3. Frequently Asked Questions¶
3.1. Spicy Language¶
Are Spicy’s global variables really global?
Indeed, they are. Changes to global variables become visible to all Spicy code; their values are not associated with specific connections or other dynamic state. If they are public, they can even be accessed from other, unrelated modules as well. This all means that globals often won’t be the right tool for the job; it’s rare that a parser needs truly global state. Take a look at Contexts for a different mechanism tying state to the current connection, which is a much more common requirement.
Is there a way to speed up compilation of Spicy code?
Depending on the complexity of the Spicy code, processing through
spicy-driver may take a bit. The bulk of the
time time tends to be spent on compiling the generated C++ code; often
about 80-90%. Make sure to run spicy-precompile-headers to speed that up a little. During
development of new parsers, it also helps quite a bit to build
non-optimized debug versions by adding
--debug to the
If you want to see a break-down of where Spicy spends its time, run
the tools with
--report-times. (In the output at the end,
refers to compiling generated C++ code).
Do I need a Spicy installation for using the Zeek plugin?
No, if the Zeek plugin was compiled with
it will not require Spicy to be installed on the system. It will only
be able to load pre-compiled analyzers then (i.e.,
which you can create on a similar system that has Spicy installed
through spicyz. The build process will leave a binary
distribution inside your build directory at
Does Spicy support Dynamic Protocol Detection (DPD)?
Yes, see the corresponding section on how to add it to your analyzers.
The Zeek plugin by default disables the output of Spicy-side
Spicy::enable_print=T to the Zeek
command line (or
redef Spicy::enable_print=T; to a Zeek script
that you are loading).