search

nowarp / misti

TON Static Analyzer
https://nowarp.io/tools/misti
Apache License 2.0
29 stars 1 forks source link

`CellBounds`: Handle comparisons with `builder.bits()` and `builder.refs()` #209

Open jubnzv opened 3 weeks ago

jubnzv commented 3 weeks ago

If there are comparisons involving these method calls in the dataflow, we should not consider data and references added later in the dataflow as rule violations.

jubnzv commented 2 weeks ago

Using this approach we could also generate warnings for Cell arguments of unknown size:

fun test(c: Cell /* unknown size */) {
  let s = c.asSlice();

  s.loadBool(); // Bad: Possible cell underflow

  if (s.bits() > 1) {
    s.loadBool(); // OK
  }
}