Merge branch 'topic/bbannier/day2'

.pre-commit-config.yaml

@@ -2,7 +2,7 @@
 # See https://pre-commit.com/hooks.html for more hooks
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.6.0
+  rev: v5.0.0
   hooks:
   - id: trailing-whitespace
   - id: end-of-file-fixer
@@ -16,26 +16,36 @@ repos:
     types: [json]
 
 - repo: https://github.com/igorshubovych/markdownlint-cli
-  rev: v0.41.0
+  rev: v0.43.0
   hooks:
   # - id: markdownlint
   - id: markdownlint-fix
 
 - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
-  rev: v2.13.0
+  rev: v2.14.0
   hooks:
   - id: pretty-format-yaml
     args: [--autofix, --indent, '2']
 
 - repo: https://github.com/crate-ci/typos
-  rev: v1.22.0
+  rev: v1.29.4
   hooks:
   - id: typos
 
 - repo: https://github.com/streetsidesoftware/cspell-cli
-  rev: v8.8.2
+  rev: v8.17.1
   hooks:
   - id: cspell
     types: [markdown]
 
-exclude: src\/[css|js]
+- repo: https://github.com/rhysd/actionlint
+  rev: v1.7.7
+  hooks:
+  - id: actionlint
+
+- repo: https://github.com/pre-commit/mirrors-eslint
+  rev: v9.18.0
+  hooks:
+  - id: eslint
+
+exclude: src/(css|js)/(mermaid|mdbook).*

Makefile

@@ -7,5 +7,8 @@ build: docker.json
 	)
 	@rm docker.json
 
+start: build
+	python3 -m http.server --directory $$PWD/book
+
 docker.json: Dockerfile
 	docker build --metadata-file docker.json .

book.toml

@@ -8,20 +8,23 @@ title = "Introduction to Spicy"
 [output.html]
 additional-css = ["./src/css/mdbook-admonish.css", "./mdbook-admonish.css"]
 additional-js = [
+        "./src/js/solutions.js",
         "./src/js/highlight-evt.js",
         "./src/js/highlight-spicy.js",
+        "./src/js/highlight-spicy_batch.js",
         "./src/js/highlight-zeek.js",
         "./src/js/mermaid-init.js",
         "./src/js/mermaid.min.js",
 ]
 edit-url-template = "https://github.com/zeek/spicy-course/edit/main/{path}"
+no-section-label = true
 
 [output.html.code.hidelines]
 spicy = "###"
 ruby = "###"
 
 [output.html.fold]
-enable = true
+enable = false
 level = 0
 
 # [output.linkcheck]
@@ -31,7 +34,7 @@ level = 0
 # [preprocessor.svgbob]
 [preprocessor.admonish]
 command = "mdbook-admonish"
-assets_version = "3.0.0" # do not edit: managed by `mdbook-admonish install`
+assets_version = "3.0.2" # do not edit: managed by `mdbook-admonish install`
 
 [preprocessor.mermaid]
 command = "mdbook-mermaid"

cspell.config.yaml

@@ -2,25 +2,61 @@ version: '0.2'
 ignorePaths: []
 dictionaryDefinitions: []
 dictionaries: []
+ignoreWords: []
+import: []
+
 words:
-- ABABAB
-- Bannier
+
+- -DSPICYZ
+- aaccept
+- ababab
+- acked
+- acontent
+- adate
+- aetag
+- alast
+- bannier
 - barify
+- bbannier
 - bitfield
 - bitfields
+- blksize
+- blocksize
 - btest
-- Codespace
-- HILTI
+- camtbx
+- codespace
+- csmqzc
+- dcjq
+- dcmake
+- duckduckgo
+- flamegraphs
+- fname
+- hashkey
+- hilti
+- hlto
 - inout
 - libpcap
 - mdbook
+- oack
 - packagedir
-- PCAP
-- POSIX
+- pcap
+- pktio
+- pkts
+- posix
+- quic
+- rbdum
+- redef
+- rgkg
+- samply
+- siem
 - spicyc
+- spicyz
 - struct
 - structs
 - subparsers
-- Zeek
-ignoreWords: []
-import: []
+- testbase
+- themself
+- tshark
+- wireshark
+- zeek
+- zeekygen

