diff --git a/examples/http_parse_basic/Makefile b/examples/http_parse_basic/Makefile deleted file mode 100644 index 417f11423..000000000 --- a/examples/http_parse_basic/Makefile +++ /dev/null @@ -1,19 +0,0 @@ - -result: example.bpl extraspec.bpl - boogie example.bpl extraspec.bpl /mv example.model /proverLog lambdas.smt2 /smoke | tee resultlambdas - boogie example-nolambda.bpl extraspec.bpl /useArrayAxioms /mv example.model /smoke | tee resultaxioms - boogie example-nolambda.bpl extraspec.bpl /mv example.model | tee result - -a.out: example.c - aarch64-linux-gnu-gcc example.c - -example.adt: a.out - bap-aslp a.out -d adt:example.adt - bap-aslp a.out -d > example.bil - readelf -s -r -W a.out > example.relf - -example.bpl: example.adt example.spec - java -jar ../../target/scala-3.3.1/wptool-boogie-assembly-0.0.1.jar --adt example.adt --relf example.relf -o example.bpl --spec example.spec --boogie-use-lambda-stores - java -jar ../../target/scala-3.3.1/wptool-boogie-assembly-0.0.1.jar --adt example.adt --relf example.relf -o example-nolambda.bpl --spec example.spec - - diff --git a/examples/http_parse_basic/beans b/examples/http_parse_basic/beans deleted file mode 100644 index faa922834..000000000 --- a/examples/http_parse_basic/beans +++ /dev/null @@ -1,1128 +0,0 @@ -// Boogie program verifier version 3.0.5.0, Copyright (c) 2003-2014, Microsoft. -// Command Line Options: /proverLog:smtout.log example.bpl extraspec.bpl /vcsSplitOnEveryAssert /printDesugared /printLambdaLifting /print beans - -var {:extern} Gamma_R0: bool; - -var {:extern} Gamma_R1: bool; - -var {:extern} Gamma_R16: bool; - -var {:extern} Gamma_R17: bool; - -var {:extern} Gamma_R19: bool; - -var {:extern} Gamma_R2: bool; - -var {:extern} Gamma_R29: bool; - -var {:extern} Gamma_R30: bool; - -var {:extern} Gamma_R31: bool; - -var {:extern} Gamma_mem: [bv64]bool; - -var {:extern} Gamma_stack: [bv64]bool; - -var {:extern} R0: bv64; - -var {:extern} R1: bv64; - -var {:extern} R16: bv64; - -var {:extern} R17: bv64; - -var {:extern} R19: bv64; - -var {:extern} R2: bv64; - -var {:extern} R29: bv64; - -var {:extern} R30: bv64; - -var {:extern} R31: bv64; - -var {:extern} mem: [bv64]bv8; - -var {:extern} stack: [bv64]bv8; - -const {:extern} $buf_addr: bv64; - -axiom $buf_addr == 131200bv64; - -const {:extern} $password_addr: bv64; - -axiom $password_addr == 131168bv64; - -const {:extern} $stext_addr: bv64; - -axiom $stext_addr == 131176bv64; - -function {:extern} L(memory: [bv64]bv8, index: bv64) : bool -uses { -axiom (forall memory: [bv64]bv8, index: bv64 :: - {:extern} { L(memory, index): bool } - L(memory, index): bool <==> false); -} - -function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) : bv64; - -function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) : bv64; - -function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) : bv64; - -function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) : bv64; - -function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) : bool; - -function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) : bool; - -function {:inline} byte_extract64_64(value: bv64, offset: bv64) : bv8 -{ - bvlshr64(value, bvmul64(offset, 8bv64))[8:0] -} - -function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) : bool -uses { -axiom (forall gammaMap: [bv64]bool, index: bv64 :: - {:extern} { gamma_load32(gammaMap, index): bool } - gamma_load32(gammaMap, index): bool - <==> gammaMap[bvadd64(index, 3bv64)] - && - gammaMap[bvadd64(index, 2bv64)] - && - gammaMap[bvadd64(index, 1bv64)] - && gammaMap[index]); -} - -function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) : bool -uses { -axiom (forall gammaMap: [bv64]bool, index: bv64 :: - {:extern} { gamma_load64(gammaMap, index): bool } - gamma_load64(gammaMap, index): bool - <==> gammaMap[bvadd64(index, 7bv64)] - && - gammaMap[bvadd64(index, 6bv64)] - && - gammaMap[bvadd64(index, 5bv64)] - && - gammaMap[bvadd64(index, 4bv64)] - && - gammaMap[bvadd64(index, 3bv64)] - && - gammaMap[bvadd64(index, 2bv64)] - && - gammaMap[bvadd64(index, 1bv64)] - && gammaMap[index]); -} - -function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) : bool -uses { -axiom (forall gammaMap: [bv64]bool, index: bv64 :: - {:extern} { gamma_load8(gammaMap, index): bool } - gamma_load8(gammaMap, index): bool <==> gammaMap[index]); -} - -function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) : [bv64]bool -uses { -axiom (forall gammaMap: [bv64]bool, index: bv64, value: bool :: - {:extern} { gamma_store64(gammaMap, index, value): [bv64]bool } - gamma_store64(gammaMap, index, value): [bv64]bool - == lambda#0(index, 8bv64, value, gammaMap)); -} - -function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) : [bv64]bool -uses { -axiom (forall gammaMap: [bv64]bool, index: bv64, value: bool :: - {:extern} { gamma_store8(gammaMap, index, value): [bv64]bool } - gamma_store8(gammaMap, index, value): [bv64]bool == gammaMap[index := value]); -} - -function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) : bool -{ - (if bvule64(base, bvadd64(base, len)) - then bvule64(base, i) && bvult64(i, bvadd64(base, len)) - else bvule64(base, i) || bvult64(i, bvadd64(base, len))) -} - -function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) : bv64 -uses { -axiom (forall memory: [bv64]bv8, index: bv64 :: - {:extern} { memory_load64_le(memory, index): bv64 } - memory_load64_le(memory, index): bv64 - == memory[bvadd64(index, 7bv64)] ++ (memory[bvadd64(index, 6bv64)] ++ (memory[bvadd64(index, 5bv64)] ++ (memory[bvadd64(index, 4bv64)] ++ (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index]))))))); -} - -function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) : bv8 -uses { -axiom (forall memory: [bv64]bv8, index: bv64 :: - {:extern} { memory_load8_le(memory, index): bv8 } - memory_load8_le(memory, index): bv8 == memory[index]); -} - -function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) : [bv64]bv8 -uses { -axiom (forall memory: [bv64]bv8, index: bv64, value: bv64 :: - {:extern} { memory_store64_le(memory, index, value): [bv64]bv8 } - memory_store64_le(memory, index, value): [bv64]bv8 - == lambda#1(index, 8bv64, value, index, memory)); -} - -function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) : [bv64]bv8 -uses { -axiom (forall memory: [bv64]bv8, index: bv64, value: bv8 :: - {:extern} { memory_store8_le(memory, index, value): [bv64]bv8 } - memory_store8_le(memory, index, value): [bv64]bv8 == memory[index := value]); -} - -procedure {:extern} rely(); - modifies Gamma_mem, mem; - ensures mem == old(mem); - ensures Gamma_mem == old(Gamma_mem); - free ensures memory_load8_le(mem, 2488bv64) == 1bv8; - free ensures memory_load8_le(mem, 2489bv64) == 0bv8; - free ensures memory_load8_le(mem, 2490bv64) == 2bv8; - free ensures memory_load8_le(mem, 2491bv64) == 0bv8; - free ensures memory_load8_le(mem, 130504bv64) == 208bv8; - free ensures memory_load8_le(mem, 130505bv64) == 8bv8; - free ensures memory_load8_le(mem, 130506bv64) == 0bv8; - free ensures memory_load8_le(mem, 130507bv64) == 0bv8; - free ensures memory_load8_le(mem, 130508bv64) == 0bv8; - free ensures memory_load8_le(mem, 130509bv64) == 0bv8; - free ensures memory_load8_le(mem, 130510bv64) == 0bv8; - free ensures memory_load8_le(mem, 130511bv64) == 0bv8; - free ensures memory_load8_le(mem, 130512bv64) == 128bv8; - free ensures memory_load8_le(mem, 130513bv64) == 8bv8; - free ensures memory_load8_le(mem, 130514bv64) == 0bv8; - free ensures memory_load8_le(mem, 130515bv64) == 0bv8; - free ensures memory_load8_le(mem, 130516bv64) == 0bv8; - free ensures memory_load8_le(mem, 130517bv64) == 0bv8; - free ensures memory_load8_le(mem, 130518bv64) == 0bv8; - free ensures memory_load8_le(mem, 130519bv64) == 0bv8; - free ensures memory_load8_le(mem, 131032bv64) == 212bv8; - free ensures memory_load8_le(mem, 131033bv64) == 8bv8; - free ensures memory_load8_le(mem, 131034bv64) == 0bv8; - free ensures memory_load8_le(mem, 131035bv64) == 0bv8; - free ensures memory_load8_le(mem, 131036bv64) == 0bv8; - free ensures memory_load8_le(mem, 131037bv64) == 0bv8; - free ensures memory_load8_le(mem, 131038bv64) == 0bv8; - free ensures memory_load8_le(mem, 131039bv64) == 0bv8; - free ensures memory_load8_le(mem, 131160bv64) == 88bv8; - free ensures memory_load8_le(mem, 131161bv64) == 0bv8; - free ensures memory_load8_le(mem, 131162bv64) == 2bv8; - free ensures memory_load8_le(mem, 131163bv64) == 0bv8; - free ensures memory_load8_le(mem, 131164bv64) == 0bv8; - free ensures memory_load8_le(mem, 131165bv64) == 0bv8; - free ensures memory_load8_le(mem, 131166bv64) == 0bv8; - free ensures memory_load8_le(mem, 131167bv64) == 0bv8; - - - -procedure {:extern} rely_transitive(); - modifies Gamma_mem, mem; - ensures mem == old(mem); - ensures Gamma_mem == old(Gamma_mem); - - - -implementation {:extern} rely_transitive() -{ - call rely(); - call rely(); -} - - - -procedure {:extern} rely_reflexive(); - - - -procedure {:extern} guarantee_reflexive(); - modifies Gamma_mem, mem; - - - -procedure #free(); - requires (forall i: int, j: bv64 :: - malloc_base[i] == R0 && bvuge64(j, R0) && bvult64(j, malloc_end[i]) - ==> Gamma_mem[j]); - free requires memory_load8_le(mem, 2488bv64) == 1bv8; - free requires memory_load8_le(mem, 2489bv64) == 0bv8; - free requires memory_load8_le(mem, 2490bv64) == 2bv8; - free requires memory_load8_le(mem, 2491bv64) == 0bv8; - free requires memory_load8_le(mem, 130504bv64) == 208bv8; - free requires memory_load8_le(mem, 130505bv64) == 8bv8; - free requires memory_load8_le(mem, 130506bv64) == 0bv8; - free requires memory_load8_le(mem, 130507bv64) == 0bv8; - free requires memory_load8_le(mem, 130508bv64) == 0bv8; - free requires memory_load8_le(mem, 130509bv64) == 0bv8; - free requires memory_load8_le(mem, 130510bv64) == 0bv8; - free requires memory_load8_le(mem, 130511bv64) == 0bv8; - free requires memory_load8_le(mem, 130512bv64) == 128bv8; - free requires memory_load8_le(mem, 130513bv64) == 8bv8; - free requires memory_load8_le(mem, 130514bv64) == 0bv8; - free requires memory_load8_le(mem, 130515bv64) == 0bv8; - free requires memory_load8_le(mem, 130516bv64) == 0bv8; - free requires memory_load8_le(mem, 130517bv64) == 0bv8; - free requires memory_load8_le(mem, 130518bv64) == 0bv8; - free requires memory_load8_le(mem, 130519bv64) == 0bv8; - free requires memory_load8_le(mem, 131032bv64) == 212bv8; - free requires memory_load8_le(mem, 131033bv64) == 8bv8; - free requires memory_load8_le(mem, 131034bv64) == 0bv8; - free requires memory_load8_le(mem, 131035bv64) == 0bv8; - free requires memory_load8_le(mem, 131036bv64) == 0bv8; - free requires memory_load8_le(mem, 131037bv64) == 0bv8; - free requires memory_load8_le(mem, 131038bv64) == 0bv8; - free requires memory_load8_le(mem, 131039bv64) == 0bv8; - free requires memory_load8_le(mem, 131160bv64) == 88bv8; - free requires memory_load8_le(mem, 131161bv64) == 0bv8; - free requires memory_load8_le(mem, 131162bv64) == 2bv8; - free requires memory_load8_le(mem, 131163bv64) == 0bv8; - free requires memory_load8_le(mem, 131164bv64) == 0bv8; - free requires memory_load8_le(mem, 131165bv64) == 0bv8; - free requires memory_load8_le(mem, 131166bv64) == 0bv8; - free requires memory_load8_le(mem, 131167bv64) == 0bv8; - modifies Gamma_R16, Gamma_R17, R16, R17; - free ensures memory_load8_le(mem, 2488bv64) == 1bv8; - free ensures memory_load8_le(mem, 2489bv64) == 0bv8; - free ensures memory_load8_le(mem, 2490bv64) == 2bv8; - free ensures memory_load8_le(mem, 2491bv64) == 0bv8; - free ensures memory_load8_le(mem, 130504bv64) == 208bv8; - free ensures memory_load8_le(mem, 130505bv64) == 8bv8; - free ensures memory_load8_le(mem, 130506bv64) == 0bv8; - free ensures memory_load8_le(mem, 130507bv64) == 0bv8; - free ensures memory_load8_le(mem, 130508bv64) == 0bv8; - free ensures memory_load8_le(mem, 130509bv64) == 0bv8; - free ensures memory_load8_le(mem, 130510bv64) == 0bv8; - free ensures memory_load8_le(mem, 130511bv64) == 0bv8; - free ensures memory_load8_le(mem, 130512bv64) == 128bv8; - free ensures memory_load8_le(mem, 130513bv64) == 8bv8; - free ensures memory_load8_le(mem, 130514bv64) == 0bv8; - free ensures memory_load8_le(mem, 130515bv64) == 0bv8; - free ensures memory_load8_le(mem, 130516bv64) == 0bv8; - free ensures memory_load8_le(mem, 130517bv64) == 0bv8; - free ensures memory_load8_le(mem, 130518bv64) == 0bv8; - free ensures memory_load8_le(mem, 130519bv64) == 0bv8; - free ensures memory_load8_le(mem, 131032bv64) == 212bv8; - free ensures memory_load8_le(mem, 131033bv64) == 8bv8; - free ensures memory_load8_le(mem, 131034bv64) == 0bv8; - free ensures memory_load8_le(mem, 131035bv64) == 0bv8; - free ensures memory_load8_le(mem, 131036bv64) == 0bv8; - free ensures memory_load8_le(mem, 131037bv64) == 0bv8; - free ensures memory_load8_le(mem, 131038bv64) == 0bv8; - free ensures memory_load8_le(mem, 131039bv64) == 0bv8; - free ensures memory_load8_le(mem, 131160bv64) == 88bv8; - free ensures memory_load8_le(mem, 131161bv64) == 0bv8; - free ensures memory_load8_le(mem, 131162bv64) == 2bv8; - free ensures memory_load8_le(mem, 131163bv64) == 0bv8; - free ensures memory_load8_le(mem, 131164bv64) == 0bv8; - free ensures memory_load8_le(mem, 131165bv64) == 0bv8; - free ensures memory_load8_le(mem, 131166bv64) == 0bv8; - free ensures memory_load8_le(mem, 131167bv64) == 0bv8; - - - -procedure main(); - requires gamma_load8(Gamma_mem, $password_addr) <==> false; - requires malloc_count == 0; - requires gamma_load32(Gamma_mem, memory_load64_le(mem, $stext_addr)); - requires R31 == 100bv64; - free requires memory_load8_le(mem, 131152bv64) == 0bv8; - free requires memory_load8_le(mem, 131153bv64) == 0bv8; - free requires memory_load8_le(mem, 131154bv64) == 0bv8; - free requires memory_load8_le(mem, 131155bv64) == 0bv8; - free requires memory_load8_le(mem, 131156bv64) == 0bv8; - free requires memory_load8_le(mem, 131157bv64) == 0bv8; - free requires memory_load8_le(mem, 131158bv64) == 0bv8; - free requires memory_load8_le(mem, 131159bv64) == 0bv8; - free requires memory_load8_le(mem, 131160bv64) == 88bv8; - free requires memory_load8_le(mem, 131161bv64) == 0bv8; - free requires memory_load8_le(mem, 131162bv64) == 2bv8; - free requires memory_load8_le(mem, 131163bv64) == 0bv8; - free requires memory_load8_le(mem, 131164bv64) == 0bv8; - free requires memory_load8_le(mem, 131165bv64) == 0bv8; - free requires memory_load8_le(mem, 131166bv64) == 0bv8; - free requires memory_load8_le(mem, 131167bv64) == 0bv8; - free requires memory_load8_le(mem, 131168bv64) == 7bv8; - free requires memory_load8_le(mem, 131169bv64) == 0bv8; - free requires memory_load8_le(mem, 131170bv64) == 0bv8; - free requires memory_load8_le(mem, 131171bv64) == 0bv8; - free requires memory_load8_le(mem, 131172bv64) == 0bv8; - free requires memory_load8_le(mem, 131173bv64) == 0bv8; - free requires memory_load8_le(mem, 131174bv64) == 0bv8; - free requires memory_load8_le(mem, 131175bv64) == 0bv8; - free requires memory_load8_le(mem, 131176bv64) == 104bv8; - free requires memory_load8_le(mem, 131177bv64) == 101bv8; - free requires memory_load8_le(mem, 131178bv64) == 108bv8; - free requires memory_load8_le(mem, 131179bv64) == 108bv8; - free requires memory_load8_le(mem, 131180bv64) == 111bv8; - free requires memory_load8_le(mem, 131181bv64) == 111bv8; - free requires memory_load8_le(mem, 131182bv64) == 0bv8; - free requires memory_load8_le(mem, 131183bv64) == 0bv8; - free requires memory_load8_le(mem, 131184bv64) == 0bv8; - free requires memory_load8_le(mem, 131185bv64) == 0bv8; - free requires memory_load8_le(mem, 131186bv64) == 0bv8; - free requires memory_load8_le(mem, 2488bv64) == 1bv8; - free requires memory_load8_le(mem, 2489bv64) == 0bv8; - free requires memory_load8_le(mem, 2490bv64) == 2bv8; - free requires memory_load8_le(mem, 2491bv64) == 0bv8; - free requires memory_load8_le(mem, 130504bv64) == 208bv8; - free requires memory_load8_le(mem, 130505bv64) == 8bv8; - free requires memory_load8_le(mem, 130506bv64) == 0bv8; - free requires memory_load8_le(mem, 130507bv64) == 0bv8; - free requires memory_load8_le(mem, 130508bv64) == 0bv8; - free requires memory_load8_le(mem, 130509bv64) == 0bv8; - free requires memory_load8_le(mem, 130510bv64) == 0bv8; - free requires memory_load8_le(mem, 130511bv64) == 0bv8; - free requires memory_load8_le(mem, 130512bv64) == 128bv8; - free requires memory_load8_le(mem, 130513bv64) == 8bv8; - free requires memory_load8_le(mem, 130514bv64) == 0bv8; - free requires memory_load8_le(mem, 130515bv64) == 0bv8; - free requires memory_load8_le(mem, 130516bv64) == 0bv8; - free requires memory_load8_le(mem, 130517bv64) == 0bv8; - free requires memory_load8_le(mem, 130518bv64) == 0bv8; - free requires memory_load8_le(mem, 130519bv64) == 0bv8; - free requires memory_load8_le(mem, 131032bv64) == 212bv8; - free requires memory_load8_le(mem, 131033bv64) == 8bv8; - free requires memory_load8_le(mem, 131034bv64) == 0bv8; - free requires memory_load8_le(mem, 131035bv64) == 0bv8; - free requires memory_load8_le(mem, 131036bv64) == 0bv8; - free requires memory_load8_le(mem, 131037bv64) == 0bv8; - free requires memory_load8_le(mem, 131038bv64) == 0bv8; - free requires memory_load8_le(mem, 131039bv64) == 0bv8; - free requires memory_load8_le(mem, 131160bv64) == 88bv8; - free requires memory_load8_le(mem, 131161bv64) == 0bv8; - free requires memory_load8_le(mem, 131162bv64) == 2bv8; - free requires memory_load8_le(mem, 131163bv64) == 0bv8; - free requires memory_load8_le(mem, 131164bv64) == 0bv8; - free requires memory_load8_le(mem, 131165bv64) == 0bv8; - free requires memory_load8_le(mem, 131166bv64) == 0bv8; - free requires memory_load8_le(mem, 131167bv64) == 0bv8; - modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R19, Gamma_R2, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R19, R2, R29, R30, R31, malloc_base, malloc_count, malloc_end, mem, stack; - free ensures Gamma_R19 <==> old(Gamma_R19); - free ensures Gamma_R29 <==> old(Gamma_R29); - free ensures Gamma_R31 <==> old(Gamma_R31); - free ensures R19 == old(R19); - free ensures R29 == old(R29); - free ensures R31 == old(R31); - free ensures memory_load8_le(mem, 2488bv64) == 1bv8; - free ensures memory_load8_le(mem, 2489bv64) == 0bv8; - free ensures memory_load8_le(mem, 2490bv64) == 2bv8; - free ensures memory_load8_le(mem, 2491bv64) == 0bv8; - free ensures memory_load8_le(mem, 130504bv64) == 208bv8; - free ensures memory_load8_le(mem, 130505bv64) == 8bv8; - free ensures memory_load8_le(mem, 130506bv64) == 0bv8; - free ensures memory_load8_le(mem, 130507bv64) == 0bv8; - free ensures memory_load8_le(mem, 130508bv64) == 0bv8; - free ensures memory_load8_le(mem, 130509bv64) == 0bv8; - free ensures memory_load8_le(mem, 130510bv64) == 0bv8; - free ensures memory_load8_le(mem, 130511bv64) == 0bv8; - free ensures memory_load8_le(mem, 130512bv64) == 128bv8; - free ensures memory_load8_le(mem, 130513bv64) == 8bv8; - free ensures memory_load8_le(mem, 130514bv64) == 0bv8; - free ensures memory_load8_le(mem, 130515bv64) == 0bv8; - free ensures memory_load8_le(mem, 130516bv64) == 0bv8; - free ensures memory_load8_le(mem, 130517bv64) == 0bv8; - free ensures memory_load8_le(mem, 130518bv64) == 0bv8; - free ensures memory_load8_le(mem, 130519bv64) == 0bv8; - free ensures memory_load8_le(mem, 131032bv64) == 212bv8; - free ensures memory_load8_le(mem, 131033bv64) == 8bv8; - free ensures memory_load8_le(mem, 131034bv64) == 0bv8; - free ensures memory_load8_le(mem, 131035bv64) == 0bv8; - free ensures memory_load8_le(mem, 131036bv64) == 0bv8; - free ensures memory_load8_le(mem, 131037bv64) == 0bv8; - free ensures memory_load8_le(mem, 131038bv64) == 0bv8; - free ensures memory_load8_le(mem, 131039bv64) == 0bv8; - free ensures memory_load8_le(mem, 131160bv64) == 88bv8; - free ensures memory_load8_le(mem, 131161bv64) == 0bv8; - free ensures memory_load8_le(mem, 131162bv64) == 2bv8; - free ensures memory_load8_le(mem, 131163bv64) == 0bv8; - free ensures memory_load8_le(mem, 131164bv64) == 0bv8; - free ensures memory_load8_le(mem, 131165bv64) == 0bv8; - free ensures memory_load8_le(mem, 131166bv64) == 0bv8; - free ensures memory_load8_le(mem, 131167bv64) == 0bv8; - - - -implementation main() -{ - var #4: bv64; - var Gamma_#4: bool; - - lmain: - assume {:captureState "lmain"} true; - #4, Gamma_#4 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31; - stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29); - assume {:captureState "%00000384"} true; - stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30); - assume {:captureState "%0000038a"} true; - R31, Gamma_R31 := #4, Gamma_#4; - R29, Gamma_R29 := R31, Gamma_R31; - stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R19), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R19); - assume {:captureState "%0000039c"} true; - stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), true); - assume {:captureState "%000003a3"} true; - stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 32bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31, 32bv64), true); - assume {:captureState "%000003aa"} true; - R0, Gamma_R0 := 11bv64, true; - R30, Gamma_R30 := 2288bv64, true; - call malloc(); - assume {:captureState "l000003b9"} true; - R1, Gamma_R1 := R0, Gamma_R0; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; - call rely(); - assert L(mem, R0) ==> Gamma_R1; - mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1); - assume {:captureState "%000003d0"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; - call rely(); - R19, Gamma_R19 := memory_load64_le(mem, R0), gamma_load64(Gamma_mem, R0) || L(mem, R0); - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 104bv64), Gamma_R0; - R30, Gamma_R30 := 2328bv64, true; - call strlen(); - assume {:captureState "l000003f7"} true; - R2, Gamma_R2 := R0, Gamma_R0; - R0, Gamma_R0 := 131072bv64, true; - R1, Gamma_R1 := bvadd64(R0, 104bv64), Gamma_R0; - R0, Gamma_R0 := R19, Gamma_R19; - R30, Gamma_R30 := 2348bv64, true; - call memcpy(); - assume {:captureState "l00000416"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; - call rely(); - R0, Gamma_R0 := memory_load64_le(mem, R0), gamma_load64(Gamma_mem, R0) || L(mem, R0); - R30, Gamma_R30 := 2364bv64, true; - call puts(); - assume {:captureState "l00000430"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; - call rely(); - R0, Gamma_R0 := memory_load64_le(mem, R0), gamma_load64(Gamma_mem, R0) || L(mem, R0); - R0, Gamma_R0 := bvadd64(R0, 2bv64), Gamma_R0; - stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0); - assume {:captureState "%0000044e"} true; - R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64)); - call rely(); - assert L(mem, R0) ==> true; - mem, Gamma_mem := memory_store8_le(mem, R0, 0bv8), gamma_store8(Gamma_mem, R0, true); - assume {:captureState "%0000045c"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; - call rely(); - R19, Gamma_R19 := memory_load64_le(mem, R0), gamma_load64(Gamma_mem, R0) || L(mem, R0); - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; - call rely(); - R0, Gamma_R0 := memory_load64_le(mem, R0), gamma_load64(Gamma_mem, R0) || L(mem, R0); - R30, Gamma_R30 := 2420bv64, true; - call strlen(); - assume {:captureState "l00000489"} true; - R2, Gamma_R2 := R0, Gamma_R0; - R1, Gamma_R1 := 1bv64, true; - R0, Gamma_R0 := R19, Gamma_R19; - R30, Gamma_R30 := 2436bv64, true; - call memset(); - assume {:captureState "l000004a2"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; - call rely(); - R0, Gamma_R0 := memory_load64_le(mem, R0), gamma_load64(Gamma_mem, R0) || L(mem, R0); - R30, Gamma_R30 := 2452bv64, true; - call #free(); - assume {:captureState "l000004bc"} true; - R0, Gamma_R0 := 0bv64, true; - R19, Gamma_R19 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64)); - R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31); - R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64)); - R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31; - goto l000003b9; - - l000003b9: - assume {:captureState "l000003b9"} true; - R1, Gamma_R1 := R0, Gamma_R0; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; - call rely(); - assert L(mem, R0) ==> Gamma_R1; - mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1); - assume {:captureState "%000003d0"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; - call rely(); - R19, Gamma_R19 := memory_load64_le(mem, R0), gamma_load64(Gamma_mem, R0) || L(mem, R0); - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 104bv64), Gamma_R0; - R30, Gamma_R30 := 2328bv64, true; - call strlen(); - goto l000003f7; - - l000003f7: - assume {:captureState "l000003f7"} true; - R2, Gamma_R2 := R0, Gamma_R0; - R0, Gamma_R0 := 131072bv64, true; - R1, Gamma_R1 := bvadd64(R0, 104bv64), Gamma_R0; - R0, Gamma_R0 := R19, Gamma_R19; - R30, Gamma_R30 := 2348bv64, true; - call memcpy(); - goto l00000416; - - l00000416: - assume {:captureState "l00000416"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; - call rely(); - R0, Gamma_R0 := memory_load64_le(mem, R0), gamma_load64(Gamma_mem, R0) || L(mem, R0); - R30, Gamma_R30 := 2364bv64, true; - call puts(); - goto l00000430; - - l00000430: - assume {:captureState "l00000430"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; - call rely(); - R0, Gamma_R0 := memory_load64_le(mem, R0), gamma_load64(Gamma_mem, R0) || L(mem, R0); - R0, Gamma_R0 := bvadd64(R0, 2bv64), Gamma_R0; - stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0); - assume {:captureState "%0000044e"} true; - R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64)); - call rely(); - assert L(mem, R0) ==> true; - mem, Gamma_mem := memory_store8_le(mem, R0, 0bv8), gamma_store8(Gamma_mem, R0, true); - assume {:captureState "%0000045c"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; - call rely(); - R19, Gamma_R19 := memory_load64_le(mem, R0), gamma_load64(Gamma_mem, R0) || L(mem, R0); - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; - call rely(); - R0, Gamma_R0 := memory_load64_le(mem, R0), gamma_load64(Gamma_mem, R0) || L(mem, R0); - R30, Gamma_R30 := 2420bv64, true; - call strlen(); - goto l00000489; - - l00000489: - assume {:captureState "l00000489"} true; - R2, Gamma_R2 := R0, Gamma_R0; - R1, Gamma_R1 := 1bv64, true; - R0, Gamma_R0 := R19, Gamma_R19; - R30, Gamma_R30 := 2436bv64, true; - call memset(); - goto l000004a2; - - l000004a2: - assume {:captureState "l000004a2"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; - call rely(); - R0, Gamma_R0 := memory_load64_le(mem, R0), gamma_load64(Gamma_mem, R0) || L(mem, R0); - R30, Gamma_R30 := 2452bv64, true; - call #free(); - goto l000004bc; - - l000004bc: - assume {:captureState "l000004bc"} true; - R0, Gamma_R0 := 0bv64, true; - R19, Gamma_R19 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64)); - R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31); - R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64)); - R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31; - return; -} - - - -procedure malloc(); - requires bvugt64(R0, 0bv64); - requires Gamma_R0 <==> true; - free requires memory_load8_le(mem, 2488bv64) == 1bv8; - free requires memory_load8_le(mem, 2489bv64) == 0bv8; - free requires memory_load8_le(mem, 2490bv64) == 2bv8; - free requires memory_load8_le(mem, 2491bv64) == 0bv8; - free requires memory_load8_le(mem, 130504bv64) == 208bv8; - free requires memory_load8_le(mem, 130505bv64) == 8bv8; - free requires memory_load8_le(mem, 130506bv64) == 0bv8; - free requires memory_load8_le(mem, 130507bv64) == 0bv8; - free requires memory_load8_le(mem, 130508bv64) == 0bv8; - free requires memory_load8_le(mem, 130509bv64) == 0bv8; - free requires memory_load8_le(mem, 130510bv64) == 0bv8; - free requires memory_load8_le(mem, 130511bv64) == 0bv8; - free requires memory_load8_le(mem, 130512bv64) == 128bv8; - free requires memory_load8_le(mem, 130513bv64) == 8bv8; - free requires memory_load8_le(mem, 130514bv64) == 0bv8; - free requires memory_load8_le(mem, 130515bv64) == 0bv8; - free requires memory_load8_le(mem, 130516bv64) == 0bv8; - free requires memory_load8_le(mem, 130517bv64) == 0bv8; - free requires memory_load8_le(mem, 130518bv64) == 0bv8; - free requires memory_load8_le(mem, 130519bv64) == 0bv8; - free requires memory_load8_le(mem, 131032bv64) == 212bv8; - free requires memory_load8_le(mem, 131033bv64) == 8bv8; - free requires memory_load8_le(mem, 131034bv64) == 0bv8; - free requires memory_load8_le(mem, 131035bv64) == 0bv8; - free requires memory_load8_le(mem, 131036bv64) == 0bv8; - free requires memory_load8_le(mem, 131037bv64) == 0bv8; - free requires memory_load8_le(mem, 131038bv64) == 0bv8; - free requires memory_load8_le(mem, 131039bv64) == 0bv8; - free requires memory_load8_le(mem, 131160bv64) == 88bv8; - free requires memory_load8_le(mem, 131161bv64) == 0bv8; - free requires memory_load8_le(mem, 131162bv64) == 2bv8; - free requires memory_load8_le(mem, 131163bv64) == 0bv8; - free requires memory_load8_le(mem, 131164bv64) == 0bv8; - free requires memory_load8_le(mem, 131165bv64) == 0bv8; - free requires memory_load8_le(mem, 131166bv64) == 0bv8; - free requires memory_load8_le(mem, 131167bv64) == 0bv8; - modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, R0, R16, R17, malloc_base, malloc_count, malloc_end; - ensures memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr)) - && memory_load8_le(mem, $password_addr) - == old(memory_load8_le(mem, $password_addr)); - ensures Gamma_R0 <==> true; - ensures malloc_count == old(malloc_count) + 1; - ensures bvugt64(malloc_end[malloc_count], malloc_base[malloc_count]); - ensures R0 == malloc_base[malloc_count]; - ensures malloc_end[malloc_count] == bvadd64(R0, old(R0)); - ensures (forall i: int :: - i != malloc_count - ==> bvugt64(malloc_base[malloc_count], malloc_end[i]) - || bvult64(malloc_end[malloc_count], malloc_base[i])); - ensures (forall i: int :: - i != malloc_count - ==> malloc_base[i] == old(malloc_base[i]) && malloc_end[i] == old(malloc_end[i])); - ensures bvuge64(R0, 100000000bv64); - ensures (forall i: bv64 :: - bvuge64(i, R0) && bvult64(i, bvadd64(R0, old(R0))) - ==> Gamma_mem[i] && gamma_load8(Gamma_mem, i)); - free ensures memory_load8_le(mem, 2488bv64) == 1bv8; - free ensures memory_load8_le(mem, 2489bv64) == 0bv8; - free ensures memory_load8_le(mem, 2490bv64) == 2bv8; - free ensures memory_load8_le(mem, 2491bv64) == 0bv8; - free ensures memory_load8_le(mem, 130504bv64) == 208bv8; - free ensures memory_load8_le(mem, 130505bv64) == 8bv8; - free ensures memory_load8_le(mem, 130506bv64) == 0bv8; - free ensures memory_load8_le(mem, 130507bv64) == 0bv8; - free ensures memory_load8_le(mem, 130508bv64) == 0bv8; - free ensures memory_load8_le(mem, 130509bv64) == 0bv8; - free ensures memory_load8_le(mem, 130510bv64) == 0bv8; - free ensures memory_load8_le(mem, 130511bv64) == 0bv8; - free ensures memory_load8_le(mem, 130512bv64) == 128bv8; - free ensures memory_load8_le(mem, 130513bv64) == 8bv8; - free ensures memory_load8_le(mem, 130514bv64) == 0bv8; - free ensures memory_load8_le(mem, 130515bv64) == 0bv8; - free ensures memory_load8_le(mem, 130516bv64) == 0bv8; - free ensures memory_load8_le(mem, 130517bv64) == 0bv8; - free ensures memory_load8_le(mem, 130518bv64) == 0bv8; - free ensures memory_load8_le(mem, 130519bv64) == 0bv8; - free ensures memory_load8_le(mem, 131032bv64) == 212bv8; - free ensures memory_load8_le(mem, 131033bv64) == 8bv8; - free ensures memory_load8_le(mem, 131034bv64) == 0bv8; - free ensures memory_load8_le(mem, 131035bv64) == 0bv8; - free ensures memory_load8_le(mem, 131036bv64) == 0bv8; - free ensures memory_load8_le(mem, 131037bv64) == 0bv8; - free ensures memory_load8_le(mem, 131038bv64) == 0bv8; - free ensures memory_load8_le(mem, 131039bv64) == 0bv8; - free ensures memory_load8_le(mem, 131160bv64) == 88bv8; - free ensures memory_load8_le(mem, 131161bv64) == 0bv8; - free ensures memory_load8_le(mem, 131162bv64) == 2bv8; - free ensures memory_load8_le(mem, 131163bv64) == 0bv8; - free ensures memory_load8_le(mem, 131164bv64) == 0bv8; - free ensures memory_load8_le(mem, 131165bv64) == 0bv8; - free ensures memory_load8_le(mem, 131166bv64) == 0bv8; - free ensures memory_load8_le(mem, 131167bv64) == 0bv8; - - - -procedure memcpy(); - requires bvugt64(R0, bvadd64(R1, R2)) || bvugt64(R1, bvadd64(R0, R2)); - requires bvugt64(bvadd64(R0, R2), R0) && bvugt64(bvadd64(R1, R2), R1); - free requires memory_load8_le(mem, 2488bv64) == 1bv8; - free requires memory_load8_le(mem, 2489bv64) == 0bv8; - free requires memory_load8_le(mem, 2490bv64) == 2bv8; - free requires memory_load8_le(mem, 2491bv64) == 0bv8; - free requires memory_load8_le(mem, 130504bv64) == 208bv8; - free requires memory_load8_le(mem, 130505bv64) == 8bv8; - free requires memory_load8_le(mem, 130506bv64) == 0bv8; - free requires memory_load8_le(mem, 130507bv64) == 0bv8; - free requires memory_load8_le(mem, 130508bv64) == 0bv8; - free requires memory_load8_le(mem, 130509bv64) == 0bv8; - free requires memory_load8_le(mem, 130510bv64) == 0bv8; - free requires memory_load8_le(mem, 130511bv64) == 0bv8; - free requires memory_load8_le(mem, 130512bv64) == 128bv8; - free requires memory_load8_le(mem, 130513bv64) == 8bv8; - free requires memory_load8_le(mem, 130514bv64) == 0bv8; - free requires memory_load8_le(mem, 130515bv64) == 0bv8; - free requires memory_load8_le(mem, 130516bv64) == 0bv8; - free requires memory_load8_le(mem, 130517bv64) == 0bv8; - free requires memory_load8_le(mem, 130518bv64) == 0bv8; - free requires memory_load8_le(mem, 130519bv64) == 0bv8; - free requires memory_load8_le(mem, 131032bv64) == 212bv8; - free requires memory_load8_le(mem, 131033bv64) == 8bv8; - free requires memory_load8_le(mem, 131034bv64) == 0bv8; - free requires memory_load8_le(mem, 131035bv64) == 0bv8; - free requires memory_load8_le(mem, 131036bv64) == 0bv8; - free requires memory_load8_le(mem, 131037bv64) == 0bv8; - free requires memory_load8_le(mem, 131038bv64) == 0bv8; - free requires memory_load8_le(mem, 131039bv64) == 0bv8; - free requires memory_load8_le(mem, 131160bv64) == 88bv8; - free requires memory_load8_le(mem, 131161bv64) == 0bv8; - free requires memory_load8_le(mem, 131162bv64) == 2bv8; - free requires memory_load8_le(mem, 131163bv64) == 0bv8; - free requires memory_load8_le(mem, 131164bv64) == 0bv8; - free requires memory_load8_le(mem, 131165bv64) == 0bv8; - free requires memory_load8_le(mem, 131166bv64) == 0bv8; - free requires memory_load8_le(mem, 131167bv64) == 0bv8; - modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; - ensures memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr)) - && memory_load8_le(mem, $password_addr) - == old(memory_load8_le(mem, $password_addr)); - ensures (forall i: bv64 :: - Gamma_mem[i] - <==> (if bvule64(R0, i) && bvult64(i, bvadd64(R0, R2)) - then gamma_load8(Gamma_mem, bvadd64(bvsub64(i, R0), R1)) - else old(gamma_load8(Gamma_mem, i)))); - ensures (forall i: bv64 :: - mem[i] - == (if bvule64(R0, i) && bvult64(i, bvadd64(R0, R2)) - then memory_load8_le(mem, bvadd64(bvsub64(i, R0), R1)) - else old(memory_load8_le(mem, i)))); - free ensures memory_load8_le(mem, 2488bv64) == 1bv8; - free ensures memory_load8_le(mem, 2489bv64) == 0bv8; - free ensures memory_load8_le(mem, 2490bv64) == 2bv8; - free ensures memory_load8_le(mem, 2491bv64) == 0bv8; - free ensures memory_load8_le(mem, 130504bv64) == 208bv8; - free ensures memory_load8_le(mem, 130505bv64) == 8bv8; - free ensures memory_load8_le(mem, 130506bv64) == 0bv8; - free ensures memory_load8_le(mem, 130507bv64) == 0bv8; - free ensures memory_load8_le(mem, 130508bv64) == 0bv8; - free ensures memory_load8_le(mem, 130509bv64) == 0bv8; - free ensures memory_load8_le(mem, 130510bv64) == 0bv8; - free ensures memory_load8_le(mem, 130511bv64) == 0bv8; - free ensures memory_load8_le(mem, 130512bv64) == 128bv8; - free ensures memory_load8_le(mem, 130513bv64) == 8bv8; - free ensures memory_load8_le(mem, 130514bv64) == 0bv8; - free ensures memory_load8_le(mem, 130515bv64) == 0bv8; - free ensures memory_load8_le(mem, 130516bv64) == 0bv8; - free ensures memory_load8_le(mem, 130517bv64) == 0bv8; - free ensures memory_load8_le(mem, 130518bv64) == 0bv8; - free ensures memory_load8_le(mem, 130519bv64) == 0bv8; - free ensures memory_load8_le(mem, 131032bv64) == 212bv8; - free ensures memory_load8_le(mem, 131033bv64) == 8bv8; - free ensures memory_load8_le(mem, 131034bv64) == 0bv8; - free ensures memory_load8_le(mem, 131035bv64) == 0bv8; - free ensures memory_load8_le(mem, 131036bv64) == 0bv8; - free ensures memory_load8_le(mem, 131037bv64) == 0bv8; - free ensures memory_load8_le(mem, 131038bv64) == 0bv8; - free ensures memory_load8_le(mem, 131039bv64) == 0bv8; - free ensures memory_load8_le(mem, 131160bv64) == 88bv8; - free ensures memory_load8_le(mem, 131161bv64) == 0bv8; - free ensures memory_load8_le(mem, 131162bv64) == 2bv8; - free ensures memory_load8_le(mem, 131163bv64) == 0bv8; - free ensures memory_load8_le(mem, 131164bv64) == 0bv8; - free ensures memory_load8_le(mem, 131165bv64) == 0bv8; - free ensures memory_load8_le(mem, 131166bv64) == 0bv8; - free ensures memory_load8_le(mem, 131167bv64) == 0bv8; - - - -procedure memset(); - requires Gamma_R1; - free requires memory_load8_le(mem, 2488bv64) == 1bv8; - free requires memory_load8_le(mem, 2489bv64) == 0bv8; - free requires memory_load8_le(mem, 2490bv64) == 2bv8; - free requires memory_load8_le(mem, 2491bv64) == 0bv8; - free requires memory_load8_le(mem, 130504bv64) == 208bv8; - free requires memory_load8_le(mem, 130505bv64) == 8bv8; - free requires memory_load8_le(mem, 130506bv64) == 0bv8; - free requires memory_load8_le(mem, 130507bv64) == 0bv8; - free requires memory_load8_le(mem, 130508bv64) == 0bv8; - free requires memory_load8_le(mem, 130509bv64) == 0bv8; - free requires memory_load8_le(mem, 130510bv64) == 0bv8; - free requires memory_load8_le(mem, 130511bv64) == 0bv8; - free requires memory_load8_le(mem, 130512bv64) == 128bv8; - free requires memory_load8_le(mem, 130513bv64) == 8bv8; - free requires memory_load8_le(mem, 130514bv64) == 0bv8; - free requires memory_load8_le(mem, 130515bv64) == 0bv8; - free requires memory_load8_le(mem, 130516bv64) == 0bv8; - free requires memory_load8_le(mem, 130517bv64) == 0bv8; - free requires memory_load8_le(mem, 130518bv64) == 0bv8; - free requires memory_load8_le(mem, 130519bv64) == 0bv8; - free requires memory_load8_le(mem, 131032bv64) == 212bv8; - free requires memory_load8_le(mem, 131033bv64) == 8bv8; - free requires memory_load8_le(mem, 131034bv64) == 0bv8; - free requires memory_load8_le(mem, 131035bv64) == 0bv8; - free requires memory_load8_le(mem, 131036bv64) == 0bv8; - free requires memory_load8_le(mem, 131037bv64) == 0bv8; - free requires memory_load8_le(mem, 131038bv64) == 0bv8; - free requires memory_load8_le(mem, 131039bv64) == 0bv8; - free requires memory_load8_le(mem, 131160bv64) == 88bv8; - free requires memory_load8_le(mem, 131161bv64) == 0bv8; - free requires memory_load8_le(mem, 131162bv64) == 2bv8; - free requires memory_load8_le(mem, 131163bv64) == 0bv8; - free requires memory_load8_le(mem, 131164bv64) == 0bv8; - free requires memory_load8_le(mem, 131165bv64) == 0bv8; - free requires memory_load8_le(mem, 131166bv64) == 0bv8; - free requires memory_load8_le(mem, 131167bv64) == 0bv8; - modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; - ensures memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr)) - && memory_load8_le(mem, $password_addr) - == old(memory_load8_le(mem, $password_addr)); - ensures (forall i: bv64 :: - Gamma_mem[i] - <==> (if bvule64(R0, i) && bvult64(i, bvadd64(R0, R2)) - then Gamma_R1 - else old(gamma_load8(Gamma_mem, i)))); - ensures (forall i: bv64 :: - mem[i] - == (if bvule64(R0, i) && bvult64(i, bvadd64(R0, R2)) - then R1[8:0] - else old(memory_load8_le(mem, i)))); - free ensures memory_load8_le(mem, 2488bv64) == 1bv8; - free ensures memory_load8_le(mem, 2489bv64) == 0bv8; - free ensures memory_load8_le(mem, 2490bv64) == 2bv8; - free ensures memory_load8_le(mem, 2491bv64) == 0bv8; - free ensures memory_load8_le(mem, 130504bv64) == 208bv8; - free ensures memory_load8_le(mem, 130505bv64) == 8bv8; - free ensures memory_load8_le(mem, 130506bv64) == 0bv8; - free ensures memory_load8_le(mem, 130507bv64) == 0bv8; - free ensures memory_load8_le(mem, 130508bv64) == 0bv8; - free ensures memory_load8_le(mem, 130509bv64) == 0bv8; - free ensures memory_load8_le(mem, 130510bv64) == 0bv8; - free ensures memory_load8_le(mem, 130511bv64) == 0bv8; - free ensures memory_load8_le(mem, 130512bv64) == 128bv8; - free ensures memory_load8_le(mem, 130513bv64) == 8bv8; - free ensures memory_load8_le(mem, 130514bv64) == 0bv8; - free ensures memory_load8_le(mem, 130515bv64) == 0bv8; - free ensures memory_load8_le(mem, 130516bv64) == 0bv8; - free ensures memory_load8_le(mem, 130517bv64) == 0bv8; - free ensures memory_load8_le(mem, 130518bv64) == 0bv8; - free ensures memory_load8_le(mem, 130519bv64) == 0bv8; - free ensures memory_load8_le(mem, 131032bv64) == 212bv8; - free ensures memory_load8_le(mem, 131033bv64) == 8bv8; - free ensures memory_load8_le(mem, 131034bv64) == 0bv8; - free ensures memory_load8_le(mem, 131035bv64) == 0bv8; - free ensures memory_load8_le(mem, 131036bv64) == 0bv8; - free ensures memory_load8_le(mem, 131037bv64) == 0bv8; - free ensures memory_load8_le(mem, 131038bv64) == 0bv8; - free ensures memory_load8_le(mem, 131039bv64) == 0bv8; - free ensures memory_load8_le(mem, 131160bv64) == 88bv8; - free ensures memory_load8_le(mem, 131161bv64) == 