval;
@@ -1605,11 +1608,11 @@ bool Manager::FinishedRotation(WriterFrontend* writer, const char* new_name, con
 
 	auto info = make_intrusive<RecordVal>(BifType::Record::Log::RotationInfo);
 	info->Assign(0, {NewRef{}, winfo->type});
-	info->Assign(1, make_intrusive<StringVal>(new_name));
+	info->Assign(1, new_name);
-	info->Assign(2, make_intrusive<StringVal>(winfo->writer->Info().path));
+	info->Assign(2, winfo->writer->Info().path);
-	info->Assign(3, make_intrusive<TimeVal>(open));
+	info->AssignTime(3, open);
-	info->Assign(4, make_intrusive<TimeVal>(close));
+	info->AssignTime(4, close);
-	info->Assign(5, val_mgr->Bool(terminating));
+	info->Assign(5, terminating);
 
 	static auto default_ppf = id::find_func("Log::__default_rotation_postprocessor");
 

src/logging/writers/ascii/Ascii.cc

@@ -818,11 +818,11 @@ void Ascii::RotateLeftoverLogs()
 
 		auto rot_info = make_intrusive<RecordVal>(rot_info_type);
 		rot_info->Assign(0, writer_val);
-		rot_info->Assign<StringVal>(1, rotation_path);
+		rot_info->Assign(1, rotation_path);
-		rot_info->Assign<StringVal>(2, ll.Path());
+		rot_info->Assign(2, ll.Path());
-		rot_info->Assign<TimeVal>(3, ll.open_time);
+		rot_info->AssignTime(3, double(ll.open_time));
-		rot_info->Assign<TimeVal>(4, ll.close_time);
+		rot_info->AssignTime(4, double(ll.close_time));
-		rot_info->Assign(5, val_mgr->False());
+		rot_info->Assign(5, false);
 
 		if ( rename(ll.filename.data(), rotation_path.data()) != 0 )
 			reporter->FatalError("Found leftover/unprocessed log '%s', but "

src/option.bif

@@ -80,7 +80,8 @@ function Option::set%(ID: string, val: any, location: string &default=""%): bool
 
 	if ( same_type(val->GetType(), zeek::Broker::detail::DataVal::ScriptDataType()) )
 		{
-		auto dv = static_cast<zeek::Broker::detail::DataVal*>(val->AsRecordVal()->GetField(0).get());
+		auto valptr = val->AsRecordVal()->GetField(0);
+		auto dv = static_cast<zeek::Broker::detail::DataVal*>(valptr.get());
 		auto val_from_data = dv->castTo(i->GetType().get());
 
 		if ( ! val_from_data )

src/script_opt/DefItem.cc

@@ -1,7 +1,7 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
-#include "DefItem.h"
+#include "zeek/Expr.h"
-#include "Expr.h"
+#include "zeek/script_opt/DefItem.h"
 
 
 namespace zeek::detail {

src/script_opt/ReachingDefs.cc

@@ -1,7 +1,7 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 
 #include "zeek/script_opt/ReachingDefs.h"
-#include "Desc.h"
+#include "zeek/Desc.h"
 
 
 namespace zeek::detail {

src/stats.bif

@@ -57,10 +57,10 @@ function get_net_stats%(%): NetStats
 	auto r = zeek::make_intrusive<zeek::RecordVal>(NetStats);
 	int n = 0;
 
-	r->Assign(n++, zeek::val_mgr->Count(recv));
+	r->Assign(n++, recv);
-	r->Assign(n++, zeek::val_mgr->Count(drop));
+	r->Assign(n++, drop);
-	r->Assign(n++, zeek::val_mgr->Count(link));
+	r->Assign(n++, link);
-	r->Assign(n++, zeek::val_mgr->Count(bytes_recv));
+	r->Assign(n++, bytes_recv);
 
 	return r;
 	%}
@@ -86,16 +86,16 @@ function get_conn_stats%(%): ConnStats
 	auto r = zeek::make_intrusive<zeek::RecordVal>(ConnStats);
 	int n = 0;
 
-	r->Assign(n++, zeek::val_mgr->Count(Connection::TotalConnections()));
+	r->Assign(n++, Connection::TotalConnections());
-	r->Assign(n++, zeek::val_mgr->Count(Connection::CurrentConnections()));
+	r->Assign(n++, Connection::CurrentConnections());
-	r->Assign(n++, zeek::val_mgr->Count(sessions->CurrentConnections()));
+	r->Assign(n++, sessions->CurrentConnections());
 
 	SessionStats s;
 	if ( sessions )
 		sessions->GetStats(s);
 
 #define ADD_STAT(x) \
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(sessions ? x : 0)));
+	r->Assign(n++, static_cast<uint64_t>(sessions ? x : 0));
 
 	ADD_STAT(s.num_packets);
 	ADD_STAT(s.num_fragments);
@@ -110,7 +110,7 @@ function get_conn_stats%(%): ConnStats
 	ADD_STAT(s.max_ICMP_conns);
 	ADD_STAT(s.cumulative_ICMP_conns);
 
-	r->Assign(n++, zeek::val_mgr->Count(zeek::detail::killed_by_inactivity));
+	r->Assign(n++, zeek::detail::killed_by_inactivity);
 
 	return r;
 	%}
@@ -147,27 +147,27 @@ function get_proc_stats%(%): ProcStats
 		double(ru.ru_stime.tv_sec) + double(ru.ru_stime.tv_usec) / 1e6;
 
 #ifdef DEBUG
-	r->Assign(n++, zeek::val_mgr->Count(1));
+	r->Assign(n++, true);
 #else
-	r->Assign(n++, zeek::val_mgr->Count(0));
+	r->Assign(n++, false);
 #endif
 
-	r->Assign(n++, zeek::make_intrusive<zeek::TimeVal>(zeek::run_state::zeek_start_time));
+	r->AssignTime(n++, zeek::run_state::zeek_start_time);
 
