Skip to content

Releases: nowarp/misti

Release 0.7.1

05 Mar 12:40
@jubnzv jubnzv
0.7.1
3b72e0a
Compare
Choose a tag to compare
Release 0.7.1 Latest
Latest

Fixed

  • Support new syntax introduced in Tact 1.6: PR #325
Assets 2
Loading

Release 0.7.0

05 Mar 07:12
@jubnzv jubnzv
0.7.0
a5d8273
Compare
Choose a tag to compare
Release 0.7.0

Added

  • Tact 1.6 support: PR #314
  • Tact 1.6.1 support: PR #322
  • StateMutationInGetter detector: PR #306
  • UnprotectedCall detector: PR #235
  • SuspiciousLoop detector: PR #206
  • Display function signatures with contract name on CallGraph dump: PR #305
  • Support Node version 23: PR #301
  • Support absolute paths in warning suppressions: PR #257
  • File-scoped CFG dumps: Issue #241
  • CLI option to disable Soufflé: Issue #260
  • Save logs to JSON output: PR #275
  • Callgraph: Add asm functions: PR #277
  • Callgraph: Save field names used in Effect.State{Read,Write}: PR #280
  • Callgraph: Highlight stdlib calls in dump: PR #286
  • IR: Traits support: PR #292
  • Detector: Support multiple severities: Issue #293
  • Callgraph: Traits support: Issue #300

Changed

  • Display warn logger messages to stderr instead of stdout: Issue #259
  • Export Callgraph definitions for Node and Edge
  • Callgraph: Hide unused stdlib functions from dump: PR #276
  • NeverAccessedVariables: More informative warning message for unused fields: Issue #274
  • Callgraph: Separate build logic to src/internals/ir/builders/callgraph.ts: PR #287
  • SuspiciousMessageMode: Revisited warning messages and severities: Issue #294
  • Driver+Detector: Optimize warning suppressions based on severity: PR #303
  • Consolidated all Tact imports in single file: PR #314
  • Removed Tact parser hack from ImportGraphBuilder: PR #314

Fixed

  • Souffle installation in CI: PR #253
  • Tact stdlib path resolution: PR #256
  • BranchDuplicate: False negative in else-if clauses: Issue #258
  • UnboundMap: False positive: Issue #262
  • Internal Errors Printed to stderr Instead of JSON Output: Issue #263
  • CellBounds: Infinite recursion: PR #272
  • Callgraph: Incorrect processing of Effect.StateWrite for cells: PR #279
  • Callgraph: Incorrect handling of getter methods: PR #282
  • ArgCopyMutation: Incorrect handling of return in traits: Issue #290
  • SendInLoop: Remove redundant error logs when accessing patterns like self.<map_field>.set()
  • CellBounds: Accessing property of Object.prototype on .toString method in Tact: PR #318
  • Don't print error messages when -o "json" is set: PR #320
  • Callgraph: Crash on extends function with self argument: Issue #309

Release contributors

Special thanks

Contributors

anton-trunov, jubnzv, and Esorat
Loading

Release 0.6.2

25 Dec 12:20
@jubnzv jubnzv
0.6.2
641b2f4
Compare
Choose a tag to compare
Release 0.6.2

Fixed

  • Callgraph: Don't add state write effects when changing local maps/strings/cells
  • Regression in the single-contract mode execution: Issue #233
Loading

Release 0.6.1

22 Dec 11:01
@jubnzv jubnzv
0.6.1
4e793e2
Compare
Choose a tag to compare
Release 0.6.1

Fixed

The scripts directory wasn't included in the npm release, which makes it impossible to build Misti as a dependency

Loading

Release 0.6.0

22 Dec 10:33
@jubnzv jubnzv
0.6.0
6a42e5c
Compare
Choose a tag to compare
Release 0.6.0

Added

  • CellBounds detector: PR #214
  • ExitCodeUsage detector: PR #207
  • EtaLikeSimplifications detector: PR #198
  • ShortCircuitCondition detector: PR #202
  • PreferredStdlibApi detector now suggest some preferred replacements for cell methods
  • Add Callgraph: PR #185
  • Support for browser environment: PR #231
  • souffleEnabled option to disable Souffle check execution: PR #231
  • Add function effects to Callgraph: PR #227