0bv8; - free ensures memory_load8_le(mem, 131162bv64) == 2bv8; - free ensures memory_load8_le(mem, 131163bv64) == 0bv8; - free ensures memory_load8_le(mem, 131164bv64) == 0bv8; - free ensures memory_load8_le(mem, 131165bv64) == 0bv8; - free ensures memory_load8_le(mem, 131166bv64) == 0bv8; - free ensures memory_load8_le(mem, 131167bv64) == 0bv8; - - - -procedure puts(); - free requires memory_load8_le(mem, 2488bv64) == 1bv8; - free requires memory_load8_le(mem, 2489bv64) == 0bv8; - free requires memory_load8_le(mem, 2490bv64) == 2bv8; - free requires memory_load8_le(mem, 2491bv64) == 0bv8; - free requires memory_load8_le(mem, 130504bv64) == 208bv8; - free requires memory_load8_le(mem, 130505bv64) == 8bv8; - free requires memory_load8_le(mem, 130506bv64) == 0bv8; - free requires memory_load8_le(mem, 130507bv64) == 0bv8; - free requires memory_load8_le(mem, 130508bv64) == 0bv8; - free requires memory_load8_le(mem, 130509bv64) == 0bv8; - free requires memory_load8_le(mem, 130510bv64) == 0bv8; - free requires memory_load8_le(mem, 130511bv64) == 0bv8; - free requires memory_load8_le(mem, 130512bv64) == 128bv8; - free requires memory_load8_le(mem, 130513bv64) == 8bv8; - free requires memory_load8_le(mem, 130514bv64) == 0bv8; - free requires memory_load8_le(mem, 130515bv64) == 0bv8; - free requires memory_load8_le(mem, 130516bv64) == 0bv8; - free requires memory_load8_le(mem, 130517bv64) == 0bv8; - free requires memory_load8_le(mem, 130518bv64) == 0bv8; - free requires memory_load8_le(mem, 130519bv64) == 0bv8; - free requires memory_load8_le(mem, 131032bv64) == 212bv8; - free requires memory_load8_le(mem, 131033bv64) == 8bv8; - free requires memory_load8_le(mem, 131034bv64) == 0bv8; - free requires memory_load8_le(mem, 131035bv64) == 0bv8; - free requires memory_load8_le(mem, 131036bv64) == 0bv8; - free requires memory_load8_le(mem, 131037bv64) == 0bv8; - free requires memory_load8_le(mem, 131038bv64) == 0bv8; - free requires memory_load8_le(mem, 131039bv64) == 0bv8; - free requires memory_load8_le(mem, 131160bv64) == 88bv8; - free requires memory_load8_le(mem, 131161bv64) == 0bv8; - free requires memory_load8_le(mem, 131162bv64) == 2bv8; - free requires memory_load8_le(mem, 131163bv64) == 0bv8; - free requires memory_load8_le(mem, 131164bv64) == 0bv8; - free requires memory_load8_le(mem, 131165bv64) == 0bv8; - free requires memory_load8_le(mem, 131166bv64) == 0bv8; - free requires memory_load8_le(mem, 131167bv64) == 0bv8; - modifies Gamma_R16, Gamma_R17, R16, R17; - free ensures memory_load8_le(mem, 2488bv64) == 1bv8; - free ensures memory_load8_le(mem, 2489bv64) == 0bv8; - free ensures memory_load8_le(mem, 2490bv64) == 2bv8; - free ensures memory_load8_le(mem, 2491bv64) == 0bv8; - free ensures memory_load8_le(mem, 130504bv64) == 208bv8; - free ensures memory_load8_le(mem, 130505bv64) == 8bv8; - free ensures memory_load8_le(mem, 130506bv64) == 0bv8; - free ensures memory_load8_le(mem, 130507bv64) == 0bv8; - free ensures memory_load8_le(mem, 130508bv64) == 0bv8; - free ensures memory_load8_le(mem, 130509bv64) == 0bv8; - free ensures memory_load8_le(mem, 130510bv64) == 0bv8; - free ensures memory_load8_le(mem, 130511bv64) == 0bv8; - free ensures memory_load8_le(mem, 130512bv64) == 128bv8; - free ensures memory_load8_le(mem, 130513bv64) == 8bv8; - free ensures memory_load8_le(mem, 130514bv64) == 0bv8; - free ensures memory_load8_le(mem, 130515bv64) == 0bv8; - free ensures memory_load8_le(mem, 130516bv64) == 0bv8; - free ensures memory_load8_le(mem, 130517bv64) == 0bv8; - free ensures memory_load8_le(mem, 130518bv64) == 0bv8; - free ensures memory_load8_le(mem, 130519bv64) == 0bv8; - free ensures memory_load8_le(mem, 131032bv64) == 212bv8; - free ensures memory_load8_le(mem, 131033bv64) == 8bv8; - free ensures memory_load8_le(mem, 131034bv64) == 0bv8; - free ensures memory_load8_le(mem, 131035bv64) == 0bv8; - free ensures memory_load8_le(mem, 131036bv64) == 0bv8; - free ensures memory_load8_le(mem, 131037bv64) == 0bv8; - free ensures memory_load8_le(mem, 131038bv64) == 0bv8; - free ensures memory_load8_le(mem, 131039bv64) == 0bv8; - free ensures memory_load8_le(mem, 131160bv64) == 88bv8; - free ensures memory_load8_le(mem, 131161bv64) == 0bv8; - free ensures memory_load8_le(mem, 131162bv64) == 2bv8; - free ensures memory_load8_le(mem, 131163bv64) == 0bv8; - free ensures memory_load8_le(mem, 131164bv64) == 0bv8; - free ensures memory_load8_le(mem, 131165bv64) == 0bv8; - free ensures memory_load8_le(mem, 131166bv64) == 0bv8; - free ensures memory_load8_le(mem, 131167bv64) == 0bv8; - - - -procedure strlen(); - free requires memory_load8_le(mem, 2488bv64) == 1bv8; - free requires memory_load8_le(mem, 2489bv64) == 0bv8; - free requires memory_load8_le(mem, 2490bv64) == 2bv8; - free requires memory_load8_le(mem, 2491bv64) == 0bv8; - free requires memory_load8_le(mem, 130504bv64) == 208bv8; - free requires memory_load8_le(mem, 130505bv64) == 8bv8; - free requires memory_load8_le(mem, 130506bv64) == 0bv8; - free requires memory_load8_le(mem, 130507bv64) == 0bv8; - free requires memory_load8_le(mem, 130508bv64) == 0bv8; - free requires memory_load8_le(mem, 130509bv64) == 0bv8; - free requires memory_load8_le(mem, 130510bv64) == 0bv8; - free requires memory_load8_le(mem, 130511bv64) == 0bv8; - free requires memory_load8_le(mem, 130512bv64) == 128bv8; - free requires memory_load8_le(mem, 130513bv64) == 8bv8; - free requires memory_load8_le(mem, 130514bv64) == 0bv8; - free requires memory_load8_le(mem, 130515bv64) == 0bv8; - free requires memory_load8_le(mem, 130516bv64) == 0bv8; - free requires memory_load8_le(mem, 130517bv64) == 0bv8; - free requires memory_load8_le(mem, 130518bv64) == 0bv8; - free requires memory_load8_le(mem, 130519bv64) == 0bv8; - free requires memory_load8_le(mem, 131032bv64) == 212bv8; - free requires memory_load8_le(mem, 131033bv64) == 8bv8; - free requires memory_load8_le(mem, 131034bv64) == 0bv8; - free requires memory_load8_le(mem, 131035bv64) == 0bv8; - free requires memory_load8_le(mem, 131036bv64) == 0bv8; - free requires memory_load8_le(mem, 131037bv64) == 0bv8; - free requires memory_load8_le(mem, 131038bv64) == 0bv8; - free requires memory_load8_le(mem, 131039bv64) == 0bv8; - free requires memory_load8_le(mem, 131160bv64) == 88bv8; - free requires memory_load8_le(mem, 131161bv64) == 0bv8; - free requires memory_load8_le(mem, 131162bv64) == 2bv8; - free requires memory_load8_le(mem, 131163bv64) == 0bv8; - free requires memory_load8_le(mem, 131164bv64) == 0bv8; - free requires memory_load8_le(mem, 131165bv64) == 0bv8; - free requires memory_load8_le(mem, 131166bv64) == 0bv8; - free requires memory_load8_le(mem, 131167bv64) == 0bv8; - modifies Gamma_R0, Gamma_R16, Gamma_R17, R0, R16, R17; - ensures memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr)) - && memory_load8_le(mem, $password_addr) - == old(memory_load8_le(mem, $password_addr)) - && memory_load8_le(mem, $stext_addr) == old(memory_load8_le(mem, $stext_addr)); - ensures Gamma_R0 <==> true; - ensures (forall i: bv64 :: - bvule64(old(R0), i) && bvult64(i, bvadd64(old(R0), R0)) ==> mem[i] != 0bv8); - ensures memory_load8_le(mem, bvadd64(old(R0), R0)) == 0bv8; - ensures bvult64(old(R0), bvadd64(bvadd64(old(R0), R0), 1bv64)); - free ensures memory_load8_le(mem, 2488bv64) == 1bv8; - free ensures memory_load8_le(mem, 2489bv64) == 0bv8; - free ensures memory_load8_le(mem, 2490bv64) == 2bv8; - free ensures memory_load8_le(mem, 2491bv64) == 0bv8; - free ensures memory_load8_le(mem, 130504bv64) == 208bv8; - free ensures memory_load8_le(mem, 130505bv64) == 8bv8; - free ensures memory_load8_le(mem, 130506bv64) == 0bv8; - free ensures memory_load8_le(mem, 130507bv64) == 0bv8; - free ensures memory_load8_le(mem, 130508bv64) == 0bv8; - free ensures memory_load8_le(mem, 130509bv64) == 0bv8; - free ensures memory_load8_le(mem, 130510bv64) == 0bv8; - free ensures memory_load8_le(mem, 130511bv64) == 0bv8; - free ensures memory_load8_le(mem, 130512bv64) == 128bv8; - free ensures memory_load8_le(mem, 130513bv64) == 8bv8; - free ensures memory_load8_le(mem, 130514bv64) == 0bv8; - free ensures memory_load8_le(mem, 130515bv64) == 0bv8; - free ensures memory_load8_le(mem, 130516bv64) == 0bv8; - free ensures memory_load8_le(mem, 130517bv64) == 0bv8; - free ensures memory_load8_le(mem, 130518bv64) == 0bv8; - free ensures memory_load8_le(mem, 130519bv64) == 0bv8; - free ensures memory_load8_le(mem, 131032bv64) == 212bv8; - free ensures memory_load8_le(mem, 131033bv64) == 8bv8; - free ensures memory_load8_le(mem, 131034bv64) == 0bv8; - free ensures memory_load8_le(mem, 131035bv64) == 0bv8; - free ensures memory_load8_le(mem, 131036bv64) == 0bv8; - free ensures memory_load8_le(mem, 131037bv64) == 0bv8; - free ensures memory_load8_le(mem, 131038bv64) == 0bv8; - free ensures memory_load8_le(mem, 131039bv64) == 0bv8; - free ensures memory_load8_le(mem, 131160bv64) == 88bv8; - free ensures memory_load8_le(mem, 131161bv64) == 0bv8; - free ensures memory_load8_le(mem, 131162bv64) == 2bv8; - free ensures memory_load8_le(mem, 131163bv64) == 0bv8; - free ensures memory_load8_le(mem, 131164bv64) == 0bv8; - free ensures memory_load8_le(mem, 131165bv64) == 0bv8; - free ensures memory_load8_le(mem, 131166bv64) == 0bv8; - free ensures memory_load8_le(mem, 131167bv64) == 0bv8; - - - -function {:bvbuiltin "bvuge"} bvuge64(bv64, bv64) : bool; - -function {:bvbuiltin "bvugt"} bvugt64(bv64, bv64) : bool; - -var malloc_count: int; - -var malloc_base: [int]bv64; - -var malloc_end: [int]bv64; - -var malloc_id: [bv64]int; - -var Gamma_malloc_count: bool; - -var Gamma_malloc_base: bool; - -var Gamma_malloc_end: bool; - -var Gamma_malloc_id: bool; - -function {:inline} in_bounds64(base: bv64, len: bv64, i: bv64) : bool -{ - (if bvule64(base, bvadd64(base, len)) - then bvule64(base, i) && bvult64(i, bvadd64(base, len)) - else bvule64(base, i) || bvult64(i, bvadd64(base, len))) -} - -// auto-generated lambda function -function lambda#0(l#0: bv64, l#1: bv64, l#2: bool, l#3: [bv64]bool) : [bv64]bool -uses { -axiom (forall l#0: bv64, l#1: bv64, l#2: bool, l#3: [bv64]bool, i: bv64 :: - { lambda#0(l#0, l#1, l#2, l#3)[i] } - lambda#0(l#0, l#1, l#2, l#3)[i] - == (if in_bounds64(l#0, l#1, i) then l#2 else l#3[i])); -} - -// auto-generated lambda function -function lambda#1(l#0: bv64, l#1: bv64, l#2: bv64, l#3: bv64, l#4: [bv64]bv8) : [bv64]bv8 -uses { -axiom (forall l#0: bv64, l#1: bv64, l#2: bv64, l#3: bv64, l#4: [bv64]bv8, i: bv64 :: - { lambda#1(l#0, l#1, l#2, l#3, l#4)[i] } - lambda#1(l#0, l#1, l#2, l#3, l#4)[i] - == (if in_bounds64(l#0, l#1, i) - then byte_extract64_64(l#2, bvsub64(i, l#3)) - else l#4[i])); -} diff --git a/examples/http_parse_basic/example.adt b/examples/http_parse_basic/example.adt deleted file mode 100644 index 8905411b4..000000000 --- a/examples/http_parse_basic/example.adt +++ /dev/null @@ -1,780 +0,0 @@ -Project(Attrs([Attr("filename","\"a.out\""), -Attr("image-specification","(declare abi (name str))\n(declare arch (name str))\n(declare base-address (addr int))\n(declare bias (off int))\n(declare bits (size int))\n(declare code-region (addr int) (size int) (off int))\n(declare code-start (addr int))\n(declare entry-point (addr int))\n(declare external-reference (addr int) (name str))\n(declare format (name str))\n(declare is-executable (flag bool))\n(declare is-little-endian (flag bool))\n(declare llvm:base-address (addr int))\n(declare llvm:code-entry (name str) (off int) (size int))\n(declare llvm:coff-import-library (name str))\n(declare llvm:coff-virtual-section-header (name str) (addr int) (size int))\n(declare llvm:elf-program-header (name str) (off int) (size int))\n(declare llvm:elf-program-header-flags (name str) (ld bool) (r bool) \n (w bool) (x bool))\n(declare llvm:elf-virtual-program-header (name str) (addr int) (size int))\n(declare llvm:entry-point (addr int))\n(declare llvm:macho-symbol (name str) (value int))\n(declare llvm:name-reference (at int) (name str))\n(declare llvm:relocation (at int) (addr int))\n(declare llvm:section-entry (name str) (addr int) (size int) (off int))\n(declare llvm:section-flags (name str) (r bool) (w bool) (x bool))\n(declare llvm:segment-command (name str) (off int) (size int))\n(declare llvm:segment-command-flags (name str) (r bool) (w bool) (x bool))\n(declare llvm:symbol-entry (name str) (addr int) (size int) (off int)\n (value int))\n(declare llvm:virtual-segment-command (name str) (addr int) (size int))\n(declare mapped (addr int) (size int) (off int))\n(declare named-region (addr int) (size int) (name str))\n(declare named-symbol (addr int) (name str))\n(declare require (name str))\n(declare section (addr int) (size int))\n(declare segment (addr int) (size int) (r bool) (w bool) (x bool))\n(declare subarch (name str))\n(declare symbol-chunk (addr int) (size int) (root int))\n(declare symbol-value (addr int) (value int))\n(declare system (name str))\n(declare vendor (name str))\n\n(abi unknown)\n(arch aarch64)\n(base-address 0)\n(bias 0)\n(bits 64)\n(code-region 2468 20 2468)\n(code-region 1984 484 1984)\n(code-region 1776 192 1776)\n(code-region 1752 24 1752)\n(code-start 2036)\n(code-start 1984)\n(code-start 2260)\n(entry-point 1984)\n(external-reference 131008 _ITM_deregisterTMCloneTable)\n(external-reference 131016 __cxa_finalize)\n(external-reference 131024 __gmon_start__)\n(external-reference 131040 _ITM_registerTMCloneTable)\n(external-reference 131072 memcpy)\n(external-reference 131080 strlen)\n(external-reference 131088 __libc_start_main)\n(external-reference 131096 __cxa_finalize)\n(external-reference 131104 malloc)\n(external-reference 131112 memset)\n(external-reference 131120 __gmon_start__)\n(external-reference 131128 abort)\n(external-reference 131136 puts)\n(external-reference 131144 free)\n(format elf)\n(is-executable true)\n(is-little-endian true)\n(llvm:base-address 0)\n(llvm:code-entry free 0 0)\n(llvm:code-entry puts 0 0)\n(llvm:code-entry abort 0 0)\n(llvm:code-entry memset 0 0)\n(llvm:code-entry malloc 0 0)\n(llvm:code-entry __cxa_finalize 0 0)\n(llvm:code-entry __libc_start_main 0 0)\n(llvm:code-entry strlen 0 0)\n(llvm:code-entry memcpy 0 0)\n(llvm:code-entry _init 1752 0)\n(llvm:code-entry main 2260 208)\n(llvm:code-entry _start 1984 52)\n(llvm:code-entry free@GLIBC_2.17 0 0)\n(llvm:code-entry puts@GLIBC_2.17 0 0)\n(llvm:code-entry abort@GLIBC_2.17 0 0)\n(llvm:code-entry memset@GLIBC_2.17 0 0)\n(llvm:code-entry malloc@GLIBC_2.17 0 0)\n(llvm:code-entry _fini 2468 0)\n(llvm:code-entry __cxa_finalize@GLIBC_2.17 0 0)\n(llvm:code-entry __libc_start_main@GLIBC_2.34 0 0)\n(llvm:code-entry strlen@GLIBC_2.17 0 0)\n(llvm:code-entry memcpy@GLIBC_2.17 0 0)\n(llvm:code-entry frame_dummy 2256 0)\n(llvm:code-entry __do_global_dtors_aux 2176 0)\n(llvm:code-entry register_tm_clones 2112 0)\n(llvm:code-entry deregister_tm_clones 2064 0)\n(llvm:code-entry call_weak_fn 2036 20)\n(llvm:code-entry .fini 2468 20)\n(llvm:code-entry .text 1984 484)\n(llvm:code-entry .plt 1776 192)\n(llvm:code-entry .init 1752 24)\n(llvm:elf-program-header 08 64968 568)\n(llvm:elf-program-header 07 0 0)\n(llvm:elf-program-header 06 2492 60)\n(llvm:elf-program-header 05 596 68)\n(llvm:elf-program-header 04 64984 480)\n(llvm:elf-program-header 03 64968 683)\n(llvm:elf-program-header 02 0 2728)\n(llvm:elf-program-header 01 568 27)\n(llvm:elf-program-header 00 64 504)\n(llvm:elf-program-header-flags 08 false true false false)\n(llvm:elf-program-header-flags 07 false true true false)\n(llvm:elf-program-header-flags 06 false true false false)\n(llvm:elf-program-header-flags 05 false true false false)\n(llvm:elf-program-header-flags 04 false true true false)\n(llvm:elf-program-header-flags 03 true true true false)\n(llvm:elf-program-header-flags 02 true true false true)\n(llvm:elf-program-header-flags 01 false true false false)\n(llvm:elf-program-header-flags 00 false true false false)\n(llvm:elf-virtual-program-header 08 130504 568)\n(llvm:elf-virtual-program-header 07 0 0)\n(llvm:elf-virtual-program-header 06 2492 60)\n(llvm:elf-virtual-program-header 05 596 68)\n(llvm:elf-virtual-program-header 04 130520 480)\n(llvm:elf-virtual-program-header 03 130504 704)\n(llvm:elf-virtual-program-header 02 0 2728)\n(llvm:elf-virtual-program-header 01 568 27)\n(llvm:elf-virtual-program-header 00 64 504)\n(llvm:entry-point 1984)\n(llvm:name-reference 131144 free)\n(llvm:name-reference 131136 puts)\n(llvm:name-reference 131128 abort)\n(llvm:name-reference 131120 __gmon_start__)\n(llvm:name-reference 131112 memset)\n(llvm:name-reference 131104 malloc)\n(llvm:name-reference 131096 __cxa_finalize)\n(llvm:name-reference 131088 __libc_start_main)\n(llvm:name-reference 131080 strlen)\n(llvm:name-reference 131072 memcpy)\n(llvm:name-reference 131040 _ITM_registerTMCloneTable)\n(llvm:name-reference 131024 __gmon_start__)\n(llvm:name-reference 131016 __cxa_finalize)\n(llvm:name-reference 131008 _ITM_deregisterTMCloneTable)\n(llvm:section-entry .shstrtab 0 259 68706)\n(llvm:section-entry .strtab 0 666 68040)\n(llvm:section-entry .symtab 0 2352 65688)\n(llvm:section-entry .comment 0 30 65651)\n(llvm:section-entry .bss 131192 16 65651)\n(llvm:section-entry .data 131152 35 65616)\n(llvm:section-entry .got.plt 131048 104 65512)\n(llvm:section-entry .got 131000 48 65464)\n(llvm:section-entry .dynamic 130520 480 64984)\n(llvm:section-entry .fini_array 130512 8 64976)\n(llvm:section-entry .init_array 130504 8 64968)\n(llvm:section-entry .eh_frame 2552 176 2552)\n(llvm:section-entry .eh_frame_hdr 2492 60 2492)\n(llvm:section-entry .rodata 2488 4 2488)\n(llvm:section-entry .fini 2468 20 2468)\n(llvm:section-entry .text 1984 484 1984)\n(llvm:section-entry .plt 1776 192 1776)\n(llvm:section-entry .init 1752 24 1752)\n(llvm:section-entry .rela.plt 1512 240 1512)\n(llvm:section-entry .rela.dyn 1320 192 1320)\n(llvm:section-entry .gnu.version_r 1272 48 1272)\n(llvm:section-entry .gnu.version 1236 30 1236)\n(llvm:section-entry .dynstr 1056 179 1056)\n(llvm:section-entry .dynsym 696 360 696)\n(llvm:section-entry .gnu.hash 664 28 664)\n(llvm:section-entry .note.ABI-tag 632 32 632)\n(llvm:section-entry .note.gnu.build-id 596 36 596)\n(llvm:section-entry .interp 568 27 568)\n(llvm:section-flags .shstrtab true false false)\n(llvm:section-flags .strtab true false false)\n(llvm:section-flags .symtab true false false)\n(llvm:section-flags .comment true false false)\n(llvm:section-flags .bss true true false)\n(llvm:section-flags .data true true false)\n(llvm:section-flags .got.plt true true false)\n(llvm:section-flags .got true true false)\n(llvm:section-flags .dynamic true true false)\n(llvm:section-flags .fini_array true true false)\n(llvm:section-flags .init_array true true false)\n(llvm:section-flags .eh_frame true false false)\n(llvm:section-flags .eh_frame_hdr true false false)\n(llvm:section-flags .rodata true false false)\n(llvm:section-flags .fini true false true)\n(llvm:section-flags .text true false true)\n(llvm:section-flags .plt true false true)\n(llvm:section-flags .init true false true)\n(llvm:section-flags .rela.plt true false false)\n(llvm:section-flags .rela.dyn true false false)\n(llvm:section-flags .gnu.version_r true false false)\n(llvm:section-flags .gnu.version true false false)\n(llvm:section-flags .dynstr true false false)\n(llvm:section-flags .dynsym true false false)\n(llvm:section-flags .gnu.hash true false false)\n(llvm:section-flags .note.ABI-tag true false false)\n(llvm:section-flags .note.gnu.build-id true false false)\n(llvm:section-flags .interp true false false)\n(llvm:symbol-entry free 0 0 0 0)\n(llvm:symbol-entry puts 0 0 0 0)\n(llvm:symbol-entry abort 0 0 0 0)\n(llvm:symbol-entry memset 0 0 0 0)\n(llvm:symbol-entry malloc 0 0 0 0)\n(llvm:symbol-entry __cxa_finalize 0 0 0 0)\n(llvm:symbol-entry __libc_start_main 0 0 0 0)\n(llvm:symbol-entry strlen 0 0 0 0)\n(llvm:symbol-entry memcpy 0 0 0 0)\n(llvm:symbol-entry _init 1752 0 1752 1752)\n(llvm:symbol-entry main 2260 208 2260 2260)\n(llvm:symbol-entry _start 1984 52 1984 1984)\n(llvm:symbol-entry free@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry puts@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry abort@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry memset@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry malloc@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry _fini 2468 0 2468 2468)\n(llvm:symbol-entry __cxa_finalize@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry __libc_start_main@GLIBC_2.34 0 0 0 0)\n(llvm:symbol-entry strlen@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry memcpy@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry frame_dummy 2256 0 2256 2256)\n(llvm:symbol-entry __do_global_dtors_aux 2176 0 2176 2176)\n(llvm:symbol-entry register_tm_clones 2112 0 2112 2112)\n(llvm:symbol-entry deregister_tm_clones 2064 0 2064 2064)\n(llvm:symbol-entry call_weak_fn 2036 20 2036 2036)\n(mapped 0 2728 0)\n(mapped 130504 683 64968)\n(named-region 0 2728 02)\n(named-region 130504 704 03)\n(named-region 568 27 .interp)\n(named-region 596 36 .note.gnu.build-id)\n(named-region 632 32 .note.ABI-tag)\n(named-region 664 28 .gnu.hash)\n(named-region 696 360 .dynsym)\n(named-region 1056 179 .dynstr)\n(named-region 1236 30 .gnu.version)\n(named-region 1272 48 .gnu.version_r)\n(named-region 1320 192 .rela.dyn)\n(named-region 1512 240 .rela.plt)\n(named-region 1752 24 .init)\n(named-region 1776 192 .plt)\n(named-region 1984 484 .text)\n(named-region 2468 20 .fini)\n(named-region 2488 4 .rodata)\n(named-region 2492 60 .eh_frame_hdr)\n(named-region 2552 176 .eh_frame)\n(named-region 130504 8 .init_array)\n(named-region 130512 8 .fini_array)\n(named-region 130520 480 .dynamic)\n(named-region 131000 48 .got)\n(named-region 131048 104 .got.plt)\n(named-region 131152 35 .data)\n(named-region 131192 16 .bss)\n(named-region 0 30 .comment)\n(named-region 0 2352 .symtab)\n(named-region 0 666 .strtab)\n(named-region 0 259 .shstrtab)\n(named-symbol 2036 call_weak_fn)\n(named-symbol 2064 deregister_tm_clones)\n(named-symbol 2112 register_tm_clones)\n(named-symbol 2176 __do_global_dtors_aux)\n(named-symbol 2256 frame_dummy)\n(named-symbol 0 memcpy@GLIBC_2.17)\n(named-symbol 0 strlen@GLIBC_2.17)\n(named-symbol 0 __libc_start_main@GLIBC_2.34)\n(named-symbol 0 __cxa_finalize@GLIBC_2.17)\n(named-symbol 2468 _fini)\n(named-symbol 0 malloc@GLIBC_2.17)\n(named-symbol 0 memset@GLIBC_2.17)\n(named-symbol 0 abort@GLIBC_2.17)\n(named-symbol 0 puts@GLIBC_2.17)\n(named-symbol 0 free@GLIBC_2.17)\n(named-symbol 1984 _start)\n(named-symbol 2260 main)\n(named-symbol 1752 _init)\n(named-symbol 0 memcpy)\n(named-symbol 0 strlen)\n(named-symbol 0 __libc_start_main)\n(named-symbol 0 __cxa_finalize)\n(named-symbol 0 malloc)\n(named-symbol 0 memset)\n(named-symbol 0 abort)\n(named-symbol 0 puts)\n(named-symbol 0 free)\n(require libc.so.6)\n(section 568 27)\n(section 596 36)\n(section 632 32)\n(section 664 28)\n(section 696 360)\n(section 1056 179)\n(section 1236 30)\n(section 1272 48)\n(section 1320 192)\n(section 1512 240)\n(section 1752 24)\n(section 1776 192)\n(section 1984 484)\n(section 2468 20)\n(section 2488 4)\n(section 2492 60)\n(section 2552 176)\n(section 130504 8)\n(section 130512 8)\n(section 130520 480)\n(section 131000 48)\n(section 131048 104)\n(section 131152 35)\n(section 131192 16)\n(section 0 30)\n(section 0 2352)\n(section 0 666)\n(section 0 259)\n(segment 0 2728 true false true)\n(segment 130504 704 true true false)\n(subarch v8)\n(symbol-chunk 2036 20 2036)\n(symbol-chunk 1984 52 1984)\n(symbol-chunk 2260 208 2260)\n(symbol-value 2036 2036)\n(symbol-value 2064 2064)\n(symbol-value 2112 2112)\n(symbol-value 2176 2176)\n(symbol-value 2256 2256)\n(symbol-value 2468 2468)\n(symbol-value 1984 1984)\n(symbol-value 2260 2260)\n(symbol-value 1752 1752)\n(symbol-value 0 0)\n(system \"\")\n(vendor \"\")\n"), -Attr("abi-name","\"aarch64-linux-gnu-elf\"")]), -Sections([Section(".shstrtab", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\xc0\x07\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x68\x0d\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x1d\x00\x1c\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa8\x0a\x00\x00\x00\x00\x00\x00\xa8\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\xc8\xfd\x00\x00\x00\x00\x00\x00\xc8\xfd\x01\x00\x00\x00\x00\x00\xc8\xfd\x01"), -Section(".strtab", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\xc0\x07\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x68\x0d\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x1d\x00\x1c\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa8\x0a\x00\x00\x00\x00\x00\x00\xa8\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\xc8\xfd\x00\x00\x00\x00\x00\x00\xc8\xfd\x01\x00\x00\x00\x00\x00\xc8\xfd\x01\x00\x00\x00\x00\x00\xab\x02\x00\x00\x00\x00\x00\x00\xc0\x02\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\xd8\xfd\x00\x00\x00\x00\x00\x00\xd8\xfd\x01\x00\x00\x00\x00\x00\xd8\xfd\x01\x00\x00\x00\x00\x00\xe0\x01\x00\x00\x00\x00\x00\x00\xe0\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x50\xe5\x74\x64\x04\x00\x00\x00\xbc\x09\x00\x00\x00\x00\x00\x00\xbc\x09\x00\x00\x00\x00\x00\x00\xbc\x09\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x51\xe5\x74\x64\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x52\xe5\x74\x64\x04\x00\x00\x00\xc8\xfd\x00\x00\x00\x00\x00\x00\xc8\xfd\x01\x00\x00\x00\x00\x00\xc8\xfd\x01\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x2f\x6c\x69\x62\x2f\x6c\x64\x2d\x6c\x69\x6e\x75\x78\x2d\x61\x61\x72\x63\x68\x36\x34\x2e\x73\x6f\x2e\x31\x00\x00\x04\x00\x00\x00\x14\x00\x00\x00\x03\x00\x00\x00\x47\x4e\x55\x00\xc0\x80\x71\xa1\x26\xe7\x92\x04\xef\xf5\x2b\x63\xc0\x63\x3d\xd3\xcb\x73\x79\x23\x04\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x47\x4e\x55\x00\x00\x00\x00\x00\x03\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x01\x00"), -Section(".symtab", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\xc0\x07\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x68\x0d\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x1d\x00\x1c\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa8\x0a\x00\x00\x00\x00\x00\x00\xa8\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\xc8\xfd\x00\x00\x00\x00\x00\x00\xc8\xfd\x01\x00\x00\x00\x00\x00\xc8\xfd\x01\x00\x00\x00\x00\x00\xab\x02\x00\x00\x00\x00\x00\x00\xc0\x02\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\xd8\xfd\x00\x00\x00\x00\x00\x00\xd8\xfd\x01\x00\x00\x00\x00\x00\xd8\xfd\x01\x00\x00\x00\x00\x00\xe0\x01\x00\x00\x00\x00\x00\x00\xe0\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x50\xe5\x74\x64\x04\x00\x00\x00\xbc\x09\x00\x00\x00\x00\x00\x00\xbc\x09\x00\x00\x00\x00\x00\x00\xbc\x09\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x51\xe5\x74\x64\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x52\xe5\x74\x64\x04\x00\x00\x00\xc8\xfd\x00\x00\x00\x00\x00\x00\xc8\xfd\x01\x00\x00\x00\x00\x00\xc8\xfd\x01\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x2f\x6c\x69\x62\x2f\x6c\x64\x2d\x6c\x69\x6e\x75\x78\x2d\x61\x61\x72\x63\x68\x36\x34\x2e\x73\x6f\x2e\x31\x00\x00\x04\x00\x00\x00\x14\x00\x00\x00\x03\x00\x00\x00\x47\x4e\x55\x00\xc0\x80\x71\xa1\x26\xe7\x92\x04\xef\xf5\x2b\x63\xc0\x63\x3d\xd3\xcb\x73\x79\x23\x04\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x47\x4e\x55\x00\x00\x00\x00\x00\x03\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x0b\x00\xd8\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x17\x00\x50\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x41\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6e\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2b\x00\x00\x00\x22\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3a\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8a\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x48\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x70\x75\x74\x73\x00\x66\x72\x65\x65\x00\x73\x74\x72\x6c\x65\x6e\x00\x6d\x61\x6c\x6c\x6f\x63\x00\x5f\x5f\x6c\x69\x62\x63\x5f\x73\x74\x61\x72\x74\x5f\x6d\x61\x69\x6e\x00\x5f\x5f\x63\x78\x61\x5f\x66\x69\x6e\x61\x6c\x69\x7a\x65\x00\x6d\x65\x6d\x73\x65\x74\x00\x6d\x65\x6d\x63\x70\x79\x00\x61\x62\x6f\x72\x74\x00\x6c\x69\x62\x63\x2e\x73\x6f\x2e\x36\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x33\x34\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x31\x37\x00\x5f\x49\x54\x4d\x5f\x64\x65\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00\x5f\x5f\x67\x6d\x6f\x6e\x5f\x73\x74\x61\x72\x74\x5f\x5f\x00\x5f\x49\x54\x4d\x5f\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x03\x00\x01\x00\x02\x00\x02\x00\x02\x00\x01\x00\x02\x00\x02\x00\x02\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x02\x00\x4e\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xb4\x91\x96\x06\x00\x00\x03\x00\x58\x00\x00\x00\x10\x00\x00\x00\x97\x91\x96\x06\x00\x00\x02\x00\x63\x00\x00\x00\x00\x00\x00\x00\xc8\xfd\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\xd0\x08\x00\x00\x00\x00\x00\x00\xd0\xfd\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x80\x08\x00\x00\x00\x00\x00\x00\xd8\xff\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\xd4\x08\x00\x00\x00\x00\x00\x00\x58\x00\x02\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x58\x00\x02\x00\x00\x00\x00\x00\xc0\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd0\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x30\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x38\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x48\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\x44\x00\x00\x94\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6\xf0\x7b\xbf\xa9\xf0\x00\x00\xf0\x11\xfe\x47\xf9\x10\xe2\x3f\x91\x20\x02\x1f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x10\x01\x00\x90\x11\x02\x40\xf9\x10\x02\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x06\x40\xf9\x10\x22\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x0a\x40\xf9\x10\x42\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x0e\x40\xf9\x10\x62\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x12\x40\xf9\x10\x82\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x16\x40\xf9\x10\xa2\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x1a\x40\xf9\x10\xc2\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x1e\x40\xf9\x10\xe2\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x22\x40\xf9\x10\x02\x01\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x26\x40\xf9\x10\x22\x01\x91\x20\x02\x1f\xd6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x20\x03\xd5\x1d\x00\x80\xd2\x1e\x00\x80\xd2\xe5\x03\x00\xaa\xe1\x03\x40\xf9\xe2\x23\x00\x91\xe6\x03\x00\x91\xe0\x00\x00\xf0\x00\xec\x47\xf9\x03\x00\x80\xd2\x04\x00\x80\xd2\xd1\xff\xff\x97\xe4\xff\xff\x97\xe0\x00\x00\xf0\x00\xe8\x47\xf9\x40\x00\x00\xb4\xdc\xff\xff\x17\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x00\x01\x00\x90\x00\xe0\x01\x91\x01\x01\x00\x90\x21\xe0\x01\x91\x3f\x00\x00\xeb\xc0\x00\x00\x54\xe1\x00\x00\xf0\x21\xe0\x47\xf9\x61\x00\x00\xb4\xf0\x03\x01\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x00\x01\x00\x90\x00\xe0\x01\x91\x01\x01\x00\x90\x21\xe0\x01\x91\x21\x00\x00\xcb\x22\xfc\x7f\xd3\x41\x0c\x81\x8b\x21\xfc\x41\x93\xc1\x00\x00\xb4\xe2\x00\x00\xf0\x42\xf0\x47\xf9\x62\x00\x00\xb4\xf0\x03\x02\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\xfd\x7b\xbe\xa9\xfd\x03\x00\x91\xf3\x0b\x00\xf9\x13\x01\x00\x90\x60\xe2\x41\x39\x40\x01\x00\x37\xe0\x00\x00\xf0\x00\xe4\x47\xf9\x80\x00\x00\xb4\x00\x01\x00\x90\x00\x2c\x40\xf9\xa5\xff\xff\x97\xd8\xff\xff\x97\x20\x00\x80\x52\x60\xe2\x01\x39\xf3\x0b\x40\xf9\xfd\x7b\xc2\xa8\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\xdc\xff\xff\x17\xfd\x7b\xbd\xa9\xfd\x03\x00\x91\xf3\x0b\x00\xf9\xff\x17\x00\xf9\xff\x13\x00\xf9\x60\x01\x80\xd2\x99\xff\xff\x97\xe1\x03\x00\xaa\x00\x01\x00\x90\x00\x00\x02\x91\x01\x00\x00\xf9\x00\x01\x00\x90\x00\x00\x02\x91\x13\x00\x40\xf9\x00\x01\x00\x90\x00\xa0\x01\x91\x83\xff\xff\x97\xe2\x03\x00\xaa\x00\x01\x00\x90\x01\xa0\x01\x91\xe0\x03\x13\xaa\x7a\xff\xff\x97\x00\x01\x00\x90"), -Section(".comment", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\xc0\x07\x00\x00\x00\x00"), -Section(".interp", 0x238, "\x2f\x6c\x69\x62\x2f\x6c\x64\x2d\x6c\x69\x6e\x75\x78\x2d\x61\x61\x72\x63\x68\x36\x34\x2e\x73\x6f\x2e\x31\x00"), -Section(".note.gnu.build-id", 0x254, "\x04\x00\x00\x00\x14\x00\x00\x00\x03\x00\x00\x00\x47\x4e\x55\x00\xc0\x80\x71\xa1\x26\xe7\x92\x04\xef\xf5\x2b\x63\xc0\x63\x3d\xd3\xcb\x73\x79\x23"), -Section(".note.ABI-tag", 0x278, "\x04\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x47\x4e\x55\x00\x00\x00\x00\x00\x03\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00"), -Section(".gnu.hash", 0x298, "\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".dynsym", 0x2B8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x0b\x00\xd8\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x17\x00\x50\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x41\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6e\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2b\x00\x00\x00\x22\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3a\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8a\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x48\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".dynstr", 0x420, "\x00\x70\x75\x74\x73\x00\x66\x72\x65\x65\x00\x73\x74\x72\x6c\x65\x6e\x00\x6d\x61\x6c\x6c\x6f\x63\x00\x5f\x5f\x6c\x69\x62\x63\x5f\x73\x74\x61\x72\x74\x5f\x6d\x61\x69\x6e\x00\x5f\x5f\x63\x78\x61\x5f\x66\x69\x6e\x61\x6c\x69\x7a\x65\x00\x6d\x65\x6d\x73\x65\x74\x00\x6d\x65\x6d\x63\x70\x79\x00\x61\x62\x6f\x72\x74\x00\x6c\x69\x62\x63\x2e\x73\x6f\x2e\x36\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x33\x34\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x31\x37\x00\x5f\x49\x54\x4d\x5f\x64\x65\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00\x5f\x5f\x67\x6d\x6f\x6e\x5f\x73\x74\x61\x72\x74\x5f\x5f\x00\x5f\x49\x54\x4d\x5f\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00"), -Section(".gnu.version", 0x4D4, "\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x03\x00\x01\x00\x02\x00\x02\x00\x02\x00\x01\x00\x02\x00\x02\x00\x02\x00\x01\x00"), -Section(".gnu.version_r", 0x4F8, "\x01\x00\x02\x00\x4e\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xb4\x91\x96\x06\x00\x00\x03\x00\x58\x00\x00\x00\x10\x00\x00\x00\x97\x91\x96\x06\x00\x00\x02\x00\x63\x00\x00\x00\x00\x00\x00\x00"), -Section(".rela.dyn", 0x528, "\xc8\xfd\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\xd0\x08\x00\x00\x00\x00\x00\x00\xd0\xfd\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x80\x08\x00\x00\x00\x00\x00\x00\xd8\xff\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\xd4\x08\x00\x00\x00\x00\x00\x00\x58\x00\x02\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x58\x00\x02\x00\x00\x00\x00\x00\xc0\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd0\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".rela.plt", 0x5E8, "\x00\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x30\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x38\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x48\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".init", 0x6D8, "\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\x44\x00\x00\x94\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6"), -Section(".plt", 0x6F0, "\xf0\x7b\xbf\xa9\xf0\x00\x00\xf0\x11\xfe\x47\xf9\x10\xe2\x3f\x91\x20\x02\x1f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x10\x01\x00\x90\x11\x02\x40\xf9\x10\x02\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x06\x40\xf9\x10\x22\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x0a\x40\xf9\x10\x42\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x0e\x40\xf9\x10\x62\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x12\x40\xf9\x10\x82\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x16\x40\xf9\x10\xa2\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x1a\x40\xf9\x10\xc2\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x1e\x40\xf9\x10\xe2\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x22\x40\xf9\x10\x02\x01\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x26\x40\xf9\x10\x22\x01\x91\x20\x02\x1f\xd6"), -Section(".fini", 0x9A4, "\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6"), -Section(".rodata", 0x9B8, "\x01\x00\x02\x00"), -Section(".eh_frame_hdr", 0x9BC, "\x01\x1b\x03\x3b\x38\x00\x00\x00\x06\x00\x00\x00\x04\xfe\xff\xff\x50\x00\x00\x00\x54\xfe\xff\xff\x64\x00\x00\x00\x84\xfe\xff\xff\x78\x00\x00\x00\xc4\xfe\xff\xff\x8c\x00\x00\x00\x14\xff\xff\xff\xb0\x00\x00\x00\x18\xff\xff\xff\xc4\x00\x00\x00"), -Section(".eh_frame", 0x9F8, "\x10\x00\x00\x00\x00\x00\x00\x00\x01\x7a\x52\x00\x04\x78\x1e\x01\x1b\x0c\x1f\x00\x10\x00\x00\x00\x18\x00\x00\x00\xac\xfd\xff\xff\x34\x00\x00\x00\x00\x41\x07\x1e\x10\x00\x00\x00\x2c\x00\x00\x00\xe8\xfd\xff\xff\x30\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x40\x00\x00\x00\x04\xfe\xff\xff\x3c\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x54\x00\x00\x00\x30\xfe\xff\xff\x48\x00\x00\x00\x00\x41\x0e\x20\x9d\x04\x9e\x03\x42\x93\x02\x4e\xde\xdd\xd3\x0e\x00\x00\x00\x00\x10\x00\x00\x00\x78\x00\x00\x00\x5c\xfe\xff\xff\x04\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x8c\x00\x00\x00\x4c\xfe\xff\xff\xd0\x00\x00\x00\x00\x41\x0e\x30\x9d\x06\x9e\x05\x42\x93\x04\x70\xde\xdd\xd3\x0e\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".fini_array", 0x1FDD0, "\x80\x08\x00\x00\x00\x00\x00\x00"), -Section(".dynamic", 0x1FDD8, "\x01\x00\x00\x00\x00\x00\x00\x00\x4e\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\xd8\x06\x00\x00\x00\x00\x00\x00\x0d\x00\x00\x00\x00\x00\x00\x00\xa4\x09\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\xc8\xfd\x01\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00\xd0\xfd\x01\x00\x00\x00\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xf5\xfe\xff\x6f\x00\x00\x00\x00\x98\x02\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x20\x04\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\xb8\x02\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\xb3\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\xe8\xff\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xf0\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00\x00\x00\x00\x00\xe8\x05\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x28\x05\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\xfb\xff\xff\x6f\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\xfe\xff\xff\x6f\x00\x00\x00\x00\xf8\x04\x00\x00\x00\x00\x00\x00\xff\xff\xff\x6f\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\x6f\x00\x00\x00\x00\xd4\x04\x00\x00\x00\x00\x00\x00\xf9\xff\xff\x6f\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".init_array", 0x1FDC8, "\xd0\x08\x00\x00\x00\x00\x00\x00"), -Section(".got", 0x1FFB8, "\xd8\xfd\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd4\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".got.plt", 0x1FFE8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\x06\x00\x00\x00\x00\x00\x00\xf0\x06\x00\x00\x00\x00\x00\x00\xf0\x06\x00\x00\x00\x00\x00\x00\xf0\x06\x00\x00\x00\x00\x00\x00\xf0\x06\x00\x00\x00\x00\x00\x00\xf0\x06\x00\x00\x00\x00\x00\x00\xf0\x06\x00\x00\x00\x00\x00\x00\xf0\x06\x00\x00\x00\x00\x00\x00\xf0\x06\x00\x00\x00\x00\x00\x00\xf0\x06\x00\x00\x00\x00\x00\x00"), -Section(".data", 0x20050, "\x00\x00\x00\x00\x00\x00\x00\x00\x58\x00\x02\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x68\x65\x6c\x6c\x6f\x6f\x00\x00\x00\x00\x00"), -Section(".text", 0x7C0, "\x1f\x20\x03\xd5\x1d\x00\x80\xd2\x1e\x00\x80\xd2\xe5\x03\x00\xaa\xe1\x03\x40\xf9\xe2\x23\x00\x91\xe6\x03\x00\x91\xe0\x00\x00\xf0\x00\xec\x47\xf9\x03\x00\x80\xd2\x04\x00\x80\xd2\xd1\xff\xff\x97\xe4\xff\xff\x97\xe0\x00\x00\xf0\x00\xe8\x47\xf9\x40\x00\x00\xb4\xdc\xff\xff\x17\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x00\x01\x00\x90\x00\xe0\x01\x91\x01\x01\x00\x90\x21\xe0\x01\x91\x3f\x00\x00\xeb\xc0\x00\x00\x54\xe1\x00\x00\xf0\x21\xe0\x47\xf9\x61\x00\x00\xb4\xf0\x03\x01\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x00\x01\x00\x90\x00\xe0\x01\x91\x01\x01\x00\x90\x21\xe0\x01\x91\x21\x00\x00\xcb\x22\xfc\x7f\xd3\x41\x0c\x81\x8b\x21\xfc\x41\x93\xc1\x00\x00\xb4\xe2\x00\x00\xf0\x42\xf0\x47\xf9\x62\x00\x00\xb4\xf0\x03\x02\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\xfd\x7b\xbe\xa9\xfd\x03\x00\x91\xf3\x0b\x00\xf9\x13\x01\x00\x90\x60\xe2\x41\x39\x40\x01\x00\x37\xe0\x00\x00\xf0\x00\xe4\x47\xf9\x80\x00\x00\xb4\x00\x01\x00\x90\x00\x2c\x40\xf9\xa5\xff\xff\x97\xd8\xff\xff\x97\x20\x00\x80\x52\x60\xe2\x01\x39\xf3\x0b\x40\xf9\xfd\x7b\xc2\xa8\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\xdc\xff\xff\x17\xfd\x7b\xbd\xa9\xfd\x03\x00\x91\xf3\x0b\x00\xf9\xff\x17\x00\xf9\xff\x13\x00\xf9\x60\x01\x80\xd2\x99\xff\xff\x97\xe1\x03\x00\xaa\x00\x01\x00\x90\x00\x00\x02\x91\x01\x00\x00\xf9\x00\x01\x00\x90\x00\x00\x02\x91\x13\x00\x40\xf9\x00\x01\x00\x90\x00\xa0\x01\x91\x83\xff\xff\x97\xe2\x03\x00\xaa\x00\x01\x00\x90\x01\xa0\x01\x91\xe0\x03\x13\xaa\x7a\xff\xff\x97\x00\x01\x00\x90\x00\x00\x02\x91\x00\x00\x40\xf9\x96\xff\xff\x97\x00\x01\x00\x90\x00\x00\x02\x91\x00\x00\x40\xf9\x00\x08\x00\x91\xe0\x17\x00\xf9\xe0\x17\x40\xf9\x1f\x00\x00\x39\x00\x01\x00\x90\x00\x00\x02\x91\x13\x00\x40\xf9\x00\x01\x00\x90\x00\x00\x02\x91\x00\x00\x40\xf9\x6c\xff\xff\x97\xe2\x03\x00\xaa\x21\x00\x80\x52\xe0\x03\x13\xaa\x78\xff\xff\x97\x00\x01\x00\x90\x00\x00\x02\x91\x00\x00\x40\xf9\x84\xff\xff\x97\x00\x00\x80\x52\xf3\x0b\x40\xf9\xfd\x7b\xc3\xa8\xc0\x03\x5f\xd6")]), -Memmap([Annotation(Region(0x0,0xAA7), Attr("segment","02 0 