-	r->Assign(n++, zeek::make_intrusive<zeek::IntervalVal>(elapsed_time, Seconds));
+	r->AssignInterval(n++, elapsed_time);
-	r->Assign(n++, zeek::make_intrusive<zeek::IntervalVal>(user_time, Seconds));
+	r->AssignInterval(n++, user_time);
-	r->Assign(n++, zeek::make_intrusive<zeek::IntervalVal>(system_time, Seconds));
+	r->AssignInterval(n++, system_time);
 
 	uint64_t total_mem;
 	zeek::util::get_memory_usage(&total_mem, NULL);
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(total_mem)));
+	r->Assign(n++, static_cast<uint64_t>(total_mem));
 
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(ru.ru_minflt)));
+	r->Assign(n++, static_cast<uint64_t>(ru.ru_minflt));
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(ru.ru_majflt)));
+	r->Assign(n++, static_cast<uint64_t>(ru.ru_majflt));
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(ru.ru_nswap)));
+	r->Assign(n++, static_cast<uint64_t>(ru.ru_nswap));
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(ru.ru_inblock)));
+	r->Assign(n++, static_cast<uint64_t>(ru.ru_inblock));
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(ru.ru_oublock)));
+	r->Assign(n++, static_cast<uint64_t>(ru.ru_oublock));
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(ru.ru_nivcsw)));
+	r->Assign(n++, static_cast<uint64_t>(ru.ru_nivcsw));
 
 	return r;
 	%}
@@ -193,8 +193,8 @@ function get_event_stats%(%): EventStats
 	auto r = zeek::make_intrusive<zeek::RecordVal>(EventStats);
 	int n = 0;
 
-	r->Assign(n++, zeek::val_mgr->Count(event_mgr.num_events_queued));
+	r->Assign(n++, event_mgr.num_events_queued);
-	r->Assign(n++, zeek::val_mgr->Count(event_mgr.num_events_dispatched));
+	r->Assign(n++, event_mgr.num_events_dispatched);
 
 	return r;
 	%}
@@ -220,10 +220,10 @@ function get_reassembler_stats%(%): ReassemblerStats
 	auto r = zeek::make_intrusive<zeek::RecordVal>(ReassemblerStats);
 	int n = 0;
 
-	r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_FILE)));
+	r->Assign(n++, Reassembler::MemoryAllocation(zeek::REASSEM_FILE));
-	r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_FRAG)));
+	r->Assign(n++, Reassembler::MemoryAllocation(zeek::REASSEM_FRAG));
-	r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_TCP)));
+	r->Assign(n++, Reassembler::MemoryAllocation(zeek::REASSEM_TCP));
-	r->Assign(n++, zeek::val_mgr->Count(Reassembler::MemoryAllocation(zeek::REASSEM_UNKNOWN)));
+	r->Assign(n++, Reassembler::MemoryAllocation(zeek::REASSEM_UNKNOWN));
 
 	return r;
 	%}
@@ -252,12 +252,12 @@ function get_dns_stats%(%): DNSStats
 	zeek::detail::DNS_Mgr::Stats dstats;
 	zeek::detail::dns_mgr->GetStats(&dstats);
 
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(dstats.requests)));
+	r->Assign(n++, static_cast<uint64_t>(dstats.requests));
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(dstats.successful)));
+	r->Assign(n++, static_cast<uint64_t>(dstats.successful));
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(dstats.failed)));
+	r->Assign(n++, static_cast<uint64_t>(dstats.failed));
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(dstats.pending)));
+	r->Assign(n++, static_cast<uint64_t>(dstats.pending));
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(dstats.cached_hosts)));
+	r->Assign(n++, static_cast<uint64_t>(dstats.cached_hosts));
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(dstats.cached_addresses)));
+	r->Assign(n++, static_cast<uint64_t>(dstats.cached_addresses));
 
 	return r;
 	%}
@@ -283,9 +283,9 @@ function get_timer_stats%(%): TimerStats
 	auto r = zeek::make_intrusive<zeek::RecordVal>(TimerStats);
 	int n = 0;
 
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(zeek::detail::timer_mgr->Size())));
+	r->Assign(n++, static_cast<uint64_t>(zeek::detail::timer_mgr->Size()));
-	r->Assign(n++, zeek::val_mgr->Count(unsigned(zeek::detail::timer_mgr->PeakSize())));
+	r->Assign(n++, static_cast<uint64_t>(zeek::detail::timer_mgr->PeakSize()));
-	r->Assign(n++, zeek::val_mgr->Count(zeek::detail::timer_mgr->CumulativeNum()));
+	r->Assign(n++, zeek::detail::timer_mgr->CumulativeNum());
 
 	return r;
 	%}
@@ -311,9 +311,9 @@ function get_file_analysis_stats%(%): FileAnalysisStats
 	auto r = zeek::make_intrusive<zeek::RecordVal>(FileAnalysisStats);
 	int n = 0;
 
-	r->Assign(n++, zeek::val_mgr->Count(zeek::file_mgr->CurrentFiles()));
+	r->Assign(n++, zeek::file_mgr->CurrentFiles());
-	r->Assign(n++, zeek::val_mgr->Count(zeek::file_mgr->MaxFiles()));
+	r->Assign(n++, zeek::file_mgr->MaxFiles());
-	r->Assign(n++, zeek::val_mgr->Count(zeek::file_mgr->CumulativeFiles()));
+	r->Assign(n++, zeek::file_mgr->CumulativeFiles());
 
 	return r;
 	%}
@@ -339,7 +339,7 @@ function get_thread_stats%(%): ThreadStats
 	auto r = zeek::make_intrusive<zeek::RecordVal>(ThreadStats);
 	int n = 0;
 
-	r->Assign(n++, zeek::val_mgr->Count(zeek::thread_mgr->NumThreads()));
+	r->Assign(n++, zeek::thread_mgr->NumThreads());
 
 	return r;
 	%}
@@ -365,10 +365,10 @@ function get_gap_stats%(%): GapStats
 	auto r = zeek::make_intrusive<zeek::RecordVal>(GapStats);
 	int n = 0;
 
