Previously, an assertion was triggered in debug builds upon any attempt
to insert or remove a Dictionary entry while any iteration of that
Dictionary is underway and also even in cases where Dictionary membership
was not actually modified (and thus invalidates a loop).
Now, it emits run-time warnings regardless of build-type and only when
insert/remove operations truly change the Dictionary membership. In the
context of a Zeek script causing an invalidation, the warning message
also now helps pinpoint the exact expression that causes it.
For `|x|`, where `x` is an expression with an integral result, an
implicit coercion of that result into signed `int` type no longer takes
place.
This was actually the behavior before Zeek 3.0 as well, but the attempt
to prevent mistakes that easily result from integer literals in Zeek
being unsigned like `|5 - 9|` causing an overflow/wraparound and
yielding a very large number is not generally consistent since overflows
are still generally able to happen in other ways and also in other
contexts besides just absolute-values. So the preference was to revert
to a behavior that favors consistency. For reference, see
https://github.com/zeek/zeek/pull/251#issuecomment-713956976
* origin/topic/jsiwek/gh-822-ubsan-ci:
Fix negative-value-left-shift undefined behavior in patricia trie
Improve negation of ConstExpr
Avoid signed integer overflow when combining SMB header PID bits
Avoid unary negation of INT64_MIN in modp_litoa10
Avoid double-to-int conversion overflows in modp_dtoa functions
Fix divide-by-zero in Entropy analyzer
Fix divide-by-zero in stats/profiling memory usage calculation
Fix uninitialized field in POP3 fuzzer
Add framework for running UndefinedBehaviorSanitizer in CI
* Instead of creating a NegExpr for negation of a literal/constant,
a ConstExpr is now created directly.
* For negation of integer literals, there's now an additional check
for whether the integer would be outside the range of possible 'int'
values. This can also help prevent the undefined behavior due to
overflow as a result of trying to represent the minimum 'int' value of
-9223372036854775808 as a literal in a script -- the unsigned value is
cast to signed yielding INT64_MIN, then INT64_MIN is negated.
Historically, a 'when' condition performed an AST-traversal to locate
any index-expressions like `x[9]` and evaluated them so that it could
register the associated value as something for which it needs to receive
"modification" notifications.
Evaluating arbitrary expressions during an AST-traversal like that ignores
the typical order-of-evaluation/short-circuiting you'd expect if the
condition was evaluated normally, from its root expression.
Now, a new subclass of IndexExpr is used to keep track of all IndexExpr
results in the context of evaluating a 'when' condition without having
to do a secondary AST-traversal-and-eval. i.e. the first evaluation of
the full 'when' condition follows the typical expression-evaluation
semantics (as always), but additionally now captures all the values
a Trigger needs to monitor for modifications.
Those operations done between a vector-of-interval and a
vector-of-arithmetic-type previously threw a runtime expression error
due to an incorrect coercion being used internally.
* origin/topic/jsiwek/gh-1122:
GH-165: Fix global initializations that indirectly use builtin types
Improve how primary/top-level BIFs get initialized
GH-1122: Allow initializing globals with calls to subdir BIFs
GH-1122: Improve error for global record initialization exceptions
- Replaced "tag" with "attribute" in the error message since the former
is not exactly the same concept/meaning and also not user-facing
terminology
* origin/topic/timw/174-duplicate-attributes:
Allow duplicate attributes in full redefs
Short-circuit checking of whether attr exists
Expanded check for other tag types, fixed btest to cover more tags
GH-174: Add warning for duplicate attributes
- Use `-b` most everywhere, it will save time.
- Start some intel tests upon the input file being fully read instead of
at an arbitrary time.
- Improve termination condition for some sumstats/cluster tests.
- Filter uninteresting output from some supervisor tests.
- Test for `notice_policy.log` is no longer needed.
* origin/topic/jsiwek/gh-1080-error-on-enum-redefinition-conflict:
Fix incorrect conflict detection of namespaced-enum-names
Improve error message for an enum name conflicting with non-enum ID
GH-1080: Treat enum name re-use across different enum types as an error
GH-1080: Rename conflicting NetControl::DROP enum definitions
Fixes GH-1080
E.g. defining a `Foo::RED` enum name when a `GLOBAL::RED` identifier
already exists would previously be treated as an error, even though the
names don't truly conflict.
Local frame offsets were being assigned based on number of the alternate
prototype's parameters, which may end up having less total parameters
than the canonical prototype, causing the local value to incorrectly
overwrite an event/hook argument value.
Particularly, this is meant for using &deprecated on canonical
event/hook prototype parameters to encourage users to create handlers
to another, non-deprecated prototype. i.e. for canonical prototypes,
we may not always want to put &deprecated directly on the prototype
itself since that signals deprecation of the ID entirely.
- Changed the logic significantly to just guarantee there's only ever a
single inactivity timer per connection
- Updated language.expire_subnet btest which is unduly sensitive to
timer-related changes
* origin/topic/jazoff/avoid-redundant-inactivity-timers:
avoid scheduling redundant inactivity timers
For event/hook handlers that had a previous declaration, any &default
arguments are ineffective. Only &default uses in the initial
prototype's arguments have an effect (that includes if the handler
is actually the site at which the declaration occurs).
When the only existing handler doesn't use the full argument list, still
have to ensure the full frame is allocated because all arguments get set
regardless.
This fixes it to again allow the old behavior of matching a handler
against the canonical prototype as long as all argument types, but not
necessarily names, match.
