Merge develop into dmuhs/type-hints

6 years ago · 524c10a8c8
parent 9af7018235
commit 524c10a8c8
146 changed files with 5851 additions and 599 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -33,6 +33,12 @@ jobs:
            - .tox/py*
            - /root/.cache/pip/wheels/

+      - run:
+          name: Black style check
+          command: |
+            pip3 install --user black
+            python3 -m black --check /home/mythril/
+
      - run:
          background: true
          name: Launch of background geth instance
--- a/README.md
+++ b/README.md
@ -1,17 +1,21 @@
-# Mythril OSS [![Tweet](https://img.shields.io/twitter/url/http/shields.io.svg?style=social)](https://twitter.com/intent/tweet?text=Mythril%20-%20Security%20Analyzer%20for%20Ethereum%20Smart%20Contracts&url=https://www.github.com/ConsenSys/mythril)
+# Mythril Classic
+
+<p align="center">
+	<img src="/static/mythril_new.png" height="320px"/>
+</p>
+
 [![Discord](https://img.shields.io/discord/481002907366588416.svg)](https://discord.gg/E3YrVtG)
 [![PyPI](https://badge.fury.io/py/mythril.svg)](https://pypi.python.org/pypi/mythril)
-![Master Build Status](https://img.shields.io/circleci/project/github/ConsenSys/mythril/master.svg)
-[![Waffle.io - Columns and their card count](https://badge.waffle.io/ConsenSys/mythril.svg?columns=In%20Progress)](https://waffle.io/ConsenSys/mythril)
+![Master Build Status](https://img.shields.io/circleci/project/github/ConsenSys/mythril-classic/master.svg)
+[![Waffle.io - Columns and their card count](https://badge.waffle.io/ConsenSys/mythril-classic.svg?columns=In%20Progress)](https://waffle.io/ConsenSys/mythril-classic/)
 [![Sonarcloud - Maintainability](https://sonarcloud.io/api/project_badges/measure?project=mythril&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=mythril)
 [![PyPI Statistics](https://pypistats.com/badge/mythril.svg)](https://pypistats.com/package/mythril)
-<img height="120px" align="right" src="https://github.com/ConsenSys/mythril/raw/master/static/mythril.png" alt="mythril" />

-Mythril OSS is the classic security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities. 
+Mythril Classic is an open-source security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities. 

-Whether you want to contribute, need support, or want to learn what we have cooking for the future, our [Discord server](https://discord.gg/E3YrVtG) will serve your needs!
+Whether you want to contribute, need support, or want to learn what we have cooking for the future, our [Discord server](https://discord.gg/E3YrVtG) will serve your needs.

-Oh and by the way, we're building an easy-to-use SaaS solution and tools ecosystem for Ethereum developers called [Mythril Platform](https://mythril.ai). You should definitely check that out as well.
+Oh and by the way, we're also building an easy-to-use security analysis platform (a.k.a. "the INFURA for smart contract security") that anybody can use to create purpose-built security tools. It's called [Mythril Platform](https://mythril.ai) and you should definitely [check it out](https://media.consensys.net/mythril-platform-api-is-upping-the-smart-contract-security-game-eee1d2642488).

 ## Installation and setup

@ -31,21 +35,10 @@ See the [Wiki](https://github.com/ConsenSys/mythril/wiki/Installation-and-Setup)

 ## Usage

-Instructions for using the 'myth' tool are found on the [Wiki](https://github.com/ConsenSys/mythril/wiki). 
+Instructions for using Mythril Classic are found on the [Wiki](https://github.com/ConsenSys/mythril-classic/wiki). 

 For support or general discussions please join the Mythril community on [Discord](https://discord.gg/E3YrVtG).

 ## Vulnerability Remediation

 Visit the [Smart Contract Vulnerability Classification Registry](https://smartcontractsecurity.github.io/SWC-registry/) to find detailed information and remediation guidance for the vulnerabilities reported.
-
-## Presentations, papers and articles
-
- [Analyzing Ethereum Smart Contracts for Vulnerabilities](https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df)
- [What Caused the Parity SUICIDE Vulnerability & How to Detect Similar Bugs](https://hackernoon.com/what-caused-the-latest-100-million-ethereum-bug-and-a-detection-tool-for-similar-bugs-7b80f8ab7279)
- [Detecting Integer Overflows in Ethereum Smart Contracts](https://media.consensys.net/detecting-batchoverflow-and-similar-flaws-in-ethereum-smart-contracts-93cf5a5aaac8)
- [How Formal Verification Can Ensure Flawless Smart Contracts](https://media.consensys.net/how-formal-verification-can-ensure-flawless-smart-contracts-cbda8ad99bd1)
- [Smashing Smart Contracts for Fun and Real Profit](https://hackernoon.com/hitb2018ams-smashing-smart-contracts-for-fun-and-real-profit-720f5e3ac777)
- [HITBSecConf 2018 - Presentation video](https://www.youtube.com/watch?v=iqf6epACgds)
- [EDCon Toronto 2018 - Mythril: Find bugs and verify security properties in your contracts](https://www.youtube.com/watch?v=NJ9StJThxZY&feature=youtu.be&t=3h3m18s)
-
--- a/mythril/analysis/modules/dependence_on_predictable_vars.py
+++ b/mythril/analysis/modules/dependence_on_predictable_vars.py
@ -156,12 +156,11 @@ def solve(call):
    try:
        model = solver.get_model(call.node.constraints)
        logging.debug("[DEPENDENCE_ON_PREDICTABLE_VARS] MODEL: " + str(model))
+        pretty_model = solver.pretty_print_model(model)

-        for d in model.decls():
-            logging.debug(
-                "[DEPENDENCE_ON_PREDICTABLE_VARS] main model: %s = 0x%x"
-                % (d.name(), model[d].as_long())
-            )
+        logging.debug(
+            "[DEPENDENCE_ON_PREDICTABLE_VARS] main model: \n%s" % pretty_model
+        )
        return True

    except UnsatError:
--- a/mythril/analysis/modules/ether_send.py
+++ b/mythril/analysis/modules/ether_send.py
@ -1,10 +1,8 @@
-from z3 import *
 from mythril.analysis.ops import *
 from mythril.analysis import solver
 from mythril.analysis.report import Issue
 from mythril.analysis.swc_data import UNPROTECTED_ETHER_WITHDRAWAL
 from mythril.exceptions import UnsatError
-import re
 import logging


@ -17,147 +15,63 @@ to that index).
 """


-def execute(statespace):
+def execute(state_space):

    logging.debug("Executing module: ETHER_SEND")

    issues = []

-    for call in statespace.calls:
+    for k in state_space.nodes:
+        node = state_space.nodes[k]

-        state = call.state
-        address = state.get_current_instruction()["address"]
+        for state in node.states:
+            issues += _analyze_state(state, node)

-        if "callvalue" in str(call.value):
-            logging.debug("[ETHER_SEND] Skipping refund function")
-            continue
-
-        # We're only interested in calls that send Ether
-
-        if call.value.type == VarType.CONCRETE and call.value.val == 0:
-            continue
-
-        interesting = False
-
-        description = "In the function `" + call.node.function_name + "` "
-
-        if re.search(r"caller", str(call.to)):
-            description += "a non-zero amount of Ether is sent to msg.sender.\n"
-            interesting = True
-
-        elif re.search(r"calldata", str(call.to)):
-            description += "a non-zero amount of Ether is sent to an address taken from function arguments.\n"
-            interesting = True
-
-        else:
-            m = re.search(r"storage_([a-z0-9_&^]+)", str(call.to))
-
-            if m:
-                idx = m.group(1)
-
-                description += (
-                    "a non-zero amount of Ether is sent to an address taken from storage slot "
-                    + str(idx)
-                    + ".\n"
-                )
-
-                func = statespace.find_storage_write(
-                    state.environment.active_account.address, idx
-                )
-
-                if func:
-                    description += (
-                        "There is a check on storage index "
-                        + str(idx)
-                        + ". This storage slot can be written to by calling the function `"
-                        + func
-                        + "`.\n"
-                    )
-                    interesting = True
-                else:
-                    logging.debug("[ETHER_SEND] No storage writes to index " + str(idx))
-
-        if interesting:
-
-            node = call.node
-
-            can_solve = True
-            constrained = False
-
-            index = 0
-
-            while can_solve and index < len(node.constraints):
-
-                constraint = node.constraints[index]
-                index += 1
-                logging.debug("[ETHER_SEND] Constraint: " + str(constraint))
-
-                m = re.search(r"storage_([a-z0-9_&^]+)", str(constraint))
-
-                if m:
-
-                    constrained = True
-                    idx = m.group(1)
-
-                    func = statespace.find_storage_write(
-                        state.environment.active_account.address, idx
-                    )
-
-                    if func:
-                        description += (
-                            "\nThere is a check on storage index "
-                            + str(idx)
-                            + ". This storage slot can be written to by calling the function `"
-                            + func
-                            + "`."
-                        )
-                    else:
-                        logging.debug(
-                            "[ETHER_SEND] No storage writes to index " + str(idx)
-                        )
-                        can_solve = False
-                        break
+    return issues

-                # CALLER may also be constrained to hardcoded address. I.e. 'caller' and some integer

-                elif re.search(r"caller", str(constraint)) and re.search(
-                    r"[0-9]{20}", str(constraint)
-                ):
-                    constrained = True
-                    can_solve = False
-                    break
-
-            if not constrained:
-                description += (
-                    "It seems that this function can be called without restrictions."
-                )
-
-            if can_solve:
-
-                try:
-                    model = solver.get_model(node.constraints)
-
-                    for d in model.decls():
-                        logging.debug(
-                            "[ETHER_SEND] main model: %s = 0x%x"
-                            % (d.name(), model[d].as_long())
-                        )
-
-                    debug = "SOLVER OUTPUT:\n" + solver.pretty_print_model(model)
-
-                    issue = Issue(
-                        contract=call.node.contract_name,
-                        function=call.node.function_name,
-                        address=address,
-                        title="Ether send",
-                        _type="Warning",
-                        swc_id=UNPROTECTED_ETHER_WITHDRAWAL,
-                        description=description,
-                        debug=debug,
-                    )
-                    issues.append(issue)
-
-                except UnsatError:
-                    logging.debug("[ETHER_SEND] no model found")
+def _analyze_state(state, node):
+    issues = []
+    instruction = state.get_current_instruction()
+
+    if instruction["opcode"] != "CALL":
+        return []
+
+    call_value = state.mstate.stack[-3]
+    target = state.mstate.stack[-2]
+
+    not_creator_constraints = []
+    if len(state.world_state.transaction_sequence) > 1:
+        creator = state.world_state.transaction_sequence[0].caller
+        for transaction in state.world_state.transaction_sequence[1:]:
+            not_creator_constraints.append(
+                Not(Extract(159, 0, transaction.caller) == Extract(159, 0, creator))
+            )
+            not_creator_constraints.append(
+                Not(Extract(159, 0, transaction.caller) == 0)
+            )
+
+    try:
+        model = solver.get_model(
+            node.constraints + not_creator_constraints + [call_value > 0]
+        )
+
+        debug = "SOLVER OUTPUT:\n" + solver.pretty_print_model(model)
+
+        issue = Issue(
+            contract=node.contract_name,
+            function=node.function_name,
+            address=instruction["address"],
+            swc_id=UNPROTECTED_ETHER_WITHDRAWAL,
+            title="Ether send",
+            _type="Warning",
+            description="It seems that an attacker is able to execute an call instruction,"
+            " this can mean that the attacker is able to extract funds "
+            "out of the contract.".format(target),
+            debug=debug,
+        )
+        issues.append(issue)
+    except UnsatError:
+        logging.debug("[UNCHECKED_SUICIDE] no model found")

    return issues
--- a/mythril/analysis/modules/exceptions.py
+++ b/mythril/analysis/modules/exceptions.py
@ -36,8 +36,7 @@ def execute(statespace):
                        "out-of-bounds array access, or assert violations. "
                    )
                    description += (
-                        "This is acceptable in most situations. "
-                        "Note however that `assert()` should only be used to check invariants. "
+                        "Note that explicit `assert()` should only be used to check invariants. "
                        "Use `require()` for regular input checking. "
                    )

--- a/mythril/analysis/modules/integer.py
+++ b/mythril/analysis/modules/integer.py
@ -98,12 +98,7 @@ def _check_integer_overflow(statespace, state, node):
        _type="Warning",
    )

-    issue.description = (
-        "A possible integer overflow exists in the function `{}`.\n"
-        "The addition or multiplication may result in a value higher than the maximum representable integer.".format(
-            node.function_name
-        )
-    )
+    issue.description = "The arithmetic operation can result in integer overflow.\n"
    issue.debug = solver.pretty_print_model(model)
    issues.append(issue)

@ -211,10 +206,7 @@ def _check_integer_underflow(statespace, state, node):
                )

                issue.description = (
-                    "A possible integer underflow exists in the function `"
-                    + node.function_name
-                    + "`.\n"
-                    "The subtraction may result in a value < 0."
+                    "The subtraction can result in an integer underflow.\n"
                )

                issue.debug = solver.pretty_print_model(model)
--- a/mythril/analysis/modules/multiple_sends.py
+++ b/mythril/analysis/modules/multiple_sends.py
@ -32,7 +32,8 @@ def execute(statespace):
            )

            issue.description = (
-                "Multiple sends exist in one transaction. Try to isolate each external call into its own transaction,"
+                "Multiple sends are executed in a single transaction. "
+                "Try to isolate each external call into its own transaction,"
                " as external calls can fail accidentally or deliberately.\nConsecutive calls: \n"
            )

@ -47,9 +48,7 @@ def execute(statespace):

 def _explore_nodes(call, statespace):
    children = _child_nodes(statespace, call.node)
-    sending_children = list(
-        filter(lambda call: call.node in children, statespace.calls)
-    )
+    sending_children = list(filter(lambda c: c.node in children, statespace.calls))
    return sending_children


--- a/mythril/analysis/modules/suicide.py
+++ b/mythril/analysis/modules/suicide.py
@ -39,9 +39,8 @@ def _analyze_state(state, node):
    to = state.mstate.stack[-1]

    logging.debug("[UNCHECKED_SUICIDE] suicide in function " + node.function_name)
-    description = (
-        "The function `" + node.function_name + "` executes the SUICIDE instruction. "
-    )
+
+    description = "A reachable SUICIDE instruction was detected. "

    if "caller" in str(to):
        description += "The remaining Ether is sent to the caller's address.\n"
--- a/mythril/analysis/modules/transaction_order_dependence.py
+++ b/mythril/analysis/modules/transaction_order_dependence.py
@ -42,10 +42,8 @@ def execute(statespace):
            )

            issue.description = (
-                "A possible transaction order dependence vulnerability exists in function {}. The value or "
-                "direction of the call statement is determined from a tainted storage location".format(
-                    node.function_name
-                )
+                "Possible transaction order dependence vulnerability: The value or "
+                "direction of the call statement is determined from a tainted storage location"
            )
            issues.append(issue)

--- a/mythril/analysis/solver.py
+++ b/mythril/analysis/solver.py
@ -1,4 +1,4 @@
-from z3 import Solver, simplify, sat, unknown
+from z3 import Solver, simplify, sat, unknown, FuncInterp
 from mythril.exceptions import UnsatError
 import logging

@ -22,6 +22,10 @@ def pretty_print_model(model):
    ret = ""

    for d in model.decls():
+        if type(model[d]) == FuncInterp:
+            condition = model[d].as_list()
+            ret += "%s: %s\n" % (d.name(), condition)
+            continue

        try:
            condition = "0x%x" % model[d].as_long()
--- a/mythril/analysis/symbolic.py
+++ b/mythril/analysis/symbolic.py
@ -7,6 +7,8 @@ from .ops import get_variable, SStore, Call, VarType
 from mythril.laser.ethereum.strategy.basic import (
    DepthFirstSearchStrategy,
    BreadthFirstSearchStrategy,
+    ReturnRandomNaivelyStrategy,
+    ReturnWeightedRandomStrategy,
 )


@ -28,11 +30,14 @@ class SymExecWrapper:
        max_transaction_count=3,
    ):

-        s_strategy = None
        if strategy == "dfs":
            s_strategy = DepthFirstSearchStrategy
        elif strategy == "bfs":
            s_strategy = BreadthFirstSearchStrategy
+        elif strategy == "naive-random":
+            s_strategy = ReturnRandomNaivelyStrategy
+        elif strategy == "weighted-random":
+            s_strategy = ReturnWeightedRandomStrategy
        else:
            raise ValueError("Invalid strategy argument supplied")

--- a/mythril/analysis/traceexplore.py
+++ b/mythril/analysis/traceexplore.py
@ -47,7 +47,6 @@ colors = [


 def get_serializable_statespace(statespace):
-
    nodes = []
    edges = []

@ -77,10 +76,10 @@ def get_serializable_statespace(statespace):

        color = color_map[node.get_cfg_dict()["contract_name"]]

-        def get_state_accounts(state):
+        def get_state_accounts(node_state):
            state_accounts = []
-            for key in state.accounts:
-                account = state.accounts[key].as_dict
+            for key in node_state.accounts:
+                account = node_state.accounts[key].as_dict
                account.pop("code", None)
                account["balance"] = str(account["balance"])

