From 67203d2272245ea8968c8a3174459ac7f8124065 Mon Sep 17 00:00:00 2001 From: l-kent Date: Wed, 20 Dec 2023 10:09:49 +1000 Subject: [PATCH 1/7] rely/guarantee for external library functions --- .gitignore | 2 + examples/secret_write_librg/secret.c | 4 + .../secret_write_librg/secret_write_librg.adt | 587 ++++++++++++++++++ .../secret_write_librg/secret_write_librg.bir | 267 ++++++++ .../secret_write_librg/secret_write_librg.c | 12 + .../secret_write_librg.relf | 125 ++++ .../secret_write_librg.spec | 18 + src/main/antlr4/Specifications.g4 | 4 +- src/main/scala/boogie/BExpr.scala | 70 +++ .../scala/specification/Specification.scala | 77 ++- src/main/scala/translating/IRToBoogie.scala | 95 ++- .../translating/SpecificationLoader.scala | 13 +- 12 files changed, 1264 insertions(+), 10 deletions(-) create mode 100644 examples/secret_write_librg/secret.c create mode 100644 examples/secret_write_librg/secret_write_librg.adt create mode 100644 examples/secret_write_librg/secret_write_librg.bir create mode 100644 examples/secret_write_librg/secret_write_librg.c create mode 100644 examples/secret_write_librg/secret_write_librg.relf create mode 100644 examples/secret_write_librg/secret_write_librg.spec diff --git a/.gitignore b/.gitignore index d68010264..e05acefd2 100644 --- a/.gitignore +++ b/.gitignore @@ -17,6 +17,8 @@ src/main/antlr4/.antlr *.dot *.il *.txt +*.o +*.so examplesold/ src/test/scala/dump/ src/test/analysis/dump/ \ No newline at end of file diff --git a/examples/secret_write_librg/secret.c b/examples/secret_write_librg/secret.c new file mode 100644 index 000000000..77d40393d --- /dev/null +++ b/examples/secret_write_librg/secret.c @@ -0,0 +1,4 @@ + +void secret(int* x) { + *x = -1; +} \ No newline at end of file diff --git a/examples/secret_write_librg/secret_write_librg.adt b/examples/secret_write_librg/secret_write_librg.adt new file mode 100644 index 000000000..2e27b53d7 --- /dev/null +++ b/examples/secret_write_librg/secret_write_librg.adt @@ -0,0 +1,587 @@ +Project(Attrs([Attr("filename","\"secret_write_librg.out\""), +Attr("image-specification","(declare abi (name str))\n(declare arch (name str))\n(declare base-address (addr int))\n(declare bias (off int))\n(declare bits (size int))\n(declare code-region (addr int) (size int) (off int))\n(declare code-start (addr int))\n(declare entry-point (addr int))\n(declare external-reference (addr int) (name str))\n(declare format (name str))\n(declare is-executable (flag bool))\n(declare is-little-endian (flag bool))\n(declare llvm:base-address (addr int))\n(declare llvm:code-entry (name str) (off int) (size int))\n(declare llvm:coff-import-library (name str))\n(declare llvm:coff-virtual-section-header (name str) (addr int) (size int))\n(declare llvm:elf-program-header (name str) (off int) (size int))\n(declare llvm:elf-program-header-flags (name str) (ld bool) (r bool) \n (w bool) (x bool))\n(declare llvm:elf-virtual-program-header (name str) (addr int) (size int))\n(declare llvm:entry-point (addr int))\n(declare llvm:macho-symbol (name str) (value int))\n(declare llvm:name-reference (at int) (name str))\n(declare llvm:relocation (at int) (addr int))\n(declare llvm:section-entry (name str) (addr int) (size int) (off int))\n(declare llvm:section-flags (name str) (r bool) (w bool) (x bool))\n(declare llvm:segment-command (name str) (off int) (size int))\n(declare llvm:segment-command-flags (name str) (r bool) (w bool) (x bool))\n(declare llvm:symbol-entry (name str) (addr int) (size int) (off int)\n (value int))\n(declare llvm:virtual-segment-command (name str) (addr int) (size int))\n(declare mapped (addr int) (size int) (off int))\n(declare named-region (addr int) (size int) (name str))\n(declare named-symbol (addr int) (name str))\n(declare require (name str))\n(declare section (addr int) (size int))\n(declare segment (addr int) (size int) (r bool) (w bool) (x bool))\n(declare subarch (name str))\n(declare symbol-chunk (addr int) (size int) (root int))\n(declare symbol-value (addr int) (value int))\n(declare system (name str))\n(declare vendor (name str))\n\n(abi unknown)\n(arch aarch64)\n(base-address 0)\n(bias 0)\n(bits 64)\n(code-region 2052 20 2052)\n(code-region 1664 388 1664)\n(code-region 1504 112 1504)\n(code-region 1480 24 1480)\n(code-start 1716)\n(code-start 1664)\n(code-start 1940)\n(entry-point 1664)\n(external-reference 69592 _ITM_deregisterTMCloneTable)\n(external-reference 69600 __cxa_finalize)\n(external-reference 69608 __gmon_start__)\n(external-reference 69624 _ITM_registerTMCloneTable)\n(external-reference 69544 __libc_start_main)\n(external-reference 69552 __cxa_finalize)\n(external-reference 69560 __gmon_start__)\n(external-reference 69568 abort)\n(external-reference 69576 secret)\n(format elf)\n(is-executable true)\n(is-little-endian true)\n(llvm:base-address 0)\n(llvm:code-entry abort 0 0)\n(llvm:code-entry __cxa_finalize 0 0)\n(llvm:code-entry __libc_start_main 0 0)\n(llvm:code-entry _init 1480 0)\n(llvm:code-entry main 1940 112)\n(llvm:code-entry _start 1664 52)\n(llvm:code-entry secret 0 0)\n(llvm:code-entry abort@GLIBC_2.17 0 0)\n(llvm:code-entry _fini 2052 0)\n(llvm:code-entry __cxa_finalize@GLIBC_2.17 0 0)\n(llvm:code-entry __libc_start_main@GLIBC_2.34 0 0)\n(llvm:code-entry frame_dummy 1936 0)\n(llvm:code-entry __do_global_dtors_aux 1856 0)\n(llvm:code-entry register_tm_clones 1792 0)\n(llvm:code-entry deregister_tm_clones 1744 0)\n(llvm:code-entry call_weak_fn 1716 20)\n(llvm:code-entry .fini 2052 20)\n(llvm:code-entry .text 1664 388)\n(llvm:code-entry .plt 1504 112)\n(llvm:code-entry .init 1480 24)\n(llvm:elf-program-header 08 3456 640)\n(llvm:elf-program-header 07 0 0)\n(llvm:elf-program-header 06 2076 60)\n(llvm:elf-program-header 05 596 68)\n(llvm:elf-program-header 04 3472 512)\n(llvm:elf-program-header 03 3456 656)\n(llvm:elf-program-header 02 0 2308)\n(llvm:elf-program-header 01 568 27)\n(llvm:elf-program-header 00 64 504)\n(llvm:elf-program-header-flags 08 false true false false)\n(llvm:elf-program-header-flags 07 false true true false)\n(llvm:elf-program-header-flags 06 false true false false)\n(llvm:elf-program-header-flags 05 false true false false)\n(llvm:elf-program-header-flags 04 false true true false)\n(llvm:elf-program-header-flags 03 true true true false)\n(llvm:elf-program-header-flags 02 true true false true)\n(llvm:elf-program-header-flags 01 false true false false)\n(llvm:elf-program-header-flags 00 false true false false)\n(llvm:elf-virtual-program-header 08 68992 640)\n(llvm:elf-virtual-program-header 07 0 0)\n(llvm:elf-virtual-program-header 06 2076 60)\n(llvm:elf-virtual-program-header 05 596 68)\n(llvm:elf-virtual-program-header 04 69008 512)\n(llvm:elf-virtual-program-header 03 68992 672)\n(llvm:elf-virtual-program-header 02 0 2308)\n(llvm:elf-virtual-program-header 01 568 27)\n(llvm:elf-virtual-program-header 00 64 504)\n(llvm:entry-point 1664)\n(llvm:name-reference 69576 secret)\n(llvm:name-reference 69568 abort)\n(llvm:name-reference 69560 __gmon_start__)\n(llvm:name-reference 69552 __cxa_finalize)\n(llvm:name-reference 69544 __libc_start_main)\n(llvm:name-reference 69624 _ITM_registerTMCloneTable)\n(llvm:name-reference 69608 __gmon_start__)\n(llvm:name-reference 69600 __cxa_finalize)\n(llvm:name-reference 69592 _ITM_deregisterTMCloneTable)\n(llvm:section-entry .shstrtab 0 250 6883)\n(llvm:section-entry .strtab 0 563 6320)\n(llvm:section-entry .symtab 0 2160 4160)\n(llvm:section-entry .comment 0 43 4112)\n(llvm:section-entry .bss 69648 16 4112)\n(llvm:section-entry .data 69632 16 4096)\n(llvm:section-entry .got 69520 112 3984)\n(llvm:section-entry .dynamic 69008 512 3472)\n(llvm:section-entry .fini_array 69000 8 3464)\n(llvm:section-entry .init_array 68992 8 3456)\n(llvm:section-entry .eh_frame 2136 172 2136)\n(llvm:section-entry .eh_frame_hdr 2076 60 2076)\n(llvm:section-entry .rodata 2072 4 2072)\n(llvm:section-entry .fini 2052 20 2052)\n(llvm:section-entry .text 1664 388 1664)\n(llvm:section-entry .plt 1504 112 1504)\n(llvm:section-entry .init 1480 24 1480)\n(llvm:section-entry .rela.plt 1360 120 1360)\n(llvm:section-entry .rela.dyn 1168 192 1168)\n(llvm:section-entry .gnu.version_r 1120 48 1120)\n(llvm:section-entry .gnu.version 1098 20 1098)\n(llvm:section-entry .dynstr 936 161 936)\n(llvm:section-entry .dynsym 696 240 696)\n(llvm:section-entry .gnu.hash 664 28 664)\n(llvm:section-entry .note.ABI-tag 632 32 632)\n(llvm:section-entry .note.gnu.build-id 596 36 596)\n(llvm:section-entry .interp 568 27 568)\n(llvm:section-flags .shstrtab true false false)\n(llvm:section-flags .strtab true false false)\n(llvm:section-flags .symtab true false false)\n(llvm:section-flags .comment true false false)\n(llvm:section-flags .bss true true false)\n(llvm:section-flags .data true true false)\n(llvm:section-flags .got true true false)\n(llvm:section-flags .dynamic true true false)\n(llvm:section-flags .fini_array true true false)\n(llvm:section-flags .init_array true true false)\n(llvm:section-flags .eh_frame true false false)\n(llvm:section-flags .eh_frame_hdr true false false)\n(llvm:section-flags .rodata true false false)\n(llvm:section-flags .fini true false true)\n(llvm:section-flags .text true false true)\n(llvm:section-flags .plt true false true)\n(llvm:section-flags .init true false true)\n(llvm:section-flags .rela.plt true false false)\n(llvm:section-flags .rela.dyn true false false)\n(llvm:section-flags .gnu.version_r true false false)\n(llvm:section-flags .gnu.version true false false)\n(llvm:section-flags .dynstr true false false)\n(llvm:section-flags .dynsym true false false)\n(llvm:section-flags .gnu.hash true false false)\n(llvm:section-flags .note.ABI-tag true false false)\n(llvm:section-flags .note.gnu.build-id true false false)\n(llvm:section-flags .interp true false false)\n(llvm:symbol-entry abort 0 0 0 0)\n(llvm:symbol-entry __cxa_finalize 0 0 0 0)\n(llvm:symbol-entry __libc_start_main 0 0 0 0)\n(llvm:symbol-entry _init 1480 0 1480 1480)\n(llvm:symbol-entry main 1940 112 1940 1940)\n(llvm:symbol-entry _start 1664 52 1664 1664)\n(llvm:symbol-entry secret 0 0 0 0)\n(llvm:symbol-entry abort@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry _fini 2052 0 2052 2052)\n(llvm:symbol-entry __cxa_finalize@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry __libc_start_main@GLIBC_2.34 0 0 0 0)\n(llvm:symbol-entry frame_dummy 1936 0 1936 1936)\n(llvm:symbol-entry __do_global_dtors_aux 1856 0 1856 1856)\n(llvm:symbol-entry register_tm_clones 1792 0 1792 1792)\n(llvm:symbol-entry deregister_tm_clones 1744 0 1744 1744)\n(llvm:symbol-entry call_weak_fn 1716 20 1716 1716)\n(mapped 0 2308 0)\n(mapped 68992 656 3456)\n(named-region 0 2308 02)\n(named-region 68992 672 03)\n(named-region 568 27 .interp)\n(named-region 596 36 .note.gnu.build-id)\n(named-region 632 32 .note.ABI-tag)\n(named-region 664 28 .gnu.hash)\n(named-region 696 240 .dynsym)\n(named-region 936 161 .dynstr)\n(named-region 1098 20 .gnu.version)\n(named-region 1120 48 .gnu.version_r)\n(named-region 1168 192 .rela.dyn)\n(named-region 1360 120 .rela.plt)\n(named-region 1480 24 .init)\n(named-region 1504 112 .plt)\n(named-region 1664 388 .text)\n(named-region 2052 20 .fini)\n(named-region 2072 4 .rodata)\n(named-region 2076 60 .eh_frame_hdr)\n(named-region 2136 172 .eh_frame)\n(named-region 68992 8 .init_array)\n(named-region 69000 8 .fini_array)\n(named-region 69008 512 .dynamic)\n(named-region 69520 112 .got)\n(named-region 69632 16 .data)\n(named-region 69648 16 .bss)\n(named-region 0 43 .comment)\n(named-region 0 2160 .symtab)\n(named-region 0 563 .strtab)\n(named-region 0 250 .shstrtab)\n(named-symbol 1716 call_weak_fn)\n(named-symbol 1744 deregister_tm_clones)\n(named-symbol 1792 register_tm_clones)\n(named-symbol 1856 __do_global_dtors_aux)\n(named-symbol 1936 frame_dummy)\n(named-symbol 0 __libc_start_main@GLIBC_2.34)\n(named-symbol 0 __cxa_finalize@GLIBC_2.17)\n(named-symbol 2052 _fini)\n(named-symbol 0 abort@GLIBC_2.17)\n(named-symbol 0 secret)\n(named-symbol 1664 _start)\n(named-symbol 1940 main)\n(named-symbol 1480 _init)\n(named-symbol 0 __libc_start_main)\n(named-symbol 0 __cxa_finalize)\n(named-symbol 0 abort)\n(require libc.so.6)\n(require libsecret.so)\n(section 568 27)\n(section 596 36)\n(section 632 32)\n(section 664 28)\n(section 696 240)\n(section 936 161)\n(section 1098 20)\n(section 1120 48)\n(section 1168 192)\n(section 1360 120)\n(section 1480 24)\n(section 1504 112)\n(section 1664 388)\n(section 2052 20)\n(section 2072 4)\n(section 2076 60)\n(section 2136 172)\n(section 68992 8)\n(section 69000 8)\n(section 69008 512)\n(section 69520 112)\n(section 69632 16)\n(section 69648 16)\n(section 0 43)\n(section 0 2160)\n(section 0 563)\n(section 0 250)\n(segment 0 2308 true false true)\n(segment 68992 672 true true false)\n(subarch v8)\n(symbol-chunk 1716 20 1716)\n(symbol-chunk 1664 52 1664)\n(symbol-chunk 1940 112 1940)\n(symbol-value 1716 1716)\n(symbol-value 1744 1744)\n(symbol-value 1792 1792)\n(symbol-value 1856 1856)\n(symbol-value 1936 1936)\n(symbol-value 2052 2052)\n(symbol-value 1664 1664)\n(symbol-value 1940 1940)\n(symbol-value 1480 1480)\n(symbol-value 0 0)\n(system \"\")\n(vendor \"\")\n"), +Attr("abi-name","\"aarch64-linux-gnu-elf\"")]), +Sections([Section(".shstrtab", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x80\x06\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xe0\x1b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x1c\x00\x1b\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x09\x00\x00\x00\x00\x00\x00\x04\x09\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x80\x0d\x00\x00\x00\x00\x00\x00\x80\x0d"), +Section(".strtab", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x80\x06\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xe0\x1b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x1c\x00\x1b\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x09\x00\x00\x00\x00\x00\x00\x04\x09\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x80\x0d\x00\x00\x00\x00\x00\x00\x80\x0d\x01\x00\x00\x00\x00\x00\x80\x0d\x01\x00\x00\x00\x00\x00\x90\x02\x00\x00\x00\x00\x00\x00\xa0\x02\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x90\x0d\x00\x00\x00\x00\x00\x00\x90\x0d\x01\x00\x00\x00\x00\x00\x90\x0d\x01\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x50\xe5\x74\x64\x04\x00\x00\x00\x1c\x08\x00\x00\x00\x00\x00\x00\x1c\x08\x00\x00\x00\x00\x00\x00\x1c\x08\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x51\xe5\x74\x64\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x52\xe5\x74\x64\x04\x00\x00\x00\x80\x0d\x00\x00\x00\x00\x00\x00\x80\x0d\x01\x00\x00\x00\x00\x00\x80\x0d\x01\x00\x00\x00\x00\x00\x80\x02\x00\x00\x00\x00\x00\x00\x80\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00"), +Section(".symtab", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x80\x06\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xe0\x1b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x1c\x00\x1b\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x09\x00\x00\x00\x00\x00\x00\x04\x09\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x80\x0d\x00\x00\x00\x00\x00\x00\x80\x0d\x01\x00\x00\x00\x00\x00\x80\x0d\x01\x00\x00\x00\x00\x00\x90\x02\x00\x00\x00\x00\x00\x00\xa0\x02\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x90\x0d\x00\x00\x00\x00\x00\x00\x90\x0d\x01\x00\x00\x00\x00\x00\x90\x0d\x01\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x50\xe5\x74\x64\x04\x00\x00\x00\x1c\x08\x00\x00\x00\x00\x00\x00\x1c\x08\x00\x00\x00\x00\x00\x00\x1c\x08\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x51\xe5\x74\x64\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x52\xe5\x74\x64\x04\x00\x00\x00\x80\x0d\x00\x00\x00\x00\x00\x00\x80\x0d\x01\x00\x00\x00\x00\x00\x80\x0d\x01\x00\x00\x00\x00\x00\x80\x02\x00\x00\x00\x00\x00\x00\x80\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x2f\x6c\x69\x62\x2f\x6c\x64\x2d\x6c\x69\x6e\x75\x78\x2d\x61\x61\x72\x63\x68\x36\x34\x2e\x73\x6f\x2e\x31\x00\x00\x04\x00\x00\x00\x14\x00\x00\x00\x03\x00\x00\x00\x47\x4e\x55\x00\xaf\xbd\x73\xdb\xb1\xe3\x1c\xc9\x48\x7f\xc8\xec\x61\x7b\x61\x3e\x93\x25\xdf\x4b\x04\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x47\x4e\x55\x00\x00\x00\x00\x00\x03\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x0b\x00\xc8\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x16\x00\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5c\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2a\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x22\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x46\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6e\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x55\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5f\x5f\x63\x78\x61\x5f\x66\x69\x6e\x61\x6c\x69\x7a\x65\x00\x5f\x49\x54\x4d\x5f\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00\x5f\x49\x54\x4d\x5f\x64\x65\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00\x5f\x5f\x67\x6d\x6f\x6e\x5f\x73\x74\x61\x72\x74\x5f\x5f\x00\x73\x65\x63\x72\x65\x74\x00\x5f\x5f\x6c\x69\x62\x63\x5f\x73\x74\x61\x72\x74\x5f\x6d\x61\x69\x6e\x00\x61\x62\x6f\x72\x74\x00\x6c\x69\x62\x73\x65\x63\x72\x65\x74\x2e\x73\x6f\x00\x6c\x69\x62\x63\x2e\x73\x6f\x2e\x36\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x31\x37\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x33\x34\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x00\x03\x00\x01\x00\x03\x00\x01\x00\x01\x00\x00\x00\x01\x00\x02\x00\x81\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x97\x91\x96\x06\x00\x00\x03\x00\x8b\x00\x00\x00\x10\x00\x00\x00\xb4\x91\x96\x06\x00\x00\x02\x00\x96\x00\x00\x00\x00\x00\x00\x00\x80\x0d\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x90\x07\x00\x00\x00\x00\x00\x00\x88\x0d\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x40\x07\x00\x00\x00\x00\x00\x00\xf0\x0f\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x94\x07\x00\x00\x00\x00\x00\x00\x08\x10\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x08\x10\x01\x00\x00\x00\x00\x00\xd8\x0f\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x0f\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe8\x0f\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf8\x0f\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa8\x0f\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb0\x0f\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8\x0f\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x0f\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8\x0f\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\x38\x00\x00\x94\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6\xf0\x7b\xbf\xa9\x90\x00\x00\x90\x11\xd2\x47\xf9\x10\x82\x3e\x91\x20\x02\x1f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x90\x00\x00\x90\x11\xd6\x47\xf9\x10\xa2\x3e\x91\x20\x02\x1f\xd6\x90\x00\x00\x90\x11\xda\x47\xf9\x10\xc2\x3e\x91\x20\x02\x1f\xd6\x90\x00\x00\x90\x11\xde\x47\xf9\x10\xe2\x3e\x91\x20\x02\x1f\xd6\x90\x00\x00\x90\x11\xe2\x47\xf9\x10\x02\x3f\x91\x20\x02\x1f\xd6\x90\x00\x00\x90\x11\xe6\x47\xf9\x10\x22\x3f\x91\x20\x02\x1f\xd6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x20\x03\xd5\x1d\x00\x80\xd2\x1e\x00\x80\xd2\xe5\x03\x00\xaa\xe1\x03\x40\xf9\xe2\x23\x00\x91\xe6\x03\x00\x91\x80\x00\x00\x90\x00\xf8\x47\xf9\x03\x00\x80\xd2\x04\x00\x80\xd2\xd5\xff\xff\x97\xe0\xff\xff\x97\x80\x00\x00\x90\x00\xf4\x47\xf9\x40\x00\x00\xb4\xd8\xff\xff\x17\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x80\x00\x00\xb0\x00\x40\x00\x91\x81\x00\x00\xb0\x21\x40\x00\x91\x3f\x00\x00\xeb\xc0\x00\x00\x54\x81\x00\x00\x90\x21\xec\x47\xf9\x61\x00\x00\xb4\xf0\x03\x01\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x80\x00\x00\xb0\x00\x40\x00\x91\x81\x00\x00\xb0\x21\x40\x00\x91\x21\x00\x00\xcb\x22\xfc\x7f\xd3\x41\x0c\x81\x8b\x21\xfc\x41\x93\xc1\x00\x00\xb4\x82\x00\x00\x90\x42\xfc\x47\xf9\x62\x00\x00\xb4\xf0\x03\x02\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\xfd\x7b\xbe\xa9\xfd\x03\x00\x91\xf3\x0b\x00\xf9\x93\x00\x00\xb0\x60\x42\x40\x39\x40\x01\x00\x35\x80\x00\x00\x90\x00\xf0\x47\xf9\x80\x00\x00\xb4\x80\x00\x00\xb0\x00\x04\x40\xf9\xa9\xff\xff\x97\xd8\xff\xff\x97\x20\x00\x80\x52\x60\x42\x00\x39\xf3\x0b\x40\xf9\xfd\x7b\xc2\xa8\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\xdc\xff\xff\x17\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\x80\x00\x00\xb0\x00\x50\x00\x91\x1f\x00\x00\xb9\x80\x00\x00\xb0\x00\x50\x00\x91\x00\x00\x40\xb9\x01\x04\x00\x11\x80\x00\x00\xb0\x00\x50\x00\x91\x01\x00\x00\xb9\x80\x00\x00\xb0\x00\x60\x00\x91\x9d\xff\xff\x97\x80\x00\x00\xb0\x00\x60\x00\x91\x1f\x00\x00\xb9\x80\x00\x00\xb0\x00\x50\x00\x91\x00\x00\x40\xb9\x01\x04\x00\x11\x80\x00\x00\xb0\x00\x50\x00\x91\x01\x00\x00\xb9\x00\x00\x80\x52\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6\x01\x00\x02\x00\x01\x1b\x03\x3b\x38\x00\x00\x00\x06\x00\x00\x00\x64\xfe\xff\xff\x50\x00\x00\x00\xb4\xfe\xff\xff\x64\x00\x00\x00\xe4\xfe\xff\xff\x78\x00\x00\x00\x24\xff\xff\xff\x8c\x00\x00\x00\x74\xff\xff\xff\xb0\x00\x00\x00\x78\xff\xff\xff\xc4\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x01\x7a\x52\x00\x04\x78\x1e\x01\x1b\x0c\x1f\x00\x10\x00\x00\x00"), +Section(".comment", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x80\x06\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xe0\x1b\x00"), +Section(".interp", 