One possible approach is to detect the "jump table" section of the bytecode, which is (always?) at the beginning, possibly before the first JUMPDEST (is that true?) and after the constructor section (runtime offset is near the beginning too).
At minimum this would be much more efficient at getting the initial jump table without the JUMPDEST verification.
There are some cases where we fail to capture a selector:
JUMPI...JUMPI...JUMP) selector exists, we should probably returns a placeholder for that?PUSH4, EQ, such asISZERO. Example:0x00000000is missing from https://etherscan.io/address/0x000000000000Df8c944e775BDe7Af50300999283#codeOne possible approach is to detect the "jump table" section of the bytecode, which is (always?) at the beginning, possibly before the first
JUMPDEST(is that true?) and after the constructor section (runtime offset is near the beginning too).At minimum this would be much more efficient at getting the initial jump table without the
JUMPDESTverification.