--- a/mythril/disassembler/disassembly.py
+++ b/mythril/disassembler/disassembly.py
@ -4,16 +4,27 @@ import logging


 class Disassembly(object):
-    def __init__(self, code, enable_online_lookup=True):
+    """
+    Disassembly class
+
+    Stores bytecode, and its disassembly.
+    Additionally it will gather the following information on the existing functions in the disassembled code:
+     - function hashes
+     - function name to entry point mapping
+     - function entry point to function name mapping
+    """
+
+    def __init__(self, code: str, enable_online_lookup: bool = False):
+        self.bytecode = code
        self.instruction_list = asm.disassemble(util.safe_decode(code))
+
        self.func_hashes = []
-        self.func_to_addr = {}
-        self.addr_to_func = {}
-        self.bytecode = code
+        self.function_name_to_address = {}
+        self.address_to_function_name = {}

        signatures = SignatureDb(
            enable_online_lookup=enable_online_lookup
-        )  # control if you want to have online sighash lookups
+        )  # control if you want to have online signature hash lookups
        try:
            signatures.open()  # open from default locations
        except FileNotFoundError:
@ -21,46 +32,64 @@ class Disassembly(object):
                "Missing function signature file. Resolving of function names from signature file disabled."
            )

-        # Parse jump table & resolve function names
-
        # Need to take from PUSH1 to PUSH4 because solc seems to remove excess 0s at the beginning for optimizing
-        jmptable_indices = asm.find_opcode_sequence(
+        jump_table_indices = asm.find_opcode_sequence(
            [("PUSH1", "PUSH2", "PUSH3", "PUSH4"), ("EQ",)], self.instruction_list
        )

-        for i in jmptable_indices:
-            func_hash = self.instruction_list[i]["argument"]
-
-            # Append with missing 0s at the beginning
-            func_hash = "0x" + func_hash[2:].rjust(8, "0")
-
-            self.func_hashes.append(func_hash)
-            try:
-                # tries local cache, file and optional online lookup
-                # may return more than one function signature. since we cannot probe for the correct one we'll use the first
-                func_names = signatures.get(func_hash)
-                if len(func_names) > 1:
-                    # ambigious result
-                    func_name = (
-                        "**ambiguous** %s" % func_names[0]
-                    )  # return first hit but note that result was ambiguous
-                else:
-                    # only one item
-                    func_name = func_names[0]
-            except KeyError:
-                func_name = "_function_" + func_hash
-
-            try:
-                offset = self.instruction_list[i + 2]["argument"]
-                jump_target = int(offset, 16)
-
-                self.func_to_addr[func_name] = jump_target
-                self.addr_to_func[jump_target] = func_name
-            except:
-                continue
+        for index in jump_table_indices:
+            function_hash, jump_target, function_name = get_function_info(
+                index, self.instruction_list, signatures
+            )
+            self.func_hashes.append(function_hash)
+
+            if jump_target is not None and function_name is not None:
+                self.function_name_to_address[function_name] = jump_target
+                self.address_to_function_name[jump_target] = function_name

        signatures.write()  # store resolved signatures (potentially resolved online)

    def get_easm(self):
-        # todo: tintinweb - print funcsig resolved data from self.addr_to_func?
        return asm.instruction_list_to_easm(self.instruction_list)
+
+
+def get_function_info(
+    index: int, instruction_list: list, signature_database: SignatureDb
+) -> (str, int, str):
+    """
+    Finds the function information for a call table entry
+    Solidity uses the first 4 bytes of the calldata to indicate which function the message call should execute
+    The generated code that directs execution to the correct function looks like this:
+    - PUSH function_hash
+    - EQ
+    - PUSH entry_point
+    - JUMPI
+
+    This function takes an index that points to the first instruction, and from that finds out the function hash,
+    function entry and the function name.
+
+    :param index: Start of the entry pattern
+    :param instruction_list: Instruction list for the contract that is being analyzed
+    :param signature_database: Database used to map function hashes to their respective function names
+    :return: function hash, function entry point, function name
+    """
+
+    # Append with missing 0s at the beginning
+    function_hash = "0x" + instruction_list[index]["argument"][2:].rjust(8, "0")
+
+    function_names = signature_database.get(function_hash)
+    if len(function_names) > 1:
+        # In this case there was an ambiguous result
+        function_name = "**ambiguous** {}".format(function_names[0])
+    elif len(function_names) == 1:
+        function_name = function_names[0]
+    else:
+        function_name = "_function_" + function_hash
+
+    try:
+        offset = instruction_list[index + 2]["argument"]
+        entry_point = int(offset, 16)
+    except (KeyError, IndexError):
+        return function_hash, None, None
+
+    return function_hash, entry_point, function_name
--- a/mythril/ether/ethcontract.py
+++ b/mythril/ether/ethcontract.py
@ -6,7 +6,7 @@ import re

 class ETHContract(persistent.Persistent):
    def __init__(
-        self, code, creation_code="", name="Unknown", enable_online_lookup=True
+        self, code, creation_code="", name="Unknown", enable_online_lookup=False
    ):

        # Workaround: We currently do not support compile-time linking.
--- a/mythril/ether/evm.py
+++ b/mythril/ether/evm.py
@ -8,14 +8,12 @@ import re


 def trace(code, calldata=""):
-
    log_handlers = [
        "eth.vm.op",
        "eth.vm.op.stack",
        "eth.vm.op.memory",
        "eth.vm.op.storage",
    ]
-
    output = StringIO()
    stream_handler = StreamHandler(output)

@ -25,58 +23,43 @@ def trace(code, calldata=""):
        log_vm_op.addHandler(stream_handler)

    addr = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF01234567")
-
    state = State()

    ext = messages.VMExt(state, transactions.Transaction(0, 0, 21000, addr, 0, addr))
-
    message = vm.Message(addr, addr, 0, 21000, calldata)
-
-    res, gas, dat = vm.vm_execute(ext, message, util.safe_decode(code))
-
+    vm.vm_execute(ext, message, util.safe_decode(code))
    stream_handler.flush()
-
    ret = output.getvalue()
-
    lines = ret.split("\n")

-    trace = []
-
+    state_trace = []
    for line in lines:
-
        m = re.search(r"pc=b\'(\d+)\'.*op=([A-Z0-9]+)", line)
-
        if m:
            pc = m.group(1)
            op = m.group(2)
-
            m = re.match(r".*stack=(\[.*?\])", line)

            if m:
-
                stackitems = re.findall(r"b\'(\d+)\'", m.group(1))
-
                stack = "["

                if len(stackitems):
-
                    for i in range(0, len(stackitems) - 1):
                        stack += hex(int(stackitems[i])) + ", "
-
                    stack += hex(int(stackitems[-1]))

                stack += "]"
-
            else:
                stack = "[]"

            if re.match(r"^PUSH.*", op):
                val = re.search(r"pushvalue=(\d+)", line).group(1)
                pushvalue = hex(int(val))
-                trace.append(
+                state_trace.append(
                    {"pc": pc, "op": op, "stack": stack, "pushvalue": pushvalue}
                )
            else:
-                trace.append({"pc": pc, "op": op, "stack": stack})
+                state_trace.append({"pc": pc, "op": op, "stack": stack})

-    return trace
+    return state_trace
--- a/mythril/ethereum/interface/leveldb/accountindexing.py
+++ b/mythril/ethereum/interface/leveldb/accountindexing.py
@ -63,16 +63,15 @@ class AccountIndexer(object):

    def get_contract_by_hash(self, contract_hash):
        """
-        get mapped address by its hash, if not found try indexing
+        get mapped contract_address by its hash, if not found try indexing
        """
-        address = self.db.reader._get_address_by_hash(contract_hash)
-        if address is not None:
-            return address
+        contract_address = self.db.reader._get_address_by_hash(contract_hash)
+        if contract_address is not None:
+            return contract_address
+
        else:
            raise AddressNotFoundError

-        return self.db.reader._get_address_by_hash(contract_hash)
-
    def _process(self, startblock):
        """
        Processesing method
@ -84,9 +83,9 @@ class AccountIndexer(object):
        addresses = []

        for blockNum in range(startblock, startblock + BATCH_SIZE):
-            hash = self.db.reader._get_block_hash(blockNum)
-            if hash is not None:
-                receipts = self.db.reader._get_block_receipts(hash, blockNum)
+            block_hash = self.db.reader._get_block_hash(blockNum)
+            if block_hash is not None:
+                receipts = self.db.reader._get_block_receipts(block_hash, blockNum)

                for receipt in receipts:
                    if receipt.contractAddress is not None and not all(
--- a/mythril/ethereum/interface/leveldb/client.py
+++ b/mythril/ethereum/interface/leveldb/client.py
@ -84,55 +84,46 @@ class LevelDBReader(object):
        gets head block header
        """
        if not self.head_block_header:
-            hash = self.db.get(head_header_key)
-            num = self._get_block_number(hash)
-            self.head_block_header = self._get_block_header(hash, num)
+            block_hash = self.db.get(head_header_key)
+            num = self._get_block_number(block_hash)
+            self.head_block_header = self._get_block_header(block_hash, num)
            # find header with valid state
            while (
                not self.db.get(self.head_block_header.state_root)
                and self.head_block_header.prevhash is not None
            ):
-                hash = self.head_block_header.prevhash
-                num = self._get_block_number(hash)
-                self.head_block_header = self._get_block_header(hash, num)
+                block_hash = self.head_block_header.prevhash
+                num = self._get_block_number(block_hash)
+                self.head_block_header = self._get_block_header(block_hash, num)

        return self.head_block_header

-    def _get_block_number(self, hash):
-        """
-        gets block number by hash
-        """
-        number_key = block_hash_prefix + hash
+    def _get_block_number(self, block_hash):
+        """Get block number by its hash"""
+        number_key = block_hash_prefix + block_hash
        return self.db.get(number_key)

-    def _get_block_header(self, hash, num):
-        """
-        get block header by block header hash & number
-        """
-        header_key = header_prefix + num + hash
+    def _get_block_header(self, block_hash, num):
+        """Get block header by block header hash & number"""
+        header_key = header_prefix + num + block_hash
+
        block_header_data = self.db.get(header_key)
        header = rlp.decode(block_header_data, sedes=BlockHeader)
        return header

-    def _get_address_by_hash(self, hash):
-        """
-        get mapped address by its hash
-        """
-        address_key = address_prefix + hash
+    def _get_address_by_hash(self, block_hash):
+        """Get mapped address by its hash"""
+        address_key = address_prefix + block_hash
        return self.db.get(address_key)

    def _get_last_indexed_number(self):
-        """
-        latest indexed block number
-        """
+        """Get latest indexed block number"""
        return self.db.get(address_mapping_head_key)

-    def _get_block_receipts(self, hash, num):
-        """
-        get block transaction receipts by block header hash & number
-        """
+    def _get_block_receipts(self, block_hash, num):
+        """Get block transaction receipts by block header hash & number"""
        number = _format_block_number(num)
-        receipts_key = block_receipts_prefix + number + hash
+        receipts_key = block_receipts_prefix + number + block_hash
        receipts_data = self.db.get(receipts_key)
        receipts = rlp.decode(receipts_data, sedes=CountableList(ReceiptForStorage))
        return receipts
@ -224,12 +215,10 @@ class EthLevelDB(object):
            if not cnt % 1000:
                logging.info("Searched %d contracts" % cnt)

-    def contract_hash_to_address(self, hash):
-        """
-        tries to find corresponding account address
-        """
+    def contract_hash_to_address(self, contract_hash):
+        """Tries to find corresponding account address"""

-        address_hash = binascii.a2b_hex(utils.remove_0x_head(hash))
+        address_hash = binascii.a2b_hex(utils.remove_0x_head(contract_hash))
        indexer = AccountIndexer(self)

        return _encode_hex(indexer.get_contract_by_hash(address_hash))
@ -238,9 +227,9 @@ class EthLevelDB(object):
        """
        gets block header by block number
        """
-        hash = self.reader._get_block_hash(number)
+        block_hash = self.reader._get_block_hash(number)
        block_number = _format_block_number(number)
-        return self.reader._get_block_header(hash, block_number)
+        return self.reader._get_block_header(block_hash, block_number)

    def eth_getBlockByNumber(self, number):
        """
--- a/mythril/ethereum/interface/leveldb/state.py
+++ b/mythril/ethereum/interface/leveldb/state.py
@ -58,9 +58,9 @@ class Account(rlp.Serializable):
        ("code_hash", hash32),
    ]

-    def __init__(self, nonce, balance, storage, code_hash, db, address):
+    def __init__(self, nonce, balance, storage, code_hash, db, addr):
        self.db = db
-        self.address = address
+        self.address = addr
        super(Account, self).__init__(nonce, balance, storage, code_hash)
        self.storage_cache = {}
        self.storage_trie = SecureTrie(Trie(self.db))
@ -89,12 +89,12 @@ class Account(rlp.Serializable):
        return self.storage_cache[key]

    @classmethod
-    def blank_account(cls, db, address, initial_nonce=0):
+    def blank_account(cls, db, addr, initial_nonce=0):
        """
        creates a blank account
        """
        db.put(BLANK_HASH, b"")
-        o = cls(initial_nonce, 0, trie.BLANK_ROOT, BLANK_HASH, db, address)
+        o = cls(initial_nonce, 0, trie.BLANK_ROOT, BLANK_HASH, db, addr)
        o.existent_at_start = False
        return o

@ -117,22 +117,22 @@ class State:
        self.journal = []
        self.cache = {}

-    def get_and_cache_account(self, address):
-        """
-        gets and caches an account for an addres, creates blank if not found
-        """
-        if address in self.cache:
-            return self.cache[address]
-        rlpdata = self.secure_trie.get(address)
+    def get_and_cache_account(self, addr):
+        """Gets and caches an account for an addres, creates blank if not found"""
+
+        if addr in self.cache:
+            return self.cache[addr]
+        rlpdata = self.secure_trie.get(addr)
        if (
-            rlpdata == trie.BLANK_NODE and len(address) == 32
+            rlpdata == trie.BLANK_NODE and len(addr) == 32
        ):  # support for hashed addresses
-            rlpdata = self.trie.get(address)
+            rlpdata = self.trie.get(addr)
+
        if rlpdata != trie.BLANK_NODE:
-            o = rlp.decode(rlpdata, Account, db=self.db, address=address)
+            o = rlp.decode(rlpdata, Account, db=self.db, address=addr)
        else:
-            o = Account.blank_account(self.db, address, 0)
-        self.cache[address] = o
+            o = Account.blank_account(self.db, addr, 0)
+        self.cache[addr] = o
        o._mutable = True
        o._cached_rlp = None
        return o
--- a/mythril/interfaces/cli.py
+++ b/mythril/interfaces/cli.py
@ -15,10 +15,11 @@ import argparse
 from mythril.exceptions import CriticalError, AddressNotFoundError
 from mythril.mythril import Mythril
 from mythril.version import VERSION
+import mythril.support.signatures as sigs


-def exit_with_error(format, message):
-    if format == "text" or format == "markdown":
+def exit_with_error(format_, message):
+    if format_ == "text" or format_ == "markdown":
        print(message)
    else:
        result = {"success": False, "error": str(message), "issues": []}
@ -147,18 +148,19 @@ def main():
        default=22,
        help="Maximum recursion depth for symbolic execution",
    )
+
+    options.add_argument(
+        "--strategy",
+        choices=["dfs", "bfs", "naive-random", "weighted-random"],
+        default="dfs",
+        help="Symbolic execution strategy",
+    )
    options.add_argument(
        "--max-transaction-count",
        type=int,
        default=3,
        help="Maximum number of transactions issued by laser",
    )
-    options.add_argument(
-        "--strategy",
-        choices=["dfs", "bfs"],
-        default="dfs",
-        help="Symbolic execution strategy",
-    )
    options.add_argument(
        "--execution-timeout",
        type=int,
@ -179,6 +181,12 @@ def main():
        "--enable-physics", action="store_true", help="enable graph physics simulation"
    )
    options.add_argument("-v", type=int, help="log level (0-2)", metavar="LOG_LEVEL")
+    options.add_argument(
+        "-q",
+        "--query-signature",
+        action="store_true",
+        help="Lookup function signatures through www.4byte.directory",
+    )

    rpc = parser.add_argument_group("RPC options")
    rpc.add_argument(
@ -231,6 +239,13 @@ def main():
                args.outform, "Invalid -v value, you can find valid values in usage"
            )

+    if args.query_signature:
+        if sigs.ethereum_input_decoder == None:
+            exit_with_error(
+                args.outform,
+                "The --query-signature function requires the python package ethereum-input-decoder",
+            )
+
    # -- commands --
    if args.hash:
        print(Mythril.hash_for_function_signature(args.hash))
@ -241,7 +256,12 @@ def main():
        # infura = None, rpc = None, rpctls = None
        # solc_args = None, dynld = None, max_recursion_depth = 12):

-        mythril = Mythril(solv=args.solv, dynld=args.dynld, solc_args=args.solc_args)
+        mythril = Mythril(
+            solv=args.solv,
+            dynld=args.dynld,
+            solc_args=args.solc_args,
+            enable_online_lookup=args.query_signature,
+        )
        if args.dynld and not (args.rpc or args.i):
            mythril.set_api_from_config_path()

--- a/mythril/laser/ethereum/call.py
+++ b/mythril/laser/ethereum/call.py
@ -1,8 +1,8 @@
 import logging
 from typing import Union
-from z3 import simplify, BitVecRef, BitVecNumRef, BoolRef
+from z3 import simplify, BitVecRef, BitVecNumRef, BoolRef, Extract
 import mythril.laser.ethereum.util as util
-from mythril.laser.ethereum.state import Account, CalldataType, GlobalState
+from mythril.laser.ethereum.state import Account, CalldataType, GlobalState, Calldata
 from mythril.support.loader import DynLoader
 import re

