From 0ecf6b4a1691909b19f46f384d80ea63e8904d91 Mon Sep 17 00:00:00 2001
From: alpharush <0xalpharush@protonmail.com>
Date: Wed, 10 Apr 2024 23:12:32 -0500
Subject: [PATCH] fix: unused state var detector for abstract/library

---
 .../variables/unused_state_variables.py       |  14 +++++++--
 ...sedStateVars_0_7_6_unused_state_sol__0.txt |   4 +++
 .../unused-state/0.7.6/unused_state.sol       |  29 ++++++++++++++++++
 .../0.7.6/unused_state.sol-0.7.6.zip          | Bin 1874 -> 3063 bytes
 4 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/slither/detectors/variables/unused_state_variables.py b/slither/detectors/variables/unused_state_variables.py
index 830ca34caa..0fb068fda4 100644
--- a/slither/detectors/variables/unused_state_variables.py
+++ b/slither/detectors/variables/unused_state_variables.py
@@ -46,8 +46,18 @@ def detect_unused(contract: Contract) -> Optional[List[StateVariable]]:
     variables_used = [item for sublist in variables_used for item in sublist]
     variables_used = list(set(variables_used + array_candidates))
 
+    # If the contract is abstract, only consider private variables as other visibilities may be used in dependencies
+    if contract.is_abstract:
+        return [
+            x
+            for x in contract.state_variables
+            if x not in variables_used and x.visibility == "private"
+        ]
+
     # Return the variables unused that are not public
-    return [x for x in contract.variables if x not in variables_used and x.visibility != "public"]
+    return [
+        x for x in contract.state_variables if x not in variables_used and x.visibility != "public"
+    ]
 
 
 class UnusedStateVars(AbstractDetector):
@@ -71,7 +81,7 @@ def _detect(self) -> List[Output]:
         """Detect unused state variables"""
         results = []
         for c in self.compilation_unit.contracts_derived:
-            if c.is_signature_only():
+            if c.is_signature_only() or c.is_library:
                 continue
             unusedVars = detect_unused(c)
             if unusedVars:
diff --git a/tests/e2e/detectors/snapshots/detectors__detector_UnusedStateVars_0_7_6_unused_state_sol__0.txt b/tests/e2e/detectors/snapshots/detectors__detector_UnusedStateVars_0_7_6_unused_state_sol__0.txt
index 39c7ed13e8..6e89528837 100644
--- a/tests/e2e/detectors/snapshots/detectors__detector_UnusedStateVars_0_7_6_unused_state_sol__0.txt
+++ b/tests/e2e/detectors/snapshots/detectors__detector_UnusedStateVars_0_7_6_unused_state_sol__0.txt
@@ -4,5 +4,9 @@ A.unused4 (tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol#7)
 
 A.unused2 (tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol#5) is never used in B (tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol#11-16)
 
+H.bad1 (tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol#38) is never used in I (tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol#41-46)
+
+F.bad1 (tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol#27) is never used in F (tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol#26-33)
+
 A.unused3 (tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol#6) is never used in B (tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol#11-16)
 