0x238, "\x2f\x6c\x69\x62\x2f\x6c\x64\x2d\x6c\x69\x6e\x75\x78\x2d\x61\x61\x72\x63\x68\x36\x34\x2e\x73\x6f\x2e\x31\x00"), +Section(".note.gnu.build-id", 0x254, "\x04\x00\x00\x00\x14\x00\x00\x00\x03\x00\x00\x00\x47\x4e\x55\x00\xaf\xbd\x73\xdb\xb1\xe3\x1c\xc9\x48\x7f\xc8\xec\x61\x7b\x61\x3e\x93\x25\xdf\x4b"), +Section(".note.ABI-tag", 0x278, "\x04\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x47\x4e\x55\x00\x00\x00\x00\x00\x03\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00"), +Section(".gnu.hash", 0x298, "\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".dynsym", 0x2B8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x0b\x00\xc8\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x16\x00\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5c\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2a\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x22\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x46\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6e\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x55\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".dynstr", 0x3A8, "\x00\x5f\x5f\x63\x78\x61\x5f\x66\x69\x6e\x61\x6c\x69\x7a\x65\x00\x5f\x49\x54\x4d\x5f\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00\x5f\x49\x54\x4d\x5f\x64\x65\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00\x5f\x5f\x67\x6d\x6f\x6e\x5f\x73\x74\x61\x72\x74\x5f\x5f\x00\x73\x65\x63\x72\x65\x74\x00\x5f\x5f\x6c\x69\x62\x63\x5f\x73\x74\x61\x72\x74\x5f\x6d\x61\x69\x6e\x00\x61\x62\x6f\x72\x74\x00\x6c\x69\x62\x73\x65\x63\x72\x65\x74\x2e\x73\x6f\x00\x6c\x69\x62\x63\x2e\x73\x6f\x2e\x36\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x31\x37\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x33\x34\x00"), +Section(".gnu.version", 0x44A, "\x00\x00\x00\x00\x00\x00\x02\x00\x01\x00\x03\x00\x01\x00\x03\x00\x01\x00\x01\x00"), +Section(".gnu.version_r", 0x460, "\x01\x00\x02\x00\x81\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x97\x91\x96\x06\x00\x00\x03\x00\x8b\x00\x00\x00\x10\x00\x00\x00\xb4\x91\x96\x06\x00\x00\x02\x00\x96\x00\x00\x00\x00\x00\x00\x00"), +Section(".rela.dyn", 0x490, "\x80\x0d\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x90\x07\x00\x00\x00\x00\x00\x00\x88\x0d\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x40\x07\x00\x00\x00\x00\x00\x00\xf0\x0f\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x94\x07\x00\x00\x00\x00\x00\x00\x08\x10\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x08\x10\x01\x00\x00\x00\x00\x00\xd8\x0f\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x0f\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe8\x0f\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf8\x0f\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".rela.plt", 0x550, "\xa8\x0f\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb0\x0f\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8\x0f\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x0f\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8\x0f\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".init", 0x5C8, "\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\x38\x00\x00\x94\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6"), +Section(".plt", 0x5E0, "\xf0\x7b\xbf\xa9\x90\x00\x00\x90\x11\xd2\x47\xf9\x10\x82\x3e\x91\x20\x02\x1f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x90\x00\x00\x90\x11\xd6\x47\xf9\x10\xa2\x3e\x91\x20\x02\x1f\xd6\x90\x00\x00\x90\x11\xda\x47\xf9\x10\xc2\x3e\x91\x20\x02\x1f\xd6\x90\x00\x00\x90\x11\xde\x47\xf9\x10\xe2\x3e\x91\x20\x02\x1f\xd6\x90\x00\x00\x90\x11\xe2\x47\xf9\x10\x02\x3f\x91\x20\x02\x1f\xd6\x90\x00\x00\x90\x11\xe6\x47\xf9\x10\x22\x3f\x91\x20\x02\x1f\xd6"), +Section(".fini", 0x804, "\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6"), +Section(".rodata", 0x818, "\x01\x00\x02\x00"), +Section(".eh_frame_hdr", 0x81C, "\x01\x1b\x03\x3b\x38\x00\x00\x00\x06\x00\x00\x00\x64\xfe\xff\xff\x50\x00\x00\x00\xb4\xfe\xff\xff\x64\x00\x00\x00\xe4\xfe\xff\xff\x78\x00\x00\x00\x24\xff\xff\xff\x8c\x00\x00\x00\x74\xff\xff\xff\xb0\x00\x00\x00\x78\xff\xff\xff\xc4\x00\x00\x00"), +Section(".eh_frame", 0x858, "\x10\x00\x00\x00\x00\x00\x00\x00\x01\x7a\x52\x00\x04\x78\x1e\x01\x1b\x0c\x1f\x00\x10\x00\x00\x00\x18\x00\x00\x00\x0c\xfe\xff\xff\x34\x00\x00\x00\x00\x41\x07\x1e\x10\x00\x00\x00\x2c\x00\x00\x00\x48\xfe\xff\xff\x30\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x40\x00\x00\x00\x64\xfe\xff\xff\x3c\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x54\x00\x00\x00\x90\xfe\xff\xff\x48\x00\x00\x00\x00\x41\x0e\x20\x9d\x04\x9e\x03\x42\x93\x02\x4e\xde\xdd\xd3\x0e\x00\x00\x00\x00\x10\x00\x00\x00\x78\x00\x00\x00\xbc\xfe\xff\xff\x04\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x00\x00\x8c\x00\x00\x00\xac\xfe\xff\xff\x70\x00\x00\x00\x00\x41\x0e\x10\x9d\x02\x9e\x01\x5a\xde\xdd\x0e\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".fini_array", 0x10D88, "\x40\x07\x00\x00\x00\x00\x00\x00"), +Section(".dynamic", 0x10D90, "\x01\x00\x00\x00\x00\x00\x00\x00\x74\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x81\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\xc8\x05\x00\x00\x00\x00\x00\x00\x0d\x00\x00\x00\x00\x00\x00\x00\x04\x08\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x80\x0d\x01\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00\x88\x0d\x01\x00\x00\x00\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xf5\xfe\xff\x6f\x00\x00\x00\x00\x98\x02\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\xb8\x02\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\xa1\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x90\x0f\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x78\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00\x00\x00\x00\x00\x50\x05\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x90\x04\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x1e\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xfb\xff\xff\x6f\x00\x00\x00\x00\x01\x00\x00\x08\x00\x00\x00\x00\xfe\xff\xff\x6f\x00\x00\x00\x00\x60\x04\x00\x00\x00\x00\x00\x00\xff\xff\xff\x6f\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\x6f\x00\x00\x00\x00\x4a\x04\x00\x00\x00\x00\x00\x00\xf9\xff\xff\x6f\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".got", 0x10F90, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x05\x00\x00\x00\x00\x00\x00\xe0\x05\x00\x00\x00\x00\x00\x00\xe0\x05\x00\x00\x00\x00\x00\x00\xe0\x05\x00\x00\x00\x00\x00\x00\xe0\x05\x00\x00\x00\x00\x00\x00\x90\x0d\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x94\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".data", 0x11000, "\x00\x00\x00\x00\x00\x00\x00\x00\x08\x10\x01\x00\x00\x00\x00\x00"), +Section(".init_array", 0x10D80, "\x90\x07\x00\x00\x00\x00\x00\x00"), +Section(".text", 0x680, "\x1f\x20\x03\xd5\x1d\x00\x80\xd2\x1e\x00\x80\xd2\xe5\x03\x00\xaa\xe1\x03\x40\xf9\xe2\x23\x00\x91\xe6\x03\x00\x91\x80\x00\x00\x90\x00\xf8\x47\xf9\x03\x00\x80\xd2\x04\x00\x80\xd2\xd5\xff\xff\x97\xe0\xff\xff\x97\x80\x00\x00\x90\x00\xf4\x47\xf9\x40\x00\x00\xb4\xd8\xff\xff\x17\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x80\x00\x00\xb0\x00\x40\x00\x91\x81\x00\x00\xb0\x21\x40\x00\x91\x3f\x00\x00\xeb\xc0\x00\x00\x54\x81\x00\x00\x90\x21\xec\x47\xf9\x61\x00\x00\xb4\xf0\x03\x01\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x80\x00\x00\xb0\x00\x40\x00\x91\x81\x00\x00\xb0\x21\x40\x00\x91\x21\x00\x00\xcb\x22\xfc\x7f\xd3\x41\x0c\x81\x8b\x21\xfc\x41\x93\xc1\x00\x00\xb4\x82\x00\x00\x90\x42\xfc\x47\xf9\x62\x00\x00\xb4\xf0\x03\x02\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\xfd\x7b\xbe\xa9\xfd\x03\x00\x91\xf3\x0b\x00\xf9\x93\x00\x00\xb0\x60\x42\x40\x39\x40\x01\x00\x35\x80\x00\x00\x90\x00\xf0\x47\xf9\x80\x00\x00\xb4\x80\x00\x00\xb0\x00\x04\x40\xf9\xa9\xff\xff\x97\xd8\xff\xff\x97\x20\x00\x80\x52\x60\x42\x00\x39\xf3\x0b\x40\xf9\xfd\x7b\xc2\xa8\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\xdc\xff\xff\x17\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\x80\x00\x00\xb0\x00\x50\x00\x91\x1f\x00\x00\xb9\x80\x00\x00\xb0\x00\x50\x00\x91\x00\x00\x40\xb9\x01\x04\x00\x11\x80\x00\x00\xb0\x00\x50\x00\x91\x01\x00\x00\xb9\x80\x00\x00\xb0\x00\x60\x00\x91\x9d\xff\xff\x97\x80\x00\x00\xb0\x00\x60\x00\x91\x1f\x00\x00\xb9\x80\x00\x00\xb0\x00\x50\x00\x91\x00\x00\x40\xb9\x01\x04\x00\x11\x80\x00\x00\xb0\x00\x50\x00\x91\x01\x00\x00\xb9\x00\x00\x80\x52\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6")]), +Memmap([Annotation(Region(0x0,0x903), Attr("segment","02 0 2308")), +Annotation(Region(0x680,0x6B3), Attr("symbol","\"_start\"")), +Annotation(Region(0x0,0xF9), Attr("section","\".shstrtab\"")), +Annotation(Region(0x0,0x232), Attr("section","\".strtab\"")), +Annotation(Region(0x0,0x86F), Attr("section","\".symtab\"")), +Annotation(Region(0x0,0x2A), Attr("section","\".comment\"")), +Annotation(Region(0x238,0x252), Attr("section","\".interp\"")), +Annotation(Region(0x254,0x277), Attr("section","\".note.gnu.build-id\"")), +Annotation(Region(0x278,0x297), Attr("section","\".note.ABI-tag\"")), +Annotation(Region(0x298,0x2B3), Attr("section","\".gnu.hash\"")), +Annotation(Region(0x2B8,0x3A7), Attr("section","\".dynsym\"")), +Annotation(Region(0x3A8,0x448), Attr("section","\".dynstr\"")), +Annotation(Region(0x44A,0x45D), Attr("section","\".gnu.version\"")), +Annotation(Region(0x460,0x48F), Attr("section","\".gnu.version_r\"")), +Annotation(Region(0x490,0x54F), Attr("section","\".rela.dyn\"")), +Annotation(Region(0x550,0x5C7), Attr("section","\".rela.plt\"")), +Annotation(Region(0x5C8,0x5DF), Attr("section","\".init\"")), +Annotation(Region(0x5E0,0x64F), Attr("section","\".plt\"")), +Annotation(Region(0x5C8,0x5DF), Attr("code-region","()")), +Annotation(Region(0x5E0,0x64F), Attr("code-region","()")), +Annotation(Region(0x680,0x6B3), Attr("symbol-info","_start 0x680 52")), +Annotation(Region(0x6B4,0x6C7), Attr("symbol","\"call_weak_fn\"")), +Annotation(Region(0x6B4,0x6C7), Attr("symbol-info","call_weak_fn 0x6B4 20")), +Annotation(Region(0x794,0x803), Attr("symbol","\"main\"")), +Annotation(Region(0x794,0x803), Attr("symbol-info","main 0x794 112")), +Annotation(Region(0x804,0x817), Attr("section","\".fini\"")), +Annotation(Region(0x818,0x81B), Attr("section","\".rodata\"")), +Annotation(Region(0x81C,0x857), Attr("section","\".eh_frame_hdr\"")), +Annotation(Region(0x858,0x903), Attr("section","\".eh_frame\"")), +Annotation(Region(0x10D80,0x1100F), Attr("segment","03 0x10D80 672")), +Annotation(Region(0x10D88,0x10D8F), Attr("section","\".fini_array\"")), +Annotation(Region(0x10D90,0x10F8F), Attr("section","\".dynamic\"")), +Annotation(Region(0x10F90,0x10FFF), Attr("section","\".got\"")), +Annotation(Region(0x11000,0x1100F), Attr("section","\".data\"")), +Annotation(Region(0x10D80,0x10D87), Attr("section","\".init_array\"")), +Annotation(Region(0x680,0x803), Attr("section","\".text\"")), +Annotation(Region(0x680,0x803), Attr("code-region","()")), +Annotation(Region(0x804,0x817), Attr("code-region","()"))]), +Program(Tid(1_633, "%00000661"), Attrs([]), + Subs([Sub(Tid(1_610, "@__cxa_finalize"), + Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x610"), +Attr("stub","()")]), "__cxa_finalize", Args([Arg(Tid(1_634, "%00000662"), + Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), +Attr("c.type","signed")]), Var("__cxa_finalize_result",Imm(32)), +LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(1_044, "@__cxa_finalize"), + Attrs([Attr("address","0x610")]), Phis([]), +Defs([Def(Tid(1_308, "%0000051c"), Attrs([Attr("address","0x610"), +Attr("insn","adrp x16, #65536")]), Var("R16",Imm(64)), Int(65536,64)), +Def(Tid(1_315, "%00000523"), Attrs([Attr("address","0x614"), +Attr("insn","ldr x17, [x16, #0xfb0]")]), Var("R17",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4016,64)),LittleEndian(),64)), +Def(Tid(1_321, "%00000529"), Attrs([Attr("address","0x618"), +Attr("insn","add x16, x16, #0xfb0")]), Var("R16",Imm(64)), +PLUS(Var("R16",Imm(64)),Int(4016,64)))]), Jmps([Call(Tid(1_326, "%0000052e"), + Attrs([Attr("address","0x61C"), Attr("insn","br x17")]), Int(1,1), +(Indirect(Var("R17",Imm(64))),))]))])), +Sub(Tid(1_611, "@__do_global_dtors_aux"), + Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x740")]), + "__do_global_dtors_aux", Args([Arg(Tid(1_635, "%00000663"), + Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), +Attr("c.type","signed")]), Var("__do_global_dtors_aux_result",Imm(32)), +LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(702, "@__do_global_dtors_aux"), + Attrs([Attr("address","0x740")]), Phis([]), Defs([Def(Tid(706, "%000002c2"), + Attrs([Attr("address","0x740"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("#3",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(18446744073709551584,64))), +Def(Tid(712, "%000002c8"), Attrs([Attr("address","0x740"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("#3",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), +Def(Tid(718, "%000002ce"), Attrs([Attr("address","0x740"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("#3",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), +Def(Tid(722, "%000002d2"), Attrs([Attr("address","0x740"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("R31",Imm(64)), +Var("#3",Imm(64))), Def(Tid(728, "%000002d8"), + Attrs([Attr("address","0x744"), Attr("insn","mov x29, sp")]), + Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(736, "%000002e0"), + Attrs([Attr("address","0x748"), Attr("insn","str x19, [sp, #0x10]")]), + Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),Var("R19",Imm(64)),LittleEndian(),64)), +Def(Tid(741, "%000002e5"), Attrs([Attr("address","0x74C"), +Attr("insn","adrp x19, #69632")]), Var("R19",Imm(64)), Int(69632,64)), +Def(Tid(748, "%000002ec"), Attrs([Attr("address","0x750"), +Attr("insn","ldrb w0, [x19, #0x10]")]), Var("R0",Imm(64)), +UNSIGNED(64,Load(Var("mem",Mem(64,8)),PLUS(Var("R19",Imm(64)),Int(16,64)),LittleEndian(),8)))]), +Jmps([Goto(Tid(755, "%000002f3"), Attrs([Attr("address","0x754"), +Attr("insn","cbnz w0, #0x28")]), + NEQ(Extract(31,0,Var("R0",Imm(64))),Int(0,32)), +Direct(Tid(753, "%000002f1"))), Goto(Tid(1_612, "%0000064c"), Attrs([]), + Int(1,1), Direct(Tid(989, "%000003dd")))])), Blk(Tid(989, "%000003dd"), + Attrs([Attr("address","0x758")]), Phis([]), Defs([Def(Tid(992, "%000003e0"), + Attrs([Attr("address","0x758"), Attr("insn","adrp x0, #65536")]), + Var("R0",Imm(64)), Int(65536,64)), Def(Tid(999, "%000003e7"), + Attrs([Attr("address","0x75C"), Attr("insn","ldr x0, [x0, #0xfe0]")]), + Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4064,64)),LittleEndian(),64))]), +Jmps([Goto(Tid(1_005, "%000003ed"), Attrs([Attr("address","0x760"), +Attr("insn","cbz x0, #0x10")]), EQ(Var("R0",Imm(64)),Int(0,64)), +Direct(Tid(1_003, "%000003eb"))), Goto(Tid(1_613, "%0000064d"), Attrs([]), + Int(1,1), Direct(Tid(1_028, "%00000404")))])), Blk(Tid(1_028, "%00000404"), + Attrs([Attr("address","0x764")]), Phis([]), +Defs([Def(Tid(1_031, "%00000407"), Attrs([Attr("address","0x764"), +Attr("insn","adrp x0, #69632")]), Var("R0",Imm(64)), Int(69632,64)), +Def(Tid(1_038, "%0000040e"), Attrs([Attr("address","0x768"), +Attr("insn","ldr x0, [x0, #0x8]")]), Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(1_043, "%00000413"), Attrs([Attr("address","0x76C"), +Attr("insn","bl #-0x15c")]), Var("R30",Imm(64)), Int(1904,64))]), +Jmps([Call(Tid(1_046, "%00000416"), Attrs([Attr("address","0x76C"), +Attr("insn","bl #-0x15c")]), Int(1,1), +(Direct(Tid(1_610, "@__cxa_finalize")),Direct(Tid(1_003, "%000003eb"))))])), +Blk(Tid(1_003, "%000003eb"), Attrs([Attr("address","0x770")]), Phis([]), +Defs([Def(Tid(1_011, "%000003f3"), Attrs([Attr("address","0x770"), +Attr("insn","bl #-0xa0")]), Var("R30",Imm(64)), Int(1908,64))]), +Jmps([Call(Tid(1_013, "%000003f5"), Attrs([Attr("address","0x770"), +Attr("insn","bl #-0xa0")]), Int(1,1), +(Direct(Tid(1_624, "@deregister_tm_clones")),Direct(Tid(1_015, "%000003f7"))))])), +Blk(Tid(1_015, "%000003f7"), Attrs([Attr("address","0x774")]), Phis([]), +Defs([Def(Tid(1_018, "%000003fa"), Attrs([Attr("address","0x774"), +Attr("insn","mov w0, #0x1")]), Var("R0",Imm(64)), Int(1,64)), +Def(Tid(1_026, "%00000402"), Attrs([Attr("address","0x778"), +Attr("insn","strb w0, [x19, #0x10]")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("R19",Imm(64)),Int(16,64)),Extract(7,0,Var("R0",Imm(64))),LittleEndian(),8))]), +Jmps([Goto(Tid(1_614, "%0000064e"), Attrs([]), Int(1,1), +Direct(Tid(753, "%000002f1")))])), Blk(Tid(753, "%000002f1"), + Attrs([Attr("address","0x77C")]), Phis([]), Defs([Def(Tid(763, "%000002fb"), + Attrs([Attr("address","0x77C"), Attr("insn","ldr x19, [sp, #0x10]")]), + Var("R19",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),LittleEndian(),64)), +Def(Tid(770, "%00000302"), Attrs([Attr("address","0x780"), +Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R29",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), +Def(Tid(775, "%00000307"), Attrs([Attr("address","0x780"), +Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R30",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(779, "%0000030b"), Attrs([Attr("address","0x780"), +Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R31",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(32,64)))]), Jmps([Call(Tid(784, "%00000310"), + Attrs([Attr("address","0x784"), Attr("insn","ret")]), Int(1,1), +(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(1_615, "@__libc_start_main"), + Attrs([Attr("c.proto","signed (*)(signed (*)(signed , char** , char** );* main, signed , char** , \nvoid* auxv)"), +Attr("address","0x600"), Attr("stub","()")]), "__libc_start_main", + Args([Arg(Tid(1_636, "%00000664"), + Attrs([Attr("c.layout","**[ : 64]"), +Attr("c.data","Top:u64 ptr ptr"), +Attr("c.type","signed (*)(signed , char** , char** );*")]), + Var("__libc_start_main_main",Imm(64)), Var("R0",Imm(64)), In()), +Arg(Tid(1_637, "%00000665"), Attrs([Attr("c.layout","[signed : 32]"), +Attr("c.data","Top:u32"), Attr("c.type","signed")]), + Var("__libc_start_main_arg2",Imm(32)), LOW(32,Var("R1",Imm(64))), In()), +Arg(Tid(1_638, "%00000666"), Attrs([Attr("c.layout","**[char : 8]"), +Attr("c.data","Top:u8 ptr ptr"), Attr("c.type","char**")]), + Var("__libc_start_main_arg3",Imm(64)), Var("R2",Imm(64)), Both()), +Arg(Tid(1_639, "%00000667"), Attrs([Attr("c.layout","*[ : 8]"), +Attr("c.data","{} ptr"), Attr("c.type","void*")]), + Var("__libc_start_main_auxv",Imm(64)), Var("R3",Imm(64)), Both()), +Arg(Tid(1_640, "%00000668"), Attrs([Attr("c.layout","[signed : 32]"), +Attr("c.data","Top:u32"), Attr("c.type","signed")]), + Var("__libc_start_main_result",Imm(32)), LOW(32,Var("R0",Imm(64))), +Out())]), Blks([Blk(Tid(535, "@__libc_start_main"), + Attrs([Attr("address","0x600")]), Phis([]), +Defs([Def(Tid(1_286, "%00000506"), Attrs([Attr("address","0x600"), +Attr("insn","adrp x16, #65536")]), Var("R16",Imm(64)), Int(65536,64)), +Def(Tid(1_293, "%0000050d"), Attrs([Attr("address","0x604"), +Attr("insn","ldr x17, [x16, #0xfa8]")]), Var("R17",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4008,64)),LittleEndian(),64)), +Def(Tid(1_299, "%00000513"), Attrs([Attr("address","0x608"), +Attr("insn","add