v0.5.0
0.5.0 - 2019-01-14
This release adds support for static single assignment (SSA) to SlithIR for both local and state variables. The use of SSA facilitates the tracking data dependencies and will enable more precise detectors. There are three new detectors: incorrect-equality, shadowing-builtin, shadowing-local, and one new printer: cfg. Detection of reentrancy was improved and now has three levels of severity. This release also includes bugfixes and lowers the rate of false positives for several detectors.
Thanks to our external contributors @mrice32 and @ptare for their numerous bug reports.
Added
- Detectors:
incorrect-equality: Dangerous strict equalities, such asthis.balance == 0 ether.shadowing-builtin: Shadowing of builtin symbolsshadowing-local: Local variables shadowing the contract's elements
- SSA on SlithIR:
- Add
Phioperator - Add
LocalIRVariableandStateIRVariable(they contain the SSA index) - Follow Cooper, Harvey, Kennedy to compute minimal SSA
- Add additional
Phioperators at function entrance and after external calls to handle state variables
- Add
- Alias Analysis to track storage references
- Integrate alias analysis info into the SSA engine for precise SSA construction (note there is a limitation: alias analysis is not yet interprocedural and has no support for functions returning a storage reference)
- Add new printer:
cfg, which exports the CFG of each function (8452b32) - Add dominators information
- List of dominator nodes
- Dominator tree
- Dominance frontier
Changed
- The
reentrancydetector is split into three variants to facilitate the triage of results:reentrancy-eth: theft of ether and read before writing (high severity)reentrancy-no-eth: no theft of ether and read before writing (medium severity)reentrancy-benign: no read before writing (low severity)
- The data dependency is now computed using the SSA
- Multiple new contract and function helpers (b549a3e, 57a0918, a704635)
- Improve subdenomination support (
ether,wei,days, ..) bdca730 - Lower false positive for several detectors: