-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(forge): Forge Lint #9590
base: master
Are you sure you want to change the base?
feat(forge): Forge Lint #9590
Conversation
feat(forge): Forge Lint
Fantastic. Really excited for this. Anything we can learn from slither here as well? |
With the linter output complete and a few other additional changes, I am marking this PR ready for initial review. I decided to make the
After this initial round of review and patching any fixes, I can start adding more lints to make the linter much more comprehensive. Happy to do this either here or in a separate PR. |
} | ||
} | ||
|
||
impl<L: Linter> fmt::Display for LinterOutput<L> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the reason of collecting results in a report and printing it manually rather than using the solar diagnostics system? It's way more flexible and it's the same structure as diagnostics in Rust
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good, I was not aware of the solar diagnostics system, I can update to use this.
use super::DivideBeforeMultiply; | ||
|
||
#[test] | ||
fn test_divide_before_multiply() -> eyre::Result<()> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the diagnostic system is used, you can also re-use the same testing framework used in solar; this is currently not exposed but not hard to implement, publish on crates.io and re-use here
What do you think about this idea? #2408 |
ref #1970
This PR introduces
forge lint
, which implements a static analyzer built on top ofsolar
and is capable of detecting known issues, vulnerabilities, informational warnings and gas optimizations. This is a first pass atforge lint
and I am opening this draft in order to receive early feedback on the design and general direction.The core component of this design centers around the
declare_lints!
macro which allows you to specify the pattern along with the severity, name and description.Once the pattern is defined, you can implement the
Visit
trait to match on any instances of the pattern.There is still quite a bit of work to do but if this direction makes sense, I am happy to continue adding the rest of the features as well as additional patterns. I can also port over any of the patterns from solstat, sstan or start working on patterns in other static analysis tools like
slither
as well.