x16, x16, #0xfa8")]), Var("R16",Imm(64)), +PLUS(Var("R16",Imm(64)),Int(4008,64)))]), Jmps([Call(Tid(1_304, "%00000518"), + Attrs([Attr("address","0x60C"), Attr("insn","br x17")]), Int(1,1), +(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(1_616, "@_fini"), + Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x804")]), + "_fini", Args([Arg(Tid(1_641, "%00000669"), + Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), +Attr("c.type","signed")]), Var("_fini_result",Imm(32)), +LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(31, "@_fini"), + Attrs([Attr("address","0x804")]), Phis([]), Defs([Def(Tid(37, "%00000025"), + Attrs([Attr("address","0x808"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("#0",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))), +Def(Tid(43, "%0000002b"), Attrs([Attr("address","0x808"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("#0",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), +Def(Tid(49, "%00000031"), Attrs([Attr("address","0x808"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("#0",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), +Def(Tid(53, "%00000035"), Attrs([Attr("address","0x808"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("R31",Imm(64)), +Var("#0",Imm(64))), Def(Tid(59, "%0000003b"), Attrs([Attr("address","0x80C"), +Attr("insn","mov x29, sp")]), Var("R29",Imm(64)), Var("R31",Imm(64))), +Def(Tid(66, "%00000042"), Attrs([Attr("address","0x810"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R29",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), +Def(Tid(71, "%00000047"), Attrs([Attr("address","0x810"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R30",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(75, "%0000004b"), Attrs([Attr("address","0x810"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R31",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(80, "%00000050"), + Attrs([Attr("address","0x814"), Attr("insn","ret")]), Int(1,1), +(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(1_617, "@_init"), + Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x5C8")]), + "_init", Args([Arg(Tid(1_642, "%0000066a"), + Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), +Attr("c.type","signed")]), Var("_init_result",Imm(32)), +LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(1_420, "@_init"), + Attrs([Attr("address","0x5C8")]), Phis([]), +Defs([Def(Tid(1_426, "%00000592"), Attrs([Attr("address","0x5CC"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("#6",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))), +Def(Tid(1_432, "%00000598"), Attrs([Attr("address","0x5CC"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("#6",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), +Def(Tid(1_438, "%0000059e"), Attrs([Attr("address","0x5CC"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("#6",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), +Def(Tid(1_442, "%000005a2"), Attrs([Attr("address","0x5CC"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("R31",Imm(64)), +Var("#6",Imm(64))), Def(Tid(1_448, "%000005a8"), + Attrs([Attr("address","0x5D0"), Attr("insn","mov x29, sp")]), + Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(1_453, "%000005ad"), + Attrs([Attr("address","0x5D4"), Attr("insn","bl #0xe0")]), + Var("R30",Imm(64)), Int(1496,64))]), Jmps([Call(Tid(1_455, "%000005af"), + Attrs([Attr("address","0x5D4"), Attr("insn","bl #0xe0")]), Int(1,1), +(Direct(Tid(1_622, "@call_weak_fn")),Direct(Tid(1_457, "%000005b1"))))])), +Blk(Tid(1_457, "%000005b1"), Attrs([Attr("address","0x5D8")]), Phis([]), +Defs([Def(Tid(1_462, "%000005b6"), Attrs([Attr("address","0x5D8"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R29",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), +Def(Tid(1_467, "%000005bb"), Attrs([Attr("address","0x5D8"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R30",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(1_471, "%000005bf"), Attrs([Attr("address","0x5D8"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R31",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(1_476, "%000005c4"), + Attrs([Attr("address","0x5DC"), Attr("insn","ret")]), Int(1,1), +(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(1_618, "@_start"), + Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x680"), +Attr("entry-point","()")]), "_start", Args([Arg(Tid(1_643, "%0000066b"), + Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), +Attr("c.type","signed")]), Var("_start_result",Imm(32)), +LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(472, "@_start"), + Attrs([Attr("address","0x680")]), Phis([]), Defs([Def(Tid(477, "%000001dd"), + Attrs([Attr("address","0x684"), Attr("insn","mov x29, #0x0")]), + Var("R29",Imm(64)), Int(0,64)), Def(Tid(482, "%000001e2"), + Attrs([Attr("address","0x688"), Attr("insn","mov x30, #0x0")]), + Var("R30",Imm(64)), Int(0,64)), Def(Tid(488, "%000001e8"), + Attrs([Attr("address","0x68C"), Attr("insn","mov x5, x0")]), + Var("R5",Imm(64)), Var("R0",Imm(64))), Def(Tid(495, "%000001ef"), + Attrs([Attr("address","0x690"), Attr("insn","ldr x1, [sp]")]), + Var("R1",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), +Def(Tid(501, "%000001f5"), Attrs([Attr("address","0x694"), +Attr("insn","add x2, sp, #0x8")]), Var("R2",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(8,64))), Def(Tid(507, "%000001fb"), + Attrs([Attr("address","0x698"), Attr("insn","mov x6, sp")]), + Var("R6",Imm(64)), Var("R31",Imm(64))), Def(Tid(512, "%00000200"), + Attrs([Attr("address","0x69C"), Attr("insn","adrp x0, #65536")]), + Var("R0",Imm(64)), Int(65536,64)), Def(Tid(519, "%00000207"), + Attrs([Attr("address","0x6A0"), Attr("insn","ldr x0, [x0, #0xff0]")]), + Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4080,64)),LittleEndian(),64)), +Def(Tid(524, "%0000020c"), Attrs([Attr("address","0x6A4"), +Attr("insn","mov x3, #0x0")]), Var("R3",Imm(64)), Int(0,64)), +Def(Tid(529, "%00000211"), Attrs([Attr("address","0x6A8"), +Attr("insn","mov x4, #0x0")]), Var("R4",Imm(64)), Int(0,64)), +Def(Tid(534, "%00000216"), Attrs([Attr("address","0x6AC"), +Attr("insn","bl #-0xac")]), Var("R30",Imm(64)), Int(1712,64))]), +Jmps([Call(Tid(537, "%00000219"), Attrs([Attr("address","0x6AC"), +Attr("insn","bl #-0xac")]), Int(1,1), +(Direct(Tid(1_615, "@__libc_start_main")),Direct(Tid(539, "%0000021b"))))])), +Blk(Tid(539, "%0000021b"), Attrs([Attr("address","0x6B0")]), Phis([]), +Defs([Def(Tid(542, "%0000021e"), Attrs([Attr("address","0x6B0"), +Attr("insn","bl #-0x80")]), Var("R30",Imm(64)), Int(1716,64))]), +Jmps([Call(Tid(545, "%00000221"), Attrs([Attr("address","0x6B0"), +Attr("insn","bl #-0x80")]), Int(1,1), +(Direct(Tid(1_621, "@abort")),Direct(Tid(1_619, "%00000653"))))])), +Blk(Tid(1_619, "%00000653"), Attrs([]), Phis([]), Defs([]), +Jmps([Call(Tid(1_620, "%00000654"), Attrs([]), Int(1,1), +(Direct(Tid(1_622, "@call_weak_fn")),))]))])), Sub(Tid(1_621, "@abort"), + Attrs([Attr("noreturn","()"), Attr("c.proto","void (*)(void)"), +Attr("address","0x630"), Attr("stub","()")]), "abort", Args([]), +Blks([Blk(Tid(543, "@abort"), Attrs([Attr("address","0x630")]), Phis([]), +Defs([Def(Tid(1_352, "%00000548"), Attrs([Attr("address","0x630"), +Attr("insn","adrp x16, #65536")]), Var("R16",Imm(64)), Int(65536,64)), +Def(Tid(1_359, "%0000054f"), Attrs([Attr("address","0x634"), +Attr("insn","ldr x17, [x16, #0xfc0]")]), Var("R17",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4032,64)),LittleEndian(),64)), +Def(Tid(1_365, "%00000555"), Attrs([Attr("address","0x638"), +Attr("insn","add x16, x16, #0xfc0")]), Var("R16",Imm(64)), +PLUS(Var("R16",Imm(64)),Int(4032,64)))]), Jmps([Call(Tid(1_370, "%0000055a"), + Attrs([Attr("address","0x63C"), Attr("insn","br x17")]), Int(1,1), +(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(1_622, "@call_weak_fn"), + Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x6B4")]), + "call_weak_fn", Args([Arg(Tid(1_644, "%0000066c"), + Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), +Attr("c.type","signed")]), Var("call_weak_fn_result",Imm(32)), +LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(547, "@call_weak_fn"), + Attrs([Attr("address","0x6B4")]), Phis([]), Defs([Def(Tid(550, "%00000226"), + Attrs([Attr("address","0x6B4"), Attr("insn","adrp x0, #65536")]), + Var("R0",Imm(64)), Int(65536,64)), Def(Tid(557, "%0000022d"), + Attrs([Attr("address","0x6B8"), Attr("insn","ldr x0, [x0, #0xfe8]")]), + Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4072,64)),LittleEndian(),64))]), +Jmps([Goto(Tid(563, "%00000233"), Attrs([Attr("address","0x6BC"), +Attr("insn","cbz x0, #0x8")]), EQ(Var("R0",Imm(64)),Int(0,64)), +Direct(Tid(561, "%00000231"))), Goto(Tid(1_623, "%00000657"), Attrs([]), + Int(1,1), Direct(Tid(1_108, "%00000454")))])), Blk(Tid(561, "%00000231"), + Attrs([Attr("address","0x6C4")]), Phis([]), Defs([]), +Jmps([Call(Tid(569, "%00000239"), Attrs([Attr("address","0x6C4"), +Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), +Blk(Tid(1_108, "%00000454"), Attrs([Attr("address","0x6C0")]), Phis([]), +Defs([]), Jmps([Goto(Tid(1_111, "%00000457"), Attrs([Attr("address","0x6C0"), +Attr("insn","b #-0xa0")]), Int(1,1), +Direct(Tid(1_109, "@__gmon_start__")))])), Blk(Tid(1_109, "@__gmon_start__"), + Attrs([Attr("address","0x620")]), Phis([]), +Defs([Def(Tid(1_330, "%00000532"), Attrs([Attr("address","0x620"), +Attr("insn","adrp x16, #65536")]), Var("R16",Imm(64)), Int(65536,64)), +Def(Tid(1_337, "%00000539"), Attrs([Attr("address","0x624"), +Attr("insn","ldr x17, [x16, #0xfb8]")]), Var("R17",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4024,64)),LittleEndian(),64)), +Def(Tid(1_343, "%0000053f"), Attrs([Attr("address","0x628"), +Attr("insn","add x16, x16, #0xfb8")]), Var("R16",Imm(64)), +PLUS(Var("R16",Imm(64)),Int(4024,64)))]), Jmps([Call(Tid(1_348, "%00000544"), + Attrs([Attr("address","0x62C"), Attr("insn","br x17")]), Int(1,1), +(Indirect(Var("R17",Imm(64))),))]))])), +Sub(Tid(1_624, "@deregister_tm_clones"), + Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x6D0")]), + "deregister_tm_clones", Args([Arg(Tid(1_645, "%0000066d"), + Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), +Attr("c.type","signed")]), Var("deregister_tm_clones_result",Imm(32)), +LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(575, "@deregister_tm_clones"), + Attrs([Attr("address","0x6D0")]), Phis([]), Defs([Def(Tid(578, "%00000242"), + Attrs([Attr("address","0x6D0"), Attr("insn","adrp x0, #69632")]), + Var("R0",Imm(64)), Int(69632,64)), Def(Tid(584, "%00000248"), + Attrs([Attr("address","0x6D4"), Attr("insn","add x0, x0, #0x10")]), + Var("R0",Imm(64)), PLUS(Var("R0",Imm(64)),Int(16,64))), +Def(Tid(589, "%0000024d"), Attrs([Attr("address","0x6D8"), +Attr("insn","adrp x1, #69632")]), Var("R1",Imm(64)), Int(69632,64)), +Def(Tid(595, "%00000253"), Attrs([Attr("address","0x6DC"), +Attr("insn","add x1, x1, #0x10")]), Var("R1",Imm(64)), +PLUS(Var("R1",Imm(64)),Int(16,64))), Def(Tid(601, "%00000259"), + Attrs([Attr("address","0x6E0"), Attr("insn","cmp x1, x0")]), + Var("#1",Imm(64)), NOT(Var("R0",Imm(64)))), Def(Tid(606, "%0000025e"), + Attrs([Attr("address","0x6E0"), Attr("insn","cmp x1, x0")]), + Var("#2",Imm(64)), PLUS(Var("R1",Imm(64)),NOT(Var("R0",Imm(64))))), +Def(Tid(612, "%00000264"), Attrs([Attr("address","0x6E0"), +Attr("insn","cmp x1, x0")]), Var("VF",Imm(1)), +NEQ(SIGNED(65,PLUS(Var("#2",Imm(64)),Int(1,64))),PLUS(PLUS(SIGNED(65,Var("R1",Imm(64))),SIGNED(65,Var("#1",Imm(64)))),Int(1,65)))), +Def(Tid(618, "%0000026a"), Attrs([Attr("address","0x6E0"), +Attr("insn","cmp x1, x0")]), Var("CF",Imm(1)), +NEQ(UNSIGNED(65,PLUS(Var("#2",Imm(64)),Int(1,64))),PLUS(PLUS(UNSIGNED(65,Var("R1",Imm(64))),UNSIGNED(65,Var("#1",Imm(64)))),Int(1,65)))), +Def(Tid(622, "%0000026e"), Attrs([Attr("address","0x6E0"), +Attr("insn","cmp x1, x0")]), Var("ZF",Imm(1)), +EQ(PLUS(Var("#2",Imm(64)),Int(1,64)),Int(0,64))), Def(Tid(626, "%00000272"), + Attrs([Attr("address","0x6E0"), Attr("insn","cmp x1, x0")]), + Var("NF",Imm(1)), Extract(63,63,PLUS(Var("#2",Imm(64)),Int(1,64))))]), +Jmps([Goto(Tid(632, "%00000278"), Attrs([Attr("address","0x6E4"), +Attr("insn","b.eq #0x18")]), EQ(Var("ZF",Imm(1)),Int(1,1)), +Direct(Tid(630, "%00000276"))), Goto(Tid(1_625, "%00000659"), Attrs([]), + Int(1,1), Direct(Tid(1_078, "%00000436")))])), Blk(Tid(1_078, "%00000436"), + Attrs([Attr("address","0x6E8")]), Phis([]), +Defs([Def(Tid(1_081, "%00000439"), Attrs([Attr("address","0x6E8"), +Attr("insn","adrp x1, #65536")]), Var("R1",Imm(64)), Int(65536,64)), +Def(Tid(1_088, "%00000440"), Attrs([Attr("address","0x6EC"), +Attr("insn","ldr x1, [x1, #0xfd8]")]), Var("R1",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R1",Imm(64)),Int(4056,64)),LittleEndian(),64))]), +Jmps([Goto(Tid(1_093, "%00000445"), Attrs([Attr("address","0x6F0"), +Attr("insn","cbz x1, #0xc")]), EQ(Var("R1",Imm(64)),Int(0,64)), +Direct(Tid(630, "%00000276"))), Goto(Tid(1_626, "%0000065a"), Attrs([]), + Int(1,1), Direct(Tid(1_097, "%00000449")))])), Blk(Tid(630, "%00000276"), + Attrs([Attr("address","0x6FC")]), Phis([]), Defs([]), +Jmps([Call(Tid(638, "%0000027e"), Attrs([Attr("address","0x6FC"), +Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), +Blk(Tid(1_097, "%00000449"), Attrs([Attr("address","0x6F4")]), Phis([]), +Defs([Def(Tid(1_101, "%0000044d"), Attrs([Attr("address","0x6F4"), +Attr("insn","mov x16, x1")]), Var("R16",Imm(64)), Var("R1",Imm(64)))]), +Jmps([Call(Tid(1_106, "%00000452"), Attrs([Attr("address","0x6F8"), +Attr("insn","br x16")]), Int(1,1), (Indirect(Var("R16",Imm(64))),))]))])), +Sub(Tid(1_627, "@frame_dummy"), Attrs([Attr("c.proto","signed (*)(void)"), +Attr("address","0x790")]), "frame_dummy", Args([Arg(Tid(1_646, "%0000066e"), + Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), +Attr("c.type","signed")]), Var("frame_dummy_result",Imm(32)), +LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(790, "@frame_dummy"), + Attrs([Attr("address","0x790")]), Phis([]), Defs([]), +Jmps([Call(Tid(792, "%00000318"), Attrs([Attr("address","0x790"), +Attr("insn","b #-0x90")]), Int(1,1), +(Direct(Tid(1_629, "@register_tm_clones")),))]))])), Sub(Tid(1_628, "@main"), + Attrs([Attr("c.proto","signed (*)(signed argc, const char** argv)"), +Attr("address","0x794")]), "main", Args([Arg(Tid(1_647, "%0000066f"), + Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), +Attr("c.type","signed")]), Var("main_argc",Imm(32)), +LOW(32,Var("R0",Imm(64))), In()), Arg(Tid(1_648, "%00000670"), + Attrs([Attr("c.layout","**[char : 8]"), Attr("c.data","Top:u8 ptr ptr"), +Attr("c.type"," const char**")]), Var("main_argv",Imm(64)), +Var("R1",Imm(64)), Both()), Arg(Tid(1_649, "%00000671"), + Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), +Attr("c.type","signed")]), Var("main_result",Imm(32)), +LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(794, "@main"), + Attrs([Attr("address","0x794")]), Phis([]), Defs([Def(Tid(798, "%0000031e"), + Attrs([Attr("address","0x794"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("#4",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))), +Def(Tid(804, "%00000324"), Attrs([Attr("address","0x794"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("#4",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), +Def(Tid(810, "%0000032a"), Attrs([Attr("address","0x794"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("#4",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), +Def(Tid(814, "%0000032e"), Attrs([Attr("address","0x794"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("R31",Imm(64)), +Var("#4",Imm(64))), Def(Tid(820, "%00000334"), + Attrs([Attr("address","0x798"), Attr("insn","mov x29, sp")]), + Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(825, "%00000339"), + Attrs([Attr("address","0x79C"), Attr("insn","adrp x0, #69632")]), + Var("R0",Imm(64)), Int(69632,64)), Def(Tid(831, "%0000033f"), + Attrs([Attr("address","0x7A0"), Attr("insn","add x0, x0, #0x14")]), + Var("R0",Imm(64)), PLUS(Var("R0",Imm(64)),Int(20,64))), +Def(Tid(838, "%00000346"), Attrs([Attr("address","0x7A4"), +Attr("insn","str wzr, [x0]")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Int(0,32),LittleEndian(),32)), +Def(Tid(843, "%0000034b"), Attrs([Attr("address","0x7A8"), +Attr("insn","adrp x0, #69632")]), Var("R0",Imm(64)), Int(69632,64)), +Def(Tid(849, "%00000351"), Attrs([Attr("address","0x7AC"), +Attr("insn","add x0, x0, #0x14")]), Var("R0",Imm(64)), +PLUS(Var("R0",Imm(64)),Int(20,64))), Def(Tid(856, "%00000358"), + Attrs([Attr("address","0x7B0"), Attr("insn","ldr w0, [x0]")]), + Var("R0",Imm(64)), +UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))), +Def(Tid(862, "%0000035e"), Attrs([Attr("address","0x7B4"), +Attr("insn","add w1, w0, #0x1")]), Var("R1",Imm(64)), +UNSIGNED(64,PLUS(Extract(31,0,Var("R0",Imm(64))),Int(1,32)))), +Def(Tid(867, "%00000363"), Attrs([Attr("address","0x7B8"), +Attr("insn","adrp x0, #69632")]), Var("R0",Imm(64)), Int(69632,64)), +Def(Tid(873, "%00000369"), Attrs([Attr("address","0x7BC"), +Attr("insn","add x0, x0, #0x14")]), Var("R0",Imm(64)), +PLUS(Var("R0",Imm(64)),Int(20,64))), Def(Tid(881, "%00000371"), + Attrs([Attr("address","0x7C0"), Attr("insn","str w1, [x0]")]), + Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32)), +Def(Tid(886, "%00000376"), Attrs([Attr("address","0x7C4"), +Attr("insn","adrp x0, #69632")]), Var("R0",Imm(64)), Int(69632,64)), +Def(Tid(892, "%0000037c"), Attrs([Attr("address","0x7C8"), +Attr("insn","add x0, x0, #0x18")]), Var("R0",Imm(64)), +PLUS(Var("R0",Imm(64)),Int(24,64))), Def(Tid(897, "%00000381"), + Attrs([Attr("address","0x7CC"), Attr("insn","bl #-0x18c")]), + Var("R30",Imm(64)), Int(2000,64))]), Jmps([Call(Tid(900, "%00000384"), + Attrs([Attr("address","0x7CC"), Attr("insn","bl #-0x18c")]), Int(1,1), +(Direct(Tid(1_632, "@secret")),Direct(Tid(902, "%00000386"))))])), +Blk(Tid(902, "%00000386"), Attrs([Attr("address","0x7D0")]), Phis([]), +Defs([Def(Tid(905, "%00000389"), Attrs([Attr("address","0x7D0"), +Attr("insn","adrp x0, #69632")]), Var("R0",Imm(64)), Int(69632,64)), +Def(Tid(911, "%0000038f"), Attrs([Attr("address","0x7D4"), +Attr("insn","add x0, x0, #0x18")]), Var("R0",Imm(64)), +PLUS(Var("R0",Imm(64)),Int(24,64))), Def(Tid(918, "%00000396"), + Attrs([Attr("address","0x7D8"), Attr("insn","str wzr, [x0]")]), + Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Int(0,32),LittleEndian(),32)), +Def(Tid(923, "%0000039b"), Attrs([Attr("address","0x7DC"), +Attr("insn","adrp x0, #69632")]), Var("R0",Imm(64)), Int(69632,64)), +Def(Tid(929, "%000003a1"), Attrs([Attr("address","0x7E0"), +Attr("insn","add x0, x0, #0x14")]), Var("R0",Imm(64)), +PLUS(Var("R0",Imm(64)),Int(20,64))), Def(Tid(936, "%000003a8"), + Attrs([Attr("address","0x7E4"), Attr("insn","ldr w0, [x0]")]), + Var("R0",Imm(64)), +UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))), +Def(Tid(942, "%000003ae"), Attrs([Attr("address","0x7E8"), +Attr("insn","add w1, w0, #0x1")]), Var("R1",Imm(64)), +UNSIGNED(64,PLUS(Extract(31,0,Var("R0",Imm(64))),Int(1,32)))), +Def(Tid(947, "%000003b3"), Attrs([Attr("address","0x7EC"), +Attr("insn","adrp x0, #69632")]), Var("R0",Imm(64)), Int(69632,64)), +Def(Tid(953, "%000003b9"), Attrs([Attr("address","0x7F0"), +Attr("insn","add x0, x0, #0x14")]), Var("R0",Imm(64)), +PLUS(Var("R0",Imm(64)),Int(20,64))), Def(Tid(961, "%000003c1"), + Attrs([Attr("address","0x7F4"), Attr("insn","str w1, [x0]")]), + Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32)), +Def(Tid(966, "%000003c6"), Attrs([Attr("address","0x7F8"), +Attr("insn","mov