diff --git a/tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol b/tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol
index b603f88755..9e4f7ec6f5 100644
--- a/tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol
+++ b/tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol
@@ -14,3 +14,32 @@ contract B is A{
         used = address(0);
     }
 }
+
+library C {
+    uint internal constant good = 0x00; // other contract can access this constant
+    function c() public pure returns (uint){
+        return 0;
+    }
+    
+}
+
+abstract contract F {
+    uint private bad1 = 0x00;
+    uint private good1 = 0x00;
+    uint internal good2 = 0x00;
+    function use() external returns (uint){
+        return good1;
+    }
+}
+
+abstract contract H {
+    uint private good1 = 0x00;
+    uint internal good2 = 0x00;
+    uint internal bad1 = 0x00;
+}
+
+contract I is H {
+    function use2() external returns (uint){
+        return good2;
+    }
+}
\ No newline at end of file
diff --git a/tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol-0.7.6.zip b/tests/e2e/detectors/test_data/unused-state/0.7.6/unused_state.sol-0.7.6.zip
index 2feb3c2f6db0f5494f7686efed23719e46d198ea..13cab662f312bfab7dd45bfd450f397e08ec114f 100644
GIT binary patch
delta 2809
zcmV<V3I_Gk4)+%rP)h>@KL7#%4ghAkidfCpSb$9n005a`kr>&3)x=)1IGUF<vd2ka
zDQHV(PSQTH;zVyCGogH`_;Y8{))WdA#mDEaz>0{G4}gMYm~Tx#&ms$Hs}phyq%#<e
za|VF0wewLn8lA4Z_2z*}MqyG9Ot)JfpUFw{Pdo{WQp+uKKHK3E>f_uYwqgZMUN?V#
z{{pttjGsX|7Z=BW^Z@UfA$Z$uk||6L>&G<5QukeNv<zgR#SUQMpYyt3!n~^T)Z%6#
zpwc|98tLM6?TooF4`|k{Z)Ic|UQ|W%k}9=gSSWOm@%u<4CU*wa$OGy<3lZYFhMA+Q
zoU!wJ6Yy6qog$<&^{r0SBqWWfXLjbuLvdCehnUrqu6g2r-=@mIJMX=G|4qg!pWj8Q
zW*gCEe913WC<OQK+IcLkEcv6r;T<pnu>g1j$tZxhKljO`)&<%JV;`x41gYD6WBEWS
zrr{$9DeNoW;oX#L6J|%%GdAA*z;tf2!|J?rYH5k#Fd9%qwKqQEXPJ=TTAqY!Yk~3Y
z1g+oWkojMKiV$D&v6!CG;f>2;=_Z+5MUvfg_48%&BHMrWNWjX46k?@TUGz~J=~dY&
zm2?;!#FERqsBH}T(78bk(yLDNPIrf@ae9p{Wk5|Q?Hn?$FSzf964~DWqK&qRDf#Is
zio^OobSdn8dyPRAkopn&2KuGH4=ZF!o3Oln(fo{mXG)T3TrTattKgP{D*-3!+^YAM
zEVC6b7N1GFd^hih?^A<1SUoya)8!P|=%){Nx#9{bH_BE^VTp$nC?E6<iwpndX^JNy
zNA#DJ(?tH38$xnBcdrj2+oi|W%PR&0tlRFFsxK3ow}KJm@6;!Ji<X6l@L{<3q#_{@
zp%?Cdko>ku<{GaTs)DORvEV)Dy7GI5>WbcQ_(*FvE!S;?rZ3lG?p{v+aXwHfa2aCj
z)vZ9US{y_Wv76;0%Hy#kclmwVi=)(zK~U1enNXZ-a#F)w@JE?deB>H4d;i3=)-!mT
zV_G@|r@<S7GVHL5Fh-YO??LYn>s2#tagv*Vt+aRCRC!^uOPWJjuV{9ciXRdf@MT1>
zg4g&S*RT84gef^>qzYfC4;95~`c+U61CIhy%Qm>Z#pX@N_h<1$yEyu$I<V?qm`Le3
z{=()g^!HOXolFdK1g)B)_Z9}vS1My&M7@3Wl3;?qts+^(5Z*a9^cUSwZV!$xmC0{^
