-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #11 from trailofbits/dev/version-0.8.0
Version 0.8.0
- Loading branch information
Showing
62 changed files
with
3,312 additions
and
681 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,47 +1,67 @@ | ||
# Release Notes | ||
|
||
## v0.8.0 (2023-03-21) | ||
|
||
### Features | ||
|
||
- Circomspect will now only report findings for potential issues in the files | ||
specified on the command line. (It will still attempt to parse included | ||
files, but these will only be used to inform the analysis of the files | ||
specified by the user.) | ||
- Added support for tags, tuples, and anonymous components. Circomspect now | ||
supports Circom versions 2.0.0 - 2.1.4. | ||
- Added templates to the `bn254-specific-circuits` analysis pass. | ||
- Added `unused-output-signal` analysis pass. | ||
- All uses of the name BN128 have been replaced with BN254. | ||
|
||
### Bug fixes | ||
|
||
- Rewrote the `unconstrained-less-than` analysis pass to better capture the | ||
underlying issue. | ||
- Fixed an issue where the cyclomatic complexity calculation could underflow | ||
in some cases in the `overly-complex-function-or-template` analysis pass. | ||
- Fixed an issue in the Sarif export implementation where reporting | ||
descriptors were added multiple times. | ||
|
||
## v0.7.2 (2022-12-01) | ||
|
||
### Features | ||
|
||
- Added a URL to the issue description for each output. | ||
|
||
- Added a URL to the issue description for each output. | ||
|
||
### Bug Fixes | ||
|
||
- Rewrote description of the unconstrained less-than analysis pass, as the | ||
- Rewrote description of the unconstrained less-than analysis pass, as the | ||
previous description was too broad. | ||
- Fixed grammar in the under-constrained signal warning message. | ||
|
||
- Fixed grammar in the under-constrained signal warning message. | ||
|
||
## v0.7.0 (2022-11-29) | ||
|
||
|
||
### Features | ||
|
||
- New analysis pass (`unconstrained-less-than`) that detects uses of the | ||
- New analysis pass (`unconstrained-less-than`) that detects uses of the | ||
Circomlib `LessThan` template where the input signals are not constrained | ||
to be less than the bit size passed to `LessThan`. | ||
- New analysis pass (`unconstrained-division`) that detects signal assignments | ||
containing division, where the divisor is not constrained to be non-zero. | ||
- New analysis pass (`bn128-specific-circuits`) that detects uses of Circomlib | ||
templates with hard-coded BN128-specific constants together with a custom curve like BLS12-381 or Goldilocks. | ||
- New analysis pass (`under-constrained-signal`) that detects intermediate | ||
- New analysis pass (`unconstrained-division`) that detects signal | ||
assignments containing division, where the divisor is not constrained to be | ||
non-zero. | ||
- New analysis pass (`bn254-specific-circuits`) that detects uses of | ||
Circomlib templates with hard-coded BN254-specific constants together with | ||
a custom curve like BLS12-381 or Goldilocks. | ||
- New analysis pass (`under-constrained-signal`) that detects intermediate | ||
signals which do not occur in at least two separate constraints. | ||
- Rule name is now included in Sarif output. (The rule name is now also | ||
- Rule name is now included in Sarif output. (The rule name is now also | ||
displayed by the VSCode Sarif extension.) | ||
- Improved parsing error messages. | ||
|
||
- Improved parsing error messages. | ||
|
||
### Bug Fixes | ||
|
||
- Fixed an issue during value propagation where values would be propagated to | ||
- Fixed an issue during value propagation where values would be propagated to | ||
arrays by mistake. | ||
- Fixed an issue in the `nonstrict-binary-conversion` analysis pass where | ||
- Fixed an issue in the `nonstrict-binary-conversion` analysis pass where | ||
some instantiations of `Num2Bits` and `Bits2Num` would not be detected. | ||
- Fixed an issue where the maximum degree of switch expressions were evaluated | ||
incorrectly. | ||
- Previous versions could take a very long time to complete value and degree | ||
propagation. These analyses are now time boxed and will exit if the analysis | ||
takes more than 10 seconds to complete. | ||
- Fixed an issue where the maximum degree of switch expressions were | ||
evaluated incorrectly. | ||
- Previous versions could take a very long time to complete value and degree | ||
propagation. These analyses are now time boxed and will exit if the | ||
analysis takes more than 10 seconds to complete. |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,8 @@ | ||
[package] | ||
name = "circomspect-circom-algebra" | ||
version = "2.0.1" | ||
edition = "2018" | ||
version = "2.0.2" | ||
edition = "2021" | ||
rust-version = "1.65" | ||
license = "LGPL-3.0-only" | ||
authors = ["hermeGarcia <[email protected]>"] | ||
description = "Support crate for the Circomspect static analyzer" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,23 +1,24 @@ | ||
[package] | ||
name = "circomspect" | ||
version = "0.7.2" | ||
version = "0.8.0" | ||
edition = "2021" | ||
rust-version = "1.65" | ||
license = "LGPL-3.0-only" | ||
authors = ["Trail of Bits"] | ||
readme = "../README.md" | ||
description = "A static analyzer and linter for the Circom zero-knowledge DSL" | ||
repository = "https://github.com/trailofbits/circomspect" | ||
keywords = ["cryptography", "static-analysis", "zero-knowledge", "circom"] | ||
repository = "https://github.com/trailofbits/circomspect" | ||
|
||
[dependencies] | ||
anyhow = "1.0" | ||
atty = "0.2" | ||
# Stay on Clap version 3 until version 4 supports coloured help output. | ||
clap = { version = "3.2", features = ["derive"] } | ||
log = "0.4" | ||
parser = { package = "circomspect-parser", version = "2.0.11", path = "../parser" } | ||
parser = { package = "circomspect-parser", version = "2.1.2", path = "../parser" } | ||
pretty_env_logger = "0.4" | ||
program_analysis = { package = "circomspect-program-analysis", version = "0.7.1", path = "../program_analysis" } | ||
program_structure = { package = "circomspect-program-structure", version = "2.0.11", path = "../program_structure" } | ||
program_analysis = { package = "circomspect-program-analysis", version = "0.8.0", path = "../program_analysis" } | ||
program_structure = { package = "circomspect-program-structure", version = "2.1.2", path = "../program_structure" } | ||
serde_json = "1.0" | ||
termcolor = "1.1" |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.