@ -125,7 +125,7 @@ def get_callee_account(

    try:
        code = dynamic_loader.dynld(environment.active_account.address, callee_address)
-    except Exception as e:
+    except Exception:
        logging.debug("Unable to execute dynamic loader.")
        raise ValueError()
    if code is None:
@ -156,21 +156,33 @@ def get_call_data(
    :return: Tuple containing: call_data array from memory or empty array if symbolic, type found
    """
    state = global_state.mstate
+    transaction_id = "{}_internalcall".format(global_state.current_transaction.id)
    try:
        # TODO: This only allows for either fully concrete or fully symbolic calldata.
        # Improve management of memory and callata to support a mix between both types.
-        call_data = state.memory[
+        calldata_from_mem = state.memory[
            util.get_concrete_int(memory_start) : util.get_concrete_int(
                memory_start + memory_size
            )
        ]
-        if len(call_data) < 32 and pad:
-            call_data += [0] * (32 - len(call_data))
+        i = 0
+        starting_calldata = []
+        while i < len(calldata_from_mem):
+            elem = calldata_from_mem[i]
+            if isinstance(elem, int):
+                starting_calldata.append(elem)
+                i += 1
+            else:  # BitVec
+                for j in range(0, elem.size(), 8):
+                    starting_calldata.append(Extract(j + 7, j, elem))
+                    i += 1
+
+        call_data = Calldata(transaction_id, starting_calldata)
        call_data_type = CalldataType.CONCRETE
        logging.debug("Calldata: " + str(call_data))
    except TypeError:
        logging.info("Unsupported symbolic calldata offset")
        call_data_type = CalldataType.SYMBOLIC
-        call_data = []
+        call_data = Calldata("{}_internalcall".format(transaction_id))

    return call_data, call_data_type
--- a/mythril/laser/ethereum/cfg.py
+++ b/mythril/laser/ethereum/cfg.py
@ -38,9 +38,11 @@ class Node:
        code = ""
        for state in self.states:
            instruction = state.get_current_instruction()
+
            code += str(instruction["address"]) + " " + instruction["opcode"]
            if instruction["opcode"].startswith("PUSH"):
                code += " " + instruction["argument"]
+
            code += "\\n"

        return dict(
--- a/mythril/laser/ethereum/instructions.py
+++ b/mythril/laser/ethereum/instructions.py
@ -38,13 +38,14 @@ from mythril.laser.ethereum.evm_exceptions import (
    InvalidInstruction,
 )
 from mythril.laser.ethereum.keccak import KeccakFunctionManager
-from mythril.laser.ethereum.state import GlobalState, CalldataType
+from mythril.laser.ethereum.state import GlobalState, CalldataType, Calldata
 from mythril.laser.ethereum.transaction import (
    MessageCallTransaction,
    TransactionStartSignal,
    ContractCreationTransaction,
 )
 from mythril.support.loader import DynLoader
+from mythril.analysis.solver import get_model

 TT256 = 2 ** 256
 TT256M1 = 2 ** 256 - 1
@ -162,7 +163,6 @@ class Instruction:
            op1 = If(op1, BitVecVal(1, 256), BitVecVal(0, 256))
        if type(op2) == BoolRef:
            op2 = If(op2, BitVecVal(1, 256), BitVecVal(0, 256))
-
        stack.append(op1 & op2)

        return [global_state]
@ -314,8 +314,8 @@ class Instruction:
    @StateTransition()
    def exp_(self, global_state: GlobalState) -> List[GlobalState]:
        state = global_state.mstate
-
        base, exponent = util.pop_bitvec(state), util.pop_bitvec(state)
+
        if (type(base) != BitVecNumRef) or (type(exponent) != BitVecNumRef):
            state.stack.append(
                global_state.new_bitvec(
@ -423,89 +423,14 @@ class Instruction:
        environment = global_state.environment
        op0 = state.stack.pop()

-        try:
-            offset = util.get_concrete_int(simplify(op0))
-            b = environment.calldata[offset]
-        except TypeError:
-            logging.debug("CALLDATALOAD: Unsupported symbolic index")
-            state.stack.append(
-                global_state.new_bitvec(
-                    "calldata_"
-                    + str(environment.active_account.contract_name)
-                    + "["
-                    + str(simplify(op0))
-                    + "]",
-                    256,
-                )
-            )
-            return [global_state]
-        except IndexError:
-            logging.debug("Calldata not set, using symbolic variable instead")
-            state.stack.append(
-                global_state.new_bitvec(
-                    "calldata_"
-                    + str(environment.active_account.contract_name)
-                    + "["
-                    + str(simplify(op0))
-                    + "]",
-                    256,
-                )
-            )
-            return [global_state]
-
-        if type(b) == int:
-
-            try:
-                val = b"".join(
-                    [
-                        calldata.to_bytes(1, byteorder="big")
-                        for calldata in environment.calldata[offset : offset + 32]
-                    ]
-                )
-
-                logging.debug(
-                    "Final value: " + str(int.from_bytes(val, byteorder="big"))
-                )
-                state.stack.append(BitVecVal(int.from_bytes(val, byteorder="big"), 256))
-
-            except (TypeError, AttributeError):
-                state.stack.append(
-                    global_state.new_bitvec(
-                        "calldata_"
-                        + str(environment.active_account.contract_name)
-                        + "["
-                        + str(simplify(op0))
-                        + "]",
-                        256,
-                    )
-                )
-        else:
-            # symbolic variable
-            state.stack.append(
-                global_state.new_bitvec(
-                    "calldata_"
-                    + str(environment.active_account.contract_name)
-                    + "["
-                    + str(simplify(op0))
-                    + "]",
-                    256,
-                )
-            )
-
+        state.stack.append(environment.calldata.get_word_at(op0))
        return [global_state]

    @StateTransition()
    def calldatasize_(self, global_state: GlobalState) -> List[GlobalState]:
        state = global_state.mstate
        environment = global_state.environment
-        if environment.calldata_type == CalldataType.SYMBOLIC:
-            state.stack.append(
-                global_state.new_bitvec(
-                    "calldatasize_" + environment.active_account.contract_name, 256
-                )
-            )
-        else:
-            state.stack.append(BitVecVal(len(environment.calldata), 256))
+        state.stack.append(environment.calldata.calldatasize)
        return [global_state]

    @StateTransition()
@ -536,7 +461,7 @@ class Instruction:
            size = simplify(op2)
            size_sym = True

-        if dstart_sym or size_sym:
+        if size_sym:
            state.mem_extend(mstart, 1)
            state.memory[mstart] = global_state.new_bitvec(
                "calldata_"
@ -574,11 +499,17 @@ class Instruction:
                return [global_state]

            try:
-                i_data = environment.calldata[dstart]
+                i_data = dstart
+
+                new_memory = []
+                for i in range(size):
+                    new_memory.append(environment.calldata[i_data])
+                    i_data = (
+                        i_data + 1 if isinstance(i_data, int) else simplify(i_data + 1)
+                    )

-                for i in range(mstart, mstart + size):
-                    state.memory[i] = environment.calldata[i_data]
-                    i_data += 1
+                for i in range(0, len(new_memory), 32):
+                    state.memory[i + mstart] = simplify(Concat(new_memory[i : i + 32]))
            except IndexError:
                logging.debug("Exception copying calldata to memory")

@ -636,7 +567,6 @@ class Instruction:
        global keccak_function_manager

        state = global_state.mstate
-        environment = global_state.environment
        op0, op1 = state.stack.pop(), state.stack.pop()

        try:
@ -886,12 +816,9 @@ class Instruction:

        try:
            # Attempt to concretize value
-
            _bytes = util.concrete_int_to_bytes(value)
-
            state.memory[mstart : mstart + len(_bytes)] = _bytes
-
-        except (AttributeError, TypeError):
+        except:
            try:
                state.memory[mstart] = value
            except TypeError:
@ -1161,7 +1088,7 @@ class Instruction:
        state = global_state.mstate
        dpth = int(self.op_code[3:])
        state.stack.pop(), state.stack.pop()
-        [state.stack.pop() for x in range(dpth)]
+        [state.stack.pop() for _ in range(dpth)]
        # Not supported
        return [global_state]

--- a/mythril/laser/ethereum/keccak.py
+++ b/mythril/laser/ethereum/keccak.py
@ -1,6 +1,7 @@
 from z3 import ExprRef, BitVecRef


+
 class KeccakFunctionManager:
    def __init__(self):
        self.keccak_expression_mapping = {}
--- a/mythril/laser/ethereum/natives.py
+++ b/mythril/laser/ethereum/natives.py
@ -87,4 +87,4 @@ def native_contracts(address: int, data: List):
    takes integer address 1, 2, 3, 4
    """
    functions = (ecrecover, sha256, ripemd160, identity)
-    return functions[address - 1](data)
+    return functions[address - 1](data.starting_calldata)
--- a/mythril/laser/ethereum/state.py
+++ b/mythril/laser/ethereum/state.py
@ -1,10 +1,29 @@
-from z3 import BitVec, BitVecVal, BitVecRef, BitVecNumRef, Solver, ExprRef, sat
+from z3 import (
+    BitVec,
+    BitVecVal,
+    BitVecRef,
+    BitVecNumRef,
+    BitVecSort,
+    Solver,
+    ExprRef,
+    Concat,
+    sat,
+    simplify,
+    Array,
+    ForAll,
+    Solver,
+    UGT,
+    Implies,
+)
+from z3.z3types import Z3Exception
 from mythril.disassembler.disassembly import Disassembly
 from mythril.laser.ethereum.cfg import Node
 from copy import copy, deepcopy
 from enum import Enum
 from random import randint
 from typing import KeysView, Dict, List, Union, Any
+from mythril.laser.ethereum.util import get_concrete_int
+
 from mythril.laser.ethereum.evm_exceptions import (
    StackOverflowException,
    StackUnderflowException,
@ -16,6 +35,88 @@ class CalldataType(Enum):
    SYMBOLIC = 2


+class Calldata:
+    """
+    Calldata class representing the calldata of a transaction
+    """
+
+    def __init__(self, tx_id, starting_calldata=None):
+        """
+        Constructor for Calldata
+        :param tx_id: unique value representing the transaction the calldata is for
+        :param starting_calldata: byte array representing the concrete calldata of a transaction
+        """
+        self.tx_id = tx_id
+        if starting_calldata:
+            self._calldata = []
+            self.calldatasize = BitVecVal(len(starting_calldata), 256)
+            self.concrete = True
+        else:
+            self._calldata = Array(
+                "{}_calldata".format(self.tx_id), BitVecSort(256), BitVecSort(8)
+            )
+            self.calldatasize = BitVec("{}_calldatasize".format(self.tx_id), 256)
+            self.concrete = False
+
+        self.starting_calldata = starting_calldata or []
+
+    @property
+    def constraints(self):
+        constraints = []
+
+        if self.concrete:
+            for calldata_byte in self.starting_calldata:
+                if type(calldata_byte) == int:
+                    self._calldata.append(BitVecVal(calldata_byte, 8))
+                else:
+                    self._calldata.append(calldata_byte)
+            constraints.append(self.calldatasize == len(self.starting_calldata))
+        else:
+            x = BitVec("x", 256)
+            constraints.append(
+                ForAll(x, Implies(self[x] != 0, UGT(self.calldatasize, x)))
+            )
+
+        return constraints
+
+    def concretized(self, model):
+        result = []
+        for i in range(
+            get_concrete_int(model.eval(self.calldatasize, model_completion=True))
+        ):
+            result.append(get_concrete_int(model.eval(self[i], model_completion=True)))
+
+        return result
+
+    def get_word_at(self, index: int):
+        return self[index : index + 32]
+
+    def __getitem__(self, item):
+        if isinstance(item, slice):
+            try:
+                current_index = (
+                    item.start
+                    if isinstance(item.start, BitVecRef)
+                    else BitVecVal(item.start, 256)
+                )
+                dataparts = []
+                while simplify(current_index != item.stop):
+                    dataparts.append(self[current_index])
+                    current_index = simplify(current_index + 1)
+            except Z3Exception:
+                raise IndexError("Invalid Calldata Slice")
+
+            return simplify(Concat(dataparts))
+
+        if self.concrete:
+            try:
+                return self._calldata[get_concrete_int(item)]
+            except IndexError:
+                return BitVecVal(0, 8)
+        else:
+            return self._calldata[item]
+
+
 class Storage:
    """
    Storage class represents the storage of an Account
@ -339,7 +440,6 @@ class GlobalState:

    def new_bitvec(self, name: str, size=256) -> BitVec:
        transaction_id = self.current_transaction.id
-        node_id = self.node.uid
        return BitVec("{}_{}".format(transaction_id, name), size)


--- a/mythril/laser/ethereum/strategy/init.py
+++ b/mythril/laser/ethereum/strategy/init.py
@ -0,0 +1,25 @@
+from abc import ABC, abstractmethod
+
+
+class BasicSearchStrategy(ABC):
+    __slots__ = "work_list", "max_depth"
+
+    def __init__(self, work_list, max_depth):
+        self.work_list = work_list
+        self.max_depth = max_depth
+
+    def __iter__(self):
+        return self
+
+    @abstractmethod
+    def get_strategic_global_state(self):
+        raise NotImplementedError("Must be implemented by a subclass")
+
+    def __next__(self):
+        try:
+            global_state = self.get_strategic_global_state()
+            if global_state.mstate.depth >= self.max_depth:
+                return self.__next__()
+            return global_state
+        except IndexError:
+            raise StopIteration
--- a/mythril/laser/ethereum/strategy/basic.py
+++ b/mythril/laser/ethereum/strategy/basic.py
@ -3,55 +3,75 @@ This module implements basic symbolic execution search strategies
 """
 from ..state import GlobalState
 from typing import List
+from random import randrange
+from . import BasicSearchStrategy

+try:
+    from random import choices
+except ImportError:

-class DepthFirstSearchStrategy:
+    # This is for supporting python versions < 3.6
+    from itertools import accumulate
+    from random import random
+    from bisect import bisect
+
+    def choices(population, weights=None):
+        """
+        Returns a random element out of the population based on weight.
+        If the relative weights or cumulative weights are not specified,
+        the selections are made with equal probability.
+        """
+        if weights is None:
+            return [population[int(random() * len(population))]]
+        cum_weights = accumulate(weights)
+        return [
+            population[
+                bisect(cum_weights, random() * cum_weights[-1], 0, len(population) - 1)
+            ]
+        ]
+
+
+class DepthFirstSearchStrategy(BasicSearchStrategy):
    """
    Implements a depth first search strategy
    I.E. Follow one path to a leaf, and then continue to the next one
    """

-    def __init__(self, work_list: List[GlobalState], max_depth: float):
-        self.work_list = work_list
-        self.max_depth = max_depth
-
-    def __iter__(self):
-        return self
+    def get_strategic_global_state(self) -> GlobalState:
+        return self.work_list.pop()

-    def __next__(self) -> GlobalState:
-        """ Picks the next state to execute """
-        try:
-            # This strategies assumes that new states are appended at the end of the work_list
-            # By taking the last element we effectively pick the "newest" states, which amounts to dfs
-            global_state = self.work_list.pop()
-            if global_state.mstate.depth >= self.max_depth:
-                return self.__next__()
-            return global_state
-        except IndexError:
-            raise StopIteration()

-
-class BreadthFirstSearchStrategy:
+class BreadthFirstSearchStrategy(BasicSearchStrategy):
    """
    Implements a breadth first search strategy
    I.E. Execute all states of a "level" before continuing
    """

-    def __init__(self, work_list: List[GlobalState], max_depth: float):
-        self.work_list = work_list
-        self.max_depth = max_depth
-
-    def __iter__(self) -> "BreadthFirstSearchStrategy":
-        return self
-
-    def __next__(self) -> GlobalState:
-        """ Picks the next state to execute """
-        try:
-            # This strategies assumes that new states are appended at the end of the work_list
-            # By taking the first element we effectively pick the "oldest" states, which amounts to bfs
-            global_state = self.work_list.pop(0)
-            if global_state.mstate.depth >= self.max_depth:
-                return self.__next__()
-            return global_state
-        except IndexError:
-            raise StopIteration()
+    def get_strategic_global_state(self) -> GlobalState:
+        return self.work_list.pop(0)
+
+
+class ReturnRandomNaivelyStrategy(BasicSearchStrategy):
+    """
+    chooses a random state from the worklist with equal likelihood
+    """
+
+    def get_strategic_global_state(self) -> GlobalState:
+        if len(self.work_list) > 0:
+            return self.work_list.pop(randrange(len(self.work_list)))
+        else:
+            raise IndexError
+
+
+class ReturnWeightedRandomStrategy(BasicSearchStrategy):
+    """
+    chooses a random state from the worklist with likelihood based on inverse proportion to depth
+    """
+
+    def get_strategic_global_state(self) -> GlobalState:
+        probability_distribution = [
+            1 / (global_state.mstate.depth + 1) for global_state in self.work_list
+        ]
+        return self.work_list.pop(
+            choices(range(len(self.work_list)), probability_distribution)[0]
+        )
--- a/mythril/laser/ethereum/svm.py
+++ b/mythril/laser/ethereum/svm.py
@ -1,5 +1,6 @@
 import logging
 from typing import List, Tuple, Union, Callable
+from mythril.disassembler.disassembly import Disassembly
 from mythril.laser.ethereum.state import WorldState, GlobalState
 from mythril.laser.ethereum.transaction import (
    TransactionStartSignal,
@ -105,7 +106,7 @@ class LaserEVM:
            if len(self.open_states) == 0:
                logging.warning(
                    "No contract was created during the execution of contract creation "
-                    "Increase the resources for creation execution (--max-depth or --create_timeout)"
+                    "Increase the resources for creation execution (--max-depth or --create-timeout)"
                )

            # Reset code coverage
@ -353,10 +354,11 @@ class LaserEVM:

        environment = state.environment
        disassembly = environment.code
-        if address in state.environment.code.addr_to_func:
+        if address in disassembly.address_to_function_name:
            # Enter a new function
-
-            environment.active_function_name = disassembly.addr_to_func[address]
+            environment.active_function_name = disassembly.address_to_function_name[
+                address
+            ]
            new_node.flags |= NodeFlags.FUNC_ENTRY

            logging.debug(
--- a/mythril/laser/ethereum/taint_analysis.py
+++ b/mythril/laser/ethereum/taint_analysis.py
@ -8,6 +8,7 @@ from mythril.laser.ethereum.state import GlobalState, Environment
 from mythril.analysis.symbolic import SymExecWrapper