Changed

  • SuspiciousMessageMode detector now suggests using SendDefaultMode instead of 0 for mode: PR #199
  • CellOverflow detector was replaced with the CellBounds detector that supports both overflows and underflows: PR #214
  • Renamed IR entries to follow the Tact codebase naming style

Fixed

  • Missing Module version-info When Installing Misti from GitHub: Issue #216
  • ExitCodeUsage Handle direct cases: Issue #218

Release contributors

Contributors

jubnzv, rahulyadav-57, and Esorat
Loading

Release 0.5.0

31 Oct 15:32
@jubnzv jubnzv
0.5.0
080809c
Compare
Choose a tag to compare
Release 0.5.0

Added

  • SuspiciousMessageMode detector: PR #193
  • SendInLoop detector: PR #168
  • CellOverflow detector: PR #177
  • UnboundMap detector: Issue #50
  • UnusedExpressionResult detector: PR #190
  • Warning suppressions: PR #203
  • --list-detectors CLI option: PR #192
  • Import Graph: PR #180
  • Leverage ImportGraph to resolve entry points: PR #194
  • Accept directory as input: PR #195
  • Timeout on executing detectors: Issue #47

Changed

  • Improved and optimized the test suite: PR #184
  • Introduced the branded type pattern to improve type safety: Issue #191

Release contributors

Special thanks

Contributors

anton-trunov, jubnzv, and Esorat
Loading

Release 0.4.2

12 Oct 03:12
@jubnzv jubnzv
0.4.2
831badc
Compare
Choose a tag to compare
Release 0.4.2

Fixed

  • Return a successful exit code when Misti analysis does not generate any warnings

Release contributors

Contributors

jubnzv
Loading

Release 0.4.1

12 Oct 01:45
@jubnzv jubnzv
0.4.1
87e7c08
Compare
Choose a tag to compare
Release 0.4.1

Changed

  • Make the filepath argument optional: Issue #170

Fixed

  • Return a non-zero exit code when warnings are raised or an execution error occurs

Release contributors

Contributors

jubnzv
Loading

Release 0.4.0

08 Oct 08:41
@jubnzv jubnzv
0.4.0
f64de71
Compare
Choose a tag to compare
Release 0.4.0

Added

  • OptimalMathFunction detector: Issue #146
  • DuplicatedCondition detector: Issue #147
  • UnusedOptional detector: Issue #86
  • EnsurePrgSeed detector: Issue #151
  • FalseCondition detector: Issue #93
  • Introduces Misti tools – additional modules that can be used alongside detectors to cover various user tasks beyond warning generation: PR #154
  • Support warnings suppression: Issue #152
  • CFG Dump: Mermaid output: Issue #141
  • Misti execution result in the JSON format using --output json/-o json: Issue #123
  • ANSI escape sequences to colorize output and the --no-colors CLI option to disable it
  • Driver in a single-contract mode tries to copy all the .tact and .fc files to resolve imports
  • Short CLI options. See: https://nowarp.io/tools/misti/docs/next/tutorial/cli
  • CLI: --min-severity/-m option to filter warnings
  • More informative error messages when an incorrect Misti or Tact configuration file is set

Changed

  • Include Git revision number to non-release version numbers
  • Warnings now have more comprehensive descriptions and are sorted by severity
  • DumpIsUsed: Report only dump calls with non-literal arguments
  • Misti API to execute the driver programmatically
  • ArgCopyMutation: Report once per function: Issue #150
  • ArgCopyMutation: Don't report arguments returned from the function: Issue #149
  • Rename CLI options: --suppress -> --disable-detectors; --detectors -> --enable-detectors

Fixed

  • ReadOnlyVariables: Don't suggest creating constants from variables resulted from fields and method calls: Issue #148

Release contributors

Special thanks

Contributors

anton-trunov, jubnzv, and Esorat
Loading

Release 0.3.1

24 Sep 12:29
@jubnzv jubnzv
0.3.1
4551dd2
Compare
Choose a tag to compare
Release 0.3.1

Fixed

  • NeverAccessedVariables: False positive: reported a map variable used in the foreach loop
  • Path to the compiled main.js in ./bin/misti
Loading