Release 0.9.0

Added

• DuplicatedImport detector: PR #381
• TransitiveImport detector: Issue #382
• RedundantBooleanExpression detector: Issue #401
• UnusedMethodArgument detector: Issue #397
• PreferGlobalFunction detector: Issue #390
• Support for external tools: Users can now load custom tools using the -t option with a path:className format, similar to how external detectors work: PR #398
• SuboptimalSend: Suggest replacing self.forward with self.{notify,reply}: Issue #386
• Add short option -O for --output-path
• Include maximum supported Tact version in --version output: Issue #405
• SARIF output support: Issue #409

Changed

• DuplicatedImport and TransitiveImport: Don't check internal stdlib imports
• ZeroAddress and ConstantAddress: Ignore uses in comparisons: Issue #384
• Warn if one of the disabled detectors (-dd) is unused: Issue #393
• If the directory for --output-path is unavailable, try to create it
• UnusedExpressionResult: More informative error on unused method/function calls: Issue #404
• ShortCircuitCondition: Don't report cheap math and time stdlib functions: Issue #407

Fixed

• ImportGraph: Set correct file paths of import nodes for .func files: PR #381
• EtaLikeSimplifications: Confusing help string for Boolean literals: Issue #392
• No output with -o json without --output-path specified: Issue #403
• -o json --output-path <some dir> stores warnings in the plain text format
• PreferGlobalFunction: Don't report methods with attributes: Issue #406
• ArgCopyMutation: False positive on mutating method calls: Issue #395
• UnusedMethodArgument: Don't report inherited trait methods: Issue #402

Release contributors

@Esorat
@jubnzv

Release 0.8.3

Added

• Tact 1.6.7 support: Issue #379

Release 0.8.2

Fixed

• No errors found gets printed twice: Issue #375
• Cannot execute Misti in browser environment: PR #377
• UnprotectedCall: False positive on interprocedural calls: Issue #373

Release 0.8.1

Added

• Tact 1.6.6+ support: PR #368
• Driver: Save detectors execution time in debug log

Changed

• PreferredStdlibApi: More accurate severity levels and warning descriptions
• PreferredStdlibApi is enabled by default; PreferAugmentedAssign is disabled
• Prevent multiple Tools with plain output format: Issue #363
• Forbid executing Dump{Cfg,CallGraph,Imports} without input file: Issue #363
• package.json: Update Misti version on every yarn build
• Don't show Tact logs in JSON output when parsing a project: Issue #369

Fixed

• Severity filter for detectors (optimization): Issue #358
• Relative paths in displayed warnings: PR #361
• SuboptimalSend: Incorrect message->cashback suggestion: Issue #366
• Logger: Show context in JSON output: Issue #370
• Logger: Race condition for context in asynchronous execution
• Unused ResultError and exit code 2 is never set: Issue #371
• Colorize output in console (regression error)
• Warning category is not present in JSON output: Issue #372

Release contributors

• @jubnzv

Release 0.8.0

Added

• Tact 1.6.2+ support: PR #328
• SuboptimalSend detector: PR #330 and PR #332
• PreferBinaryReceiver detector: Issue #335
• PreferSenderFunction detector: Issue #336
• ImplicitOpcode detector: Issue #338
• SuboptimalCellOperation detector: Issue #339
• Detectors categorization (Optimization, Security, Best Practices): PR #349
• Add quickfix suggestions for LSP inlay hints: PR #353
• Support standalone Tools to run without CompilationUnit: PR #326
• Logger: Detector contexts: PR #327
• Logger: Print timestamps when --verbose is set: Issue #73
• PreferredStdlibApi: Suggest using throwUnless over require: Issue #345
• JSON Schema for Misti output: PR #355

Changed

• Replace imports from @tact-lang/compiler/dist/... to @tact-lang/compiler: PR #328
• Removed --new-detector option and the createDetector module as unused
• ExitCodeUsage: Allow using 0 as success exit code: Issue #344
• Use relative paths in warnings in JSON: : PR #353
• Breaking changes: New Warning and Result structures: PR #355