z^O?Ko6Hi5CZ-G2zz48GLnBsV)xD<S?#f00GOSj;~7+UlWj8j?M=7GT{wtBbUT%GqO
z1bsuXWWHRCtAmMy(Ruf~Bb2!^S^_<i>#q-K`g62<OPwZX+hvgtz0wf93~DH5jvJjf
zkV`9{;EyKSjIL1r2tyA_XcXIyBMk(935n58N}4}G)BVgYL1?=wZpA#}<V27c{ID?G
zA$VbUYd4gC4K3;I<@WdC48aWolpU#9MEVQaIHxXLaGq5VfA3l2b(3bXa*1k5Bs!>%
z_ikA43Iw@%<*$F7-wwA*3Z-l>`Dg^+=YYVtGPKCd!#o+e``p>*_F7HphCbtek4TI;
z{JAQ_+FdS50~SP?kI<ECkr8ML$oAvwStEB(kT~A%e~BzbJhpZ_?bj94B!A2QNBXbd
z1BAfm>r@>m^%4A^zx|3#rzB&aEsH&9*gBg91LZ#Z_?qXIkdiR|HB%USa2(KxIVxx#
zFT)a9i#H51jpGmoO5dR<aF>05BBl89EVY@7+(peA7)8JLmMm`(3N6e4(db;(8T@%s
zrTZAt)$l=48YW!1e58C>iV#kxd2e(5zIcaPX%t_0#A<jF=}xFkO07h!h53E8l@J0a
zg+dg3r`Pk|UQ~U2*Fln4;Piu!TNr*;@jsmm#rY%M<`>6-8ZL}e#g{jK0iDL5Y|u2g
z+jXel#Qb60p-fZN9O3<~%O6>-o|74)3Zp??ibEIEd6qygI!h5O!c8QFC*tM(<Az1V
zuT|01jff~KzVcVi@yR6NFy$~q@%DGT(w8Y&&u)xU(4`LBY;U)NEP{z<UL~mVr=#6;
z3BoeWFKWh@0U8krppjI6IW-s0$0KP)HCuA!(UKw`sJe=QODIC47tRLY2L0HCtGSi7
z#t;WY&d~#8GIbI0Ca^^Z@&()A+K1f4ki^x4bW#CrWkOv>|BW{5fnz_4B<#^PMMeG<
z(;X-OUeeUse4sn+kf(wAO?!#NMAkU5bL*qIrIZHqbJr2M{f-BJoP)&TcA(K{XVz?G
zRyoIn9OcIvc42vj0U$78(g>zCnp;|<Wve(Mzl(_2wWj8ng&rBedh}Pq{MxYKD$FGq
z?^l}yl+^f|Wf6t&TH+Us04?~ck;e3eS*Rxa_-IlW^-j?-*iaA2!4R74RQwKi`RMtg
zwi^z7*`<J)>9y5=6}|>wU;LwzPj{t^N8b#gc4LnRNGoiUD>p|-*14NRK+}{qJj=2!
z^D*W3@Pp6zTt!}hE->GGdMrrQ1Wz$?>z*t6`bAPLt*bwG6(w{(snhqsAxhHmIOwVX
zB_6N${oA3hOpdcVfLmxwfg#2=%liP!lmZ|JCDm?!YL%yd`-#)0NAm4b5|_edsxsH?
zNC;9NtuKuUBB-jPp=YLFNh;n)4G++?Kj``~C*eYbS93hO`)b8ni+@`rYi#KWdL27n
zNnKr^O?myyd}BdARySuKI#hSk-Liuy98gE?2ewHFzz?bgs6Hu)``3!T*#Bt_>TzX}
z8De5ZoDb-K&;BNT_Fiq?$Z_I4Cfpz_Nl>#ZTszu0bVE%n4DE;y6rQg0#(z_KZ-C(o
z>n+!9_NJ}pX2Zf{8nkA=wT?^wNwqIt8F3HP>Jgs0Vitubtvui;Iu(cx{ONE7R1f86
zJXIu24;meX1?R(OnLvDD)0KCbS@(|!_Z<v_Ks_RVV?+{A+b~I7IyqapB@pFb<0vEL
zZEqrf)--nO6y%4AT@HoH)i@_1)~;(*U!&zcmpjSUjQTVO%SSH%%i6oF@txpzkd)4;
zFlX)lx9^yY>rOk+6Wu(g)v+De)d|Qfm}UE1(?x_Za9moI&AhRPwV>oM;O&nC{K!_o
zAA+}kwmAc66Ft+#5nHTzIk`LdnD+jSx+ZC=@_oARE-X8VS-|k{P;gwX&nJRNEk(t#
zNJ_9L0_k)$Q(0BiR_~*`q8-QO|9I&*nuw9Hwq6UBm-lb@*AHygV6MY>Vo8-269DXK
z>>$Q;4T&F+KFZqqzcOWD*MdQKXSmh;{Q!Y~n9!eE(fvH|W9wWaa|mW~*55qn-$AWz
zJ8<7vBZndF4qD2YpyPfXR8cq4%VS@ME7*Z9)a{?oW4TUw>=S7~M_*&${5M!Lzr=xm
z@i-5a1)*93VvaN(<B8Z&&zQUz&`fR8JI-AkwlwICK9&R8u5`GsPeuIs;%CEMHBoPW
znDOqNXQOop>tRaIUED#(eblB|KV@Q>_2@rQyG>1=Q~$eiZ%9U*@~S{`p03tum|4sn
z45EGoVYjtsQc%{9CWt8Y#*IvvBtvJujiIFi+OVu7cH!=$0{&i82)F#zu<ME#r`MmL
zj&!a$?e+WYdXn2_&X->xx;Zsd%g+W)f`TrWUGR+a(q^`6Jlp&aLElM`@8zAzr!1X)
zW^ps=sptYvWyPd1lA^iz=HLJ6JbznIO928u13v%)01g0Vxr$iL*I0l}3jhF_VUq+0
LNCuA!00000J8Xb$