+
 class TaintRecord:
    """
    TaintRecord contains tainting information for a specific (state, node)
--- a/mythril/laser/ethereum/transaction/concolic.py
+++ b/mythril/laser/ethereum/transaction/concolic.py
@ -10,6 +10,7 @@ from mythril.laser.ethereum.state import (
    CalldataType,
    Account,
    WorldState,
+    Calldata,
 )
 from mythril.disassembler.disassembly import Disassembly
 from mythril.laser.ethereum.cfg import Node, Edge, JumpType
@ -32,12 +33,13 @@ def execute_message_call(
    del laser_evm.open_states[:]

    for open_world_state in open_states:
+        next_transaction_id = get_next_transaction_id()
        transaction = MessageCallTransaction(
-            identifier=get_next_transaction_id(),
+            identifier=next_transaction_id,
            world_state=open_world_state,
            callee_account=open_world_state[callee_address],
            caller=caller_address,
-            call_data=data,
+            call_data=Calldata(next_transaction_id, data),
            gas_price=gas_price,
            call_value=value,
            origin=origin_address,
--- a/mythril/laser/ethereum/transaction/symbolic.py
+++ b/mythril/laser/ethereum/transaction/symbolic.py
@ -3,7 +3,7 @@ from logging import debug

 from mythril.disassembler.disassembly import Disassembly
 from mythril.laser.ethereum.cfg import Node, Edge, JumpType
-from mythril.laser.ethereum.state import CalldataType, Account
+from mythril.laser.ethereum.state import CalldataType, Account, Calldata
 from mythril.laser.ethereum.transaction.transaction_models import (
    MessageCallTransaction,
    ContractCreationTransaction,
@ -28,7 +28,7 @@ def execute_message_call(laser_evm, callee_address: str) -> None:
            callee_account=open_world_state[callee_address],
            caller=BitVec("caller{}".format(next_transaction_id), 256),
            identifier=next_transaction_id,
-            call_data=[],
+            call_data=Calldata(next_transaction_id),
            gas_price=BitVec("gas_price{}".format(next_transaction_id), 256),
            call_value=BitVec("call_value{}".format(next_transaction_id), 256),
            origin=BitVec("origin{}".format(next_transaction_id), 256),
--- a/mythril/laser/ethereum/transaction/transaction_models.py
+++ b/mythril/laser/ethereum/transaction/transaction_models.py
@ -1,7 +1,7 @@
 import logging
 from typing import Union
 from mythril.disassembler.disassembly import Disassembly
-from mythril.laser.ethereum.state import GlobalState, Environment, WorldState, Account
+from mythril.laser.ethereum.state import GlobalState, Environment, WorldState, Account, Calldata
 from z3 import BitVec, BitVecNumRef
 import array

@ -42,7 +42,7 @@ class MessageCallTransaction:
        world_state: WorldState,
        callee_account: Account,
        caller: BitVecNumRef,
-        call_data=(),
+        call_data=None,
        identifier=None,
        gas_price=None,
        call_value=None,
@ -55,7 +55,11 @@ class MessageCallTransaction:
        self.world_state = world_state
        self.callee_account = callee_account
        self.caller = caller
-        self.call_data = call_data
+        self.call_data = (
+            Calldata(self.id, call_data)
+            if not isinstance(call_data, Calldata)
+            else call_data
+        )
        self.gas_price = (
            BitVec("gasprice{}".format(identifier), 256)
            if gas_price is None
@ -92,6 +96,9 @@ class MessageCallTransaction:

        global_state = GlobalState(self.world_state, environment, None)
        global_state.environment.active_function_name = "fallback"
+        global_state.mstate.constraints.extend(
+            global_state.environment.calldata.constraints
+        )

        return global_state

@ -110,7 +117,7 @@ class ContractCreationTransaction:
        identifier=None,
        callee_account=None,
        code=None,
-        call_data=(),
+        call_data=None,
        gas_price=None,
        call_value=None,
        origin=None,
@ -147,7 +154,11 @@ class ContractCreationTransaction:
            else call_data_type
        )

-        self.call_data = call_data
+        self.call_data = (
+            Calldata(self.id, call_data)
+            if not isinstance(call_data, Calldata)
+            else call_data
+        )
        self.origin = origin
        self.code = code
        self.return_data = None
--- a/mythril/laser/ethereum/util.py
+++ b/mythril/laser/ethereum/util.py
@ -2,7 +2,6 @@ import re
 from z3 import *
 import logging
 from typing import Union, List, Dict
-from mythril.laser.ethereum.state import MachineState

 import sha3 as _sha3

@ -38,14 +37,14 @@ def get_instruction_index(
    return None


-def get_trace_line(instr: Dict, state: MachineState) -> str:
+def get_trace_line(instr: Dict, state: "MachineState") -> str:
    stack = str(state.stack[::-1])
    # stack = re.sub("(\d+)",   lambda m: hex(int(m.group(1))), stack)
    stack = re.sub("\n", "", stack)
    return str(instr["address"]) + " " + instr["opcode"] + "\tSTACK: " + stack


-def pop_bitvec(state: MachineState) -> BitVecVal:
+def pop_bitvec(state: "MachineState") -> BitVecVal:
    # pop one element from stack, converting boolean expressions and
    # concrete Python variables to BitVecVal

@ -85,18 +84,20 @@ def get_concrete_int(item: Union[int, BitVecNumRef, BoolRef]) -> int:


 def concrete_int_from_bytes(_bytes: bytes, start_index: int) -> int:
+    # logging.debug("-- concrete_int_from_bytes: " + str(_bytes[start_index:start_index+32]))
    b = _bytes[start_index : start_index + 32]
    val = int.from_bytes(b, byteorder="big")
    return val


-def concrete_int_to_bytes(val: int) -> bytes:
-    if isinstance(val, int):
+def concrete_int_to_bytes(val):
+    # logging.debug("concrete_int_to_bytes " + str(val))
+    if type(val) == int:
        return val.to_bytes(32, byteorder="big")
    return (simplify(val).as_long()).to_bytes(32, byteorder="big")


-def bytearray_to_int(arr: bytearray) -> int:
+def bytearray_to_int(arr):
    o = 0
    for a in arr:
        o = (o << 8) + a
--- a/mythril/mythril.py
+++ b/mythril/mythril.py
@ -77,18 +77,23 @@ class Mythril(object):

    """

-    def __init__(self, solv=None, solc_args=None, dynld=False):
+    def __init__(
+        self, solv=None, solc_args=None, dynld=False, enable_online_lookup=False
+    ):

        self.solv = solv
        self.solc_args = solc_args
        self.dynld = dynld
+        self.enable_online_lookup = enable_online_lookup

        self.mythril_dir = self._init_mythril_dir()

-        self.sigs = signatures.SignatureDb()
+        self.sigs = signatures.SignatureDb(
+            enable_online_lookup=self.enable_online_lookup
+        )
        try:
            self.sigs.open()  # tries mythril_dir/signatures.json by default (provide path= arg to make this configurable)
-        except FileNotFoundError as fnfe:
+        except FileNotFoundError:
            logging.info(
                "No signature database found. Creating database if sigs are loaded in: "
                + self.sigs.signatures_file
@ -291,8 +296,7 @@ class Mythril(object):
            self.set_api_rpc(dynamic_loading)

    def search_db(self, search):
-        def search_callback(contract, address, balance):
-
+        def search_callback(_, address, balance):
            print("Address: " + address + ", balance: " + str(balance))

        try:
@ -309,7 +313,11 @@ class Mythril(object):

    def load_from_bytecode(self, code):
        address = util.get_indexed_address(0)
-        self.contracts.append(ETHContract(code, name="MAIN"))
+        self.contracts.append(
+            ETHContract(
+                code, name="MAIN", enable_online_lookup=self.enable_online_lookup
+            )
+        )
        return address, self.contracts[-1]  # return address and contract object

    def load_from_address(self, address):
@ -320,7 +328,7 @@ class Mythril(object):
            code = self.eth.eth_getCode(address)
        except FileNotFoundError as e:
            raise CriticalError("IPC error: " + str(e))
-        except ConnectionError as e:
+        except ConnectionError:
            raise CriticalError(
                "Could not connect to RPC server. Make sure that your node is running and that RPC parameters are set correctly."
            )
@ -332,7 +340,13 @@ class Mythril(object):
                    "Received an empty response from eth_getCode. Check the contract address and verify that you are on the correct chain."
                )
            else:
-                self.contracts.append(ETHContract(code, name=address))
+                self.contracts.append(
+                    ETHContract(
+                        code,
+                        name=address,
+                        enable_online_lookup=self.enable_online_lookup,
+                    )
+                )
        return address, self.contracts[-1]  # return address and contract object

    def load_from_solidity(self, solidity_files):
@ -541,7 +555,7 @@ class Mythril(object):
                        )
        except FileNotFoundError as e:
            raise CriticalError("IPC error: " + str(e))
-        except ConnectionError as e:
+        except ConnectionError:
            raise CriticalError(
                "Could not connect to RPC server. Make sure that your node is running and that RPC parameters are set correctly."
            )
--- a/mythril/support/signatures.py
+++ b/mythril/support/signatures.py
@ -11,7 +11,6 @@ from subprocess import Popen, PIPE
 from mythril.exceptions import CompilerError


-# todo: tintinweb - make this a normal requirement? (deps: eth-abi and requests, both already required by mythril)
 try:
    # load if available but do not fail
    import ethereum_input_decoder
@ -54,7 +53,7 @@ except ImportError:


 class SignatureDb(object):
-    def __init__(self, enable_online_lookup=True):
+    def __init__(self, enable_online_lookup=False):
        """
        Constr
        :param enable_online_lookup: enable onlien signature hash lookup
@ -191,9 +190,12 @@ class SignatureDb(object):
                    "online function signature lookup not available. will not try to lookup hash for the next 2 minutes. exception: %r"
                    % fbdole
                )
+
+        if sighash not in self.signatures:
+            return []
        if type(self.signatures[sighash]) != list:
            return [self.signatures[sighash]]
-        return self.signatures[sighash]  # raise keyerror
+        return self.signatures[sighash]

    def __getitem__(self, item):
        """
--- a/requirements.txt
+++ b/requirements.txt
@ -4,6 +4,7 @@ coverage
 eth_abi>=1.0.0
 eth-account>=0.1.0a2
 ethereum>=2.3.2
+ethereum-input-decoder>=0.2.2
 eth-hash>=0.1.0
 eth-keyfile>=0.5.1
 eth-keys>=0.2.0b3
--- a/setup.py
+++ b/setup.py
@ -96,6 +96,7 @@ setup(
        "mock",
        "configparser>=3.5.0",
        "persistent>=4.2.0",
+        "ethereum-input-decoder>=0.2.2",
    ],
    tests_require=["pytest>=3.6.0", "pytest_mock", "pytest-cov"],
    python_requires=">=3.5",
--- a/static/mythril.png
+++ b/static/mythril.png
--- a/static/mythril_new.png
+++ b/static/mythril_new.png
--- a/tests/analysis/test_delegatecall.py
+++ b/tests/analysis/test_delegatecall.py
@ -199,7 +199,7 @@ def test_delegate_call(sym_mock, concrete_mock, curr_instruction):
    statespace.calls = [call]

    # act
-    issues = execute(statespace)
+    execute(statespace)

    # assert
    assert concrete_mock.call_count == 1
--- a/tests/cmd_line_test.py
+++ b/tests/cmd_line_test.py
@ -29,10 +29,7 @@ class TruffleTestCase(BaseTestCase):
        command = "cd {}; truffle compile; python3 {} --truffle".format(
            truffle_project_root, MYTH
        )
-        self.assertIn(
-            "In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.",
-            output_of(command),
-        )
+        self.assertIn("=== Ether send ====", output_of(command))


 class InfuraTestCase(BaseTestCase):
--- a/tests/disassembler/init.py
+++ b/tests/disassembler/init.py
--- a/tests/disassembler/disassembly.py
+++ b/tests/disassembler/disassembly.py
@ -0,0 +1,61 @@
+from mythril.disassembler.disassembly import *
+
+instruction_list = [
+    {"opcode": "PUSH4", "argument": "0x10203040"},
+    {"opcode": "EQ"},
+    {"opcode": "PUSH4", "argument": "0x40302010"},
+    {"opcode": "JUMPI"},
+]
+
+
+def test_get_function_info(mocker):
+    # Arrange
+    global instruction_list
+
+    signature_database_mock = SignatureDb()
+    mocker.patch.object(signature_database_mock, "get")
+    signature_database_mock.get.return_value = ["function_name"]
+
+    # Act
+    function_hash, entry_point, function_name = get_function_info(
+        0, instruction_list, signature_database_mock
+    )
+
+    # Assert
+    assert function_hash == "0x10203040"
+    assert entry_point == 0x40302010
+    assert function_name == "function_name"
+
+
+def test_get_function_info_multiple_names(mocker):
+    # Arrange
+    global instruction_list
+
+    signature_database_mock = SignatureDb()
+    mocker.patch.object(signature_database_mock, "get")
+    signature_database_mock.get.return_value = ["function_name", "another_name"]
+
+    # Act
+    function_hash, entry_point, function_name = get_function_info(
+        0, instruction_list, signature_database_mock
+    )
+
+    # Assert
+    assert function_name == "**ambiguous** function_name"
+
+
+def test_get_function_info_no_names(mocker):
+    # Arrange
+    global instruction_list
+
+    signature_database_mock = SignatureDb()
+    mocker.patch.object(signature_database_mock, "get")
+    signature_database_mock.get.return_value = []
+
+    # Act
+    function_hash, entry_point, function_name = get_function_info(
+        0, instruction_list, signature_database_mock
+    )
+
+    # Assert
+    assert function_name == "_function_0x10203040"
--- a/tests/laser/evm_testsuite/evm_test.py
+++ b/tests/laser/evm_testsuite/evm_test.py
@ -3,8 +3,8 @@ from mythril.laser.ethereum.svm import LaserEVM
 from mythril.laser.ethereum.state import Account
 from mythril.disassembler.disassembly import Disassembly
 from mythril.laser.ethereum.transaction.concolic import execute_message_call
+from mythril.analysis.solver import get_model
 from datetime import datetime
-from mythril.laser.ethereum.util import get_concrete_int
 import binascii
 import json
 from pathlib import Path
@ -83,6 +83,7 @@ def test_vmtest(
        return

    world_state = laser_evm.open_states[0]
+    model = get_model(next(iter(laser_evm.nodes.values())).states[0].mstate.constraints)

    for address, details in post_condition.items():
        account = world_state[address]
@ -92,5 +93,9 @@ def test_vmtest(

        for index, value in details["storage"].items():
            expected = int(value, 16)
-            actual = get_concrete_int(account.storage[int(index, 16)])
+            if type(account.storage[int(index, 16)]) != int:
+                actual = model.eval(account.storage[int(index, 16)])
+                actual = 1 if actual == True else 0 if actual == False else actual
+            else:
+                actual = account.storage[int(index, 16)]
            assert actual == expected
--- a/tests/laser/state/calldata_test.py
+++ b/tests/laser/state/calldata_test.py
@ -0,0 +1,102 @@
+import pytest
+from mythril.laser.ethereum.state import Calldata
+from z3 import Solver, simplify
+from z3.z3types import Z3Exception
+
+
+uninitialized_test_data = [
+    ([]),  # Empty concrete calldata
+    ([1, 4, 5, 3, 4, 72, 230, 53]),  # Concrete calldata
+]
+
+
+@pytest.mark.parametrize("starting_calldata", uninitialized_test_data)
+def test_concrete_calldata_uninitialized_index(starting_calldata):
+    # Arrange
+    calldata = Calldata(0, starting_calldata)
+    solver = Solver()
+
+    # Act
+    value = calldata[100]
+    value2 = calldata.get_word_at(200)
+
+    solver.add(calldata.constraints)
+    solver.check()
+    model = solver.model()
+
+    value = model.eval(value)
+    value2 = model.eval(value2)
+
+    # Assert
+    assert value == 0
+    assert value2 == 0
+
+
+def test_concrete_calldata_calldatasize():
+    # Arrange
+    calldata = Calldata(0, [1, 4, 7, 3, 7, 2, 9])
+    solver = Solver()
+
+    # Act
+    solver.add(calldata.constraints)
+    solver.check()
+    model = solver.model()
+
+    result = model.eval(calldata.calldatasize)
+
+    # Assert
+    assert result == 7
+
+
+def test_symbolic_calldata_constrain_index():
+    # Arrange
+    calldata = Calldata(0)
+    solver = Solver()
+
+    # Act
+    constraint = calldata[100] == 50
+
+    value = calldata[100]
+
+    solver.add(calldata.constraints + [constraint])
+    solver.check()
+    model = solver.model()
+
+    value = model.eval(value)
+    calldatasize = model.eval(calldata.calldatasize)
+
+    # Assert
+    assert value == 50
+    assert simplify(calldatasize >= 100)
+
+
+def test_concrete_calldata_constrain_index():
+    # Arrange
+    calldata = Calldata(0, [1, 4, 7, 3, 7, 2, 9])
+    solver = Solver()
+
+    # Act
+    constraint = calldata[2] == 3
+
+    solver.add(calldata.constraints + [constraint])
+    result = solver.check()
+
+    # Assert
+    assert str(result) == "unsat"
+
+
+def test_concrete_calldata_constrain_index():
+    # Arrange
+    calldata = Calldata(0)
+    solver = Solver()
+
+    # Act
+    constraints = []
+    constraints.append(calldata[51] == 1)
+    constraints.append(calldata.calldatasize == 50)
+
+    solver.add(calldata.constraints + constraints)
+    result = solver.check()
+
+    # Assert
+    assert str(result) == "unsat"
--- a/tests/laser/state/mstack_test.py
+++ b/tests/laser/state/mstack_test.py
@ -44,7 +44,7 @@ class MachineStackTest(BaseTestCase):
        mstack = MachineStack([0, 1])

        with pytest.raises(NotImplementedError):
-            mstack = mstack + [2]
+            mstack + [2]

