Release 0.5.0

Added

• SuspiciousMessageMode detector: PR #193
• SendInLoop detector: PR #168
• CellOverflow detector: PR #177
• UnboundMap detector: Issue #50
• UnusedExpressionResult detector: PR #190
• Warning suppressions: PR #203
• --list-detectors CLI option: PR #192
• Import Graph: PR #180
• Leverage ImportGraph to resolve entry points: PR #194
• Accept directory as input: PR #195
• Timeout on executing detectors: Issue #47

Changed

• Improved and optimized the test suite: PR #184
• Introduced the branded type pattern to improve type safety: Issue #191

Release contributors

• @Esorat
• @jubnzv

Special thanks

• @anton-trunov

Release 0.4.2

Fixed

• Return a successful exit code when Misti analysis does not generate any warnings

Release contributors

• @jubnzv

Release 0.4.1

Changed

• Make the filepath argument optional: Issue #170

Fixed

• Return a non-zero exit code when warnings are raised or an execution error occurs

Release contributors

• @jubnzv

Release 0.4.0

Added

• OptimalMathFunction detector: Issue #146
• DuplicatedCondition detector: Issue #147
• UnusedOptional detector: Issue #86
• EnsurePrgSeed detector: Issue #151
• FalseCondition detector: Issue #93
• Introduces Misti tools – additional modules that can be used alongside detectors to cover various user tasks beyond warning generation: PR #154
• Support warnings suppression: Issue #152
• CFG Dump: Mermaid output: Issue #141
• Misti execution result in the JSON format using --output json/-o json: Issue #123
• ANSI escape sequences to colorize output and the --no-colors CLI option to disable it
• Driver in a single-contract mode tries to copy all the .tact and .fc files to resolve imports
• Short CLI options. See: https://nowarp.io/tools/misti/docs/next/tutorial/cli
• CLI: --min-severity/-m option to filter warnings
• More informative error messages when an incorrect Misti or Tact configuration file is set

Changed

• Include Git revision number to non-release version numbers
• Warnings now have more comprehensive descriptions and are sorted by severity
• DumpIsUsed: Report only dump calls with non-literal arguments
• Misti API to execute the driver programmatically
• ArgCopyMutation: Report once per function: Issue #150
• ArgCopyMutation: Don't report arguments returned from the function: Issue #149
• Rename CLI options: --suppress -> --disable-detectors; --detectors -> --enable-detectors

Fixed

• ReadOnlyVariables: Don't suggest creating constants from variables resulted from fields and method calls: Issue #148

Release contributors

• @jubnzv
• @Esorat

Special thanks

• @anton-trunov

Release 0.3.1

Fixed

• NeverAccessedVariables: False positive: reported a map variable used in the foreach loop
• Path to the compiled main.js in ./bin/misti

Release 0.3.0

Added

• Supported Tact 1.5: Issue #33
• StringReceiversOverlap detector: PR #122
• AsmIsUsed detector: Issue #119
• PreferredStdlibApi detector: Issue #132
• InheritedStateMutation detector: Issue #64
• ArgCopyMutation detector: Issue #125
• Allow running Misti without Souffle installation: Issue #45
• Add index.ts in order to simplify writing custom detectors: PR #140
• --dump-ast CLI option
• --suppress CLI option: Issue #135
• --souffle-binary CLI option to specify path to the Souffle executable
• --souffle-verbose CLI option to include comments to the generated Souffle files: PR #120
• Benchmarks for executing detectors: yarn benchmark ./test/good/sample-jetton.tact
• Public API to handle Tact stdlib paths
• Detector templates and the --new-detector CLI option: PR #105
• A script to generate detectors documentation: ./scripts/generateDetectorDocs.ts
• The --detectors CLI option can be used to quickly run Misti with the specified detectors, e.g., yarn misti --detectors ReadOnlyVariables,./examples/implicit-init/implicitInit.ts:ImplicitInit
• TactASTUtil: API functions to check mutability of the statement
• Asynchronous detectors and Souffle execution: PR #118

Changed

• Moved Souffle bindings to a its own repository https://github.com/nowarp/souffle.js: PR #120
• Refined the CLI interface
• The engines property in package.json and its strict checking to ensure minimal required Node.js version is 22 (follows-up changes in Tact)

Fixed

• Adjust option names in Config and JSONSchema
• Paths to custom detectors: Fix support for absolute paths and allow developers to specify the .ts extension to ensure it works exactly as described in the documentation: https://nowarp.github.io/tools/misti/docs/next/hacking/custom-detector/
• Don't show nowarp.io documentation links for custom detectors: Issue #128

Release contributors

• @jubnzv

Special thanks

• @anton-trunov

Release 0.2.1

Fixed

Changed

• Improve the internal Misti driver API used in tests and blueprint-misti

Fixed

Release contributors

• @jubnzv

Release 0.2.0

Added

• ConstantAddress detector: PR #90
• BranchDuplicate detector: Issue #87
• DumpIsUsed detector: Issue #100
• FieldDoubleInit detector: Issue #97
• PreferAugmentedAssign detector: Issue #78
• An API to execute Misti from a string list of arguments needed to implement the Blueprint plugin
• --dump-config CLI flag that dumps the Misti configuration file in use: PR #79
• Naming convention to skip unused identifiers: PR #82
• --all-detectors CLI flag activates all the available built-in detectors, regardless of whether they are selected in the config

Changed

• IRBuilder: Mark nodes without successors as Exit kind: PR #80
• Supported Tact 1.4.4

Fixed

• IRBuilder: Save trait definitions: PR #95
• neverAccessedVariables does not report write-only variables: Issue #101

Release contributors

• @jubnzv

Special thanks

For opening issues and making thoughtful suggestions we'd like to thank:

• @anton-trunov
• @Gusarich