delta 1611
zcmV-R2DJJ27t#(GP)h>@KL7#%4gfZdcUG7M#=@uu008qOkr>&3(ofCm^m@c&vm#yh
z)Dc#cwt<EKd`XE2$*q=*;Q@LHVlmMz@aByz5Tg0urC)4&BhibU*Ox-~WO}kfQ8gH)
zAlb>7HfVvRu6z)F-=kkID=>(WIWeY-0ie!>i<>UMw{?**&tyf6jI+FfWf1{|0_ac~
z52N*)f`#X$wtJy}qd5RnbzY~~wVVFbv?Lts8NZ!j9J7nn=b!BlD^^IcoVH!>;_e*G
zb5kqfK8Q3xa$l4=A1om|a3)ebA`iP6YkCy^N1>6gW@(iUBL@t(g8Gx>Uj8-x4Mx8!
z1#kI(6>8V18+b@FO<%^q-|ZW3E}<#A!&{;3)nm1|!Pu{V=wkU~+YaCOEm}+~90EHr
zaQ_K$*<}r}ySBBLrAffb@5G~6+S+Cz*lQnZTka@jwwumRv0fX=Ns=`Iy}V`lily+t
zYtLtnad(Y*xEVtY;IW+^tJovFAQ&8Q%3o36j%}ik$6WD7)owCs;d}SCf0J_<iX0H0
z2Uc!jzE9bI2rw62)ILngWfjy&I;+%IOx%WJ%M@OC4L{^xQ>+^RAw!KFN>V_??9XtL
zgT)TTH@G-do=%>J%l_}A;|yoXPz?JEI^F>vSj}6eMiI!24dQX|J`@K*ZD_1S;pt+D
zwX5|1ODaj&OqAfk!?|u0L~#3~cOy&_^pu>EcCfR5TCIst##-U6q4fNIc^%`)t~A4n
z5-fIBrm6g3+0r7F-otLli1l3AoAcfzowVM?W(^HNcN}`_RfRxrgYklWFr4EA0sEPd
zZ^c4sI*XS5l7UX^^!3w7{P5WaXMtL{GeO?KL+nS<dYZZsg^+m^&V?bCzSmXy!!#!H
z2dON7$k-neNO6IKYvXjMdRM6QFxtM)fIhK7aIUhKU!wd-w0${z7X?V^z)(prM9Vzy
z3VkI>S#qIn$ABI<JJjFB&^I1P1RUonZ&ND5oN>ZzYE5@P^e5bynCE1Pfiyr0=(r;_
zMhWA%RpG>ni$*_&Vl|U9q}^u5-3K#@U7)&u>j4-J_xA3WJVD(Gk8hSE9xp2ibh(^$
z&tCS;&|CLrk_^LCK#`%W7<@LTs3Y()@RDM|2Z#xCGp@sPF{Ot6+p0l4nU<gpz;Tv6
ze#v6?drXU*k>7x=ZKxuH^74isCNRG}{n3L_ECI>Y)3Eb_I*8IoRVaB@+s1tuPopw_
z)gISoDuNa7%NoUUcZZEkaacSN@2z6RhMpNN{1%Ni;-lZDPiP;`Oy7>}8W`vc$q1vj
za(u?hqx@s~X_5x#Ot1qV1e1uT_8=K5z}Lh(HmU#}`z)pLR|}^!AWo<zFzo`3S&i<s
zBAB&>|E)u2mz&{Q2Z8xb?;azht&c>1ko||SL-Tvz+=hgWB#97F*slkazpL?eify;c
zYe{}Wlc;m?E**EMifEc!j<k>g3R3c#`q1ql>MyhR6HA_Vip1S>16u;N<~gCu&ku)!
z8=wU{fc4?QtzCe;{PSZ9(?tJ0ET@~H5}_52G-XotejUB==a^ib$1Rj8a|&yJruUO>
zTLITW`7^-KZK|x#uqX~fx9X1~3Tl0>LbB|m(3U8>h^`f&^~9%<DuH9mc_EE>zpydk
z6;aq(>{0IIT(wW13;r9uTTCAvEojs#bOtMI71-uS0e%gqBAa<0xPynEW-EK}dWG0w
zyTp0)(rB{-wfN^sz!JQzuoUorK@mJjfP1n=y0x<xNFe=kv)CZ?-ixrqbV0S+UN5UI
zoZ@gWQNK~;{%lo04t`2gb-SDTXV9l7S@Gpr&Gp6JmXDgn)#)cjWnWlSU8Y5>$tQ0f
zzSgWQv|JGtOkH%%L54_^dAENRV#V>+TU#OdHqAWw;i&2MUQ|WsGVeft{X0VKz1C*0
zG~BD)3_CiGBiS=>5-8rqpL`-ltj?21<29HHyAio<Or%ivjZe{Yvjx+)bXa0iNb$Af
zKf}ITHyyb0+@de+{|%Z!Ez@<A-f;|<r!4V52x{pH@6OX>V~*&8k|H_|7%I|e(5rm)
zng$+Y@F{vbzt?y)=4${S|M$7eyHHC30zU&k00ICG05*+xR+t6G!l(uS0P`f1sS8L3
J>IMJ+008e$9Ekt`