    @staticmethod
    def test_mstack_no_support_iadd():
--- a/tests/laser/transaction/symbolic_test.py
+++ b/tests/laser/transaction/symbolic_test.py
@ -59,7 +59,7 @@ def test_execute_contract_creation(mocked_setup: MagicMock):
    mocked_setup.side_effect = _is_contract_creation

    # Act
-    new_account = execute_contract_creation(laser_evm, "606000")
+    execute_contract_creation(laser_evm, "606000")

    # Assert
    # mocked_setup.assert_called()
--- a/tests/report_test.py
+++ b/tests/report_test.py
@ -23,7 +23,7 @@ def _fix_debug_data(json_str):


 def _generate_report(input_file):
-    contract = ETHContract(input_file.read_text())
+    contract = ETHContract(input_file.read_text(), enable_online_lookup=False)
    sym = SymExecWrapper(
        contract,
        address=(util.get_indexed_address(0)),
@ -43,7 +43,9 @@ def _generate_report(input_file):
 def reports():
    """ Fixture that analyses all reports"""
    pool = Pool(cpu_count())
-    input_files = sorted([f for f in TESTDATA_INPUTS.iterdir()])
+    input_files = sorted(
+        [f for f in TESTDATA_INPUTS.iterdir() if f.name != "environments.sol.o"]
+    )
    results = pool.map(_generate_report, input_files)

    return results
--- a/tests/svm_test.py
+++ b/tests/svm_test.py
@ -69,7 +69,7 @@ class SVMTestCase(BaseTestCase):

    def test_laser_result(self):
        for input_file in TESTDATA_INPUTS_CONTRACTS.iterdir():
-            if input_file.name == "weak_random.sol":
+            if input_file.name in ["weak_random.sol", "environments.sol"]:
                continue
            output_expected = TESTDATA_OUTPUTS_EXPECTED_LASER_RESULT / (
                input_file.name + ".json"
--- a/tests/testdata/outputs_expected/calls.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/calls.sol.o.graph.html
--- a/tests/testdata/outputs_expected/calls.sol.o.json
+++ b/tests/testdata/outputs_expected/calls.sol.o.json
@ -1 +1 @@
-{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "swc_id": "114", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}
+{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "swc_id": "114", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}
--- a/tests/testdata/outputs_expected/calls.sol.o.markdown
+++ b/tests/testdata/outputs_expected/calls.sol.o.markdown
@ -42,7 +42,7 @@ This contract executes a message call to an address found at storage slot 1. Thi

 ### Description

-A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location
+Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location

 ## Unchecked CALL return value
 - SWC ID: 104
--- a/tests/testdata/outputs_expected/calls.sol.o.text
+++ b/tests/testdata/outputs_expected/calls.sol.o.text
@ -31,7 +31,7 @@ Type: Warning
 Contract: Unknown
 Function name: _function_0xd24b08cc
 PC address: 779
-A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location
+Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location
 --------------------

 ==== Unchecked CALL return value ====
--- a/tests/testdata/outputs_expected/environments.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/environments.sol.o.graph.html
--- a/tests/testdata/outputs_expected/ether_send.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/ether_send.sol.o.graph.html
--- a/tests/testdata/outputs_expected/ether_send.sol.o.json
+++ b/tests/testdata/outputs_expected/ether_send.sol.o.json
@ -1 +1 @@
-{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.\n\nThere is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.", "function": "withdrawfunds()", "swc_id": "105", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer overflow exists in the function `invest()`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "invest()", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true}
+{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.", "function": "withdrawfunds()", "swc_id": "105", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The arithmetic operation can result in integer overflow.\n", "function": "invest()", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true}
--- a/tests/testdata/outputs_expected/ether_send.sol.o.markdown
+++ b/tests/testdata/outputs_expected/ether_send.sol.o.markdown
@ -9,9 +9,7 @@

 ### Description

-In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.
-
-There is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.
+It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.

 ## Integer Overflow
 - SWC ID: 101
@ -22,5 +20,4 @@ There is a check on storage index 1. This storage slot can be written to by call

 ### Description

-A possible integer overflow exists in the function `invest()`.
-The addition or multiplication may result in a value higher than the maximum representable integer.
+The arithmetic operation can result in integer overflow.
--- a/tests/testdata/outputs_expected/ether_send.sol.o.text
+++ b/tests/testdata/outputs_expected/ether_send.sol.o.text
@ -4,9 +4,7 @@ Type: Warning
 Contract: Unknown
 Function name: withdrawfunds()
 PC address: 722
-In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.
-
-There is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.
+It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.
 --------------------

 ==== Integer Overflow ====
@ -15,7 +13,7 @@ Type: Warning
 Contract: Unknown
 Function name: invest()
 PC address: 883
-A possible integer overflow exists in the function `invest()`.
-The addition or multiplication may result in a value higher than the maximum representable integer.
+The arithmetic operation can result in integer overflow.
+
 --------------------

--- a/tests/testdata/outputs_expected/exceptions.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/exceptions.sol.o.graph.html
--- a/tests/testdata/outputs_expected/exceptions.sol.o.json
+++ b/tests/testdata/outputs_expected/exceptions.sol.o.json
@ -1 +1 @@
-{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "swc_id": "110", "title": "Exception state", "type": "Informational"}], "success": true}
+{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "swc_id": "110", "title": "Exception state", "type": "Informational"}], "success": true}
--- a/tests/testdata/outputs_expected/exceptions.sol.o.markdown
+++ b/tests/testdata/outputs_expected/exceptions.sol.o.markdown
@ -9,7 +9,7 @@

 ### Description

-A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.

 ## Exception state
 - SWC ID: 110
@ -20,7 +20,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ

 ### Description

-A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.

 ## Exception state
 - SWC ID: 110
@ -31,7 +31,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ

 ### Description

-A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.

 ## Exception state
 - SWC ID: 110
@ -42,4 +42,4 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ

 ### Description

-A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--- a/tests/testdata/outputs_expected/exceptions.sol.o.text
+++ b/tests/testdata/outputs_expected/exceptions.sol.o.text
@ -4,7 +4,7 @@ Type: Informational
 Contract: Unknown
 Function name: _function_0x546455b5
 PC address: 446
-A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
 --------------------

 ==== Exception state ====
@ -13,7 +13,7 @@ Type: Informational
 Contract: Unknown
 Function name: _function_0x92dd38ea
 PC address: 484
-A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
 --------------------

 ==== Exception state ====
@ -22,7 +22,7 @@ Type: Informational
 Contract: Unknown
 Function name: _function_0xa08299f1
 PC address: 506
-A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
 --------------------

 ==== Exception state ====
@ -31,6 +31,6 @@ Type: Informational
 Contract: Unknown
 Function name: _function_0xb34c3610
 PC address: 531
-A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
 --------------------

--- a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.graph.html
--- a/tests/testdata/outputs_expected/metacoin.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/metacoin.sol.o.graph.html
--- a/tests/testdata/outputs_expected/multi_contracts.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/multi_contracts.sol.o.graph.html
--- a/tests/testdata/outputs_expected/multi_contracts.sol.o.json
+++ b/tests/testdata/outputs_expected/multi_contracts.sol.o.json
@ -1 +1 @@
-{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "In the function `_function_0x8a4068dd` a non-zero amount of Ether is sent to msg.sender.\nIt seems that this function can be called without restrictions.", "function": "_function_0x8a4068dd", "swc_id": "105", "title": "Ether send", "type": "Warning"}], "success": true}
+{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.", "function": "_function_0x8a4068dd", "swc_id": "105", "title": "Ether send", "type": "Warning"}], "success": true}
--- a/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown
+++ b/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown
@ -9,5 +9,4 @@

 ### Description

-In the function `_function_0x8a4068dd` a non-zero amount of Ether is sent to msg.sender.
-It seems that this function can be called without restrictions.
+It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.
--- a/tests/testdata/outputs_expected/multi_contracts.sol.o.text
+++ b/tests/testdata/outputs_expected/multi_contracts.sol.o.text
@ -4,7 +4,6 @@ Type: Warning
 Contract: Unknown
 Function name: _function_0x8a4068dd
 PC address: 142
-In the function `_function_0x8a4068dd` a non-zero amount of Ether is sent to msg.sender.
-It seems that this function can be called without restrictions.
+It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.
 --------------------