-	r->Assign(n++, zeek::val_mgr->Count(zeek::detail::tot_ack_events));
+	r->Assign(n++, zeek::detail::tot_ack_events);
-	r->Assign(n++, zeek::val_mgr->Count(zeek::detail::tot_ack_bytes));
+	r->Assign(n++, zeek::detail::tot_ack_bytes);
-	r->Assign(n++, zeek::val_mgr->Count(zeek::detail::tot_gap_events));
+	r->Assign(n++, zeek::detail::tot_gap_events);
-	r->Assign(n++, zeek::val_mgr->Count(zeek::detail::tot_gap_bytes));
+	r->Assign(n++, zeek::detail::tot_gap_bytes);
 
 	return r;
 	%}
@@ -402,13 +402,13 @@ function get_matcher_stats%(%): MatcherStats
 	if ( zeek::detail::rule_matcher )
 		zeek::detail::rule_matcher->GetStats(&s);
 
-	r->Assign(n++, zeek::val_mgr->Count(s.matchers));
+	r->Assign(n++, s.matchers);
-	r->Assign(n++, zeek::val_mgr->Count(s.nfa_states));
+	r->Assign(n++, s.nfa_states);
-	r->Assign(n++, zeek::val_mgr->Count(s.dfa_states));
+	r->Assign(n++, s.dfa_states);
-	r->Assign(n++, zeek::val_mgr->Count(s.computed));
+	r->Assign(n++, s.computed);
-	r->Assign(n++, zeek::val_mgr->Count(s.mem));
+	r->Assign(n++, s.mem);
-	r->Assign(n++, zeek::val_mgr->Count(s.hits));
+	r->Assign(n++, s.hits);
-	r->Assign(n++, zeek::val_mgr->Count(s.misses));
+	r->Assign(n++, s.misses);
 
 	return r;
 	%}
@@ -436,15 +436,15 @@ function get_broker_stats%(%): BrokerStats
 	int n = 0;
 
 	auto cs = broker_mgr->GetStatistics();
-	r->Assign(n++, zeek::val_mgr->Count(static_cast<uint64_t>(cs.num_peers)));
+	r->Assign(n++, static_cast<uint64_t>(cs.num_peers));
-	r->Assign(n++, zeek::val_mgr->Count(static_cast<uint64_t>(cs.num_stores)));
+	r->Assign(n++, static_cast<uint64_t>(cs.num_stores));
-	r->Assign(n++, zeek::val_mgr->Count(static_cast<uint64_t>(cs.num_pending_queries)));
+	r->Assign(n++, static_cast<uint64_t>(cs.num_pending_queries));
-	r->Assign(n++, zeek::val_mgr->Count(static_cast<uint64_t>(cs.num_events_incoming)));
+	r->Assign(n++, static_cast<uint64_t>(cs.num_events_incoming));
-	r->Assign(n++, zeek::val_mgr->Count(static_cast<uint64_t>(cs.num_events_outgoing)));
+	r->Assign(n++, static_cast<uint64_t>(cs.num_events_outgoing));
-	r->Assign(n++, zeek::val_mgr->Count(static_cast<uint64_t>(cs.num_logs_incoming)));
+	r->Assign(n++, static_cast<uint64_t>(cs.num_logs_incoming));
-	r->Assign(n++, zeek::val_mgr->Count(static_cast<uint64_t>(cs.num_logs_outgoing)));
+	r->Assign(n++, static_cast<uint64_t>(cs.num_logs_outgoing));
-	r->Assign(n++, zeek::val_mgr->Count(static_cast<uint64_t>(cs.num_ids_incoming)));
+	r->Assign(n++, static_cast<uint64_t>(cs.num_ids_incoming));
-	r->Assign(n++, zeek::val_mgr->Count(static_cast<uint64_t>(cs.num_ids_outgoing)));
+	r->Assign(n++, static_cast<uint64_t>(cs.num_ids_outgoing));
 
 	return r;
 	%}
@@ -478,7 +478,7 @@ function get_reporter_stats%(%): ReporterStats
 		weirds_by_type->Assign(std::move(weird), zeek::val_mgr->Count(kv.second));
 		}
 
-	r->Assign(n++, zeek::val_mgr->Count(reporter->GetWeirdCount()));
+	r->Assign(n++, reporter->GetWeirdCount());
 	r->Assign(n++, std::move(weirds_by_type));
 
 	return r;

src/strings.bif

@@ -104,7 +104,7 @@ function join_string_vec%(vec: string_vec, sep: string%): string
 		if ( i > 0 )
 			d.Add(sep->CheckString(), 0);
 
-		const auto& e = v->At(i);
+		auto e = v->ValAt(i);
 
 		// If the element is empty, skip it.
 		if ( ! e )

src/supervisor/Supervisor.cc

@@ -1255,7 +1255,7 @@ Supervisor::NodeConfig Supervisor::NodeConfig::FromRecord(const RecordVal* node)
 
 	for ( auto i = 0u; i < scripts_val->Size(); ++i )
 		{
-		auto script = scripts_val->At(i)->AsStringVal()->ToStdString();
+		auto script = scripts_val->StringValAt(i)->ToStdString();
 		rval.scripts.emplace_back(std::move(script));
 		}
 
@@ -1348,22 +1348,22 @@ RecordValPtr Supervisor::NodeConfig::ToRecord() const
 	{
 	const auto& rt = BifType::Record::Supervisor::NodeConfig;
 	auto rval = make_intrusive<RecordVal>(rt);
-	rval->Assign(rt->FieldOffset("name"), make_intrusive<StringVal>(name));
+	rval->Assign(rt->FieldOffset("name"), name);
 
 	if ( interface )
-		rval->Assign(rt->FieldOffset("interface"), make_intrusive<StringVal>(*interface));
+		rval->Assign(rt->FieldOffset("interface"), *interface);
 
 	if ( directory )
-		rval->Assign(rt->FieldOffset("directory"), make_intrusive<StringVal>(*directory));
+		rval->Assign(rt->FieldOffset("directory"), *directory);
 
 	if ( stdout_file )
-		rval->Assign(rt->FieldOffset("stdout_file"), make_intrusive<StringVal>(*stdout_file));
+		rval->Assign(rt->FieldOffset("stdout_file"), *stdout_file);
 
 	if ( stderr_file )
-		rval->Assign(rt->FieldOffset("stderr_file"), make_intrusive<StringVal>(*stderr_file));
+		rval->Assign(rt->FieldOffset("stderr_file"), *stderr_file);
 
