Capture return values during call sequence execution #533
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #505
Closes #367
Medusa will now capture the return values of every transaction executed (only the top-level call frame). The return value(s) must be of a primitive type (uint, int, bytes, fixed byte array, string, bool, address). These values are added to the value set during call sequence execution but are then wiped at the end of the call sequence. Thus, these values are ephemeral. This is to ensure that the value set does not blow up in size. The original value set (before the start of call sequence execution) is cached and is used to reset the call sequence.
The generation/mutation of fixed byte arrays has also been improved. Before, we always generated a completely random fixed byte array. Now, we use the value set, which should aid in finding bugs like #505. Additionally, we have reduced the probability of generating a completely random byte array/slice from 50% to 5%. It makes no sense to generate a completely random byte array/slice half the time. The same is now true for the generation of a random address or string (now 5%).
Also, we have reduced the chance of calling a pure function to 0.1% from 1%. This was done to align with echidna.
Before merging we need to ensure that benchmarking shows that this does not cause immense performance degradation.