w0, #0x0")]), Var("R0",Imm(64)), Int(0,64)), +Def(Tid(973, "%000003cd"), Attrs([Attr("address","0x7FC"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R29",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), +Def(Tid(978, "%000003d2"), Attrs([Attr("address","0x7FC"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R30",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(982, "%000003d6"), Attrs([Attr("address","0x7FC"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R31",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(987, "%000003db"), + Attrs([Attr("address","0x800"), Attr("insn","ret")]), Int(1,1), +(Indirect(Var("R30",Imm(64))),))]))])), +Sub(Tid(1_629, "@register_tm_clones"), + Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x700")]), + "register_tm_clones", Args([Arg(Tid(1_650, "%00000672"), + Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), +Attr("c.type","signed")]), Var("register_tm_clones_result",Imm(32)), +LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(640, "@register_tm_clones"), Attrs([Attr("address","0x700")]), + Phis([]), Defs([Def(Tid(643, "%00000283"), Attrs([Attr("address","0x700"), +Attr("insn","adrp x0, #69632")]), Var("R0",Imm(64)), Int(69632,64)), +Def(Tid(649, "%00000289"), Attrs([Attr("address","0x704"), +Attr("insn","add x0, x0, #0x10")]), Var("R0",Imm(64)), +PLUS(Var("R0",Imm(64)),Int(16,64))), Def(Tid(654, "%0000028e"), + Attrs([Attr("address","0x708"), Attr("insn","adrp x1, #69632")]), + Var("R1",Imm(64)), Int(69632,64)), Def(Tid(660, "%00000294"), + Attrs([Attr("address","0x70C"), Attr("insn","add x1, x1, #0x10")]), + Var("R1",Imm(64)), PLUS(Var("R1",Imm(64)),Int(16,64))), +Def(Tid(667, "%0000029b"), Attrs([Attr("address","0x710"), +Attr("insn","sub x1, x1, x0")]), Var("R1",Imm(64)), +PLUS(PLUS(Var("R1",Imm(64)),NOT(Var("R0",Imm(64)))),Int(1,64))), +Def(Tid(673, "%000002a1"), Attrs([Attr("address","0x714"), +Attr("insn","lsr x2, x1, #63")]), Var("R2",Imm(64)), +Concat(Int(0,63),Extract(63,63,Var("R1",Imm(64))))), +Def(Tid(680, "%000002a8"), Attrs([Attr("address","0x718"), +Attr("insn","add x1, x2, x1, asr #3")]), Var("R1",Imm(64)), +PLUS(Var("R2",Imm(64)),ARSHIFT(Var("R1",Imm(64)),Int(3,3)))), +Def(Tid(686, "%000002ae"), Attrs([Attr("address","0x71C"), +Attr("insn","asr x1, x1, #1")]), Var("R1",Imm(64)), +SIGNED(64,Extract(63,1,Var("R1",Imm(64)))))]), +Jmps([Goto(Tid(692, "%000002b4"), Attrs([Attr("address","0x720"), +Attr("insn","cbz x1, #0x18")]), EQ(Var("R1",Imm(64)),Int(0,64)), +Direct(Tid(690, "%000002b2"))), Goto(Tid(1_630, "%0000065e"), Attrs([]), + Int(1,1), Direct(Tid(1_048, "%00000418")))])), Blk(Tid(1_048, "%00000418"), + Attrs([Attr("address","0x724")]), Phis([]), +Defs([Def(Tid(1_051, "%0000041b"), Attrs([Attr("address","0x724"), +Attr("insn","adrp x2, #65536")]), Var("R2",Imm(64)), Int(65536,64)), +Def(Tid(1_058, "%00000422"), Attrs([Attr("address","0x728"), +Attr("insn","ldr x2, [x2, #0xff8]")]), Var("R2",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R2",Imm(64)),Int(4088,64)),LittleEndian(),64))]), +Jmps([Goto(Tid(1_063, "%00000427"), Attrs([Attr("address","0x72C"), +Attr("insn","cbz x2, #0xc")]), EQ(Var("R2",Imm(64)),Int(0,64)), +Direct(Tid(690, "%000002b2"))), Goto(Tid(1_631, "%0000065f"), Attrs([]), + Int(1,1), Direct(Tid(1_067, "%0000042b")))])), Blk(Tid(690, "%000002b2"), + Attrs([Attr("address","0x738")]), Phis([]), Defs([]), +Jmps([Call(Tid(698, "%000002ba"), Attrs([Attr("address","0x738"), +Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), +Blk(Tid(1_067, "%0000042b"), Attrs([Attr("address","0x730")]), Phis([]), +Defs([Def(Tid(1_071, "%0000042f"), Attrs([Attr("address","0x730"), +Attr("insn","mov x16, x2")]), Var("R16",Imm(64)), Var("R2",Imm(64)))]), +Jmps([Call(Tid(1_076, "%00000434"), Attrs([Attr("address","0x734"), +Attr("insn","br x16")]), Int(1,1), (Indirect(Var("R16",Imm(64))),))]))])), +Sub(Tid(1_632, "@secret"), Attrs([Attr("c.proto","signed (*)(void)"), +Attr("address","0x640"), Attr("stub","()")]), "secret", + Args([Arg(Tid(1_651, "%00000673"), Attrs([Attr("c.layout","[signed : 32]"), +Attr("c.data","Top:u32"), Attr("c.type","signed")]), + Var("secret_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(898, "@secret"), Attrs([Attr("address","0x640")]), Phis([]), +Defs([Def(Tid(1_374, "%0000055e"), Attrs([Attr("address","0x640"), +Attr("insn","adrp x16, #65536")]), Var("R16",Imm(64)), Int(65536,64)), +Def(Tid(1_381, "%00000565"), Attrs([Attr("address","0x644"), +Attr("insn","ldr x17, [x16, #0xfc8]")]), Var("R17",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4040,64)),LittleEndian(),64)), +Def(Tid(1_387, "%0000056b"), Attrs([Attr("address","0x648"), +Attr("insn","add x16, x16, #0xfc8")]), Var("R16",Imm(64)), +PLUS(Var("R16",Imm(64)),Int(4040,64)))]), Jmps([Call(Tid(1_392, "%00000570"), + Attrs([Attr("address","0x64C"), Attr("insn","br x17")]), Int(1,1), +(Indirect(Var("R17",Imm(64))),))]))]))]))) \ No newline at end of file diff --git a/examples/secret_write_librg/secret_write_librg.bir b/examples/secret_write_librg/secret_write_librg.bir new file mode 100644 index 000000000..d3c5a20df --- /dev/null +++ b/examples/secret_write_librg/secret_write_librg.bir @@ -0,0 +1,267 @@ +00000661: program +0000064a: sub __cxa_finalize(__cxa_finalize_result) +00000662: __cxa_finalize_result :: out u32 = low:32[R0] + +00000414: +0000051c: R16 := 0x10000 +00000523: R17 := mem[R16 + 0xFB0, el]:u64 +00000529: R16 := R16 + 0xFB0 +0000052e: call R17 with noreturn + +0000064b: sub __do_global_dtors_aux(__do_global_dtors_aux_result) +00000663: __do_global_dtors_aux_result :: out u32 = low:32[R0] + +000002be: +000002c2: #3 := R31 - 0x20 +000002c8: mem := mem with [#3, el]:u64 <- R29 +000002ce: mem := mem with [#3 + 8, el]:u64 <- R30 +000002d2: R31 := #3 +000002d8: R29 := R31 +000002e0: mem := mem with [R31 + 0x10, el]:u64 <- R19 +000002e5: R19 := 0x11000 +000002ec: R0 := pad:64[mem[R19 + 0x10]] +000002f3: when 31:0[R0] <> 0 goto %000002f1 +0000064c: goto %000003dd + +000003dd: +000003e0: R0 := 0x10000 +000003e7: R0 := mem[R0 + 0xFE0, el]:u64 +000003ed: when R0 = 0 goto %000003eb +0000064d: goto %00000404 + +00000404: +00000407: R0 := 0x11000 +0000040e: R0 := mem[R0 + 8, el]:u64 +00000413: R30 := 0x770 +00000416: call @__cxa_finalize with return %000003eb + +000003eb: +000003f3: R30 := 0x774 +000003f5: call @deregister_tm_clones with return %000003f7 + +000003f7: +000003fa: R0 := 1 +00000402: mem := mem with [R19 + 0x10] <- 7:0[R0] +0000064e: goto %000002f1 + +000002f1: +000002fb: R19 := mem[R31 + 0x10, el]:u64 +00000302: R29 := mem[R31, el]:u64 +00000307: R30 := mem[R31 + 8, el]:u64 +0000030b: R31 := R31 + 0x20 +00000310: call R30 with noreturn + +0000064f: sub __libc_start_main(__libc_start_main_main, __libc_start_main_arg2, __libc_start_main_arg3, __libc_start_main_auxv, __libc_start_main_result) +00000664: __libc_start_main_main :: in u64 = R0 +00000665: __libc_start_main_arg2 :: in u32 = low:32[R1] +00000666: __libc_start_main_arg3 :: in out u64 = R2 +00000667: __libc_start_main_auxv :: in out u64 = R3 +00000668: __libc_start_main_result :: out u32 = low:32[R0] + +00000217: +00000506: R16 := 0x10000 +0000050d: R17 := mem[R16 + 0xFA8, el]:u64 +00000513: R16 := R16 + 0xFA8 +00000518: call R17 with noreturn + +00000650: sub _fini(_fini_result) +00000669: _fini_result :: out u32 = low:32[R0] + +0000001f: +00000025: #0 := R31 - 0x10 +0000002b: mem := mem with [#0, el]:u64 <- R29 +00000031: mem := mem with [#0 + 8, el]:u64 <- R30 +00000035: R31 := #0 +0000003b: R29 := R31 +00000042: R29 := mem[R31, el]:u64 +00000047: R30 := mem[R31 + 8, el]:u64 +0000004b: R31 := R31 + 0x10 +00000050: call R30 with noreturn + +00000651: sub _init(_init_result) +0000066a: _init_result :: out u32 = low:32[R0] + +0000058c: +00000592: #6 := R31 - 0x10 +00000598: mem := mem with [#6, el]:u64 <- R29 +0000059e: mem := mem with [#6 + 8, el]:u64 <- R30 +000005a2: R31 := #6 +000005a8: R29 := R31 +000005ad: R30 := 0x5D8 +000005af: call @call_weak_fn with return %000005b1 + +000005b1: +000005b6: R29 := mem[R31, el]:u64 +000005bb: R30 := mem[R31 + 8, el]:u64 +000005bf: R31 := R31 + 0x10 +000005c4: call R30 with noreturn + +00000652: sub _start(_start_result) +0000066b: _start_result :: out u32 = low:32[R0] + +000001d8: +000001dd: R29 := 0 +000001e2: R30 := 0 +000001e8: R5 := R0 +000001ef: R1 := mem[R31, el]:u64 +000001f5: R2 := R31 + 8 +000001fb: R6 := R31 +00000200: R0 := 0x10000 +00000207: R0 := mem[R0 + 0xFF0, el]:u64 +0000020c: R3 := 0 +00000211: R4 := 0 +00000216: R30 := 0x6B0 +00000219: call @__libc_start_main with return %0000021b + +0000021b: +0000021e: R30 := 0x6B4 +00000221: call @abort with return %00000653 + +00000653: +00000654: call @call_weak_fn with noreturn + +00000655: sub abort() + + +0000021f: +00000548: R16 := 0x10000 +0000054f: R17 := mem[R16 + 0xFC0, el]:u64 +00000555: R16 := R16 + 0xFC0 +0000055a: call R17 with noreturn + +00000656: sub call_weak_fn(call_weak_fn_result) +0000066c: call_weak_fn_result :: out u32 = low:32[R0] + +00000223: +00000226: R0 := 0x10000 +0000022d: R0 := mem[R0 + 0xFE8, el]:u64 +00000233: when R0 = 0 goto %00000231 +00000657: goto %00000454 + +00000231: +00000239: call R30 with noreturn + +00000454: +00000457: goto @__gmon_start__ + +00000455: +00000532: R16 := 0x10000 +00000539: R17 := mem[R16 + 0xFB8, el]:u64 +0000053f: R16 := R16 + 0xFB8 +00000544: call R17 with noreturn + +00000658: sub deregister_tm_clones(deregister_tm_clones_result) +0000066d: deregister_tm_clones_result :: out u32 = low:32[R0] + +0000023f: +00000242: R0 := 0x11000 +00000248: R0 := R0 + 0x10 +0000024d: R1 := 0x11000 +00000253: R1 := R1 + 0x10 +00000259: #1 := ~R0 +0000025e: #2 := R1 + ~R0 +00000264: VF := extend:65[#2 + 1] <> extend:65[R1] + extend:65[#1] + 1 +0000026a: CF := pad:65[#2 + 1] <> pad:65[R1] + pad:65[#1] + 1 +0000026e: ZF := #2 + 1 = 0 +00000272: NF := 63:63[#2 + 1] +00000278: when ZF goto %00000276 +00000659: goto %00000436 + +00000436: +00000439: R1 := 0x10000 +00000440: R1 := mem[R1 + 0xFD8, el]:u64 +00000445: when R1 = 0 goto %00000276 +0000065a: goto %00000449 + +00000276: +0000027e: call R30 with noreturn + +00000449: +0000044d: R16 := R1 +00000452: call R16 with noreturn + +0000065b: sub frame_dummy(frame_dummy_result) +0000066e: frame_dummy_result :: out u32 = low:32[R0] + +00000316: +00000318: call @register_tm_clones with noreturn + +0000065c: sub main(main_argc, main_argv, main_result) +0000066f: main_argc :: in u32 = low:32[R0] +00000670: main_argv :: in out u64 = R1 +00000671: main_result :: out u32 = low:32[R0] + +0000031a: +0000031e: #4 := R31 - 0x10 +00000324: mem := mem with [#4, el]:u64 <- R29 +0000032a: mem := mem with [#4 + 8, el]:u64 <- R30 +0000032e: R31 := #4 +00000334: R29 := R31 +00000339: R0 := 0x11000 +0000033f: R0 := R0 + 0x14 +00000346: mem := mem with [R0, el]:u32 <- 0 +0000034b: R0 := 0x11000 +00000351: R0 := R0 + 0x14 +00000358: R0 := pad:64[mem[R0, el]:u32] +0000035e: R1 := pad:64[31:0[R0] + 1] +00000363: R0 := 0x11000 +00000369: R0 := R0 + 0x14 +00000371: mem := mem with [R0, el]:u32 <- 31:0[R1] +00000376: R0 := 0x11000 +0000037c: R0 := R0 + 0x18 +00000381: R30 := 0x7D0 +00000384: call @secret with return %00000386 + +00000386: +00000389: R0 := 0x11000 +0000038f: R0 := R0 + 0x18 +00000396: mem := mem with [R0, el]:u32 <- 0 +0000039b: R0 := 0x11000 +000003a1: R0 := R0 + 0x14 +000003a8: R0 := pad:64[mem[R0, el]:u32] +000003ae: R1 := pad:64[31:0[R0] + 1] +000003b3: R0 := 0x11000 +000003b9: R0 := R0 + 0x14 +000003c1: mem := mem with [R0, el]:u32 <- 31:0[R1] +000003c6: R0 := 0 +000003cd: R29 := mem[R31, el]:u64 +000003d2: R30 := mem[R31 + 8, el]:u64 +000003d6: R31 := R31 + 0x10 +000003db: call R30 with noreturn + +0000065d: sub register_tm_clones(register_tm_clones_result) +00000672: register_tm_clones_result :: out u32 = low:32[R0] + +00000280: +00000283: R0 := 0x11000 +00000289: R0 := R0 + 0x10 +0000028e: R1 := 0x11000 +00000294: R1 := R1 + 0x10 +0000029b: R1 := R1 + ~R0 + 1 +000002a1: R2 := 0.63:63[R1] +000002a8: R1 := R2 + (R1 ~>> 3) +000002ae: R1 := extend:64[63:1[R1]] +000002b4: when R1 = 0 goto %000002b2 +0000065e: goto %00000418 + +00000418: +0000041b: R2 := 0x10000 +00000422: R2 := mem[R2 + 0xFF8, el]:u64 +00000427: when R2 = 0 goto %000002b2 +0000065f: goto %0000042b + +000002b2: +000002ba: call R30 with noreturn + +0000042b: +0000042f: R16 := R2 +00000434: call R16 with noreturn + +00000660: sub secret(secret_result) +00000673: secret_result :: out u32 = low:32[R0] + +00000382: +0000055e: R16 := 0x10000 +00000565: R17 := mem[R16 + 0xFC8, el]:u64 +0000056b: R16 := R16 + 0xFC8 +00000570: call R17 with noreturn diff --git a/examples/secret_write_librg/secret_write_librg.c b/examples/secret_write_librg/secret_write_librg.c new file mode 100644 index 000000000..d1ee16be6 --- /dev/null +++ b/examples/secret_write_librg/secret_write_librg.c @@ -0,0 +1,12 @@ +void secret(int* y); + +int z; +int x; + +int main(void) { + z = 0; + z = z + 1; + secret(&x); + x = 0; + z = z + 1; +} \ No newline at end of file diff --git a/examples/secret_write_librg/secret_write_librg.relf b/examples/secret_write_librg/secret_write_librg.relf new file mode 100644 index 000000000..36661d5d3 --- /dev/null +++ b/examples/secret_write_librg/secret_write_librg.relf @@ -0,0 +1,125 @@ + +Relocation section '.rela.dyn' at offset 0x490 contains 8 entries: + Offset Info Type Symbol's Value Symbol's Name + Addend +0000000000010d80 0000000000000403 R_AARCH64_RELATIVE 790 +0000000000010d88 0000000000000403 R_AARCH64_RELATIVE 740 +0000000000010ff0 0000000000000403 R_AARCH64_RELATIVE 794 +0000000000011008 0000000000000403 R_AARCH64_RELATIVE 11008 +0000000000010fd8 0000000400000401 R_AARCH64_GLOB_DAT 0000000000000000 _ITM_deregisterTMCloneTable + 0 +0000000000010fe0 0000000500000401 R_AARCH64_GLOB_DAT 0000000000000000 __cxa_finalize@GLIBC_2.17 + 0 +0000000000010fe8 0000000600000401 R_AARCH64_GLOB_DAT 0000000000000000 __gmon_start__ + 0 +0000000000010ff8 0000000900000401 R_AARCH64_GLOB_DAT 0000000000000000 _ITM_registerTMCloneTable + 0 + +Relocation section '.rela.plt' at offset 0x550 contains 5 entries: + Offset Info Type Symbol's Value Symbol's Name + Addend +0000000000010fa8 0000000300000402 R_AARCH64_JUMP_SLOT 0000000000000000 __libc_start_main@GLIBC_2.34 + 0 +0000000000010fb0 0000000500000402 R_AARCH64_JUMP_SLOT 0000000000000000 __cxa_finalize@GLIBC_2.17 + 0 +0000000000010fb8 0000000600000402 R_AARCH64_JUMP_SLOT 0000000000000000 __gmon_start__ + 0 +0000000000010fc0 0000000700000402 R_AARCH64_JUMP_SLOT 0000000000000000 abort@GLIBC_2.17 + 0 +0000000000010fc8 0000000800000402 R_AARCH64_JUMP_SLOT 0000000000000000 secret + 0 + +Symbol table '.dynsym' contains 10 entries: + Num: Value Size Type Bind Vis Ndx Name + 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND + 1: 00000000000005c8 0 SECTION LOCAL DEFAULT 11 .init + 2: 0000000000011000 0 SECTION LOCAL DEFAULT 22 .data + 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.34 (2) + 4: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable + 5: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.17 (3) + 6: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ + 7: 0000000000000000 0 FUNC GLOBAL DEFAULT UND abort@GLIBC_2.17 (3) + 8: 0000000000000000 0 FUNC GLOBAL DEFAULT UND secret + 9: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable + +Symbol table '.symtab' contains 90 entries: + Num: Value Size Type Bind Vis Ndx Name + 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND + 1: 0000000000000238 0 SECTION LOCAL DEFAULT 1 .interp + 2: 0000000000000254 0 SECTION LOCAL DEFAULT 2 .note.gnu.build-id + 3: 0000000000000278 0 SECTION LOCAL DEFAULT 3 .note.ABI-tag + 4: 0000000000000298 0 SECTION LOCAL DEFAULT 4 .gnu.hash + 5: 00000000000002b8 0 SECTION LOCAL DEFAULT 5 .dynsym + 6: 00000000000003a8 0 SECTION LOCAL DEFAULT 6 .dynstr + 7: 000000000000044a 0 SECTION LOCAL DEFAULT 7 .gnu.version + 8: 0000000000000460 0 SECTION LOCAL DEFAULT 8 .gnu.version_r + 9: 0000000000000490 0 SECTION LOCAL DEFAULT 9 .rela.dyn + 10: 0000000000000550 0 SECTION LOCAL DEFAULT 10 .rela.plt + 11: 00000000000005c8 0 SECTION LOCAL DEFAULT 11 .init + 12: 00000000000005e0 0 SECTION LOCAL DEFAULT 12 .plt + 13: 0000000000000680 0 SECTION LOCAL DEFAULT 13 .text + 14: 0000000000000804 0 SECTION LOCAL DEFAULT 14 .fini + 15: 0000000000000818 0 SECTION LOCAL DEFAULT 15 .rodata + 16: 000000000000081c 0 SECTION LOCAL DEFAULT 16 .eh_frame_hdr + 17: 0000000000000858 0 SECTION LOCAL DEFAULT 17 .eh_frame + 18: 0000000000010d80 0 SECTION LOCAL DEFAULT 18 .init_array + 19: 0000000000010d88 0 SECTION LOCAL DEFAULT 19 .fini_array + 20: 0000000000010d90 0 SECTION LOCAL DEFAULT 20 .dynamic + 21: 0000000000010f90 0 SECTION LOCAL DEFAULT 21 .got + 22: 0000000000011000 0 SECTION LOCAL DEFAULT 22 .data + 23: 0000000000011010 0 SECTION LOCAL DEFAULT 23 .bss + 24: 0000000000000000 0 SECTION LOCAL DEFAULT 24 .comment + 25: 0000000000000000 0 FILE LOCAL DEFAULT ABS Scrt1.o + 26: 0000000000000278 0 NOTYPE LOCAL DEFAULT 3 $d + 27: 0000000000000278 32 OBJECT LOCAL DEFAULT 3 __abi_tag + 28: 0000000000000680 0 NOTYPE LOCAL DEFAULT 13 $x + 29: 000000000000086c 0 NOTYPE LOCAL DEFAULT 17 $d + 30: 0000000000000818 0 NOTYPE LOCAL DEFAULT 15 $d + 31: 0000000000000000 0 FILE LOCAL DEFAULT ABS crti.o + 32: 00000000000006b4 0 NOTYPE LOCAL DEFAULT 13 $x + 33: 00000000000006b4 20 FUNC LOCAL DEFAULT 13 call_weak_fn + 34: 00000000000005c8 0 NOTYPE LOCAL DEFAULT 11 $x + 35: 0000000000000804 0 NOTYPE LOCAL DEFAULT 14 $x + 36: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtn.o + 37: 00000000000005d8 0 NOTYPE LOCAL DEFAULT 11 $x + 38: 0000000000000810 0 NOTYPE LOCAL DEFAULT 14 $x + 39: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c + 40: 00000000000006d0 0 NOTYPE LOCAL DEFAULT 13 $x + 41: 00000000000006d0 0 FUNC LOCAL DEFAULT 13 deregister_tm_clones + 42: 0000000000000700 0 FUNC LOCAL DEFAULT 13 register_tm_clones + 43: 0000000000011008 0 NOTYPE LOCAL DEFAULT 22 $d + 44: 0000000000000740 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux + 45: 0000000000011010 1 OBJECT LOCAL DEFAULT 23 completed.0 + 46: 0000000000010d88 0 NOTYPE LOCAL DEFAULT 19 $d + 47: 0000000000010d88 0 OBJECT LOCAL DEFAULT 19 __do_global_dtors_aux_fini_array_entry + 48: 0000000000000790 0 FUNC LOCAL DEFAULT 13 frame_dummy + 49: 0000000000010d80 0 NOTYPE LOCAL DEFAULT 18 $d + 50: 0000000000010d80 0 OBJECT LOCAL DEFAULT 18 __frame_dummy_init_array_entry + 51: 0000000000000880 0 NOTYPE LOCAL DEFAULT 17 $d + 52: 0000000000011010 0 NOTYPE LOCAL DEFAULT 23 $d + 53: 0000000000000000 0 FILE LOCAL DEFAULT ABS secret_write_librg.c + 54: 0000000000011014 0 NOTYPE LOCAL DEFAULT 23 $d + 55: 0000000000000794 0 NOTYPE LOCAL DEFAULT 13 $x + 56: 00000000000008e0 0 NOTYPE LOCAL DEFAULT 17 $d + 57: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c + 58: 0000000000000900 0 NOTYPE LOCAL DEFAULT 17 $d + 59: 0000000000000900 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ + 60: 0000000000000000 0 FILE LOCAL DEFAULT ABS + 61: 0000000000010d90 0 OBJECT LOCAL DEFAULT ABS _DYNAMIC + 62: 000000000000081c 0 NOTYPE LOCAL DEFAULT 16 __GNU_EH_FRAME_HDR + 63: 0000000000010fd0 0 OBJECT LOCAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_ + 64: 00000000000005e0 0 NOTYPE LOCAL DEFAULT 12 $x + 65: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.34 + 66: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable + 67: 0000000000011000 0 NOTYPE WEAK DEFAULT 22 data_start + 68: 0000000000011010 0 NOTYPE GLOBAL DEFAULT 23 __bss_start__ + 69: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.17 + 70: 0000000000011020 0 NOTYPE GLOBAL DEFAULT 23 _bss_end__ + 71: 0000000000011010 0 NOTYPE GLOBAL DEFAULT 22 _edata + 72: 0000000000011014 4 OBJECT GLOBAL DEFAULT 23 z + 73: 0000000000011018 4 OBJECT GLOBAL DEFAULT 23 x + 74: 0000000000000804 0 FUNC GLOBAL HIDDEN 14 _fini + 75: 0000000000011020 0 NOTYPE GLOBAL DEFAULT 23 __bss_end__ + 76: 0000000000011000 0 NOTYPE GLOBAL DEFAULT 22 __data_start + 77: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ + 78: 0000000000011008 0 OBJECT GLOBAL HIDDEN 22 __dso_handle + 79: 0000000000000000 0 FUNC GLOBAL DEFAULT UND abort@GLIBC_2.17 + 80: 0000000000000818 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used + 81: 0000000000000000 0 FUNC GLOBAL DEFAULT UND secret + 82: 0000000000011020 0 NOTYPE GLOBAL DEFAULT 23 _end + 83: 0000000000000680 52 FUNC GLOBAL DEFAULT 13 _start + 84: 0000000000011020 0 NOTYPE GLOBAL DEFAULT 23 __end__ + 85: 0000000000011010 0 NOTYPE GLOBAL DEFAULT 23 __bss_start + 86: 0000000000000794 112 FUNC GLOBAL DEFAULT 13 main + 87: 0000000000011010 0 OBJECT GLOBAL HIDDEN 22 __TMC_END__ + 88: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable + 89: 00000000000005c8 0 FUNC GLOBAL HIDDEN 11 _init diff --git