 	if ( cpu_affinity )
-		rval->Assign(rt->FieldOffset("cpu_affinity"), val_mgr->Int(*cpu_affinity));
+		rval->Assign(rt->FieldOffset("cpu_affinity"), *cpu_affinity);
 
 	auto st = rt->GetFieldType<VectorType>("scripts");
 	auto scripts_val = make_intrusive<VectorVal>(std::move(st));
@@ -1390,7 +1390,7 @@ RecordValPtr Supervisor::NodeConfig::ToRecord() const
 		val->Assign(ept->FieldOffset("p"), val_mgr->Port(ep.port, TRANSPORT_TCP));
 
 		if ( ep.interface )
-			val->Assign(ept->FieldOffset("interface"), make_intrusive<StringVal>(*ep.interface));
+			val->Assign(ept->FieldOffset("interface"), *ep.interface);
 
 		cluster_val->Assign(std::move(key), std::move(val));
 		}
@@ -1406,7 +1406,7 @@ RecordValPtr SupervisorNode::ToRecord() const
 	rval->Assign(rt->FieldOffset("node"), config.ToRecord());
 
 	if ( pid )
-		rval->Assign(rt->FieldOffset("pid"), val_mgr->Int(pid));
+		rval->Assign(rt->FieldOffset("pid"), pid);
 
 	return rval;
 	}
@@ -1464,11 +1464,11 @@ bool SupervisedNode::InitCluster() const
 
 		if ( ep.interface )
 			val->Assign(cluster_node_type->FieldOffset("interface"),
-			            make_intrusive<StringVal>(*ep.interface));
+			            *ep.interface);
 
 		if ( manager_name && ep.role != BifEnum::Supervisor::MANAGER )
 			val->Assign(cluster_node_type->FieldOffset("manager"),
-			            make_intrusive<StringVal>(*manager_name));
+			            *manager_name);
 
 		cluster_nodes->Assign(std::move(key), std::move(val));
 		}

src/supervisor/supervisor.bif

@@ -86,7 +86,7 @@ function Supervisor::__node%(%): Supervisor::NodeConfig
 		zeek::emit_builtin_error("not a supervised process");
 		const auto& rt = zeek::BifType::Record::Supervisor::NodeConfig;
 		auto rval = zeek::make_intrusive<zeek::RecordVal>(rt);
-		rval->Assign<zeek::StringVal>(rt->FieldOffset("name"), "<invalid>");
+		rval->Assign(rt->FieldOffset("name"), "<invalid>");
 		return rval;
 		}
 

src/util.cc

@@ -835,10 +835,10 @@ FILE* rotate_file(const char* name, RecordVal* rotate_info)
 	// Init rotate_info.
 	if ( rotate_info )
 		{
-		rotate_info->Assign<StringVal>(0, name);
+		rotate_info->Assign(0, name);
-		rotate_info->Assign<StringVal>(1, newname);
+		rotate_info->Assign(1, newname);
-		rotate_info->Assign<TimeVal>(2, run_state::network_time);
+		rotate_info->AssignTime(2, run_state::network_time);
-		rotate_info->Assign<TimeVal>(3, run_state::network_time);
+		rotate_info->AssignTime(3, run_state::network_time);
 		}
 
 	return newf;

src/zeek.bif

@@ -819,7 +819,7 @@ function paraglob_init%(v: any%) : opaque of paraglob
 	VectorVal* vv = v->AsVectorVal();
 	for ( unsigned int i = 0; i < vv->Size(); ++i )
 		{
-		const String* s = vv->At(i)->AsString();
+		auto s = vv->StringAt(i);
 		patterns.push_back(std::string(reinterpret_cast<const char*>(s->Bytes()), s->Len()));
 		}
 
@@ -1057,11 +1057,11 @@ function find_entropy%(data: string%): entropy_test_result
 
 	static auto entropy_test_result = zeek::id::find_type<zeek::RecordType>("entropy_test_result");
 	auto ent_result = zeek::make_intrusive<zeek::RecordVal>(entropy_test_result);
-	ent_result->Assign(0, zeek::make_intrusive<zeek::DoubleVal>(ent));
+	ent_result->Assign(0, ent);
-	ent_result->Assign(1, zeek::make_intrusive<zeek::DoubleVal>(chisq));
+	ent_result->Assign(1, chisq);
-	ent_result->Assign(2, zeek::make_intrusive<zeek::DoubleVal>(mean));
+	ent_result->Assign(2, mean);
-	ent_result->Assign(3, zeek::make_intrusive<zeek::DoubleVal>(montepi));
+	ent_result->Assign(3, montepi);
-	ent_result->Assign(4, zeek::make_intrusive<zeek::DoubleVal>(scc));
+	ent_result->Assign(4, scc);
 	return ent_result;
 	%}
 
@@ -1109,11 +1109,11 @@ function entropy_test_finish%(handle: opaque of entropy%): entropy_test_result
 
 	static auto entropy_test_result = zeek::id::find_type<zeek::RecordType>("entropy_test_result");
 	auto ent_result = zeek::make_intrusive<zeek::RecordVal>(entropy_test_result);
-	ent_result->Assign(0, zeek::make_intrusive<zeek::DoubleVal>(ent));
+	ent_result->Assign(0, ent);
-	ent_result->Assign(1, zeek::make_intrusive<zeek::DoubleVal>(chisq));
+	ent_result->Assign(1, chisq);
-	ent_result->Assign(2, zeek::make_intrusive<zeek::DoubleVal>(mean));
+	ent_result->Assign(2, mean);
-	ent_result->Assign(3, zeek::make_intrusive<zeek::DoubleVal>(montepi));
+	ent_result->Assign(3, montepi);
-	ent_result->Assign(4, zeek::make_intrusive<zeek::DoubleVal>(scc));
+	ent_result->Assign(4, scc);
 	return ent_result;
 	%}
 
@@ -1297,7 +1297,7 @@ function any_set%(v: any%) : bool
 
 	VectorVal* vv = v->AsVectorVal();
 	for ( unsigned int i = 0; i < vv->Size(); ++i )
-		if ( vv->At(i) && vv->At(i)->AsBool() )
+		if ( vv->BoolAt(i) )
 			return zeek::val_mgr->True();
 
 	return zeek::val_mgr->False();
@@ -1326,78 +1326,18 @@ function all_set%(v: any%) : bool
 
 	VectorVal* vv = v->AsVectorVal();
 	for ( unsigned int i = 0; i < vv->Size(); ++i )
-		if ( ! vv->At(i) || ! vv->At(i)->AsBool() )
+		if ( ! vv->BoolAt(i) )
 			return zeek::val_mgr->False();
 
 	return zeek::val_mgr->True();
 	%}
 
-%%{
-static zeek::Func* sort_function_comp = nullptr;
-static std::vector<const zeek::ValPtr*> index_map;	// used for indirect sorting to support order()
-
-bool sort_function(const zeek::ValPtr& a, const zeek::ValPtr& b)
-	{
-	// Sort missing values as "high".
-	if ( ! a )
-		return 0;
-	if ( ! b )
-		return 1;
-
-	auto result = sort_function_comp->Invoke(a, b);
-	int int_result = result->CoerceToInt();
-
-	return int_result < 0;
-	}
-
-bool indirect_sort_function(size_t a, size_t b)
-	{
-	return sort_function(*index_map[a], *index_map[b]);
-	}
-
-bool signed_sort_function (const zeek::ValPtr& a, const zeek::ValPtr& b)
-	{
-	if ( ! a )
-		return 0;
-	if ( ! b )
-		return 1;
-
-	auto ia = a->CoerceToInt();
-	auto ib = b->CoerceToInt();
-
-	return ia < ib;
-	}
-
-bool unsigned_sort_function (const zeek::ValPtr& a, const zeek::ValPtr& b)
-	{
-	if ( ! a )
-		return 0;
-	if ( ! b )
-		return 1;
-
-	auto ia = a->CoerceToUnsigned();
-	auto ib = b->CoerceToUnsigned();
-
-	return ia < ib;
-	}
-
-bool indirect_signed_sort_function(size_t a, size_t b)
-	{
-	return signed_sort_function(*index_map[a], *index_map[b]);
-	}
-
-bool indirect_unsigned_sort_function(size_t a, size_t b)
-	{
-	return unsigned_sort_function(*index_map[a], *index_map[b]);
-	}
-%%}
-
 ## Sorts a vector in place. The second argument is a comparison function that
 ## takes two arguments: if the vector type is ``vector of T``, then the
 ## comparison function must be ``function(a: T, b: T): int``, which returns
 ## a value less than zero if ``a < b`` for some type-specific notion of the
 ## less-than operator.  The comparison function is optional if the type
-## is an integral type (int, count, etc.).
+## is a numeric type (int, count, double, time, etc.).
 ##
 ## v: The vector instance to sort.
 ##
@@ -1419,7 +1359,10 @@ function sort%(v: any, ...%) : any
 	zeek::Func* comp = nullptr;
 
 	if ( @ARG@.size() > 2 )
+		{
 		zeek::emit_builtin_error("sort() called with extraneous argument");
+		return rval;
+		}
 
 	if ( @ARG@.size() == 2 )
 		{
@@ -1431,36 +1374,27 @@ function sort%(v: any, ...%) : any
 			}
 
 		comp = comp_val->AsFunc();
-		}
-
-	if ( ! comp && ! IsIntegral(elt_type->Tag()) )
-		zeek::emit_builtin_error("comparison function required for sort() with non-integral types");
-
-	auto vv = v->As<zeek::VectorVal*>();
-
-	if ( comp )
-		{
 		const auto& comp_type = comp->GetType();
 
 		if ( comp_type->Yield()->Tag() != zeek::TYPE_INT ||
-		     ! comp_type->ParamList()->AllMatch(elt_type, 0) )
+		     ! comp_type->ParamList()->AllMatch(elt_type, 0) ||
+		     comp_type->ParamList()->GetTypes().size() != 2 )
 			{
 			zeek::emit_builtin_error("invalid comparison function in call to sort()");
 			return rval;
 			}
-
-		sort_function_comp = comp;
-
-		vv->Sort(sort_function);
 		}
-	else
+
+	if ( ! comp && ! IsIntegral(elt_type->Tag()) &&
+	     elt_type->InternalType() != TYPE_INTERNAL_DOUBLE )
 		{
-		if ( elt_type->InternalType() == zeek::TYPE_INTERNAL_UNSIGNED )
+		zeek::emit_builtin_error("comparison function required for sort() with non-numeric types");
-			vv->Sort(unsigned_sort_function);
+		return rval;
-		else
-			vv->Sort(signed_sort_function);
 		}
 
+	auto vv = v->As<zeek::VectorVal*>();
+	vv->Sort(comp);
+
 	return rval;
 	%}
 
@@ -1477,19 +1411,22 @@ function sort%(v: any, ...%) : any
 ## .. zeek:see:: sort
 function order%(v: any, ...%) : index_vec
 	%{
-	auto result_v = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
+	auto err_v = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
 
 	if ( v->GetType()->Tag() != zeek::TYPE_VECTOR )
 		{
 		zeek::emit_builtin_error("order() requires vector");
-		return result_v;
+		return err_v;
 		}
 
 	const auto& elt_type = v->GetType()->Yield();
 	zeek::Func* comp = nullptr;
 
 	if ( @ARG@.size() > 2 )
+		{
 		zeek::emit_builtin_error("order() called with extraneous argument");
+		return err_v;
+		}
 
 	if ( @ARG@.size() == 2 )
 		{
@@ -1501,57 +1438,27 @@ function order%(v: any, ...%) : index_vec
 			}
 