mdbook-admonish.css

@@ -1,20 +1,4 @@
 @charset "UTF-8";
-:root {
-  --md-admonition-icon--admonish-note: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z'/></svg>");
-  --md-admonition-icon--admonish-abstract: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M17 9H7V7h10m0 6H7v-2h10m-3 6H7v-2h7M12 3a1 1 0 0 1 1 1 1 1 0 0 1-1 1 1 1 0 0 1-1-1 1 1 0 0 1 1-1m7 0h-4.18C14.4 1.84 13.3 1 12 1c-1.3 0-2.4.84-2.82 2H5a2 2 0 0 0-2 2v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V5a2 2 0 0 0-2-2z'/></svg>");
-  --md-admonition-icon--admonish-info: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M13 9h-2V7h2m0 10h-2v-6h2m-1-9A10 10 0 0 0 2 12a10 10 0 0 0 10 10 10 10 0 0 0 10-10A10 10 0 0 0 12 2z'/></svg>");
-  --md-admonition-icon--admonish-tip: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M17.66 11.2c-.23-.3-.51-.56-.77-.82-.67-.6-1.43-1.03-2.07-1.66C13.33 7.26 13 4.85 13.95 3c-.95.23-1.78.75-2.49 1.32-2.59 2.08-3.61 5.75-2.39 8.9.04.1.08.2.08.33 0 .22-.15.42-.35.5-.23.1-.47.04-.66-.12a.58.58 0 0 1-.14-.17c-1.13-1.43-1.31-3.48-.55-5.12C5.78 10 4.87 12.3 5 14.47c.06.5.12 1 .29 1.5.14.6.41 1.2.71 1.73 1.08 1.73 2.95 2.97 4.96 3.22 2.14.27 4.43-.12 6.07-1.6 1.83-1.66 2.47-4.32 1.53-6.6l-.13-.26c-.21-.46-.77-1.26-.77-1.26m-3.16 6.3c-.28.24-.74.5-1.1.6-1.12.4-2.24-.16-2.9-.82 1.19-.28 1.9-1.16 2.11-2.05.17-.8-.15-1.46-.28-2.23-.12-.74-.1-1.37.17-2.06.19.38.39.76.63 1.06.77 1 1.98 1.44 2.24 2.8.04.14.06.28.06.43.03.82-.33 1.72-.93 2.27z'/></svg>");
-  --md-admonition-icon--admonish-success: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='m9 20.42-6.21-6.21 2.83-2.83L9 14.77l9.88-9.89 2.83 2.83L9 20.42z'/></svg>");
-  --md-admonition-icon--admonish-question: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='m15.07 11.25-.9.92C13.45 12.89 13 13.5 13 15h-2v-.5c0-1.11.45-2.11 1.17-2.83l1.24-1.26c.37-.36.59-.86.59-1.41a2 2 0 0 0-2-2 2 2 0 0 0-2 2H8a4 4 0 0 1 4-4 4 4 0 0 1 4 4 3.2 3.2 0 0 1-.93 2.25M13 19h-2v-2h2M12 2A10 10 0 0 0 2 12a10 10 0 0 0 10 10 10 10 0 0 0 10-10c0-5.53-4.5-10-10-10z'/></svg>");
-  --md-admonition-icon--admonish-warning: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M13 14h-2V9h2m0 9h-2v-2h2M1 21h22L12 2 1 21z'/></svg>");
-  --md-admonition-icon--admonish-failure: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M20 6.91 17.09 4 12 9.09 6.91 4 4 6.91 9.09 12 4 17.09 6.91 20 12 14.91 17.09 20 20 17.09 14.91 12 20 6.91z'/></svg>");
-  --md-admonition-icon--admonish-danger: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M11 15H6l7-14v8h5l-7 14v-8z'/></svg>");
-  --md-admonition-icon--admonish-bug: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M14 12h-4v-2h4m0 6h-4v-2h4m6-6h-2.81a5.985 5.985 0 0 0-1.82-1.96L17 4.41 15.59 3l-2.17 2.17a6.002 6.002 0 0 0-2.83 0L8.41 3 7 4.41l1.62 1.63C7.88 6.55 7.26 7.22 6.81 8H4v2h2.09c-.05.33-.09.66-.09 1v1H4v2h2v1c0 .34.04.67.09 1H4v2h2.81c1.04 1.79 2.97 3 5.19 3s4.15-1.21 5.19-3H20v-2h-2.09c.05-.33.09-.66.09-1v-1h2v-2h-2v-1c0-.34-.04-.67-.09-1H20V8z'/></svg>");
-  --md-admonition-icon--admonish-example: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M7 13v-2h14v2H7m0 6v-2h14v2H7M7 7V5h14v2H7M3 8V5H2V4h2v4H3m-1 9v-1h3v4H2v-1h2v-.5H3v-1h1V17H2m2.25-7a.75.75 0 0 1 .75.75c0 .2-.08.39-.21.52L3.12 13H5v1H2v-.92L4 11H2v-1h2.25z'/></svg>");
-  --md-admonition-icon--admonish-quote: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M14 17h3l2-4V7h-6v6h3M6 17h3l2-4V7H5v6h3l-2 4z'/></svg>");
-  --md-details-icon: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M8.59 16.58 13.17 12 8.59 7.41 10 6l6 6-6 6-1.41-1.42Z'/></svg>");
-}
-
 :is(.admonition) {
   display: flow-root;
   margin: 1.5625em 0;
@@ -71,6 +55,8 @@ a.admonition-anchor-link::before {
   padding-inline: 4.4rem 1.2rem;
   font-weight: 700;
   background-color: rgba(68, 138, 255, 0.1);
+  print-color-adjust: exact;
+  -webkit-print-color-adjust: exact;
   display: flex;
 }
 :is(.admonition-title, summary.admonition-title) p {
@@ -86,6 +72,8 @@ html :is(.admonition-title, summary.admonition-title):last-child {
   width: 2rem;
   height: 2rem;
   background-color: #448aff;
+  print-color-adjust: exact;
+  -webkit-print-color-adjust: exact;
   mask-image: url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"></svg>');
   -webkit-mask-image: url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"></svg>');
   mask-repeat: no-repeat;
@@ -119,6 +107,25 @@ details[open].admonition > summary.admonition-title::after {
   transform: rotate(90deg);
 }
 