2728")), -Annotation(Region(0x7C0,0x7F3), Attr("symbol","\"_start\"")), -Annotation(Region(0x0,0x102), Attr("section","\".shstrtab\"")), -Annotation(Region(0x0,0x299), Attr("section","\".strtab\"")), -Annotation(Region(0x0,0x92F), Attr("section","\".symtab\"")), -Annotation(Region(0x0,0x1D), Attr("section","\".comment\"")), -Annotation(Region(0x238,0x252), Attr("section","\".interp\"")), -Annotation(Region(0x254,0x277), Attr("section","\".note.gnu.build-id\"")), -Annotation(Region(0x278,0x297), Attr("section","\".note.ABI-tag\"")), -Annotation(Region(0x298,0x2B3), Attr("section","\".gnu.hash\"")), -Annotation(Region(0x2B8,0x41F), Attr("section","\".dynsym\"")), -Annotation(Region(0x420,0x4D2), Attr("section","\".dynstr\"")), -Annotation(Region(0x4D4,0x4F1), Attr("section","\".gnu.version\"")), -Annotation(Region(0x4F8,0x527), Attr("section","\".gnu.version_r\"")), -Annotation(Region(0x528,0x5E7), Attr("section","\".rela.dyn\"")), -Annotation(Region(0x5E8,0x6D7), Attr("section","\".rela.plt\"")), -Annotation(Region(0x6D8,0x6EF), Attr("section","\".init\"")), -Annotation(Region(0x6F0,0x7AF), Attr("section","\".plt\"")), -Annotation(Region(0x6D8,0x6EF), Attr("code-region","()")), -Annotation(Region(0x6F0,0x7AF), Attr("code-region","()")), -Annotation(Region(0x7C0,0x7F3), Attr("symbol-info","_start 0x7C0 52")), -Annotation(Region(0x7F4,0x807), Attr("symbol","\"call_weak_fn\"")), -Annotation(Region(0x7F4,0x807), Attr("symbol-info","call_weak_fn 0x7F4 20")), -Annotation(Region(0x8D4,0x9A3), Attr("symbol","\"main\"")), -Annotation(Region(0x8D4,0x9A3), Attr("symbol-info","main 0x8D4 208")), -Annotation(Region(0x9A4,0x9B7), Attr("section","\".fini\"")), -Annotation(Region(0x9B8,0x9BB), Attr("section","\".rodata\"")), -Annotation(Region(0x9BC,0x9F7), Attr("section","\".eh_frame_hdr\"")), -Annotation(Region(0x9F8,0xAA7), Attr("section","\".eh_frame\"")), -Annotation(Region(0x1FDC8,0x20072), Attr("segment","03 0x1FDC8 704")), -Annotation(Region(0x1FDD0,0x1FDD7), Attr("section","\".fini_array\"")), -Annotation(Region(0x1FDD8,0x1FFB7), Attr("section","\".dynamic\"")), -Annotation(Region(0x1FDC8,0x1FDCF), Attr("section","\".init_array\"")), -Annotation(Region(0x1FFB8,0x1FFE7), Attr("section","\".got\"")), -Annotation(Region(0x1FFE8,0x2004F), Attr("section","\".got.plt\"")), -Annotation(Region(0x20050,0x20072), Attr("section","\".data\"")), -Annotation(Region(0x7C0,0x9A3), Attr("section","\".text\"")), -Annotation(Region(0x7C0,0x9A3), Attr("code-region","()")), -Annotation(Region(0x9A4,0x9B7), Attr("code-region","()"))]), -Program(Tid(2_171, "%0000087b"), Attrs([]), - Subs([Sub(Tid(2_100, "@__cxa_finalize"), - Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x740"), -Attr("stub","()")]), "__cxa_finalize", Args([Arg(Tid(2_172, "%0000087c"), - Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), -Attr("c.type","signed")]), Var("__cxa_finalize_result",Imm(32)), -LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(1_300, "@__cxa_finalize"), - Attrs([Attr("address","0x740")]), Phis([]), -Defs([Def(Tid(1_688, "%00000698"), Attrs([Attr("address","0x740"), -Attr("insn","adrp x16, #0x20000")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_695, "%0000069f"), Attrs([Attr("address","0x744"), -Attr("insn","ldr x17, [x16, #0x18]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(24,64)),LittleEndian(),64)), -Def(Tid(1_701, "%000006a5"), Attrs([Attr("address","0x748"), -Attr("insn","add x16, x16, #0x18")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(24,64)))]), Jmps([Call(Tid(1_706, "%000006aa"), - Attrs([Attr("address","0x74C"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), -Sub(Tid(2_101, "@__do_global_dtors_aux"), - Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x880")]), - "__do_global_dtors_aux", Args([Arg(Tid(2_173, "%0000087d"), - Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), -Attr("c.type","signed")]), Var("__do_global_dtors_aux_result",Imm(32)), -LOW(32,Var("R0",Imm(64))), Out())]), -Blks([Blk(Tid(799, "@__do_global_dtors_aux"), - Attrs([Attr("address","0x880")]), Phis([]), Defs([Def(Tid(803, "%00000323"), - Attrs([Attr("address","0x880"), -Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("#3",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(18446744073709551584,64))), -Def(Tid(809, "%00000329"), Attrs([Attr("address","0x880"), -Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),Var("#3",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), -Def(Tid(815, "%0000032f"), Attrs([Attr("address","0x880"), -Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("#3",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), -Def(Tid(819, "%00000333"), Attrs([Attr("address","0x880"), -Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("R31",Imm(64)), -Var("#3",Imm(64))), Def(Tid(825, "%00000339"), - Attrs([Attr("address","0x884"), Attr("insn","mov x29, sp")]), - Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(833, "%00000341"), - Attrs([Attr("address","0x888"), Attr("insn","str x19, [sp, #0x10]")]), - Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),Var("R19",Imm(64)),LittleEndian(),64)), -Def(Tid(838, "%00000346"), Attrs([Attr("address","0x88C"), -Attr("insn","adrp x19, #0x20000")]), Var("R19",Imm(64)), Int(131072,64)), -Def(Tid(845, "%0000034d"), Attrs([Attr("address","0x890"), -Attr("insn","ldrb w0, [x19, #0x78]")]), Var("R0",Imm(64)), -UNSIGNED(64,Load(Var("mem",Mem(64,8)),PLUS(Var("R19",Imm(64)),Int(120,64)),LittleEndian(),8)))]), -Jmps([Goto(Tid(851, "%00000353"), Attrs([Attr("address","0x894"), -Attr("insn","tbnz w0, #0x0, #0x28")]), - EQ(Extract(0,0,Var("R0",Imm(64))),Int(1,1)), Direct(Tid(849, "%00000351"))), -Goto(Tid(2_161, "%00000871"), Attrs([]), Int(1,1), -Direct(Tid(1_245, "%000004dd")))])), Blk(Tid(1_245, "%000004dd"), - Attrs([Attr("address","0x898")]), Phis([]), -Defs([Def(Tid(1_248, "%000004e0"), Attrs([Attr("address","0x898"), -Attr("insn","adrp x0, #0x1f000")]), Var("R0",Imm(64)), Int(126976,64)), -Def(Tid(1_255, "%000004e7"), Attrs([Attr("address","0x89C"), -Attr("insn","ldr x0, [x0, #0xfc8]")]), Var("R0",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4040,64)),LittleEndian(),64))]), -Jmps([Goto(Tid(1_261, "%000004ed"), Attrs([Attr("address","0x8A0"), -Attr("insn","cbz x0, #0x10")]), EQ(Var("R0",Imm(64)),Int(0,64)), -Direct(Tid(1_259, "%000004eb"))), Goto(Tid(2_162, "%00000872"), Attrs([]), - Int(1,1), Direct(Tid(1_284, "%00000504")))])), Blk(Tid(1_284, "%00000504"), - Attrs([Attr("address","0x8A4")]), Phis([]), -Defs([Def(Tid(1_287, "%00000507"), Attrs([Attr("address","0x8A4"), -Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(131072,64)), -Def(Tid(1_294, "%0000050e"), Attrs([Attr("address","0x8A8"), -Attr("insn","ldr x0, [x0, #0x58]")]), Var("R0",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(88,64)),LittleEndian(),64)), -Def(Tid(1_299, "%00000513"), Attrs([Attr("address","0x8AC"), -Attr("insn","bl #-0x16c")]), Var("R30",Imm(64)), Int(2224,64))]), -Jmps([Call(Tid(1_302, "%00000516"), Attrs([Attr("address","0x8AC"), -Attr("insn","bl #-0x16c")]), Int(1,1), -(Direct(Tid(2_100, "@__cxa_finalize")),Direct(Tid(1_259, "%000004eb"))))])), -Blk(Tid(1_259, "%000004eb"), Attrs([Attr("address","0x8B0")]), Phis([]), -Defs([Def(Tid(1_267, "%000004f3"), Attrs([Attr("address","0x8B0"), -Attr("insn","bl #-0xa0")]), Var("R30",Imm(64)), Int(2228,64))]), -Jmps([Call(Tid(1_269, "%000004f5"), Attrs([Attr("address","0x8B0"), -Attr("insn","bl #-0xa0")]), Int(1,1), -(Direct(Tid(2_114, "@deregister_tm_clones")),Direct(Tid(1_271, "%000004f7"))))])), -Blk(Tid(1_271, "%000004f7"), Attrs([Attr("address","0x8B4")]), Phis([]), -Defs([Def(Tid(1_274, "%000004fa"), Attrs([Attr("address","0x8B4"), -Attr("insn","mov w0, #0x1")]), Var("R0",Imm(64)), Int(1,64)), -Def(Tid(1_282, "%00000502"), Attrs([Attr("address","0x8B8"), -Attr("insn","strb w0, [x19, #0x78]")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("R19",Imm(64)),Int(120,64)),Extract(7,0,Var("R0",Imm(64))),LittleEndian(),8))]), -Jmps([Goto(Tid(2_163, "%00000873"), Attrs([]), Int(1,1), -Direct(Tid(849, "%00000351")))])), Blk(Tid(849, "%00000351"), - Attrs([Attr("address","0x8BC")]), Phis([]), Defs([Def(Tid(859, "%0000035b"), - Attrs([Attr("address","0x8BC"), Attr("insn","ldr x19, [sp, #0x10]")]), - Var("R19",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),LittleEndian(),64)), -Def(Tid(866, "%00000362"), Attrs([Attr("address","0x8C0"), -Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R29",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), -Def(Tid(871, "%00000367"), Attrs([Attr("address","0x8C0"), -Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R30",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), -Def(Tid(875, "%0000036b"), Attrs([Attr("address","0x8C0"), -Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R31",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(32,64)))]), Jmps([Call(Tid(880, "%00000370"), - Attrs([Attr("address","0x8C4"), Attr("insn","ret")]), Int(1,1), -(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(2_105, "@__libc_start_main"), - Attrs([Attr("c.proto","signed (*)(signed (*)(signed , char** , char** );* main, signed , char** , \nvoid* auxv)"), -Attr("address","0x730"), Attr("stub","()")]), "__libc_start_main", - Args([Arg(Tid(2_174, "%0000087e"), - Attrs([Attr("c.layout","**[ : 64]"), -Attr("c.data","Top:u64 ptr ptr"), -Attr("c.type","signed (*)(signed , char** , char** );*")]), - Var("__libc_start_main_main",Imm(64)), Var("R0",Imm(64)), In()), -Arg(Tid(2_175, "%0000087f"), Attrs([Attr("c.layout","[signed : 32]"), -Attr("c.data","Top:u32"), Attr("c.type","signed")]), - Var("__libc_start_main_arg2",Imm(32)), LOW(32,Var("R1",Imm(64))), In()), -Arg(Tid(2_176, "%00000880"), Attrs([Attr("c.layout","**[char : 8]"), -Attr("c.data","Top:u8 ptr ptr"), Attr("c.type","char**")]), - Var("__libc_start_main_arg3",Imm(64)), Var("R2",Imm(64)), Both()), -Arg(Tid(2_177, "%00000881"), Attrs([Attr("c.layout","*[ : 8]"), -Attr("c.data","{} ptr"), Attr("c.type","void*")]), - Var("__libc_start_main_auxv",Imm(64)), Var("R3",Imm(64)), Both()), -Arg(Tid(2_178, "%00000882"), Attrs([Attr("c.layout","[signed : 32]"), -Attr("c.data","Top:u32"), Attr("c.type","signed")]), - Var("__libc_start_main_result",Imm(32)), LOW(32,Var("R0",Imm(64))), -Out())]), Blks([Blk(Tid(632, "@__libc_start_main"), - Attrs([Attr("address","0x730")]), Phis([]), -Defs([Def(Tid(1_666, "%00000682"), Attrs([Attr("address","0x730"), -Attr("insn","adrp x16, #0x20000")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_673, "%00000689"), Attrs([Attr("address","0x734"), -Attr("insn","ldr x17, [x16, #0x10]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(16,64)),LittleEndian(),64)), -Def(Tid(1_679, "%0000068f"), Attrs([Attr("address","0x738"), -Attr("insn","add x16, x16, #0x10")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(1_684, "%00000694"), - Attrs([Attr("address","0x73C"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(2_106, "@_fini"), - Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x9A4")]), - "_fini", Args([Arg(Tid(2_179, "%00000883"), - Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), -Attr("c.type","signed")]), Var("_fini_result",Imm(32)), -LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(32, "@_fini"), - Attrs([Attr("address","0x9A4")]), Phis([]), Defs([Def(Tid(38, "%00000026"), - Attrs([Attr("address","0x9A8"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("#0",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))), -Def(Tid(44, "%0000002c"), Attrs([Attr("address","0x9A8"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),Var("#0",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), -Def(Tid(50, "%00000032"), Attrs([Attr("address","0x9A8"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("#0",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), -Def(Tid(54, "%00000036"), Attrs([Attr("address","0x9A8"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("R31",Imm(64)), -Var("#0",Imm(64))), Def(Tid(60, "%0000003c"), Attrs([Attr("address","0x9AC"), -Attr("insn","mov x29, sp")]), Var("R29",Imm(64)), Var("R31",Imm(64))), -Def(Tid(67, "%00000043"), Attrs([Attr("address","0x9B0"), -Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R29",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), -Def(Tid(72, "%00000048"), Attrs([Attr("address","0x9B0"), -Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R30",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), -Def(Tid(76, "%0000004c"), Attrs([Attr("address","0x9B0"), -Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R31",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(81, "%00000051"), - Attrs([Attr("address","0x9B4"), Attr("insn","ret")]), Int(1,1), -(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(2_107, "@_init"), - Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x6D8")]), - "_init", Args([Arg(Tid(2_180, "%00000884"), - Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), -Attr("c.type","signed")]), Var("_init_result",Imm(32)), -LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(1_866, "@_init"), - Attrs([Attr("address","0x6D8")]), Phis([]), -Defs([Def(Tid(1_872, "%00000750"), Attrs([Attr("address","0x6DC"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("#6",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))), -Def(Tid(1_878, "%00000756"), Attrs([Attr("address","0x6DC"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),Var("#6",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), -Def(Tid(1_884, "%0000075c"), Attrs([Attr("address","0x6DC"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("#6",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), -Def(Tid(1_888, "%00000760"), Attrs([Attr("address","0x6DC"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("R31",Imm(64)), -Var("#6",Imm(64))), Def(Tid(1_894, "%00000766"), - Attrs([Attr("address","0x6E0"), Attr("insn","mov x29, sp")]), - Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(1_899, "%0000076b"), - Attrs([Attr("address","0x6E4"), Attr("insn","bl #0x110")]), - Var("R30",Imm(64)), Int(1768,64))]), Jmps([Call(Tid(1_901, "%0000076d"), - Attrs([Attr("address","0x6E4"), Attr("insn","bl #0x110")]), Int(1,1), -(Direct(Tid(2_112, "@call_weak_fn")),Direct(Tid(1_903, "%0000076f"))))])), -Blk(Tid(1_903, "%0000076f"), Attrs([Attr("address","0x6E8")]), Phis([]), -Defs([Def(Tid(1_908, "%00000774"), Attrs([Attr("address","0x6E8"), -Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R29",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), -Def(Tid(1_913, "%00000779"), Attrs([Attr("address","0x6E8"), -Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R30",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), -Def(Tid(1_917, "%0000077d"), Attrs([Attr("address","0x6E8"), -Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R31",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(1_922, "%00000782"), - Attrs([Attr("address","0x6EC"), Attr("insn","ret")]), Int(1,1), -(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(2_108, "@_start"), - Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x7C0"), -Attr("entry-point","()")]), "_start", Args([Arg(Tid(2_181, "%00000885"), - Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), -Attr("c.type","signed")]), Var("_start_result",Imm(32)), -LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(569, "@_start"), - Attrs([Attr("address","0x7C0")]), Phis([]), Defs([Def(Tid(574, "%0000023e"), - Attrs([Attr("address","0x7C4"), Attr("insn","mov x29, #0x0")]), - Var("R29",Imm(64)), Int(0,64)), Def(Tid(579, "%00000243"), - Attrs([Attr("address","0x7C8"), Attr("insn","mov x30, #0x0")]), - Var("R30",Imm(64)), Int(0,64)), Def(Tid(585, "%00000249"), - Attrs([Attr("address","0x7CC"), Attr("insn","mov x5, x0")]), - Var("R5",Imm(64)), Var("R0",Imm(64))), Def(Tid(592, "%00000250"), - Attrs([Attr("address","0x7D0"), Attr("insn","ldr x1, [sp]")]), - Var("R1",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), -Def(Tid(598, "%00000256"), Attrs([Attr("address","0x7D4"), -Attr("insn","add x2, sp, #0x8")]), Var("R2",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(8,64))), Def(Tid(604, "%0000025c"), - Attrs([Attr("address","0x7D8"), Attr("insn","mov x6, sp")]), - Var("R6",Imm(64)), Var("R31",Imm(64))), Def(Tid(609, "%00000261"), - Attrs([Attr("address","0x7DC"), Attr("insn","adrp x0, #0x1f000")]), - Var("R0",Imm(64)), Int(126976,64)), Def(Tid(616, "%00000268"), - Attrs([Attr("address","0x7E0"), Attr("insn","ldr x0, [x0, #0xfd8]")]), - Var("R0",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4056,64)),LittleEndian(),64)), -Def(Tid(621, "%0000026d"), Attrs([Attr("address","0x7E4"), -Attr("insn","mov x3, #0x0")]), Var("R3",Imm(64)), Int(0,64)), -Def(Tid(626, "%00000272"), Attrs([Attr("address","0x7E8"), -Attr("insn","mov x4, #0x0")]), Var("R4",Imm(64)), Int(0,64)), -Def(Tid(631, "%00000277"), Attrs([Attr("address","0x7EC"), -Attr("insn","bl #-0xbc")]), Var("R30",Imm(64)), Int(2032,64))]), -Jmps([Call(Tid(634, "%0000027a"), Attrs([Attr("address","0x7EC"), -Attr("insn","bl #-0xbc")]), Int(1,1), -(Direct(Tid(2_105, "@__libc_start_main")),Direct(Tid(636, "%0000027c"))))])), -Blk(Tid(636, "%0000027c"), Attrs([Attr("address","0x7F0")]), Phis([]), -Defs([Def(Tid(639, "%0000027f"), Attrs([Attr("address","0x7F0"), -Attr("insn","bl #-0x70")]), Var("R30",Imm(64)), Int(2036,64))]), -Jmps([Call(Tid(642, "%00000282"), Attrs([Attr("address","0x7F0"), -Attr("insn","bl #-0x70")]), Int(1,1), -(Direct(Tid(2_111, "@abort")),Direct(Tid(2_164, "%00000874"))))])), -Blk(Tid(2_164, "%00000874"), Attrs([]), Phis([]), Defs([]), -Jmps([Call(Tid(2_165, "%00000875"), Attrs([]), Int(1,1), -(Direct(Tid(2_112, "@call_weak_fn")),))]))])), Sub(Tid(2_111, "@abort"), - Attrs([Attr("noreturn","()"), Attr("c.proto","void (*)(void)"), -Attr("address","0x780"), Attr("stub","()")]), "abort", Args([]), -Blks([Blk(Tid(640, "@abort"), Attrs([Attr("address","0x780")]), Phis([]), -Defs([Def(Tid(1_776, "%000006f0"), Attrs([Attr("address","0x780"), -Attr("insn","adrp x16, #0x20000")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_783, "%000006f7"), Attrs([Attr("address","0x784"), -Attr("insn","ldr x17, [x16, #0x38]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(56,64)),LittleEndian(),64)), -Def(Tid(1_789, "%000006fd"), Attrs([Attr("address","0x788"), -Attr("insn","add x16, x16, #0x38")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(56,64)))]), Jmps([Call(Tid(1_794, "%00000702"), - Attrs([Attr("address","0x78C"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(2_112, "@call_weak_fn"), - Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x7F4")]), - "call_weak_fn", Args([Arg(Tid(2_182, "%00000886"), - Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), -Attr("c.type","signed")]), Var("call_weak_fn_result",Imm(32)), -LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(644, "@call_weak_fn"), - Attrs([Attr("address","0x7F4")]), Phis([]), Defs([Def(Tid(647, "%00000287"), - Attrs([Attr("address","0x7F4"), Attr("insn","adrp x0, #0x1f000")]), - Var("R0",Imm(64)), Int(126976,64)), Def(Tid(654, "%0000028e"), - Attrs([Attr("address","0x7F8"), Attr("insn","ldr x0, [x0, #0xfd0]")]), - Var("R0",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4048,64)),LittleEndian(),64))]), -Jmps([Goto(Tid(660, "%00000294"), Attrs([Attr("address","0x7FC"), -Attr("insn","cbz x0, #0x8")]), EQ(Var("R0",Imm(64)),Int(0,64)), -Direct(Tid(658, "%00000292"))), Goto(Tid(2_166, "%00000876"), Attrs([]), - Int(1,1), Direct(Tid(1_364, "%00000554")))])), Blk(Tid(658, "%00000292"), - Attrs([Attr("address","0x804")]), Phis([]), Defs([]), -Jmps([Call(Tid(666, "%0000029a"), Attrs([Attr("address","0x804"), -Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), -Blk(Tid(1_364, "%00000554"), Attrs([Attr("address","0x800")]), Phis([]), -Defs([]), Jmps([Goto(Tid(1_367, "%00000557"), Attrs([Attr("address","0x800"), -Attr("insn","b #-0x90")]), Int(1,1), -Direct(Tid(1_365, "@__gmon_start__")))])), Blk(Tid(1_365, "@__gmon_start__"), - Attrs([Attr("address","0x770")]), Phis([]), -Defs([Def(Tid(1_754, "%000006da"), Attrs([Attr("address","0x770"), -Attr("insn","adrp x16, #0x20000")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_761, "%000006e1"), Attrs([Attr("address","0x774"), -Attr("insn","ldr x17, [x16, #0x30]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(48,64)),LittleEndian(),64)), -Def(Tid(1_767, "%000006e7"), Attrs([Attr("address","0x778"), -Attr("insn","add x16, x16, #0x30")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(48,64)))]), Jmps([Call(Tid(1_772, "%000006ec"), - Attrs([Attr("address","0x77C"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), -Sub(Tid(2_114, "@deregister_tm_clones"), - Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x810")]), - "deregister_tm_clones", Args([Arg(Tid(2_183, "%00000887"), - Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), -Attr("c.type","signed")]), Var("deregister_tm_clones_result",Imm(32)), -LOW(32,Var("R0",Imm(64))), Out())]), -Blks([Blk(Tid(672, "@deregister_tm_clones"), - Attrs([Attr("address","0x810")]), Phis([]), Defs([Def(Tid(675, "%000002a3"), - Attrs([Attr("address","0x810"), Attr("insn","adrp x0, #0x20000")]), - Var("R0",Imm(64)), Int(131072,64)), Def(Tid(681, "%000002a9"), - Attrs([Attr("address","0x814"), Attr("insn","add x0, x0, #0x78")]), - Var("R0",Imm(64)), PLUS(Var("R0",Imm(64)),Int(120,64))), -Def(Tid(686, "%000002ae"), Attrs([Attr("address","0x818"), -Attr("insn","adrp x1, #0x20000")]), Var("R1",Imm(64)), Int(131072,64)), -Def(Tid(692, "%000002b4"), Attrs([Attr("address","0x81C"), -Attr("insn","add x1, x1, #0x78")]), Var("R1",Imm(64)), -PLUS(Var("R1",Imm(64)),Int(120,64))), Def(Tid(698, "%000002ba"), - Attrs([Attr("address","0x820"), Attr("insn","cmp x1, x0")]), - Var("#1",Imm(64)), NOT(Var("R0",Imm(64)))), Def(Tid(703, "%000002bf"), - Attrs([Attr("address","0x820"), Attr("insn","cmp x1, x0")]), - Var("#2",Imm(64)), PLUS(Var("R1",Imm(64)),NOT(Var("R0",Imm(64))))), -Def(Tid(709, "%000002c5"), Attrs([Attr("address","0x820"), -Attr("insn","cmp x1, x0")]), Var("VF",Imm(1)), -NEQ(SIGNED(65,PLUS(Var("#2",Imm(64)),Int(1,64))),PLUS(PLUS(SIGNED(65,Var("R1",Imm(64))),SIGNED(65,Var("#1",Imm(64)))),Int(1,65)))), -Def(Tid(715, "%000002cb"), Attrs([Attr("address","0x820"), -Attr("insn","cmp x1, x0")]), Var("CF",Imm(1)), -NEQ(UNSIGNED(65,PLUS(Var("#2",Imm(64)),Int(1,64))),PLUS(PLUS(UNSIGNED(65,Var("R1",Imm(64))),UNSIGNED(65,Var("#1",Imm(64)))),Int(1,65)))), -Def(Tid(719, "%000002cf"), Attrs([Attr("address","0x820"), -Attr("insn","cmp x1, x0")]), Var("ZF",Imm(1)), -EQ(PLUS(Var("#2",Imm(64)),Int(1,64)),Int(0,64))), Def(Tid(723, "%000002d3"), - Attrs([Attr("address","0x820"), Attr("insn","cmp x1, x0")]), - Var("NF",Imm(1)), Extract(63,63,PLUS(Var("#2",Imm(64)),Int(1,64))))]), -Jmps([Goto(Tid(729, "%000002d9"), Attrs([Attr("address","0x824"), -Attr("insn","b.eq #0x18")]), EQ(Var("ZF",Imm(1)),Int(1,1)), -Direct(Tid(727, "%000002d7"))), Goto(Tid(2_167, "%00000877"), Attrs([]), - Int(1,1), Direct(Tid(1_334, "%00000536")))])), Blk(Tid(1_334, "%00000536"), - Attrs([Attr("address","0x828")]), Phis([]), -Defs([Def(Tid(1_337, "%00000539"), Attrs([Attr("address","0x828"), -Attr("insn","adrp x1, #0x1f000")]), Var("R1",Imm(64)), Int(126976,64)), -Def(Tid(1_344, "%00000540"), Attrs([Attr("address","0x82C"), -Attr("insn","ldr x1, [x1, #0xfc0]")]), Var("R1",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R1",Imm(64)),Int(4032,64)),LittleEndian(),64))]), -Jmps([Goto(Tid(1_349, "%00000545"), Attrs([Attr("address","0x830"), -Attr("insn","cbz x1, #0xc")]), EQ(Var("R1",Imm(64)),Int(0,64)), -Direct(Tid(727, "%000002d7"))), Goto(Tid(2_168, "%00000878"), Attrs([]), - Int(1,1), Direct(Tid(1_353, "%00000549")))])), Blk(Tid(727, "%000002d7"), - Attrs([Attr("address","0x83C")]), Phis([]), Defs([]), -Jmps([Call(Tid(735, "%000002df"), Attrs([Attr("address","0x83C"), -Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), -Blk(Tid(1_353, "%00000549"), Attrs([Attr("address","0x834")]), Phis([]), -Defs([Def(Tid(1_357, "%0000054d"), Attrs([Attr("address","0x834"), -Attr("insn","mov x16, x1")]), Var("R16",Imm(64)), Var("R1",Imm(64)))]), -Jmps([Call(Tid(1_362, "%00000552"), Attrs([Attr("address","0x838"), -Attr("insn","br x16")]), Int(1,1), (Indirect(Var("R16",Imm(64))),))]))])), -Sub(Tid(2_117, "@frame_dummy"), Attrs([Attr("c.proto","signed (*)(void)"), -Attr("address","0x8D0")]), "frame_dummy", Args([Arg(Tid(2_184, "%00000888"), - Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), -Attr("c.type","signed")]), Var("frame_dummy_result",Imm(32)), -LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(886, "@frame_dummy"), - Attrs([Attr("address","0x8D0")]), Phis([]), Defs([]), -Jmps([Call(Tid(888, "%00000378"), Attrs([Attr("address","0x8D0"), -Attr("insn","b #-0x90")]), Int(1,1), -(Direct(Tid(2_124, "@register_tm_clones")),))]))])), Sub(Tid(2_118, "@free"), - Attrs([Attr("c.proto","void (*)(void* ptr)"), Attr("address","0x7A0"), -Attr("stub","()")]), "free", Args([Arg(Tid(2_185, "%00000889"), - Attrs([Attr("c.layout","*[ : 8]"), Attr("c.data","{} ptr"), -Attr("c.type","void*")]), Var("free_ptr",Imm(64)), Var("R0",Imm(64)), -Both())]), Blks([Blk(Tid(1_208, "@free"), Attrs([Attr("address","0x7A0")]), - Phis([]), Defs([Def(Tid(1_820, "%0000071c"), Attrs([Attr("address","0x7A0"), -Attr("insn","adrp x16, #0x20000")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_827, "%00000723"), Attrs([Attr("address","0x7A4"), -Attr("insn","ldr x17, [x16, #0x48]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(72,64)),LittleEndian(),64)), -Def(Tid(1_833, "%00000729"), Attrs([Attr("address","0x7A8"), -Attr("insn","add x16, x16, #0x48")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(72,64)))]), Jmps([Call(Tid(1_838, "%0000072e"), - Attrs([Attr("address","0x7AC"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(2_119, "@main"), - Attrs([Attr("c.proto","signed (*)(signed argc, const char** argv)"), -Attr("address","0x8D4")]), "main", Args([Arg(Tid(2_186, "%0000088a"), - Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), -Attr("c.type","signed")]), Var("main_argc",Imm(32)), -LOW(32,Var("R0",Imm(64))), In()), Arg(Tid(2_187, "%0000088b"), - Attrs([Attr("c.layout","**[char : 8]"), Attr("c.data","Top:u8 ptr ptr"), -Attr("c.type"," const char**")]), Var("main_argv",Imm(64)), -Var("R1",Imm(64)), Both()), Arg(Tid(2_188, "%0000088c"), - Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), -Attr("c.type","signed")]), Var("main_result",Imm(32)), -LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(890, "@main"), - Attrs([Attr("address","0x8D4")]), Phis([]), Defs([Def(Tid(894, "%0000037e"), - Attrs([Attr("address","0x8D4"), -Attr("insn","stp x29, x30, [sp, #-0x30]!")]), Var("#4",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(18446744073709551568,64))), -Def(Tid(900, "%00000384"), Attrs([Attr("address","0x8D4"), -Attr("insn","stp x29, x30, [sp, #-0x30]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),Var("#4",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), -Def(Tid(906, "%0000038a"), Attrs([Attr("address","0x8D4"), -Attr("insn","stp x29, x30, [sp, #-0x30]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("#4",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), -Def(Tid(910, "%0000038e"), Attrs([Attr("address","0x8D4"), -Attr("insn","stp x29, x30, [sp, #-0x30]!")]), Var("R31",Imm(64)), -Var("#4",Imm(64))), Def(Tid(916, "%00000394"), - Attrs([Attr("address","0x8D8"), Attr("insn","mov x29, sp")]), - Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(924, "%0000039c"), - Attrs([Attr("address","0x8DC"), Attr("insn","str x19, [sp, #0x10]")]), - Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),Var("R19",Imm(64)),LittleEndian(),64)), -Def(Tid(931, "%000003a3"), Attrs([Attr("address","0x8E0"), -Attr("insn","str xzr, [sp, #0x28]")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(40,64)),Int(0,64),LittleEndian(),64)), -Def(Tid(938, "%000003aa"), Attrs([Attr("address","0x8E4"), -Attr("insn","str xzr, [sp, #0x20]")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(32,64)),Int(0,64),LittleEndian(),64)), -Def(Tid(943, "%000003af"), Attrs([Attr("address","0x8E8"), -Attr("insn","mov x0, #0xb")]), Var("R0",Imm(64)), Int(11,64)), -Def(Tid(948, "%000003b4"), Attrs([Attr("address","0x8EC"), -Attr("insn","bl #-0x19c")]), Var("R30",Imm(64)), Int(2288,64))]), -Jmps([Call(Tid(951, "%000003b7"), Attrs([Attr("address","0x8EC"), -Attr("insn","bl #-0x19c")]), Int(1,1), -(Direct(Tid(2_120, "@malloc")),Direct(Tid(953, "%000003b9"))))])), -Blk(Tid(953, "%000003b9"), Attrs([Attr("address","0x8F0")]), Phis([]), -Defs([Def(Tid(957, "%000003bd"), Attrs([Attr("address","0x8F0"), -Attr("insn","mov x1, x0")]), Var("R1",Imm(64)), Var("R0",Imm(64))), -Def(Tid(962, "%000003c2"), Attrs([Attr("address","0x8F4"), -Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(131072,64)), -Def(Tid(968, "%000003c8"), Attrs([Attr("address","0x8F8"), -Attr("insn","add x0, x0, #0x80")]), Var("R0",Imm(64)), -PLUS(Var("R0",Imm(64)),Int(128,64))), Def(Tid(976, "%000003d0"), - Attrs([Attr("address","0x8FC"), Attr("insn","str x1, [x0]")]), - Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Var("R1",Imm(64)),LittleEndian(),64)), -Def(Tid(981, "%000003d5"), Attrs([Attr("address","0x900"), -Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(131072,64)), -Def(Tid(987, "%000003db"), Attrs([Attr("address","0x904"), -Attr("insn","add x0, x0, #0x80")]), Var("R0",Imm(64)), -PLUS(Var("R0",Imm(64)),Int(128,64))), Def(Tid(994, "%000003e2"), - Attrs([Attr("address","0x908"), Attr("insn","ldr x19, [x0]")]), - Var("R19",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),64)), -Def(Tid(999, "%000003e7"), Attrs([Attr("address","0x90C"), -Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(131072,64)), -Def(Tid(1_005, "%000003ed"), Attrs([Attr("address","0x910"), -Attr("insn","add x0, x0, #0x68")]), Var("R0",Imm(64)), -PLUS(Var("R0",Imm(64)),Int(104,64))), Def(Tid(1_010, "%000003f2"), - Attrs([Attr("address","0x914"), Attr("insn","bl #-0x1f4")]), - Var("R30",Imm(64)), Int(2328,64))]), Jmps([Call(Tid(1_013, "%000003f5"), - Attrs([Attr("address","0x914"), Attr("insn","bl #-0x1f4")]), Int(1,1), -(Direct(Tid(2_127, "@strlen")),Direct(Tid(1_015, "%000003f7"))))])), -Blk(Tid(1_015, "%000003f7"), Attrs([Attr("address","0x918")]), Phis([]), -Defs([Def(Tid(1_019, "%000003fb"), Attrs([Attr("address","0x918"), -Attr("insn","mov x2, x0")]), Var("R2",Imm(64)), Var("R0",Imm(64))), -Def(Tid(1_024, "%00000400"), Attrs([Attr("address","0x91C"), -Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(131072,64)), -Def(Tid(1_030, "%00000406"), Attrs([Attr("address","0x920"), -Attr("insn","add x1, x0, #0x68")]), Var("R1",Imm(64)), -PLUS(Var("R0",Imm(64)),Int(104,64))), Def(Tid(1_036, "%0000040c"), - Attrs([Attr("address","0x924"), Attr("insn","mov x0, x19")]), - Var("R0",Imm(64)), Var("R19",Imm(64))), Def(Tid(1_041, "%00000411"), - Attrs([Attr("address","0x928"), Attr("insn","bl #-0x218")]), - Var("R30",Imm(64)), Int(2348,64))]), Jmps([Call(Tid(1_044, "%00000414"), - Attrs([Attr("address","0x928"), Attr("insn","bl #-0x218")]), Int(1,1), -(Direct(Tid(2_121, "@memcpy")),Direct(Tid(1_046, "%00000416"))))])), -Blk(Tid(1_046, "%00000416"), Attrs([Attr("address","0x92C")]), Phis([]), -Defs([Def(Tid(1_049, "%00000419"), Attrs([Attr("address","0x92C"), -Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(131072,64)), -Def(Tid(1_055, "%0000041f"), Attrs([Attr("address","0x930"), -Attr("insn","add x0, x0, #0x80")]), Var("R0",Imm(64)), -PLUS(Var("R0",Imm(64)),Int(128,64))), Def(Tid(1_062, "%00000426"), - Attrs([Attr("address","0x934"), Attr("insn","ldr x0, [x0]")]), - Var("R0",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),64)), -Def(Tid(1_067, "%0000042b"), Attrs([Attr("address","0x938"), -Attr("insn","bl #-0x1a8")]), Var("R30",Imm(64)), Int(2364,64))]), -Jmps([Call(Tid(1_070, "%0000042e"), Attrs([Attr("address","0x938"), -Attr("insn","bl #-0x1a8")]), Int(1,1), -(Direct(Tid(2_123, "@puts")),Direct(Tid(1_072, "%00000430"))))])), -Blk(Tid(1_072, "%00000430"), Attrs([Attr("address","0x93C")]), Phis([]), -Defs([Def(Tid(1_075, "%00000433"), Attrs([Attr("address","0x93C"), -Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(131072,64)), -Def(Tid(1_081, "%00000439"), Attrs([Attr("address","0x940"), -Attr("insn","add x0, x0, #0x80")]), Var("R0",Imm(64)), -PLUS(Var("R0",Imm(64)),Int(128,64))), Def(Tid(1_088, "%00000440"), - Attrs([Attr("address","0x944"), Attr("insn","ldr x0, [x0]")]), - Var("R0",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),64)), -Def(Tid(1_094, "%00000446"), Attrs([Attr("address","0x948"), -Attr("insn","add x0, x0, #0x2")]), Var("R0",Imm(64)), -PLUS(Var("R0",Imm(64)),Int(2,64))), Def(Tid(1_102, "%0000044e"), - Attrs([Attr("address","0x94C"), Attr("insn","str x0, [sp, #0x28]")]), - Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(40,64)),Var("R0",Imm(64)),LittleEndian(),64)), -Def(Tid(1_109, "%00000455"), Attrs([Attr("address","0x950"), -Attr("insn","ldr x0, [sp, #0x28]")]), Var("R0",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(40,64)),LittleEndian(),64)), -Def(Tid(1_116, "%0000045c"), Attrs([Attr("address","0x954"), -Attr("insn","strb wzr, [x0]")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Int(0,8),LittleEndian(),8)), -Def(Tid(1_121, "%00000461"), Attrs([Attr("address","0x958"), -Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(131072,64)), -Def(Tid(1_127, "%00000467"), Attrs([Attr("address","0x95C"), -Attr("insn","add x0, x0, #0x80")]), Var("R0",Imm(64)), -PLUS(Var("R0",Imm(64)),Int(128,64))), Def(Tid(1_134, "%0000046e"), - Attrs([Attr("address","0x960"), Attr("insn","ldr x19, [x0]")]), - Var("R19",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),64)), -Def(Tid(1_139, "%00000473"), Attrs([Attr("address","0x964"), -Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(131072,64)), -Def(Tid(1_145, "%00000479"), Attrs([Attr("address","0x968"), -Attr("insn","add x0, x0, #0x80")]), Var("R0",Imm(64)), -PLUS(Var("R0",Imm(64)),Int(128,64))), Def(Tid(1_152, "%00000480"), - Attrs([Attr("address","0x96C"), Attr("insn","ldr x0, [x0]")]), - Var("R0",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),64)), -Def(Tid(1_157, "%00000485"), Attrs([Attr("address","0x970"), -Attr("insn","bl #-0x250")]), Var("R30",Imm(64)), Int(2420,64))]), -Jmps([Call(Tid(1_159, "%00000487"), Attrs([Attr("address","0x970"), -Attr("insn","bl #-0x250")]), Int(1,1), -(Direct(Tid(2_127, "@strlen")),Direct(Tid(1_161, "%00000489"))))])), -Blk(Tid(1_161, "%00000489"), Attrs([Attr("address","0x974")]), Phis([]), -Defs([Def(Tid(1_165, "%0000048d"), Attrs([Attr("address","0x974"), -Attr("insn","mov x2, x0")]), Var("R2",Imm(64)), Var("R0",Imm(64))), -Def(Tid(1_170, "%00000492"), Attrs([Attr("address","0x978"), -Attr("insn","mov w1, #0x1")]), Var("R1",Imm(64)), Int(1,64)), -Def(Tid(1_176, "%00000498"), Attrs([Attr("address","0x97C"), -Attr("insn","mov x0, x19")]), Var("R0",Imm(64)), Var("R19",Imm(64))), -Def(Tid(1_181, "%0000049d"), Attrs([Attr("address","0x980"), -Attr("insn","bl #-0x220")]), Var("R30",Imm(64)), Int(2436,64))]), -Jmps([Call(Tid(1_184, "%000004a0"), Attrs([Attr("address","0x980"), -Attr("insn","bl #-0x220")]), Int(1,1), -(Direct(Tid(2_122, "@memset")),Direct(Tid(1_186, "%000004a2"))))])), -Blk(Tid(1_186, "%000004a2"), Attrs([Attr("address","0x984")]), Phis([]), -Defs([Def(Tid(1_189, "%000004a5"), Attrs([Attr("address","0x984"), -Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(131072,64)), -Def(Tid(1_195, "%000004ab"), Attrs([Attr("address","0x988"), -Attr("insn","add x0, x0, #0x80")]), Var("R0",Imm(64)), -PLUS(Var("R0",Imm(64)),Int(128,64))), Def(Tid(1_202, "%000004b2"), - Attrs([Attr("address","0x98C"), Attr("insn","ldr x0, [x0]")]), - Var("R0",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),64)), -Def(Tid(1_207, "%000004b7"), Attrs([Attr("address","0x990"), -Attr("insn","bl #-0x1f0")]), Var("R30",Imm(64)), Int(2452,64))]), -Jmps([Call(Tid(1_210, "%000004ba"), Attrs([Attr("address","0x990"), -Attr("insn","bl #-0x1f0")]), Int(1,1), -(Direct(Tid(2_118, "@free")),Direct(Tid(1_212, "%000004bc"))))])), -Blk(Tid(1_212, "%000004bc"), Attrs([Attr("address","0x994")]), Phis([]), -Defs([Def(Tid(1_215, "%000004bf"), Attrs([Attr("address","0x994"), -Attr("insn","mov w0, #0x0")]), Var("R0",Imm(64)), Int(0,64)), -Def(Tid(1_222, "%000004c6"), Attrs([Attr("address","0x998"), -Attr("insn","ldr x19, [sp, #0x10]")]), Var("R19",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),LittleEndian(),64)), -Def(Tid(1_229, "%000004cd"), Attrs([Attr("address","0x99C"), -Attr("insn","ldp x29, x30, [sp], #0x30")]), Var("R29",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), -Def(Tid(1_234, "%000004d2"), Attrs([Attr("address","0x99C"), -Attr("insn","ldp x29, x30, [sp], #0x30")]), Var("R30",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), -Def(Tid(1_238, "%000004d6"), Attrs([Attr("address","0x99C"), -Attr("insn","ldp x29, x30, [sp], #0x30")]), Var("R31",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(48,64)))]), Jmps([Call(Tid(1_243, "%000004db"), - Attrs([Attr("address","0x9A0"), Attr("insn","ret")]), Int(1,1), -(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(2_120, "@malloc"), - Attrs([Attr("c.proto","void* (*)(unsigned long size)"), -Attr("address","0x750"), Attr("malloc","()"), Attr("stub","()")]), "malloc", - Args([Arg(Tid(2_189, "%0000088d"), Attrs([Attr("alloc-size","()"), -Attr("c.layout","[unsigned long : 64]"), Attr("c.data","Top:u64"), -Attr("c.type","unsigned long")]), Var("malloc_size",Imm(64)), -Var("R0",Imm(64)), In()), Arg(Tid(2_190, "%0000088e"), - Attrs([Attr("warn-unused","()"), Attr("c.layout","*[ : 8]"), -Attr("c.data","{} ptr"), Attr("c.type","void*")]), - Var("malloc_result",Imm(64)), Var("R0",Imm(64)), Out())]), -Blks([Blk(Tid(949, "@malloc"), Attrs([Attr("address","0x750")]), Phis([]), -Defs([Def(Tid(1_710, "%000006ae"), Attrs([Attr("address","0x750"), -Attr("insn","adrp x16, #0x20000")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_717, "%000006b5"), Attrs([Attr("address","0x754"), -Attr("insn","ldr x17, [x16, #0x20]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(32,64)),LittleEndian(),64)), -Def(Tid(1_723, "%000006bb"), Attrs([Attr("address","0x758"), -Attr("insn","add x16, x16, #0x20")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(32,64)))]), Jmps([Call(Tid(1_728, "%000006c0"), - Attrs([Attr("address","0x75C"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(2_121, "@memcpy"), - Attrs([Attr("c.proto","void* (*)(void restrict * dst, void restrict * src, unsigned long n)"), -Attr("address","0x710"), Attr("stub","()")]), "memcpy", - Args([Arg(Tid(2_191, "%0000088f"), Attrs([Attr("nonnull","()"), -Attr("c.layout","*[ : 8]"), Attr("c.data","{} ptr"), -Attr("c.type","void restrict *")]), Var("memcpy_dst",Imm(64)), -Var("R0",Imm(64)), Both()), Arg(Tid(2_192, "%00000890"), - Attrs([Attr("nonnull","()"), Attr("c.layout","*[ : 8]"), -Attr("c.data","{} ptr"), Attr("c.type","void restrict *")]), - Var("memcpy_src",Imm(64)), Var("R1",Imm(64)), Both()), -Arg(Tid(2_193, "%00000891"), Attrs([Attr("c.layout","[unsigned long : 64]"), -Attr("c.data","Top:u64"), Attr("c.type","unsigned long")]), - Var("memcpy_n",Imm(64)), Var("R2",Imm(64)), In()), -Arg(Tid(2_194, "%00000892"), Attrs([Attr("c.layout","*[ : 8]"), -Attr("c.data","{} ptr"), Attr("c.type","void*")]), - Var("memcpy_result",Imm(64)), Var("R0",Imm(64)), Out())]), -Blks([Blk(Tid(1_042, "@memcpy"), Attrs([Attr("address","0x710")]), Phis([]), -Defs([Def(Tid(1_622, "%00000656"), Attrs([Attr("address","0x710"), -Attr("insn","adrp x16, #0x20000")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_629, "%0000065d"), Attrs([Attr("address","0x714"), -Attr("insn","ldr x17, [x16]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R16",Imm(64)),LittleEndian(),64)), -Def(Tid(1_635, "%00000663"), Attrs([Attr("address","0x718"), -Attr("insn","add x16, x16, #0x0")]), Var("R16",Imm(64)), -Var("R16",Imm(64)))]), Jmps([Call(Tid(1_640, "%00000668"), - Attrs([Attr("address","0x71C"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(2_122, "@memset"), - Attrs([Attr("c.proto","void* (*)(void* buf, signed c, unsigned long n)"), -Attr("address","0x760"), Attr("stub","()")]), "memset", - Args([Arg(Tid(2_195, "%00000893"), Attrs([Attr("nonnull","()"), -Attr("c.layout","*[ : 8]"), Attr("c.data","{} ptr"), -Attr("c.type","void*")]), Var("memset_buf",Imm(64)), Var("R0",Imm(64)), -Both()), Arg(Tid(2_196, "%00000894"), - Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), -Attr("c.type","signed")]), Var("memset_c",Imm(32)), -LOW(32,Var("R1",Imm(64))), In()), Arg(Tid(2_197, "%00000895"), - Attrs([Attr("c.layout","[unsigned long : 64]"), Attr("c.data","Top:u64"), -Attr("c.type","unsigned long")]), Var("memset_n",Imm(64)), Var("R2",Imm(64)), -In()), Arg(Tid(2_198, "%00000896"), Attrs([Attr("c.layout","*[ : 8]"), -Attr("c.data","{} ptr"), Attr("c.type","void*")]), - Var("memset_result",Imm(64)), Var("R0",Imm(64)), Out())]), -Blks([Blk(Tid(1_182, "@memset"), Attrs([Attr("address","0x760")]), Phis([]), -Defs([Def(Tid(1_732, "%000006c4"), Attrs([Attr("address","0x760"), -Attr("insn","adrp x16, #0x20000")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_739, "%000006cb"), Attrs([Attr("address","0x764"), -Attr("insn","ldr x17, [x16, #0x28]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(40,64)),LittleEndian(),64)), -Def(Tid(1_745, "%000006d1"), Attrs([Attr("address","0x768"), -Attr("insn","add