 		comp = comp_val->AsFunc();
-		}
 
-	if ( ! comp && ! IsIntegral(elt_type->Tag()) )
-		zeek::emit_builtin_error("comparison function required for order() with non-integral types");
-
-	auto vv = v->As<zeek::VectorVal*>();
-	auto n = vv->Size();
-
-	// Set up initial mapping of indices directly to corresponding
-	// elements.
-	vector<size_t> ind_vv(n);
-	index_map.reserve(n);
-	size_t i;
-	for ( i = 0; i < n; ++i )
-		{
-		ind_vv[i] = i;
-		index_map.emplace_back(&vv->At(i));
-		}
-
-	if ( comp )
-		{
 		const auto& comp_type = comp->GetType();
 		if ( comp_type->Yield()->Tag() != zeek::TYPE_INT ||
-		     ! comp_type->ParamList()->AllMatch(elt_type, 0) )
+		     ! comp_type->ParamList()->AllMatch(elt_type, 0) ||
+		     comp_type->ParamList()->GetTypes().size() != 2 )
 			{
 			zeek::emit_builtin_error("invalid comparison function in call to order()");
 			return zeek::ValPtr{zeek::NewRef{}, v};
 			}
-
-		sort_function_comp = comp;
-
-		sort(ind_vv.begin(), ind_vv.end(), indirect_sort_function);
 		}
-	else
+
+	if ( ! comp && ! IsIntegral(elt_type->Tag()) &&
+	     elt_type->InternalType() != TYPE_INTERNAL_DOUBLE )
 		{
-		if ( elt_type->InternalType() == zeek::TYPE_INTERNAL_UNSIGNED )
+		zeek::emit_builtin_error("comparison function required for order() with non-numeric types");
-			sort(ind_vv.begin(), ind_vv.end(), indirect_unsigned_sort_function);
+		return err_v;
-		else
-			sort(ind_vv.begin(), ind_vv.end(), indirect_signed_sort_function);
 		}
 
-	index_map = {};
+	auto vv = v->As<zeek::VectorVal*>();
 
-	// Now spin through ind_vv to read out the rearrangement.
+	return vv->Order(comp);
-	for ( i = 0; i < n; ++i )
-		{
-		int ind = ind_vv[i];
-		result_v->Assign(i, zeek::val_mgr->Count(ind));
-		}
-
-	return result_v;
 	%}
 
 # ===========================================================================
@@ -2023,10 +1930,10 @@ function packet_source%(%): PacketSource
 
 	if ( ps )
 		{
-		r->Assign(0, zeek::val_mgr->Bool(ps->IsLive()));
+		r->Assign(0, ps->IsLive());
-		r->Assign(1, zeek::make_intrusive<zeek::StringVal>(ps->Path()));
+		r->Assign(1, ps->Path());
-		r->Assign(2, zeek::val_mgr->Int(ps->LinkType()));
+		r->Assign(2, ps->LinkType());
-		r->Assign(3, zeek::val_mgr->Count(ps->Netmask()));
+		r->Assign(3, ps->Netmask());
 		}
 
 	return r;
@@ -2076,13 +1983,13 @@ function global_ids%(%): id_table
 		const auto& id = global.second;
 		static auto script_id = zeek::id::find_type<zeek::RecordType>("script_id");
 		auto rec = zeek::make_intrusive<zeek::RecordVal>(script_id);
-		rec->Assign(0, zeek::make_intrusive<zeek::StringVal>(type_name(id->GetType()->Tag())));
+		rec->Assign(0, type_name(id->GetType()->Tag()));
-		rec->Assign(1, zeek::val_mgr->Bool(id->IsExport()));
+		rec->Assign(1, id->IsExport());
-		rec->Assign(2, zeek::val_mgr->Bool(id->IsConst()));
+		rec->Assign(2, id->IsConst());
-		rec->Assign(3, zeek::val_mgr->Bool(id->IsEnumConst()));
+		rec->Assign(3, id->IsEnumConst());
-		rec->Assign(4, zeek::val_mgr->Bool(id->IsOption()));
+		rec->Assign(4, id->IsOption());
-		rec->Assign(5, zeek::val_mgr->Bool(id->IsRedefinable()));
+		rec->Assign(5, id->IsRedefinable());
-		rec->Assign(6, zeek::val_mgr->Bool(id->GetAttr(zeek::detail::ATTR_BACKEND) != zeek::detail::Attr::nil));
+		rec->Assign(6, id->GetAttr(zeek::detail::ATTR_BACKEND) != zeek::detail::Attr::nil);
 
 		if ( id->HasVal() )
 			rec->Assign(7, id->GetVal());
@@ -2332,14 +2239,14 @@ function backtrace%(%): Backtrace
 		const auto& params = ci.func->GetType()->Params();
 		auto args = MakeCallArgumentVector(ci.args, params);
 
-		elem->Assign<StringVal>(function_name_idx, ci.func->Name());
+		elem->Assign(function_name_idx, ci.func->Name());
 		elem->Assign(function_args_idx, std::move(args));
 
 		if ( ci.call )
 			{
 			auto loc = ci.call->GetLocationInfo();
-			elem->Assign<StringVal>(file_location_idx, loc->filename);
+			elem->Assign(file_location_idx, loc->filename);
-			elem->Assign(line_location_idx, val_mgr->Count(loc->first_line));
+			elem->Assign(line_location_idx, loc->first_line);
 			}
 
 		rval->Assign(rval->Size(), std::move(elem));
@@ -3511,18 +3418,18 @@ function lookup_connection%(cid: conn_id%): connection
 	c->Assign(0, std::move(id_val));
 
 	auto orig_endp = zeek::make_intrusive<zeek::RecordVal>(zeek::id::endpoint);
-	orig_endp->Assign(0, zeek::val_mgr->Count(0));
+	orig_endp->Assign(0, 0);
-	orig_endp->Assign(1, zeek::val_mgr->Count(int(0)));
+	orig_endp->Assign(1, 0);
 
 	auto resp_endp = zeek::make_intrusive<zeek::RecordVal>(zeek::id::endpoint);
-	resp_endp->Assign(0, zeek::val_mgr->Count(0));
+	resp_endp->Assign(0, 0);
-	resp_endp->Assign(1, zeek::val_mgr->Count(int(0)));
+	resp_endp->Assign(1, 0);
 
 	c->Assign(1, std::move(orig_endp));
 	c->Assign(2, std::move(resp_endp));
 
-	c->Assign(3, zeek::make_intrusive<zeek::TimeVal>(zeek::run_state::network_time));
+	c->AssignTime(3, zeek::run_state::network_time);
-	c->Assign(4, zeek::make_intrusive<zeek::IntervalVal>(0.0));
+	c->AssignInterval(4, 0.0);
 	c->Assign(5, zeek::make_intrusive<zeek::TableVal>(zeek::id::string_set));	// service
 	c->Assign(6, zeek::val_mgr->EmptyString());	// history
 