--- a/tests/testdata/outputs_expected/nonascii.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/nonascii.sol.o.graph.html
--- a/tests/testdata/outputs_expected/origin.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/origin.sol.o.graph.html
--- a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.easm
+++ b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.easm
@ -0,0 +1,400 @@
+0 PUSH1 0x60
+2 PUSH1 0x40
+4 MSTORE
+5 PUSH1 0x04
+7 CALLDATASIZE
+8 LT
+9 PUSH2 0x0083
+12 JUMPI
+13 PUSH1 0x00
+15 CALLDATALOAD
+16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
+46 SWAP1
+47 DIV
+48 PUSH4 0xffffffff
+53 AND
+54 DUP1
+55 PUSH4 0x2776b163
+60 EQ
+61 PUSH2 0x0088
+64 JUMPI
+65 DUP1
+66 PUSH4 0x379bf63c
+71 EQ
+72 PUSH2 0x00c1
+75 JUMPI
+76 DUP1
+77 PUSH4 0x5a6814ec
+82 EQ
+83 PUSH2 0x0116
+86 JUMPI
+87 DUP1
+88 PUSH4 0xb5d02c8a
+93 EQ
+94 PUSH2 0x012b
+97 JUMPI
+98 DUP1
+99 PUSH4 0xd24b08cc
+104 EQ
+105 PUSH2 0x0180
+108 JUMPI
+109 DUP1
+110 PUSH4 0xe11f493e
+115 EQ
+116 PUSH2 0x0195
+119 JUMPI
+120 DUP1
+121 PUSH4 0xe1d10f79
+126 EQ
+127 PUSH2 0x01aa
+130 JUMPI
+131 JUMPDEST
+132 PUSH1 0x00
+134 DUP1
+135 REVERT
+136 JUMPDEST
+137 CALLVALUE
+138 ISZERO
+139 PUSH2 0x0093
+142 JUMPI
+143 PUSH1 0x00
+145 DUP1
+146 REVERT
+147 JUMPDEST
+148 PUSH2 0x00bf
+151 PUSH1 0x04
+153 DUP1
+154 DUP1
+155 CALLDATALOAD
+156 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+177 AND
+178 SWAP1
+179 PUSH1 0x20
+181 ADD
+182 SWAP1
+183 SWAP2
+184 SWAP1
+185 POP
+186 POP
+187 PUSH2 0x01e3
+190 JUMP
+191 JUMPDEST
+192 STOP
+193 JUMPDEST
+194 CALLVALUE
+195 ISZERO
+196 PUSH2 0x00cc
+199 JUMPI
+200 PUSH1 0x00
+202 DUP1
+203 REVERT
+204 JUMPDEST
+205 PUSH2 0x00d4
+208 PUSH2 0x0227
+211 JUMP
+212 JUMPDEST
+213 PUSH1 0x40
+215 MLOAD
+216 DUP1
+217 DUP3
+218 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+239 AND
+240 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+261 AND
+262 DUP2
+263 MSTORE
+264 PUSH1 0x20
+266 ADD
+267 SWAP2
+268 POP
+269 POP
+270 PUSH1 0x40
+272 MLOAD
+273 DUP1
+274 SWAP2
+275 SUB
+276 SWAP1
+277 RETURN
+278 JUMPDEST
+279 CALLVALUE
+280 ISZERO
+281 PUSH2 0x0121
+284 JUMPI
+285 PUSH1 0x00
+287 DUP1
+288 REVERT
+289 JUMPDEST
+290 PUSH2 0x0129
+293 PUSH2 0x024c
+296 JUMP
+297 JUMPDEST
+298 STOP
+299 JUMPDEST
+300 CALLVALUE
+301 ISZERO
+302 PUSH2 0x0136
+305 JUMPI
+306 PUSH1 0x00
+308 DUP1
+309 REVERT
+310 JUMPDEST
+311 PUSH2 0x013e
+314 PUSH2 0x029b
+317 JUMP
+318 JUMPDEST
+319 PUSH1 0x40
+321 MLOAD
+322 DUP1
+323 DUP3
+324 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+345 AND
+346 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+367 AND
+368 DUP2
+369 MSTORE
+370 PUSH1 0x20
+372 ADD
+373 SWAP2
+374 POP
+375 POP
+376 PUSH1 0x40
+378 MLOAD
+379 DUP1
+380 SWAP2
+381 SUB
+382 SWAP1
+383 RETURN
+384 JUMPDEST
+385 CALLVALUE
+386 ISZERO
+387 PUSH2 0x018b
+390 JUMPI
+391 PUSH1 0x00
+393 DUP1
+394 REVERT
+395 JUMPDEST
+396 PUSH2 0x0193
+399 PUSH2 0x02c1
+402 JUMP
+403 JUMPDEST
+404 STOP
+405 JUMPDEST
+406 CALLVALUE
+407 ISZERO
+408 PUSH2 0x01a0
+411 JUMPI
+412 PUSH1 0x00
+414 DUP1
+415 REVERT
+416 JUMPDEST
+417 PUSH2 0x01a8
+420 PUSH2 0x0311
+423 JUMP
+424 JUMPDEST
+425 STOP
+426 JUMPDEST
+427 CALLVALUE
+428 ISZERO
+429 PUSH2 0x01b5
+432 JUMPI
+433 PUSH1 0x00
+435 DUP1
+436 REVERT
+437 JUMPDEST
+438 PUSH2 0x01e1
+441 PUSH1 0x04
+443 DUP1
+444 DUP1
+445 CALLDATALOAD
+446 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+467 AND
+468 SWAP1
+469 PUSH1 0x20
+471 ADD
+472 SWAP1
+473 SWAP2
+474 SWAP1
+475 POP
+476 POP
+477 PUSH2 0x0368
+480 JUMP
+481 JUMPDEST
+482 STOP
+483 JUMPDEST
+484 DUP1
+485 PUSH1 0x01
+487 PUSH1 0x00
+489 PUSH2 0x0100
+492 EXP
+493 DUP2
+494 SLOAD
+495 DUP2
+496 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+517 MUL
+518 NOT
+519 AND
+520 SWAP1
+521 DUP4
+522 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+543 AND
+544 MUL
+545 OR
+546 SWAP1
+547 SSTORE
+548 POP
+549 POP
+550 JUMP
+551 JUMPDEST
+552 PUSH1 0x00
+554 DUP1
+555 SWAP1
+556 SLOAD
+557 SWAP1
+558 PUSH2 0x0100
+561 EXP
+562 SWAP1
+563 DIV
+564 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+585 AND
+586 DUP2
+587 JUMP
+588 JUMPDEST
+589 PUSH1 0x00
+591 DUP1
+592 SWAP1
+593 SLOAD
+594 SWAP1
+595 PUSH2 0x0100
+598 EXP
+599 SWAP1
+600 DIV
+601 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+622 AND
+623 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+644 AND
+645 PUSH1 0x40
+647 MLOAD
+648 PUSH1 0x00
+650 PUSH1 0x40
+652 MLOAD
+653 DUP1
+654 DUP4
+655 SUB
+656 DUP2
+657 PUSH1 0x00
+659 DUP7
+660 GAS
+661 CALL
+662 SWAP2
+663 POP
+664 POP
+665 POP
+666 JUMP
+667 JUMPDEST
+668 PUSH1 0x01
+670 PUSH1 0x00
+672 SWAP1
+673 SLOAD
+674 SWAP1
+675 PUSH2 0x0100
+678 EXP
+679 SWAP1
+680 DIV
+681 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+702 AND
+703 DUP2
+704 JUMP
+705 JUMPDEST
+706 PUSH1 0x01
+708 PUSH1 0x00
+710 SWAP1
+711 SLOAD
+712 SWAP1
+713 PUSH2 0x0100
+716 EXP
+717 SWAP1
+718 DIV
+719 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+740 AND
+741 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+762 AND
+763 PUSH1 0x40
+765 MLOAD
+766 PUSH1 0x00
+768 PUSH1 0x40
+770 MLOAD
+771 DUP1
+772 DUP4
+773 SUB
+774 DUP2
+775 PUSH1 0x00
+777 DUP7
+778 GAS
+779 CALL
+780 SWAP2
+781 POP
+782 POP
+783 POP
+784 JUMP
+785 JUMPDEST
+786 PUSH1 0x00
+788 DUP1
+789 SWAP1
+790 SLOAD
+791 SWAP1
+792 PUSH2 0x0100
+795 EXP
+796 SWAP1
+797 DIV
+798 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+819 AND
+820 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+841 AND
+842 PUSH1 0x40
+844 MLOAD
+845 PUSH1 0x00
+847 PUSH1 0x40
+849 MLOAD
+850 DUP1
+851 DUP4
+852 SUB
+853 DUP2
+854 PUSH1 0x00
+856 DUP7
+857 GAS
+858 CALL
+859 SWAP2
+860 POP
+861 POP
+862 POP
+863 PUSH1 0x00
+865 PUSH1 0x02
+867 DUP2
+868 SWAP1
+869 SSTORE
+870 POP
+871 JUMP
+872 JUMPDEST
+873 DUP1
+874 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+895 AND
+896 PUSH1 0x40
+898 MLOAD
+899 PUSH1 0x00
+901 PUSH1 0x40
+903 MLOAD
+904 DUP1
+905 DUP4
+906 SUB
+907 DUP2
+908 PUSH1 0x00
+910 DUP7
+911 GAS
+912 CALL
+913 SWAP2
+914 POP
+915 POP
+916 POP
+917 POP
+918 JUMP
+919 STOP
--- a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.graph.html
--- a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.json
+++ b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.json
@ -0,0 +1 @@
+{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "swc_id": "114", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}
--- a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown
+++ b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown
@ -0,0 +1,111 @@
+# Analysis results for test-filename.sol
+
+## Message call to external contract
+- SWC ID: 107
+- Type: Informational
+- Contract: Unknown
+- Function name: `_function_0x5a6814ec`
+- PC address: 661
+
+### Description
+
+This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
+
+## Unchecked CALL return value
+- SWC ID: 104
+- Type: Informational
+- Contract: Unknown
+- Function name: `_function_0x5a6814ec`
+- PC address: 666
+
+### Description
+
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+
+## Message call to external contract
+- SWC ID: 107
+- Type: Warning
+- Contract: Unknown
+- Function name: `_function_0xd24b08cc`
+- PC address: 779
+
+### Description
+
+This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
+
+## Transaction order dependence
+- SWC ID: 114
+- Type: Warning
+- Contract: Unknown
+- Function name: `_function_0xd24b08cc`
+- PC address: 779
+
+### Description
+
+Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location
+
+## Unchecked CALL return value
+- SWC ID: 104
+- Type: Informational
+- Contract: Unknown
+- Function name: `_function_0xd24b08cc`
+- PC address: 784
+
+### Description
+
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+
+## Message call to external contract
+- SWC ID: 107
+- Type: Informational
+- Contract: Unknown
+- Function name: `_function_0xe11f493e`
+- PC address: 858
+
+### Description
+
+This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
+
+## State change after external call
+- SWC ID: 107
+- Type: Warning
+- Contract: Unknown
+- Function name: `_function_0xe11f493e`
+- PC address: 869
+
+### Description
+
+The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.
+
+## Unchecked CALL return value
+- SWC ID: 104
+- Type: Informational
+- Contract: Unknown
+- Function name: `_function_0xe11f493e`
+- PC address: 871
+
+### Description
+
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+
+## Message call to external contract
+- SWC ID: 107
+- Type: Warning
+- Contract: Unknown
+- Function name: `_function_0xe1d10f79`
+- PC address: 912
+
+### Description
+
+This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
+
+## Unchecked CALL return value
+- SWC ID: 104
+- Type: Informational
+- Contract: Unknown
+- Function name: `_function_0xe1d10f79`
+- PC address: 918
+
+### Description
+
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.
--- a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.text
+++ b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.text
@ -0,0 +1,90 @@
+==== Message call to external contract ====
+SWC ID: 107
+Type: Informational
+Contract: Unknown
+Function name: _function_0x5a6814ec
+PC address: 661
+This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
+--------------------
+
+==== Unchecked CALL return value ====
+SWC ID: 104
+Type: Informational
+Contract: Unknown
+Function name: _function_0x5a6814ec
+PC address: 666
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+--------------------
+
+==== Message call to external contract ====
+SWC ID: 107
+Type: Warning
+Contract: Unknown
+Function name: _function_0xd24b08cc
+PC address: 779
+This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
+--------------------
+
+==== Transaction order dependence ====
+SWC ID: 114
+Type: Warning
+Contract: Unknown
+Function name: _function_0xd24b08cc
+PC address: 779
+Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location
+--------------------
+
+==== Unchecked CALL return value ====
+SWC ID: 104
+Type: Informational
+Contract: Unknown
+Function name: _function_0xd24b08cc
+PC address: 784
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+--------------------
+
+==== Message call to external contract ====
+SWC ID: 107
+Type: Informational
+Contract: Unknown
+Function name: _function_0xe11f493e
+PC address: 858
+This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
+--------------------
+
+==== State change after external call ====
+SWC ID: 107
+Type: Warning
+Contract: Unknown
+Function name: _function_0xe11f493e
+PC address: 869
+The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.
+--------------------
+
+==== Unchecked CALL return value ====
+SWC ID: 104
+Type: Informational
+Contract: Unknown
+Function name: _function_0xe11f493e
+PC address: 871
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+--------------------
+
+==== Message call to external contract ====
+SWC ID: 107
+Type: Warning
+Contract: Unknown
+Function name: _function_0xe1d10f79
+PC address: 912
+This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
+--------------------
+
+==== Unchecked CALL return value ====
+SWC ID: 104
+Type: Informational
+Contract: Unknown
+Function name: _function_0xe1d10f79
+PC address: 918
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+--------------------
+
--- a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm
+++ b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm
@ -0,0 +1,259 @@
+0 PUSH1 0x80
+2 PUSH1 0x40
+4 MSTORE
+5 PUSH1 0x04
+7 CALLDATASIZE
+8 LT
+9 PUSH2 0x004c
+12 JUMPI
+13 PUSH1 0x00
+15 CALLDATALOAD
+16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
+46 SWAP1
+47 DIV
+48 PUSH4 0xffffffff
+53 AND
+54 DUP1
+55 PUSH4 0x06661abd
+60 EQ
+61 PUSH2 0x0051
+64 JUMPI
+65 DUP1
+66 PUSH4 0x83f12fec
+71 EQ
+72 PUSH2 0x007c
+75 JUMPI
+76 JUMPDEST
+77 PUSH1 0x00
+79 DUP1
+80 REVERT
+81 JUMPDEST
+82 CALLVALUE
+83 DUP1
+84 ISZERO
+85 PUSH2 0x005d
+88 JUMPI
+89 PUSH1 0x00
+91 DUP1
+92 REVERT
+93 JUMPDEST
+94 POP
+95 PUSH2 0x0066
+98 PUSH2 0x0104
+101 JUMP
+102 JUMPDEST
+103 PUSH1 0x40
+105 MLOAD
+106 DUP1
+107 DUP3
+108 DUP2
+109 MSTORE
+110 PUSH1 0x20
+112 ADD
+113 SWAP2
+114 POP
+115 POP
+116 PUSH1 0x40
+118 MLOAD
+119 DUP1
+120 SWAP2
+121 SUB
+122 SWAP1
+123 RETURN
+124 JUMPDEST
+125 CALLVALUE
+126 DUP1
+127 ISZERO
+128 PUSH2 0x0088
+131 JUMPI
+132 PUSH1 0x00
+134 DUP1
+135 REVERT
+136 JUMPDEST
+137 POP
+138 PUSH2 0x00ea
+141 PUSH1 0x04
+143 DUP1
+144 CALLDATASIZE
+145 SUB
+146 DUP2
+147 ADD
+148 SWAP1
+149 DUP1
+150 DUP1
+151 CALLDATALOAD
+152 SWAP1
+153 PUSH1 0x20
+155 ADD
+156 SWAP1
+157 DUP3
+158 ADD
+159 DUP1
+160 CALLDATALOAD
+161 SWAP1
+162 PUSH1 0x20
+164 ADD
+165 SWAP1
+166 DUP1
+167 DUP1
+168 PUSH1 0x20
+170 MUL
+171 PUSH1 0x20
+173 ADD
+174 PUSH1 0x40
+176 MLOAD
+177 SWAP1
+178 DUP2
+179 ADD
+180 PUSH1 0x40
+182 MSTORE
+183 DUP1
+184 SWAP4
+185 SWAP3
+186 SWAP2
+187 SWAP1
+188 DUP2
+189 DUP2
+190 MSTORE
+191 PUSH1 0x20
+193 ADD
+194 DUP4
+195 DUP4
+196 PUSH1 0x20
+198 MUL
+199 DUP1
+200 DUP3
+201 DUP5
+202 CALLDATACOPY
+203 DUP3
+204 ADD
+205 SWAP2
+206 POP
+207 POP
+208 POP
+209 POP
+210 POP
+211 POP
+212 SWAP2
+213 SWAP3
+214 SWAP2
+215 SWAP3
+216 SWAP1
+217 DUP1
+218 CALLDATALOAD
+219 SWAP1
+220 PUSH1 0x20
+222 ADD
+223 SWAP1
+224 SWAP3
+225 SWAP2
+226 SWAP1
+227 POP
+228 POP
+229 POP
+230 PUSH2 0x010a
+233 JUMP
+234 JUMPDEST
+235 PUSH1 0x40
+237 MLOAD
+238 DUP1
+239 DUP3
+240 ISZERO
+241 ISZERO
+242 ISZERO
+243 ISZERO
+244 DUP2
+245 MSTORE
+246 PUSH1 0x20
+248 ADD
+249 SWAP2
+250 POP
+251 POP
+252 PUSH1 0x40
+254 MLOAD
+255 DUP1
+256 SWAP2
+257 SUB
+258 SWAP1
+259 RETURN
+260 JUMPDEST
+261 PUSH1 0x00
+263 SLOAD
+264 DUP2
+265 JUMP
+266 JUMPDEST
+267 PUSH1 0x00
+269 DUP1
+270 PUSH1 0x00
+272 DUP5
+273 MLOAD
+274 SWAP2
+275 POP
+276 DUP4
+277 DUP3
+278 MUL
+279 SWAP1
+280 POP
+281 PUSH1 0x00
+283 DUP3
+284 GT
+285 DUP1
+286 ISZERO
+287 PUSH2 0x0129
+290 JUMPI
+291 POP
+292 PUSH1 0x14
+294 DUP3
+295 GT
+296 ISZERO
+297 JUMPDEST
+298 ISZERO
+299 ISZERO
+300 PUSH2 0x0134
+303 JUMPI
+304 PUSH1 0x00
+306 DUP1
+307 REVERT
+308 JUMPDEST
+309 DUP1
+310 PUSH1 0x01
+312 PUSH1 0x00
+314 CALLER
+315 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+336 AND
+337 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+358 AND
+359 DUP2
+360 MSTORE
+361 PUSH1 0x20
+363 ADD
+364 SWAP1
+365 DUP2
+366 MSTORE
+367 PUSH1 0x20
+369 ADD
+370 PUSH1 0x00
+372 SHA3
+373 PUSH1 0x00
+375 DUP3
+376 DUP3
+377 SLOAD
+378 SUB
+379 SWAP3
+380 POP
+381 POP
+382 DUP2
+383 SWAP1
+384 SSTORE
+385 POP
+386 PUSH1 0x01
+388 SWAP3
+389 POP
+390 POP
+391 POP
+392 SWAP3
+393 SWAP2
+394 POP
+395 POP
+396 JUMP
+397 STOP
--- a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html
--- a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm
+++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm
@ -0,0 +1,420 @@
+0 PUSH1 0x80
+2 PUSH1 0x40
+4 MSTORE
+5 PUSH1 0x04
+7 CALLDATASIZE
+8 LT
+9 PUSH2 0x0078
+12 JUMPI
+13 PUSH1 0x00
+15 CALLDATALOAD
+16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
+46 SWAP1
+47 DIV
+48 PUSH4 0xffffffff
+53 AND
+54 DUP1
+55 PUSH4 0x12065fe0
+60 EQ
+61 PUSH2 0x007d
+64 JUMPI
+65 DUP1
+66 PUSH4 0x27e235e3
+71 EQ
+72 PUSH2 0x00a8
+75 JUMPI
+76 DUP1
+77 PUSH4 0x56885cd8
+82 EQ
+83 PUSH2 0x00ff
