there are two instructions that read calldata, and their concretization logic works as follows:
calldataload: concretizes symbols if they exist in either the substitution or candidates mapping. it may cause the current path to branch.
calldatacopy: concretizes symbols only if they exist in the substitution mapping. no path branching.
this behavior is based on typical calldata decoding logic, where the length of dynamic arguments is first read using calldataload, and their data is then read using either calldataload or calldatacopy. for example, see the test provided in #371.
there are two instructions that read calldata, and their concretization logic works as follows:
this behavior is based on typical calldata decoding logic, where the length of dynamic arguments is first read using calldataload, and their data is then read using either calldataload or calldatacopy. for example, see the test provided in #371.