@@ -3532,8 +3439,7 @@ function lookup_connection%(cid: conn_id%): connection
 %%{
 const char* conn_id_string(zeek::Val* c)
 	{
-	auto id = c->As<zeek::RecordVal*>()->GetField(0);
+	auto id_r = c->As<zeek::RecordVal*>()->GetFieldAs<zeek::RecordVal>(0);
-	auto id_r = id->As<zeek::RecordVal*>();
 
 	const zeek::IPAddr& orig_h = id_r->GetFieldAs<zeek::AddrVal>(0);
 	uint32_t orig_p = id_r->GetFieldAs<zeek::PortVal>(1)->Port();
@@ -3592,19 +3498,19 @@ function get_current_packet%(%) : pcap_packet
 
 	if ( ! pkt_src || ! pkt_src->GetCurrentPacket(&p) )
 		{
-		pkt->Assign(0, zeek::val_mgr->Count(0));
+		pkt->Assign(0, 0);
-		pkt->Assign(1, zeek::val_mgr->Count(0));
+		pkt->Assign(1, 0);
-		pkt->Assign(2, zeek::val_mgr->Count(0));
+		pkt->Assign(2, 0);
-		pkt->Assign(3, zeek::val_mgr->Count(0));
+		pkt->Assign(3, 0);
 		pkt->Assign(4, zeek::val_mgr->EmptyString());
 		pkt->Assign(5, zeek::BifType::Enum::link_encap->GetEnumVal(BifEnum::LINK_UNKNOWN));
 		return pkt;
 		}
 
-	pkt->Assign(0, zeek::val_mgr->Count(uint32_t(p->ts.tv_sec)));
+	pkt->Assign(0, static_cast<uint32_t>(p->ts.tv_sec));
-	pkt->Assign(1, zeek::val_mgr->Count(uint32_t(p->ts.tv_usec)));
+	pkt->Assign(1, static_cast<uint32_t>(p->ts.tv_usec));
-	pkt->Assign(2, zeek::val_mgr->Count(p->cap_len));
+	pkt->Assign(2, p->cap_len);
-	pkt->Assign(3, zeek::val_mgr->Count(p->len));
+	pkt->Assign(3, p->len);
 	pkt->Assign(4, zeek::make_intrusive<zeek::StringVal>(p->cap_len, (const char*)p->data));
 	pkt->Assign(5, zeek::BifType::Enum::link_encap->GetEnumVal(p->link_type));
 
@@ -4834,8 +4740,8 @@ function rotate_file%(f: file%): rotate_info
 	info = zeek::make_intrusive<zeek::RecordVal>(rotate_info);
 	info->Assign(0, zeek::val_mgr->EmptyString());
 	info->Assign(1, zeek::val_mgr->EmptyString());
-	info->Assign(2, zeek::make_intrusive<zeek::TimeVal>(0.0));
+	info->AssignTime(2, 0.0);
-	info->Assign(3, zeek::make_intrusive<zeek::TimeVal>(0.0));
+	info->AssignTime(3, 0.0);
 
 	return info;
 	%}
@@ -4877,8 +4783,8 @@ function rotate_file_by_name%(f: string%): rotate_info
 		// Record indicating error.
 		info->Assign(0, zeek::val_mgr->EmptyString());
 		info->Assign(1, zeek::val_mgr->EmptyString());
-		info->Assign(2, zeek::make_intrusive<zeek::TimeVal>(0.0));
+		info->AssignTime(2, 0.0);
-		info->Assign(3, zeek::make_intrusive<zeek::TimeVal>(0.0));
+		info->AssignTime(3, 0.0);
 		return info;
 		}
 
@@ -4886,12 +4792,12 @@ function rotate_file_by_name%(f: string%): rotate_info
 
 	if ( is_pkt_dumper )
 		{
-		info->Assign(2, zeek::make_intrusive<zeek::TimeVal>(zeek::run_state::detail::pkt_dumper->OpenTime()));
+		info->AssignTime(2, zeek::run_state::detail::pkt_dumper->OpenTime());
 		zeek::run_state::detail::pkt_dumper->Open();
 		}
 
 	if ( is_addl_pkt_dumper )
-		info->Assign(2, zeek::make_intrusive<zeek::TimeVal>(addl_pkt_dumper->OpenTime()));
+		info->AssignTime(2, addl_pkt_dumper->OpenTime());
 
 	return info;
 	%}

testing/btest/Baseline/bifs.sort/out

@@ -3,12 +3,14 @@
 [2, 3, 5, 8]
 [-7.0 mins, 1.0 sec, 5.0 hrs, 2.0 days]
 [-7.0 mins, 1.0 sec, 5.0 hrs, 2.0 days]
+[T, F, F, T]
+[T, F, F, T]
 [F, F, T, T]
 [F, F, T, T]
-[57/tcp, 123/tcp, 7/udp, 500/udp, 12/icmp]
+[12/icmp, 123/tcp, 500/udp, 7/udp, 57/tcp]
-[57/tcp, 123/tcp, 7/udp, 500/udp, 12/icmp]
+[12/icmp, 123/tcp, 500/udp, 7/udp, 57/tcp]
-[3.03, 3.01, 3.02, 3.015]
+[3.01, 3.015, 3.02, 3.03]
-[3.03, 3.01, 3.02, 3.015]
+[3.01, 3.015, 3.02, 3.03]
 [192.168.123.200, 10.0.0.157, 192.168.0.3]
 [192.168.123.200, 10.0.0.157, 192.168.0.3]
 [10.0.0.157, 192.168.0.3, 192.168.123.200]

testing/btest/Baseline/language.record-index-complex-fields/output

@@ -11,7 +11,7 @@ b
 }
 }
 {
-[a=13, tags_v=[, , 2, 3], tags_t={
+[a=13, tags_v=[0, 0, 2, 3], tags_t={
 [four] = 4,
 [five] = 5
 }, tags_s={