a/examples/secret_write_librg/secret_write_librg.spec b/examples/secret_write_librg/secret_write_librg.spec new file mode 100644 index 000000000..b7380bd5b --- /dev/null +++ b/examples/secret_write_librg/secret_write_librg.spec @@ -0,0 +1,18 @@ +Globals: +x: int +z: int + +L: z -> true, x -> z mod 2bv32 == 0bv32 +Rely: (z mod 2bv32 == 0bv32 ==> old(Gamma_x) ==> Gamma_x) && z == old(z) +Guarantee: z >= old(z) + +Subroutine: main +Requires: Gamma_x == true +Requires: Gamma_z == true +Requires: z == 0bv32 + +Subroutine: secret +Requires: z mod 2bv32 == 1bv32 +Ensures: !Gamma_x && (z mod 2bv32 == 1bv32) +Rely: (!old(Gamma_x) ==> !Gamma_x) && old(z) == z +Guarantee: (!old(Gamma_x) ==> !Gamma_x) && old(z) == z \ No newline at end of file diff --git a/src/main/antlr4/Specifications.g4 b/src/main/antlr4/Specifications.g4 index c476ebdb2..636647048 100644 --- a/src/main/antlr4/Specifications.g4 +++ b/src/main/antlr4/Specifications.g4 @@ -27,7 +27,7 @@ directFunction: MEMORY_LOAD_DIRECT #memoryLoad | BVOP_DIRECT #bvOp ; -subroutine: 'Subroutine:' id modifies? requires* ensures*; +subroutine: 'Subroutine:' id modifies? requires* ensures* relies? guarantees?; modifies: 'Modifies:' id (COMMA id)*; requires: 'Requires:' expr #parsedRequires | 'Requires DIRECT:' QUOTESTRING #directRequires @@ -56,6 +56,7 @@ factor : arg1=unaryExpr ( op=mulDivModOp arg2=unaryExpr )? ; unaryExpr : atomExpr #atomUnaryExpr | SUB_OP unaryExpr #negExpr + | NOT_OP unaryExpr #notExpr ; atomExpr : boolLit #boolLitExpr @@ -131,6 +132,7 @@ GE_OP : '>='; ADD_OP : '+'; SUB_OP : '-'; MUL_OP : '*'; +NOT_OP : '!'; COLON: ':'; fragment UNDERSCORE: '_'; diff --git a/src/main/scala/boogie/BExpr.scala b/src/main/scala/boogie/BExpr.scala index 2c5dd37b7..2b98e9c83 100644 --- a/src/main/scala/boogie/BExpr.scala +++ b/src/main/scala/boogie/BExpr.scala @@ -14,6 +14,10 @@ trait BExpr { def removeOld: BExpr = this def resolveSpecL: BExpr = this def resolveInsideOld: BExpr = this + def resolveSpecParam: BExpr = this + def resolveSpecParamOld: BExpr = this + def resolveSpecInv: BExpr = this + def resolveSpecInvOld: BExpr = this def loads: Set[BExpr] = Set() } @@ -54,6 +58,10 @@ case class BVExtract(end: Int, start: Int, body: BExpr) extends BExpr { override def specGlobals: Set[SpecGlobalOrAccess] = body.specGlobals override def oldSpecGlobals: Set[SpecGlobalOrAccess] = body.oldSpecGlobals override def resolveSpec: BVExtract = copy(body = body.resolveSpec) + override def resolveSpecInv: BVExtract = copy(body = body.resolveSpecInv) + override def resolveSpecInvOld: BVExtract = copy(body = body.resolveSpecInvOld) + override def resolveSpecParam: BVExtract = copy(body = body.resolveSpecParam) + override def resolveSpecParamOld: BVExtract = copy(body = body.resolveSpecParamOld) override def resolveSpecL: BVExtract = copy(body = body.resolveSpecL) override def resolveOld: BVExtract = copy(body = body.resolveOld) override def resolveInsideOld: BVExtract = copy(body = body.resolveInsideOld) @@ -81,6 +89,10 @@ case class BVRepeat(repeats: Int, body: BExpr) extends BExpr { override def specGlobals: Set[SpecGlobalOrAccess] = body.specGlobals override def oldSpecGlobals: Set[SpecGlobalOrAccess] = body.oldSpecGlobals override def resolveSpec: BVRepeat = copy(body = body.resolveSpec) + override def resolveSpecInv: BVRepeat = copy(body = body.resolveSpecInv) + override def resolveSpecInvOld: BVRepeat = copy(body = body.resolveSpecInvOld) + override def resolveSpecParam: BVRepeat = copy(body = body.resolveSpecParam) + override def resolveSpecParamOld: BVRepeat = copy(body = body.resolveSpecParamOld) override def resolveSpecL: BVRepeat = copy(body = body.resolveSpecL) override def resolveOld: BVRepeat = copy(body = body.resolveOld) override def resolveInsideOld: BVRepeat = copy(body = body.resolveInsideOld) @@ -109,6 +121,10 @@ case class BVZeroExtend(extension: Int, body: BExpr) extends BExpr { override def specGlobals: Set[SpecGlobalOrAccess] = body.specGlobals override def oldSpecGlobals: Set[SpecGlobalOrAccess] = body.oldSpecGlobals override def resolveSpec: BVZeroExtend = copy(body = body.resolveSpec) + override def resolveSpecInv: BVZeroExtend = copy(body = body.resolveSpecInv) + override def resolveSpecInvOld: BVZeroExtend = copy(body = body.resolveSpecInvOld) + override def resolveSpecParam: BVZeroExtend = copy(body = body.resolveSpecParam) + override def resolveSpecParamOld: BVZeroExtend = copy(body = body.resolveSpecParamOld) override def resolveSpecL: BVZeroExtend = copy(body = body.resolveSpecL) override def resolveOld: BExpr = copy(body = body.resolveOld) override def resolveInsideOld: BExpr = copy(body = body.resolveInsideOld) @@ -138,6 +154,10 @@ case class BVSignExtend(extension: Int, body: BExpr) extends BExpr { override def oldSpecGlobals: Set[SpecGlobalOrAccess] = body.oldSpecGlobals override def resolveSpecL: BVSignExtend = copy(body = body.resolveSpecL) override def resolveSpec: BVSignExtend = copy(body = body.resolveSpec) + override def resolveSpecInv: BVSignExtend = copy(body = body.resolveSpecInv) + override def resolveSpecInvOld: BVSignExtend = copy(body = body.resolveSpecInvOld) + override def resolveSpecParam: BVSignExtend = copy(body = body.resolveSpecParam) + override def resolveSpecParamOld: BVSignExtend = copy(body = body.resolveSpecParamOld) override def resolveOld: BExpr = copy(body = body.resolveOld) override def resolveInsideOld: BExpr = copy(body = body.resolveInsideOld) override def removeOld: BExpr = copy(body = body.removeOld) @@ -193,6 +213,10 @@ case class BFunctionCall(name: String, args: List[BExpr], bType: BType) extends override def specGlobals: Set[SpecGlobalOrAccess] = args.flatMap(a => a.specGlobals).toSet override def oldSpecGlobals: Set[SpecGlobalOrAccess] = args.flatMap(a => a.oldSpecGlobals).toSet override def resolveSpec: BFunctionCall = copy(args = args.map(a => a.resolveSpec)) + override def resolveSpecInv: BFunctionCall = copy(args = args.map(a => a.resolveSpecInv)) + override def resolveSpecInvOld: BFunctionCall = copy(args = args.map(a => a.resolveSpecInvOld)) + override def resolveSpecParam: BFunctionCall = copy(args = args.map(a => a.resolveSpecParam)) + override def resolveSpecParamOld: BFunctionCall = copy(args = args.map(a => a.resolveSpecParamOld)) override def resolveSpecL: BFunctionCall = copy(args = args.map(a => a.resolveSpecL)) override def resolveOld: BExpr = copy(args = args.map(a => a.resolveOld)) override def removeOld: BExpr = copy(args = args.map(a => a.removeOld)) @@ -235,6 +259,22 @@ case class UnaryBExpr(op: UnOp, arg: BExpr) extends BExpr { case i: IntUnOp => copy(op = i.toBV, arg = arg.resolveSpec) case _ => copy(arg = arg.resolveSpec) } + override def resolveSpecInv: UnaryBExpr = op match { + case i: IntUnOp => copy(op = i.toBV, arg = arg.resolveSpecInv) + case _ => copy(arg = arg.resolveSpecInv) + } + override def resolveSpecInvOld: UnaryBExpr = op match { + case i: IntUnOp => copy(op = i.toBV, arg = arg.resolveSpecInvOld) + case _ => copy(arg = arg.resolveSpecInvOld) + } + override def resolveSpecParam: UnaryBExpr = op match { + case i: IntUnOp => copy(op = i.toBV, arg = arg.resolveSpecParam) + case _ => copy(arg = arg.resolveSpecParam) + } + override def resolveSpecParamOld: UnaryBExpr = op match { + case i: IntUnOp => copy(op = i.toBV, arg = arg.resolveSpecParamOld) + case _ => copy(arg = arg.resolveSpecParamOld) + } override def resolveSpecL: UnaryBExpr = op match { case i: IntUnOp => copy(op = i.toBV, arg = arg.resolveSpecL) case _ => copy(arg = arg.resolveSpecL) @@ -334,6 +374,26 @@ case class BinaryBExpr(op: BinOp, arg1: BExpr, arg2: BExpr) extends BExpr { case _ => copy(arg1 = arg1.resolveSpec, arg2 = arg2.resolveSpec) } + override def resolveSpecInv: BinaryBExpr = op match { + case i: IntBinOp => copy(op = i.toBV, arg1 = arg1.resolveSpecInv, arg2 = arg2.resolveSpecInv) + case _ => copy(arg1 = arg1.resolveSpecInv, arg2 = arg2.resolveSpecInv) + } + + override def resolveSpecInvOld: BinaryBExpr = op match { + case i: IntBinOp => copy(op = i.toBV, arg1 = arg1.resolveSpecInvOld, arg2 = arg2.resolveSpecInvOld) + case _ => copy(arg1 = arg1.resolveSpecInvOld, arg2 = arg2.resolveSpecInvOld) + } + + override def resolveSpecParamOld: BinaryBExpr = op match { + case i: IntBinOp => copy(op = i.toBV, arg1 = arg1.resolveSpec, arg2 = arg2.resolveSpecParamOld) + case _ => copy(arg1 = arg1.resolveSpecParamOld, arg2 = arg2.resolveSpecParamOld) + } + + override def resolveSpecParam: BinaryBExpr = op match { + case i: IntBinOp => copy(op = i.toBV, arg1 = arg1.resolveSpecParam, arg2 = arg2.resolveSpecParam) + case _ => copy(arg1 = arg1.resolveSpecParam, arg2 = arg2.resolveSpecParam) + } + override def resolveSpecL: BinaryBExpr = op match { case i: IntBinOp => copy(op = i.toBV, arg1 = arg1.resolveSpecL, arg2 = arg2.resolveSpecL) case _ => copy(arg1 = arg1.resolveSpecL, arg2 = arg2.resolveSpecL) @@ -374,6 +434,14 @@ case class IfThenElse(guard: BExpr, thenExpr: BExpr, elseExpr: BExpr) extends BE guard.oldSpecGlobals ++ thenExpr.oldSpecGlobals ++ elseExpr.oldSpecGlobals override def resolveSpec: IfThenElse = copy(guard = guard.resolveSpec, thenExpr = thenExpr.resolveSpec, elseExpr = elseExpr.resolveSpec) + override def resolveSpecInv: IfThenElse = + copy(guard = guard.resolveSpecInv, thenExpr = thenExpr.resolveSpecInv, elseExpr = elseExpr.resolveSpecInv) + override def resolveSpecInvOld: IfThenElse = + copy(guard = guard.resolveSpecInvOld, thenExpr = thenExpr.resolveSpecInvOld, elseExpr = elseExpr.resolveSpecInvOld) + override def resolveSpecParam: IfThenElse = + copy(guard = guard.resolveSpecParam, thenExpr = thenExpr.resolveSpecParam, elseExpr = elseExpr.resolveSpecParam) + override def resolveSpecParamOld: IfThenElse = + copy(guard = guard.resolveSpecParamOld, thenExpr = thenExpr.resolveSpecParamOld, elseExpr = elseExpr.resolveSpecParamOld) override def resolveSpecL: IfThenElse = copy(guard = guard.resolveSpecL, thenExpr = thenExpr.resolveSpecL, elseExpr = elseExpr.resolveSpecL) override def resolveOld: IfThenElse = @@ -418,6 +486,8 @@ case class Old(body: BExpr) extends BExpr { override def locals: Set[BVar] = body.locals override def globals: Set[BVar] = body.globals override def oldSpecGlobals: Set[SpecGlobalOrAccess] = body.specGlobals + override def resolveSpecParam: BExpr = body.resolveSpecParamOld + override def resolveSpecInv: BExpr = body.resolveSpecInvOld override def resolveSpec: BExpr = copy(body = body.resolveSpec) override def resolveSpecL: BExpr = copy(body = body.resolveSpecL) override def resolveOld: BExpr = body.resolveInsideOld diff --git a/src/main/scala/specification/Specification.scala b/src/main/scala/specification/Specification.scala index 754d0e43b..6ae8d8cfe 100644 --- a/src/main/scala/specification/Specification.scala +++ b/src/main/scala/specification/Specification.scala @@ -30,6 +30,30 @@ case class SpecGlobal(name: String, override val size: Int, arraySize: Option[In Endian.LittleEndian, size ) + override def resolveSpecParam: BMemoryLoad = BMemoryLoad( + BMapVar("mem$out", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter), + toAddrVar, + Endian.LittleEndian, + size + ) + override def resolveSpecParamOld: BMemoryLoad = BMemoryLoad( + BMapVar("mem$in", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter), + toAddrVar, + Endian.LittleEndian, + size + ) + override def resolveSpecInv: BMemoryLoad = BMemoryLoad( + BMapVar("mem$inv2", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Local), + toAddrVar, + Endian.LittleEndian, + size + ) + override def resolveSpecInvOld: BMemoryLoad = BMemoryLoad( + BMapVar("mem$inv1", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Local), + toAddrVar, + Endian.LittleEndian, + size + ) override def resolveOld: BMemoryLoad = resolveSpec override def resolveInsideOld: BExpr = toOldVar override def removeOld: BMemoryLoad = resolveSpec @@ -49,6 +73,30 @@ case class SpecGamma(global: SpecGlobal) extends SpecVar { global.size, global.size / 8 ) + override def resolveSpecParam: GammaLoad = GammaLoad( + BMapVar("Gamma_mem$out", MapBType(BitVecBType(64), BoolBType), Scope.Parameter), + global.toAddrVar, + global.size, + global.size / 8 + ) + override def resolveSpecParamOld: GammaLoad = GammaLoad( + BMapVar("Gamma_mem$in", MapBType(BitVecBType(64), BoolBType), Scope.Parameter), + global.toAddrVar, + global.size, + global.size / 8 + ) + override def resolveSpecInv: GammaLoad = GammaLoad( + BMapVar("Gamma_mem$inv2", MapBType(BitVecBType(64), BoolBType), Scope.Local), + global.toAddrVar, + global.size, + global.size / 8 + ) + override def resolveSpecInvOld: GammaLoad = GammaLoad( + BMapVar("Gamma_mem$inv1", MapBType(BitVecBType(64), BoolBType), Scope.Local), + global.toAddrVar, + global.size, + global.size / 8 + ) override def resolveOld: GammaLoad = resolveSpec override def resolveInsideOld: BExpr = global.toOldGamma override def removeOld: GammaLoad = resolveSpec @@ -68,6 +116,31 @@ case class ArrayAccess(global: SpecGlobal, index: Int) extends SpecGlobalOrAcces Endian.LittleEndian, global.size ) + override def resolveSpecParam: BMemoryLoad = BMemoryLoad( + BMapVar("mem$out", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter), + toAddrVar, + Endian.LittleEndian, + global.size + ) + override def resolveSpecParamOld: BMemoryLoad = BMemoryLoad( + BMapVar("mem$in", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter), + toAddrVar, + Endian.LittleEndian, + global.size + ) + + override def resolveSpecInv: BMemoryLoad = BMemoryLoad( + BMapVar("mem$inv2", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Local), + toAddrVar, + Endian.LittleEndian, + global.size + ) + override def resolveSpecInvOld: BMemoryLoad = BMemoryLoad( + BMapVar("mem$inv1", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Local), + toAddrVar, + Endian.LittleEndian, + global.size + ) override def resolveOld: BMemoryLoad = resolveSpec override def resolveInsideOld: BExpr = toOldVar override def removeOld: BMemoryLoad = resolveSpec @@ -102,7 +175,9 @@ case class SubroutineSpec( requiresDirect: List[String], ensures: List[BExpr], ensuresDirect: List[String], - modifies: List[String] + modifies: List[String], + rely: List[BExpr], + guarantee: List[BExpr] ) case class ExternalFunction(name: String, offset: BigInt) diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala index 42d1b14d5..054778c44 100644 --- a/src/main/scala/translating/IRToBoogie.scala +++ b/src/main/scala/translating/IRToBoogie.scala @@ -13,6 +13,7 @@ class IRToBoogie(var program: Program, var spec: Specification) { private val controls = spec.controls private val controlled = spec.controlled private val relies = spec.relies.map(r => r.resolveSpec) + private val reliesParam = spec.relies.map(r => r.resolveSpecParam) private val reliesReflexive = spec.relies.map(r => r.removeOld) private val guarantees = spec.guarantees.map(g => g.resolveOld) private val guaranteesReflexive = spec.guarantees.map(g => g.removeOld) @@ -22,6 +23,8 @@ class IRToBoogie(var program: Program, var spec: Specification) { private val requiresDirect = spec.subroutines.map(s => s.name -> s.requiresDirect).toMap private val ensures = spec.subroutines.map(s => s.name -> s.ensures.map(e => e.resolveSpec)).toMap private val ensuresDirect = spec.subroutines.map(s => s.name -> s.ensuresDirect).toMap + private val libRelies = spec.subroutines.map(s => s.name -> s.rely).toMap + private val libGuarantees = spec.subroutines.map(s => s.name -> s.guarantee).toMap private val directFunctions = spec.directFunctions private val mem = BMapVar("mem", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Global) @@ -29,6 +32,17 @@ class IRToBoogie(var program: Program, var spec: Specification) { private val stack = BMapVar("stack", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Global) private val Gamma_stack = BMapVar("Gamma_stack", MapBType(BitVecBType(64), BoolBType), Scope.Global) + private val mem_in = BMapVar("mem$in", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter) + private val Gamma_mem_in = BMapVar("Gamma_mem$in", MapBType(BitVecBType(64), BoolBType), Scope.Parameter) + private val mem_out = BMapVar("mem$out", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Parameter) + private val Gamma_mem_out = BMapVar("Gamma_mem$out", MapBType(BitVecBType(64), BoolBType), Scope.Parameter) + + private val mem_inv1 = BMapVar("mem$inv1", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Local) + private val Gamma_mem_inv1 = BMapVar("Gamma_mem$inv1", MapBType(BitVecBType(64), BoolBType), Scope.Local) + private val mem_inv2 = BMapVar("mem$inv2", MapBType(BitVecBType(64), BitVecBType(8)), Scope.Local) + private val Gamma_mem_inv2 = BMapVar("Gamma_mem$inv2", MapBType(BitVecBType(64), BoolBType), Scope.Local) + + private var config: BoogieGeneratorConfig = BoogieGeneratorConfig() private val modifiedCheck: Set[BVar] = (for (i <- 19 to 29) yield { Set(BVariable("R" + i, BitVecBType(64), Scope.Global), BVariable("Gamma_R" + i, BoolBType, Scope.Global)) @@ -65,16 +79,23 @@ class IRToBoogie(var program: Program, var spec: Specification) { val rgProcs = genRely(relies, readOnlyMemory) :+ guaranteeReflexive - val functionsUsed1 = - procedures.flatMap(p => p.functionOps).toSet ++ + // if rely/guarantee lib exist, create genRelyInv, and genInv for every procedure where rely/guarantee lib exist + val rgLib = if (libRelies.values.flatten.nonEmpty && libGuarantees.values.flatten.nonEmpty) { + List(genRelyInv) ++ libGuarantees.flatMap((k, v) => if v.nonEmpty then Some(genInv(k)) else None) + } else { + List() + } + + val functionsUsed1 = procedures.flatMap(p => p.functionOps).toSet ++ rgProcs.flatMap(p => p.functionOps).toSet ++ + rgLib.flatMap(p => p.functionOps).toSet ++ directFunctions val functionsUsed2 = functionsUsed1.map(p => functionOpToDefinition(p)) val functionsUsed3 = functionsUsed2.flatMap(p => p.functionOps).map(p => functionOpToDefinition(p)) val functionsUsed4 = functionsUsed3.flatMap(p => p.functionOps).map(p => functionOpToDefinition(p)) val functionsUsed = (functionsUsed2 ++ functionsUsed3 ++ functionsUsed4).toList.sorted - val declarations = globalDecls ++ globalConsts ++ functionsUsed ++ pushUpModifiesFixedPoint(rgProcs ++ procedures) + val declarations = globalDecls ++ globalConsts ++ functionsUsed ++ rgLib ++ pushUpModifiesFixedPoint(rgProcs ++ procedures) BProgram(declarations) } @@ -102,6 +123,59 @@ class IRToBoogie(var program: Program, var spec: Specification) { List(relyProc, relyTransitive, relyReflexive) } + def genRelyInv: BProcedure = { + val reliesUsed = if (reliesParam.nonEmpty) { + reliesParam + } else { + // default case where no rely is given - rely on no external changes + List(BinaryBExpr(BVEQ, mem_out, mem_in), BinaryBExpr(BVEQ, Gamma_mem_out, Gamma_mem_in)) + } + val relyEnsures = if (reliesParam.nonEmpty) { + val i = BVariable("i", BitVecBType(64), Scope.Local) + val rely2 = ForAll(List(i), BinaryBExpr(BoolIMPLIES, BinaryBExpr(BVEQ, MapAccess(mem_out, i), MapAccess(mem_in, i)), BinaryBExpr(BVEQ, MapAccess(Gamma_mem_out, i), MapAccess(Gamma_mem_in, i)))) + List(rely2) ++ reliesUsed + } else { + reliesUsed + } + BProcedure("rely$inv", List(mem_in, Gamma_mem_in), List(mem_out, Gamma_mem_out), relyEnsures, List(), List(), List(), List(), List(), + Set(), List(), List(externAttr)) + } + + def genInv(name: String): BProcedure = { + // reliesParam OR procGuaranteeParam + + val reliesUsed = if (reliesParam.nonEmpty) { + reliesParam + } else { + // default case where no rely is given - rely on no external changes + List(BinaryBExpr(BVEQ, mem_out, mem_in), BinaryBExpr(BVEQ, Gamma_mem_out, Gamma_mem_in)) + } + val relyEnsures = if (reliesParam.nonEmpty) { + val i = BVariable("i", BitVecBType(64), Scope.Local) + val rely2 = ForAll(List(i), BinaryBExpr(BoolIMPLIES, BinaryBExpr(BVEQ, MapAccess(mem_out, i), MapAccess(mem_in, i)), BinaryBExpr(BVEQ, MapAccess(Gamma_mem_out, i), MapAccess(Gamma_mem_in, i)))) + List(rely2) ++ reliesUsed + } else { + reliesUsed + } + val relyOneLine = if (relyEnsures.size > 1) { + relyEnsures.tail.foldLeft(relyEnsures.head)((ands: BExpr, next: BExpr) => BinaryBExpr(BoolAND, ands, next)) + } else { + relyEnsures.head + } + + val guaranteeEnsures = libGuarantees(name).map(g => g.resolveSpecParam) + val guaranteeOneLine = if (guaranteeEnsures.size > 1) { + guaranteeEnsures.tail.foldLeft(guaranteeEnsures.head)((ands: BExpr, next: BExpr) => BinaryBExpr(BoolAND, ands, next)) + } else { + guaranteeEnsures.head + } + + val invEnsures = List(BinaryBExpr(BoolOR, relyOneLine, guaranteeOneLine)) + + BProcedure(name + "$inv", List(mem_in, Gamma_mem_in), List(mem_out, Gamma_mem_out), invEnsures, List(), List(), List(), List(), List(), + Set(), List(), List(externAttr)) + } + def functionOpToDefinition(f: FunctionOp): BFunction = { f match { case b: BVFunctionOp => BFunction(b.name, b.in, b.out, None, List(externAttr, b.attribute)) @@ -394,12 +468,19 @@ class IRToBoogie(var program: Program, var spec: Specification) { def translate(j: Jump): List[BCmd] = j match { case d: DirectCall => - val call = List(BProcedureCall(d.target.name, List(), List())) + val call = BProcedureCall(d.target.name, List(), List()) val returnTarget = d.returnTarget match { - case Some(r) => List(GoToCmd(Seq(r.label))) - case None => List(Comment("no return target"), BAssume(FalseBLiteral)) + case Some(r) => GoToCmd(Seq(r.label)) + case None => BAssume(FalseBLiteral, Some("no return target")) + } + if (libRelies(d.target.name).nonEmpty && libGuarantees(d.target.name).nonEmpty) { + val invCall1 = BProcedureCall(d.target.name + "$inv", List(mem_inv1, Gamma_mem_inv1), List(mem, Gamma_mem)) + val invCall2 = BProcedureCall("rely$inv", List(mem_inv2, Gamma_mem_inv2), List(mem_inv1, Gamma_mem_inv1)) + val libRGAssert = libRelies(d.target.name).map(r => BAssert(r.resolveSpecInv)) + List(invCall1, invCall2) ++ libRGAssert ++ List(call, returnTarget) + } else { + List(call, returnTarget) } - call ++ returnTarget case i: IndirectCall => // TODO put this elsewhere if (i.target.name == "R30") { diff --git a/src/main/scala/translating/SpecificationLoader.scala b/src/main/scala/translating/SpecificationLoader.scala index 968bad056..33a8c1765 100644 --- a/src/main/scala/translating/SpecificationLoader.scala +++ b/src/main/scala/translating/SpecificationLoader.scala @@ -243,6 +243,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) { ): BExpr = ctx match { case n: NegExprContext => UnaryBExpr(BVNEG, visitUnaryExpr(n.unaryExpr, nameToGlobals, params)) case a: AtomUnaryExprContext => visitAtomExpr(a.atomExpr, nameToGlobals, params) + case n: NotExprContext => UnaryBExpr(BoolNOT, visitUnaryExpr(n.unaryExpr, nameToGlobals, params)) } def visitAtomExpr( @@ -385,7 +386,17 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) { r.QUOTESTRING.getText.stripPrefix("\"").stripSuffix("\"") }.toList - SubroutineSpec(ctx.id.getText, requires, requiresDirect, ensures, ensuresDirect, modifies) + val rely = Option(ctx.relies) match { + case Some(_) => visitRelies(ctx.relies, nameToGlobals) + case None => List() + } + + val guarantee = Option(ctx.guarantees) match { + case Some(_) => visitGuarantees(ctx.guarantees, nameToGlobals) + case None => List() + } + + SubroutineSpec(ctx.id.getText, requires, requiresDirect, ensures, ensuresDirect, modifies, rely, guarantee) } def visitModifies(ctx: ModifiesContext): List[String] = { From fecc32bd903dddae8103904472a64297b3ee405f Mon Sep 17 00:00:00 2001 From: Alistair Michael Date: Mon, 15 Jan 2024 14:53:26 +1000 Subject: [PATCH 2/7] change spec to verify --- examples/secret_write_librg/secret_write_librg.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/secret_write_librg/secret_write_librg.spec b/examples/secret_write_librg/secret_write_librg.spec index b7380bd5b..eb6a78e84 100644 --- a/examples/secret_write_librg/secret_write_librg.spec +++ b/examples/secret_write_librg/secret_write_librg.spec @@ -14,5 +14,5 @@ Requires: z == 0bv32 Subroutine: secret Requires: z mod 2bv32 == 1bv32 Ensures: !Gamma_x && (z mod 2bv32 == 1bv32) -Rely: (!old(Gamma_x) ==> !Gamma_x) && old(z) == z -Guarantee: (!old(Gamma_x) ==> !Gamma_x) && old(z) == z \ No newline at end of file +Rely: (z mod 2bv32 == 0bv32 ==> old(Gamma_x) ==> Gamma_x) +Guarantee: (old(Gamma_x) == Gamma_x) From 51825ad1841647a90adba1df74b9ffa599cc35a3 Mon Sep 17 00:00:00 2001 From: l-kent Date: Fri, 19 Jan 2024 11:33:07 +1000 Subject: [PATCH 3/7] fix issue for subroutines without rely/guaratee --- src/main/scala/translating/IRToBoogie.scala | 2 +- src/test/correct/indirect_call/gcc_O2/indirect_call.expected | 3 +-- .../malloc_with_local3/gcc_O2/malloc_with_local3.expected | 3 +-- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala index 054778c44..a665130c9 100644 --- a/src/main/scala/translating/IRToBoogie.scala +++ b/src/main/scala/translating/IRToBoogie.scala @@ -473,7 +473,7 @@ class IRToBoogie(var program: Program, var spec: Specification) { case Some(r) => GoToCmd(Seq(r.label)) case None => BAssume(FalseBLiteral, Some("no return target")) } - if (libRelies(d.target.name).nonEmpty && libGuarantees(d.target.name).nonEmpty) { + if (libRelies.contains(d.target.name) && libGuarantees.contains(d.target.name) && libRelies(d.target.name).nonEmpty && libGuarantees(d.target.name).nonEmpty) { val invCall1 = BProcedureCall(d.target.name + "$inv", List(mem_inv1, Gamma_mem_inv1), List(mem, Gamma_mem)) val invCall2 = BProcedureCall("rely$inv", List(mem_inv2, Gamma_mem_inv2), List(mem_inv1, Gamma_mem_inv1)) val libRGAssert = libRelies(d.target.name).map(r => BAssert(r.resolveSpecInv)) diff --git a/src/test/correct/indirect_call/gcc_O2/indirect_call.expected b/src/test/correct/indirect_call/gcc_O2/indirect_call.expected index 992bdfc81..f0754a784 100644 --- a/src/test/correct/indirect_call/gcc_O2/indirect_call.expected +++ b/src/test/correct/indirect_call/gcc_O2/indirect_call.expected @@ -316,8 +316,7 @@ procedure greet() R0, Gamma_R0 := 0bv64, true; R0, Gamma_R0 := bvadd64(R0, 1992bv64), Gamma_R0; call puts(); - //no return target - assume false; + assume false; //no return target } procedure main() diff --git a/src/test/correct/malloc_with_local3/gcc_O2/malloc_with_local3.expected b/src/test/correct/malloc_with_local3/gcc_O2/malloc_with_local3.expected index cb33d38b0..958bc011a 100644 --- a/src/test/correct/malloc_with_local3/gcc_O2/malloc_with_local3.expected +++ b/src/test/correct/malloc_with_local3/gcc_O2/malloc_with_local3.expected @@ -1374,6 +1374,5 @@ procedure printCharValue() mem, Gamma_mem := memory_store8_le(mem, R3, R2[8:0]), gamma_store8(Gamma_mem, R3, Gamma_R2); assume {:captureState "%00000293"} true; call __printf_chk(); - //no return target - assume false; + assume false; //no return target } From 3f863e6e53505910cf4ba3f99b18bc290d3b8142 Mon Sep 17 00:00:00 2001 From: l-kent Date: Mon, 22 Jan 2024 10:06:02 +1000 Subject: [PATCH 4/7] transitivity check for inv, and G_f ==> G_c check but there might be issues --- src/main/scala/translating/IRToBoogie.scala | 37 +++++++++++++++++---- 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala index a665130c9..c04c9bbba 100644 --- a/src/main/scala/translating/IRToBoogie.scala +++ b/src/main/scala/translating/IRToBoogie.scala @@ -16,6 +16,7 @@ class IRToBoogie(var program: Program, var spec: Specification) { private val reliesParam = spec.relies.map(r => r.resolveSpecParam) private val reliesReflexive = spec.relies.map(r => r.removeOld) private val guarantees = spec.guarantees.map(g => g.resolveOld) + private val guaranteesParam = spec.guarantees.map(g => g.resolveSpecParam) private val guaranteesReflexive = spec.guarantees.map(g => g.removeOld) private val guaranteeOldVars = spec.guaranteeOldVars private val LPreds = spec.LPreds.map((k, v) => k -> v.resolveSpecL) @@ -81,7 +82,7 @@ class IRToBoogie(var program: Program, var spec: Specification) { // if rely/guarantee lib exist, create genRelyInv, and genInv for every procedure where rely/guarantee lib exist val rgLib = if (libRelies.values.flatten.nonEmpty && libGuarantees.values.flatten.nonEmpty) { - List(genRelyInv) ++ libGuarantees.flatMap((k, v) => if v.nonEmpty then Some(genInv(k)) else None) + List(genRelyInv) ++ libGuarantees.flatMap((k, v) => if v.nonEmpty then genInv(k) :+ genLibGuarantee(k) else Nil) } else { List() } @@ -137,11 +138,11 @@ class IRToBoogie(var program: Program, var spec: Specification) { } else { reliesUsed } - BProcedure("rely$inv", List(mem_in, Gamma_mem_in), List(mem_out, Gamma_mem_out), relyEnsures, List(), List(), List(), List(), List(), - Set(), List(), List(externAttr)) + BProcedure("rely$inv", List(mem_in, Gamma_mem_in), List(mem_out, Gamma_mem_out), relyEnsures, List(), List(), + List(), List(), List(), Set(), List(), List(externAttr)) } - def genInv(name: String): BProcedure = { + def genInv(name: String): List[BProcedure] = { // reliesParam OR procGuaranteeParam val reliesUsed = if (reliesParam.nonEmpty) { @@ -172,8 +173,32 @@ class IRToBoogie(var program: Program, var spec: Specification) { val invEnsures = List(BinaryBExpr(BoolOR, relyOneLine, guaranteeOneLine)) - BProcedure(name + "$inv", List(mem_in, Gamma_mem_in), List(mem_out, Gamma_mem_out), invEnsures, List(), List(), List(), List(), List(), - Set(), List(), List(externAttr)) + val invProc = BProcedure(name + "$inv", List(mem_in, Gamma_mem_in), List(mem_out, Gamma_mem_out), invEnsures, + List(), List(), List(), List(), List(), Set(), List(), List(externAttr)) + + val invTransitive = BProcedure(name + "$inv_transitive", List(mem_in, Gamma_mem_in), List(mem_out, Gamma_mem_out), + invEnsures, List(), List(), List(), List(), List(), Set(), + List(BProcedureCall(name + "$inv", List(mem_out, Gamma_mem_out), List(mem_in, Gamma_mem_in)), + BProcedureCall(name + "$inv", List(mem_out, Gamma_mem_out), List(mem_out, Gamma_mem_out)) + ), List(externAttr)) + + List(invProc, invTransitive) + } + + + def genLibGuarantee(name: String): BProcedure = { + // G_f + val guaranteeLib = libGuarantees(name).map(g => g.resolveSpecParam) + val guaranteeOneLine = if (guaranteeLib.size > 1) { + guaranteeLib.tail.foldLeft(guaranteeLib.head)((ands: BExpr, next: BExpr) => BinaryBExpr(BoolAND, ands, next)) + } else { + guaranteeLib.head + } + val guaranteeAssume = BAssume(guaranteeOneLine) + + // G_c is ensures clause + BProcedure(name + "$guarantee", List(mem_in, Gamma_mem_in), List(mem_out, Gamma_mem_out), guaranteesParam, List(), + List(), List(), List(), List(), Set(), List(guaranteeAssume), List(externAttr)) } def functionOpToDefinition(f: FunctionOp): BFunction = { From 9abb72bd3fa880862b994f502fd9c94a0354666d Mon Sep 17 00:00:00 2001 From: Alistair Michael Date: Mon, 22 Jan 2024 12:50:15 +1000 Subject: [PATCH 5/7] update example --- .../secret_write_librg.spec | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/examples/secret_write_librg/secret_write_librg.spec b/examples/secret_write_librg/secret_write_librg.spec index eb6a78e84..1746cfd59 100644 --- a/examples/secret_write_librg/secret_write_librg.spec +++ b/examples/secret_write_librg/secret_write_librg.spec @@ -2,8 +2,10 @@ Globals: x: int z: int -L: z -> true, x -> z mod 2bv32 == 0bv32 -Rely: (z mod 2bv32 == 0bv32 ==> old(Gamma_x) ==> Gamma_x) && z == old(z) +L: z -> true, x -> (z mod 2bv32 == 0bv32) +// env doesn't reduce security level of x +// env doesn't change the security classification of x +Rely: old(Gamma_x) ==> Gamma_x, z == old(z) Guarantee: z >= old(z) Subroutine: main @@ -14,5 +16,14 @@ Requires: z == 0bv32 Subroutine: secret Requires: z mod 2bv32 == 1bv32 Ensures: !Gamma_x && (z mod 2bv32 == 1bv32) -Rely: (z mod 2bv32 == 0bv32 ==> old(Gamma_x) ==> Gamma_x) -Guarantee: (old(Gamma_x) == Gamma_x) +// env doesn't change security classification or level of x +Rely: z mod 2bv32 == 1bv32, z == old(z), Gamma_x || !Gamma_x +// we don't change the security classification of x +Guarantee: z == old(z) + +// Rely: !Gamma_x && (z == old(z)) && (old(Gamma_x) == Gamma_x) +// Guarantee: !Gamma_x, (old(Gamma_x) == Gamma_x), z == old(z) + + +// Gf ==> Gc +// transitive Rc \/ Gf From b4348ccce1662f99325941c36d64acbc4d78adb1 Mon Sep 17 00:00:00 2001 From: l-kent Date: Mon, 22 Jan 2024 13:44:05 +1000 Subject: [PATCH 6/7] fix bug with procedure call lhs variables not being declared --- src/main/scala/boogie/BCmd.scala | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/scala/boogie/BCmd.scala b/src/main/scala/boogie/BCmd.scala index fd4fc5335..f8a8cf34f 100644 --- a/src/main/scala/boogie/BCmd.scala +++ b/src/main/scala/boogie/BCmd.scala @@ -50,8 +50,8 @@ case class BProcedureCall(name: String, lhss: Seq[BVar], params: Seq[BExpr], com } } override def functionOps: Set[FunctionOp] = params.flatMap(p => p.functionOps).toSet - override def locals: Set[BVar] = params.flatMap(p => p.locals).toSet - override def globals: Set[BVar] = params.flatMap(p => p.globals).toSet + override def locals: Set[BVar] = lhss.flatMap(l => l.locals).toSet ++ params.flatMap(p => p.locals) + override def globals: Set[BVar] = lhss.flatMap(l => l.globals).toSet ++ params.flatMap(p => p.globals) } case class AssignCmd(lhss: Seq[BVar], rhss: Seq[BExpr], comment: Option[String] = None) extends BCmd { From d3e1f8054370ddd5327a8d0e5efdf4a5ee565995 Mon Sep 17 00:00:00 2001 From: l-kent Date: Mon, 22 Jan 2024 14:02:49 +1000 Subject: [PATCH 7/7] update expected --- .../malloc_memcpy_strlen_memset_free.expected | 549 +++--------------- .../malloc_memcpy_strlen_memset_free.expected | 549 +++--------------- .../malloc_memcpy_strlen_memset_free.expected | 549 +++--------------- .../malloc_memcpy_strlen_memset_free.expected | 549 +++--------------- 4 files changed, 268 insertions(+), 1928 deletions(-) diff --git a/src/test/correct/malloc_memcpy_strlen_memset_free/clang_O2/malloc_memcpy_strlen_memset_free.expected b/src/test/correct/malloc_memcpy_strlen_memset_free/clang_O2/malloc_memcpy_strlen_memset_free.expected index 0bd0a291a..212e558c4 100644 --- a/src/test/correct/malloc_memcpy_strlen_memset_free/clang_O2/malloc_memcpy_strlen_memset_free.expected +++ b/src/test/correct/malloc_memcpy_strlen_memset_free/clang_O2/malloc_memcpy_strlen_memset_free.expected @@ -82,43 +82,17 @@ procedure {:extern} rely(); free ensures (memory_load8_le(mem, 2477bv64) == 0bv8); free ensures (memory_load8_le(mem, 2478bv64) == 2bv8); free ensures (memory_load8_le(mem, 2479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); -procedure {:extern} rely_transitive() +procedure {:extern} rely_transitive(); modifies Gamma_mem, mem; ensures (mem == old(mem)); ensures (Gamma_mem == old(Gamma_mem)); + +implementation {:extern} rely_transitive() { call rely(); call rely(); @@ -136,76 +110,20 @@ procedure #free(); free requires (memory_load8_le(mem, 2477bv64) == 0bv8); free requires (memory_load8_le(mem, 2478bv64) == 2bv8); free requires (memory_load8_le(mem, 2479bv64) == 0bv8); - free requires (memory_load8_le(mem, 130488bv64) == 16bv8); - free requires (memory_load8_le(mem, 130489bv64) == 9bv8); - free requires (memory_load8_le(mem, 130490bv64) == 0bv8); - free requires (memory_load8_le(mem, 130491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130492bv64) == 0bv8); - free requires (memory_load8_le(mem, 130493bv64) == 0bv8); - free requires (memory_load8_le(mem, 130494bv64) == 0bv8); - free requires (memory_load8_le(mem, 130495bv64) == 0bv8); - free requires (memory_load8_le(mem, 130496bv64) == 192bv8); - free requires (memory_load8_le(mem, 130497bv64) == 8bv8); - free requires (memory_load8_le(mem, 130498bv64) == 0bv8); - free requires (memory_load8_le(mem, 130499bv64) == 0bv8); - free requires (memory_load8_le(mem, 130500bv64) == 0bv8); - free requires (memory_load8_le(mem, 130501bv64) == 0bv8); - free requires (memory_load8_le(mem, 130502bv64) == 0bv8); - free requires (memory_load8_le(mem, 130503bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130488bv64) == 2320bv64); + free requires (memory_load64_le(mem, 130496bv64) == 2240bv64); + free requires (memory_load64_le(mem, 131032bv64) == 2324bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); free ensures (memory_load8_le(mem, 2476bv64) == 1bv8); free ensures (memory_load8_le(mem, 2477bv64) == 0bv8); free ensures (memory_load8_le(mem, 2478bv64) == 2bv8); free ensures (memory_load8_le(mem, 2479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); -procedure main() +procedure main(); modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R19, Gamma_R2, Gamma_R20, Gamma_R21, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R19, R2, R20, R21, R29, R30, R31, malloc_base, malloc_count, malloc_end, mem, stack; requires (gamma_load8(Gamma_mem, $password_addr) == false); requires malloc_count == 0; @@ -243,38 +161,10 @@ procedure main() free requires (memory_load8_le(mem, 2477bv64) == 0bv8); free requires (memory_load8_le(mem, 2478bv64) == 2bv8); free requires (memory_load8_le(mem, 2479bv64) == 0bv8); - free requires (memory_load8_le(mem, 130488bv64) == 16bv8); - free requires (memory_load8_le(mem, 130489bv64) == 9bv8); - free requires (memory_load8_le(mem, 130490bv64) == 0bv8); - free requires (memory_load8_le(mem, 130491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130492bv64) == 0bv8); - free requires (memory_load8_le(mem, 130493bv64) == 0bv8); - free requires (memory_load8_le(mem, 130494bv64) == 0bv8); - free requires (memory_load8_le(mem, 130495bv64) == 0bv8); - free requires (memory_load8_le(mem, 130496bv64) == 192bv8); - free requires (memory_load8_le(mem, 130497bv64) == 8bv8); - free requires (memory_load8_le(mem, 130498bv64) == 0bv8); - free requires (memory_load8_le(mem, 130499bv64) == 0bv8); - free requires (memory_load8_le(mem, 130500bv64) == 0bv8); - free requires (memory_load8_le(mem, 130501bv64) == 0bv8); - free requires (memory_load8_le(mem, 130502bv64) == 0bv8); - free requires (memory_load8_le(mem, 130503bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130488bv64) == 2320bv64); + free requires (memory_load64_le(mem, 130496bv64) == 2240bv64); + free requires (memory_load64_le(mem, 131032bv64) == 2324bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); free ensures (Gamma_R19 == old(Gamma_R19)); free ensures (Gamma_R20 == old(Gamma_R20)); free ensures (Gamma_R21 == old(Gamma_R21)); @@ -289,38 +179,12 @@ procedure main() free ensures (memory_load8_le(mem, 2477bv64) == 0bv8); free ensures (memory_load8_le(mem, 2478bv64) == 2bv8); free ensures (memory_load8_le(mem, 2479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); + +implementation main() { var #4: bv64; var #5: bv64; @@ -420,38 +284,10 @@ procedure malloc(); free requires (memory_load8_le(mem, 2477bv64) == 0bv8); free requires (memory_load8_le(mem, 2478bv64) == 2bv8); free requires (memory_load8_le(mem, 2479bv64) == 0bv8); - free requires (memory_load8_le(mem, 130488bv64) == 16bv8); - free requires (memory_load8_le(mem, 130489bv64) == 9bv8); - free requires (memory_load8_le(mem, 130490bv64) == 0bv8); - free requires (memory_load8_le(mem, 130491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130492bv64) == 0bv8); - free requires (memory_load8_le(mem, 130493bv64) == 0bv8); - free requires (memory_load8_le(mem, 130494bv64) == 0bv8); - free requires (memory_load8_le(mem, 130495bv64) == 0bv8); - free requires (memory_load8_le(mem, 130496bv64) == 192bv8); - free requires (memory_load8_le(mem, 130497bv64) == 8bv8); - free requires (memory_load8_le(mem, 130498bv64) == 0bv8); - free requires (memory_load8_le(mem, 130499bv64) == 0bv8); - free requires (memory_load8_le(mem, 130500bv64) == 0bv8); - free requires (memory_load8_le(mem, 130501bv64) == 0bv8); - free requires (memory_load8_le(mem, 130502bv64) == 0bv8); - free requires (memory_load8_le(mem, 130503bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130488bv64) == 2320bv64); + free requires (memory_load64_le(mem, 130496bv64) == 2240bv64); + free requires (memory_load64_le(mem, 131032bv64) == 2324bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures Gamma_R0 == true; ensures malloc_count == old(malloc_count) + 1; ensures bvugt64(malloc_end[malloc_count], malloc_base[malloc_count]); @@ -465,38 +301,10 @@ procedure malloc(); free ensures (memory_load8_le(mem, 2477bv64) == 0bv8); free ensures (memory_load8_le(mem, 2478bv64) == 2bv8); free ensures (memory_load8_le(mem, 2479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure memcpy(); modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; @@ -504,76 +312,20 @@ procedure memcpy(); free