Zeek function types are serialized as a broker::vector, but the
unserialization logic for Zeek set/table types that use a function for
as an index incorrectly identified it as a composite-index, which also
use broker::vector, rather than a singleton-index, and makes such
unserialization fail.
A general example where this failure can happen in practice is when
trying to unserialize a connection record for which there's a
Conn::RemovalHook, since that's a set[function], and a specific case of
that is use of the Intel Framework in a Zeek cluster.
- Minor adjustments to header includes, whitespace, and a
compiler warning fix during merge
* origin/topic/neverlord/gh-1408:
Add new Timer class to the telemetry API
Fix build with latest VectorVal API
Update baselines
Prefix telemetry BIFs with __
Expose telemetry API to scripting land
Add handle types for histogram metrics
Move duplicated code to detail header
Adhere to Zeek coding style
Apply suggestions from code review
Add telemetry Manager to Zeek setup / teardown
Add missing whitespaces for Zeek coding style
Add gauge metric types
Add scaffold for new metrics API with counters
On Alpine (BusyBox `sed`), the previous `sed -e '$a\'` invocation always
added a newline, breaking most every diff. There doesn't seem to be a
need to attempt normalizing EOF newlines at the moment and doing it that
way doesn't seem to be portable anyway. If canonifiers need to be
portable, `sed` should be treated as a text-processing tool and POSIX
definition of text-file is zero or more newline-terminated
character-sequences, so if canonification of Baselines via `sed` is
required, those Baselines should always end with a newline to be
considered text files. I.e. that's not the job of this canonifier, and
changing it also doesn't necessarily generalize since it could be
considered coincidental that diff-remove-timestamps in particular is the
default canonifier that's commonly used while there's still others that
also make use of `sed`.
* origin/topic/vern/global-stmts:
whitespace adjustment
"balance" tests with multiple Zeek scripts to load the same elements
put global statements into a quasi-function to support script optimization
The change in 44f558df7b that made analyzer_list
a std::vector instead of a std::list doesn't take into account that in some
cases an analyzer may chain back into itself, such as with UDP-in-UDP tunnels.
In these cases, the second call to ForwardPacket may cause iterator
invalidation, leading to a crash.
* origin/topic/vern/zval: (42 commits)
whitespace tweaks
resolved some TODO comments
remove unnecessary casts, and change necessary ones to use static_cast<>
explain cmp_func default
change functions for ZVal type management to static members
fix some unsigned/signed integer warnings
address lint concern about uninitialized variable
Remove use of obsolete forward-declaration macros
fix #include's that lack zeek/ prefixes
explicitly populate holes created in vectors
fixes for now-incorrect assumption that GetField always returns an existing ValPtr
memory management for assignment to vector elements
memory management for assignment to record fields
destructor cleanup from ZAM_vector/ZAM_record
fix #include's that lack zeek/ prefixes
overlooked another way in which vector holes can be created
initialize vector holes to the correct corresponding type
explicitly populate holes created in vectors
fix other instances of GetField().get() assuming long-lived ValPtr's
fix for now-incorrect assumption that GetField always returns an existing ValPtr
...
- Removed a couple of dead statements during merge
* origin/topic/vern/cpp-new-func:
option for deterministic descriptions of sets & tables
determinism for concurrent Zeek test suite invocations; split out deprecations
disambiguate descriptions of enums; include attributes when describing records
more liberal view of attribute equality; allow suppressing attr type-checking
support for operations on sets that return new values
low-level addition of enum values
sundry accessors/cast-ers; RE_Matcher's track their construction values
convenience functions for comparing IP addresses
Broker::create_master() and Broker::create_clone() now return
a valid value even when there's a failure to open the backend database
(e.g. SQLite filesystem error). In that case, the returned value can
still be passed into other data store operations, but they'll fail
immediately with an error. Broker::is_closed() can now also be used to
determine whether the data store creation calls failed.
- Added explicit test case of "unused assignement" warning and
&is_used suppression during merge.
* origin/topic/vern/use-defs:
activate &is_used
removed unnecessary statement flagged by Coverity (thanks, Jon!)
Adjust reference/move nitpicks in use-def/reduce code
Adjust some whitespace in UseDefs.cc
updates to "usage" test suite alternative now that more warnings are generated
suppress usage warning in baseline script
"xform" alternative baseline update, needed for recent change to master
baseline update due to shift in number of lines in base intel framework script
environment variable (which has precedence) not flags for baseline usage test
splitting out "usage" test suite alternative into -u/-uu versions
adding &is_used attribute for base scripts - not actually needed yet, but will be once optimization is added
removing unused assignments from base scripts
driver glue for invoking use-def construction
classes for managing and propagating use-defs
enhancements/changes to the Reduce class in preparation for use-defs
some tidying with smart pointers
flag/environment variable for dumping use-defs
&is_used attribute to suppress set-but-not-used usage warnings
whitespace micro-preening
When a text with an (escaped) zero byte was passed to ParseValue, only
the part of the string up to the zero byte was copied, but the length of
the full string was passed to the input framework.
This leads to the input manager reading over the end of the buffer.
Fixeszeek/zeek#1398
GCC has a "feature" where it doesn't realize that files in the
src/zeek/... tree are the same as files in the normal 'src/' tree. This
leads the coverage script to send duplicates to Coveralls and pollute
the display with them. The new script scrapes the intermediate output
from lcov and de-duplicates anything in src/zeek/ to be just from src/.
Use of --parse-only would previously exit before --usage-issues had a
chance to analyze scripts and report any discovered issues and it can be
useful to combine both flags for checking scripts for mistakes without
actually executing any code.
This also improves the behavior of --parse-only in combination with
reporting problems in signature files (previously, it exited before
even reading them).
* origin/topic/vern/reaching-defs: (36 commits)
added &is_assigned test case for variable rather than record field
Speedup ReachingDefs logic by ~15%
Simplify ReachingDefs::RDMap() accessor
test for -uu correctly tracking $?, and not misled by conditional assignments
&is_set => &is_assigned
remove pending maybe-reconsider-this comment
fixes for ?$ operator - always track it, and assume subrecords are initialized
speedup (and more coherent memory management) for tracking RDs
fixes for generating and evaluating RDs associate with ?$ expressions
fix for failure to reduce InlineExpr's to CatchReturnStmt's
inlining fix: propagate identifier attributes (such as &is_set)
tidier memory management
fix for an ancient bug - surprising that this hasn't caused problems previously
Fix IntrusivePtr release leaks in reaching-def logic
Change dynamic_cast in reaching-def logic to static_cast
Adjust some reaching-def memory management
Update a couple baselines for "xform" alternative
Adjust various reaching-def move/reference semantics
Change LambdaExpr::OuterIDs() accessor to return const-reference
Simplify declaration of DefPointType enum
...