+86 JUMPI
+87 DUP1
+88 PUSH4 0x6c343ffe
+93 EQ
+94 PUSH2 0x0116
+97 JUMPI
+98 DUP1
+99 PUSH4 0x8da5cb5b
+104 EQ
+105 PUSH2 0x012d
+108 JUMPI
+109 DUP1
+110 PUSH4 0xe8b5e51f
+115 EQ
+116 PUSH2 0x0184
+119 JUMPI
+120 JUMPDEST
+121 PUSH1 0x00
+123 DUP1
+124 REVERT
+125 JUMPDEST
+126 CALLVALUE
+127 DUP1
+128 ISZERO
+129 PUSH2 0x0089
+132 JUMPI
+133 PUSH1 0x00
+135 DUP1
+136 REVERT
+137 JUMPDEST
+138 POP
+139 PUSH2 0x0092
+142 PUSH2 0x018e
+145 JUMP
+146 JUMPDEST
+147 PUSH1 0x40
+149 MLOAD
+150 DUP1
+151 DUP3
+152 DUP2
+153 MSTORE
+154 PUSH1 0x20
+156 ADD
+157 SWAP2
+158 POP
+159 POP
+160 PUSH1 0x40
+162 MLOAD
+163 DUP1
+164 SWAP2
+165 SUB
+166 SWAP1
+167 RETURN
+168 JUMPDEST
+169 CALLVALUE
+170 DUP1
+171 ISZERO
+172 PUSH2 0x00b4
+175 JUMPI
+176 PUSH1 0x00
+178 DUP1
+179 REVERT
+180 JUMPDEST
+181 POP
+182 PUSH2 0x00e9
+185 PUSH1 0x04
+187 DUP1
+188 CALLDATASIZE
+189 SUB
+190 DUP2
+191 ADD
+192 SWAP1
+193 DUP1
+194 DUP1
+195 CALLDATALOAD
+196 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+217 AND
+218 SWAP1
+219 PUSH1 0x20
+221 ADD
+222 SWAP1
+223 SWAP3
+224 SWAP2
+225 SWAP1
+226 POP
+227 POP
+228 POP
+229 PUSH2 0x01d4
+232 JUMP
+233 JUMPDEST
+234 PUSH1 0x40
+236 MLOAD
+237 DUP1
+238 DUP3
+239 DUP2
+240 MSTORE
+241 PUSH1 0x20
+243 ADD
+244 SWAP2
+245 POP
+246 POP
+247 PUSH1 0x40
+249 MLOAD
+250 DUP1
+251 SWAP2
+252 SUB
+253 SWAP1
+254 RETURN
+255 JUMPDEST
+256 CALLVALUE
+257 DUP1
+258 ISZERO
+259 PUSH2 0x010b
+262 JUMPI
+263 PUSH1 0x00
+265 DUP1
+266 REVERT
+267 JUMPDEST
+268 POP
+269 PUSH2 0x0114
+272 PUSH2 0x01ec
+275 JUMP
+276 JUMPDEST
+277 STOP
+278 JUMPDEST
+279 CALLVALUE
+280 DUP1
+281 ISZERO
+282 PUSH2 0x0122
+285 JUMPI
+286 PUSH1 0x00
+288 DUP1
+289 REVERT
+290 JUMPDEST
+291 POP
+292 PUSH2 0x012b
+295 PUSH2 0x022f
+298 JUMP
+299 JUMPDEST
+300 STOP
+301 JUMPDEST
+302 CALLVALUE
+303 DUP1
+304 ISZERO
+305 PUSH2 0x0139
+308 JUMPI
+309 PUSH1 0x00
+311 DUP1
+312 REVERT
+313 JUMPDEST
+314 POP
+315 PUSH2 0x0142
+318 PUSH2 0x02eb
+321 JUMP
+322 JUMPDEST
+323 PUSH1 0x40
+325 MLOAD
+326 DUP1
+327 DUP3
+328 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+349 AND
+350 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+371 AND
+372 DUP2
+373 MSTORE
+374 PUSH1 0x20
+376 ADD
+377 SWAP2
+378 POP
+379 POP
+380 PUSH1 0x40
+382 MLOAD
+383 DUP1
+384 SWAP2
+385 SUB
+386 SWAP1
+387 RETURN
+388 JUMPDEST
+389 PUSH2 0x018c
+392 PUSH2 0x0311
+395 JUMP
+396 JUMPDEST
+397 STOP
+398 JUMPDEST
+399 PUSH1 0x00
+401 DUP1
+402 PUSH1 0x00
+404 CALLER
+405 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+426 AND
+427 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+448 AND
+449 DUP2
+450 MSTORE
+451 PUSH1 0x20
+453 ADD
+454 SWAP1
+455 DUP2
+456 MSTORE
+457 PUSH1 0x20
+459 ADD
+460 PUSH1 0x00
+462 SHA3
+463 SLOAD
+464 SWAP1
+465 POP
+466 SWAP1
+467 JUMP
+468 JUMPDEST
+469 PUSH1 0x00
+471 PUSH1 0x20
+473 MSTORE
+474 DUP1
+475 PUSH1 0x00
+477 MSTORE
+478 PUSH1 0x40
+480 PUSH1 0x00
+482 SHA3
+483 PUSH1 0x00
+485 SWAP2
+486 POP
+487 SWAP1
+488 POP
+489 SLOAD
+490 DUP2
+491 JUMP
+492 JUMPDEST
+493 CALLER
+494 PUSH1 0x01
+496 PUSH1 0x00
+498 PUSH2 0x0100
+501 EXP
+502 DUP2
+503 SLOAD
+504 DUP2
+505 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+526 MUL
+527 NOT
+528 AND
+529 SWAP1
+530 DUP4
+531 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+552 AND
+553 MUL
+554 OR
+555 SWAP1
+556 SSTORE
+557 POP
+558 JUMP
+559 JUMPDEST
+560 PUSH1 0x01
+562 PUSH1 0x00
+564 SWAP1
+565 SLOAD
+566 SWAP1
+567 PUSH2 0x0100
+570 EXP
+571 SWAP1
+572 DIV
+573 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+594 AND
+595 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+616 AND
+617 CALLER
+618 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+639 AND
+640 EQ
+641 ISZERO
+642 ISZERO
+643 PUSH2 0x028b
+646 JUMPI
+647 PUSH1 0x00
+649 DUP1
+650 REVERT
+651 JUMPDEST
+652 CALLER
+653 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+674 AND
+675 PUSH2 0x08fc
+678 ADDRESS
+679 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+700 AND
+701 BALANCE
+702 SWAP1
+703 DUP2
+704 ISZERO
+705 MUL
+706 SWAP1
+707 PUSH1 0x40
+709 MLOAD
+710 PUSH1 0x00
+712 PUSH1 0x40
+714 MLOAD
+715 DUP1
+716 DUP4
+717 SUB
+718 DUP2
+719 DUP6
+720 DUP9
+721 DUP9
+722 CALL
+723 SWAP4
+724 POP
+725 POP
+726 POP
+727 POP
+728 ISZERO
+729 DUP1
+730 ISZERO
+731 PUSH2 0x02e8
+734 JUMPI
+735 RETURNDATASIZE
+736 PUSH1 0x00
+738 DUP1
+739 RETURNDATACOPY
+740 RETURNDATASIZE
+741 PUSH1 0x00
+743 REVERT
+744 JUMPDEST
+745 POP
+746 JUMP
+747 JUMPDEST
+748 PUSH1 0x01
+750 PUSH1 0x00
+752 SWAP1
+753 SLOAD
+754 SWAP1
+755 PUSH2 0x0100
+758 EXP
+759 SWAP1
+760 DIV
+761 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+782 AND
+783 DUP2
+784 JUMP
+785 JUMPDEST
+786 PUSH1 0x02
+788 SLOAD
+789 CALLVALUE
+790 GT
+791 DUP1
+792 ISZERO
+793 PUSH2 0x0323
+796 JUMPI
+797 POP
+798 PUSH1 0x03
+800 SLOAD
+801 CALLVALUE
+802 LT
+803 JUMPDEST
+804 ISZERO
+805 ISZERO
+806 PUSH2 0x032e
+809 JUMPI
+810 PUSH1 0x00
+812 DUP1
+813 REVERT
+814 JUMPDEST
+815 CALLVALUE
+816 PUSH1 0x00
+818 DUP1
+819 CALLER
+820 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+841 AND
+842 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+863 AND
+864 DUP2
+865 MSTORE
+866 PUSH1 0x20
+868 ADD
+869 SWAP1
+870 DUP2
+871 MSTORE
+872 PUSH1 0x20
+874 ADD
+875 PUSH1 0x00
+877 SHA3
+878 PUSH1 0x00
+880 DUP3
+881 DUP3
+882 SLOAD
+883 ADD
+884 SWAP3
+885 POP
+886 POP
+887 DUP2
+888 SWAP1
+889 SSTORE
+890 POP
+891 JUMP
+892 STOP
--- a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html
--- a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json
+++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json
@ -0,0 +1 @@
+{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.", "function": "withdrawfunds()", "swc_id": "105", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The arithmetic operation can result in integer overflow.\n", "function": "invest()", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true}
--- a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown
+++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown
@ -0,0 +1,23 @@
+# Analysis results for test-filename.sol
+
+## Ether send
+- SWC ID: 105
+- Type: Warning
+- Contract: Unknown
+- Function name: `withdrawfunds()`
+- PC address: 722
+
+### Description
+
+It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.
+
+## Integer Overflow
+- SWC ID: 101
+- Type: Warning
+- Contract: Unknown
+- Function name: `invest()`
+- PC address: 883
+
+### Description
+
+The arithmetic operation can result in integer overflow.
--- a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text
+++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text
@ -0,0 +1,19 @@
+==== Ether send ====
+SWC ID: 105
+Type: Warning
+Contract: Unknown
+Function name: withdrawfunds()
+PC address: 722
+It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.
+--------------------
+
+==== Integer Overflow ====
+SWC ID: 101
+Type: Warning
+Contract: Unknown
+Function name: invest()
+PC address: 883
+The arithmetic operation can result in integer overflow.
+
+--------------------
+
--- a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm
+++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm
@ -0,0 +1,392 @@
+0 PUSH1 0x60
+2 PUSH1 0x40
+4 MSTORE
+5 PUSH1 0x04
+7 CALLDATASIZE
+8 LT
+9 PUSH2 0x008e
+12 JUMPI
+13 PUSH1 0x00
+15 CALLDATALOAD
+16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
+46 SWAP1
+47 DIV
+48 PUSH4 0xffffffff
+53 AND
+54 DUP1
+55 PUSH4 0x01d4277c
+60 EQ
+61 PUSH2 0x0093
+64 JUMPI
+65 DUP1
+66 PUSH4 0x546455b5
+71 EQ
+72 PUSH2 0x00b6
+75 JUMPI
+76 DUP1
+77 PUSH4 0x78375f14
+82 EQ
+83 PUSH2 0x00d9
+86 JUMPI
+87 DUP1
+88 PUSH4 0x92dd38ea
+93 EQ
+94 PUSH2 0x00fc
+97 JUMPI
+98 DUP1
+99 PUSH4 0xa08299f1
+104 EQ
+105 PUSH2 0x011f
+108 JUMPI
+109 DUP1
+110 PUSH4 0xb34c3610
+115 EQ
+116 PUSH2 0x0142
+119 JUMPI
+120 DUP1
+121 PUSH4 0xb630d706
+126 EQ
+127 PUSH2 0x0157
+130 JUMPI
+131 DUP1
+132 PUSH4 0xf44f13d8
+137 EQ
+138 PUSH2 0x017a
+141 JUMPI
+142 JUMPDEST
+143 PUSH1 0x00
+145 DUP1
+146 REVERT
+147 JUMPDEST
+148 CALLVALUE
+149 ISZERO
+150 PUSH2 0x009e
+153 JUMPI
+154 PUSH1 0x00
+156 DUP1
+157 REVERT
+158 JUMPDEST
+159 PUSH2 0x00b4
+162 PUSH1 0x04
+164 DUP1
+165 DUP1
+166 CALLDATALOAD
+167 SWAP1
+168 PUSH1 0x20
+170 ADD
+171 SWAP1
+172 SWAP2
+173 SWAP1
+174 POP
+175 POP
+176 PUSH2 0x018f
+179 JUMP
+180 JUMPDEST
+181 STOP
+182 JUMPDEST
+183 CALLVALUE
+184 ISZERO
+185 PUSH2 0x00c1
+188 JUMPI
+189 PUSH1 0x00
+191 DUP1
+192 REVERT
+193 JUMPDEST
+194 PUSH2 0x00d7
+197 PUSH1 0x04
+199 DUP1
+200 DUP1
+201 CALLDATALOAD
+202 SWAP1
+203 PUSH1 0x20
+205 ADD
+206 SWAP1
+207 SWAP2
+208 SWAP1
+209 POP
+210 POP
+211 PUSH2 0x01b2
+214 JUMP
+215 JUMPDEST
+216 STOP
+217 JUMPDEST
+218 CALLVALUE
+219 ISZERO
+220 PUSH2 0x00e4
+223 JUMPI
+224 PUSH1 0x00
+226 DUP1
+227 REVERT
+228 JUMPDEST
+229 PUSH2 0x00fa
+232 PUSH1 0x04
+234 DUP1
+235 DUP1
+236 CALLDATALOAD
+237 SWAP1
+238 PUSH1 0x20
+240 ADD
+241 SWAP1
+242 SWAP2
+243 SWAP1
+244 POP
+245 POP
+246 PUSH2 0x01c2
+249 JUMP
+250 JUMPDEST
+251 STOP
+252 JUMPDEST
+253 CALLVALUE
+254 ISZERO
+255 PUSH2 0x0107
+258 JUMPI
+259 PUSH1 0x00
+261 DUP1
+262 REVERT
+263 JUMPDEST
+264 PUSH2 0x011d
+267 PUSH1 0x04
+269 DUP1
+270 DUP1
+271 CALLDATALOAD
+272 SWAP1
+273 PUSH1 0x20
+275 ADD
+276 SWAP1
+277 SWAP2
+278 SWAP1
+279 POP
+280 POP
+281 PUSH2 0x01d5
+284 JUMP
+285 JUMPDEST
+286 STOP
+287 JUMPDEST
+288 CALLVALUE
+289 ISZERO
+290 PUSH2 0x012a
+293 JUMPI
+294 PUSH1 0x00
+296 DUP1
+297 REVERT
+298 JUMPDEST
+299 PUSH2 0x0140
+302 PUSH1 0x04
+304 DUP1
+305 DUP1
+306 CALLDATALOAD
+307 SWAP1
+308 PUSH1 0x20
+310 ADD
+311 SWAP1
+312 SWAP2
+313 SWAP1
+314 POP
+315 POP
+316 PUSH2 0x01ed
+319 JUMP
+320 JUMPDEST
+321 STOP
+322 JUMPDEST
+323 CALLVALUE
+324 ISZERO
+325 PUSH2 0x014d
+328 JUMPI
+329 PUSH1 0x00
+331 DUP1
+332 REVERT
+333 JUMPDEST
+334 PUSH2 0x0155
+337 PUSH2 0x0202
+340 JUMP
+341 JUMPDEST
+342 STOP
+343 JUMPDEST
+344 CALLVALUE
+345 ISZERO
+346 PUSH2 0x0162
+349 JUMPI
+350 PUSH1 0x00
+352 DUP1
+353 REVERT
+354 JUMPDEST
+355 PUSH2 0x0178
+358 PUSH1 0x04
+360 DUP1
+361 DUP1
+362 CALLDATALOAD
+363 SWAP1
+364 PUSH1 0x20
+366 ADD
+367 SWAP1
+368 SWAP2
+369 SWAP1
+370 POP
+371 POP
+372 PUSH2 0x0217
+375 JUMP
+376 JUMPDEST
+377 STOP
+378 JUMPDEST
+379 CALLVALUE
+380 ISZERO
+381 PUSH2 0x0185
+384 JUMPI
+385 PUSH1 0x00
+387 DUP1
+388 REVERT
+389 JUMPDEST
+390 PUSH2 0x018d
+393 PUSH2 0x0235
+396 JUMP
+397 JUMPDEST
+398 STOP
+399 JUMPDEST
+400 PUSH1 0x00
+402 PUSH1 0x08
+404 DUP3
+405 LT
+406 ISZERO
+407 PUSH2 0x01ae
+410 JUMPI
+411 PUSH1 0x00
+413 DUP3
+414 PUSH1 0x08
+416 DUP2
+417 LT
+418 ISZERO
+419 ISZERO
+420 PUSH2 0x01a9
+423 JUMPI
+424 ASSERT_FAIL
+425 JUMPDEST
+426 ADD
+427 SLOAD
+428 SWAP1
+429 POP
+430 JUMPDEST
+431 POP
+432 POP
+433 JUMP
+434 JUMPDEST
+435 PUSH1 0x17
+437 DUP2
+438 EQ
+439 ISZERO
+440 ISZERO
+441 ISZERO
+442 PUSH2 0x01bf
+445 JUMPI
+446 ASSERT_FAIL
+447 JUMPDEST
+448 POP
+449 JUMP
+450 JUMPDEST
+451 PUSH1 0x17
+453 DUP2
+454 EQ
+455 ISZERO
+456 ISZERO
+457 ISZERO
+458 PUSH2 0x01d2
+461 JUMPI
+462 PUSH1 0x00
+464 DUP1
+465 REVERT
+466 JUMPDEST
+467 POP
+468 JUMP
+469 JUMPDEST
+470 PUSH1 0x00
+472 DUP1
+473 DUP3
+474 PUSH1 0x08
+476 DUP2
+477 LT
+478 ISZERO
+479 ISZERO
+480 PUSH2 0x01e5
+483 JUMPI
+484 ASSERT_FAIL
+485 JUMPDEST
+486 ADD
+487 SLOAD
+488 SWAP1
+489 POP
+490 POP
+491 POP
+492 JUMP
+493 JUMPDEST
+494 PUSH1 0x00
+496 DUP2
+497 PUSH1 0x01
+499 DUP2
+500 ISZERO
+501 ISZERO
+502 PUSH2 0x01fb
+505 JUMPI
+506 ASSERT_FAIL
+507 JUMPDEST
+508 DIV
+509 SWAP1
+510 POP
+511 POP
+512 POP
+513 JUMP
+514 JUMPDEST
+515 PUSH1 0x00
+517 PUSH1 0x01
+519 SWAP1
+520 POP
+521 PUSH1 0x00
+523 DUP2
+524 EQ
+525 ISZERO
+526 ISZERO
+527 PUSH2 0x0214
+530 JUMPI
+531 ASSERT_FAIL
+532 JUMPDEST
+533 POP
+534 JUMP
+535 JUMPDEST
+536 PUSH1 0x00
+538 DUP1
+539 DUP3
+540 GT
+541 ISZERO
+542 PUSH2 0x0231
+545 JUMPI
+546 DUP2
+547 PUSH1 0x01
+549 DUP2
+550 ISZERO
+551 ISZERO
+552 PUSH2 0x022d
+555 JUMPI
+556 ASSERT_FAIL
+557 JUMPDEST
+558 DIV
+559 SWAP1
+560 POP
+561 JUMPDEST
+562 POP
+563 POP
+564 JUMP
+565 JUMPDEST
+566 PUSH1 0x00
+568 PUSH1 0x01
+570 SWAP1
+571 POP
+572 PUSH1 0x00
+574 DUP2
+575 GT
+576 ISZERO
+577 ISZERO
+578 PUSH2 0x0247
+581 JUMPI
+582 ASSERT_FAIL
+583 JUMPDEST
+584 POP
+585 JUMP
+586 STOP
--- a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html
--- a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json
+++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json
@ -0,0 +1 @@
+{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "swc_id": "110", "title": "Exception state", "type": "Informational"}], "success": true}
--- a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown
+++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown
@ -0,0 +1,45 @@
+# Analysis results for test-filename.sol
+
+## Exception state
+- SWC ID: 110
+- Type: Informational
+- Contract: Unknown
+- Function name: `_function_0x546455b5`
+- PC address: 446
+
+### Description
+
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
+
+## Exception state
+- SWC ID: 110
+- Type: Informational
+- Contract: Unknown
+- Function name: `_function_0x92dd38ea`
+- PC address: 484
+
+### Description
+
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
+
+## Exception state
+- SWC ID: 110
+- Type: Informational
+- Contract: Unknown
+- Function name: `_function_0xa08299f1`
+- PC address: 506
+
+### Description
+
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
+
+## Exception state
+- SWC ID: 110
+- Type: Informational
+- Contract: Unknown
+- Function name: `_function_0xb34c3610`
+- PC address: 531
+
+### Description
+
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--- a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text
+++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text
@ -0,0 +1,36 @@
+==== Exception state ====
+SWC ID: 110
+Type: Informational
+Contract: Unknown
+Function name: _function_0x546455b5
+PC address: 446
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
+--------------------
+
+==== Exception state ====
+SWC ID: 110
+Type: Informational
+Contract: Unknown
+Function name: _function_0x92dd38ea
+PC address: 484
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
+--------------------
+
+==== Exception state ====
+SWC ID: 110
+Type: Informational
+Contract: Unknown
+Function name: _function_0xa08299f1
+PC address: 506
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
+--------------------
+
+==== Exception state ====
+SWC ID: 110
+Type: Informational
+Contract: Unknown
+Function name: _function_0xb34c3610
+PC address: 531
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
+--------------------
+
--- a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm
+++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm
@ -0,0 +1,435 @@
+0 PUSH1 0x60
+2 PUSH1 0x40
+4 MSTORE
+5 PUSH1 0x04
+7 CALLDATASIZE
+8 LT
+9 PUSH2 0x006d
+12 JUMPI
+13 PUSH1 0x00
+15 CALLDATALOAD
+16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
+46 SWAP1
+47 DIV
+48 PUSH4 0xffffffff
+53 AND
+54 DUP1
+55 PUSH4 0x141f32ff
+60 EQ
+61 PUSH2 0x0072
+64 JUMPI
+65 DUP1
+66 PUSH4 0x2e52d606
+71 EQ
+72 PUSH2 0x00b4
+75 JUMPI
+76 DUP1
+77 PUSH4 0x67e404ce
+82 EQ
+83 PUSH2 0x00dd
+86 JUMPI
+87 DUP1
+88 PUSH4 0x9b58bc26
+93 EQ
+94 PUSH2 0x0132
+97 JUMPI
+98 DUP1
+99 PUSH4 0xeea4c864
+104 EQ
+105 PUSH2 0x0174