x16, x16, #0x28")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(40,64)))]), Jmps([Call(Tid(1_750, "%000006d6"), - Attrs([Attr("address","0x76C"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(2_123, "@puts"), - Attrs([Attr("c.proto","signed (*)( const char* s)"), -Attr("address","0x790"), Attr("stub","()")]), "puts", - Args([Arg(Tid(2_199, "%00000897"), Attrs([Attr("c.layout","*[char : 8]"), -Attr("c.data","Top:u8 ptr"), Attr("c.type"," const char*")]), - Var("puts_s",Imm(64)), Var("R0",Imm(64)), In()), -Arg(Tid(2_200, "%00000898"), Attrs([Attr("c.layout","[signed : 32]"), -Attr("c.data","Top:u32"), Attr("c.type","signed")]), - Var("puts_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), -Blks([Blk(Tid(1_068, "@puts"), Attrs([Attr("address","0x790")]), Phis([]), -Defs([Def(Tid(1_798, "%00000706"), Attrs([Attr("address","0x790"), -Attr("insn","adrp x16, #0x20000")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_805, "%0000070d"), Attrs([Attr("address","0x794"), -Attr("insn","ldr x17, [x16, #0x40]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(64,64)),LittleEndian(),64)), -Def(Tid(1_811, "%00000713"), Attrs([Attr("address","0x798"), -Attr("insn","add x16, x16, #0x40")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(64,64)))]), Jmps([Call(Tid(1_816, "%00000718"), - Attrs([Attr("address","0x79C"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), -Sub(Tid(2_124, "@register_tm_clones"), - Attrs([Attr("c.proto","signed (*)(void)"), Attr("address","0x840")]), - "register_tm_clones", Args([Arg(Tid(2_201, "%00000899"), - Attrs([Attr("c.layout","[signed : 32]"), Attr("c.data","Top:u32"), -Attr("c.type","signed")]), Var("register_tm_clones_result",Imm(32)), -LOW(32,Var("R0",Imm(64))), Out())]), -Blks([Blk(Tid(737, "@register_tm_clones"), Attrs([Attr("address","0x840")]), - Phis([]), Defs([Def(Tid(740, "%000002e4"), Attrs([Attr("address","0x840"), -Attr("insn","adrp x0, #0x20000")]), Var("R0",Imm(64)), Int(131072,64)), -Def(Tid(746, "%000002ea"), Attrs([Attr("address","0x844"), -Attr("insn","add x0, x0, #0x78")]), Var("R0",Imm(64)), -PLUS(Var("R0",Imm(64)),Int(120,64))), Def(Tid(751, "%000002ef"), - Attrs([Attr("address","0x848"), Attr("insn","adrp x1, #0x20000")]), - Var("R1",Imm(64)), Int(131072,64)), Def(Tid(757, "%000002f5"), - Attrs([Attr("address","0x84C"), Attr("insn","add x1, x1, #0x78")]), - Var("R1",Imm(64)), PLUS(Var("R1",Imm(64)),Int(120,64))), -Def(Tid(764, "%000002fc"), Attrs([Attr("address","0x850"), -Attr("insn","sub x1, x1, x0")]), Var("R1",Imm(64)), -PLUS(PLUS(Var("R1",Imm(64)),NOT(Var("R0",Imm(64)))),Int(1,64))), -Def(Tid(770, "%00000302"), Attrs([Attr("address","0x854"), -Attr("insn","lsr x2, x1, #63")]), Var("R2",Imm(64)), -Concat(Int(0,63),Extract(63,63,Var("R1",Imm(64))))), -Def(Tid(777, "%00000309"), Attrs([Attr("address","0x858"), -Attr("insn","add x1, x2, x1, asr #3")]), Var("R1",Imm(64)), -PLUS(Var("R2",Imm(64)),ARSHIFT(Var("R1",Imm(64)),Int(3,3)))), -Def(Tid(783, "%0000030f"), Attrs([Attr("address","0x85C"), -Attr("insn","asr x1, x1, #1")]), Var("R1",Imm(64)), -SIGNED(64,Extract(63,1,Var("R1",Imm(64)))))]), -Jmps([Goto(Tid(789, "%00000315"), Attrs([Attr("address","0x860"), -Attr("insn","cbz x1, #0x18")]), EQ(Var("R1",Imm(64)),Int(0,64)), -Direct(Tid(787, "%00000313"))), Goto(Tid(2_169, "%00000879"), Attrs([]), - Int(1,1), Direct(Tid(1_304, "%00000518")))])), Blk(Tid(1_304, "%00000518"), - Attrs([Attr("address","0x864")]), Phis([]), -Defs([Def(Tid(1_307, "%0000051b"), Attrs([Attr("address","0x864"), -Attr("insn","adrp x2, #0x1f000")]), Var("R2",Imm(64)), Int(126976,64)), -Def(Tid(1_314, "%00000522"), Attrs([Attr("address","0x868"), -Attr("insn","ldr x2, [x2, #0xfe0]")]), Var("R2",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R2",Imm(64)),Int(4064,64)),LittleEndian(),64))]), -Jmps([Goto(Tid(1_319, "%00000527"), Attrs([Attr("address","0x86C"), -Attr("insn","cbz x2, #0xc")]), EQ(Var("R2",Imm(64)),Int(0,64)), -Direct(Tid(787, "%00000313"))), Goto(Tid(2_170, "%0000087a"), Attrs([]), - Int(1,1), Direct(Tid(1_323, "%0000052b")))])), Blk(Tid(787, "%00000313"), - Attrs([Attr("address","0x878")]), Phis([]), Defs([]), -Jmps([Call(Tid(795, "%0000031b"), Attrs([Attr("address","0x878"), -Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), -Blk(Tid(1_323, "%0000052b"), Attrs([Attr("address","0x870")]), Phis([]), -Defs([Def(Tid(1_327, "%0000052f"), Attrs([Attr("address","0x870"), -Attr("insn","mov x16, x2")]), Var("R16",Imm(64)), Var("R2",Imm(64)))]), -Jmps([Call(Tid(1_332, "%00000534"), Attrs([Attr("address","0x874"), -Attr("insn","br x16")]), Int(1,1), (Indirect(Var("R16",Imm(64))),))]))])), -Sub(Tid(2_127, "@strlen"), - Attrs([Attr("c.proto","unsigned long (*)( const char* s)"), -Attr("pure","()"), Attr("address","0x720"), Attr("stub","()")]), "strlen", - Args([Arg(Tid(2_202, "%0000089a"), Attrs([Attr("nonnull","()"), -Attr("c.layout","*[char : 8]"), Attr("c.data","Top:u8 ptr"), -Attr("c.type"," const char*")]), Var("strlen_s",Imm(64)), Var("R0",Imm(64)), -In()), Arg(Tid(2_203, "%0000089b"), - Attrs([Attr("c.layout","[unsigned long : 64]"), Attr("c.data","Top:u64"), -Attr("c.type","unsigned long")]), Var("strlen_result",Imm(64)), -Var("R0",Imm(64)), Out())]), Blks([Blk(Tid(1_011, "@strlen"), - Attrs([Attr("address","0x720")]), Phis([]), -Defs([Def(Tid(1_644, "%0000066c"), Attrs([Attr("address","0x720"), -Attr("insn","adrp x16, #0x20000")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_651, "%00000673"), Attrs([Attr("address","0x724"), -Attr("insn","ldr x17, [x16, #0x8]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(8,64)),LittleEndian(),64)), -Def(Tid(1_657, "%00000679"), Attrs([Attr("address","0x728"), -Attr("insn","add x16, x16, #0x8")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(8,64)))]), Jmps([Call(Tid(1_662, "%0000067e"), - Attrs([Attr("address","0x72C"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))]))]))) \ No newline at end of file diff --git a/examples/http_parse_basic/example.bil b/examples/http_parse_basic/example.bil deleted file mode 100644 index a0ca2606b..000000000 --- a/examples/http_parse_basic/example.bil +++ /dev/null @@ -1,363 +0,0 @@ -0000087b: program -00000834: sub __cxa_finalize(__cxa_finalize_result) -0000087c: __cxa_finalize_result :: out u32 = low:32[R0] - -00000514: -00000698: R16 := 0x20000 -0000069f: R17 := mem[R16 + 0x18, el]:u64 -000006a5: R16 := R16 + 0x18 -000006aa: call R17 with noreturn - -00000835: sub __do_global_dtors_aux(__do_global_dtors_aux_result) -0000087d: __do_global_dtors_aux_result :: out u32 = low:32[R0] - -0000031f: -00000323: #3 := R31 - 0x20 -00000329: mem := mem with [#3, el]:u64 <- R29 -0000032f: mem := mem with [#3 + 8, el]:u64 <- R30 -00000333: R31 := #3 -00000339: R29 := R31 -00000341: mem := mem with [R31 + 0x10, el]:u64 <- R19 -00000346: R19 := 0x20000 -0000034d: R0 := pad:64[mem[R19 + 0x78]] -00000353: when 0:0[R0] goto %00000351 -00000871: goto %000004dd - -000004dd: -000004e0: R0 := 0x1F000 -000004e7: R0 := mem[R0 + 0xFC8, el]:u64 -000004ed: when R0 = 0 goto %000004eb -00000872: goto %00000504 - -00000504: -00000507: R0 := 0x20000 -0000050e: R0 := mem[R0 + 0x58, el]:u64 -00000513: R30 := 0x8B0 -00000516: call @__cxa_finalize with return %000004eb - -000004eb: -000004f3: R30 := 0x8B4 -000004f5: call @deregister_tm_clones with return %000004f7 - -000004f7: -000004fa: R0 := 1 -00000502: mem := mem with [R19 + 0x78] <- 7:0[R0] -00000873: goto %00000351 - -00000351: -0000035b: R19 := mem[R31 + 0x10, el]:u64 -00000362: R29 := mem[R31, el]:u64 -00000367: R30 := mem[R31 + 8, el]:u64 -0000036b: R31 := R31 + 0x20 -00000370: call R30 with noreturn - -00000839: sub __libc_start_main(__libc_start_main_main, __libc_start_main_arg2, __libc_start_main_arg3, __libc_start_main_auxv, __libc_start_main_result) -0000087e: __libc_start_main_main :: in u64 = R0 -0000087f: __libc_start_main_arg2 :: in u32 = low:32[R1] -00000880: __libc_start_main_arg3 :: in out u64 = R2 -00000881: __libc_start_main_auxv :: in out u64 = R3 -00000882: __libc_start_main_result :: out u32 = low:32[R0] - -00000278: -00000682: R16 := 0x20000 -00000689: R17 := mem[R16 + 0x10, el]:u64 -0000068f: R16 := R16 + 0x10 -00000694: call R17 with noreturn - -0000083a: sub _fini(_fini_result) -00000883: _fini_result :: out u32 = low:32[R0] - -00000020: -00000026: #0 := R31 - 0x10 -0000002c: mem := mem with [#0, el]:u64 <- R29 -00000032: mem := mem with [#0 + 8, el]:u64 <- R30 -00000036: R31 := #0 -0000003c: R29 := R31 -00000043: R29 := mem[R31, el]:u64 -00000048: R30 := mem[R31 + 8, el]:u64 -0000004c: R31 := R31 + 0x10 -00000051: call R30 with noreturn - -0000083b: sub _init(_init_result) -00000884: _init_result :: out u32 = low:32[R0] - -0000074a: -00000750: #6 := R31 - 0x10 -00000756: mem := mem with [#6, el]:u64 <- R29 -0000075c: mem := mem with [#6 + 8, el]:u64 <- R30 -00000760: R31 := #6 -00000766: R29 := R31 -0000076b: R30 := 0x6E8 -0000076d: call @call_weak_fn with return %0000076f - -0000076f: -00000774: R29 := mem[R31, el]:u64 -00000779: R30 := mem[R31 + 8, el]:u64 -0000077d: R31 := R31 + 0x10 -00000782: call R30 with noreturn - -0000083c: sub _start(_start_result) -00000885: _start_result :: out u32 = low:32[R0] - -00000239: -0000023e: R29 := 0 -00000243: R30 := 0 -00000249: R5 := R0 -00000250: R1 := mem[R31, el]:u64 -00000256: R2 := R31 + 8 -0000025c: R6 := R31 -00000261: R0 := 0x1F000 -00000268: R0 := mem[R0 + 0xFD8, el]:u64 -0000026d: R3 := 0 -00000272: R4 := 0 -00000277: R30 := 0x7F0 -0000027a: call @__libc_start_main with return %0000027c - -0000027c: -0000027f: R30 := 0x7F4 -00000282: call @abort with return %00000874 - -00000874: -00000875: call @call_weak_fn with noreturn - -0000083f: sub abort() - - -00000280: -000006f0: R16 := 0x20000 -000006f7: R17 := mem[R16 + 0x38, el]:u64 -000006fd: R16 := R16 + 0x38 -00000702: call R17 with noreturn - -00000840: sub call_weak_fn(call_weak_fn_result) -00000886: call_weak_fn_result :: out u32 = low:32[R0] - -00000284: -00000287: R0 := 0x1F000 -0000028e: R0 := mem[R0 + 0xFD0, el]:u64 -00000294: when R0 = 0 goto %00000292 -00000876: goto %00000554 - -00000292: -0000029a: call R30 with noreturn - -00000554: -00000557: goto @__gmon_start__ - -00000555: -000006da: R16 := 0x20000 -000006e1: R17 := mem[R16 + 0x30, el]:u64 -000006e7: R16 := R16 + 0x30 -000006ec: call R17 with noreturn - -00000842: sub deregister_tm_clones(deregister_tm_clones_result) -00000887: deregister_tm_clones_result :: out u32 = low:32[R0] - -000002a0: -000002a3: R0 := 0x20000 -000002a9: R0 := R0 + 0x78 -000002ae: R1 := 0x20000 -000002b4: R1 := R1 + 0x78 -000002ba: #1 := ~R0 -000002bf: #2 := R1 + ~R0 -000002c5: VF := extend:65[#2 + 1] <> extend:65[R1] + extend:65[#1] + 1 -000002cb: CF := pad:65[#2 + 1] <> pad:65[R1] + pad:65[#1] + 1 -000002cf: ZF := #2 + 1 = 0 -000002d3: NF := 63:63[#2 + 1] -000002d9: when ZF goto %000002d7 -00000877: goto %00000536 - -00000536: -00000539: R1 := 0x1F000 -00000540: R1 := mem[R1 + 0xFC0, el]:u64 -00000545: when R1 = 0 goto %000002d7 -00000878: goto %00000549 - -000002d7: -000002df: call R30 with noreturn - -00000549: -0000054d: R16 := R1 -00000552: call R16 with noreturn - -00000845: sub frame_dummy(frame_dummy_result) -00000888: frame_dummy_result :: out u32 = low:32[R0] - -00000376: -00000378: call @register_tm_clones with noreturn - -00000846: sub free(free_ptr) -00000889: free_ptr :: in out u64 = R0 - -000004b8: -0000071c: R16 := 0x20000 -00000723: R17 := mem[R16 + 0x48, el]:u64 -00000729: R16 := R16 + 0x48 -0000072e: call R17 with noreturn - -00000847: sub main(main_argc, main_argv, main_result) -0000088a: main_argc :: in u32 = low:32[R0] -0000088b: main_argv :: in out u64 = R1 -0000088c: main_result :: out u32 = low:32[R0] - -0000037a: -0000037e: #4 := R31 - 0x30 -00000384: mem := mem with [#4, el]:u64 <- R29 -0000038a: mem := mem with [#4 + 8, el]:u64 <- R30 -0000038e: R31 := #4 -00000394: R29 := R31 -0000039c: mem := mem with [R31 + 0x10, el]:u64 <- R19 -000003a3: mem := mem with [R31 + 0x28, el]:u64 <- 0 -000003aa: mem := mem with [R31 + 0x20, el]:u64 <- 0 -000003af: R0 := 0xB -000003b4: R30 := 0x8F0 -000003b7: call @malloc with return %000003b9 - -000003b9: -000003bd: R1 := R0 -000003c2: R0 := 0x20000 -000003c8: R0 := R0 + 0x80 -000003d0: mem := mem with [R0, el]:u64 <- R1 -000003d5: R0 := 0x20000 -000003db: R0 := R0 + 0x80 -000003e2: R19 := mem[R0, el]:u64 -000003e7: R0 := 0x20000 -000003ed: R0 := R0 + 0x68 -000003f2: R30 := 0x918 -000003f5: call @strlen with return %000003f7 - -000003f7: -000003fb: R2 := R0 -00000400: R0 := 0x20000 -00000406: R1 := R0 + 0x68 -0000040c: R0 := R19 -00000411: R30 := 0x92C -00000414: call @memcpy with return %00000416 - -00000416: -00000419: R0 := 0x20000 -0000041f: R0 := R0 + 0x80 -00000426: R0 := mem[R0, el]:u64 -0000042b: R30 := 0x93C -0000042e: call @puts with return %00000430 - -00000430: -00000433: R0 := 0x20000 -00000439: R0 := R0 + 0x80 -00000440: R0 := mem[R0, el]:u64 -00000446: R0 := R0 + 2 -0000044e: mem := mem with [R31 + 0x28, el]:u64 <- R0 -00000455: R0 := mem[R31 + 0x28, el]:u64 -0000045c: mem := mem with [R0] <- 0 -00000461: R0 := 0x20000 -00000467: R0 := R0 + 0x80 -0000046e: R19 := mem[R0, el]:u64 -00000473: R0 := 0x20000 -00000479: R0 := R0 + 0x80 -00000480: R0 := mem[R0, el]:u64 -00000485: R30 := 0x974 -00000487: call @strlen with return %00000489 - -00000489: -0000048d: R2 := R0 -00000492: R1 := 1 -00000498: R0 := R19 -0000049d: R30 := 0x984 -000004a0: call @memset with return %000004a2 - -000004a2: -000004a5: R0 := 0x20000 -000004ab: R0 := R0 + 0x80 -000004b2: R0 := mem[R0, el]:u64 -000004b7: R30 := 0x994 -000004ba: call @free with return %000004bc - -000004bc: -000004bf: R0 := 0 -000004c6: R19 := mem[R31 + 0x10, el]:u64 -000004cd: R29 := mem[R31, el]:u64 -000004d2: R30 := mem[R31 + 8, el]:u64 -000004d6: R31 := R31 + 0x30 -000004db: call R30 with noreturn - -00000848: sub malloc(malloc_size, malloc_result) -0000088d: malloc_size :: in u64 = R0 -0000088e: malloc_result :: out u64 = R0 - -000003b5: -000006ae: R16 := 0x20000 -000006b5: R17 := mem[R16 + 0x20, el]:u64 -000006bb: R16 := R16 + 0x20 -000006c0: call R17 with noreturn - -00000849: sub memcpy(memcpy_dst, memcpy_src, memcpy_n, memcpy_result) -0000088f: memcpy_dst :: in out u64 = R0 -00000890: memcpy_src :: in out u64 = R1 -00000891: memcpy_n :: in u64 = R2 -00000892: memcpy_result :: out u64 = R0 - -00000412: -00000656: R16 := 0x20000 -0000065d: R17 := mem[R16, el]:u64 -00000663: R16 := R16 -00000668: call R17 with noreturn - -0000084a: sub memset(memset_buf, memset_c, memset_n, memset_result) -00000893: memset_buf :: in out u64 = R0 -00000894: memset_c :: in u32 = low:32[R1] -00000895: memset_n :: in u64 = R2 -00000896: memset_result :: out u64 = R0 - -0000049e: -000006c4: R16 := 0x20000 -000006cb: R17 := mem[R16 + 0x28, el]:u64 -000006d1: R16 := R16 + 0x28 -000006d6: call R17 with noreturn - -0000084b: sub puts(puts_s, puts_result) -00000897: puts_s :: in u64 = R0 -00000898: puts_result :: out u32 = low:32[R0] - -0000042c: -00000706: R16 := 0x20000 -0000070d: R17 := mem[R16 + 0x40, el]:u64 -00000713: R16 := R16 + 0x40 -00000718: call R17 with noreturn - -0000084c: sub register_tm_clones(register_tm_clones_result) -00000899: register_tm_clones_result :: out u32 = low:32[R0] - -000002e1: -000002e4: R0 := 0x20000 -000002ea: R0 := R0 + 0x78 -000002ef: R1 := 0x20000 -000002f5: R1 := R1 + 0x78 -000002fc: R1 := R1 + ~R0 + 1 -00000302: R2 := 0.63:63[R1] -00000309: R1 := R2 + (R1 ~>> 3) -0000030f: R1 := extend:64[63:1[R1]] -00000315: when R1 = 0 goto %00000313 -00000879: goto %00000518 - -00000518: -0000051b: R2 := 0x1F000 -00000522: R2 := mem[R2 + 0xFE0, el]:u64 -00000527: when R2 = 0 goto %00000313 -0000087a: goto %0000052b - -00000313: -0000031b: call R30 with noreturn - -0000052b: -0000052f: R16 := R2 -00000534: call R16 with noreturn - -0000084f: sub strlen(strlen_s, strlen_result) -0000089a: strlen_s :: in u64 = R0 -0000089b: strlen_result :: out u64 = R0 - -000003f3: -0000066c: R16 := 0x20000 -00000673: R17 := mem[R16 + 8, el]:u64 -00000679: R16 := R16 + 8 -0000067e: call R17 with noreturn diff --git a/examples/http_parse_basic/example.bpl.orig b/examples/http_parse_basic/example.bpl.orig deleted file mode 100644 index 1fd507a9d..000000000 --- a/examples/http_parse_basic/example.bpl.orig +++ /dev/null @@ -1,691 +0,0 @@ -var {:extern} Gamma_R0: bool; -var {:extern} Gamma_R1: bool; -var {:extern} Gamma_R16: bool; -var {:extern} Gamma_R17: bool; -var {:extern} Gamma_R2: bool; -var {:extern} Gamma_R29: bool; -var {:extern} Gamma_R30: bool; -var {:extern} Gamma_R31: bool; -var {:extern} Gamma_malloc_base: [bv64]bool; -var {:extern} Gamma_malloc_count: [bv64]bool; -var {:extern} Gamma_malloc_end: [bv64]bool; -var {:extern} Gamma_mem: [bv64]bool; -var {:extern} Gamma_stack: [bv64]bool; -var {:extern} R0: bv64; -var {:extern} R1: bv64; -var {:extern} R16: bv64; -var {:extern} R17: bv64; -var {:extern} R2: bv64; -var {:extern} R29: bv64; -var {:extern} R30: bv64; -var {:extern} R31: bv64; -var {:extern} malloc_base: [bv64]bv8; -var {:extern} malloc_count: [bv64]bv8; -var {:extern} malloc_end: [bv64]bv8; -var {:extern} mem: [bv64]bv8; -var {:extern} stack: [bv64]bv8; -const {:extern} $buf_addr: bv64; -axiom ($buf_addr == 131184bv64); -const {:extern} $password_addr: bv64; -axiom ($password_addr == 131152bv64); -const {:extern} $stext_addr: bv64; -axiom ($stext_addr == 131160bv64); -function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) { - (if ((index == bvadd64($stext_addr, 9bv64)) || ((index == bvadd64($stext_addr, 8bv64)) || ((index == bvadd64($stext_addr, 7bv64)) || ((index == bvadd64($stext_addr, 6bv64)) || ((index == bvadd64($stext_addr, 5bv64)) || ((index == bvadd64($stext_addr, 4bv64)) || ((index == bvadd64($stext_addr, 3bv64)) || ((index == bvadd64($stext_addr, 2bv64)) || ((index == bvadd64($stext_addr, 1bv64)) || (index == bvadd64($stext_addr, 0bv64))))))))))) then true else (if (index == $password_addr) then false else (if (index == $buf_addr) then true else false))) -} - -function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64); -function {:extern} {:bvbuiltin "bvlshr"} bvlshr16(bv16, bv16) returns (bv16); -function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64); -function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64); -function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64); -function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool); -function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool); -function {:inline} byte_extract16_64(value: bv16, offset: bv64) returns (bv8) { - bvlshr16(value, bvmul64(offset, 8bv64)[16:0])[8:0] -} - -function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) { - bvlshr64(value, bvmul64(offset, 8bv64))[8:0] -} - -function {:extern} gamma_load16(gammaMap: [bv64]bool, index: bv64) returns (bool) { - (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index]) -} - -function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) { - (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index]))) -} - -function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) { - (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index]))))))) -} - -function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool) { - gammaMap[index] -} - -function {:extern} gamma_store16(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) { - (lambda i: bv64 :: ((if in_bounds64(index, 2bv64, i) then value else gammaMap[i]))) -} - -function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) { - (lambda i: bv64 :: ((if in_bounds64(index, 8bv64, i) then value else gammaMap[i]))) -} - -function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) { - gammaMap[index := value] -} - -function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) { - (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len)))) -} - -function {:extern} memory_load16_le(memory: [bv64]bv8, index: bv64) returns (bv16) { - (memory[bvadd64(index, 1bv64)] ++ memory[index]) -} - -function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) { - (memory[bvadd64(index, 7bv64)] ++ (memory[bvadd64(index, 6bv64)] ++ (memory[bvadd64(index, 5bv64)] ++ (memory[bvadd64(index, 4bv64)] ++ (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index]))))))) -} - -function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8) { - memory[index] -} - -function {:extern} memory_store16_le(memory: [bv64]bv8, index: bv64, value: bv16) returns ([bv64]bv8) { - (lambda i: bv64 :: ((if in_bounds64(index, 2bv64, i) then byte_extract16_64(value, bvsub64(i, index)) else memory[i]))) -} - -function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) { - (lambda i: bv64 :: ((if in_bounds64(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i]))) -} - -function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) { - memory[index := value] -} - -function {:extern} {:bvbuiltin "zero_extend 48"} zero_extend48_16(bv16) returns (bv64); -procedure {:extern} rely(); - modifies Gamma_mem, mem; - ensures (mem == old(mem)); - ensures (Gamma_mem == old(Gamma_mem)); - free ensures (memory_load8_le(mem, 2328bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2329bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2330bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2331bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 80bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 84bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131144bv64) == 72bv8); - free ensures (memory_load8_le(mem, 131145bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131146bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131147bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131148bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131149bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131150bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131151bv64) == 0bv8); - -procedure {:extern} rely_transitive() - modifies Gamma_mem, mem; - ensures (mem == old(mem)); - ensures (Gamma_mem == old(Gamma_mem)); -{ - call rely(); - call rely(); -} - -procedure {:extern} rely_reflexive(); - -procedure {:extern} guarantee_reflexive(); - modifies Gamma_mem, mem; - -procedure #free(); - modifies Gamma_R16, Gamma_R17, R16, R17; - requires (forall i : int, j: bv64 :: malloc_base[i] == R0 && (bvuge64(j, R0) && bvult64(j, malloc_end[i])) ==> Gamma_mem[j]); - free requires (memory_load8_le(mem, 2328bv64) == 1bv8); - free requires (memory_load8_le(mem, 2329bv64) == 0bv8); - free requires (memory_load8_le(mem, 2330bv64) == 2bv8); - free requires (memory_load8_le(mem, 2331bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 80bv8); - free requires (memory_load8_le(mem, 130505bv64) == 8bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 0bv8); - free requires (memory_load8_le(mem, 130513bv64) == 8bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 84bv8); - free requires (memory_load8_le(mem, 131033bv64) == 8bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131144bv64) == 72bv8); - free requires (memory_load8_le(mem, 131145bv64) == 0bv8); - free requires (memory_load8_le(mem, 131146bv64) == 2bv8); - free requires (memory_load8_le(mem, 131147bv64) == 0bv8); - free requires (memory_load8_le(mem, 131148bv64) == 0bv8); - free requires (memory_load8_le(mem, 131149bv64) == 0bv8); - free requires (memory_load8_le(mem, 131150bv64) == 0bv8); - free requires (memory_load8_le(mem, 131151bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2328bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2329bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2330bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2331bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 80bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 84bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131144bv64) == 72bv8); - free ensures (memory_load8_le(mem, 131145bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131146bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131147bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131148bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131149bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131150bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131151bv64) == 0bv8); - -procedure main() - modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R2, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R2, R29, R30, R31, malloc_base, malloc_count, malloc_end, mem, stack; - requires (gamma_load8(Gamma_mem, $password_addr) == false); - requires malloc_count == 0; - requires gamma_load32(Gamma_mem, memory_load64_le(mem, $stext_addr)); - requires R31 == 100bv64; - free requires (memory_load8_le(mem, 131136bv64) == 0bv8); - free requires (memory_load8_le(mem, 131137bv64) == 0bv8); - free requires (memory_load8_le(mem, 131138bv64) == 0bv8); - free requires (memory_load8_le(mem, 131139bv64) == 0bv8); - free requires (memory_load8_le(mem, 131140bv64) == 0bv8); - free requires (memory_load8_le(mem, 131141bv64) == 0bv8); - free requires (memory_load8_le(mem, 131142bv64) == 0bv8); - free requires (memory_load8_le(mem, 131143bv64) == 0bv8); - free requires (memory_load8_le(mem, 131144bv64) == 72bv8); - free requires (memory_load8_le(mem, 131145bv64) == 0bv8); - free requires (memory_load8_le(mem, 131146bv64) == 2bv8); - free requires (memory_load8_le(mem, 131147bv64) == 0bv8); - free requires (memory_load8_le(mem, 131148bv64) == 0bv8); - free requires (memory_load8_le(mem, 131149bv64) == 0bv8); - free requires (memory_load8_le(mem, 131150bv64) == 0bv8); - free requires (memory_load8_le(mem, 131151bv64) == 0bv8); - free requires (memory_load8_le(mem, 131152bv64) == 7bv8); - free requires (memory_load8_le(mem, 131153bv64) == 0bv8); - free requires (memory_load8_le(mem, 131154bv64) == 0bv8); - free requires (memory_load8_le(mem, 131155bv64) == 0bv8); - free requires (memory_load8_le(mem, 131156bv64) == 0bv8); - free requires (memory_load8_le(mem, 131157bv64) == 0bv8); - free requires (memory_load8_le(mem, 131158bv64) == 0bv8); - free requires (memory_load8_le(mem, 131159bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 108bv8); - free requires (memory_load8_le(mem, 131161bv64) == 107bv8); - free requires (memory_load8_le(mem, 131162bv64) == 97bv8); - free requires (memory_load8_le(mem, 131163bv64) == 106bv8); - free requires (memory_load8_le(mem, 131164bv64) == 100bv8); - free requires (memory_load8_le(mem, 131165bv64) == 108bv8); - free requires (memory_load8_le(mem, 131166bv64) == 107bv8); - free requires (memory_load8_le(mem, 131167bv64) == 97bv8); - free requires (memory_load8_le(mem, 131168bv64) == 106bv8); - free requires (memory_load8_le(mem, 131169bv64) == 100bv8); - free requires (memory_load8_le(mem, 2328bv64) == 1bv8); - free requires (memory_load8_le(mem, 2329bv64) == 0bv8); - free requires (memory_load8_le(mem, 2330bv64) == 2bv8); - free requires (memory_load8_le(mem, 2331bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 80bv8); - free requires (memory_load8_le(mem, 130505bv64) == 8bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 0bv8); - free requires (memory_load8_le(mem, 130513bv64) == 8bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 84bv8); - free requires (memory_load8_le(mem, 131033bv64) == 8bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131144bv64) == 72bv8); - free requires (memory_load8_le(mem, 131145bv64) == 0bv8); - free requires (memory_load8_le(mem, 131146bv64) == 2bv8); - free requires (memory_load8_le(mem, 131147bv64) == 0bv8); - free requires (memory_load8_le(mem, 131148bv64) == 0bv8); - free requires (memory_load8_le(mem, 131149bv64) == 0bv8); - free requires (memory_load8_le(mem, 131150bv64) == 0bv8); - free requires (memory_load8_le(mem, 131151bv64) == 0bv8); - free ensures (Gamma_R29 == old(Gamma_R29)); - free ensures (Gamma_R31 == old(Gamma_R31)); - free ensures (R29 == old(R29)); - free ensures (R31 == old(R31)); - free ensures (memory_load8_le(mem, 2328bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2329bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2330bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2331bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 80bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 84bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131144bv64) == 72bv8); - free ensures (memory_load8_le(mem, 131145bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131146bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131147bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131148bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131149bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131150bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131151bv64) == 0bv8); -{ - var #4: bv64; - var Gamma_#4: bool; - lmain: - assume {:captureState "lmain"} true; - #4, Gamma_#4 := bvadd64(R31, 18446744073709551584bv64), Gamma_R31; - stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29); - assume {:captureState "%00000364"} true; - stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30); - assume {:captureState "%0000036a"} true; - R31, Gamma_R31 := #4, Gamma_#4; - R29, Gamma_R29 := R31, Gamma_R31; - stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 24bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31, 24bv64), true); - assume {:captureState "%0000037b"} true; - stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), true); - assume {:captureState "%00000382"} true; - R0, Gamma_R0 := 10bv64, true; - R30, Gamma_R30 := 2156bv64, true; - call malloc(); - goto l00000391; - l00000391: - assume {:captureState "l00000391"} true; - R1, Gamma_R1 := R0, Gamma_R0; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 112bv64), Gamma_R0; - call rely(); - assert (L(mem, R0) ==> Gamma_R1); - mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1); - assume {:captureState "%000003a8"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 112bv64), Gamma_R0; - call rely(); - R2, Gamma_R2 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0)); - R0, Gamma_R0 := 131072bv64, true; - R1, Gamma_R1 := bvadd64(R0, 88bv64), Gamma_R0; - R0, Gamma_R0 := R2, Gamma_R2; - call rely(); - R2, Gamma_R2 := memory_load64_le(mem, R1), (gamma_load64(Gamma_mem, R1) || L(mem, R1)); - call rely(); - assert (L(mem, R0) ==> Gamma_R2); - mem, Gamma_mem := memory_store64_le(mem, R0, R2), gamma_store64(Gamma_mem, R0, Gamma_R2); - assume {:captureState "%000003da"} true; - call rely(); - R1, Gamma_R1 := zero_extend48_16(memory_load16_le(mem, bvadd64(R1, 8bv64))), (gamma_load16(Gamma_mem, bvadd64(R1, 8bv64)) || L(mem, bvadd64(R1, 8bv64))); - call rely(); - assert (L(mem, bvadd64(R0, 8bv64)) ==> Gamma_R1); - mem, Gamma_mem := memory_store16_le(mem, bvadd64(R0, 8bv64), R1[16:0]), gamma_store16(Gamma_mem, bvadd64(R0, 8bv64), Gamma_R1); - assume {:captureState "%000003e9"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 112bv64), Gamma_R0; - call rely(); - R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0)); - R30, Gamma_R30 := 2228bv64, true; - call puts(); - goto l00000405; - l00000405: - assume {:captureState "l00000405"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 112bv64), Gamma_R0; - call rely(); - R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0)); - R0, Gamma_R0 := bvadd64(R0, 1bv64), Gamma_R0; - stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 24bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R0); - assume {:captureState "%00000423"} true; - R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64)); - call rely(); - assert (L(mem, R0) ==> true); - mem, Gamma_mem := memory_store8_le(mem, R0, 0bv8), gamma_store8(Gamma_mem, R0, true); - assume {:captureState "%00000431"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 112bv64), Gamma_R0; - call rely(); - R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0)); - R2, Gamma_R2 := 10bv64, true; - R1, Gamma_R1 := 1bv64, true; - R30, Gamma_R30 := 2280bv64, true; - call memset(); - goto l00000457; - l00000457: - assume {:captureState "l00000457"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 112bv64), Gamma_R0; - call rely(); - R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0)); - R30, Gamma_R30 := 2296bv64, true; - call #free(); - goto l00000471; - l00000471: - assume {:captureState "l00000471"} true; - R0, Gamma_R0 := 0bv64, true; - R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31); - R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64)); - R31, Gamma_R31 := bvadd64(R31, 32bv64), Gamma_R31; - return; -} - -procedure malloc(); - modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, R0, R16, R17, malloc_base, malloc_count, malloc_end; - requires bvugt64(R0, 0bv64); - requires Gamma_R0 == true; - free requires (memory_load8_le(mem, 2328bv64) == 1bv8); - free requires (memory_load8_le(mem, 2329bv64) == 0bv8); - free requires (memory_load8_le(mem, 2330bv64) == 2bv8); - free requires (memory_load8_le(mem, 2331bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 80bv8); - free requires (memory_load8_le(mem, 130505bv64) == 8bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 0bv8); - free requires (memory_load8_le(mem, 130513bv64) == 8bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 84bv8); - free requires (memory_load8_le(mem, 131033bv64) == 8bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131144bv64) == 72bv8); - free requires (memory_load8_le(mem, 131145bv64) == 0bv8); - free requires (memory_load8_le(mem, 131146bv64) == 2bv8); - free requires (memory_load8_le(mem, 131147bv64) == 0bv8); - free requires (memory_load8_le(mem, 131148bv64) == 0bv8); - free requires (memory_load8_le(mem, 131149bv64) == 0bv8); - free requires (memory_load8_le(mem, 131150bv64) == 0bv8); - free requires (memory_load8_le(mem, 131151bv64) == 0bv8); - ensures (((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))) && (memory_load8_le(mem, $stext_addr) == old(memory_load8_le(mem, $stext_addr)))); - ensures Gamma_R0 == true; - ensures malloc_count == old(malloc_count) + 1; - ensures bvugt64(malloc_end[malloc_count], malloc_base[malloc_count]); - ensures R0 == malloc_base[malloc_count]; - ensures malloc_end[malloc_count] == bvadd64(R0, old(R0)); - ensures (forall i: int :: i != malloc_count ==> bvugt64(malloc_base[malloc_count], malloc_end[i]) || bvult64(malloc_end[malloc_count], malloc_base[i])); - ensures (forall i: int :: i != malloc_count ==> malloc_base[i] == old(malloc_base[i]) && malloc_end[i] == old(malloc_end[i])); - ensures bvuge64(R0, 100000000bv64); - ensures (forall i : bv64 :: (bvuge64(i, R0) && bvult64(i, bvadd64(R0, old(R0)))) ==> (Gamma_mem[i] && gamma_load8(Gamma_mem, i))); - free ensures (memory_load8_le(mem, 2328bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2329bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2330bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2331bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 80bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 84bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131144bv64) == 72bv8); - free ensures (memory_load8_le(mem, 131145bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131146bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131147bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131148bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131149bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131150bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131151bv64) == 0bv8); - -procedure memset(); - modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; - requires Gamma_R1; - free requires (memory_load8_le(mem, 2328bv64) == 1bv8); - free requires (memory_load8_le(mem, 2329bv64) == 0bv8); - free requires (memory_load8_le(mem, 2330bv64) == 2bv8); - free requires (memory_load8_le(mem, 2331bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 80bv8); - free requires (memory_load8_le(mem, 130505bv64) == 8bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 0bv8); - free requires (memory_load8_le(mem, 130513bv64) == 8bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 84bv8); - free requires (memory_load8_le(mem, 131033bv64) == 8bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131144bv64) == 72bv8); - free requires (memory_load8_le(mem, 131145bv64) == 0bv8); - free requires (memory_load8_le(mem, 131146bv64) == 2bv8); - free requires (memory_load8_le(mem, 131147bv64) == 0bv8); - free requires (memory_load8_le(mem, 131148bv64) == 0bv8); - free requires (memory_load8_le(mem, 131149bv64) == 0bv8); - free requires (memory_load8_le(mem, 131150bv64) == 0bv8); - free requires (memory_load8_le(mem, 131151bv64) == 0bv8); - ensures (((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))) && (memory_load8_le(mem, $stext_addr) == old(memory_load8_le(mem, $stext_addr)))); - ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then Gamma_R1 else old(gamma_load8(Gamma_mem, i)))); - ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i)))); - free ensures (memory_load8_le(mem, 2328bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2329bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2330bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2331bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 80bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 84bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131144bv64) == 72bv8); - free ensures (memory_load8_le(mem, 131145bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131146bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131147bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131148bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131149bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131150bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131151bv64) == 0bv8); - -procedure puts(); - modifies Gamma_R16, Gamma_R17, R16, R17; - free requires (memory_load8_le(mem, 2328bv64) == 1bv8); - free requires (memory_load8_le(mem, 2329bv64) == 0bv8); - free requires (memory_load8_le(mem, 2330bv64) == 2bv8); - free requires (memory_load8_le(mem, 2331bv64) == 0bv8); - free requires (memory_load8_le(mem, 130504bv64) == 80bv8); - free requires (memory_load8_le(mem, 130505bv64) == 8bv8); - free requires (memory_load8_le(mem, 130506bv64) == 0bv8); - free requires (memory_load8_le(mem, 130507bv64) == 0bv8); - free requires (memory_load8_le(mem, 130508bv64) == 0bv8); - free requires (memory_load8_le(mem, 130509bv64) == 0bv8); - free requires (memory_load8_le(mem, 130510bv64) == 0bv8); - free requires (memory_load8_le(mem, 130511bv64) == 0bv8); - free requires (memory_load8_le(mem, 130512bv64) == 0bv8); - free requires (memory_load8_le(mem, 130513bv64) == 8bv8); - free requires (memory_load8_le(mem, 130514bv64) == 0bv8); - free requires (memory_load8_le(mem, 130515bv64) == 0bv8); - free requires (memory_load8_le(mem, 130516bv64) == 0bv8); - free requires (memory_load8_le(mem, 130517bv64) == 0bv8); - free requires (memory_load8_le(mem, 130518bv64) == 0bv8); - free requires (memory_load8_le(mem, 130519bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 84bv8); - free requires (memory_load8_le(mem, 131033bv64) == 8bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131144bv64) == 72bv8); - free requires (memory_load8_le(mem, 131145bv64) == 0bv8); - free requires (memory_load8_le(mem, 131146bv64) == 2bv8); - free requires (memory_load8_le(mem, 131147bv64) == 0bv8); - free requires (memory_load8_le(mem, 131148bv64) == 0bv8); - free requires (memory_load8_le(mem, 131149bv64) == 0bv8); - free requires (memory_load8_le(mem, 131150bv64) == 0bv8); - free requires (memory_load8_le(mem, 131151bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2328bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2329bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2330bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2331bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130504bv64) == 80bv8); - free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130512bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 84bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131144bv64) == 72bv8); - free ensures (memory_load8_le(mem, 131145bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131146bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131147bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131148bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131149bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131150bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131151bv64) == 0bv8); diff --git a/examples/http_parse_basic/example.bpl.rej b/examples/http_parse_basic/example.bpl.rej deleted file mode 100644 index 1a0590f5c..000000000 --- a/examples/http_parse_basic/example.bpl.rej +++ /dev/null @@ -1,12 +0,0 @@ ---- example.bpl 2023-11-15 10:21:51.302483904 +1000 -+++ examplesetcommented.bpl 2023-11-15 10:22:53.783375817 +1000 -@@ -395,7 +395,8 @@ - R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64)); - call rely(); - assert (L(mem, R0) ==> true); -- mem, Gamma_mem := memory_store8_le(mem, R0, 0bv8), gamma_store8(Gamma_mem, R0, true); -+ // commented out -+ // mem, Gamma_mem := memory_store8_le(mem, R0, 0bv8), gamma_store8(Gamma_mem, R0, true); - assume {:captureState "%00000418"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 120bv64), Gamma_R0; diff --git a/examples/http_parse_basic/example.c b/examples/http_parse_basic/example.c deleted file mode 100644 index 025c55729..000000000 --- a/examples/http_parse_basic/example.c +++ /dev/null @@ -1,37 +0,0 @@ -#include -#include -#include - -#define MALLOC_SIZE 4 -// times out with 64 bit buffer - -// cntlm 22 - -char *buf; -char password = 7; // secret value; has to be a variable so that we get a Gamma_password variable -char stext[11] = "helloo"; - - - -int main() { - char *pos = NULL, *dom = NULL; - - - //memset(stext, 'h', 10); - // stext[5] = password; - buf = malloc(11); - // it only verifies if memcpy is the WHOLE string - memcpy(buf, stext, strlen(stext)); // inlined by -O2 - - puts(buf); - - // find the split between username and password ("username:password") - pos = buf + 2; - - // including this makes verification fail - *pos = 0; - - memset(buf, 1, strlen(buf)); - free(buf); // requires secret[i] == true -} - diff --git a/examples/http_parse_basic/example.model b/examples/http_parse_basic/example.model deleted file mode 100644 index 3b8377d11..000000000 --- a/examples/http_parse_basic/example.model +++ /dev/null @@ -1,802 +0,0 @@ -*** MODEL -#4 -> -#4@0 -> 52bv64 -$buf_addr -> 131200bv64 -$password_addr -> 131168bv64 -$stext_addr -> 131176bv64 -Gamma_#4 -> -Gamma_malloc_base -> -Gamma_malloc_base@0 -> -Gamma_malloc_count -> -Gamma_malloc_count@0 -> -Gamma_malloc_end -> -Gamma_malloc_end@0 -> -Gamma_malloc_id -> -Gamma_mem -> |T@[bv64]Bool!val!0| -Gamma_mem@0 -> |T@[bv64]Bool!val!0| -Gamma_mem@1 -> |T@[bv64]Bool!val!7| -Gamma_mem@10 -> |T@[bv64]Bool!val!11| -Gamma_mem@11 -> |T@[bv64]Bool!val!11| -Gamma_mem@2 -> |T@[bv64]Bool!val!7| -Gamma_mem@3 -> |T@[bv64]Bool!val!8| -Gamma_mem@4 -> |T@[bv64]Bool!val!8| -Gamma_mem@5 -> |T@[bv64]Bool!val!8| -Gamma_mem@6 -> |T@[bv64]Bool!val!8| -Gamma_mem@7 -> |T@[bv64]Bool!val!10| -Gamma_mem@8 -> |T@[bv64]Bool!val!10| -Gamma_mem@9 -> |T@[bv64]Bool!val!10| -Gamma_R0 -> -Gamma_R0@0 -> true -Gamma_R0@1 -> true -Gamma_R0@2 -> true -Gamma_R0@3 -> true -Gamma_R0@4 -> true -Gamma_R0@5 -> true -Gamma_R0@6 -> true -Gamma_R0@7 -> true -Gamma_R1 -> -Gamma_R16 -> -Gamma_R16@0 -> -Gamma_R16@1 -> -Gamma_R16@2 -> -Gamma_R16@3 -> -Gamma_R16@4 -> -Gamma_R16@5 -> -Gamma_R17 -> -Gamma_R17@0 -> -Gamma_R17@1 -> -Gamma_R17@2 -> -Gamma_R17@3 -> -Gamma_R17@4 -> -Gamma_R17@5 -> -Gamma_R19 -> false -Gamma_R19@0 -> true -Gamma_R19@1 -> true -Gamma_R2 -> -Gamma_R29 -> false -Gamma_R30 -> false -Gamma_R31 -> -Gamma_stack -> |T@[bv64]Bool!val!1| -Gamma_stack@0 -> |T@[bv64]Bool!val!2| -Gamma_stack@1 -> |T@[bv64]Bool!val!3| -Gamma_stack@2 -> |T@[bv64]Bool!val!4| -Gamma_stack@3 -> |T@[bv64]Bool!val!5| -Gamma_stack@4 -> |T@[bv64]Bool!val!6| -Gamma_stack@5 -> |T@[bv64]Bool!val!9| -malloc_base -> -malloc_base@0 -> |T@[Int]bv64!val!0| -malloc_count -> 0 -malloc_count@0 -> 1 -malloc_end -> -malloc_end@0 -> |T@[Int]bv64!val!1| -malloc_id -> -mem -> |T@[bv64]bv8!val!0| -mem@0 -> |T@[bv64]bv8!val!0| -mem@1 -> |T@[bv64]bv8!val!7| -mem@10 -> |T@[bv64]bv8!val!11| -mem@11 -> |T@[bv64]bv8!val!11| -mem@2 -> |T@[bv64]bv8!val!7| -mem@3 -> |T@[bv64]bv8!val!8| -mem@4 -> |T@[bv64]bv8!val!8| -mem@5 -> |T@[bv64]bv8!val!8| -mem@6 -> |T@[bv64]bv8!val!8| -mem@7 -> |T@[bv64]bv8!val!10| -mem@8 -> |T@[bv64]bv8!val!10| -mem@9 -> |T@[bv64]bv8!val!10| -R0 -> -R0@0 -> 72058143793741822bv64 -R0@1 -> 131200bv64 -R0@10 -> 72058143793741824bv64 -R0@11 -> 131200bv64 -R0@12 -> 131200bv64 -R0@13 -> 72058143793741822bv64 -R0@14 -> 2bv64 -R0@15 -> 131200bv64 -R0@16 -> 72058143793741822bv64 -R0@2 -> 131200bv64 -R0@3 -> 131176bv64 -R0@4 -> 8bv64 -R0@5 -> 131200bv64 -R0@6 -> 72058143793741822bv64 -R0@7 -> 131200bv64 -R0@8 -> 72058143793741822bv64 -R0@9 -> 72058143793741824bv64 -R1 -> -R1@0 -> 131176bv64 -R16 -> -R16@0 -> -R16@1 -> -R16@2 -> -R16@3 -> -R16@4 -> -R16@5 -> -R17 -> -R17@0 -> -R17@1 -> -R17@2 -> -R17@3 -> -R17@4 -> -R17@5 -> -R19 -> 0bv64 -R19@0 -> 72058143793741822bv64 -R19@1 -> 72058143793741822bv64 -R2 -> -R29 -> 0bv64 -R30 -> 0bv64 -R31 -> 100bv64 -stack -> |T@[bv64]bv8!val!1| -stack@0 -> |T@[bv64]bv8!val!2| -stack@1 -> |T@[bv64]bv8!val!3| -stack@2 -> |T@[bv64]bv8!val!4| -stack@3 -> |T@[bv64]bv8!val!5| -stack@4 -> |T@[bv64]bv8!val!6| -stack@5 -> |T@[bv64]bv8!val!9| -ControlFlow -> { - 0 2 -> (- 1) - 0 8 -> 2 - else -> 8 -} -gamma_load32 -> { - else -> true -} -gamma_load64 -> { - else -> true -} -gamma_load8 -> { - |T@[bv64]Bool!val!0| 131168bv64 -> false - |T@[bv64]Bool!val!10| 72058143793741828bv64 -> false - |T@[bv64]Bool!val!7| 131182bv64 -> false - |T@[bv64]Bool!val!8| 131182bv64 -> false - else -> true -} -gamma_store64 -> { - |T@[bv64]Bool!val!0| 131200bv64 true -> |T@[bv64]Bool!val!7| - |T@[bv64]Bool!val!2| 60bv64 false -> |T@[bv64]Bool!val!3| - |T@[bv64]Bool!val!3| 68bv64 false -> |T@[bv64]Bool!val!4| - |T@[bv64]Bool!val!4| 92bv64 true -> |T@[bv64]Bool!val!5| - |T@[bv64]Bool!val!5| 84bv64 true -> |T@[bv64]Bool!val!6| - |T@[bv64]Bool!val!6| 92bv64 true -> |T@[bv64]Bool!val!9| - else -> |T@[bv64]Bool!val!2| -} -gamma_store8 -> { - else -> |T@[bv64]Bool!val!10| -} -memory_load64_le -> { - |T@[bv64]bv8!val!0| 131176bv64 -> 122524351096168bv64 - |T@[bv64]bv8!val!9| 92bv64 -> 72058143793741824bv64 - else -> 72058143793741822bv64 -} -memory_load8_le -> { - |T@[bv64]bv8!val!0| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!0| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!0| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!0| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!0| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!0| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!0| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!0| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!0| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!0| 131176bv64 -> 104bv8 - |T@[bv64]bv8!val!0| 131177bv64 -> 101bv8 - |T@[bv64]bv8!val!0| 131178bv64 -> 108bv8 - |T@[bv64]bv8!val!0| 131179bv64 -> 108bv8 - |T@[bv64]bv8!val!0| 131180bv64 -> 111bv8 - |T@[bv64]bv8!val!0| 131181bv64 -> 111bv8 - |T@[bv64]bv8!val!0| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!0| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!10| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!10| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!10| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!10| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!10| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!10| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!10| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!10| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!10| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!10| 131200bv64 -> 254bv8 - |T@[bv64]bv8!val!10| 131201bv64 -> 255bv8 - |T@[bv64]bv8!val!10| 131202bv64 -> 255bv8 - |T@[bv64]bv8!val!10| 131203bv64 -> 255bv8 - |T@[bv64]bv8!val!10| 131204bv64 -> 127bv8 - |T@[bv64]bv8!val!10| 131207bv64 -> 1bv8 - |T@[bv64]bv8!val!10| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!10| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!11| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!11| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!11| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!11| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!11| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!11| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!11| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!11| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!11| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!11| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!11| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!7| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!7| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!7| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!7| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!7| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!7| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!7| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!7| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!7| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!7| 131200bv64 -> 254bv8 - |T@[bv64]bv8!val!7| 131201bv64 -> 255bv8 - |T@[bv64]bv8!val!7| 131202bv64 -> 255bv8 - |T@[bv64]bv8!val!7| 131203bv64 -> 255bv8 - |T@[bv64]bv8!val!7| 131204bv64 -> 127bv8 - |T@[bv64]bv8!val!7| 131207bv64 -> 1bv8 - |T@[bv64]bv8!val!7| 18374685929916072154bv64 -> 64bv8 - |T@[bv64]bv8!val!7| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!7| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!8| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!8| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!8| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!8| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!8| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!8| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!8| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!8| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!8| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!8| 18374685929916072154bv64 -> 64bv8 - |T@[bv64]bv8!val!8| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!8| 2490bv64 -> 2bv8 - else -> 0bv8 -} -memory_store64_le -> { - |T@[bv64]bv8!val!0| 131200bv64 72058143793741822bv64 -> |T@[bv64]bv8!val!7| - |T@[bv64]bv8!val!2| 60bv64 0bv64 -> |T@[bv64]bv8!val!3| - |T@[bv64]bv8!val!3| 68bv64 0bv64 -> |T@[bv64]bv8!val!4| - |T@[bv64]bv8!val!4| 92bv64 0bv64 -> |T@[bv64]bv8!val!5| - |T@[bv64]bv8!val!5| 84bv64 0bv64 -> |T@[bv64]bv8!val!6| - |T@[bv64]bv8!val!6| 92bv64 72058143793741824bv64 -> |T@[bv64]bv8!val!9| - else -> |T@[bv64]bv8!val!2| -} -memory_store8_le -> { - else -> |T@[bv64]bv8!val!10| -} -Select__T@[bv64]Bool_ -> { - |T@[bv64]Bool!val!0| 131168bv64 -> false - |T@[bv64]Bool!val!0| 131182bv64 -> false - |T@[bv64]Bool!val!10| 72058143793741828bv64 -> false - |T@[bv64]Bool!val!11| 72058143793741828bv64 -> false - |T@[bv64]Bool!val!12| 52bv64 -> false - |T@[bv64]Bool!val!13| 53bv64 -> false - |T@[bv64]Bool!val!14| 54bv64 -> false - |T@[bv64]Bool!val!15| 55bv64 -> false - |T@[bv64]Bool!val!16| 56bv64 -> false - |T@[bv64]Bool!val!17| 57bv64 -> false - |T@[bv64]Bool!val!18| 58bv64 -> false - |T@[bv64]Bool!val!19| 60bv64 -> false - |T@[bv64]Bool!val!2| 59bv64 -> false - |T@[bv64]Bool!val!20| 61bv64 -> false - |T@[bv64]Bool!val!21| 62bv64 -> false - |T@[bv64]Bool!val!22| 63bv64 -> false - |T@[bv64]Bool!val!23| 64bv64 -> false - |T@[bv64]Bool!val!24| 65bv64 -> false - |T@[bv64]Bool!val!25| 66bv64 -> false - |T@[bv64]Bool!val!26| 68bv64 -> false - |T@[bv64]Bool!val!27| 69bv64 -> false - |T@[bv64]Bool!val!28| 70bv64 -> false - |T@[bv64]Bool!val!29| 71bv64 -> false - |T@[bv64]Bool!val!3| 67bv64 -> false - |T@[bv64]Bool!val!30| 72bv64 -> false - |T@[bv64]Bool!val!31| 73bv64 -> false - |T@[bv64]Bool!val!32| 74bv64 -> false - |T@[bv64]Bool!val!4| 75bv64 -> false - |T@[bv64]Bool!val!47| 131182bv64 -> false - |T@[bv64]Bool!val!48| 131182bv64 -> false - |T@[bv64]Bool!val!49| 131182bv64 -> false - |T@[bv64]Bool!val!50| 131182bv64 -> false - |T@[bv64]Bool!val!51| 131182bv64 -> false - |T@[bv64]Bool!val!52| 131182bv64 -> false - |T@[bv64]Bool!val!53| 131182bv64 -> false - |T@[bv64]Bool!val!7| 131182bv64 -> false - |T@[bv64]Bool!val!8| 131182bv64 -> false - |T@[bv64]Bool!val!8| 72058143793741828bv64 -> false - else -> true -} -Select__T@[bv64]bv8_ -> { - |T@[bv64]bv8!val!0| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!0| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!0| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!0| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!0| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!0| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!0| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!0| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!0| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!0| 131176bv64 -> 104bv8 - |T@[bv64]bv8!val!0| 131177bv64 -> 101bv8 - |T@[bv64]bv8!val!0| 131178bv64 -> 108bv8 - |T@[bv64]bv8!val!0| 131179bv64 -> 108bv8 - |T@[bv64]bv8!val!0| 131180bv64 -> 111bv8 - |T@[bv64]bv8!val!0| 131181bv64 -> 111bv8 - |T@[bv64]bv8!val!0| 18374685929916072154bv64 -> 64bv8 - |T@[bv64]bv8!val!0| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!0| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!10| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!10| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!10| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!10| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!10| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!10| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!10| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!10| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!10| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!10| 131200bv64 -> 254bv8 - |T@[bv64]bv8!val!10| 131201bv64 -> 255bv8 - |T@[bv64]bv8!val!10| 131202bv64 -> 255bv8 - |T@[bv64]bv8!val!10| 131203bv64 -> 255bv8 - |T@[bv64]bv8!val!10| 131204bv64 -> 127bv8 - |T@[bv64]bv8!val!10| 131207bv64 -> 1bv8 - |T@[bv64]bv8!val!10| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!10| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!11| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!11| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!11| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!11| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!11| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!11| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!11| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!11| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!11| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!11| 131200bv64 -> 254bv8 - |T@[bv64]bv8!val!11| 131201bv64 -> 255bv8 - |T@[bv64]bv8!val!11| 131202bv64 -> 255bv8 - |T@[bv64]bv8!val!11| 131203bv64 -> 255bv8 - |T@[bv64]bv8!val!11| 131204bv64 -> 127bv8 - |T@[bv64]bv8!val!11| 131207bv64 -> 1bv8 - |T@[bv64]bv8!val!11| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!11| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!47| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!47| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!47| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!47| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!47| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!47| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!47| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!47| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!47| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!47| 131200bv64 -> 254bv8 - |T@[bv64]bv8!val!47| 18374685929916072154bv64 -> 64bv8 - |T@[bv64]bv8!val!47| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!47| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!48| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!48| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!48| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!48| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!48| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!48| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!48| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!48| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!48| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!48| 131200bv64 -> 254bv8 - |T@[bv64]bv8!val!48| 131201bv64 -> 255bv8 - |T@[bv64]bv8!val!48| 18374685929916072154bv64 -> 64bv8 - |T@[bv64]bv8!val!48| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!48| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!49| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!49| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!49| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!49| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!49| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!49| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!49| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!49| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!49| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!49| 131200bv64 -> 254bv8 - |T@[bv64]bv8!val!49| 131201bv64 -> 255bv8 - |T@[bv64]bv8!val!49| 131202bv64 -> 255bv8 - |T@[bv64]bv8!val!49| 18374685929916072154bv64 -> 64bv8 - |T@[bv64]bv8!val!49| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!49| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!50| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!50| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!50| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!50| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!50| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!50| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!50| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!50| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!50| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!50| 131200bv64 -> 254bv8 - |T@[bv64]bv8!val!50| 131201bv64 -> 255bv8 - |T@[bv64]bv8!val!50| 131202bv64 -> 255bv8 - |T@[bv64]bv8!val!50| 131203bv64 -> 255bv8 - |T@[bv64]bv8!val!50| 18374685929916072154bv64 -> 64bv8 - |T@[bv64]bv8!val!50| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!50| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!51| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!51| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!51| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!51| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!51| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!51| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!51| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!51| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!51| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!51| 131200bv64 -> 254bv8 - |T@[bv64]bv8!val!51| 131201bv64 -> 255bv8 - |T@[bv64]bv8!val!51| 131202bv64 -> 255bv8 - |T@[bv64]bv8!val!51| 131203bv64 -> 255bv8 - |T@[bv64]bv8!val!51| 131204bv64 -> 127bv8 - |T@[bv64]bv8!val!51| 18374685929916072154bv64 -> 64bv8 - |T@[bv64]bv8!val!51| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!51| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!52| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!52| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!52| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!52| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!52| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!52| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!52| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!52| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!52| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!52| 131200bv64 -> 254bv8 - |T@[bv64]bv8!val!52| 131201bv64 -> 255bv8 - |T@[bv64]bv8!val!52| 131202bv64 -> 255bv8 - |T@[bv64]bv8!val!52| 131203bv64 -> 255bv8 - |T@[bv64]bv8!val!52| 131204bv64 -> 127bv8 - |T@[bv64]bv8!val!52| 18374685929916072154bv64 -> 64bv8 - |T@[bv64]bv8!val!52| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!52| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!53| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!53| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!53| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!53| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!53| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!53| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!53| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!53| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!53| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!53| 131200bv64 -> 254bv8 - |T@[bv64]bv8!val!53| 131201bv64 -> 255bv8 - |T@[bv64]bv8!val!53| 131202bv64 -> 255bv8 - |T@[bv64]bv8!val!53| 131203bv64 -> 255bv8 - |T@[bv64]bv8!val!53| 131204bv64 -> 127bv8 - |T@[bv64]bv8!val!53| 18374685929916072154bv64 -> 64bv8 - |T@[bv64]bv8!val!53| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!53| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!58| 96bv64 -> 128bv8 - |T@[bv64]bv8!val!59| 96bv64 -> 128bv8 - |T@[bv64]bv8!val!60| 96bv64 -> 128bv8 - |T@[bv64]bv8!val!7| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!7| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!7| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!7| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!7| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!7| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!7| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!7| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!7| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!7| 131200bv64 -> 254bv8 - |T@[bv64]bv8!val!7| 131201bv64 -> 255bv8 - |T@[bv64]bv8!val!7| 131202bv64 -> 255bv8 - |T@[bv64]bv8!val!7| 131203bv64 -> 255bv8 - |T@[bv64]bv8!val!7| 131204bv64 -> 127bv8 - |T@[bv64]bv8!val!7| 131207bv64 -> 1bv8 - |T@[bv64]bv8!val!7| 18374685929916072154bv64 -> 64bv8 - |T@[bv64]bv8!val!7| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!7| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!8| 130504bv64 -> 208bv8 - |T@[bv64]bv8!val!8| 130505bv64 -> 8bv8 - |T@[bv64]bv8!val!8| 130512bv64 -> 128bv8 - |T@[bv64]bv8!val!8| 130513bv64 -> 8bv8 - |T@[bv64]bv8!val!8| 131032bv64 -> 212bv8 - |T@[bv64]bv8!val!8| 131033bv64 -> 8bv8 - |T@[bv64]bv8!val!8| 131160bv64 -> 88bv8 - |T@[bv64]bv8!val!8| 131162bv64 -> 2bv8 - |T@[bv64]bv8!val!8| 131168bv64 -> 7bv8 - |T@[bv64]bv8!val!8| 131200bv64 -> 254bv8 - |T@[bv64]bv8!val!8| 131201bv64 -> 255bv8 - |T@[bv64]bv8!val!8| 131202bv64 -> 255bv8 - |T@[bv64]bv8!val!8| 131203bv64 -> 255bv8 - |T@[bv64]bv8!val!8| 131204bv64 -> 127bv8 - |T@[bv64]bv8!val!8| 131207bv64 -> 1bv8 - |T@[bv64]bv8!val!8| 18374685929916072154bv64 -> 64bv8 - |T@[bv64]bv8!val!8| 2488bv64 -> 1bv8 - |T@[bv64]bv8!val!8| 2490bv64 -> 2bv8 - |T@[bv64]bv8!val!9| 96bv64 -> 128bv8 - |T@[bv64]bv8!val!9| 99bv64 -> 1bv8 - else -> 0bv8 -} -Select__T@[Int]bv64_ -> { - |T@[Int]bv64!val!1| 1 -> 72058143793741833bv64 - else -> 72058143793741822bv64 -} -Store__T@[bv64]Bool_ -> { - |T@[bv64]Bool!val!0| 131200bv64 true -> |T@[bv64]Bool!val!47| - |T@[bv64]Bool!val!12| 53bv64 false -> |T@[bv64]Bool!val!13| - |T@[bv64]Bool!val!13| 54bv64 false -> |T@[bv64]Bool!val!14| - |T@[bv64]Bool!val!14| 55bv64 false -> |T@[bv64]Bool!val!15| - |T@[bv64]Bool!val!15| 56bv64 false -> |T@[bv64]Bool!val!16| - |T@[bv64]Bool!val!16| 57bv64 false -> |T@[bv64]Bool!val!17| - |T@[bv64]Bool!val!17| 58bv64 false -> |T@[bv64]Bool!val!18| - |T@[bv64]Bool!val!18| 59bv64 false -> |T@[bv64]Bool!val!2| - |T@[bv64]Bool!val!19| 61bv64 false -> |T@[bv64]Bool!val!20| - |T@[bv64]Bool!val!2| 60bv64 false -> |T@[bv64]Bool!val!19| - |T@[bv64]Bool!val!20| 62bv64 false -> |T@[bv64]Bool!val!21| - |T@[bv64]Bool!val!21| 63bv64 false -> |T@[bv64]Bool!val!22| - |T@[bv64]Bool!val!22| 64bv64 false -> |T@[bv64]Bool!val!23| - |T@[bv64]Bool!val!23| 65bv64 false -> |T@[bv64]Bool!val!24| - |T@[bv64]Bool!val!24| 66bv64 false -> |T@[bv64]Bool!val!25| - |T@[bv64]Bool!val!25| 67bv64 false -> |T@[bv64]Bool!val!3| - |T@[bv64]Bool!val!26| 69bv64 false -> |T@[bv64]Bool!val!27| - |T@[bv64]Bool!val!27| 70bv64 false -> |T@[bv64]Bool!val!28| - |T@[bv64]Bool!val!28| 71bv64 false -> |T@[bv64]Bool!val!29| - |T@[bv64]Bool!val!29| 72bv64 false -> |T@[bv64]Bool!val!30| - |T@[bv64]Bool!val!3| 68bv64 false -> |T@[bv64]Bool!val!26| - |T@[bv64]Bool!val!30| 73bv64 false -> |T@[bv64]Bool!val!31| - |T@[bv64]Bool!val!31| 74bv64 false -> |T@[bv64]Bool!val!32| - |T@[bv64]Bool!val!32| 75bv64 false -> |T@[bv64]Bool!val!4| - |T@[bv64]Bool!val!33| 93bv64 true -> |T@[bv64]Bool!val!34| - |T@[bv64]Bool!val!34| 94bv64 true -> |T@[bv64]Bool!val!35| - |T@[bv64]Bool!val!35| 95bv64 true -> |T@[bv64]Bool!val!36| - |T@[bv64]Bool!val!36| 96bv64 true -> |T@[bv64]Bool!val!37| - |T@[bv64]Bool!val!37| 97bv64 true -> |T@[bv64]Bool!val!38| - |T@[bv64]Bool!val!38| 98bv64 true -> |T@[bv64]Bool!val!39| - |T@[bv64]Bool!val!39| 99bv64 true -> |T@[bv64]Bool!val!5| - |T@[bv64]Bool!val!4| 92bv64 true -> |T@[bv64]Bool!val!33| - |T@[bv64]Bool!val!40| 85bv64 true -> |T@[bv64]Bool!val!41| - |T@[bv64]Bool!val!41| 86bv64 true -> |T@[bv64]Bool!val!42| - |T@[bv64]Bool!val!42| 87bv64 true -> |T@[bv64]Bool!val!43| - |T@[bv64]Bool!val!43| 88bv64 true -> |T@[bv64]Bool!val!44| - |T@[bv64]Bool!val!44| 89bv64 true -> |T@[bv64]Bool!val!45| - |T@[bv64]Bool!val!45| 90bv64 true -> |T@[bv64]Bool!val!46| - |T@[bv64]Bool!val!46| 91bv64 true -> |T@[bv64]Bool!val!6| - |T@[bv64]Bool!val!47| 131201bv64 true -> |T@[bv64]Bool!val!48| - |T@[bv64]Bool!val!48| 131202bv64 true -> |T@[bv64]Bool!val!49| - |T@[bv64]Bool!val!49| 131203bv64 true -> |T@[bv64]Bool!val!50| - |T@[bv64]Bool!val!5| 84bv64 true -> |T@[bv64]Bool!val!40| - |T@[bv64]Bool!val!50| 131204bv64 true -> |T@[bv64]Bool!val!51| - |T@[bv64]Bool!val!51| 131205bv64 true -> |T@[bv64]Bool!val!52| - |T@[bv64]Bool!val!52| 131206bv64 true -> |T@[bv64]Bool!val!53| - |T@[bv64]Bool!val!53| 131207bv64 true -> |T@[bv64]Bool!val!7| - |T@[bv64]Bool!val!54| 93bv64 true -> |T@[bv64]Bool!val!55| - |T@[bv64]Bool!val!55| 94bv64 true -> |T@[bv64]Bool!val!56| - |T@[bv64]Bool!val!56| 95bv64 true -> |T@[bv64]Bool!val!57| - |T@[bv64]Bool!val!57| 96bv64 true -> |T@[bv64]Bool!val!58| - |T@[bv64]Bool!val!58| 97bv64 true -> |T@[bv64]Bool!val!59| - |T@[bv64]Bool!val!59| 98bv64 true -> |T@[bv64]Bool!val!60| - |T@[bv64]Bool!val!6| 92bv64 true -> |T@[bv64]Bool!val!54| - |T@[bv64]Bool!val!60| 99bv64 true -> |T@[bv64]Bool!val!9| - |T@[bv64]Bool!val!8| 72058143793741824bv64 true -> |T@[bv64]Bool!val!10| - else -> |T@[bv64]Bool!val!12| -} -Store__T@[bv64]bv8_ -> { - |T@[bv64]bv8!val!0| 131200bv64 254bv8 -> |T@[bv64]bv8!val!47| - |T@[bv64]bv8!val!12| 53bv64 0bv8 -> |T@[bv64]bv8!val!13| - |T@[bv64]bv8!val!13| 54bv64 0bv8 -> |T@[bv64]bv8!val!14| - |T@[bv64]bv8!val!14| 55bv64 0bv8 -> |T@[bv64]bv8!val!15| - |T@[bv64]bv8!val!15| 56bv64 0bv8 -> |T@[bv64]bv8!val!16| - |T@[bv64]bv8!val!16| 57bv64 0bv8 -> |T@[bv64]bv8!val!17| - |T@[bv64]bv8!val!17| 58bv64 0bv8 -> |T@[bv64]bv8!val!18| - |T@[bv64]bv8!val!18| 59bv64 0bv8 -> |T@[bv64]bv8!val!2| - |T@[bv64]bv8!val!19| 61bv64 0bv8 -> |T@[bv64]bv8!val!20| - |T@[bv64]bv8!val!2| 60bv64 0bv8 -> |T@[bv64]bv8!val!19| - |T@[bv64]bv8!val!20| 62bv64 0bv8 -> |T@[bv64]bv8!val!21| - |T@[bv64]bv8!val!21| 63bv64 0bv8 -> |T@[bv64]bv8!val!22| - |T@[bv64]bv8!val!22| 64bv64 0bv8 -> |T@[bv64]bv8!val!23| - |T@[bv64]bv8!val!23| 65bv64 0bv8 -> |T@[bv64]bv8!val!24| - |T@[bv64]bv8!val!24| 66bv64 0bv8 -> |T@[bv64]bv8!val!25| - |T@[bv64]bv8!val!25| 67bv64 0bv8 -> |T@[bv64]bv8!val!3| - |T@[bv64]bv8!val!26| 69bv64 0bv8 -> |T@[bv64]bv8!val!27| - |T@[bv64]bv8!val!27| 70bv64 0bv8 -> |T@[bv64]bv8!val!28| - |T@[bv64]bv8!val!28| 71bv64 0bv8 -> |T@[bv64]bv8!val!29| - |T@[bv64]bv8!val!29| 72bv64 0bv8 -> |T@[bv64]bv8!val!30| - |T@[bv64]bv8!val!3| 68bv64 0bv8 -> |T@[bv64]bv8!val!26| - |T@[bv64]bv8!val!30| 73bv64 0bv8 -> |T@[bv64]bv8!val!31| - |T@[bv64]bv8!val!31| 74bv64 0bv8 -> |T@[bv64]bv8!val!32| - |T@[bv64]bv8!val!32| 75bv64 0bv8 -> |T@[bv64]bv8!val!4| - |T@[bv64]bv8!val!33| 93bv64 0bv8 -> |T@[bv64]bv8!val!34| - |T@[bv64]bv8!val!34| 94bv64 0bv8 -> |T@[bv64]bv8!val!35| - |T@[bv64]bv8!val!35| 95bv64 0bv8 -> |T@[bv64]bv8!val!36| - |T@[bv64]bv8!val!36| 96bv64 0bv8 -> |T@[bv64]bv8!val!37| - |T@[bv64]bv8!val!37| 97bv64 0bv8 -> |T@[bv64]bv8!val!38| - |T@[bv64]bv8!val!38| 98bv64 0bv8 -> |T@[bv64]bv8!val!39| - |T@[bv64]bv8!val!39| 99bv64 0bv8 -> |T@[bv64]bv8!val!5| - |T@[bv64]bv8!val!4| 92bv64 0bv8 -> |T@[bv64]bv8!val!33| - |T@[bv64]bv8!val!40| 85bv64 0bv8 -> |T@[bv64]bv8!val!41| - |T@[bv64]bv8!val!41| 86bv64 0bv8 -> |T@[bv64]bv8!val!42| - |T@[bv64]bv8!val!42| 87bv64 0bv8 -> |T@[bv64]bv8!val!43| - |T@[bv64]bv8!val!43| 88bv64 0bv8 -> |T@[bv64]bv8!val!44| - |T@[bv64]bv8!val!44| 89bv64 0bv8 -> |T@[bv64]bv8!val!45| - |T@[bv64]bv8!val!45| 90bv64 0bv8 -> |T@[bv64]bv8!val!46| - |T@[bv64]bv8!val!46| 91bv64 0bv8 -> |T@[bv64]bv8!val!6| - |T@[bv64]bv8!val!47| 131201bv64 255bv8 -> |T@[bv64]bv8!val!48| - |T@[bv64]bv8!val!48| 131202bv64 255bv8 -> |T@[bv64]bv8!val!49| - |T@[bv64]bv8!val!49| 131203bv64 255bv8 -> |T@[bv64]bv8!val!50| - |T@[bv64]bv8!val!5| 84bv64 0bv8 -> |T@[bv64]bv8!val!40| - |T@[bv64]bv8!val!50| 131204bv64 127bv8 -> |T@[bv64]bv8!val!51| - |T@[bv64]bv8!val!51| 131205bv64 0bv8 -> |T@[bv64]bv8!val!52| - |T@[bv64]bv8!val!52| 131206bv64 0bv8 -> |T@[bv64]bv8!val!53| - |T@[bv64]bv8!val!53| 131207bv64 1bv8 -> |T@[bv64]bv8!val!7| - |T@[bv64]bv8!val!54| 93bv64 0bv8 -> |T@[bv64]bv8!val!55| - |T@[bv64]bv8!val!55| 94bv64 0bv8 -> |T@[bv64]bv8!val!56| - |T@[bv64]bv8!val!56| 95bv64 0bv8 -> |T@[bv64]bv8!val!57| - |T@[bv64]bv8!val!57| 96bv64 128bv8 -> |T@[bv64]bv8!val!58| - |T@[bv64]bv8!val!58| 97bv64 0bv8 -> |T@[bv64]bv8!val!59| - |T@[bv64]bv8!val!59| 98bv64 0bv8 -> |T@[bv64]bv8!val!60| - |T@[bv64]bv8!val!6| 92bv64 0bv8 -> |T@[bv64]bv8!val!54| - |T@[bv64]bv8!val!60| 99bv64 1bv8 -> |T@[bv64]bv8!val!9| - |T@[bv64]bv8!val!8| 72058143793741824bv64 0bv8 -> |T@[bv64]bv8!val!10| - else -> |T@[bv64]bv8!val!12| -} -tickleBool -> { - else -> true -} -*** STATE - #4 -> - Gamma_#4 -> - Gamma_malloc_base -> - Gamma_malloc_count -> - Gamma_malloc_end -> - Gamma_malloc_id -> - Gamma_mem -> |T@[bv64]Bool!val!0| - Gamma_R0 -> - Gamma_R1 -> - Gamma_R16 -> - Gamma_R17 -> - Gamma_R19 -> false - Gamma_R2 -> - Gamma_R29 -> false - Gamma_R30 -> false - Gamma_R31 -> - Gamma_stack -> |T@[bv64]Bool!val!1| - malloc_base -> - malloc_count -> 0 - malloc_end -> - malloc_id -> - mem -> |T@[bv64]bv8!val!0| - R0 -> - R1 -> - R16 -> - R17 -> - R19 -> 0bv64 - R2 -> - R29 -> 0bv64 - R30 -> 0bv64 - R31 -> 100bv64 - stack -> |T@[bv64]bv8!val!1| -*** END_STATE -*** STATE lmain -*** END_STATE -*** STATE %00000384 - #4 -> 52bv64 - Gamma_#4 -> - Gamma_stack -> |T@[bv64]Bool!val!2| - stack -> |T@[bv64]bv8!val!2| -*** END_STATE -*** STATE %0000038a - Gamma_stack -> |T@[bv64]Bool!val!3| - stack -> |T@[bv64]bv8!val!3| -*** END_STATE -*** STATE %0000039c - Gamma_R29 -> - Gamma_R31 -> - Gamma_stack -> |T@[bv64]Bool!val!4| - R29 -> 52bv64 - R31 -> 52bv64 - stack -> |T@[bv64]bv8!val!4| -*** END_STATE -*** STATE %000003a3 - Gamma_stack -> |T@[bv64]Bool!val!5| - stack -> |T@[bv64]bv8!val!5| -*** END_STATE -*** STATE %000003aa - Gamma_stack -> |T@[bv64]Bool!val!6| - stack -> |T@[bv64]bv8!val!6| -*** END_STATE -*** STATE l000003b9 - Gamma_malloc_base -> - Gamma_malloc_count -> - Gamma_malloc_end -> - Gamma_R0 -> true - Gamma_R16 -> - Gamma_R17 -> - Gamma_R30 -> true - malloc_base -> |T@[Int]bv64!val!0| - malloc_count -> 1 - malloc_end -> |T@[Int]bv64!val!1| - R0 -> 72058143793741822bv64 - R16 -> - R17 -> - R30 -> 2288bv64 -*** END_STATE -*** STATE %000003d0 - Gamma_mem -> |T@[bv64]Bool!val!7| - Gamma_R0 -> true - Gamma_R1 -> true - mem -> |T@[bv64]bv8!val!7| - R0 -> 131200bv64 - R1 -> 72058143793741822bv64 -*** END_STATE -*** STATE l000003f7 - Gamma_mem -> |T@[bv64]Bool!val!7| - Gamma_R0 -> true - Gamma_R16 -> - Gamma_R17 -> - Gamma_R19 -> true - Gamma_R30 -> true - mem -> |T@[bv64]bv8!val!7| - R0 -> 8bv64 - R16 -> - R17 -> - R19 -> 72058143793741822bv64 - R30 -> 2328bv64 -*** END_STATE -*** STATE l00000416 - Gamma_mem -> |T@[bv64]Bool!val!8| - Gamma_R0 -> true - Gamma_R1 -> true - Gamma_R16 -> - Gamma_R17 -> - Gamma_R2 -> true - Gamma_R30 -> true - mem -> |T@[bv64]bv8!val!8| - R0 -> 72058143793741822bv64 - R1 -> 131176bv64 - R16 -> - R17 -> - R2 -> 8bv64 - R30 -> 2348bv64 -*** END_STATE -*** STATE l00000430 - Gamma_mem -> |T@[bv64]Bool!val!8| - Gamma_R0 -> true - Gamma_R16 -> - Gamma_R17 -> - Gamma_R30 -> true - mem -> |T@[bv64]bv8!val!8| - R0 -> 72058143793741822bv64 - R16 -> - R17 -> - R30 -> 2364bv64 -*** END_STATE -*** STATE %0000044e - Gamma_mem -> |T@[bv64]Bool!val!8| - Gamma_R0 -> true - Gamma_stack -> |T@[bv64]Bool!val!9| - mem -> |T@[bv64]bv8!val!8| - R0 -> 72058143793741824bv64 - stack -> |T@[bv64]bv8!val!9| -*** END_STATE -*** STATE %0000045c - Gamma_mem -> |T@[bv64]Bool!val!10| - Gamma_R0 -> true - mem -> |T@[bv64]bv8!val!10| - R0 -> 72058143793741824bv64 -*** END_STATE -*** STATE l00000489 - Gamma_mem -> |T@[bv64]Bool!val!10| - Gamma_R0 -> true - Gamma_R16 -> - Gamma_R17 -> - Gamma_R19 -> true - Gamma_R30 -> true - mem -> |T@[bv64]bv8!val!10| - R0 -> 2bv64 - R16 -> - R17 -> - R19 -> 72058143793741822bv64 - R30 -> 2420bv64 -*** END_STATE -*** STATE l000004a2 - Gamma_mem -> |T@[bv64]Bool!val!11| - Gamma_R0 -> true - Gamma_R1 -> true - Gamma_R16 -> - Gamma_R17 -> - Gamma_R2 -> true - Gamma_R30 -> true - mem -> |T@[bv64]bv8!val!11| - R0 -> 72058143793741822bv64 - R1 -> 1bv64 - R16 -> - R17 -> - R2 -> 2bv64 - R30 -> 2436bv64 -*** END_STATE -*** END_MODEL diff --git a/examples/http_parse_basic/example.relf b/examples/http_parse_basic/example.relf deleted file mode 100644 index 66be10280..000000000 --- a/examples/http_parse_basic/example.relf +++ /dev/null @@ -1,143 +0,0 @@ - -Relocation section '.rela.dyn' at offset 0x528 contains 8 entries: - Offset Info Type Symbol's Value Symbol's Name + Addend -000000000001fdc8 0000000000000403 R_AARCH64_RELATIVE 8d0 -000000000001fdd0 0000000000000403 R_AARCH64_RELATIVE 880 -000000000001ffd8 0000000000000403 R_AARCH64_RELATIVE 8d4 -0000000000020058 0000000000000403 R_AARCH64_RELATIVE 20058 -000000000001ffc0 0000000600000401 R_AARCH64_GLOB_DAT 0000000000000000 _ITM_deregisterTMCloneTable + 0 -000000000001ffc8 0000000700000401 R_AARCH64_GLOB_DAT 0000000000000000 __cxa_finalize@GLIBC_2.17 + 0 -000000000001ffd0 0000000a00000401 R_AARCH64_GLOB_DAT 0000000000000000 __gmon_start__ + 0 -000000000001ffe0 0000000e00000401 R_AARCH64_GLOB_DAT 0000000000000000 _ITM_registerTMCloneTable + 0 - -Relocation section '.rela.plt' at offset 0x5e8 contains 10 entries: - Offset Info Type Symbol's Value Symbol's Name + Addend -0000000000020000 0000000300000402 R_AARCH64_JUMP_SLOT 0000000000000000 memcpy@GLIBC_2.17 + 0 -0000000000020008 0000000400000402 R_AARCH64_JUMP_SLOT 0000000000000000 strlen@GLIBC_2.17 + 0 -0000000000020010 0000000500000402 R_AARCH64_JUMP_SLOT 0000000000000000 __libc_start_main@GLIBC_2.34 + 0 -0000000000020018 0000000700000402 R_AARCH64_JUMP_SLOT 0000000000000000 __cxa_finalize@GLIBC_2.17 + 0 -0000000000020020 0000000800000402 R_AARCH64_JUMP_SLOT 0000000000000000 malloc@GLIBC_2.17 + 0 -0000000000020028 0000000900000402 R_AARCH64_JUMP_SLOT 0000000000000000 memset@GLIBC_2.17 + 0 -0000000000020030 0000000a00000402 R_AARCH64_JUMP_SLOT 0000000000000000 __gmon_start__ + 0 -0000000000020038 0000000b00000402 R_AARCH64_JUMP_SLOT 0000000000000000 abort@GLIBC_2.17 + 0 -0000000000020040 0000000c00000402 R_AARCH64_JUMP_SLOT 0000000000000000 puts@GLIBC_2.17 + 0 -0000000000020048 0000000d00000402 R_AARCH64_JUMP_SLOT 0000000000000000 free@GLIBC_2.17 + 0 - -Symbol table '.dynsym' contains 15 entries: - Num: Value Size Type Bind Vis Ndx Name - 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND - 1: 00000000000006d8 0 SECTION LOCAL DEFAULT 11 .init - 2: 0000000000020050 0 SECTION LOCAL DEFAULT 23 .data - 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND memcpy@GLIBC_2.17 (2) - 4: 0000000000000000 0 FUNC GLOBAL DEFAULT UND strlen@GLIBC_2.17 (2) - 5: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.34 (3) - 6: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable - 7: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.17 (2) - 8: 0000000000000000 0 FUNC GLOBAL DEFAULT UND malloc@GLIBC_2.17 (2) - 9: 0000000000000000 0 FUNC GLOBAL DEFAULT UND memset@GLIBC_2.17 (2) - 10: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ - 11: 0000000000000000 0 FUNC GLOBAL DEFAULT UND abort@GLIBC_2.17 (2) - 12: 0000000000000000 0 FUNC GLOBAL DEFAULT UND puts@GLIBC_2.17 (2) - 13: 0000000000000000 0 FUNC GLOBAL DEFAULT UND free@GLIBC_2.17 (2) - 14: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable - -Symbol table '.symtab' contains 98 entries: - Num: Value Size Type Bind Vis Ndx Name - 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND - 1: 0000000000000238 0 SECTION LOCAL DEFAULT 1 .interp - 2: 0000000000000254 0 SECTION LOCAL DEFAULT 2 .note.gnu.build-id - 3: 0000000000000278 0 SECTION LOCAL DEFAULT 3 .note.ABI-tag - 4: 0000000000000298 0 SECTION LOCAL DEFAULT 4 .gnu.hash - 5: 00000000000002b8 0 SECTION LOCAL DEFAULT 5 .dynsym - 6: 0000000000000420 0 SECTION LOCAL DEFAULT 6 .dynstr - 7: 00000000000004d4 0 SECTION LOCAL DEFAULT 7 .gnu.version - 8: 00000000000004f8 0 SECTION LOCAL DEFAULT 8 .gnu.version_r - 9: 0000000000000528 0 SECTION LOCAL DEFAULT 9 .rela.dyn - 10: 00000000000005e8 0 SECTION LOCAL DEFAULT 10 .rela.plt - 11: 00000000000006d8 0 SECTION LOCAL DEFAULT 11 .init - 12: 00000000000006f0 0 SECTION LOCAL DEFAULT 12 .plt - 13: 00000000000007c0 0 SECTION LOCAL DEFAULT 13 .text - 14: 00000000000009a4 0 SECTION LOCAL DEFAULT 14 .fini - 15: 00000000000009b8 0 SECTION LOCAL DEFAULT 15 .rodata - 16: 00000000000009bc 0 SECTION LOCAL DEFAULT 16 .eh_frame_hdr - 17: 00000000000009f8 0 SECTION LOCAL DEFAULT 17 .eh_frame - 18: 000000000001fdc8 0 SECTION LOCAL DEFAULT 18 .init_array - 19: 000000000001fdd0 0 SECTION LOCAL DEFAULT 19 .fini_array - 20: 000000000001fdd8 0 SECTION LOCAL DEFAULT 20 .dynamic - 21: 000000000001ffb8 0 SECTION LOCAL DEFAULT 21 .got - 22: 000000000001ffe8 0 SECTION LOCAL DEFAULT 22 .got.plt - 23: 0000000000020050 0 SECTION LOCAL DEFAULT 23 .data - 24: 0000000000020078 0 SECTION LOCAL DEFAULT 24 .bss - 25: 0000000000000000 0 SECTION LOCAL DEFAULT 25 .comment - 26: 0000000000000000 0 FILE LOCAL DEFAULT ABS Scrt1.o - 27: 0000000000000278 0 NOTYPE LOCAL DEFAULT 3 $d - 28: 0000000000000278 32 OBJECT LOCAL DEFAULT 3 __abi_tag - 29: 00000000000007c0 0 NOTYPE LOCAL DEFAULT 13 $x - 30: 0000000000000a0c 0 NOTYPE LOCAL DEFAULT 17 $d - 31: 00000000000009b8 0 NOTYPE LOCAL DEFAULT 15 $d - 32: 0000000000000000 0 FILE LOCAL DEFAULT ABS crti.o - 33: 00000000000007f4 0 NOTYPE LOCAL DEFAULT 13 $x - 34: 00000000000007f4 20 FUNC LOCAL DEFAULT 13 call_weak_fn - 35: 00000000000006d8 0 NOTYPE LOCAL DEFAULT 11 $x - 36: 00000000000009a4 0 NOTYPE LOCAL DEFAULT 14 $x - 37: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtn.o - 38: 00000000000006e8 0 NOTYPE LOCAL DEFAULT 11 $x - 39: 00000000000009b0 0 NOTYPE LOCAL DEFAULT 14 $x - 40: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c - 41: 0000000000000810 0 NOTYPE LOCAL DEFAULT 13 $x - 42: 0000000000000810 0 FUNC LOCAL DEFAULT 13 deregister_tm_clones - 43: 0000000000000840 0 FUNC LOCAL DEFAULT 13 register_tm_clones - 44: 0000000000020058 0 NOTYPE LOCAL DEFAULT 23 $d - 45: 0000000000000880 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux - 46: 0000000000020078 1 OBJECT LOCAL DEFAULT 24 completed.0 - 47: 000000000001fdd0 0 NOTYPE LOCAL DEFAULT 19 $d - 48: 000000000001fdd0 0 OBJECT LOCAL DEFAULT 19 __do_global_dtors_aux_fini_array_entry - 49: 00000000000008d0 0 FUNC LOCAL DEFAULT 13 frame_dummy - 50: 000000000001fdc8 0 NOTYPE LOCAL DEFAULT 18 $d - 51: 000000000001fdc8 0 OBJECT LOCAL DEFAULT 18 __frame_dummy_init_array_entry - 52: 0000000000000a20 0 NOTYPE LOCAL DEFAULT 17 $d - 53: 0000000000020078 0 NOTYPE LOCAL DEFAULT 24 $d - 54: 0000000000000000 0 FILE LOCAL DEFAULT ABS example.c - 55: 0000000000020080 0 NOTYPE LOCAL DEFAULT 24 $d - 56: 0000000000020061 0 NOTYPE LOCAL DEFAULT 23 $d - 57: 00000000000008d4 0 NOTYPE LOCAL DEFAULT 13 $x - 58: 0000000000000a80 0 NOTYPE LOCAL DEFAULT 17 $d - 59: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c - 60: 0000000000000aa4 0 NOTYPE LOCAL DEFAULT 17 $d - 61: 0000000000000aa4 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ - 62: 0000000000000000 0 FILE LOCAL DEFAULT ABS - 63: 000000000001fdd8 0 OBJECT LOCAL DEFAULT ABS _DYNAMIC - 64: 00000000000009bc 0 NOTYPE LOCAL DEFAULT 16 __GNU_EH_FRAME_HDR - 65: 000000000001ffb8 0 OBJECT LOCAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_ - 66: 00000000000006f0 0 NOTYPE LOCAL DEFAULT 12 $x - 67: 0000000000000000 0 FUNC GLOBAL DEFAULT UND memcpy@GLIBC_2.17 - 68: 0000000000000000 0 FUNC GLOBAL DEFAULT UND strlen@GLIBC_2.17 - 69: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.34 - 70: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable - 71: 0000000000020050 0 NOTYPE WEAK DEFAULT 23 data_start - 72: 0000000000020073 0 NOTYPE GLOBAL DEFAULT 24 __bss_start__ - 73: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.17 - 74: 0000000000020088 0 NOTYPE GLOBAL DEFAULT 24 _bss_end__ - 75: 0000000000020073 0 NOTYPE GLOBAL DEFAULT 23 _edata - 76: 00000000000009a4 0 FUNC GLOBAL HIDDEN 14 _fini - 77: 0000000000020088 0 NOTYPE GLOBAL DEFAULT 24 __bss_end__ - 78: 0000000000000000 0 FUNC GLOBAL DEFAULT UND malloc@GLIBC_2.17 - 79: 0000000000000000 0 FUNC GLOBAL DEFAULT UND memset@GLIBC_2.17 - 80: 0000000000020060 1 OBJECT GLOBAL DEFAULT 23 password - 81: 0000000000020050 0 NOTYPE GLOBAL DEFAULT 23 __data_start - 82: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ - 83: 0000000000020058 0 OBJECT GLOBAL HIDDEN 23 __dso_handle - 84: 0000000000000000 0 FUNC GLOBAL DEFAULT UND abort@GLIBC_2.17 - 85: 00000000000009b8 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used - 86: 0000000000000000 0 FUNC GLOBAL DEFAULT UND puts@GLIBC_2.17 - 87: 0000000000020088 0 NOTYPE GLOBAL DEFAULT 24 _end - 88: 0000000000000000 0 FUNC GLOBAL DEFAULT UND free@GLIBC_2.17 - 89: 00000000000007c0 52 FUNC GLOBAL DEFAULT 13 _start - 90: 0000000000020080 8 OBJECT GLOBAL DEFAULT 24 buf - 91: 0000000000020088 0 NOTYPE GLOBAL DEFAULT 24 __end__ - 92: 0000000000020068 11 OBJECT GLOBAL DEFAULT 23 stext - 93: 0000000000020073 0 NOTYPE GLOBAL DEFAULT 24 __bss_start - 94: 00000000000008d4 208 FUNC GLOBAL DEFAULT 13 main - 95: 0000000000020078 0 OBJECT GLOBAL HIDDEN 23 __TMC_END__ - 96: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable - 97: 00000000000006d8 0 FUNC GLOBAL HIDDEN 11 _init diff --git a/examples/http_parse_basic/example.spec