+:root {
+  --md-details-icon: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M8.59 16.58 13.17 12 8.59 7.41 10 6l6 6-6 6-1.41-1.42Z'/></svg>");
+}
+
+:root {
+  --md-admonition-icon--admonish-note: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z'/></svg>");
+  --md-admonition-icon--admonish-abstract: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M17 9H7V7h10m0 6H7v-2h10m-3 6H7v-2h7M12 3a1 1 0 0 1 1 1 1 1 0 0 1-1 1 1 1 0 0 1-1-1 1 1 0 0 1 1-1m7 0h-4.18C14.4 1.84 13.3 1 12 1c-1.3 0-2.4.84-2.82 2H5a2 2 0 0 0-2 2v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V5a2 2 0 0 0-2-2z'/></svg>");
+  --md-admonition-icon--admonish-info: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M13 9h-2V7h2m0 10h-2v-6h2m-1-9A10 10 0 0 0 2 12a10 10 0 0 0 10 10 10 10 0 0 0 10-10A10 10 0 0 0 12 2z'/></svg>");
+  --md-admonition-icon--admonish-tip: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M17.66 11.2c-.23-.3-.51-.56-.77-.82-.67-.6-1.43-1.03-2.07-1.66C13.33 7.26 13 4.85 13.95 3c-.95.23-1.78.75-2.49 1.32-2.59 2.08-3.61 5.75-2.39 8.9.04.1.08.2.08.33 0 .22-.15.42-.35.5-.23.1-.47.04-.66-.12a.58.58 0 0 1-.14-.17c-1.13-1.43-1.31-3.48-.55-5.12C5.78 10 4.87 12.3 5 14.47c.06.5.12 1 .29 1.5.14.6.41 1.2.71 1.73 1.08 1.73 2.95 2.97 4.96 3.22 2.14.27 4.43-.12 6.07-1.6 1.83-1.66 2.47-4.32 1.53-6.6l-.13-.26c-.21-.46-.77-1.26-.77-1.26m-3.16 6.3c-.28.24-.74.5-1.1.6-1.12.4-2.24-.16-2.9-.82 1.19-.28 1.9-1.16 2.11-2.05.17-.8-.15-1.46-.28-2.23-.12-.74-.1-1.37.17-2.06.19.38.39.76.63 1.06.77 1 1.98 1.44 2.24 2.8.04.14.06.28.06.43.03.82-.33 1.72-.93 2.27z'/></svg>");
+  --md-admonition-icon--admonish-success: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='m9 20.42-6.21-6.21 2.83-2.83L9 14.77l9.88-9.89 2.83 2.83L9 20.42z'/></svg>");
+  --md-admonition-icon--admonish-question: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='m15.07 11.25-.9.92C13.45 12.89 13 13.5 13 15h-2v-.5c0-1.11.45-2.11 1.17-2.83l1.24-1.26c.37-.36.59-.86.59-1.41a2 2 0 0 0-2-2 2 2 0 0 0-2 2H8a4 4 0 0 1 4-4 4 4 0 0 1 4 4 3.2 3.2 0 0 1-.93 2.25M13 19h-2v-2h2M12 2A10 10 0 0 0 2 12a10 10 0 0 0 10 10 10 10 0 0 0 10-10c0-5.53-4.5-10-10-10z'/></svg>");
+  --md-admonition-icon--admonish-warning: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M13 14h-2V9h2m0 9h-2v-2h2M1 21h22L12 2 1 21z'/></svg>");
+  --md-admonition-icon--admonish-failure: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M20 6.91 17.09 4 12 9.09 6.91 4 4 6.91 9.09 12 4 17.09 6.91 20 12 14.91 17.09 20 20 17.09 14.91 12 20 6.91z'/></svg>");
+  --md-admonition-icon--admonish-danger: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M11 15H6l7-14v8h5l-7 14v-8z'/></svg>");
+  --md-admonition-icon--admonish-bug: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M14 12h-4v-2h4m0 6h-4v-2h4m6-6h-2.81a5.985 5.985 0 0 0-1.82-1.96L17 4.41 15.59 3l-2.17 2.17a6.002 6.002 0 0 0-2.83 0L8.41 3 7 4.41l1.62 1.63C7.88 6.55 7.26 7.22 6.81 8H4v2h2.09c-.05.33-.09.66-.09 1v1H4v2h2v1c0 .34.04.67.09 1H4v2h2.81c1.04 1.79 2.97 3 5.19 3s4.15-1.21 5.19-3H20v-2h-2.09c.05-.33.09-.66.09-1v-1h2v-2h-2v-1c0-.34-.04-.67-.09-1H20V8z'/></svg>");
+  --md-admonition-icon--admonish-example: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M7 13v-2h14v2H7m0 6v-2h14v2H7M7 7V5h14v2H7M3 8V5H2V4h2v4H3m-1 9v-1h3v4H2v-1h2v-.5H3v-1h1V17H2m2.25-7a.75.75 0 0 1 .75.75c0 .2-.08.39-.21.52L3.12 13H5v1H2v-.92L4 11H2v-1h2.25z'/></svg>");
+  --md-admonition-icon--admonish-quote: url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M14 17h3l2-4V7h-6v6h3M6 17h3l2-4V7H5v6h3l-2 4z'/></svg>");
+}
+
 :is(.admonition):is(.admonish-note) {
   border-color: #448aff;
 }