testing/btest/Baseline/language.smith-waterman-test/output

@@ -1,33 +1,33 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 abcdefgh - ijklmnop:
 AAAabcefghij - lmnopAAAqrst:
-tok 1: AAA (0/5, T)
+tok 0: AAA (0/5, T)
 abcAAAefghij - lmnopAAAqrst:
-tok 1: AAA (3/5, T)
+tok 0: AAA (3/5, T)
 abcefghijAAA - lmnopAAAqrst:
-tok 1: AAA (9/5, T)
+tok 0: AAA (9/5, T)
 xxxAAAyyy - AAAaAAAbAAA:
-tok 1: AAA (3/0, T)
+tok 0: AAA (3/0, T)
-tok 2: AAA (3/4, T)
+tok 1: AAA (3/4, T)
-tok 3: AAA (3/8, T)
+tok 2: AAA (3/8, T)
 AAAaAAAbAAA - xxxAAAyyy:
-tok 1: AAA (0/3, T)
+tok 0: AAA (0/3, T)
-tok 2: AAA (4/3, T)
+tok 1: AAA (4/3, T)
-tok 3: AAA (8/3, T)
+tok 2: AAA (8/3, T)
 xxCDyABzCDyABzz - ABCD:
-tok 1: CD (2/2, T)
+tok 0: CD (2/2, T)
-tok 2: AB (5/0, T)
+tok 1: AB (5/0, T)
-tok 3: CD (8/2, F)
+tok 2: CD (8/2, F)
-tok 4: AB (11/0, T)
+tok 3: AB (11/0, T)
 ABCD - xxCDyABzCDyABzz:
-tok 1: CD (2/2, T)
+tok 0: CD (2/2, T)
-tok 2: AB (0/5, T)
+tok 1: AB (0/5, T)
-tok 3: CD (2/8, F)
+tok 2: CD (2/8, F)
-tok 4: AB (0/11, T)
+tok 3: AB (0/11, T)
 Cache-control: no-cache^M^JAccept: - Accept-: deflate^M^JAccept-: Accept-:
-tok 1: Accept (27/0, T)
+tok 0: Accept (27/0, T)
-tok 2: e^M^JAccept (22/15, T)
+tok 1: e^M^JAccept (22/15, T)
-tok 3: Accept (27/29, T)
+tok 2: Accept (27/29, T)
 xxAAxxAAxx - yyyyyAAyyyyy:
-tok 1: AA (2/5, T)
+tok 0: AA (2/5, T)
-tok 2: AA (6/5, T)
+tok 1: AA (6/5, T)

testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json/ssh.log

@@ -1,2 +1,2 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-{"b":true,"i":-42,"e":"SSH::LOG","c":21,"p":123,"sn":"10.0.0.0/24","a":"1.2.3.4","d":3.14,"t":XXXXXXXXXX.XXXXXX,"iv":100.0,"s":"hurz","sc":[4,2,3,1],"ss":["CC","BB","AA"],"se":[],"vc":[10,20,30],"ve":[],"vn":[0,null,2],"f":"SSH::foo\n{ \nif (0 < SSH::i) \n\treturn (Foo);\nelse\n\treturn (Bar);\n\n}"}
+{"b":true,"i":-42,"e":"SSH::LOG","c":21,"p":123,"sn":"10.0.0.0/24","a":"1.2.3.4","d":3.14,"t":XXXXXXXXXX.XXXXXX,"iv":100.0,"s":"hurz","sc":[4,2,3,1],"ss":["CC","BB","AA"],"se":[],"vc":[10,20,30],"ve":[],"vn":[0,0,2],"f":"SSH::foo\n{ \nif (0 < SSH::i) \n\treturn (Foo);\nelse\n\treturn (Bar);\n\n}"}

testing/btest/Baseline/scripts.base.utils.json/output

@@ -29,7 +29,7 @@ XXXXXXXXXX.XXXXXX
 ["1.2.3.4"]
 [[false,true]]
 [{"s":"test"}]
-[0,null,2]
+[0,0,2]
 []
 [2,1]
 ["1.2.3.4"]

testing/btest/bifs/sort.zeek

@@ -20,6 +20,16 @@ function myfunc2(a: double, b: double): int
 		return 1;
 	}
 
+function myfunc3(a: bool, b: bool): int
+	{
+	if (a == b)
+		return 0;
+	else if (a)
+		return 1;
+	else
+		return -1;
+	}
+
 event zeek_init()
 	{
 	# Tests without supplying a comparison function
@@ -34,17 +44,23 @@ event zeek_init()
 	print a2;
 	print b2;
 
+	# this one is expected to fail (i.e., "sort" doesn't sort the vector)
 	local a3: vector of bool = vector( T, F, F, T );
 	local b3 = sort(a3);
 	print a3;
 	print b3;
 
+	local a3x: vector of bool = vector( T, F, F, T );
+	local b3x = sort(a3x, myfunc3);
+	print a3x;
+	print b3x;
+
+	# this one is expected to fail (i.e., "sort" doesn't sort the vector)
 	local a4: vector of port = vector( 12/icmp, 123/tcp, 500/udp, 7/udp, 57/tcp );
 	local b4 = sort(a4);
 	print a4;
 	print b4;
 
-	# this one is expected to fail (i.e., "sort" doesn't sort the vector)
 	local a5: vector of double = vector( 3.03, 3.01, 3.02, 3.015  );
 	local b5 = sort(a5);
 	print a5;

testing/btest/language/smith-waterman-test.zeek

@@ -12,7 +12,7 @@ global s1: string_vec;
 global s2: string_vec;
 
 # Single alignment, no matches:
-s1[++c] = "abcdefgh";
+s1[c] = "abcdefgh";
 s2[c] = "ijklmnop";
 min[c] = 2;;
 mode[c] = 0;
@@ -83,6 +83,6 @@ for ( i in s1 )
 
 	for ( j in ss )
 		print fmt("tok %d: %s (%d/%d, %s)",
-				j, ss[j]$str, ss[j]$aligns[1]$index,
+				j, ss[j]$str, ss[j]$aligns[0]$index,
-				ss[j]$aligns[2]$index, ss[j]$new);
+				ss[j]$aligns[1]$index, ss[j]$new);
 	}