b/examples/http_parse_basic/example.spec deleted file mode 100644 index c5d06fc4a..000000000 --- a/examples/http_parse_basic/example.spec +++ /dev/null @@ -1,76 +0,0 @@ -Globals: -password: char -buf: long -stext: char[11] - - -DIRECT functions: gamma_load64, gamma_load8, memory_load8_le, bvult64, bvule64, bvsub64, gamma_load32, bvuge64, bvugt64 - - -Subroutine: #free - Requires DIRECT: "(forall i : int, j: bv64 :: (malloc_base[i] == R0 && bvuge64(j, R0) && bvult64(j, malloc_end[i])) ==> Gamma_mem[j])" - -Subroutine: main -Requires DIRECT: "malloc_count == 0" -Requires: Gamma_password == false -Requires DIRECT: "gamma_load32(Gamma_mem, memory_load64_le(mem, $stext_addr))" -Requires DIRECT: "R31 == 100bv64" - -Subroutine: malloc -Modifies: R0, malloc_base, malloc_count, malloc_end -Requires DIRECT: "bvugt64(R0, 0bv64)" -Requires DIRECT: "Gamma_R0 == true" -Ensures: buf == old(buf) && password == old(password) -Ensures DIRECT: "Gamma_R0 == true" -Ensures DIRECT: "malloc_count == old(malloc_count) + 1" -Ensures DIRECT: "bvugt64(malloc_end[malloc_count], malloc_base[malloc_count])" -Ensures DIRECT: "R0 == malloc_base[malloc_count]" -Ensures DIRECT: "malloc_end[malloc_count] == bvadd64(R0, old(R0))" -Ensures DIRECT: "(forall i: int :: i != malloc_count ==> bvugt64(malloc_base[malloc_count], malloc_end[i]) || bvult64(malloc_end[malloc_count], malloc_base[i]))" -Ensures DIRECT: "(forall i: int :: i != malloc_count ==> malloc_base[i] == old(malloc_base[i]) && malloc_end[i] == old(malloc_end[i]))" -Ensures DIRECT: "bvuge64(R0, 100000000bv64)" -// uninitialised memory is low (free ensures since not part of modifies) -Ensures DIRECT: "(forall i : bv64 :: (bvuge64(i, R0) && bvult64(i, bvadd64(R0, old(R0)))) ==> (Gamma_mem[i] && gamma_load8(Gamma_mem, i)))" - - -Subroutine: memcpy - Modifies: mem - // don't overlap (doesnt verify with lambdas) - // Requires DIRECT: "bvugt64(R0, bvadd64(R1, R2)) || bvugt64(R1, bvadd64(R0, R2))" - // don't wrap around (doesnt verify with lambdas) - // Requires DIRECT: "bvugt64(bvadd64(R0, R2), R0) && bvugt64(bvadd64(R1, R2), R1)" - Ensures: buf == old(buf) && password == old(password) - - Ensures DIRECT: "(forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i, bvadd64(R0, R2))) then gamma_load8((Gamma_mem), bvadd64(bvsub64(i, R0), R1)) else old(gamma_load8(Gamma_mem, i))))" - Ensures DIRECT: "(forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then memory_load8_le((mem), bvadd64(bvsub64(i, R0), R1)) else old(memory_load8_le(mem, i))))" -// Ensures DIRECT: "(forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then old(Gamma_mem)[bvadd64(bvsub64(i, R0), R1)] else old(Gamma_mem[i])))" -// Ensures DIRECT: "(forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then old(mem)[bvadd64(bvsub64(i, R0), R1)] else old(mem[i])))" - // outside bounds gets old value - // Ensures DIRECT: "(forall i: bv64 :: {:trigger mem[i]} ((bvult64(i, R0) && bvuge64(bvadd64(R0, R2), i)) ==> (mem[i] == old(memory_load8_le(mem, i)) && Gamma_mem[i] == old(gamma_load8(Gamma_mem, i)))))" - -// forall i <= n, Gamma_mem[R0] low -Subroutine: memset - Modifies: mem - Requires DIRECT: "Gamma_R1" - Ensures: buf == old(buf) && password == old(password) - Ensures DIRECT: "(forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then Gamma_R1 else old(gamma_load8(Gamma_mem, i))))" - // seems to be the same -// Ensures DIRECT: "(forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(mem[i])))" - Ensures DIRECT: "(forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i))))" - - - -Subroutine: strlen - Modifies: R0 -// Requires DIRECT: "(exists i: bv64, j: bv64 :: {:trigger mem[i], memory_store64_le(mem, i, j)} (bvuge64(i, R0) && (mem[i] == 0bv8)))" - Ensures: buf == old(buf) && password == old(password) && stext==old(stext) - Ensures DIRECT: "Gamma_R0 == true" - Ensures DIRECT: "(forall i: bv64 :: (bvule64(old(R0), i)) && (bvult64(i, bvadd64(old(R0), R0))) ==> mem[i] != 0bv8)" -// Ensures DIRECT: "(mem[bvadd64(old(R0), R0)] == 0bv8)" -// Ensures DIRECT: "(bvule64(old(R0), bvadd64(old(R0), R0)))" -// Ensures DIRECT: "(bvult64(old(R0), bvadd64(bvadd64(old(R0), R0), 1bv64)))" -Ensures DIRECT: "(memory_load8_le(mem, bvadd64(old(R0), R0)) == 0bv8)" -Ensures DIRECT: "(bvult64(old(R0), bvadd64(bvadd64(old(R0), R0), 1bv64)))" - - - diff --git a/examples/http_parse_basic/extraspec.bpl b/examples/http_parse_basic/extraspec.bpl deleted file mode 100644 index be56c0989..000000000 --- a/examples/http_parse_basic/extraspec.bpl +++ /dev/null @@ -1,20 +0,0 @@ - -function {:bvbuiltin "bvuge"} bvuge64(bv64, bv64) returns (bool); -function {:bvbuiltin "bvugt"} bvugt64(bv64, bv64) returns (bool); - - -var malloc_count: int; -var malloc_base: [int]bv64; -var malloc_end: [int]bv64; -var malloc_id: [bv64]int; - -var Gamma_malloc_count: bool; -var Gamma_malloc_base: bool; -var Gamma_malloc_end: bool; -var Gamma_malloc_id: bool; - - -// because named wrong in generated file -function {:inline} in_bounds64(base: bv64, len: bv64, i: bv64) returns (bool) { - (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len)))) -} diff --git a/examples/http_parse_basic/patch.diff b/examples/http_parse_basic/patch.diff deleted file mode 100644 index 1a0590f5c..000000000 --- a/examples/http_parse_basic/patch.diff +++ /dev/null @@ -1,12 +0,0 @@ ---- example.bpl 2023-11-15 10:21:51.302483904 +1000 -+++ examplesetcommented.bpl 2023-11-15 10:22:53.783375817 +1000 -@@ -395,7 +395,8 @@ - R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64)); - call rely(); - assert (L(mem, R0) ==> true); -- mem, Gamma_mem := memory_store8_le(mem, R0, 0bv8), gamma_store8(Gamma_mem, R0, true); -+ // commented out -+ // mem, Gamma_mem := memory_store8_le(mem, R0, 0bv8), gamma_store8(Gamma_mem, R0, true); - assume {:captureState "%00000418"} true; - R0, Gamma_R0 := 131072bv64, true; - R0, Gamma_R0 := bvadd64(R0, 120bv64), Gamma_R0; diff --git a/examples/http_parse_basic/simplememcpy.c b/examples/http_parse_basic/simplememcpy.c deleted file mode 100644 index e69de29bb..000000000 diff --git a/examples/http_parse_basic/smtout.log b/examples/http_parse_basic/smtout.log deleted file mode 100644 index b74b65bda..000000000 --- a/examples/http_parse_basic/smtout.log +++ /dev/null @@ -1,1679 +0,0 @@ -(set-option :print-success false) -(set-info :smt-lib-version 2.6) -(set-option :smt.mbqi false) -(set-option :model.compact false) -(set-option :model.v2 true) -(set-option :pp.bv_literals false) -; done setting options - - -(declare-fun tickleBool (Bool) Bool) -(assert (and (tickleBool true) (tickleBool false))) -(declare-fun gamma_store64 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#0| ((_ BitVec 64) (_ BitVec 64) Bool (Array (_ BitVec 64) Bool)) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#1| ((_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (Array (_ BitVec 64) (_ BitVec 8))) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun L ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) Bool) -(declare-fun memory_load64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 64)) -(declare-fun gamma_store8 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun memory_store8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 8)) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun gamma_load64 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load32 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load8 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun $password_addr () (_ BitVec 64)) -(declare-fun $stext_addr () (_ BitVec 64)) -(declare-fun $buf_addr () (_ BitVec 64)) -(declare-fun memory_load8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 8)) -(declare-fun memory_store64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 64)) (Array (_ BitVec 64) (_ BitVec 8))) -(assert (forall ((gammaMap (Array (_ BitVec 64) Bool)) (index (_ BitVec 64)) (value Bool) ) (! (= (gamma_store64 gammaMap index value) (|lambda#0| index #x0000000000000008 value gammaMap)) - :qid |examplebpl.63:34| - :skolemid |4| - :pattern ( (gamma_store64 gammaMap index value)) -))) -(assert (forall ((|l#0| (_ BitVec 64)) (|l#1| (_ BitVec 64)) (|l#2| (_ BitVec 64)) (|l#3| (_ BitVec 64)) (|l#4| (Array (_ BitVec 64) (_ BitVec 8))) (i (_ BitVec 64)) ) (! (= (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i) (ite (ite (bvule |l#0| (bvadd |l#0| |l#1|)) (and (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|))) (or (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|)))) ((_ extract 7 0) (bvlshr |l#2| (bvmul (bvsub i |l#3|) #x0000000000000008))) (select |l#4| i))) - :qid |examplebpl.83:57| - :skolemid |20| - :pattern ( (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i)) -))) -(assert (forall ((memory (Array (_ BitVec 64) (_ BitVec 8))) (index@@0 (_ BitVec 64)) ) (! (= (L memory index@@0) false) - :qid |examplebpl.35:22| - :skolemid |0| - :pattern ( (L memory index@@0)) -))) -(assert (forall ((memory@@0 (Array (_ BitVec 64) (_ BitVec 8))) (index@@1 (_ BitVec 64)) ) (! (= (memory_load64_le memory@@0 index@@1) (concat (select memory@@0 (bvadd index@@1 #x0000000000000007)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000006)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000005)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000004)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000003)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000002)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000001)) (select memory@@0 index@@1))))))))) - :qid |examplebpl.75:37| - :skolemid |6| - :pattern ( (memory_load64_le memory@@0 index@@1)) -))) -(assert (forall ((gammaMap@@0 (Array (_ BitVec 64) Bool)) (index@@2 (_ BitVec 64)) (value@@0 Bool) ) (! (= (gamma_store8 gammaMap@@0 index@@2 value@@0) (store gammaMap@@0 index@@2 value@@0)) - :qid |examplebpl.67:33| - :skolemid |5| - :pattern ( (gamma_store8 gammaMap@@0 index@@2 value@@0)) -))) -(assert (forall ((memory@@1 (Array (_ BitVec 64) (_ BitVec 8))) (index@@3 (_ BitVec 64)) (value@@1 (_ BitVec 8)) ) (! (= (memory_store8_le memory@@1 index@@3 value@@1) (store memory@@1 index@@3 value@@1)) - :qid |examplebpl.87:37| - :skolemid |9| - :pattern ( (memory_store8_le memory@@1 index@@3 value@@1)) -))) -(assert (forall ((|l#0@@0| (_ BitVec 64)) (|l#1@@0| (_ BitVec 64)) (|l#2@@0| Bool) (|l#3@@0| (Array (_ BitVec 64) Bool)) (i@@0 (_ BitVec 64)) ) (! (= (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0) (ite (ite (bvule |l#0@@0| (bvadd |l#0@@0| |l#1@@0|)) (and (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|))) (or (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|)))) |l#2@@0| (select |l#3@@0| i@@0))) - :qid |examplebpl.63:56| - :skolemid |19| - :pattern ( (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0)) -))) -(assert (forall ((gammaMap@@1 (Array (_ BitVec 64) Bool)) (index@@4 (_ BitVec 64)) ) (! (= (gamma_load64 gammaMap@@1 index@@4) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000007)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000006)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000005)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000004)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000003)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000002)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000001)) (select gammaMap@@1 index@@4))))))))) - :qid |examplebpl.55:33| - :skolemid |2| - :pattern ( (gamma_load64 gammaMap@@1 index@@4)) -))) -(assert (forall ((gammaMap@@2 (Array (_ BitVec 64) Bool)) (index@@5 (_ BitVec 64)) ) (! (= (gamma_load32 gammaMap@@2 index@@5) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000003)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000002)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000001)) (select gammaMap@@2 index@@5))))) - :qid |examplebpl.51:33| - :skolemid |1| - :pattern ( (gamma_load32 gammaMap@@2 index@@5)) -))) -(assert (forall ((gammaMap@@3 (Array (_ BitVec 64) Bool)) (index@@6 (_ BitVec 64)) ) (! (= (gamma_load8 gammaMap@@3 index@@6) (select gammaMap@@3 index@@6)) - :qid |examplebpl.59:32| - :skolemid |3| - :pattern ( (gamma_load8 gammaMap@@3 index@@6)) -))) -(assert (= $password_addr #x0000000000020060)) -(assert (= $stext_addr #x0000000000020068)) -(assert (= $buf_addr #x0000000000020080)) -(assert (forall ((memory@@2 (Array (_ BitVec 64) (_ BitVec 8))) (index@@7 (_ BitVec 64)) ) (! (= (memory_load8_le memory@@2 index@@7) (select memory@@2 index@@7)) - :qid |examplebpl.79:36| - :skolemid |7| - :pattern ( (memory_load8_le memory@@2 index@@7)) -))) -(assert (forall ((memory@@3 (Array (_ BitVec 64) (_ BitVec 8))) (index@@8 (_ BitVec 64)) (value@@2 (_ BitVec 64)) ) (! (= (memory_store64_le memory@@3 index@@8 value@@2) (|lambda#1| index@@8 #x0000000000000008 value@@2 index@@8 memory@@3)) - :qid |examplebpl.83:38| - :skolemid |8| - :pattern ( (memory_store64_le memory@@3 index@@8 value@@2)) -))) -(push 1) -(declare-fun ControlFlow (Int Int) Int) -(set-info :boogie-vc-id rely_transitive_split0) -(set-option :timeout 0) -(set-option :rlimit 0) -(assert (not - (=> (= (ControlFlow 0 0) 1) true) -)) -(check-sat) -(pop 1) -; Valid -(get-info :rlimit) -(reset) -(set-option :print-success false) -(set-info :smt-lib-version 2.6) -(set-option :smt.mbqi false) -(set-option :model.compact false) -(set-option :model.v2 true) -(set-option :pp.bv_literals false) -; done setting options - - -(declare-fun tickleBool (Bool) Bool) -(assert (and (tickleBool true) (tickleBool false))) -(declare-fun gamma_store64 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#0| ((_ BitVec 64) (_ BitVec 64) Bool (Array (_ BitVec 64) Bool)) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#1| ((_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (Array (_ BitVec 64) (_ BitVec 8))) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun L ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) Bool) -(declare-fun memory_load64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 64)) -(declare-fun gamma_store8 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun memory_store8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 8)) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun gamma_load64 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load32 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load8 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun $password_addr () (_ BitVec 64)) -(declare-fun $stext_addr () (_ BitVec 64)) -(declare-fun $buf_addr () (_ BitVec 64)) -(declare-fun memory_load8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 8)) -(declare-fun memory_store64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 64)) (Array (_ BitVec 64) (_ BitVec 8))) -(assert (forall ((gammaMap (Array (_ BitVec 64) Bool)) (index (_ BitVec 64)) (value Bool) ) (! (= (gamma_store64 gammaMap index value) (|lambda#0| index #x0000000000000008 value gammaMap)) - :qid |examplebpl.63:34| - :skolemid |4| - :pattern ( (gamma_store64 gammaMap index value)) -))) -(assert (forall ((|l#0| (_ BitVec 64)) (|l#1| (_ BitVec 64)) (|l#2| (_ BitVec 64)) (|l#3| (_ BitVec 64)) (|l#4| (Array (_ BitVec 64) (_ BitVec 8))) (i (_ BitVec 64)) ) (! (= (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i) (ite (ite (bvule |l#0| (bvadd |l#0| |l#1|)) (and (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|))) (or (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|)))) ((_ extract 7 0) (bvlshr |l#2| (bvmul (bvsub i |l#3|) #x0000000000000008))) (select |l#4| i))) - :qid |examplebpl.83:57| - :skolemid |20| - :pattern ( (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i)) -))) -(assert (forall ((memory (Array (_ BitVec 64) (_ BitVec 8))) (index@@0 (_ BitVec 64)) ) (! (= (L memory index@@0) false) - :qid |examplebpl.35:22| - :skolemid |0| - :pattern ( (L memory index@@0)) -))) -(assert (forall ((memory@@0 (Array (_ BitVec 64) (_ BitVec 8))) (index@@1 (_ BitVec 64)) ) (! (= (memory_load64_le memory@@0 index@@1) (concat (select memory@@0 (bvadd index@@1 #x0000000000000007)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000006)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000005)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000004)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000003)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000002)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000001)) (select memory@@0 index@@1))))))))) - :qid |examplebpl.75:37| - :skolemid |6| - :pattern ( (memory_load64_le memory@@0 index@@1)) -))) -(assert (forall ((gammaMap@@0 (Array (_ BitVec 64) Bool)) (index@@2 (_ BitVec 64)) (value@@0 Bool) ) (! (= (gamma_store8 gammaMap@@0 index@@2 value@@0) (store gammaMap@@0 index@@2 value@@0)) - :qid |examplebpl.67:33| - :skolemid |5| - :pattern ( (gamma_store8 gammaMap@@0 index@@2 value@@0)) -))) -(assert (forall ((memory@@1 (Array (_ BitVec 64) (_ BitVec 8))) (index@@3 (_ BitVec 64)) (value@@1 (_ BitVec 8)) ) (! (= (memory_store8_le memory@@1 index@@3 value@@1) (store memory@@1 index@@3 value@@1)) - :qid |examplebpl.87:37| - :skolemid |9| - :pattern ( (memory_store8_le memory@@1 index@@3 value@@1)) -))) -(assert (forall ((|l#0@@0| (_ BitVec 64)) (|l#1@@0| (_ BitVec 64)) (|l#2@@0| Bool) (|l#3@@0| (Array (_ BitVec 64) Bool)) (i@@0 (_ BitVec 64)) ) (! (= (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0) (ite (ite (bvule |l#0@@0| (bvadd |l#0@@0| |l#1@@0|)) (and (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|))) (or (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|)))) |l#2@@0| (select |l#3@@0| i@@0))) - :qid |examplebpl.63:56| - :skolemid |19| - :pattern ( (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0)) -))) -(assert (forall ((gammaMap@@1 (Array (_ BitVec 64) Bool)) (index@@4 (_ BitVec 64)) ) (! (= (gamma_load64 gammaMap@@1 index@@4) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000007)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000006)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000005)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000004)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000003)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000002)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000001)) (select gammaMap@@1 index@@4))))))))) - :qid |examplebpl.55:33| - :skolemid |2| - :pattern ( (gamma_load64 gammaMap@@1 index@@4)) -))) -(assert (forall ((gammaMap@@2 (Array (_ BitVec 64) Bool)) (index@@5 (_ BitVec 64)) ) (! (= (gamma_load32 gammaMap@@2 index@@5) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000003)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000002)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000001)) (select gammaMap@@2 index@@5))))) - :qid |examplebpl.51:33| - :skolemid |1| - :pattern ( (gamma_load32 gammaMap@@2 index@@5)) -))) -(assert (forall ((gammaMap@@3 (Array (_ BitVec 64) Bool)) (index@@6 (_ BitVec 64)) ) (! (= (gamma_load8 gammaMap@@3 index@@6) (select gammaMap@@3 index@@6)) - :qid |examplebpl.59:32| - :skolemid |3| - :pattern ( (gamma_load8 gammaMap@@3 index@@6)) -))) -(assert (= $password_addr #x0000000000020060)) -(assert (= $stext_addr #x0000000000020068)) -(assert (= $buf_addr #x0000000000020080)) -(assert (forall ((memory@@2 (Array (_ BitVec 64) (_ BitVec 8))) (index@@7 (_ BitVec 64)) ) (! (= (memory_load8_le memory@@2 index@@7) (select memory@@2 index@@7)) - :qid |examplebpl.79:36| - :skolemid |7| - :pattern ( (memory_load8_le memory@@2 index@@7)) -))) -(assert (forall ((memory@@3 (Array (_ BitVec 64) (_ BitVec 8))) (index@@8 (_ BitVec 64)) (value@@2 (_ BitVec 64)) ) (! (= (memory_store64_le memory@@3 index@@8 value@@2) (|lambda#1| index@@8 #x0000000000000008 value@@2 index@@8 memory@@3)) - :qid |examplebpl.83:38| - :skolemid |8| - :pattern ( (memory_store64_le memory@@3 index@@8 value@@2)) -))) -; Valid - -(push 1) -(declare-fun ControlFlow (Int Int) Int) -(declare-fun mem@0 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun mem () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@0 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_mem () (Array (_ BitVec 64) Bool)) -(declare-fun mem@1 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@1 () (Array (_ BitVec 64) Bool)) -(set-info :boogie-vc-id rely_transitive_split1) -(set-option :timeout 0) -(set-option :rlimit 0) -(assert (not - (=> (= (ControlFlow 0 0) 3) (let ((anon0_correct (=> (= mem@0 mem) (=> (and (and (= Gamma_mem@0 Gamma_mem) (= (memory_load8_le mem@0 #x00000000000009b8) #x01)) (and (= (memory_load8_le mem@0 #x00000000000009b9) #x00) (= (memory_load8_le mem@0 #x00000000000009ba) #x02))) (=> (and (and (and (= (memory_load8_le mem@0 #x00000000000009bb) #x00) (= (memory_load8_le mem@0 #x000000000001fdc8) #xd0)) (and (= (memory_load8_le mem@0 #x000000000001fdc9) #x08) (= (memory_load8_le mem@0 #x000000000001fdca) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001fdcb) #x00) (= (memory_load8_le mem@0 #x000000000001fdcc) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdcd) #x00) (= (memory_load8_le mem@0 #x000000000001fdce) #x00)))) (=> (and (and (and (and (and (and (= (memory_load8_le mem@0 #x000000000001fdcf) #x00) (= (memory_load8_le mem@0 #x000000000001fdd0) #x80)) (and (= (memory_load8_le mem@0 #x000000000001fdd1) #x08) (= (memory_load8_le mem@0 #x000000000001fdd2) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001fdd3) #x00) (= (memory_load8_le mem@0 #x000000000001fdd4) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdd5) #x00) (= (memory_load8_le mem@0 #x000000000001fdd6) #x00)))) (and (and (and (= (memory_load8_le mem@0 #x000000000001fdd7) #x00) (= (memory_load8_le mem@0 #x000000000001ffd8) #xd4)) (and (= (memory_load8_le mem@0 #x000000000001ffd9) #x08) (= (memory_load8_le mem@0 #x000000000001ffda) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001ffdb) #x00) (= (memory_load8_le mem@0 #x000000000001ffdc) #x00)) (and (= (memory_load8_le mem@0 #x000000000001ffdd) #x00) (= (memory_load8_le mem@0 #x000000000001ffde) #x00))))) (and (and (and (and (= (memory_load8_le mem@0 #x000000000001ffdf) #x00) (= (memory_load8_le mem@0 #x0000000000020058) #x58)) (and (= (memory_load8_le mem@0 #x0000000000020059) #x00) (= (memory_load8_le mem@0 #x000000000002005a) #x02))) (and (and (= (memory_load8_le mem@0 #x000000000002005b) #x00) (= (memory_load8_le mem@0 #x000000000002005c) #x00)) (and (= (memory_load8_le mem@0 #x000000000002005d) #x00) (= (memory_load8_le mem@0 #x000000000002005e) #x00)))) (and (and (and (= (memory_load8_le mem@0 #x000000000002005f) #x00) (= mem@1 mem@0)) (and (= Gamma_mem@1 Gamma_mem@0) (= (memory_load8_le mem@1 #x00000000000009b8) #x01))) (and (and (= (memory_load8_le mem@1 #x00000000000009b9) #x00) (= (memory_load8_le mem@1 #x00000000000009ba) #x02)) (and (= (memory_load8_le mem@1 #x00000000000009bb) #x00) (= (memory_load8_le mem@1 #x000000000001fdc8) #xd0)))))) (and (and (and (and (and (= (memory_load8_le mem@1 #x000000000001fdc9) #x08) (= (memory_load8_le mem@1 #x000000000001fdca) #x00)) (and (= (memory_load8_le mem@1 #x000000000001fdcb) #x00) (= (memory_load8_le mem@1 #x000000000001fdcc) #x00))) (and (and (= (memory_load8_le mem@1 #x000000000001fdcd) #x00) (= (memory_load8_le mem@1 #x000000000001fdce) #x00)) (and (= (memory_load8_le mem@1 #x000000000001fdcf) #x00) (= (memory_load8_le mem@1 #x000000000001fdd0) #x80)))) (and (and (and (= (memory_load8_le mem@1 #x000000000001fdd1) #x08) (= (memory_load8_le mem@1 #x000000000001fdd2) #x00)) (and (= (memory_load8_le mem@1 #x000000000001fdd3) #x00) (= (memory_load8_le mem@1 #x000000000001fdd4) #x00))) (and (and (= (memory_load8_le mem@1 #x000000000001fdd5) #x00) (= (memory_load8_le mem@1 #x000000000001fdd6) #x00)) (and (= (memory_load8_le mem@1 #x000000000001fdd7) #x00) (= (memory_load8_le mem@1 #x000000000001ffd8) #xd4))))) (and (and (and (and (= (memory_load8_le mem@1 #x000000000001ffd9) #x08) (= (memory_load8_le mem@1 #x000000000001ffda) #x00)) (and (= (memory_load8_le mem@1 #x000000000001ffdb) #x00) (= (memory_load8_le mem@1 #x000000000001ffdc) #x00))) (and (and (= (memory_load8_le mem@1 #x000000000001ffdd) #x00) (= (memory_load8_le mem@1 #x000000000001ffde) #x00)) (and (= (memory_load8_le mem@1 #x000000000001ffdf) #x00) (= (memory_load8_le mem@1 #x0000000000020058) #x58)))) (and (and (and (= (memory_load8_le mem@1 #x0000000000020059) #x00) (= (memory_load8_le mem@1 #x000000000002005a) #x02)) (and (= (memory_load8_le mem@1 #x000000000002005b) #x00) (= (memory_load8_le mem@1 #x000000000002005c) #x00))) (and (and (= (memory_load8_le mem@1 #x000000000002005d) #x00) (= (memory_load8_le mem@1 #x000000000002005e) #x00)) (and (= (memory_load8_le mem@1 #x000000000002005f) #x00) (= (ControlFlow 0 2) (- 0 1)))))))) (= mem@1 mem))))))) -(let ((PreconditionGeneratedEntry_correct (=> (= (ControlFlow 0 3) 2) anon0_correct))) -PreconditionGeneratedEntry_correct))) -)) -(check-sat) -(pop 1) -; Valid -(get-info :rlimit) -(reset) -(set-option :print-success false) -(set-info :smt-lib-version 2.6) -(set-option :smt.mbqi false) -(set-option :model.compact false) -(set-option :model.v2 true) -(set-option :pp.bv_literals false) -; done setting options - - -(declare-fun tickleBool (Bool) Bool) -(assert (and (tickleBool true) (tickleBool false))) -(declare-fun gamma_store64 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#0| ((_ BitVec 64) (_ BitVec 64) Bool (Array (_ BitVec 64) Bool)) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#1| ((_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (Array (_ BitVec 64) (_ BitVec 8))) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun L ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) Bool) -(declare-fun memory_load64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 64)) -(declare-fun gamma_store8 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun memory_store8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 8)) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun gamma_load64 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load32 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load8 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun $password_addr () (_ BitVec 64)) -(declare-fun $stext_addr () (_ BitVec 64)) -(declare-fun $buf_addr () (_ BitVec 64)) -(declare-fun memory_load8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 8)) -(declare-fun memory_store64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 64)) (Array (_ BitVec 64) (_ BitVec 8))) -(assert (forall ((gammaMap (Array (_ BitVec 64) Bool)) (index (_ BitVec 64)) (value Bool) ) (! (= (gamma_store64 gammaMap index value) (|lambda#0| index #x0000000000000008 value gammaMap)) - :qid |examplebpl.63:34| - :skolemid |4| - :pattern ( (gamma_store64 gammaMap index value)) -))) -(assert (forall ((|l#0| (_ BitVec 64)) (|l#1| (_ BitVec 64)) (|l#2| (_ BitVec 64)) (|l#3| (_ BitVec 64)) (|l#4| (Array (_ BitVec 64) (_ BitVec 8))) (i (_ BitVec 64)) ) (! (= (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i) (ite (ite (bvule |l#0| (bvadd |l#0| |l#1|)) (and (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|))) (or (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|)))) ((_ extract 7 0) (bvlshr |l#2| (bvmul (bvsub i |l#3|) #x0000000000000008))) (select |l#4| i))) - :qid |examplebpl.83:57| - :skolemid |20| - :pattern ( (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i)) -))) -(assert (forall ((memory (Array (_ BitVec 64) (_ BitVec 8))) (index@@0 (_ BitVec 64)) ) (! (= (L memory index@@0) false) - :qid |examplebpl.35:22| - :skolemid |0| - :pattern ( (L memory index@@0)) -))) -(assert (forall ((memory@@0 (Array (_ BitVec 64) (_ BitVec 8))) (index@@1 (_ BitVec 64)) ) (! (= (memory_load64_le memory@@0 index@@1) (concat (select memory@@0 (bvadd index@@1 #x0000000000000007)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000006)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000005)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000004)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000003)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000002)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000001)) (select memory@@0 index@@1))))))))) - :qid |examplebpl.75:37| - :skolemid |6| - :pattern ( (memory_load64_le memory@@0 index@@1)) -))) -(assert (forall ((gammaMap@@0 (Array (_ BitVec 64) Bool)) (index@@2 (_ BitVec 64)) (value@@0 Bool) ) (! (= (gamma_store8 gammaMap@@0 index@@2 value@@0) (store gammaMap@@0 index@@2 value@@0)) - :qid |examplebpl.67:33| - :skolemid |5| - :pattern ( (gamma_store8 gammaMap@@0 index@@2 value@@0)) -))) -(assert (forall ((memory@@1 (Array (_ BitVec 64) (_ BitVec 8))) (index@@3 (_ BitVec 64)) (value@@1 (_ BitVec 8)) ) (! (= (memory_store8_le memory@@1 index@@3 value@@1) (store memory@@1 index@@3 value@@1)) - :qid |examplebpl.87:37| - :skolemid |9| - :pattern ( (memory_store8_le memory@@1 index@@3 value@@1)) -))) -(assert (forall ((|l#0@@0| (_ BitVec 64)) (|l#1@@0| (_ BitVec 64)) (|l#2@@0| Bool) (|l#3@@0| (Array (_ BitVec 64) Bool)) (i@@0 (_ BitVec 64)) ) (! (= (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0) (ite (ite (bvule |l#0@@0| (bvadd |l#0@@0| |l#1@@0|)) (and (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|))) (or (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|)))) |l#2@@0| (select |l#3@@0| i@@0))) - :qid |examplebpl.63:56| - :skolemid |19| - :pattern ( (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0)) -))) -(assert (forall ((gammaMap@@1 (Array (_ BitVec 64) Bool)) (index@@4 (_ BitVec 64)) ) (! (= (gamma_load64 gammaMap@@1 index@@4) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000007)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000006)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000005)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000004)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000003)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000002)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000001)) (select gammaMap@@1 index@@4))))))))) - :qid |examplebpl.55:33| - :skolemid |2| - :pattern ( (gamma_load64 gammaMap@@1 index@@4)) -))) -(assert (forall ((gammaMap@@2 (Array (_ BitVec 64) Bool)) (index@@5 (_ BitVec 64)) ) (! (= (gamma_load32 gammaMap@@2 index@@5) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000003)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000002)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000001)) (select gammaMap@@2 index@@5))))) - :qid |examplebpl.51:33| - :skolemid |1| - :pattern ( (gamma_load32 gammaMap@@2 index@@5)) -))) -(assert (forall ((gammaMap@@3 (Array (_ BitVec 64) Bool)) (index@@6 (_ BitVec 64)) ) (! (= (gamma_load8 gammaMap@@3 index@@6) (select gammaMap@@3 index@@6)) - :qid |examplebpl.59:32| - :skolemid |3| - :pattern ( (gamma_load8 gammaMap@@3 index@@6)) -))) -(assert (= $password_addr #x0000000000020060)) -(assert (= $stext_addr #x0000000000020068)) -(assert (= $buf_addr #x0000000000020080)) -(assert (forall ((memory@@2 (Array (_ BitVec 64) (_ BitVec 8))) (index@@7 (_ BitVec 64)) ) (! (= (memory_load8_le memory@@2 index@@7) (select memory@@2 index@@7)) - :qid |examplebpl.79:36| - :skolemid |7| - :pattern ( (memory_load8_le memory@@2 index@@7)) -))) -(assert (forall ((memory@@3 (Array (_ BitVec 64) (_ BitVec 8))) (index@@8 (_ BitVec 64)) (value@@2 (_ BitVec 64)) ) (! (= (memory_store64_le memory@@3 index@@8 value@@2) (|lambda#1| index@@8 #x0000000000000008 value@@2 index@@8 memory@@3)) - :qid |examplebpl.83:38| - :skolemid |8| - :pattern ( (memory_store64_le memory@@3 index@@8 value@@2)) -))) -; Valid - -(push 1) -(declare-fun ControlFlow (Int Int) Int) -(declare-fun mem@0 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun mem () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@0 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_mem () (Array (_ BitVec 64) Bool)) -(declare-fun mem@1 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@1 () (Array (_ BitVec 64) Bool)) -(set-info :boogie-vc-id rely_transitive_split2) -(set-option :timeout 0) -(set-option :rlimit 0) -(assert (not - (=> (= (ControlFlow 0 0) 3) (let ((anon0_correct (=> (and (= mem@0 mem) (= Gamma_mem@0 Gamma_mem)) (=> (and (and (= (memory_load8_le mem@0 #x00000000000009b8) #x01) (= (memory_load8_le mem@0 #x00000000000009b9) #x00)) (and (= (memory_load8_le mem@0 #x00000000000009ba) #x02) (= (memory_load8_le mem@0 #x00000000000009bb) #x00))) (=> (and (and (and (= (memory_load8_le mem@0 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@0 #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem@0 #x000000000001fdca) #x00) (= (memory_load8_le mem@0 #x000000000001fdcb) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001fdcc) #x00) (= (memory_load8_le mem@0 #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdce) #x00) (= (memory_load8_le mem@0 #x000000000001fdcf) #x00)))) (=> (and (and (and (and (and (and (= (memory_load8_le mem@0 #x000000000001fdd0) #x80) (= (memory_load8_le mem@0 #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem@0 #x000000000001fdd2) #x00) (= (memory_load8_le mem@0 #x000000000001fdd3) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001fdd4) #x00) (= (memory_load8_le mem@0 #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdd6) #x00) (= (memory_load8_le mem@0 #x000000000001fdd7) #x00)))) (and (and (and (= (memory_load8_le mem@0 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@0 #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem@0 #x000000000001ffda) #x00) (= (memory_load8_le mem@0 #x000000000001ffdb) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001ffdc) #x00) (= (memory_load8_le mem@0 #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem@0 #x000000000001ffde) #x00) (= (memory_load8_le mem@0 #x000000000001ffdf) #x00))))) (and (and (and (and (= (memory_load8_le mem@0 #x0000000000020058) #x58) (= (memory_load8_le mem@0 #x0000000000020059) #x00)) (and (= (memory_load8_le mem@0 #x000000000002005a) #x02) (= (memory_load8_le mem@0 #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000002005c) #x00) (= (memory_load8_le mem@0 #x000000000002005d) #x00)) (and (= (memory_load8_le mem@0 #x000000000002005e) #x00) (= (memory_load8_le mem@0 #x000000000002005f) #x00)))) (and (and (and (= mem@1 mem@0) (= Gamma_mem@1 Gamma_mem@0)) (and (= (memory_load8_le mem@1 #x00000000000009b8) #x01) (= (memory_load8_le mem@1 #x00000000000009b9) #x00))) (and (and (= (memory_load8_le mem@1 #x00000000000009ba) #x02) (= (memory_load8_le mem@1 #x00000000000009bb) #x00)) (and (= (memory_load8_le mem@1 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@1 #x000000000001fdc9) #x08)))))) (and (and (and (and (and (= (memory_load8_le mem@1 #x000000000001fdca) #x00) (= (memory_load8_le mem@1 #x000000000001fdcb) #x00)) (and (= (memory_load8_le mem@1 #x000000000001fdcc) #x00) (= (memory_load8_le mem@1 #x000000000001fdcd) #x00))) (and (and (= (memory_load8_le mem@1 #x000000000001fdce) #x00) (= (memory_load8_le mem@1 #x000000000001fdcf) #x00)) (and (= (memory_load8_le mem@1 #x000000000001fdd0) #x80) (= (memory_load8_le mem@1 #x000000000001fdd1) #x08)))) (and (and (and (= (memory_load8_le mem@1 #x000000000001fdd2) #x00) (= (memory_load8_le mem@1 #x000000000001fdd3) #x00)) (and (= (memory_load8_le mem@1 #x000000000001fdd4) #x00) (= (memory_load8_le mem@1 #x000000000001fdd5) #x00))) (and (and (= (memory_load8_le mem@1 #x000000000001fdd6) #x00) (= (memory_load8_le mem@1 #x000000000001fdd7) #x00)) (and (= (memory_load8_le mem@1 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@1 #x000000000001ffd9) #x08))))) (and (and (and (and (= (memory_load8_le mem@1 #x000000000001ffda) #x00) (= (memory_load8_le mem@1 #x000000000001ffdb) #x00)) (and (= (memory_load8_le mem@1 #x000000000001ffdc) #x00) (= (memory_load8_le mem@1 #x000000000001ffdd) #x00))) (and (and (= (memory_load8_le mem@1 #x000000000001ffde) #x00) (= (memory_load8_le mem@1 #x000000000001ffdf) #x00)) (and (= (memory_load8_le mem@1 #x0000000000020058) #x58) (= (memory_load8_le mem@1 #x0000000000020059) #x00)))) (and (and (and (= (memory_load8_le mem@1 #x000000000002005a) #x02) (= (memory_load8_le mem@1 #x000000000002005b) #x00)) (and (= (memory_load8_le mem@1 #x000000000002005c) #x00) (= (memory_load8_le mem@1 #x000000000002005d) #x00))) (and (and (= (memory_load8_le mem@1 #x000000000002005e) #x00) (= (memory_load8_le mem@1 #x000000000002005f) #x00)) (and (= mem@1 mem) (= (ControlFlow 0 2) (- 0 1)))))))) (= Gamma_mem@1 Gamma_mem))))))) -(let ((PreconditionGeneratedEntry_correct (=> (= (ControlFlow 0 3) 2) anon0_correct))) -PreconditionGeneratedEntry_correct))) -)) -(check-sat) -(pop 1) -; Valid -(get-info :rlimit) -(reset) -(set-option :print-success false) -(set-info :smt-lib-version 2.6) -(set-option :smt.mbqi false) -(set-option :model.compact false) -(set-option :model.v2 true) -(set-option :pp.bv_literals false) -; done setting options - - -(declare-fun tickleBool (Bool) Bool) -(assert (and (tickleBool true) (tickleBool false))) -(declare-fun gamma_store64 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#0| ((_ BitVec 64) (_ BitVec 64) Bool (Array (_ BitVec 64) Bool)) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#1| ((_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (Array (_ BitVec 64) (_ BitVec 8))) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun L ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) Bool) -(declare-fun memory_load64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 64)) -(declare-fun gamma_store8 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun memory_store8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 8)) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun gamma_load64 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load32 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load8 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun $password_addr () (_ BitVec 64)) -(declare-fun $stext_addr () (_ BitVec 64)) -(declare-fun $buf_addr () (_ BitVec 64)) -(declare-fun memory_load8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 8)) -(declare-fun memory_store64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 64)) (Array (_ BitVec 64) (_ BitVec 8))) -(assert (forall ((gammaMap (Array (_ BitVec 64) Bool)) (index (_ BitVec 64)) (value Bool) ) (! (= (gamma_store64 gammaMap index value) (|lambda#0| index #x0000000000000008 value gammaMap)) - :qid |examplebpl.63:34| - :skolemid |4| - :pattern ( (gamma_store64 gammaMap index value)) -))) -(assert (forall ((|l#0| (_ BitVec 64)) (|l#1| (_ BitVec 64)) (|l#2| (_ BitVec 64)) (|l#3| (_ BitVec 64)) (|l#4| (Array (_ BitVec 64) (_ BitVec 8))) (i (_ BitVec 64)) ) (! (= (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i) (ite (ite (bvule |l#0| (bvadd |l#0| |l#1|)) (and (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|))) (or (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|)))) ((_ extract 7 0) (bvlshr |l#2| (bvmul (bvsub i |l#3|) #x0000000000000008))) (select |l#4| i))) - :qid |examplebpl.83:57| - :skolemid |20| - :pattern ( (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i)) -))) -(assert (forall ((memory (Array (_ BitVec 64) (_ BitVec 8))) (index@@0 (_ BitVec 64)) ) (! (= (L memory index@@0) false) - :qid |examplebpl.35:22| - :skolemid |0| - :pattern ( (L memory index@@0)) -))) -(assert (forall ((memory@@0 (Array (_ BitVec 64) (_ BitVec 8))) (index@@1 (_ BitVec 64)) ) (! (= (memory_load64_le memory@@0 index@@1) (concat (select memory@@0 (bvadd index@@1 #x0000000000000007)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000006)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000005)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000004)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000003)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000002)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000001)) (select memory@@0 index@@1))))))))) - :qid |examplebpl.75:37| - :skolemid |6| - :pattern ( (memory_load64_le memory@@0 index@@1)) -))) -(assert (forall ((gammaMap@@0 (Array (_ BitVec 64) Bool)) (index@@2 (_ BitVec 64)) (value@@0 Bool) ) (! (= (gamma_store8 gammaMap@@0 index@@2 value@@0) (store gammaMap@@0 index@@2 value@@0)) - :qid |examplebpl.67:33| - :skolemid |5| - :pattern ( (gamma_store8 gammaMap@@0 index@@2 value@@0)) -))) -(assert (forall ((memory@@1 (Array (_ BitVec 64) (_ BitVec 8))) (index@@3 (_ BitVec 64)) (value@@1 (_ BitVec 8)) ) (! (= (memory_store8_le memory@@1 index@@3 value@@1) (store memory@@1 index@@3 value@@1)) - :qid |examplebpl.87:37| - :skolemid |9| - :pattern ( (memory_store8_le memory@@1 index@@3 value@@1)) -))) -(assert (forall ((|l#0@@0| (_ BitVec 64)) (|l#1@@0| (_ BitVec 64)) (|l#2@@0| Bool) (|l#3@@0| (Array (_ BitVec 64) Bool)) (i@@0 (_ BitVec 64)) ) (! (= (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0) (ite (ite (bvule |l#0@@0| (bvadd |l#0@@0| |l#1@@0|)) (and (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|))) (or (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|)))) |l#2@@0| (select |l#3@@0| i@@0))) - :qid |examplebpl.63:56| - :skolemid |19| - :pattern ( (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0)) -))) -(assert (forall ((gammaMap@@1 (Array (_ BitVec 64) Bool)) (index@@4 (_ BitVec 64)) ) (! (= (gamma_load64 gammaMap@@1 index@@4) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000007)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000006)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000005)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000004)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000003)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000002)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000001)) (select