d-xo
commented
2 months ago This is a known limitation. The core issue is that smt-lib does not provide primitives for copying slices between arrays. At the moment we unroll concretely sized copySlice's into a sequence of byte read/writes.
In order to handle symbolic slices, we would need to implement one of the strategies from this paper: https://link.springer.com/chapter/10.1007/978-3-642-54108-7_6. This is not a small change, but I think relatively achievable (we should have most of the required machinery to implement their rewriting approach).
For more info, see this issue in the Echidna repository: https://github.com/crytic/echidna/issues/1247