src/SUMMARY.md

@@ -1,9 +1,12 @@
 # Summary
 
-- [Goals of this course](./goals.md)
+[Goals of this course](./goals.md)
+
 - [Why Spicy?](./why_spicy.md)
 - [Prerequisites](./prerequisites.md)
 
+---
+
 - [Spicy language](./language.md)
   - [Hello world](./hello_world.md)
   - [Basic types](./basic_types.md)
@@ -36,7 +39,6 @@
   - [Lookahead parsing](./parsing_lookahead.md)
   - [Error recovery](./error_recovery.md)
   <!-- - [TODO: Loosely coupled parsers: sinks & filters]() -->
-  <!-- - [TODO: Hooks]() -->
 <!-- - [TODO: Spicy patterns]() -->
 
 #
@@ -51,7 +53,20 @@
     - [Forwarding to other analyzers](./zeek_forwarding_data.md)
     - [Sharing data across the same connection](./zeek_sharing_data_same_connection.md)
   - [Exercises](./zeek_protocol_analyzer_exercises.md)
-<!-- - [TODO: Debugging and profiling]() -->
+
+---
+
+- [Testing](./testing.md)
+  - [Parser unit testing](./testing_parser_unit_testing.md)
+  - [Testing parsers with shared state](./testing_parsers_with_shared_state.md)
+
+- [Day-2 parser operation](./day2_parser_operations.md)
+  - [Debugging](./debugging.md)
+    - [Logging basic parser operation](./debugging_basic_operation.md)
+    - [Exercise: Input not matching parser grammar](./debugging_unsupported_data.md)
+  - [Profiling](./profiling.md)
+    - [High-level profiling](./profiling_highlevel.md)
+    - [Low-level profiling](./profiling_lowlevel.md)
 