requires (memory_load8_le(mem, 2477bv64) == 0bv8); free requires (memory_load8_le(mem, 2478bv64) == 2bv8); free requires (memory_load8_le(mem, 2479bv64) == 0bv8); - free requires (memory_load8_le(mem, 130488bv64) == 16bv8); - free requires (memory_load8_le(mem, 130489bv64) == 9bv8); - free requires (memory_load8_le(mem, 130490bv64) == 0bv8); - free requires (memory_load8_le(mem, 130491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130492bv64) == 0bv8); - free requires (memory_load8_le(mem, 130493bv64) == 0bv8); - free requires (memory_load8_le(mem, 130494bv64) == 0bv8); - free requires (memory_load8_le(mem, 130495bv64) == 0bv8); - free requires (memory_load8_le(mem, 130496bv64) == 192bv8); - free requires (memory_load8_le(mem, 130497bv64) == 8bv8); - free requires (memory_load8_le(mem, 130498bv64) == 0bv8); - free requires (memory_load8_le(mem, 130499bv64) == 0bv8); - free requires (memory_load8_le(mem, 130500bv64) == 0bv8); - free requires (memory_load8_le(mem, 130501bv64) == 0bv8); - free requires (memory_load8_le(mem, 130502bv64) == 0bv8); - free requires (memory_load8_le(mem, 130503bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130488bv64) == 2320bv64); + free requires (memory_load64_le(mem, 130496bv64) == 2240bv64); + free requires (memory_load64_le(mem, 131032bv64) == 2324bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i, bvadd64(R0, R2))) then gamma_load8((Gamma_mem), bvadd64(bvsub64(i, R0), R1)) else old(gamma_load8(Gamma_mem, i)))); ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then memory_load8_le((mem), bvadd64(bvsub64(i, R0), R1)) else old(memory_load8_le(mem, i)))); free ensures (memory_load8_le(mem, 2476bv64) == 1bv8); free ensures (memory_load8_le(mem, 2477bv64) == 0bv8); free ensures (memory_load8_le(mem, 2478bv64) == 2bv8); free ensures (memory_load8_le(mem, 2479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure memset(); modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; @@ -582,38 +334,10 @@ procedure memset(); free requires (memory_load8_le(mem, 2477bv64) == 0bv8); free requires (memory_load8_le(mem, 2478bv64) == 2bv8); free requires (memory_load8_le(mem, 2479bv64) == 0bv8); - free requires (memory_load8_le(mem, 130488bv64) == 16bv8); - free requires (memory_load8_le(mem, 130489bv64) == 9bv8); - free requires (memory_load8_le(mem, 130490bv64) == 0bv8); - free requires (memory_load8_le(mem, 130491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130492bv64) == 0bv8); - free requires (memory_load8_le(mem, 130493bv64) == 0bv8); - free requires (memory_load8_le(mem, 130494bv64) == 0bv8); - free requires (memory_load8_le(mem, 130495bv64) == 0bv8); - free requires (memory_load8_le(mem, 130496bv64) == 192bv8); - free requires (memory_load8_le(mem, 130497bv64) == 8bv8); - free requires (memory_load8_le(mem, 130498bv64) == 0bv8); - free requires (memory_load8_le(mem, 130499bv64) == 0bv8); - free requires (memory_load8_le(mem, 130500bv64) == 0bv8); - free requires (memory_load8_le(mem, 130501bv64) == 0bv8); - free requires (memory_load8_le(mem, 130502bv64) == 0bv8); - free requires (memory_load8_le(mem, 130503bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130488bv64) == 2320bv64); + free requires (memory_load64_le(mem, 130496bv64) == 2240bv64); + free requires (memory_load64_le(mem, 131032bv64) == 2324bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then Gamma_R1 else old(gamma_load8(Gamma_mem, i)))); ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i)))); @@ -621,38 +345,10 @@ procedure memset(); free ensures (memory_load8_le(mem, 2477bv64) == 0bv8); free ensures (memory_load8_le(mem, 2478bv64) == 2bv8); free ensures (memory_load8_le(mem, 2479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure puts(); modifies Gamma_R16, Gamma_R17, R16, R17; @@ -660,74 +356,18 @@ procedure puts(); free requires (memory_load8_le(mem, 2477bv64) == 0bv8); free requires (memory_load8_le(mem, 2478bv64) == 2bv8); free requires (memory_load8_le(mem, 2479bv64) == 0bv8); - free requires (memory_load8_le(mem, 130488bv64) == 16bv8); - free requires (memory_load8_le(mem, 130489bv64) == 9bv8); - free requires (memory_load8_le(mem, 130490bv64) == 0bv8); - free requires (memory_load8_le(mem, 130491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130492bv64) == 0bv8); - free requires (memory_load8_le(mem, 130493bv64) == 0bv8); - free requires (memory_load8_le(mem, 130494bv64) == 0bv8); - free requires (memory_load8_le(mem, 130495bv64) == 0bv8); - free requires (memory_load8_le(mem, 130496bv64) == 192bv8); - free requires (memory_load8_le(mem, 130497bv64) == 8bv8); - free requires (memory_load8_le(mem, 130498bv64) == 0bv8); - free requires (memory_load8_le(mem, 130499bv64) == 0bv8); - free requires (memory_load8_le(mem, 130500bv64) == 0bv8); - free requires (memory_load8_le(mem, 130501bv64) == 0bv8); - free requires (memory_load8_le(mem, 130502bv64) == 0bv8); - free requires (memory_load8_le(mem, 130503bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130488bv64) == 2320bv64); + free requires (memory_load64_le(mem, 130496bv64) == 2240bv64); + free requires (memory_load64_le(mem, 131032bv64) == 2324bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); free ensures (memory_load8_le(mem, 2476bv64) == 1bv8); free ensures (memory_load8_le(mem, 2477bv64) == 0bv8); free ensures (memory_load8_le(mem, 2478bv64) == 2bv8); free ensures (memory_load8_le(mem, 2479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure strlen(); modifies Gamma_R0, Gamma_R16, Gamma_R17, R0, R16, R17; @@ -735,38 +375,10 @@ procedure strlen(); free requires (memory_load8_le(mem, 2477bv64) == 0bv8); free requires (memory_load8_le(mem, 2478bv64) == 2bv8); free requires (memory_load8_le(mem, 2479bv64) == 0bv8); - free requires (memory_load8_le(mem, 130488bv64) == 16bv8); - free requires (memory_load8_le(mem, 130489bv64) == 9bv8); - free requires (memory_load8_le(mem, 130490bv64) == 0bv8); - free requires (memory_load8_le(mem, 130491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130492bv64) == 0bv8); - free requires (memory_load8_le(mem, 130493bv64) == 0bv8); - free requires (memory_load8_le(mem, 130494bv64) == 0bv8); - free requires (memory_load8_le(mem, 130495bv64) == 0bv8); - free requires (memory_load8_le(mem, 130496bv64) == 192bv8); - free requires (memory_load8_le(mem, 130497bv64) == 8bv8); - free requires (memory_load8_le(mem, 130498bv64) == 0bv8); - free requires (memory_load8_le(mem, 130499bv64) == 0bv8); - free requires (memory_load8_le(mem, 130500bv64) == 0bv8); - free requires (memory_load8_le(mem, 130501bv64) == 0bv8); - free requires (memory_load8_le(mem, 130502bv64) == 0bv8); - free requires (memory_load8_le(mem, 130503bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130488bv64) == 2320bv64); + free requires (memory_load64_le(mem, 130496bv64) == 2240bv64); + free requires (memory_load64_le(mem, 131032bv64) == 2324bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures Gamma_R0 == true; ensures (forall i: bv64 :: (bvule64(old(R0), i)) && (bvult64(i, bvadd64(old(R0), R0))) ==> mem[i] != 0bv8); ensures (memory_load8_le(mem, bvadd64(old(R0), R0)) == 0bv8); @@ -775,35 +387,8 @@ procedure strlen(); free ensures (memory_load8_le(mem, 2477bv64) == 0bv8); free ensures (memory_load8_le(mem, 2478bv64) == 2bv8); free ensures (memory_load8_le(mem, 2479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); + diff --git a/src/test/correct/malloc_memcpy_strlen_memset_free/gcc_O2/malloc_memcpy_strlen_memset_free.expected b/src/test/correct/malloc_memcpy_strlen_memset_free/gcc_O2/malloc_memcpy_strlen_memset_free.expected index e24a49e85..2181a0d83 100644 --- a/src/test/correct/malloc_memcpy_strlen_memset_free/gcc_O2/malloc_memcpy_strlen_memset_free.expected +++ b/src/test/correct/malloc_memcpy_strlen_memset_free/gcc_O2/malloc_memcpy_strlen_memset_free.expected @@ -82,43 +82,17 @@ procedure {:extern} rely(); free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); -procedure {:extern} rely_transitive() +procedure {:extern} rely_transitive(); modifies Gamma_mem, mem; ensures (mem == old(mem)); ensures (Gamma_mem == old(Gamma_mem)); + +implementation {:extern} rely_transitive() { call rely(); call rely(); @@ -136,76 +110,20 @@ procedure #free(); free requires (memory_load8_le(mem, 2473bv64) == 0bv8); free requires (memory_load8_le(mem, 2474bv64) == 2bv8); free requires (memory_load8_le(mem, 2475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 144bv8); - free requires (memory_load8_le(mem, 130505bv64) == 9bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 64bv8); - free requires (memory_load8_le(mem, 130513bv64) == 9bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 192bv8); - free requires (memory_load8_le(mem, 131033bv64) == 7bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130504bv64) == 2448bv64); + free requires (memory_load64_le(mem, 130512bv64) == 2368bv64); + free requires (memory_load64_le(mem, 131032bv64) == 1984bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); free ensures (memory_load8_le(mem, 2472bv64) == 1bv8); free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); -procedure main() +procedure main(); modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R19, Gamma_R2, Gamma_R20, Gamma_R21, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R19, R2, R20, R21, R29, R30, R31, malloc_base, malloc_count, malloc_end, mem, stack; requires (gamma_load8(Gamma_mem, $password_addr) == false); requires malloc_count == 0; @@ -243,38 +161,10 @@ procedure main() free requires (memory_load8_le(mem, 2473bv64) == 0bv8); free requires (memory_load8_le(mem, 2474bv64) == 2bv8); free requires (memory_load8_le(mem, 2475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 144bv8); - free requires (memory_load8_le(mem, 130505bv64) == 9bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 64bv8); - free requires (memory_load8_le(mem, 130513bv64) == 9bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 192bv8); - free requires (memory_load8_le(mem, 131033bv64) == 7bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130504bv64) == 2448bv64); + free requires (memory_load64_le(mem, 130512bv64) == 2368bv64); + free requires (memory_load64_le(mem, 131032bv64) == 1984bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); free ensures (Gamma_R19 == old(Gamma_R19)); free ensures (Gamma_R20 == old(Gamma_R20)); free ensures (Gamma_R21 == old(Gamma_R21)); @@ -289,38 +179,12 @@ procedure main() free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); + +implementation main() { var #1: bv64; var #2: bv64; @@ -420,38 +284,10 @@ procedure malloc(); free requires (memory_load8_le(mem, 2473bv64) == 0bv8); free requires (memory_load8_le(mem, 2474bv64) == 2bv8); free requires (memory_load8_le(mem, 2475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 144bv8); - free requires (memory_load8_le(mem, 130505bv64) == 9bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 64bv8); - free requires (memory_load8_le(mem, 130513bv64) == 9bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 192bv8); - free requires (memory_load8_le(mem, 131033bv64) == 7bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130504bv64) == 2448bv64); + free requires (memory_load64_le(mem, 130512bv64) == 2368bv64); + free requires (memory_load64_le(mem, 131032bv64) == 1984bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures Gamma_R0 == true; ensures malloc_count == old(malloc_count) + 1; ensures bvugt64(malloc_end[malloc_count], malloc_base[malloc_count]); @@ -465,38 +301,10 @@ procedure malloc(); free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure memcpy(); modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; @@ -504,76 +312,20 @@ procedure memcpy(); free requires (memory_load8_le(mem, 2473bv64) == 0bv8); free requires (memory_load8_le(mem, 2474bv64) == 2bv8); free requires (memory_load8_le(mem, 2475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 144bv8); - free requires (memory_load8_le(mem, 130505bv64) == 9bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 64bv8); - free requires (memory_load8_le(mem, 130513bv64) == 9bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 192bv8); - free requires (memory_load8_le(mem, 131033bv64) == 7bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130504bv64) == 2448bv64); + free requires (memory_load64_le(mem, 130512bv64) == 2368bv64); + free requires (memory_load64_le(mem, 131032bv64) == 1984bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i, bvadd64(R0, R2))) then gamma_load8((Gamma_mem), bvadd64(bvsub64(i, R0), R1)) else old(gamma_load8(Gamma_mem, i)))); ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then memory_load8_le((mem), bvadd64(bvsub64(i, R0), R1)) else old(memory_load8_le(mem, i)))); free ensures (memory_load8_le(mem, 2472bv64) == 1bv8); free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure memset(); modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; @@ -582,38 +334,10 @@ procedure memset(); free requires (memory_load8_le(mem, 2473bv64) == 0bv8); free requires (memory_load8_le(mem, 2474bv64) == 2bv8); free requires (memory_load8_le(mem, 2475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 144bv8); - free requires (memory_load8_le(mem, 130505bv64) == 9bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 64bv8); - free requires (memory_load8_le(mem, 130513bv64) == 9bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 192bv8); - free requires (memory_load8_le(mem, 131033bv64) == 7bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130504bv64) == 2448bv64); + free requires (memory_load64_le(mem, 130512bv64) == 2368bv64); + free requires (memory_load64_le(mem, 131032bv64) == 1984bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then Gamma_R1 else old(gamma_load8(Gamma_mem, i)))); ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i)))); @@ -621,38 +345,10 @@ procedure memset(); free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure puts(); modifies Gamma_R16, Gamma_R17, R16, R17; @@ -660,74 +356,18 @@ procedure puts(); free requires (memory_load8_le(mem, 2473bv64) == 0bv8); free requires (memory_load8_le(mem, 2474bv64) == 2bv8); free requires (memory_load8_le(mem, 2475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 144bv8); - free requires (memory_load8_le(mem, 130505bv64) == 9bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 64bv8); - free requires (memory_load8_le(mem, 130513bv64) == 9bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 192bv8); - free requires (memory_load8_le(mem, 131033bv64) == 7bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130504bv64) == 2448bv64); + free requires (memory_load64_le(mem, 130512bv64) == 2368bv64); + free requires (memory_load64_le(mem, 131032bv64) == 1984bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); free ensures (memory_load8_le(mem, 2472bv64) == 1bv8); free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure strlen(); modifies Gamma_R0, Gamma_R16, Gamma_R17, R0, R16, R17; @@ -735,38 +375,10 @@ procedure strlen(); free requires (memory_load8_le(mem, 2473bv64) == 0bv8); free requires (memory_load8_le(mem, 2474bv64) == 2bv8); free requires (memory_load8_le(mem, 2475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 144bv8); - free requires (memory_load8_le(mem, 130505bv64) == 9bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 64bv8); - free requires (memory_load8_le(mem, 130513bv64) == 9bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 192bv8); - free requires (memory_load8_le(mem, 131033bv64) == 7bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130504bv64) == 2448bv64); + free requires (memory_load64_le(mem, 130512bv64) == 2368bv64); + free requires (memory_load64_le(mem, 131032bv64) == 1984bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures Gamma_R0 == true; ensures (forall i: bv64 :: (bvule64(old(R0), i)) && (bvult64(i, bvadd64(old(R0), R0))) ==> mem[i] != 0bv8); ensures (memory_load8_le(mem, bvadd64(old(R0), R0)) == 0bv8); @@ -775,35 +387,8 @@ procedure strlen(); free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); + diff --git a/src/test/incorrect/malloc_memcpy_strlen_memset_free/clang_O2/malloc_memcpy_strlen_memset_free.expected b/src/test/incorrect/malloc_memcpy_strlen_memset_free/clang_O2/malloc_memcpy_strlen_memset_free.expected index 8296ed8eb..9a6191d97 100644 --- a/src/test/incorrect/malloc_memcpy_strlen_memset_free/clang_O2/malloc_memcpy_strlen_memset_free.expected +++ b/src/test/incorrect/malloc_memcpy_strlen_memset_free/clang_O2/malloc_memcpy_strlen_memset_free.expected @@ -92,43 +92,17 @@ procedure {:extern} rely(); free ensures (memory_load8_le(mem, 2485bv64) == 0bv8); free ensures (memory_load8_le(mem, 2486bv64) == 2bv8); free ensures (memory_load8_le(mem, 2487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); -procedure {:extern} rely_transitive() +procedure {:extern} rely_transitive(); modifies Gamma_mem, mem; ensures (mem == old(mem)); ensures (Gamma_mem == old(Gamma_mem)); + +implementation {:extern} rely_transitive() { call rely(); call rely(); @@ -146,76 +120,20 @@ procedure #free(); free requires (memory_load8_le(mem, 2485bv64) == 0bv8); free requires (memory_load8_le(mem, 2486bv64) == 2bv8); free requires (memory_load8_le(mem, 2487bv64) == 0bv8); - free requires (memory_load8_le(mem, 130488bv64) == 16bv8); - free requires (memory_load8_le(mem, 130489bv64) == 9bv8); - free requires (memory_load8_le(mem, 130490bv64) == 0bv8); - free requires (memory_load8_le(mem, 130491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130492bv64) == 0bv8); - free requires (memory_load8_le(mem, 130493bv64) == 0bv8); - free requires (memory_load8_le(mem, 130494bv64) == 0bv8); - free requires (memory_load8_le(mem, 130495bv64) == 0bv8); - free requires (memory_load8_le(mem, 130496bv64) == 192bv8); - free requires (memory_load8_le(mem, 130497bv64) == 8bv8); - free requires (memory_load8_le(mem, 130498bv64) == 0bv8); - free requires (memory_load8_le(mem, 130499bv64) == 0bv8); - free requires (memory_load8_le(mem, 130500bv64) == 0bv8); - free requires (memory_load8_le(mem, 130501bv64) == 0bv8); - free requires (memory_load8_le(mem, 130502bv64) == 0bv8); - free requires (memory_load8_le(mem, 130503bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130488bv64) == 2320bv64); + free requires (memory_load64_le(mem, 130496bv64) == 2240bv64); + free requires (memory_load64_le(mem, 131032bv64) == 2324bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); free ensures (memory_load8_le(mem, 2484bv64) == 1bv8); free ensures (memory_load8_le(mem, 2485bv64) == 0bv8); free ensures (memory_load8_le(mem, 2486bv64) == 2bv8); free ensures (memory_load8_le(mem, 2487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); -procedure main() +procedure main(); modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R19, Gamma_R2, Gamma_R20, Gamma_R21, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R19, R2, R20, R21, R29, R30, R31, R8, malloc_base, malloc_count, malloc_end, mem, stack; requires (gamma_load8(Gamma_mem, $password_addr) == false); requires malloc_count == 0; @@ -253,38 +171,10 @@ procedure main() free requires (memory_load8_le(mem, 2485bv64) == 0bv8); free requires (memory_load8_le(mem, 2486bv64) == 2bv8); free requires (memory_load8_le(mem, 2487bv64) == 0bv8); - free requires (memory_load8_le(mem, 130488bv64) == 16bv8); - free requires (memory_load8_le(mem, 130489bv64) == 9bv8); - free requires (memory_load8_le(mem, 130490bv64) == 0bv8); - free requires (memory_load8_le(mem, 130491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130492bv64) == 0bv8); - free requires (memory_load8_le(mem, 130493bv64) == 0bv8); - free requires (memory_load8_le(mem, 130494bv64) == 0bv8); - free requires (memory_load8_le(mem, 130495bv64) == 0bv8); - free requires (memory_load8_le(mem, 130496bv64) == 192bv8); - free requires (memory_load8_le(mem, 130497bv64) == 8bv8); - free requires (memory_load8_le(mem, 130498bv64) == 0bv8); - free requires (memory_load8_le(mem, 130499bv64) == 0bv8); - free requires (memory_load8_le(mem, 130500bv64) == 0bv8); - free requires (memory_load8_le(mem, 130501bv64) == 0bv8); - free requires (memory_load8_le(mem, 