feat(forge): Forge Lint

[0xKitsune]

ref #1970

This PR introduces forge lint, which implements a static analyzer built on top of solar and is capable of detecting known issues, vulnerabilities, informational warnings and gas optimizations. This is a first pass at forge lint and I am opening this draft in order to receive early feedback on the design and general direction.

The core component of this design centers around the declare_lints! macro which allows you to specify the pattern along with the severity, name and description.

declare_lints!(
    (DivideBeforeMultiply, Severity::Med, "divide-before-multiply", "Multiplication should occur before division to avoid loss of precision."),
    (VariableCamelCase, Severity::Info, "variable-camel-case", "Variables should follow `camelCase` naming conventions unless they are constants or immutables."),
    (AsmKeccak256, Severity::Gas, "asm-keccak256", "Hashing via keccak256 can be done with inline assembly to save `x` gas."),
);

Once the pattern is defined, you can implement the Visit trait to match on any instances of the pattern.

use solar_ast::{
    ast::{Expr, ExprKind},
    visit::Visit,
};

use crate::AsmKeccak256;

impl<'ast> Visit<'ast> for AsmKeccak256 {
    fn visit_expr(&mut self, expr: &'ast Expr<'ast>) {
        if let ExprKind::Call(expr, _) = &expr.kind {
            if let ExprKind::Ident(ident) = &expr.kind {
                if ident.name.as_str() == "keccak256" {
                    self.items.push(expr.span);
                }
            }
        }
        self.walk_expr(expr);
    }
}

There is still quite a bit of work to do but if this direction makes sense, I am happy to continue adding the rest of the features as well as additional patterns. I can also port over any of the patterns from solstat, sstan or start working on patterns in other static analysis tools like slither as well.

[gakonst]

Fantastic. Really excited for this. Anything we can learn from slither here as well?