     <!-- TODO: type aliases -->
 

src/day2_parser_operations.md

@@ -0,0 +1,20 @@
+# Day-2 parser operation
+
+Congratulations! You have finished development of a Spicy-based Zeek analyzer
+which produces Zeek logs when exposed to its intended input; you even added a
+test suite to ensure that it behaves as intended.
+
+Your analyzer works in a controlled lab environment, but deploying and
+continuously operating it in a production environment will introduce new
+challenges, e.g.,
+
+- Your parser will see traffic you had not anticipated.
+- The traffic mix in production might force you to reevaluate tradeoffs you
+  made during development.
+
+Concerns like this are often summarized as _Day-2 problems_ in contrast to
+design and planning (_Day-0_) and deploying a working prototype (_Day-1_).
+
+This chapter will discuss some tools and approaches to address them. We will
+look at this under the assumption that PCAPs have been captured. Another import
+concern in production is monitoring which we will not discuss in here.

src/debugging.md

@@ -0,0 +1,103 @@
+# Debugging
+
+We need to debug runtime behavior of parsers both during development as well as
+in production. This chapter gives an overview of the available tools.
+
+<!-- ```admonish example -->
+In following we use a Zeek protocol analyzer for the
+[TFTP](https://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol) protocol
+[`zeek/spicy-tftp`](https://github.com/zeek/spicy-tftp) as test environment.
+To have access to its sources let's install it from a local clone.
+
+Create and switch to a local clone of the parser at version `v0.0.5`:
+
+``` console
+git clone https://github.com/zeek/spicy-tftp -b v0.0.5
+cd spicy-tftp/
+```
+
+Briefly familiarize yourself with the parser.
+
+1. Looking at its EVT file `analyzer/tftp.evt`, what traffic does the analyzer trigger on?
+   <details>
+   <summary>Solution</summary>
+   This is an analyzer for UDP traffic. It is triggered for UDP traffic on port 69.
+
+   ``` evt
+   protocol analyzer spicy::TFTP over UDP:
+       parse with TFTP::Packet,
+       port 69/udp;
+   ```
+
+   </details>
+
+1. Does this analyzer perform dynamic protocol detection (DPD)?
+
+    <details>
+    <summary>Solution</summary>
+
+    No, no DPD signatures are loaded (`@load-sig`) in any of its Zeek scripts in e.g., `scripts/`.
+    </details>
+
+1. When in the connection lifecycle does this analyzer invoke `spicy::accept_input()` (or `zeek::confirm_input` for older versions)?
+
+   <details>
+   <summary>Solution</summary>
+
+   For each received message in `Request` in `analyzer/tftp.spicy`:
+
+   ```ruby
+   type Request = unit(is_read: bool) {
+       # ...
+       on %done { spicy::accept_input(); }
+   };
+   ```
+
+   </details>
+
+1. How does this analyzer behave on parse errors?
+
+   <details>
+   <summary>Solution</summary>
+
+   The analyzer does not seem to perform resynchronization (no `&synchronize`
+   anywhere in its sources). It should report an analyzer violation on parse
+   errors.
+   </details>
+
+1. Which Zeek events does the Spicy parser raise?
+
+   <details>
+   <summary>Solution</summary>
+
+   ``` evt
+   on TFTP::Request if ( is_read )   -> event tftp::read_request($conn, $is_orig, self.filename, self.mode);
+   on TFTP::Request if ( ! is_read ) -> event tftp::write_request($conn, $is_orig, self.filename, self.mode);
+
+   on TFTP::Data            -> event tftp::data($conn, $is_orig, self.num, self.data);
+   on TFTP::Acknowledgement -> event tftp::ack($conn, $is_orig, self.num);
+   on TFTP::Error           -> event tftp::error($conn, $is_orig, self.code, self.msg);
+   ```
+
+   </details>
+
+1. Which logs does the analyzer provide? What are its content? Try to look at
+   only the sources and ignore files under `testing` for this.
+
+   <details>
+   <summary>Solution</summary>
+
+   Grepping the analyzer sources for `create_stream` indicates that it produces a log `tftp.log`.
+
+   ``` zeek
+   Log::create_stream(TFTP::LOG, [$columns = Info, $ev = log_tftp, $path="tftp"]);
+   ```
+
+   The columns of the log are the fields of `TFTP::Info` marked `&log`.
+
+   </details>
+<!-- ``` -->
+
+## Further reading
+
+- [Debugging section in the Spicy documentation](https://docs.zeek.org/projects/spicy/en/latest/programming/debugging.html)