Fixed

• postinstall error when using the Misti dependency with a package manager different from yarn: Issue #337
• ExitCodeUsage: Incorrect string in the description: Issue #341
• Fixed and improved browser support: PR #351

Contributors

• @jubnzv
• @Esorat

Special thanks

• @anton-trunov
• @i582 @verytactical @rahulyadav-57 for help with different parts of the Tact compiler, Web IDE, and Tact Language Server integrations

Release 0.7.1

Fixed

• Support new syntax introduced in Tact 1.6: PR #325

Release 0.7.0

Added

• Tact 1.6 support: PR #314
• Tact 1.6.1 support: PR #322
• StateMutationInGetter detector: PR #306
• UnprotectedCall detector: PR #235
• SuspiciousLoop detector: PR #206
• Display function signatures with contract name on CallGraph dump: PR #305
• Support Node version 23: PR #301
• Support absolute paths in warning suppressions: PR #257
• File-scoped CFG dumps: Issue #241
• CLI option to disable Soufflé: Issue #260
• Save logs to JSON output: PR #275
• Callgraph: Add asm functions: PR #277
• Callgraph: Save field names used in Effect.State{Read,Write}: PR #280
• Callgraph: Highlight stdlib calls in dump: PR #286
• IR: Traits support: PR #292
• Detector: Support multiple severities: Issue #293
• Callgraph: Traits support: Issue #300

Changed

• Display warn logger messages to stderr instead of stdout: Issue #259
• Export Callgraph definitions for Node and Edge
• Callgraph: Hide unused stdlib functions from dump: PR #276
• NeverAccessedVariables: More informative warning message for unused fields: Issue #274
• Callgraph: Separate build logic to src/internals/ir/builders/callgraph.ts: PR #287
• SuspiciousMessageMode: Revisited warning messages and severities: Issue #294
• Driver+Detector: Optimize warning suppressions based on severity: PR #303
• Consolidated all Tact imports in single file: PR #314
• Removed Tact parser hack from ImportGraphBuilder: PR #314

Fixed

• Souffle installation in CI: PR #253
• Tact stdlib path resolution: PR #256
• BranchDuplicate: False negative in else-if clauses: Issue #258
• UnboundMap: False positive: Issue #262
• Internal Errors Printed to stderr Instead of JSON Output: Issue #263
• CellBounds: Infinite recursion: PR #272
• Callgraph: Incorrect processing of Effect.StateWrite for cells: PR #279
• Callgraph: Incorrect handling of getter methods: PR #282
• ArgCopyMutation: Incorrect handling of return in traits: Issue #290
• SendInLoop: Remove redundant error logs when accessing patterns like self.<map_field>.set()
• CellBounds: Accessing property of Object.prototype on .toString method in Tact: PR #318
• Don't print error messages when -o "json" is set: PR #320
• Callgraph: Crash on extends function with self argument: Issue #309

Release contributors

• @Esorat
• @jubnzv

Special thanks

• @anton-trunov

Release 0.6.2

Fixed

• Callgraph: Don't add state write effects when changing local maps/strings/cells
• Regression in the single-contract mode execution: Issue #233

Release 0.6.1

Fixed

The scripts directory wasn't included in the npm release, which makes it impossible to build Misti as a dependency

Release 0.6.0

Added

• CellBounds detector: PR #214
• ExitCodeUsage detector: PR #207
• EtaLikeSimplifications detector: PR #198
• ShortCircuitCondition detector: PR #202
• PreferredStdlibApi detector now suggest some preferred replacements for cell methods
• Add Callgraph: PR #185
• Support for browser environment: PR #231
• souffleEnabled option to disable Souffle check execution: PR #231
• Add function effects to Callgraph: PR #227

Changed

• SuspiciousMessageMode detector now suggests using SendDefaultMode instead of 0 for mode: PR #199
• CellOverflow detector was replaced with the CellBounds detector that supports both overflows and underflows: PR #214
• Renamed IR entries to follow the Tact codebase naming style

Fixed

• Missing Module version-info When Installing Misti from GitHub: Issue #216
• ExitCodeUsage Handle direct cases: Issue #218

Release contributors

• @Esorat
• @rahulyadav-57
• @jubnzv