Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Capture return values during call sequence execution #533

Merged
merged 8 commits into from
Jan 21, 2025

Conversation

anishnaik
Copy link
Collaborator

@anishnaik anishnaik commented Jan 10, 2025

Closes #505

Closes #367

Medusa will now capture the return values of every transaction executed (only the top-level call frame). The return value(s) must be of a primitive type (uint, int, bytes, fixed byte array, string, bool, address). These values are added to the value set during call sequence execution but are then wiped at the end of the call sequence. Thus, these values are ephemeral. This is to ensure that the value set does not blow up in size. The original value set (before the start of call sequence execution) is cached and is used to reset the call sequence.

The generation/mutation of fixed byte arrays has also been improved. Before, we always generated a completely random fixed byte array. Now, we use the value set, which should aid in finding bugs like #505. Additionally, we have reduced the probability of generating a completely random byte array/slice from 50% to 5%. It makes no sense to generate a completely random byte array/slice half the time. The same is now true for the generation of a random address or string (now 5%).

Also, we have reduced the chance of calling a pure function to 0.1% from 1%. This was done to align with echidna.

Before merging we need to ensure that benchmarking shows that this does not cause immense performance degradation.

@anishnaik anishnaik requested a review from Xenomega as a code owner January 10, 2025 18:58
@anishnaik anishnaik changed the title WIP: Capture return values during call sequence execution Capture return values during call sequence execution Jan 14, 2025
@anishnaik anishnaik merged commit fdf3148 into master Jan 21, 2025
12 checks passed
@anishnaik anishnaik deleted the feat/capture-return-values branch January 21, 2025 16:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
1 participant