+108 JUMPI
+109 JUMPDEST
+110 PUSH1 0x00
+112 DUP1
+113 REVERT
+114 JUMPDEST
+115 CALLVALUE
+116 ISZERO
+117 PUSH2 0x007d
+120 JUMPI
+121 PUSH1 0x00
+123 DUP1
+124 REVERT
+125 JUMPDEST
+126 PUSH2 0x00b2
+129 PUSH1 0x04
+131 DUP1
+132 DUP1
+133 CALLDATALOAD
+134 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+155 AND
+156 SWAP1
+157 PUSH1 0x20
+159 ADD
+160 SWAP1
+161 SWAP2
+162 SWAP1
+163 DUP1
+164 CALLDATALOAD
+165 SWAP1
+166 PUSH1 0x20
+168 ADD
+169 SWAP1
+170 SWAP2
+171 SWAP1
+172 POP
+173 POP
+174 PUSH2 0x01b6
+177 JUMP
+178 JUMPDEST
+179 STOP
+180 JUMPDEST
+181 CALLVALUE
+182 ISZERO
+183 PUSH2 0x00bf
+186 JUMPI
+187 PUSH1 0x00
+189 DUP1
+190 REVERT
+191 JUMPDEST
+192 PUSH2 0x00c7
+195 PUSH2 0x0273
+198 JUMP
+199 JUMPDEST
+200 PUSH1 0x40
+202 MLOAD
+203 DUP1
+204 DUP3
+205 DUP2
+206 MSTORE
+207 PUSH1 0x20
+209 ADD
+210 SWAP2
+211 POP
+212 POP
+213 PUSH1 0x40
+215 MLOAD
+216 DUP1
+217 SWAP2
+218 SUB
+219 SWAP1
+220 RETURN
+221 JUMPDEST
+222 CALLVALUE
+223 ISZERO
+224 PUSH2 0x00e8
+227 JUMPI
+228 PUSH1 0x00
+230 DUP1
+231 REVERT
+232 JUMPDEST
+233 PUSH2 0x00f0
+236 PUSH2 0x0279
+239 JUMP
+240 JUMPDEST
+241 PUSH1 0x40
+243 MLOAD
+244 DUP1
+245 DUP3
+246 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+267 AND
+268 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+289 AND
+290 DUP2
+291 MSTORE
+292 PUSH1 0x20
+294 ADD
+295 SWAP2
+296 POP
+297 POP
+298 PUSH1 0x40
+300 MLOAD
+301 DUP1
+302 SWAP2
+303 SUB
+304 SWAP1
+305 RETURN
+306 JUMPDEST
+307 CALLVALUE
+308 ISZERO
+309 PUSH2 0x013d
+312 JUMPI
+313 PUSH1 0x00
+315 DUP1
+316 REVERT
+317 JUMPDEST
+318 PUSH2 0x0172
+321 PUSH1 0x04
+323 DUP1
+324 DUP1
+325 CALLDATALOAD
+326 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+347 AND
+348 SWAP1
+349 PUSH1 0x20
+351 ADD
+352 SWAP1
+353 SWAP2
+354 SWAP1
+355 DUP1
+356 CALLDATALOAD
+357 SWAP1
+358 PUSH1 0x20
+360 ADD
+361 SWAP1
+362 SWAP2
+363 SWAP1
+364 POP
+365 POP
+366 PUSH2 0x029f
+369 JUMP
+370 JUMPDEST
+371 STOP
+372 JUMPDEST
+373 CALLVALUE
+374 ISZERO
+375 PUSH2 0x017f
+378 JUMPI
+379 PUSH1 0x00
+381 DUP1
+382 REVERT
+383 JUMPDEST
+384 PUSH2 0x01b4
+387 PUSH1 0x04
+389 DUP1
+390 DUP1
+391 CALLDATALOAD
+392 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+413 AND
+414 SWAP1
+415 PUSH1 0x20
+417 ADD
+418 SWAP1
+419 SWAP2
+420 SWAP1
+421 DUP1
+422 CALLDATALOAD
+423 SWAP1
+424 PUSH1 0x20
+426 ADD
+427 SWAP1
+428 SWAP2
+429 SWAP1
+430 POP
+431 POP
+432 PUSH2 0x035a
+435 JUMP
+436 JUMPDEST
+437 STOP
+438 JUMPDEST
+439 DUP2
+440 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+461 AND
+462 PUSH1 0x40
+464 MLOAD
+465 DUP1
+466 DUP1
+467 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000
+500 DUP2
+501 MSTORE
+502 POP
+503 PUSH1 0x0d
+505 ADD
+506 SWAP1
+507 POP
+508 PUSH1 0x40
+510 MLOAD
+511 DUP1
+512 SWAP2
+513 SUB
+514 SWAP1
+515 SHA3
+516 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
+546 SWAP1
+547 DIV
+548 DUP3
+549 PUSH1 0x40
+551 MLOAD
+552 DUP3
+553 PUSH4 0xffffffff
+558 AND
+559 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
+589 MUL
+590 DUP2
+591 MSTORE
+592 PUSH1 0x04
+594 ADD
+595 DUP1
+596 DUP3
+597 DUP2
+598 MSTORE
+599 PUSH1 0x20
+601 ADD
+602 SWAP2
+603 POP
+604 POP
+605 PUSH1 0x00
+607 PUSH1 0x40
+609 MLOAD
+610 DUP1
+611 DUP4
+612 SUB
+613 DUP2
+614 PUSH1 0x00
+616 DUP8
+617 GAS
+618 CALLCODE
+619 SWAP3
+620 POP
+621 POP
+622 POP
+623 POP
+624 POP
+625 POP
+626 JUMP
+627 JUMPDEST
+628 PUSH1 0x00
+630 SLOAD
+631 DUP2
+632 JUMP
+633 JUMPDEST
+634 PUSH1 0x01
+636 PUSH1 0x00
+638 SWAP1
+639 SLOAD
+640 SWAP1
+641 PUSH2 0x0100
+644 EXP
+645 SWAP1
+646 DIV
+647 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+668 AND
+669 DUP2
+670 JUMP
+671 JUMPDEST
+672 DUP2
+673 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+694 AND
+695 PUSH1 0x40
+697 MLOAD
+698 DUP1
+699 DUP1
+700 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000
+733 DUP2
+734 MSTORE
+735 POP
+736 PUSH1 0x0d
+738 ADD
+739 SWAP1
+740 POP
+741 PUSH1 0x40
+743 MLOAD
+744 DUP1
+745 SWAP2
+746 SUB
+747 SWAP1
+748 SHA3
+749 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
+779 SWAP1
+780 DIV
+781 DUP3
+782 PUSH1 0x40
+784 MLOAD
+785 DUP3
+786 PUSH4 0xffffffff
+791 AND
+792 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
+822 MUL
+823 DUP2
+824 MSTORE
+825 PUSH1 0x04
+827 ADD
+828 DUP1
+829 DUP3
+830 DUP2
+831 MSTORE
+832 PUSH1 0x20
+834 ADD
+835 SWAP2
+836 POP
+837 POP
+838 PUSH1 0x00
+840 PUSH1 0x40
+842 MLOAD
+843 DUP1
+844 DUP4
+845 SUB
+846 DUP2
+847 DUP7
+848 GAS
+849 DELEGATECALL
+850 SWAP3
+851 POP
+852 POP
+853 POP
+854 POP
+855 POP
+856 POP
+857 JUMP
+858 JUMPDEST
+859 DUP2
+860 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+881 AND
+882 PUSH1 0x40
+884 MLOAD
+885 DUP1
+886 DUP1
+887 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000
+920 DUP2
+921 MSTORE
+922 POP
+923 PUSH1 0x0d
+925 ADD
+926 SWAP1
+927 POP
+928 PUSH1 0x40
+930 MLOAD
+931 DUP1
+932 SWAP2
+933 SUB
+934 SWAP1
+935 SHA3
+936 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
+966 SWAP1
+967 DIV
+968 DUP3
+969 PUSH1 0x40
+971 MLOAD
+972 DUP3
+973 PUSH4 0xffffffff
+978 AND
+979 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
+1009 MUL
+1010 DUP2
+1011 MSTORE
+1012 PUSH1 0x04
+1014 ADD
+1015 DUP1
+1016 DUP3
+1017 DUP2
+1018 MSTORE
+1019 PUSH1 0x20
+1021 ADD
+1022 SWAP2
+1023 POP
+1024 POP
+1025 PUSH1 0x00
+1027 PUSH1 0x40
+1029 MLOAD
+1030 DUP1
+1031 DUP4
+1032 SUB
+1033 DUP2
+1034 PUSH1 0x00
+1036 DUP8
+1037 GAS
+1038 CALL
+1039 SWAP3
+1040 POP
+1041 POP
+1042 POP
+1043 POP
+1044 POP
+1045 POP
+1046 JUMP
+1047 STOP
--- a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html
--- a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json
+++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json
@ -0,0 +1 @@
+{"error": null, "issues": [{"address": 626, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x141f32ff", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 857, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x9b58bc26", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 1038, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xeea4c864", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 1046, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xeea4c864", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}
--- a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown
+++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown
@ -0,0 +1,45 @@
+# Analysis results for test-filename.sol
+
+## Unchecked CALL return value
+- SWC ID: 104
+- Type: Informational
+- Contract: Unknown
+- Function name: `_function_0x141f32ff`
+- PC address: 626
+
+### Description
+
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+
+## Unchecked CALL return value
+- SWC ID: 104
+- Type: Informational
+- Contract: Unknown
+- Function name: `_function_0x9b58bc26`
+- PC address: 857
+
+### Description
+
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+
+## Message call to external contract
+- SWC ID: 107
+- Type: Warning
+- Contract: Unknown
+- Function name: `_function_0xeea4c864`
+- PC address: 1038
+
+### Description
+
+This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
+
+## Unchecked CALL return value
+- SWC ID: 104
+- Type: Informational
+- Contract: Unknown
+- Function name: `_function_0xeea4c864`
+- PC address: 1046
+
+### Description
+
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.
--- a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text
+++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text
@ -0,0 +1,36 @@
+==== Unchecked CALL return value ====
+SWC ID: 104
+Type: Informational
+Contract: Unknown
+Function name: _function_0x141f32ff
+PC address: 626
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+--------------------
+
+==== Unchecked CALL return value ====
+SWC ID: 104
+Type: Informational
+Contract: Unknown
+Function name: _function_0x9b58bc26
+PC address: 857
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+--------------------
+
+==== Message call to external contract ====
+SWC ID: 107
+Type: Warning
+Contract: Unknown
+Function name: _function_0xeea4c864
+PC address: 1038
+This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
+--------------------
+
+==== Unchecked CALL return value ====
+SWC ID: 104
+Type: Informational
+Contract: Unknown
+Function name: _function_0xeea4c864
+PC address: 1046
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+--------------------
+
--- a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm
+++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm
@ -0,0 +1,253 @@
+0 PUSH1 0x60
+2 PUSH1 0x40
+4 MSTORE
+5 PUSH1 0x04
+7 CALLDATASIZE
+8 LT
+9 PUSH2 0x004c
+12 JUMPI
+13 PUSH1 0x00
+15 CALLDATALOAD
+16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
+46 SWAP1
+47 DIV
+48 PUSH4 0xffffffff
+53 AND
+54 DUP1
+55 PUSH4 0x27e235e3
+60 EQ
+61 PUSH2 0x0051
+64 JUMPI
+65 DUP1
+66 PUSH4 0x412664ae
+71 EQ
+72 PUSH2 0x009e
+75 JUMPI
+76 JUMPDEST
+77 PUSH1 0x00
+79 DUP1
+80 REVERT
+81 JUMPDEST
+82 CALLVALUE
+83 ISZERO
+84 PUSH2 0x005c
+87 JUMPI
+88 PUSH1 0x00
+90 DUP1
+91 REVERT
+92 JUMPDEST
+93 PUSH2 0x0088
+96 PUSH1 0x04
+98 DUP1
+99 DUP1
+100 CALLDATALOAD
+101 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+122 AND
+123 SWAP1
+124 PUSH1 0x20
+126 ADD
+127 SWAP1
+128 SWAP2
+129 SWAP1
+130 POP
+131 POP
+132 PUSH2 0x00f8
+135 JUMP
+136 JUMPDEST
+137 PUSH1 0x40
+139 MLOAD
+140 DUP1
+141 DUP3
+142 DUP2
+143 MSTORE
+144 PUSH1 0x20
+146 ADD
+147 SWAP2
+148 POP
+149 POP
+150 PUSH1 0x40
+152 MLOAD
+153 DUP1
+154 SWAP2
+155 SUB
+156 SWAP1
+157 RETURN
+158 JUMPDEST
+159 CALLVALUE
+160 ISZERO
+161 PUSH2 0x00a9
+164 JUMPI
+165 PUSH1 0x00
+167 DUP1
+168 REVERT
+169 JUMPDEST
+170 PUSH2 0x00de
+173 PUSH1 0x04
+175 DUP1
+176 DUP1
+177 CALLDATALOAD
+178 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+199 AND
+200 SWAP1
+201 PUSH1 0x20
+203 ADD
+204 SWAP1
+205 SWAP2
+206 SWAP1
+207 DUP1
+208 CALLDATALOAD
+209 SWAP1
+210 PUSH1 0x20
+212 ADD
+213 SWAP1
+214 SWAP2
+215 SWAP1
+216 POP
+217 POP
+218 PUSH2 0x0110
+221 JUMP
+222 JUMPDEST
+223 PUSH1 0x40
+225 MLOAD
+226 DUP1
+227 DUP3
+228 ISZERO
+229 ISZERO
+230 ISZERO
+231 ISZERO
+232 DUP2
+233 MSTORE
+234 PUSH1 0x20
+236 ADD
+237 SWAP2
+238 POP
+239 POP
+240 PUSH1 0x40
+242 MLOAD
+243 DUP1
+244 SWAP2
+245 SUB
+246 SWAP1
+247 RETURN
+248 JUMPDEST
+249 PUSH1 0x00
+251 PUSH1 0x20
+253 MSTORE
+254 DUP1
+255 PUSH1 0x00
+257 MSTORE
+258 PUSH1 0x40
+260 PUSH1 0x00
+262 SHA3
+263 PUSH1 0x00
+265 SWAP2
+266 POP
+267 SWAP1
+268 POP
+269 SLOAD
+270 DUP2
+271 JUMP
+272 JUMPDEST
+273 PUSH1 0x00
+275 DUP2
+276 PUSH1 0x00
+278 DUP1
+279 CALLER
+280 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+301 AND
+302 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+323 AND
+324 DUP2
+325 MSTORE
+326 PUSH1 0x20
+328 ADD
+329 SWAP1
+330 DUP2
+331 MSTORE
+332 PUSH1 0x20
+334 ADD
+335 PUSH1 0x00
+337 SHA3
+338 SLOAD
+339 LT
+340 ISZERO
+341 PUSH2 0x0161
+344 JUMPI
+345 PUSH1 0x00
+347 SWAP1
+348 POP
+349 PUSH2 0x01fe
+352 JUMP
+353 JUMPDEST
+354 DUP2
+355 PUSH1 0x00
+357 DUP1
+358 CALLER
+359 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+380 AND
+381 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+402 AND
+403 DUP2
+404 MSTORE
+405 PUSH1 0x20
+407 ADD
+408 SWAP1
+409 DUP2
+410 MSTORE
+411 PUSH1 0x20
+413 ADD
+414 PUSH1 0x00
+416 SHA3
+417 PUSH1 0x00
+419 DUP3
+420 DUP3
+421 SLOAD
+422 SUB
+423 SWAP3
+424 POP
+425 POP
+426 DUP2
+427 SWAP1
+428 SSTORE
+429 POP
+430 DUP2
+431 PUSH1 0x00
+433 DUP1
+434 DUP6
+435 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+456 AND
+457 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+478 AND
+479 DUP2
+480 MSTORE
+481 PUSH1 0x20
+483 ADD
+484 SWAP1
+485 DUP2
+486 MSTORE
+487 PUSH1 0x20
+489 ADD
+490 PUSH1 0x00
+492 SHA3
+493 PUSH1 0x00
+495 DUP3
+496 DUP3
+497 SLOAD
+498 ADD
+499 SWAP3
+500 POP
+501 POP
+502 DUP2
+503 SWAP1
+504 SSTORE
+505 POP
+506 PUSH1 0x00
+508 SWAP1
+509 POP
+510 JUMPDEST
+511 SWAP3
+512 SWAP2
+513 POP
+514 POP
+515 JUMP
+516 STOP
--- a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html
--- a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json
+++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json
@ -0,0 +1 @@
+{"error": null, "issues": [], "success": true}
--- a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown
+++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown
@ -0,0 +1,3 @@
+# Analysis results for None
+
+The analysis was completed successfully. No issues were detected.
--- a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text
+++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text
@ -0,0 +1 @@
+The analysis was completed successfully. No issues were detected.
--- a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm
+++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm
@ -0,0 +1,77 @@
+0 PUSH1 0x60
+2 PUSH1 0x40
+4 MSTORE
+5 PUSH1 0x04
+7 CALLDATASIZE
+8 LT
+9 PUSH1 0x3f
+11 JUMPI
+12 PUSH1 0x00
+14 CALLDATALOAD
+15 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
+45 SWAP1
+46 DIV
+47 PUSH4 0xffffffff
+52 AND
+53 DUP1
+54 PUSH4 0x8a4068dd
+59 EQ
+60 PUSH1 0x44
+62 JUMPI
+63 JUMPDEST
+64 PUSH1 0x00
+66 DUP1
+67 REVERT
+68 JUMPDEST
+69 CALLVALUE
+70 ISZERO
+71 PUSH1 0x4e
+73 JUMPI
+74 PUSH1 0x00
+76 DUP1
+77 REVERT
+78 JUMPDEST
+79 PUSH1 0x54
+81 PUSH1 0x56
+83 JUMP
+84 JUMPDEST
+85 STOP
+86 JUMPDEST
+87 CALLER
+88 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+109 AND
+110 PUSH2 0x08fc
+113 PUSH8 0x1bc16d674ec80000
+122 SWAP1
+123 DUP2
+124 ISZERO
+125 MUL
+126 SWAP1
+127 PUSH1 0x40
+129 MLOAD
+130 PUSH1 0x00
+132 PUSH1 0x40
+134 MLOAD
+135 DUP1
+136 DUP4
+137 SUB
+138 DUP2
+139 DUP6
+140 DUP9
+141 DUP9
+142 CALL
+143 SWAP4
+144 POP
+145 POP
+146 POP
+147 POP
+148 ISZERO
+149 ISZERO
+150 PUSH1 0x9d
+152 JUMPI
+153 PUSH1 0x00
+155 DUP1
+156 REVERT
+157 JUMPDEST
+158 JUMP
+159 STOP
--- a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html
+++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html
--- a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.json
+++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.json
@ -0,0 +1 @@
+{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.", "function": "_function_0x8a4068dd", "swc_id": "105", "title": "Ether send", "type": "Warning"}], "success": true}
--- a/Show More
+++ b/Show More
				`@ -0,0 +1 @@`
				{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "swc_id": "114", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}
				`@ -0,0 +1 @@`
				{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.", "function": "withdrawfunds()", "swc_id": "105", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The arithmetic operation can result in integer overflow.\n", "function": "invest()", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true}
				`@ -0,0 +1 @@`
				{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "swc_id": "110", "title": "Exception state", "type": "Informational"}], "success": true}
				`@ -0,0 +1 @@`
				`{"error": null, "issues": [], "success": true}`
				`@ -0,0 +1 @@`
				`The analysis was completed successfully. No issues were detected.`
				`@ -0,0 +1 @@`
				`{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.", "function": "_function_0x8a4068dd", "swc_id": "105", "title": "Ether send", "type": "Warning"}], "success": true}`