130502bv64) == 0bv8); - free requires (memory_load8_le(mem, 130503bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130488bv64) == 2320bv64); + free requires (memory_load64_le(mem, 130496bv64) == 2240bv64); + free requires (memory_load64_le(mem, 131032bv64) == 2324bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); free ensures (Gamma_R19 == old(Gamma_R19)); free ensures (Gamma_R20 == old(Gamma_R20)); free ensures (Gamma_R21 == old(Gamma_R21)); @@ -299,38 +189,12 @@ procedure main() free ensures (memory_load8_le(mem, 2485bv64) == 0bv8); free ensures (memory_load8_le(mem, 2486bv64) == 2bv8); free ensures (memory_load8_le(mem, 2487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); + +implementation main() { var #4: bv64; var #5: bv64; @@ -436,38 +300,10 @@ procedure malloc(); free requires (memory_load8_le(mem, 2485bv64) == 0bv8); free requires (memory_load8_le(mem, 2486bv64) == 2bv8); free requires (memory_load8_le(mem, 2487bv64) == 0bv8); - free requires (memory_load8_le(mem, 130488bv64) == 16bv8); - free requires (memory_load8_le(mem, 130489bv64) == 9bv8); - free requires (memory_load8_le(mem, 130490bv64) == 0bv8); - free requires (memory_load8_le(mem, 130491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130492bv64) == 0bv8); - free requires (memory_load8_le(mem, 130493bv64) == 0bv8); - free requires (memory_load8_le(mem, 130494bv64) == 0bv8); - free requires (memory_load8_le(mem, 130495bv64) == 0bv8); - free requires (memory_load8_le(mem, 130496bv64) == 192bv8); - free requires (memory_load8_le(mem, 130497bv64) == 8bv8); - free requires (memory_load8_le(mem, 130498bv64) == 0bv8); - free requires (memory_load8_le(mem, 130499bv64) == 0bv8); - free requires (memory_load8_le(mem, 130500bv64) == 0bv8); - free requires (memory_load8_le(mem, 130501bv64) == 0bv8); - free requires (memory_load8_le(mem, 130502bv64) == 0bv8); - free requires (memory_load8_le(mem, 130503bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130488bv64) == 2320bv64); + free requires (memory_load64_le(mem, 130496bv64) == 2240bv64); + free requires (memory_load64_le(mem, 131032bv64) == 2324bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); ensures Gamma_R0 == true; ensures malloc_count == old(malloc_count) + 1; @@ -482,38 +318,10 @@ procedure malloc(); free ensures (memory_load8_le(mem, 2485bv64) == 0bv8); free ensures (memory_load8_le(mem, 2486bv64) == 2bv8); free ensures (memory_load8_le(mem, 2487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure memcpy(); modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; @@ -521,38 +329,10 @@ procedure memcpy(); free requires (memory_load8_le(mem, 2485bv64) == 0bv8); free requires (memory_load8_le(mem, 2486bv64) == 2bv8); free requires (memory_load8_le(mem, 2487bv64) == 0bv8); - free requires (memory_load8_le(mem, 130488bv64) == 16bv8); - free requires (memory_load8_le(mem, 130489bv64) == 9bv8); - free requires (memory_load8_le(mem, 130490bv64) == 0bv8); - free requires (memory_load8_le(mem, 130491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130492bv64) == 0bv8); - free requires (memory_load8_le(mem, 130493bv64) == 0bv8); - free requires (memory_load8_le(mem, 130494bv64) == 0bv8); - free requires (memory_load8_le(mem, 130495bv64) == 0bv8); - free requires (memory_load8_le(mem, 130496bv64) == 192bv8); - free requires (memory_load8_le(mem, 130497bv64) == 8bv8); - free requires (memory_load8_le(mem, 130498bv64) == 0bv8); - free requires (memory_load8_le(mem, 130499bv64) == 0bv8); - free requires (memory_load8_le(mem, 130500bv64) == 0bv8); - free requires (memory_load8_le(mem, 130501bv64) == 0bv8); - free requires (memory_load8_le(mem, 130502bv64) == 0bv8); - free requires (memory_load8_le(mem, 130503bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130488bv64) == 2320bv64); + free requires (memory_load64_le(mem, 130496bv64) == 2240bv64); + free requires (memory_load64_le(mem, 131032bv64) == 2324bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i, bvadd64(R0, R2))) then gamma_load8((Gamma_mem), bvadd64(bvsub64(i, R0), R1)) else old(gamma_load8(Gamma_mem, i)))); ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then memory_load8_le((mem), bvadd64(bvsub64(i, R0), R1)) else old(memory_load8_le(mem, i)))); @@ -560,38 +340,10 @@ procedure memcpy(); free ensures (memory_load8_le(mem, 2485bv64) == 0bv8); free ensures (memory_load8_le(mem, 2486bv64) == 2bv8); free ensures (memory_load8_le(mem, 2487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure memset(); modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; @@ -600,38 +352,10 @@ procedure memset(); free requires (memory_load8_le(mem, 2485bv64) == 0bv8); free requires (memory_load8_le(mem, 2486bv64) == 2bv8); free requires (memory_load8_le(mem, 2487bv64) == 0bv8); - free requires (memory_load8_le(mem, 130488bv64) == 16bv8); - free requires (memory_load8_le(mem, 130489bv64) == 9bv8); - free requires (memory_load8_le(mem, 130490bv64) == 0bv8); - free requires (memory_load8_le(mem, 130491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130492bv64) == 0bv8); - free requires (memory_load8_le(mem, 130493bv64) == 0bv8); - free requires (memory_load8_le(mem, 130494bv64) == 0bv8); - free requires (memory_load8_le(mem, 130495bv64) == 0bv8); - free requires (memory_load8_le(mem, 130496bv64) == 192bv8); - free requires (memory_load8_le(mem, 130497bv64) == 8bv8); - free requires (memory_load8_le(mem, 130498bv64) == 0bv8); - free requires (memory_load8_le(mem, 130499bv64) == 0bv8); - free requires (memory_load8_le(mem, 130500bv64) == 0bv8); - free requires (memory_load8_le(mem, 130501bv64) == 0bv8); - free requires (memory_load8_le(mem, 130502bv64) == 0bv8); - free requires (memory_load8_le(mem, 130503bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130488bv64) == 2320bv64); + free requires (memory_load64_le(mem, 130496bv64) == 2240bv64); + free requires (memory_load64_le(mem, 131032bv64) == 2324bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then Gamma_R1 else old(gamma_load8(Gamma_mem, i)))); ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i)))); @@ -639,38 +363,10 @@ procedure memset(); free ensures (memory_load8_le(mem, 2485bv64) == 0bv8); free ensures (memory_load8_le(mem, 2486bv64) == 2bv8); free ensures (memory_load8_le(mem, 2487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure puts(); modifies Gamma_R16, Gamma_R17, R16, R17; @@ -678,74 +374,18 @@ procedure puts(); free requires (memory_load8_le(mem, 2485bv64) == 0bv8); free requires (memory_load8_le(mem, 2486bv64) == 2bv8); free requires (memory_load8_le(mem, 2487bv64) == 0bv8); - free requires (memory_load8_le(mem, 130488bv64) == 16bv8); - free requires (memory_load8_le(mem, 130489bv64) == 9bv8); - free requires (memory_load8_le(mem, 130490bv64) == 0bv8); - free requires (memory_load8_le(mem, 130491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130492bv64) == 0bv8); - free requires (memory_load8_le(mem, 130493bv64) == 0bv8); - free requires (memory_load8_le(mem, 130494bv64) == 0bv8); - free requires (memory_load8_le(mem, 130495bv64) == 0bv8); - free requires (memory_load8_le(mem, 130496bv64) == 192bv8); - free requires (memory_load8_le(mem, 130497bv64) == 8bv8); - free requires (memory_load8_le(mem, 130498bv64) == 0bv8); - free requires (memory_load8_le(mem, 130499bv64) == 0bv8); - free requires (memory_load8_le(mem, 130500bv64) == 0bv8); - free requires (memory_load8_le(mem, 130501bv64) == 0bv8); - free requires (memory_load8_le(mem, 130502bv64) == 0bv8); - free requires (memory_load8_le(mem, 130503bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130488bv64) == 2320bv64); + free requires (memory_load64_le(mem, 130496bv64) == 2240bv64); + free requires (memory_load64_le(mem, 131032bv64) == 2324bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); free ensures (memory_load8_le(mem, 2484bv64) == 1bv8); free ensures (memory_load8_le(mem, 2485bv64) == 0bv8); free ensures (memory_load8_le(mem, 2486bv64) == 2bv8); free ensures (memory_load8_le(mem, 2487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure strlen(); modifies Gamma_R0, Gamma_R16, Gamma_R17, R0, R16, R17; @@ -753,38 +393,10 @@ procedure strlen(); free requires (memory_load8_le(mem, 2485bv64) == 0bv8); free requires (memory_load8_le(mem, 2486bv64) == 2bv8); free requires (memory_load8_le(mem, 2487bv64) == 0bv8); - free requires (memory_load8_le(mem, 130488bv64) == 16bv8); - free requires (memory_load8_le(mem, 130489bv64) == 9bv8); - free requires (memory_load8_le(mem, 130490bv64) == 0bv8); - free requires (memory_load8_le(mem, 130491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130492bv64) == 0bv8); - free requires (memory_load8_le(mem, 130493bv64) == 0bv8); - free requires (memory_load8_le(mem, 130494bv64) == 0bv8); - free requires (memory_load8_le(mem, 130495bv64) == 0bv8); - free requires (memory_load8_le(mem, 130496bv64) == 192bv8); - free requires (memory_load8_le(mem, 130497bv64) == 8bv8); - free requires (memory_load8_le(mem, 130498bv64) == 0bv8); - free requires (memory_load8_le(mem, 130499bv64) == 0bv8); - free requires (memory_load8_le(mem, 130500bv64) == 0bv8); - free requires (memory_load8_le(mem, 130501bv64) == 0bv8); - free requires (memory_load8_le(mem, 130502bv64) == 0bv8); - free requires (memory_load8_le(mem, 130503bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130488bv64) == 2320bv64); + free requires (memory_load64_le(mem, 130496bv64) == 2240bv64); + free requires (memory_load64_le(mem, 131032bv64) == 2324bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures (((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))) && (memory_load8_le(mem, $stext_addr) == old(memory_load8_le(mem, $stext_addr)))); ensures Gamma_R0 == true; ensures (forall i: bv64 :: (bvule64(old(R0), i)) && (bvult64(i, bvadd64(old(R0), R0))) ==> mem[i] != 0bv8); @@ -794,35 +406,8 @@ procedure strlen(); free ensures (memory_load8_le(mem, 2485bv64) == 0bv8); free ensures (memory_load8_le(mem, 2486bv64) == 2bv8); free ensures (memory_load8_le(mem, 2487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130488bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130489bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130490bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130492bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130493bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130494bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130495bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130496bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130497bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130498bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130499bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130500bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130501bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130502bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130503bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130488bv64) == 2320bv64); + free ensures (memory_load64_le(mem, 130496bv64) == 2240bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 2324bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); + diff --git a/src/test/incorrect/malloc_memcpy_strlen_memset_free/gcc_O2/malloc_memcpy_strlen_memset_free.expected b/src/test/incorrect/malloc_memcpy_strlen_memset_free/gcc_O2/malloc_memcpy_strlen_memset_free.expected index a05348e17..b5e8b4dec 100644 --- a/src/test/incorrect/malloc_memcpy_strlen_memset_free/gcc_O2/malloc_memcpy_strlen_memset_free.expected +++ b/src/test/incorrect/malloc_memcpy_strlen_memset_free/gcc_O2/malloc_memcpy_strlen_memset_free.expected @@ -90,43 +90,17 @@ procedure {:extern} rely(); free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); -procedure {:extern} rely_transitive() +procedure {:extern} rely_transitive(); modifies Gamma_mem, mem; ensures (mem == old(mem)); ensures (Gamma_mem == old(Gamma_mem)); + +implementation {:extern} rely_transitive() { call rely(); call rely(); @@ -144,76 +118,20 @@ procedure #free(); free requires (memory_load8_le(mem, 2473bv64) == 0bv8); free requires (memory_load8_le(mem, 2474bv64) == 2bv8); free requires (memory_load8_le(mem, 2475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 144bv8); - free requires (memory_load8_le(mem, 130505bv64) == 9bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 64bv8); - free requires (memory_load8_le(mem, 130513bv64) == 9bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 192bv8); - free requires (memory_load8_le(mem, 131033bv64) == 7bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130504bv64) == 2448bv64); + free requires (memory_load64_le(mem, 130512bv64) == 2368bv64); + free requires (memory_load64_le(mem, 131032bv64) == 1984bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); free ensures (memory_load8_le(mem, 2472bv64) == 1bv8); free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); -procedure main() +procedure main(); modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R19, Gamma_R2, Gamma_R20, Gamma_R21, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R19, R2, R20, R21, R29, R30, R31, malloc_base, malloc_count, malloc_end, mem, stack; requires (gamma_load8(Gamma_mem, $password_addr) == false); requires malloc_count == 0; @@ -251,38 +169,10 @@ procedure main() free requires (memory_load8_le(mem, 2473bv64) == 0bv8); free requires (memory_load8_le(mem, 2474bv64) == 2bv8); free requires (memory_load8_le(mem, 2475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 144bv8); - free requires (memory_load8_le(mem, 130505bv64) == 9bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 64bv8); - free requires (memory_load8_le(mem, 130513bv64) == 9bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 192bv8); - free requires (memory_load8_le(mem, 131033bv64) == 7bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130504bv64) == 2448bv64); + free requires (memory_load64_le(mem, 130512bv64) == 2368bv64); + free requires (memory_load64_le(mem, 131032bv64) == 1984bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); free ensures (Gamma_R19 == old(Gamma_R19)); free ensures (Gamma_R20 == old(Gamma_R20)); free ensures (Gamma_R21 == old(Gamma_R21)); @@ -297,38 +187,12 @@ procedure main() free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); + +implementation main() { var #1: bv64; var #2: bv64; @@ -434,38 +298,10 @@ procedure malloc(); free requires (memory_load8_le(mem, 2473bv64) == 0bv8); free requires (memory_load8_le(mem, 2474bv64) == 2bv8); free requires (memory_load8_le(mem, 2475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 144bv8); - free requires (memory_load8_le(mem, 130505bv64) == 9bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 64bv8); - free requires (memory_load8_le(mem, 130513bv64) == 9bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 192bv8); - free requires (memory_load8_le(mem, 131033bv64) == 7bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130504bv64) == 2448bv64); + free requires (memory_load64_le(mem, 130512bv64) == 2368bv64); + free requires (memory_load64_le(mem, 131032bv64) == 1984bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); ensures Gamma_R0 == true; ensures malloc_count == old(malloc_count) + 1; @@ -480,38 +316,10 @@ procedure malloc(); free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure memcpy(); modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; @@ -519,38 +327,10 @@ procedure memcpy(); free requires (memory_load8_le(mem, 2473bv64) == 0bv8); free requires (memory_load8_le(mem, 2474bv64) == 2bv8); free requires (memory_load8_le(mem, 2475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 144bv8); - free requires (memory_load8_le(mem, 130505bv64) == 9bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 64bv8); - free requires (memory_load8_le(mem, 130513bv64) == 9bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 192bv8); - free requires (memory_load8_le(mem, 131033bv64) == 7bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130504bv64) == 2448bv64); + free requires (memory_load64_le(mem, 130512bv64) == 2368bv64); + free requires (memory_load64_le(mem, 131032bv64) == 1984bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i, bvadd64(R0, R2))) then gamma_load8((Gamma_mem), bvadd64(bvsub64(i, R0), R1)) else old(gamma_load8(Gamma_mem, i)))); ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then memory_load8_le((mem), bvadd64(bvsub64(i, R0), R1)) else old(memory_load8_le(mem, i)))); @@ -558,38 +338,10 @@ procedure memcpy(); free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure memset(); modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; @@ -598,38 +350,10 @@ procedure memset(); free requires (memory_load8_le(mem, 2473bv64) == 0bv8); free requires (memory_load8_le(mem, 2474bv64) == 2bv8); free requires (memory_load8_le(mem, 2475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 144bv8); - free requires (memory_load8_le(mem, 130505bv64) == 9bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 64bv8); - free requires (memory_load8_le(mem, 130513bv64) == 9bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 192bv8); - free requires (memory_load8_le(mem, 131033bv64) == 7bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130504bv64) == 2448bv64); + free requires (memory_load64_le(mem, 130512bv64) == 2368bv64); + free requires (memory_load64_le(mem, 131032bv64) == 1984bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then Gamma_R1 else old(gamma_load8(Gamma_mem, i)))); ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i)))); @@ -637,38 +361,10 @@ procedure memset(); free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure puts(); modifies Gamma_R16, Gamma_R17, R16, R17; @@ -676,74 +372,18 @@ procedure puts(); free requires (memory_load8_le(mem, 2473bv64) == 0bv8); free requires (memory_load8_le(mem, 2474bv64) == 2bv8); free requires (memory_load8_le(mem, 2475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 144bv8); - free requires (memory_load8_le(mem, 130505bv64) == 9bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 64bv8); - free requires (memory_load8_le(mem, 130513bv64) == 9bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 192bv8); - free requires (memory_load8_le(mem, 131033bv64) == 7bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130504bv64) == 2448bv64); + free requires (memory_load64_le(mem, 130512bv64) == 2368bv64); + free requires (memory_load64_le(mem, 131032bv64) == 1984bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); free ensures (memory_load8_le(mem, 2472bv64) == 1bv8); free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); procedure strlen(); modifies Gamma_R0, Gamma_R16, Gamma_R17, R0, R16, R17; @@ -751,38 +391,10 @@ procedure strlen(); free requires (memory_load8_le(mem, 2473bv64) == 0bv8); free requires (memory_load8_le(mem, 2474bv64) == 2bv8); free requires (memory_load8_le(mem, 2475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 144bv8); - free requires (memory_load8_le(mem, 130505bv64) == 9bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 64bv8); - free requires (memory_load8_le(mem, 130513bv64) == 9bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 192bv8); - free requires (memory_load8_le(mem, 131033bv64) == 7bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load64_le(mem, 130504bv64) == 2448bv64); + free requires (memory_load64_le(mem, 130512bv64) == 2368bv64); + free requires (memory_load64_le(mem, 131032bv64) == 1984bv64); + free requires (memory_load64_le(mem, 131160bv64) == 131160bv64); ensures (((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))) && (memory_load8_le(mem, $stext_addr) == old(memory_load8_le(mem, $stext_addr)))); ensures Gamma_R0 == true; ensures (forall i: bv64 :: (bvule64(old(R0), i)) && (bvult64(i, bvadd64(old(R0), R0))) ==> mem[i] != 0bv8); @@ -792,35 +404,8 @@ procedure strlen(); free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load64_le(mem, 130504bv64) == 2448bv64); + free ensures (memory_load64_le(mem, 130512bv64) == 2368bv64); + free ensures (memory_load64_le(mem, 131032bv64) == 1984bv64); + free ensures (memory_load64_le(mem, 131160bv64) == 131160bv64); +