gammaMap@@1 index@@4))))))))) - :qid |examplebpl.55:33| - :skolemid |2| - :pattern ( (gamma_load64 gammaMap@@1 index@@4)) -))) -(assert (forall ((gammaMap@@2 (Array (_ BitVec 64) Bool)) (index@@5 (_ BitVec 64)) ) (! (= (gamma_load32 gammaMap@@2 index@@5) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000003)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000002)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000001)) (select gammaMap@@2 index@@5))))) - :qid |examplebpl.51:33| - :skolemid |1| - :pattern ( (gamma_load32 gammaMap@@2 index@@5)) -))) -(assert (forall ((gammaMap@@3 (Array (_ BitVec 64) Bool)) (index@@6 (_ BitVec 64)) ) (! (= (gamma_load8 gammaMap@@3 index@@6) (select gammaMap@@3 index@@6)) - :qid |examplebpl.59:32| - :skolemid |3| - :pattern ( (gamma_load8 gammaMap@@3 index@@6)) -))) -(assert (= $password_addr #x0000000000020060)) -(assert (= $stext_addr #x0000000000020068)) -(assert (= $buf_addr #x0000000000020080)) -(assert (forall ((memory@@2 (Array (_ BitVec 64) (_ BitVec 8))) (index@@7 (_ BitVec 64)) ) (! (= (memory_load8_le memory@@2 index@@7) (select memory@@2 index@@7)) - :qid |examplebpl.79:36| - :skolemid |7| - :pattern ( (memory_load8_le memory@@2 index@@7)) -))) -(assert (forall ((memory@@3 (Array (_ BitVec 64) (_ BitVec 8))) (index@@8 (_ BitVec 64)) (value@@2 (_ BitVec 64)) ) (! (= (memory_store64_le memory@@3 index@@8 value@@2) (|lambda#1| index@@8 #x0000000000000008 value@@2 index@@8 memory@@3)) - :qid |examplebpl.83:38| - :skolemid |8| - :pattern ( (memory_store64_le memory@@3 index@@8 value@@2)) -))) -; Valid - -(push 1) -(declare-fun ControlFlow (Int Int) Int) -(set-info :boogie-vc-id main_split0) -(set-option :timeout 0) -(set-option :rlimit 0) -(assert (not - (=> (= (ControlFlow 0 0) 1) true) -)) -(check-sat) -(pop 1) -; Valid -(get-info :rlimit) -(reset) -(set-option :print-success false) -(set-info :smt-lib-version 2.6) -(set-option :smt.mbqi false) -(set-option :model.compact false) -(set-option :model.v2 true) -(set-option :pp.bv_literals false) -; done setting options - - -(declare-fun tickleBool (Bool) Bool) -(assert (and (tickleBool true) (tickleBool false))) -(declare-fun gamma_store64 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#0| ((_ BitVec 64) (_ BitVec 64) Bool (Array (_ BitVec 64) Bool)) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#1| ((_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (Array (_ BitVec 64) (_ BitVec 8))) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun L ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) Bool) -(declare-fun memory_load64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 64)) -(declare-fun gamma_store8 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun memory_store8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 8)) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun gamma_load64 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load32 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load8 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun $password_addr () (_ BitVec 64)) -(declare-fun $stext_addr () (_ BitVec 64)) -(declare-fun $buf_addr () (_ BitVec 64)) -(declare-fun memory_load8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 8)) -(declare-fun memory_store64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 64)) (Array (_ BitVec 64) (_ BitVec 8))) -(assert (forall ((gammaMap (Array (_ BitVec 64) Bool)) (index (_ BitVec 64)) (value Bool) ) (! (= (gamma_store64 gammaMap index value) (|lambda#0| index #x0000000000000008 value gammaMap)) - :qid |examplebpl.63:34| - :skolemid |4| - :pattern ( (gamma_store64 gammaMap index value)) -))) -(assert (forall ((|l#0| (_ BitVec 64)) (|l#1| (_ BitVec 64)) (|l#2| (_ BitVec 64)) (|l#3| (_ BitVec 64)) (|l#4| (Array (_ BitVec 64) (_ BitVec 8))) (i (_ BitVec 64)) ) (! (= (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i) (ite (ite (bvule |l#0| (bvadd |l#0| |l#1|)) (and (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|))) (or (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|)))) ((_ extract 7 0) (bvlshr |l#2| (bvmul (bvsub i |l#3|) #x0000000000000008))) (select |l#4| i))) - :qid |examplebpl.83:57| - :skolemid |20| - :pattern ( (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i)) -))) -(assert (forall ((memory (Array (_ BitVec 64) (_ BitVec 8))) (index@@0 (_ BitVec 64)) ) (! (= (L memory index@@0) false) - :qid |examplebpl.35:22| - :skolemid |0| - :pattern ( (L memory index@@0)) -))) -(assert (forall ((memory@@0 (Array (_ BitVec 64) (_ BitVec 8))) (index@@1 (_ BitVec 64)) ) (! (= (memory_load64_le memory@@0 index@@1) (concat (select memory@@0 (bvadd index@@1 #x0000000000000007)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000006)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000005)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000004)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000003)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000002)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000001)) (select memory@@0 index@@1))))))))) - :qid |examplebpl.75:37| - :skolemid |6| - :pattern ( (memory_load64_le memory@@0 index@@1)) -))) -(assert (forall ((gammaMap@@0 (Array (_ BitVec 64) Bool)) (index@@2 (_ BitVec 64)) (value@@0 Bool) ) (! (= (gamma_store8 gammaMap@@0 index@@2 value@@0) (store gammaMap@@0 index@@2 value@@0)) - :qid |examplebpl.67:33| - :skolemid |5| - :pattern ( (gamma_store8 gammaMap@@0 index@@2 value@@0)) -))) -(assert (forall ((memory@@1 (Array (_ BitVec 64) (_ BitVec 8))) (index@@3 (_ BitVec 64)) (value@@1 (_ BitVec 8)) ) (! (= (memory_store8_le memory@@1 index@@3 value@@1) (store memory@@1 index@@3 value@@1)) - :qid |examplebpl.87:37| - :skolemid |9| - :pattern ( (memory_store8_le memory@@1 index@@3 value@@1)) -))) -(assert (forall ((|l#0@@0| (_ BitVec 64)) (|l#1@@0| (_ BitVec 64)) (|l#2@@0| Bool) (|l#3@@0| (Array (_ BitVec 64) Bool)) (i@@0 (_ BitVec 64)) ) (! (= (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0) (ite (ite (bvule |l#0@@0| (bvadd |l#0@@0| |l#1@@0|)) (and (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|))) (or (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|)))) |l#2@@0| (select |l#3@@0| i@@0))) - :qid |examplebpl.63:56| - :skolemid |19| - :pattern ( (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0)) -))) -(assert (forall ((gammaMap@@1 (Array (_ BitVec 64) Bool)) (index@@4 (_ BitVec 64)) ) (! (= (gamma_load64 gammaMap@@1 index@@4) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000007)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000006)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000005)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000004)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000003)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000002)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000001)) (select gammaMap@@1 index@@4))))))))) - :qid |examplebpl.55:33| - :skolemid |2| - :pattern ( (gamma_load64 gammaMap@@1 index@@4)) -))) -(assert (forall ((gammaMap@@2 (Array (_ BitVec 64) Bool)) (index@@5 (_ BitVec 64)) ) (! (= (gamma_load32 gammaMap@@2 index@@5) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000003)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000002)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000001)) (select gammaMap@@2 index@@5))))) - :qid |examplebpl.51:33| - :skolemid |1| - :pattern ( (gamma_load32 gammaMap@@2 index@@5)) -))) -(assert (forall ((gammaMap@@3 (Array (_ BitVec 64) Bool)) (index@@6 (_ BitVec 64)) ) (! (= (gamma_load8 gammaMap@@3 index@@6) (select gammaMap@@3 index@@6)) - :qid |examplebpl.59:32| - :skolemid |3| - :pattern ( (gamma_load8 gammaMap@@3 index@@6)) -))) -(assert (= $password_addr #x0000000000020060)) -(assert (= $stext_addr #x0000000000020068)) -(assert (= $buf_addr #x0000000000020080)) -(assert (forall ((memory@@2 (Array (_ BitVec 64) (_ BitVec 8))) (index@@7 (_ BitVec 64)) ) (! (= (memory_load8_le memory@@2 index@@7) (select memory@@2 index@@7)) - :qid |examplebpl.79:36| - :skolemid |7| - :pattern ( (memory_load8_le memory@@2 index@@7)) -))) -(assert (forall ((memory@@3 (Array (_ BitVec 64) (_ BitVec 8))) (index@@8 (_ BitVec 64)) (value@@2 (_ BitVec 64)) ) (! (= (memory_store64_le memory@@3 index@@8 value@@2) (|lambda#1| index@@8 #x0000000000000008 value@@2 index@@8 memory@@3)) - :qid |examplebpl.83:38| - :skolemid |8| - :pattern ( (memory_store64_le memory@@3 index@@8 value@@2)) -))) -; Valid - -(push 1) -(declare-fun ControlFlow (Int Int) Int) -(declare-fun |#4@0| () (_ BitVec 64)) -(declare-fun R31 () (_ BitVec 64)) -(declare-fun stack@0 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun stack () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R29 () (_ BitVec 64)) -(declare-fun Gamma_stack@0 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_stack () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R29 () Bool) -(declare-fun stack@1 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R30 () (_ BitVec 64)) -(declare-fun Gamma_stack@1 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R30 () Bool) -(declare-fun stack@2 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R19 () (_ BitVec 64)) -(declare-fun Gamma_stack@2 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R19 () Bool) -(declare-fun stack@3 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@3 () (Array (_ BitVec 64) Bool)) -(declare-fun stack@4 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@4 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_mem () (Array (_ BitVec 64) Bool)) -(declare-fun malloc_count () Int) -(declare-fun mem () (Array (_ BitVec 64) (_ BitVec 8))) -(set-info :boogie-vc-id main_split1) -(set-option :timeout 0) -(set-option :rlimit 0) -(assert (not - (=> (= (ControlFlow 0 0) 3) (let ((lmain_correct (=> (= |#4@0| (bvadd R31 #xffffffffffffffd0)) (=> (and (and (= stack@0 (memory_store64_le stack |#4@0| R29)) (= Gamma_stack@0 (gamma_store64 Gamma_stack |#4@0| Gamma_R29))) (and (= stack@1 (memory_store64_le stack@0 (bvadd |#4@0| #x0000000000000008) R30)) (= Gamma_stack@1 (gamma_store64 Gamma_stack@0 (bvadd |#4@0| #x0000000000000008) Gamma_R30)))) (=> (and (and (and (= stack@2 (memory_store64_le stack@1 (bvadd |#4@0| #x0000000000000010) R19)) (= Gamma_stack@2 (gamma_store64 Gamma_stack@1 (bvadd |#4@0| #x0000000000000010) Gamma_R19))) (and (= stack@3 (memory_store64_le stack@2 (bvadd |#4@0| #x0000000000000028) #x0000000000000000)) (= Gamma_stack@3 (gamma_store64 Gamma_stack@2 (bvadd |#4@0| #x0000000000000028) true)))) (and (and (= stack@4 (memory_store64_le stack@3 (bvadd |#4@0| #x0000000000000020) #x0000000000000000)) (= Gamma_stack@4 (gamma_store64 Gamma_stack@3 (bvadd |#4@0| #x0000000000000020) true))) (= (ControlFlow 0 2) (- 0 1)))) (bvugt #x000000000000000b #x0000000000000000)))))) -(let ((PreconditionGeneratedEntry_correct (=> (and (and (= (gamma_load8 Gamma_mem $password_addr) false) (= malloc_count 0)) (and (gamma_load32 Gamma_mem (memory_load64_le mem $stext_addr)) (= R31 #x0000000000000064))) (=> (and (and (and (= (memory_load8_le mem #x0000000000020050) #x00) (= (memory_load8_le mem #x0000000000020051) #x00)) (and (= (memory_load8_le mem #x0000000000020052) #x00) (= (memory_load8_le mem #x0000000000020053) #x00))) (and (and (= (memory_load8_le mem #x0000000000020054) #x00) (= (memory_load8_le mem #x0000000000020055) #x00)) (and (= (memory_load8_le mem #x0000000000020056) #x00) (= (memory_load8_le mem #x0000000000020057) #x00)))) (=> (and (and (and (and (and (and (= (memory_load8_le mem #x0000000000020058) #x58) (= (memory_load8_le mem #x0000000000020059) #x00)) (and (= (memory_load8_le mem #x000000000002005a) #x02) (= (memory_load8_le mem #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem #x000000000002005c) #x00) (= (memory_load8_le mem #x000000000002005d) #x00)) (and (= (memory_load8_le mem #x000000000002005e) #x00) (= (memory_load8_le mem #x000000000002005f) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020060) #x07) (= (memory_load8_le mem #x0000000000020061) #x00)) (and (= (memory_load8_le mem #x0000000000020062) #x00) (= (memory_load8_le mem #x0000000000020063) #x00))) (and (and (= (memory_load8_le mem #x0000000000020064) #x00) (= (memory_load8_le mem #x0000000000020065) #x00)) (and (= (memory_load8_le mem #x0000000000020066) #x00) (= (memory_load8_le mem #x0000000000020067) #x00))))) (and (and (and (and (= (memory_load8_le mem #x0000000000020068) #x68) (= (memory_load8_le mem #x0000000000020069) #x65)) (and (= (memory_load8_le mem #x000000000002006a) #x6c) (= (memory_load8_le mem #x000000000002006b) #x6c))) (and (and (= (memory_load8_le mem #x000000000002006c) #x6f) (= (memory_load8_le mem #x000000000002006d) #x6f)) (and (= (memory_load8_le mem #x000000000002006e) #x00) (= (memory_load8_le mem #x000000000002006f) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020070) #x00) (= (memory_load8_le mem #x0000000000020071) #x00)) (and (= (memory_load8_le mem #x0000000000020072) #x00) (= (memory_load8_le mem #x00000000000009b8) #x01))) (and (and (= (memory_load8_le mem #x00000000000009b9) #x00) (= (memory_load8_le mem #x00000000000009ba) #x02)) (and (= (memory_load8_le mem #x00000000000009bb) #x00) (= (memory_load8_le mem #x000000000001fdc8) #xd0)))))) (and (and (and (and (and (= (memory_load8_le mem #x000000000001fdc9) #x08) (= (memory_load8_le mem #x000000000001fdca) #x00)) (and (= (memory_load8_le mem #x000000000001fdcb) #x00) (= (memory_load8_le mem #x000000000001fdcc) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdcd) #x00) (= (memory_load8_le mem #x000000000001fdce) #x00)) (and (= (memory_load8_le mem #x000000000001fdcf) #x00) (= (memory_load8_le mem #x000000000001fdd0) #x80)))) (and (and (and (= (memory_load8_le mem #x000000000001fdd1) #x08) (= (memory_load8_le mem #x000000000001fdd2) #x00)) (and (= (memory_load8_le mem #x000000000001fdd3) #x00) (= (memory_load8_le mem #x000000000001fdd4) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdd5) #x00) (= (memory_load8_le mem #x000000000001fdd6) #x00)) (and (= (memory_load8_le mem #x000000000001fdd7) #x00) (= (memory_load8_le mem #x000000000001ffd8) #xd4))))) (and (and (and (and (= (memory_load8_le mem #x000000000001ffd9) #x08) (= (memory_load8_le mem #x000000000001ffda) #x00)) (and (= (memory_load8_le mem #x000000000001ffdb) #x00) (= (memory_load8_le mem #x000000000001ffdc) #x00))) (and (and (= (memory_load8_le mem #x000000000001ffdd) #x00) (= (memory_load8_le mem #x000000000001ffde) #x00)) (and (= (memory_load8_le mem #x000000000001ffdf) #x00) (= (memory_load8_le mem #x0000000000020058) #x58)))) (and (and (and (= (memory_load8_le mem #x0000000000020059) #x00) (= (memory_load8_le mem #x000000000002005a) #x02)) (and (= (memory_load8_le mem #x000000000002005b) #x00) (= (memory_load8_le mem #x000000000002005c) #x00))) (and (and (= (memory_load8_le mem #x000000000002005d) #x00) (= (memory_load8_le mem #x000000000002005e) #x00)) (and (= (memory_load8_le mem #x000000000002005f) #x00) (= (ControlFlow 0 3) 2))))))) lmain_correct))))) -PreconditionGeneratedEntry_correct))) -)) -(check-sat) -(pop 1) -; Valid -(get-info :rlimit) -(reset) -(set-option :print-success false) -(set-info :smt-lib-version 2.6) -(set-option :smt.mbqi false) -(set-option :model.compact false) -(set-option :model.v2 true) -(set-option :pp.bv_literals false) -; done setting options - - -(declare-fun tickleBool (Bool) Bool) -(assert (and (tickleBool true) (tickleBool false))) -(declare-fun gamma_store64 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#0| ((_ BitVec 64) (_ BitVec 64) Bool (Array (_ BitVec 64) Bool)) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#1| ((_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (Array (_ BitVec 64) (_ BitVec 8))) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun L ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) Bool) -(declare-fun memory_load64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 64)) -(declare-fun gamma_store8 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun memory_store8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 8)) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun gamma_load64 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load32 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load8 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun $password_addr () (_ BitVec 64)) -(declare-fun $stext_addr () (_ BitVec 64)) -(declare-fun $buf_addr () (_ BitVec 64)) -(declare-fun memory_load8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 8)) -(declare-fun memory_store64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 64)) (Array (_ BitVec 64) (_ BitVec 8))) -(assert (forall ((gammaMap (Array (_ BitVec 64) Bool)) (index (_ BitVec 64)) (value Bool) ) (! (= (gamma_store64 gammaMap index value) (|lambda#0| index #x0000000000000008 value gammaMap)) - :qid |examplebpl.63:34| - :skolemid |4| - :pattern ( (gamma_store64 gammaMap index value)) -))) -(assert (forall ((|l#0| (_ BitVec 64)) (|l#1| (_ BitVec 64)) (|l#2| (_ BitVec 64)) (|l#3| (_ BitVec 64)) (|l#4| (Array (_ BitVec 64) (_ BitVec 8))) (i (_ BitVec 64)) ) (! (= (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i) (ite (ite (bvule |l#0| (bvadd |l#0| |l#1|)) (and (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|))) (or (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|)))) ((_ extract 7 0) (bvlshr |l#2| (bvmul (bvsub i |l#3|) #x0000000000000008))) (select |l#4| i))) - :qid |examplebpl.83:57| - :skolemid |20| - :pattern ( (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i)) -))) -(assert (forall ((memory (Array (_ BitVec 64) (_ BitVec 8))) (index@@0 (_ BitVec 64)) ) (! (= (L memory index@@0) false) - :qid |examplebpl.35:22| - :skolemid |0| - :pattern ( (L memory index@@0)) -))) -(assert (forall ((memory@@0 (Array (_ BitVec 64) (_ BitVec 8))) (index@@1 (_ BitVec 64)) ) (! (= (memory_load64_le memory@@0 index@@1) (concat (select memory@@0 (bvadd index@@1 #x0000000000000007)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000006)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000005)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000004)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000003)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000002)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000001)) (select memory@@0 index@@1))))))))) - :qid |examplebpl.75:37| - :skolemid |6| - :pattern ( (memory_load64_le memory@@0 index@@1)) -))) -(assert (forall ((gammaMap@@0 (Array (_ BitVec 64) Bool)) (index@@2 (_ BitVec 64)) (value@@0 Bool) ) (! (= (gamma_store8 gammaMap@@0 index@@2 value@@0) (store gammaMap@@0 index@@2 value@@0)) - :qid |examplebpl.67:33| - :skolemid |5| - :pattern ( (gamma_store8 gammaMap@@0 index@@2 value@@0)) -))) -(assert (forall ((memory@@1 (Array (_ BitVec 64) (_ BitVec 8))) (index@@3 (_ BitVec 64)) (value@@1 (_ BitVec 8)) ) (! (= (memory_store8_le memory@@1 index@@3 value@@1) (store memory@@1 index@@3 value@@1)) - :qid |examplebpl.87:37| - :skolemid |9| - :pattern ( (memory_store8_le memory@@1 index@@3 value@@1)) -))) -(assert (forall ((|l#0@@0| (_ BitVec 64)) (|l#1@@0| (_ BitVec 64)) (|l#2@@0| Bool) (|l#3@@0| (Array (_ BitVec 64) Bool)) (i@@0 (_ BitVec 64)) ) (! (= (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0) (ite (ite (bvule |l#0@@0| (bvadd |l#0@@0| |l#1@@0|)) (and (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|))) (or (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|)))) |l#2@@0| (select |l#3@@0| i@@0))) - :qid |examplebpl.63:56| - :skolemid |19| - :pattern ( (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0)) -))) -(assert (forall ((gammaMap@@1 (Array (_ BitVec 64) Bool)) (index@@4 (_ BitVec 64)) ) (! (= (gamma_load64 gammaMap@@1 index@@4) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000007)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000006)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000005)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000004)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000003)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000002)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000001)) (select gammaMap@@1 index@@4))))))))) - :qid |examplebpl.55:33| - :skolemid |2| - :pattern ( (gamma_load64 gammaMap@@1 index@@4)) -))) -(assert (forall ((gammaMap@@2 (Array (_ BitVec 64) Bool)) (index@@5 (_ BitVec 64)) ) (! (= (gamma_load32 gammaMap@@2 index@@5) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000003)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000002)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000001)) (select gammaMap@@2 index@@5))))) - :qid |examplebpl.51:33| - :skolemid |1| - :pattern ( (gamma_load32 gammaMap@@2 index@@5)) -))) -(assert (forall ((gammaMap@@3 (Array (_ BitVec 64) Bool)) (index@@6 (_ BitVec 64)) ) (! (= (gamma_load8 gammaMap@@3 index@@6) (select gammaMap@@3 index@@6)) - :qid |examplebpl.59:32| - :skolemid |3| - :pattern ( (gamma_load8 gammaMap@@3 index@@6)) -))) -(assert (= $password_addr #x0000000000020060)) -(assert (= $stext_addr #x0000000000020068)) -(assert (= $buf_addr #x0000000000020080)) -(assert (forall ((memory@@2 (Array (_ BitVec 64) (_ BitVec 8))) (index@@7 (_ BitVec 64)) ) (! (= (memory_load8_le memory@@2 index@@7) (select memory@@2 index@@7)) - :qid |examplebpl.79:36| - :skolemid |7| - :pattern ( (memory_load8_le memory@@2 index@@7)) -))) -(assert (forall ((memory@@3 (Array (_ BitVec 64) (_ BitVec 8))) (index@@8 (_ BitVec 64)) (value@@2 (_ BitVec 64)) ) (! (= (memory_store64_le memory@@3 index@@8 value@@2) (|lambda#1| index@@8 #x0000000000000008 value@@2 index@@8 memory@@3)) - :qid |examplebpl.83:38| - :skolemid |8| - :pattern ( (memory_store64_le memory@@3 index@@8 value@@2)) -))) -; Valid - -(push 1) -(declare-fun ControlFlow (Int Int) Int) -(declare-fun |#4@0| () (_ BitVec 64)) -(declare-fun R31 () (_ BitVec 64)) -(declare-fun stack@0 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun stack () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R29 () (_ BitVec 64)) -(declare-fun Gamma_stack@0 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_stack () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R29 () Bool) -(declare-fun stack@1 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R30 () (_ BitVec 64)) -(declare-fun Gamma_stack@1 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R30 () Bool) -(declare-fun stack@2 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R19 () (_ BitVec 64)) -(declare-fun Gamma_stack@2 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R19 () Bool) -(declare-fun stack@3 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@3 () (Array (_ BitVec 64) Bool)) -(declare-fun stack@4 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@4 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_mem () (Array (_ BitVec 64) Bool)) -(declare-fun malloc_count () Int) -(declare-fun mem () (Array (_ BitVec 64) (_ BitVec 8))) -(set-info :boogie-vc-id main_split2) -(set-option :timeout 0) -(set-option :rlimit 0) -(assert (not - (=> (= (ControlFlow 0 0) 3) (let ((lmain_correct (=> (= |#4@0| (bvadd R31 #xffffffffffffffd0)) (=> (and (and (= stack@0 (memory_store64_le stack |#4@0| R29)) (= Gamma_stack@0 (gamma_store64 Gamma_stack |#4@0| Gamma_R29))) (and (= stack@1 (memory_store64_le stack@0 (bvadd |#4@0| #x0000000000000008) R30)) (= Gamma_stack@1 (gamma_store64 Gamma_stack@0 (bvadd |#4@0| #x0000000000000008) Gamma_R30)))) (=> (and (and (and (= stack@2 (memory_store64_le stack@1 (bvadd |#4@0| #x0000000000000010) R19)) (= Gamma_stack@2 (gamma_store64 Gamma_stack@1 (bvadd |#4@0| #x0000000000000010) Gamma_R19))) (and (= stack@3 (memory_store64_le stack@2 (bvadd |#4@0| #x0000000000000028) #x0000000000000000)) (= Gamma_stack@3 (gamma_store64 Gamma_stack@2 (bvadd |#4@0| #x0000000000000028) true)))) (and (and (= stack@4 (memory_store64_le stack@3 (bvadd |#4@0| #x0000000000000020) #x0000000000000000)) (= Gamma_stack@4 (gamma_store64 Gamma_stack@3 (bvadd |#4@0| #x0000000000000020) true))) (and (bvugt #x000000000000000b #x0000000000000000) (= (ControlFlow 0 2) (- 0 1))))) (= true true)))))) -(let ((PreconditionGeneratedEntry_correct (=> (and (and (= (gamma_load8 Gamma_mem $password_addr) false) (= malloc_count 0)) (and (gamma_load32 Gamma_mem (memory_load64_le mem $stext_addr)) (= R31 #x0000000000000064))) (=> (and (and (and (= (memory_load8_le mem #x0000000000020050) #x00) (= (memory_load8_le mem #x0000000000020051) #x00)) (and (= (memory_load8_le mem #x0000000000020052) #x00) (= (memory_load8_le mem #x0000000000020053) #x00))) (and (and (= (memory_load8_le mem #x0000000000020054) #x00) (= (memory_load8_le mem #x0000000000020055) #x00)) (and (= (memory_load8_le mem #x0000000000020056) #x00) (= (memory_load8_le mem #x0000000000020057) #x00)))) (=> (and (and (and (and (and (and (= (memory_load8_le mem #x0000000000020058) #x58) (= (memory_load8_le mem #x0000000000020059) #x00)) (and (= (memory_load8_le mem #x000000000002005a) #x02) (= (memory_load8_le mem #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem #x000000000002005c) #x00) (= (memory_load8_le mem #x000000000002005d) #x00)) (and (= (memory_load8_le mem #x000000000002005e) #x00) (= (memory_load8_le mem #x000000000002005f) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020060) #x07) (= (memory_load8_le mem #x0000000000020061) #x00)) (and (= (memory_load8_le mem #x0000000000020062) #x00) (= (memory_load8_le mem #x0000000000020063) #x00))) (and (and (= (memory_load8_le mem #x0000000000020064) #x00) (= (memory_load8_le mem #x0000000000020065) #x00)) (and (= (memory_load8_le mem #x0000000000020066) #x00) (= (memory_load8_le mem #x0000000000020067) #x00))))) (and (and (and (and (= (memory_load8_le mem #x0000000000020068) #x68) (= (memory_load8_le mem #x0000000000020069) #x65)) (and (= (memory_load8_le mem #x000000000002006a) #x6c) (= (memory_load8_le mem #x000000000002006b) #x6c))) (and (and (= (memory_load8_le mem #x000000000002006c) #x6f) (= (memory_load8_le mem #x000000000002006d) #x6f)) (and (= (memory_load8_le mem #x000000000002006e) #x00) (= (memory_load8_le mem #x000000000002006f) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020070) #x00) (= (memory_load8_le mem #x0000000000020071) #x00)) (and (= (memory_load8_le mem #x0000000000020072) #x00) (= (memory_load8_le mem #x00000000000009b8) #x01))) (and (and (= (memory_load8_le mem #x00000000000009b9) #x00) (= (memory_load8_le mem #x00000000000009ba) #x02)) (and (= (memory_load8_le mem #x00000000000009bb) #x00) (= (memory_load8_le mem #x000000000001fdc8) #xd0)))))) (and (and (and (and (and (= (memory_load8_le mem #x000000000001fdc9) #x08) (= (memory_load8_le mem #x000000000001fdca) #x00)) (and (= (memory_load8_le mem #x000000000001fdcb) #x00) (= (memory_load8_le mem #x000000000001fdcc) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdcd) #x00) (= (memory_load8_le mem #x000000000001fdce) #x00)) (and (= (memory_load8_le mem #x000000000001fdcf) #x00) (= (memory_load8_le mem #x000000000001fdd0) #x80)))) (and (and (and (= (memory_load8_le mem #x000000000001fdd1) #x08) (= (memory_load8_le mem #x000000000001fdd2) #x00)) (and (= (memory_load8_le mem #x000000000001fdd3) #x00) (= (memory_load8_le mem #x000000000001fdd4) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdd5) #x00) (= (memory_load8_le mem #x000000000001fdd6) #x00)) (and (= (memory_load8_le mem #x000000000001fdd7) #x00) (= (memory_load8_le mem #x000000000001ffd8) #xd4))))) (and (and (and (and (= (memory_load8_le mem #x000000000001ffd9) #x08) (= (memory_load8_le mem #x000000000001ffda) #x00)) (and (= (memory_load8_le mem #x000000000001ffdb) #x00) (= (memory_load8_le mem #x000000000001ffdc) #x00))) (and (and (= (memory_load8_le mem #x000000000001ffdd) #x00) (= (memory_load8_le mem #x000000000001ffde) #x00)) (and (= (memory_load8_le mem #x000000000001ffdf) #x00) (= (memory_load8_le mem #x0000000000020058) #x58)))) (and (and (and (= (memory_load8_le mem #x0000000000020059) #x00) (= (memory_load8_le mem #x000000000002005a) #x02)) (and (= (memory_load8_le mem #x000000000002005b) #x00) (= (memory_load8_le mem #x000000000002005c) #x00))) (and (and (= (memory_load8_le mem #x000000000002005d) #x00) (= (memory_load8_le mem #x000000000002005e) #x00)) (and (= (memory_load8_le mem #x000000000002005f) #x00) (= (ControlFlow 0 3) 2))))))) lmain_correct))))) -PreconditionGeneratedEntry_correct))) -)) -(check-sat) -(pop 1) -; Valid -(get-info :rlimit) -(reset) -(set-option :print-success false) -(set-info :smt-lib-version 2.6) -(set-option :smt.mbqi false) -(set-option :model.compact false) -(set-option :model.v2 true) -(set-option :pp.bv_literals false) -; done setting options - - -(declare-fun tickleBool (Bool) Bool) -(assert (and (tickleBool true) (tickleBool false))) -(declare-fun gamma_store64 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#0| ((_ BitVec 64) (_ BitVec 64) Bool (Array (_ BitVec 64) Bool)) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#1| ((_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (Array (_ BitVec 64) (_ BitVec 8))) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun L ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) Bool) -(declare-fun memory_load64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 64)) -(declare-fun gamma_store8 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun memory_store8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 8)) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun gamma_load64 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load32 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load8 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun $password_addr () (_ BitVec 64)) -(declare-fun $stext_addr () (_ BitVec 64)) -(declare-fun $buf_addr () (_ BitVec 64)) -(declare-fun memory_load8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 8)) -(declare-fun memory_store64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 64)) (Array (_ BitVec 64) (_ BitVec 8))) -(assert (forall ((gammaMap (Array (_ BitVec 64) Bool)) (index (_ BitVec 64)) (value Bool) ) (! (= (gamma_store64 gammaMap index value) (|lambda#0| index #x0000000000000008 value gammaMap)) - :qid |examplebpl.63:34| - :skolemid |4| - :pattern ( (gamma_store64 gammaMap index value)) -))) -(assert (forall ((|l#0| (_ BitVec 64)) (|l#1| (_ BitVec 64)) (|l#2| (_ BitVec 64)) (|l#3| (_ BitVec 64)) (|l#4| (Array (_ BitVec 64) (_ BitVec 8))) (i (_ BitVec 64)) ) (! (= (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i) (ite (ite (bvule |l#0| (bvadd |l#0| |l#1|)) (and (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|))) (or (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|)))) ((_ extract 7 0) (bvlshr |l#2| (bvmul (bvsub i |l#3|) #x0000000000000008))) (select |l#4| i))) - :qid |examplebpl.83:57| - :skolemid |20| - :pattern ( (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i)) -))) -(assert (forall ((memory (Array (_ BitVec 64) (_ BitVec 8))) (index@@0 (_ BitVec 64)) ) (! (= (L memory index@@0) false) - :qid |examplebpl.35:22| - :skolemid |0| - :pattern ( (L memory index@@0)) -))) -(assert (forall ((memory@@0 (Array (_ BitVec 64) (_ BitVec 8))) (index@@1 (_ BitVec 64)) ) (! (= (memory_load64_le memory@@0 index@@1) (concat (select memory@@0 (bvadd index@@1 #x0000000000000007)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000006)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000005)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000004)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000003)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000002)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000001)) (select memory@@0 index@@1))))))))) - :qid |examplebpl.75:37| - :skolemid |6| - :pattern ( (memory_load64_le memory@@0 index@@1)) -))) -(assert (forall ((gammaMap@@0 (Array (_ BitVec 64) Bool)) (index@@2 (_ BitVec 64)) (value@@0 Bool) ) (! (= (gamma_store8 gammaMap@@0 index@@2 value@@0) (store gammaMap@@0 index@@2 value@@0)) - :qid |examplebpl.67:33| - :skolemid |5| - :pattern ( (gamma_store8 gammaMap@@0 index@@2 value@@0)) -))) -(assert (forall ((memory@@1 (Array (_ BitVec 64) (_ BitVec 8))) (index@@3 (_ BitVec 64)) (value@@1 (_ BitVec 8)) ) (! (= (memory_store8_le memory@@1 index@@3 value@@1) (store memory@@1 index@@3 value@@1)) - :qid |examplebpl.87:37| - :skolemid |9| - :pattern ( (memory_store8_le memory@@1 index@@3 value@@1)) -))) -(assert (forall ((|l#0@@0| (_ BitVec 64)) (|l#1@@0| (_ BitVec 64)) (|l#2@@0| Bool) (|l#3@@0| (Array (_ BitVec 64) Bool)) (i@@0 (_ BitVec 64)) ) (! (= (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0) (ite (ite (bvule |l#0@@0| (bvadd |l#0@@0| |l#1@@0|)) (and (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|))) (or (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|)))) |l#2@@0| (select |l#3@@0| i@@0))) - :qid |examplebpl.63:56| - :skolemid |19| - :pattern ( (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0)) -))) -(assert (forall ((gammaMap@@1 (Array (_ BitVec 64) Bool)) (index@@4 (_ BitVec 64)) ) (! (= (gamma_load64 gammaMap@@1 index@@4) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000007)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000006)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000005)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000004)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000003)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000002)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000001)) (select gammaMap@@1 index@@4))))))))) - :qid |examplebpl.55:33| - :skolemid |2| - :pattern ( (gamma_load64 gammaMap@@1 index@@4)) -))) -(assert (forall ((gammaMap@@2 (Array (_ BitVec 64) Bool)) (index@@5 (_ BitVec 64)) ) (! (= (gamma_load32 gammaMap@@2 index@@5) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000003)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000002)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000001)) (select gammaMap@@2 index@@5))))) - :qid |examplebpl.51:33| - :skolemid |1| - :pattern ( (gamma_load32 gammaMap@@2 index@@5)) -))) -(assert (forall ((gammaMap@@3 (Array (_ BitVec 64) Bool)) (index@@6 (_ BitVec 64)) ) (! (= (gamma_load8 gammaMap@@3 index@@6) (select gammaMap@@3 index@@6)) - :qid |examplebpl.59:32| - :skolemid |3| - :pattern ( (gamma_load8 gammaMap@@3 index@@6)) -))) -(assert (= $password_addr #x0000000000020060)) -(assert (= $stext_addr #x0000000000020068)) -(assert (= $buf_addr #x0000000000020080)) -(assert (forall ((memory@@2 (Array (_ BitVec 64) (_ BitVec 8))) (index@@7 (_ BitVec 64)) ) (! (= (memory_load8_le memory@@2 index@@7) (select memory@@2 index@@7)) - :qid |examplebpl.79:36| - :skolemid |7| - :pattern ( (memory_load8_le memory@@2 index@@7)) -))) -(assert (forall ((memory@@3 (Array (_ BitVec 64) (_ BitVec 8))) (index@@8 (_ BitVec 64)) (value@@2 (_ BitVec 64)) ) (! (= (memory_store64_le memory@@3 index@@8 value@@2) (|lambda#1| index@@8 #x0000000000000008 value@@2 index@@8 memory@@3)) - :qid |examplebpl.83:38| - :skolemid |8| - :pattern ( (memory_store64_le memory@@3 index@@8 value@@2)) -))) -; Valid - -(push 1) -(declare-fun ControlFlow (Int Int) Int) -(declare-fun |#4@0| () (_ BitVec 64)) -(declare-fun R31 () (_ BitVec 64)) -(declare-fun stack@0 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun stack () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R29 () (_ BitVec 64)) -(declare-fun Gamma_stack@0 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_stack () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R29 () Bool) -(declare-fun stack@1 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R30 () (_ BitVec 64)) -(declare-fun Gamma_stack@1 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R30 () Bool) -(declare-fun stack@2 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R19 () (_ BitVec 64)) -(declare-fun Gamma_stack@2 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R19 () Bool) -(declare-fun stack@3 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@3 () (Array (_ BitVec 64) Bool)) -(declare-fun stack@4 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@4 () (Array (_ BitVec 64) Bool)) -(declare-fun mem () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_R0@0 () Bool) -(declare-fun malloc_count@0 () Int) -(declare-fun malloc_count () Int) -(declare-fun malloc_end@0 () (Array Int (_ BitVec 64))) -(declare-fun malloc_base@0 () (Array Int (_ BitVec 64))) -(declare-fun R0@0 () (_ BitVec 64)) -(declare-fun malloc_base () (Array Int (_ BitVec 64))) -(declare-fun malloc_end () (Array Int (_ BitVec 64))) -(declare-fun Gamma_mem () (Array (_ BitVec 64) Bool)) -(declare-fun R0@1 () (_ BitVec 64)) -(declare-fun mem@0 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@0 () (Array (_ BitVec 64) Bool)) -(set-info :boogie-vc-id main_split3) -(set-option :timeout 0) -(set-option :rlimit 0) -(assert (not - (=> (= (ControlFlow 0 0) 3) (let ((lmain_correct (=> (= |#4@0| (bvadd R31 #xffffffffffffffd0)) (=> (and (and (= stack@0 (memory_store64_le stack |#4@0| R29)) (= Gamma_stack@0 (gamma_store64 Gamma_stack |#4@0| Gamma_R29))) (and (= stack@1 (memory_store64_le stack@0 (bvadd |#4@0| #x0000000000000008) R30)) (= Gamma_stack@1 (gamma_store64 Gamma_stack@0 (bvadd |#4@0| #x0000000000000008) Gamma_R30)))) (=> (and (and (and (= stack@2 (memory_store64_le stack@1 (bvadd |#4@0| #x0000000000000010) R19)) (= Gamma_stack@2 (gamma_store64 Gamma_stack@1 (bvadd |#4@0| #x0000000000000010) Gamma_R19))) (and (= stack@3 (memory_store64_le stack@2 (bvadd |#4@0| #x0000000000000028) #x0000000000000000)) (= Gamma_stack@3 (gamma_store64 Gamma_stack@2 (bvadd |#4@0| #x0000000000000028) true)))) (and (and (= stack@4 (memory_store64_le stack@3 (bvadd |#4@0| #x0000000000000020) #x0000000000000000)) (= Gamma_stack@4 (gamma_store64 Gamma_stack@3 (bvadd |#4@0| #x0000000000000020) true))) (and (bvugt #x000000000000000b #x0000000000000000) (= true true)))) (=> (and (and (and (and (and (= (memory_load64_le mem $buf_addr) (memory_load64_le mem $buf_addr)) (= (memory_load8_le mem $password_addr) (memory_load8_le mem $password_addr))) (= Gamma_R0@0 true)) (and (= malloc_count@0 (+ malloc_count 1)) (bvugt (select malloc_end@0 malloc_count@0) (select malloc_base@0 malloc_count@0)))) (and (and (= R0@0 (select malloc_base@0 malloc_count@0)) (= (select malloc_end@0 malloc_count@0) (bvadd R0@0 #x000000000000000b))) (and (forall ((i@@1 Int) ) (! (=> (not (= i@@1 malloc_count@0)) (or (bvugt (select malloc_base@0 malloc_count@0) (select malloc_end@0 i@@1)) (bvult (select malloc_end@0 malloc_count@0) (select malloc_base@0 i@@1)))) - :qid |examplebpl.497:19| - :skolemid |11| -)) (forall ((i@@2 Int) ) (! (=> (not (= i@@2 malloc_count@0)) (and (= (select malloc_base@0 i@@2) (select malloc_base i@@2)) (= (select malloc_end@0 i@@2) (select malloc_end i@@2)))) - :qid |examplebpl.498:19| - :skolemid |12| -))))) (and (and (and (and (bvuge R0@0 #x0000000005f5e100) (forall ((i@@3 (_ BitVec 64)) ) (! (=> (and (bvuge i@@3 R0@0) (bvult i@@3 (bvadd R0@0 #x000000000000000b))) (and (select Gamma_mem i@@3) (gamma_load8 Gamma_mem i@@3))) - :qid |examplebpl.500:19| - :skolemid |13| -))) (and (= (memory_load8_le mem #x00000000000009b8) #x01) (= (memory_load8_le mem #x00000000000009b9) #x00))) (and (and (= (memory_load8_le mem #x00000000000009ba) #x02) (= (memory_load8_le mem #x00000000000009bb) #x00)) (and (= (memory_load8_le mem #x000000000001fdc8) #xd0) (= (memory_load8_le mem #x000000000001fdc9) #x08)))) (and (and (and (= (memory_load8_le mem #x000000000001fdca) #x00) (= (memory_load8_le mem #x000000000001fdcb) #x00)) (and (= (memory_load8_le mem #x000000000001fdcc) #x00) (= (memory_load8_le mem #x000000000001fdcd) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdce) #x00) (= (memory_load8_le mem #x000000000001fdcf) #x00)) (and (= (memory_load8_le mem #x000000000001fdd0) #x80) (= (memory_load8_le mem #x000000000001fdd1) #x08)))))) (=> (and (and (and (and (and (and (= (memory_load8_le mem #x000000000001fdd2) #x00) (= (memory_load8_le mem #x000000000001fdd3) #x00)) (and (= (memory_load8_le mem #x000000000001fdd4) #x00) (= (memory_load8_le mem #x000000000001fdd5) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdd6) #x00) (= (memory_load8_le mem #x000000000001fdd7) #x00)) (and (= (memory_load8_le mem #x000000000001ffd8) #xd4) (= (memory_load8_le mem #x000000000001ffd9) #x08)))) (and (and (and (= (memory_load8_le mem #x000000000001ffda) #x00) (= (memory_load8_le mem #x000000000001ffdb) #x00)) (and (= (memory_load8_le mem #x000000000001ffdc) #x00) (= (memory_load8_le mem #x000000000001ffdd) #x00))) (and (and (= (memory_load8_le mem #x000000000001ffde) #x00) (= (memory_load8_le mem #x000000000001ffdf) #x00)) (and (= (memory_load8_le mem #x0000000000020058) #x58) (= (memory_load8_le mem #x0000000000020059) #x00))))) (and (and (and (and (= (memory_load8_le mem #x000000000002005a) #x02) (= (memory_load8_le mem #x000000000002005b) #x00)) (and (= (memory_load8_le mem #x000000000002005c) #x00) (= (memory_load8_le mem #x000000000002005d) #x00))) (and (and (= (memory_load8_le mem #x000000000002005e) #x00) (= (memory_load8_le mem #x000000000002005f) #x00)) (and (= R0@1 (bvadd #x0000000000020000 #x0000000000000080)) (= mem@0 mem)))) (and (and (and (= Gamma_mem@0 Gamma_mem) (= (memory_load8_le mem@0 #x00000000000009b8) #x01)) (and (= (memory_load8_le mem@0 #x00000000000009b9) #x00) (= (memory_load8_le mem@0 #x00000000000009ba) #x02))) (and (and (= (memory_load8_le mem@0 #x00000000000009bb) #x00) (= (memory_load8_le mem@0 #x000000000001fdc8) #xd0)) (and (= (memory_load8_le mem@0 #x000000000001fdc9) #x08) (= (memory_load8_le mem@0 #x000000000001fdca) #x00)))))) (and (and (and (and (and (= (memory_load8_le mem@0 #x000000000001fdcb) #x00) (= (memory_load8_le mem@0 #x000000000001fdcc) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdcd) #x00) (= (memory_load8_le mem@0 #x000000000001fdce) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001fdcf) #x00) (= (memory_load8_le mem@0 #x000000000001fdd0) #x80)) (and (= (memory_load8_le mem@0 #x000000000001fdd1) #x08) (= (memory_load8_le mem@0 #x000000000001fdd2) #x00)))) (and (and (and (= (memory_load8_le mem@0 #x000000000001fdd3) #x00) (= (memory_load8_le mem@0 #x000000000001fdd4) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdd5) #x00) (= (memory_load8_le mem@0 #x000000000001fdd6) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001fdd7) #x00) (= (memory_load8_le mem@0 #x000000000001ffd8) #xd4)) (and (= (memory_load8_le mem@0 #x000000000001ffd9) #x08) (= (memory_load8_le mem@0 #x000000000001ffda) #x00))))) (and (and (and (and (= (memory_load8_le mem@0 #x000000000001ffdb) #x00) (= (memory_load8_le mem@0 #x000000000001ffdc) #x00)) (and (= (memory_load8_le mem@0 #x000000000001ffdd) #x00) (= (memory_load8_le mem@0 #x000000000001ffde) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001ffdf) #x00) (= (memory_load8_le mem@0 #x0000000000020058) #x58)) (and (= (memory_load8_le mem@0 #x0000000000020059) #x00) (= (memory_load8_le mem@0 #x000000000002005a) #x02)))) (and (and (and (= (memory_load8_le mem@0 #x000000000002005b) #x00) (= (memory_load8_le mem@0 #x000000000002005c) #x00)) (and (= (memory_load8_le mem@0 #x000000000002005d) #x00) (= (memory_load8_le mem@0 #x000000000002005e) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000002005f) #x00) (= (ControlFlow 0 2) (- 0 1))) (L mem@0 R0@1)))))) Gamma_R0@0))))))) -(let ((PreconditionGeneratedEntry_correct (=> (and (and (= (gamma_load8 Gamma_mem $password_addr) false) (= malloc_count 0)) (and (gamma_load32 Gamma_mem (memory_load64_le mem $stext_addr)) (= R31 #x0000000000000064))) (=> (and (and (and (= (memory_load8_le mem #x0000000000020050) #x00) (= (memory_load8_le mem #x0000000000020051) #x00)) (and (= (memory_load8_le mem #x0000000000020052) #x00) (= (memory_load8_le mem #x0000000000020053) #x00))) (and (and (= (memory_load8_le mem #x0000000000020054) #x00) (= (memory_load8_le mem #x0000000000020055) #x00)) (and (= (memory_load8_le mem #x0000000000020056) #x00) (= (memory_load8_le mem #x0000000000020057) #x00)))) (=> (and (and (and (and (and (and (= (memory_load8_le mem #x0000000000020058) #x58) (= (memory_load8_le mem #x0000000000020059) #x00)) (and (= (memory_load8_le mem #x000000000002005a) #x02) (= (memory_load8_le mem #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem #x000000000002005c) #x00) (= (memory_load8_le mem #x000000000002005d) #x00)) (and (= (memory_load8_le mem #x000000000002005e) #x00) (= (memory_load8_le mem #x000000000002005f) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020060) #x07) (= (memory_load8_le mem #x0000000000020061) #x00)) (and (= (memory_load8_le mem #x0000000000020062) #x00) (= (memory_load8_le mem #x0000000000020063) #x00))) (and (and (= (memory_load8_le mem #x0000000000020064) #x00) (= (memory_load8_le mem #x0000000000020065) #x00)) (and (= (memory_load8_le mem #x0000000000020066) #x00) (= (memory_load8_le mem #x0000000000020067) #x00))))) (and (and (and (and (= (memory_load8_le mem #x0000000000020068) #x68) (= (memory_load8_le mem #x0000000000020069) #x65)) (and (= (memory_load8_le mem #x000000000002006a) #x6c) (= (memory_load8_le mem #x000000000002006b) #x6c))) (and (and (= (memory_load8_le mem #x000000000002006c) #x6f) (= (memory_load8_le mem #x000000000002006d) #x6f)) (and (= (memory_load8_le mem #x000000000002006e) #x00) (= (memory_load8_le mem #x000000000002006f) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020070) #x00) (= (memory_load8_le mem #x0000000000020071) #x00)) (and (= (memory_load8_le mem #x0000000000020072) #x00) (= (memory_load8_le mem #x00000000000009b8) #x01))) (and (and (= (memory_load8_le mem #x00000000000009b9) #x00) (= (memory_load8_le mem #x00000000000009ba) #x02)) (and (= (memory_load8_le mem #x00000000000009bb) #x00) (= (memory_load8_le mem #x000000000001fdc8) #xd0)))))) (and (and (and (and (and (= (memory_load8_le mem #x000000000001fdc9) #x08) (= (memory_load8_le mem #x000000000001fdca) #x00)) (and (= (memory_load8_le mem #x000000000001fdcb) #x00) (= (memory_load8_le mem #x000000000001fdcc) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdcd) #x00) (= (memory_load8_le mem #x000000000001fdce) #x00)) (and (= (memory_load8_le mem #x000000000001fdcf) #x00) (= (memory_load8_le mem #x000000000001fdd0) #x80)))) (and (and (and (= (memory_load8_le mem #x000000000001fdd1) #x08) (= (memory_load8_le mem #x000000000001fdd2) #x00)) (and (= (memory_load8_le mem #x000000000001fdd3) #x00) (= (memory_load8_le mem #x000000000001fdd4) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdd5) #x00) (= (memory_load8_le mem #x000000000001fdd6) #x00)) (and (= (memory_load8_le mem #x000000000001fdd7) #x00) (= (memory_load8_le mem #x000000000001ffd8) #xd4))))) (and (and (and (and (= (memory_load8_le mem #x000000000001ffd9) #x08) (= (memory_load8_le mem #x000000000001ffda) #x00)) (and (= (memory_load8_le mem #x000000000001ffdb) #x00) (= (memory_load8_le mem #x000000000001ffdc) #x00))) (and (and (= (memory_load8_le mem #x000000000001ffdd) #x00) (= (memory_load8_le mem #x000000000001ffde) #x00)) (and (= (memory_load8_le mem #x000000000001ffdf) #x00) (= (memory_load8_le mem #x0000000000020058) #x58)))) (and (and (and (= (memory_load8_le mem #x0000000000020059) #x00) (= (memory_load8_le mem #x000000000002005a) #x02)) (and (= (memory_load8_le mem #x000000000002005b) #x00) (= (memory_load8_le mem #x000000000002005c) #x00))) (and (and (= (memory_load8_le mem #x000000000002005d) #x00) (= (memory_load8_le mem #x000000000002005e) #x00)) (and (= (memory_load8_le mem #x000000000002005f) #x00) (= (ControlFlow 0 3) 2))))))) lmain_correct))))) -PreconditionGeneratedEntry_correct))) -)) -(check-sat) -(pop 1) -; Valid -(get-info :rlimit) -(reset) -(set-option :print-success false) -(set-info :smt-lib-version 2.6) -(set-option :smt.mbqi false) -(set-option :model.compact false) -(set-option :model.v2 true) -(set-option :pp.bv_literals false) -; done setting options - - -(declare-fun tickleBool (Bool) Bool) -(assert (and (tickleBool true) (tickleBool false))) -(declare-fun gamma_store64 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#0| ((_ BitVec 64) (_ BitVec 64) Bool (Array (_ BitVec 64) Bool)) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#1| ((_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (Array (_ BitVec 64) (_ BitVec 8))) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun L ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) Bool) -(declare-fun memory_load64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 64)) -(declare-fun gamma_store8 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun memory_store8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 8)) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun gamma_load64 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load32 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load8 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun $password_addr () (_ BitVec 64)) -(declare-fun $stext_addr () (_ BitVec 64)) -(declare-fun $buf_addr () (_ BitVec 64)) -(declare-fun memory_load8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 8)) -(declare-fun memory_store64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 64)) (Array (_ BitVec 64) (_ BitVec 8))) -(assert (forall ((gammaMap (Array (_ BitVec 64) Bool)) (index (_ BitVec 64)) (value Bool) ) (! (= (gamma_store64 gammaMap index value) (|lambda#0| index #x0000000000000008 value gammaMap)) - :qid |examplebpl.63:34| - :skolemid |4| - :pattern ( (gamma_store64 gammaMap index value)) -))) -(assert (forall ((|l#0| (_ BitVec 64)) (|l#1| (_ BitVec 64)) (|l#2| (_ BitVec 64)) (|l#3| (_ BitVec 64)) (|l#4| (Array (_ BitVec 64) (_ BitVec 8))) (i (_ BitVec 64)) ) (! (= (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i) (ite (ite (bvule |l#0| (bvadd |l#0| |l#1|)) (and (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|))) (or (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|)))) ((_ extract 7 0) (bvlshr |l#2| (bvmul (bvsub i |l#3|) #x0000000000000008))) (select |l#4| i))) - :qid |examplebpl.83:57| - :skolemid |20| - :pattern ( (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i)) -))) -(assert (forall ((memory (Array (_ BitVec 64) (_ BitVec 8))) (index@@0 (_ BitVec 64)) ) (! (= (L memory index@@0) false) - :qid |examplebpl.35:22| - :skolemid |0| - :pattern ( (L memory index@@0)) -))) -(assert (forall ((memory@@0 (Array (_ BitVec 64) (_ BitVec 8))) (index@@1 (_ BitVec 64)) ) (! (= (memory_load64_le memory@@0 index@@1) (concat (select memory@@0 (bvadd index@@1 #x0000000000000007)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000006)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000005)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000004)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000003)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000002)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000001)) (select memory@@0 index@@1))))))))) - :qid |examplebpl.75:37| - :skolemid |6| - :pattern ( (memory_load64_le memory@@0 index@@1)) -))) -(assert (forall ((gammaMap@@0 (Array (_ BitVec 64) Bool)) (index@@2 (_ BitVec 64)) (value@@0 Bool) ) (! (= (gamma_store8 gammaMap@@0 index@@2 value@@0) (store gammaMap@@0 index@@2 value@@0)) - :qid |examplebpl.67:33| - :skolemid |5| - :pattern ( (gamma_store8 gammaMap@@0 index@@2 value@@0)) -))) -(assert (forall ((memory@@1 (Array (_ BitVec 64) (_ BitVec 8))) (index@@3 (_ BitVec 64)) (value@@1 (_ BitVec 8)) ) (! (= (memory_store8_le memory@@1 index@@3 value@@1) (store memory@@1 index@@3 value@@1)) - :qid |examplebpl.87:37| - :skolemid |9| - :pattern ( (memory_store8_le memory@@1 index@@3 value@@1)) -))) -(assert (forall ((|l#0@@0| (_ BitVec 64)) (|l#1@@0| (_ BitVec 64)) (|l#2@@0| Bool) (|l#3@@0| (Array (_ BitVec 64) Bool)) (i@@0 (_ BitVec 64)) ) (! (= (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0) (ite (ite (bvule |l#0@@0| (bvadd |l#0@@0| |l#1@@0|)) (and (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|))) (or (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|)))) |l#2@@0| (select |l#3@@0| i@@0))) - :qid |examplebpl.63:56| - :skolemid |19| - :pattern ( (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0)) -))) -(assert (forall ((gammaMap@@1 (Array (_ BitVec 64) Bool)) (index@@4 (_ BitVec 64)) ) (! (= (gamma_load64 gammaMap@@1 index@@4) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000007)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000006)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000005)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000004)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000003)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000002)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000001)) (select gammaMap@@1 index@@4))))))))) - :qid |examplebpl.55:33| - :skolemid |2| - :pattern ( (gamma_load64 gammaMap@@1 index@@4)) -))) -(assert (forall ((gammaMap@@2 (Array (_ BitVec 64) Bool)) (index@@5 (_ BitVec 64)) ) (! (= (gamma_load32 gammaMap@@2 index@@5) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000003)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000002)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000001)) (select gammaMap@@2 index@@5))))) - :qid |examplebpl.51:33| - :skolemid |1| - :pattern ( (gamma_load32 gammaMap@@2 index@@5)) -))) -(assert (forall ((gammaMap@@3 (Array (_ BitVec 64) Bool)) (index@@6 (_ BitVec 64)) ) (! (= (gamma_load8 gammaMap@@3 index@@6) (select gammaMap@@3 index@@6)) - :qid |examplebpl.59:32| - :skolemid |3| - :pattern ( (gamma_load8 gammaMap@@3 index@@6)) -))) -(assert (= $password_addr #x0000000000020060)) -(assert (= $stext_addr #x0000000000020068)) -(assert (= $buf_addr #x0000000000020080)) -(assert (forall ((memory@@2 (Array (_ BitVec 64) (_ BitVec 8))) (index@@7 (_ BitVec 64)) ) (! (= (memory_load8_le memory@@2 index@@7) (select memory@@2 index@@7)) - :qid |examplebpl.79:36| - :skolemid |7| - :pattern ( (memory_load8_le memory@@2 index@@7)) -))) -(assert (forall ((memory@@3 (Array (_ BitVec 64) (_ BitVec 8))) (index@@8 (_ BitVec 64)) (value@@2 (_ BitVec 64)) ) (! (= (memory_store64_le memory@@3 index@@8 value@@2) (|lambda#1| index@@8 #x0000000000000008 value@@2 index@@8 memory@@3)) - :qid |examplebpl.83:38| - :skolemid |8| - :pattern ( (memory_store64_le memory@@3 index@@8 value@@2)) -))) -; Valid - -(push 1) -(declare-fun ControlFlow (Int Int) Int) -(declare-fun |#4@0| () (_ BitVec 64)) -(declare-fun R31 () (_ BitVec 64)) -(declare-fun stack@0 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun stack () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R29 () (_ BitVec 64)) -(declare-fun Gamma_stack@0 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_stack () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R29 () Bool) -(declare-fun stack@1 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R30 () (_ BitVec 64)) -(declare-fun Gamma_stack@1 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R30 () Bool) -(declare-fun stack@2 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R19 () (_ BitVec 64)) -(declare-fun Gamma_stack@2 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R19 () Bool) -(declare-fun stack@3 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@3 () (Array (_ BitVec 64) Bool)) -(declare-fun stack@4 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@4 () (Array (_ BitVec 64) Bool)) -(declare-fun mem () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_R0@0 () Bool) -(declare-fun malloc_count@0 () Int) -(declare-fun malloc_count () Int) -(declare-fun malloc_end@0 () (Array Int (_ BitVec 64))) -(declare-fun malloc_base@0 () (Array Int (_ BitVec 64))) -(declare-fun R0@0 () (_ BitVec 64)) -(declare-fun malloc_base () (Array Int (_ BitVec 64))) -(declare-fun malloc_end () (Array Int (_ BitVec 64))) -(declare-fun Gamma_mem () (Array (_ BitVec 64) Bool)) -(declare-fun R0@1 () (_ BitVec 64)) -(declare-fun mem@0 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@0 () (Array (_ BitVec 64) Bool)) -(declare-fun mem@1 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@1 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@2 () (_ BitVec 64)) -(declare-fun mem@2 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@2 () (Array (_ BitVec 64) Bool)) -(declare-fun R19@0 () (_ BitVec 64)) -(declare-fun Gamma_R19@0 () Bool) -(declare-fun R0@3 () (_ BitVec 64)) -(declare-fun Gamma_R0@1 () Bool) -(declare-fun R0@4 () (_ BitVec 64)) -(declare-fun R1@0 () (_ BitVec 64)) -(set-info :boogie-vc-id main_split4) -(set-option :timeout 0) -(set-option :rlimit 0) -(assert (not - (=> (= (ControlFlow 0 0) 3) (let ((lmain_correct (=> (= |#4@0| (bvadd R31 #xffffffffffffffd0)) (=> (and (and (= stack@0 (memory_store64_le stack |#4@0| R29)) (= Gamma_stack@0 (gamma_store64 Gamma_stack |#4@0| Gamma_R29))) (and (= stack@1 (memory_store64_le stack@0 (bvadd |#4@0| #x0000000000000008) R30)) (= Gamma_stack@1 (gamma_store64 Gamma_stack@0 (bvadd |#4@0| #x0000000000000008) Gamma_R30)))) (=> (and (and (and (and (and (and (= stack@2 (memory_store64_le stack@1 (bvadd |#4@0| #x0000000000000010) R19)) (= Gamma_stack@2 (gamma_store64 Gamma_stack@1 (bvadd |#4@0| #x0000000000000010) Gamma_R19))) (and (= stack@3 (memory_store64_le stack@2 (bvadd |#4@0| #x0000000000000028) #x0000000000000000)) (= Gamma_stack@3 (gamma_store64 Gamma_stack@2 (bvadd |#4@0| #x0000000000000028) true)))) (and (and (= stack@4 (memory_store64_le stack@3 (bvadd |#4@0| #x0000000000000020) #x0000000000000000)) (= Gamma_stack@4 (gamma_store64 Gamma_stack@3 (bvadd |#4@0| #x0000000000000020) true))) (and (bvugt #x000000000000000b #x0000000000000000) (= true true)))) (and (and (and (= (memory_load64_le mem $buf_addr) (memory_load64_le mem $buf_addr)) (= (memory_load8_le mem $password_addr) (memory_load8_le mem $password_addr))) (= Gamma_R0@0 true)) (and (and (= malloc_count@0 (+ malloc_count 1)) (bvugt (select malloc_end@0 malloc_count@0) (select malloc_base@0 malloc_count@0))) (and (= R0@0 (select malloc_base@0 malloc_count@0)) (= (select malloc_end@0 malloc_count@0) (bvadd R0@0 #x000000000000000b)))))) (and (and (and (and (forall ((i@@1 Int) ) (! (=> (not (= i@@1 malloc_count@0)) (or (bvugt (select malloc_base@0 malloc_count@0) (select malloc_end@0 i@@1)) (bvult (select malloc_end@0 malloc_count@0) (select malloc_base@0 i@@1)))) - :qid |examplebpl.497:19| - :skolemid |11| -)) (forall ((i@@2 Int) ) (! (=> (not (= i@@2 malloc_count@0)) (and (= (select malloc_base@0 i@@2) (select malloc_base i@@2)) (= (select malloc_end@0 i@@2) (select malloc_end i@@2)))) - :qid |examplebpl.498:19| - :skolemid |12| -))) (and (bvuge R0@0 #x0000000005f5e100) (forall ((i@@3 (_ BitVec 64)) ) (! (=> (and (bvuge i@@3 R0@0) (bvult i@@3 (bvadd R0@0 #x000000000000000b))) (and (select Gamma_mem i@@3) (gamma_load8 Gamma_mem i@@3))) - :qid |examplebpl.500:19| - :skolemid |13| -)))) (and (and (= (memory_load8_le mem #x00000000000009b8) #x01) (= (memory_load8_le mem #x00000000000009b9) #x00)) (and (= (memory_load8_le mem #x00000000000009ba) #x02) (= (memory_load8_le mem #x00000000000009bb) #x00)))) (and (and (and (= (memory_load8_le mem #x000000000001fdc8) #xd0) (= (memory_load8_le mem #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem #x000000000001fdca) #x00) (= (memory_load8_le mem #x000000000001fdcb) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdcc) #x00) (= (memory_load8_le mem #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem #x000000000001fdce) #x00) (= (memory_load8_le mem #x000000000001fdcf) #x00)))))) (and (and (and (and (and (= (memory_load8_le mem #x000000000001fdd0) #x80) (= (memory_load8_le mem #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem #x000000000001fdd2) #x00) (= (memory_load8_le mem #x000000000001fdd3) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdd4) #x00) (= (memory_load8_le mem #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem #x000000000001fdd6) #x00) (= (memory_load8_le mem #x000000000001fdd7) #x00)))) (and (and (and (= (memory_load8_le mem #x000000000001ffd8) #xd4) (= (memory_load8_le mem #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem #x000000000001ffda) #x00) (= (memory_load8_le mem #x000000000001ffdb) #x00))) (and (and (= (memory_load8_le mem #x000000000001ffdc) #x00) (= (memory_load8_le mem #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem #x000000000001ffde) #x00) (= (memory_load8_le mem #x000000000001ffdf) #x00))))) (and (and (and (and (= (memory_load8_le mem #x0000000000020058) #x58) (= (memory_load8_le mem #x0000000000020059) #x00)) (and (= (memory_load8_le mem #x000000000002005a) #x02) (= (memory_load8_le mem #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem #x000000000002005c) #x00) (= (memory_load8_le mem #x000000000002005d) #x00)) (and (= (memory_load8_le mem #x000000000002005e) #x00) (= (memory_load8_le mem #x000000000002005f) #x00)))) (and (and (and (= R0@1 (bvadd #x0000000000020000 #x0000000000000080)) (= mem@0 mem)) (and (= Gamma_mem@0 Gamma_mem) (= (memory_load8_le mem@0 #x00000000000009b8) #x01))) (and (and (= (memory_load8_le mem@0 #x00000000000009b9) #x00) (= (memory_load8_le mem@0 #x00000000000009ba) #x02)) (and (= (memory_load8_le mem@0 #x00000000000009bb) #x00) (= (memory_load8_le mem@0 #x000000000001fdc8) #xd0))))))) (=> (and (and (and (and (and (and (and (= (memory_load8_le mem@0 #x000000000001fdc9) #x08) (= (memory_load8_le mem@0 #x000000000001fdca) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdcb) #x00) (= (memory_load8_le mem@0 #x000000000001fdcc) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001fdcd) #x00) (= (memory_load8_le mem@0 #x000000000001fdce) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdcf) #x00) (= (memory_load8_le mem@0 #x000000000001fdd0) #x80)))) (and (and (and (= (memory_load8_le mem@0 #x000000000001fdd1) #x08) (= (memory_load8_le mem@0 #x000000000001fdd2) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdd3) #x00) (= (memory_load8_le mem@0 #x000000000001fdd4) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001fdd5) #x00) (= (memory_load8_le mem@0 #x000000000001fdd6) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdd7) #x00) (= (memory_load8_le mem@0 #x000000000001ffd8) #xd4))))) (and (and (and (and (= (memory_load8_le mem@0 #x000000000001ffd9) #x08) (= (memory_load8_le mem@0 #x000000000001ffda) #x00)) (and (= (memory_load8_le mem@0 #x000000000001ffdb) #x00) (= (memory_load8_le mem@0 #x000000000001ffdc) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001ffdd) #x00) (= (memory_load8_le mem@0 #x000000000001ffde) #x00)) (and (= (memory_load8_le mem@0 #x000000000001ffdf) #x00) (= (memory_load8_le mem@0 #x0000000000020058) #x58)))) (and (and (and (= (memory_load8_le mem@0 #x0000000000020059) #x00) (= (memory_load8_le mem@0 #x000000000002005a) #x02)) (and (= (memory_load8_le mem@0 #x000000000002005b) #x00) (= (memory_load8_le mem@0 #x000000000002005c) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000002005d) #x00) (= (memory_load8_le mem@0 #x000000000002005e) #x00)) (and (= (memory_load8_le mem@0 #x000000000002005f) #x00) (=> (L mem@0 R0@1) Gamma_R0@0)))))) (and (and (and (and (and (= mem@1 (memory_store64_le mem@0 R0@1 R0@0)) (= Gamma_mem@1 (gamma_store64 Gamma_mem@0 R0@1 Gamma_R0@0))) (= R0@2 (bvadd #x0000000000020000 #x0000000000000080))) (and (= mem@2 mem@1) (= Gamma_mem@2 Gamma_mem@1))) (and (and (and (= (memory_load8_le mem@2 #x00000000000009b8) #x01) (= (memory_load8_le mem@2 #x00000000000009b9) #x00)) (and (= (memory_load8_le mem@2 #x00000000000009ba) #x02) (= (memory_load8_le mem@2 #x00000000000009bb) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@2 #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem@2 #x000000000001fdca) #x00) (= (memory_load8_le mem@2 #x000000000001fdcb) #x00))))) (and (and (and (and (= (memory_load8_le mem@2 #x000000000001fdcc) #x00) (= (memory_load8_le mem@2 #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdce) #x00) (= (memory_load8_le mem@2 #x000000000001fdcf) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdd0) #x80) (= (memory_load8_le mem@2 #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem@2 #x000000000001fdd2) #x00) (= (memory_load8_le mem@2 #x000000000001fdd3) #x00)))) (and (and (and (= (memory_load8_le mem@2 #x000000000001fdd4) #x00) (= (memory_load8_le mem@2 #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdd6) #x00) (= (memory_load8_le mem@2 #x000000000001fdd7) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@2 #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem@2 #x000000000001ffda) #x00) (= (memory_load8_le mem@2 #x000000000001ffdb) #x00))))))) (and (and (and (and (and (and (= (memory_load8_le mem@2 #x000000000001ffdc) #x00) (= (memory_load8_le mem@2 #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem@2 #x000000000001ffde) #x00) (= (memory_load8_le mem@2 #x000000000001ffdf) #x00))) (and (and (= (memory_load8_le mem@2 #x0000000000020058) #x58) (= (memory_load8_le mem@2 #x0000000000020059) #x00)) (and (= (memory_load8_le mem@2 #x000000000002005a) #x02) (= (memory_load8_le mem@2 #x000000000002005b) #x00)))) (and (and (and (= (memory_load8_le mem@2 #x000000000002005c) #x00) (= (memory_load8_le mem@2 #x000000000002005d) #x00)) (and (= (memory_load8_le mem@2 #x000000000002005e) #x00) (= (memory_load8_le mem@2 #x000000000002005f) #x00))) (and (and (= R19@0 (memory_load64_le mem@2 R0@2)) (= Gamma_R19@0 (or (gamma_load64 Gamma_mem@2 R0@2) (L mem@2 R0@2)))) (= R0@3 (bvadd #x0000000000020000 #x0000000000000068))))) (and (and (and (and (= (memory_load64_le mem@2 $buf_addr) (memory_load64_le mem@2 $buf_addr)) (= (memory_load8_le mem@2 $password_addr) (memory_load8_le mem@2 $password_addr))) (= (memory_load8_le mem@2 $stext_addr) (memory_load8_le mem@2 $stext_addr))) (and (= Gamma_R0@1 true) (forall ((i@@4 (_ BitVec 64)) ) (! (=> (and (bvule R0@3 i@@4) (bvult i@@4 (bvadd R0@3 R0@4))) (not (= (select mem@2 i@@4) #x00))) - :qid |examplebpl.812:19| - :skolemid |18| -)))) (and (and (and (= (memory_load8_le mem@2 (bvadd R0@3 R0@4)) #x00) (bvult R0@3 (bvadd (bvadd R0@3 R0@4) #x0000000000000001))) (and (= (memory_load8_le mem@2 #x00000000000009b8) #x01) (= (memory_load8_le mem@2 #x00000000000009b9) #x00))) (and (and (= (memory_load8_le mem@2 #x00000000000009ba) #x02) (= (memory_load8_le mem@2 #x00000000000009bb) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@2 #x000000000001fdc9) #x08)))))) (and (and (and (and (and (= (memory_load8_le mem@2 #x000000000001fdca) #x00) (= (memory_load8_le mem@2 #x000000000001fdcb) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdcc) #x00) (= (memory_load8_le mem@2 #x000000000001fdcd) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdce) #x00) (= (memory_load8_le mem@2 #x000000000001fdcf) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdd0) #x80) (= (memory_load8_le mem@2 #x000000000001fdd1) #x08)))) (and (and (and (= (memory_load8_le mem@2 #x000000000001fdd2) #x00) (= (memory_load8_le mem@2 #x000000000001fdd3) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdd4) #x00) (= (memory_load8_le mem@2 #x000000000001fdd5) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdd6) #x00) (= (memory_load8_le mem@2 #x000000000001fdd7) #x00)) (and (= (memory_load8_le mem@2 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@2 #x000000000001ffd9) #x08))))) (and (and (and (and (= (memory_load8_le mem@2 #x000000000001ffda) #x00) (= (memory_load8_le mem@2 #x000000000001ffdb) #x00)) (and (= (memory_load8_le mem@2 #x000000000001ffdc) #x00) (= (memory_load8_le mem@2 #x000000000001ffdd) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001ffde) #x00) (= (memory_load8_le mem@2 #x000000000001ffdf) #x00)) (and (= (memory_load8_le mem@2 #x0000000000020058) #x58) (= (memory_load8_le mem@2 #x0000000000020059) #x00)))) (and (and (and (= (memory_load8_le mem@2 #x000000000002005a) #x02) (= (memory_load8_le mem@2 #x000000000002005b) #x00)) (and (= (memory_load8_le mem@2 #x000000000002005c) #x00) (= (memory_load8_le mem@2 #x000000000002005d) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000002005e) #x00) (= (memory_load8_le mem@2 #x000000000002005f) #x00)) (and (= R1@0 (bvadd #x0000000000020000 #x0000000000000068)) (= (ControlFlow 0 2) (- 0 1))))))))) (or (bvugt R19@0 (bvadd R1@0 R0@4)) (bvugt R1@0 (bvadd R19@0 R0@4))))))))) -(let ((PreconditionGeneratedEntry_correct (=> (and (and (= (gamma_load8 Gamma_mem $password_addr) false) (= malloc_count 0)) (and (gamma_load32 Gamma_mem (memory_load64_le mem $stext_addr)) (= R31 #x0000000000000064))) (=> (and (and (and (= (memory_load8_le mem #x0000000000020050) #x00) (= (memory_load8_le mem #x0000000000020051) #x00)) (and (= (memory_load8_le mem #x0000000000020052) #x00) (= (memory_load8_le mem #x0000000000020053) #x00))) (and (and (= (memory_load8_le mem #x0000000000020054) #x00) (= (memory_load8_le mem #x0000000000020055) #x00)) (and (= (memory_load8_le mem #x0000000000020056) #x00) (= (memory_load8_le mem #x0000000000020057) #x00)))) (=> (and (and (and (and (and (and (= (memory_load8_le mem #x0000000000020058) #x58) (= (memory_load8_le mem #x0000000000020059) #x00)) (and (= (memory_load8_le mem #x000000000002005a) #x02) (= (memory_load8_le mem #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem #x000000000002005c) #x00) (= (memory_load8_le mem #x000000000002005d) #x00)) (and (= (memory_load8_le mem #x000000000002005e) #x00) (= (memory_load8_le mem #x000000000002005f) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020060) #x07) (= (memory_load8_le mem #x0000000000020061) #x00)) (and (= (memory_load8_le mem #x0000000000020062) #x00) (= (memory_load8_le mem #x0000000000020063) #x00))) (and (and (= (memory_load8_le mem #x0000000000020064) #x00) (= (memory_load8_le mem #x0000000000020065) #x00)) (and (= (memory_load8_le mem #x0000000000020066) #x00) (= (memory_load8_le mem #x0000000000020067) #x00))))) (and (and (and (and (= (memory_load8_le mem #x0000000000020068) #x68) (= (memory_load8_le mem #x0000000000020069) #x65)) (and (= (memory_load8_le mem #x000000000002006a) #x6c) (= (memory_load8_le mem #x000000000002006b) #x6c))) (and (and (= (memory_load8_le mem #x000000000002006c) #x6f) (= (memory_load8_le mem #x000000000002006d) #x6f)) (and (= (memory_load8_le mem #x000000000002006e) #x00) (= (memory_load8_le mem #x000000000002006f) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020070) #x00) (= (memory_load8_le mem #x0000000000020071) #x00)) (and (= (memory_load8_le mem #x0000000000020072) #x00) (= (memory_load8_le mem #x00000000000009b8) #x01))) (and (and (= (memory_load8_le mem #x00000000000009b9) #x00) (= (memory_load8_le mem #x00000000000009ba) #x02)) (and (= (memory_load8_le mem #x00000000000009bb) #x00) (= (memory_load8_le mem #x000000000001fdc8) #xd0)))))) (and (and (and (and (and (= (memory_load8_le mem #x000000000001fdc9) #x08) (= (memory_load8_le mem #x000000000001fdca) #x00)) (and (= (memory_load8_le mem #x000000000001fdcb) #x00) (= (memory_load8_le mem #x000000000001fdcc) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdcd) #x00) (= (memory_load8_le mem #x000000000001fdce) #x00)) (and (= (memory_load8_le mem #x000000000001fdcf) #x00) (= (memory_load8_le mem #x000000000001fdd0) #x80)))) (and (and (and (= (memory_load8_le mem #x000000000001fdd1) #x08) (= (memory_load8_le mem #x000000000001fdd2) #x00)) (and (= (memory_load8_le mem #x000000000001fdd3) #x00) (= (memory_load8_le mem #x000000000001fdd4) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdd5) #x00) (= (memory_load8_le mem #x000000000001fdd6) #x00)) (and (= (memory_load8_le mem #x000000000001fdd7) #x00) (= (memory_load8_le mem #x000000000001ffd8) #xd4))))) (and (and (and (and (= (memory_load8_le mem #x000000000001ffd9) #x08) (= (memory_load8_le mem #x000000000001ffda) #x00)) (and (= (memory_load8_le mem #x000000000001ffdb) #x00) (= (memory_load8_le mem #x000000000001ffdc) #x00))) (and (and (= (memory_load8_le mem #x000000000001ffdd) #x00) (= (memory_load8_le mem #x000000000001ffde) #x00)) (and (= (memory_load8_le mem #x000000000001ffdf) #x00) (= (memory_load8_le mem #x0000000000020058) #x58)))) (and (and (and (= (memory_load8_le mem #x0000000000020059) #x00) (= (memory_load8_le mem #x000000000002005a) #x02)) (and (= (memory_load8_le mem #x000000000002005b) #x00) (= (memory_load8_le mem #x000000000002005c) #x00))) (and (and (= (memory_load8_le mem #x000000000002005d) #x00) (= (memory_load8_le mem #x000000000002005e) #x00)) (and (= (memory_load8_le mem #x000000000002005f) #x00) (= (ControlFlow 0 3) 2))))))) lmain_correct))))) -PreconditionGeneratedEntry_correct))) -)) -(check-sat) -(get-info :reason-unknown) -(assert (not (= (ControlFlow 0 2) (- 1)))) -(check-sat) -(pop 1) -; Invalid -(get-info :rlimit) -(reset) -(set-option :print-success false) -(set-info :smt-lib-version 2.6) -(set-option :smt.mbqi false) -(set-option :model.compact false) -(set-option :model.v2 true) -(set-option :pp.bv_literals false) -; done setting options - - -(declare-fun tickleBool (Bool) Bool) -(assert (and (tickleBool true) (tickleBool false))) -(declare-fun gamma_store64 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#0| ((_ BitVec 64) (_ BitVec 64) Bool (Array (_ BitVec 64) Bool)) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#1| ((_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (Array (_ BitVec 64) (_ BitVec 8))) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun L ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) Bool) -(declare-fun memory_load64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 64)) -(declare-fun gamma_store8 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun memory_store8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 8)) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun gamma_load64 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load32 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load8 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun $password_addr () (_ BitVec 64)) -(declare-fun $stext_addr () (_ BitVec 64)) -(declare-fun $buf_addr () (_ BitVec 64)) -(declare-fun memory_load8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 8)) -(declare-fun memory_store64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 64)) (Array (_ BitVec 64) (_ BitVec 8))) -(assert (forall ((gammaMap (Array (_ BitVec 64) Bool)) (index (_ BitVec 64)) (value Bool) ) (! (= (gamma_store64 gammaMap index value) (|lambda#0| index #x0000000000000008 value gammaMap)) - :qid |examplebpl.63:34| - :skolemid |4| - :pattern ( (gamma_store64 gammaMap index value)) -))) -(assert (forall ((|l#0| (_ BitVec 64)) (|l#1| (_ BitVec 64)) (|l#2| (_ BitVec 64)) (|l#3| (_ BitVec 64)) (|l#4| (Array (_ BitVec 64) (_ BitVec 8))) (i (_ BitVec 64)) ) (! (= (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i) (ite (ite (bvule |l#0| (bvadd |l#0| |l#1|)) (and (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|))) (or (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|)))) ((_ extract 7 0) (bvlshr |l#2| (bvmul (bvsub i |l#3|) #x0000000000000008))) (select |l#4| i))) - :qid |examplebpl.83:57| - :skolemid |20| - :pattern ( (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i)) -))) -(assert (forall ((memory (Array (_ BitVec 64) (_ BitVec 8))) (index@@0 (_ BitVec 64)) ) (! (= (L memory index@@0) false) - :qid |examplebpl.35:22| - :skolemid |0| - :pattern ( (L memory index@@0)) -))) -(assert (forall ((memory@@0 (Array (_ BitVec 64) (_ BitVec 8))) (index@@1 (_ BitVec 64)) ) (! (= (memory_load64_le memory@@0 index@@1) (concat (select memory@@0 (bvadd index@@1 #x0000000000000007)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000006)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000005)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000004)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000003)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000002)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000001)) (select memory@@0 index@@1))))))))) - :qid |examplebpl.75:37| - :skolemid |6| - :pattern ( (memory_load64_le memory@@0 index@@1)) -))) -(assert (forall ((gammaMap@@0 (Array (_ BitVec 64) Bool)) (index@@2 (_ BitVec 64)) (value@@0 Bool) ) (! (= (gamma_store8 gammaMap@@0 index@@2 value@@0) (store gammaMap@@0 index@@2 value@@0)) - :qid |examplebpl.67:33| - :skolemid |5| - :pattern ( (gamma_store8 gammaMap@@0 index@@2 value@@0)) -))) -(assert (forall ((memory@@1 (Array (_ BitVec 64) (_ BitVec 8))) (index@@3 (_ BitVec 64)) (value@@1 (_ BitVec 8)) ) (! (= (memory_store8_le memory@@1 index@@3 value@@1) (store memory@@1 index@@3 value@@1)) - :qid |examplebpl.87:37| - :skolemid |9| - :pattern ( (memory_store8_le memory@@1 index@@3 value@@1)) -))) -(assert (forall ((|l#0@@0| (_ BitVec 64)) (|l#1@@0| (_ BitVec 64)) (|l#2@@0| Bool) (|l#3@@0| (Array (_ BitVec 64) Bool)) (i@@0 (_ BitVec 64)) ) (! (= (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0) (ite (ite (bvule |l#0@@0| (bvadd |l#0@@0| |l#1@@0|)) (and (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|))) (or (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|)))) |l#2@@0| (select |l#3@@0| i@@0))) - :qid |examplebpl.63:56| - :skolemid |19| - :pattern ( (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0)) -))) -(assert (forall ((gammaMap@@1 (Array (_ BitVec 64) Bool)) (index@@4 (_ BitVec 64)) ) (! (= (gamma_load64 gammaMap@@1 index@@4) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000007)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000006)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000005)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000004)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000003)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000002)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000001)) (select gammaMap@@1 index@@4))))))))) - :qid |examplebpl.55:33| - :skolemid |2| - :pattern ( (gamma_load64 gammaMap@@1 index@@4)) -))) -(assert (forall ((gammaMap@@2 (Array (_ BitVec 64) Bool)) (index@@5 (_ BitVec 64)) ) (! (= (gamma_load32 gammaMap@@2 index@@5) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000003)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000002)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000001)) (select gammaMap@@2 index@@5))))) - :qid |examplebpl.51:33| - :skolemid |1| - :pattern ( (gamma_load32 gammaMap@@2 index@@5)) -))) -(assert (forall ((gammaMap@@3 (Array (_ BitVec 64) Bool)) (index@@6 (_ BitVec 64)) ) (! (= (gamma_load8 gammaMap@@3 index@@6) (select gammaMap@@3 index@@6)) - :qid |examplebpl.59:32| - :skolemid |3| - :pattern ( (gamma_load8 gammaMap@@3 index@@6)) -))) -(assert (= $password_addr #x0000000000020060)) -(assert (= $stext_addr #x0000000000020068)) -(assert (= $buf_addr #x0000000000020080)) -(assert (forall ((memory@@2 (Array (_ BitVec 64) (_ BitVec 8))) (index@@7 (_ BitVec 64)) ) (! (= (memory_load8_le memory@@2 index@@7) (select memory@@2 index@@7)) - :qid |examplebpl.79:36| - :skolemid |7| - :pattern ( (memory_load8_le memory@@2 index@@7)) -))) -(assert (forall ((memory@@3 (Array (_ BitVec 64) (_ BitVec 8))) (index@@8 (_ BitVec 64)) (value@@2 (_ BitVec 64)) ) (! (= (memory_store64_le memory@@3 index@@8 value@@2) (|lambda#1| index@@8 #x0000000000000008 value@@2 index@@8 memory@@3)) - :qid |examplebpl.83:38| - :skolemid |8| - :pattern ( (memory_store64_le memory@@3 index@@8 value@@2)) -))) -; Invalid - -(push 1) -(declare-fun ControlFlow (Int Int) Int) -(declare-fun |#4@0| () (_ BitVec 64)) -(declare-fun R31 () (_ BitVec 64)) -(declare-fun stack@0 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun stack () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R29 () (_ BitVec 64)) -(declare-fun Gamma_stack@0 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_stack () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R29 () Bool) -(declare-fun stack@1 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R30 () (_ BitVec 64)) -(declare-fun Gamma_stack@1 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R30 () Bool) -(declare-fun stack@2 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R19 () (_ BitVec 64)) -(declare-fun Gamma_stack@2 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R19 () Bool) -(declare-fun stack@3 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@3 () (Array (_ BitVec 64) Bool)) -(declare-fun stack@4 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@4 () (Array (_ BitVec 64) Bool)) -(declare-fun mem () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_R0@0 () Bool) -(declare-fun malloc_count@0 () Int) -(declare-fun malloc_count () Int) -(declare-fun malloc_end@0 () (Array Int (_ BitVec 64))) -(declare-fun malloc_base@0 () (Array Int (_ BitVec 64))) -(declare-fun R0@0 () (_ BitVec 64)) -(declare-fun malloc_base () (Array Int (_ BitVec 64))) -(declare-fun malloc_end () (Array Int (_ BitVec 64))) -(declare-fun Gamma_mem () (Array (_ BitVec 64) Bool)) -(declare-fun R0@1 () (_ BitVec 64)) -(declare-fun mem@0 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@0 () (Array (_ BitVec 64) Bool)) -(declare-fun mem@1 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@1 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@2 () (_ BitVec 64)) -(declare-fun mem@2 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@2 () (Array (_ BitVec 64) Bool)) -(declare-fun R19@0 () (_ BitVec 64)) -(declare-fun Gamma_R19@0 () Bool) -(declare-fun R0@3 () (_ BitVec 64)) -(declare-fun Gamma_R0@1 () Bool) -(declare-fun R0@4 () (_ BitVec 64)) -(declare-fun R1@0 () (_ BitVec 64)) -(set-info :boogie-vc-id main_split5) -(set-option :timeout 0) -(set-option :rlimit 0) -(assert (not - (=> (= (ControlFlow 0 0) 3) (let ((lmain_correct (=> (= |#4@0| (bvadd R31 #xffffffffffffffd0)) (=> (and (and (= stack@0 (memory_store64_le stack |#4@0| R29)) (= Gamma_stack@0 (gamma_store64 Gamma_stack |#4@0| Gamma_R29))) (and (= stack@1 (memory_store64_le stack@0 (bvadd |#4@0| #x0000000000000008) R30)) (= Gamma_stack@1 (gamma_store64 Gamma_stack@0 (bvadd |#4@0| #x0000000000000008) Gamma_R30)))) (=> (and (and (and (and (= stack@2 (memory_store64_le stack@1 (bvadd |#4@0| #x0000000000000010) R19)) (= Gamma_stack@2 (gamma_store64 Gamma_stack@1 (bvadd |#4@0| #x0000000000000010) Gamma_R19))) (and (= stack@3 (memory_store64_le stack@2 (bvadd |#4@0| #x0000000000000028) #x0000000000000000)) (= Gamma_stack@3 (gamma_store64 Gamma_stack@2 (bvadd |#4@0| #x0000000000000028) true)))) (and (and (= stack@4 (memory_store64_le stack@3 (bvadd |#4@0| #x0000000000000020) #x0000000000000000)) (= Gamma_stack@4 (gamma_store64 Gamma_stack@3 (bvadd |#4@0| #x0000000000000020) true))) (and (bvugt #x000000000000000b #x0000000000000000) (= true true)))) (and (and (and (= (memory_load64_le mem $buf_addr) (memory_load64_le mem $buf_addr)) (= (memory_load8_le mem $password_addr) (memory_load8_le mem $password_addr))) (= Gamma_R0@0 true)) (and (and (= malloc_count@0 (+ malloc_count 1)) (bvugt (select malloc_end@0 malloc_count@0) (select malloc_base@0 malloc_count@0))) (and (= R0@0 (select malloc_base@0 malloc_count@0)) (= (select malloc_end@0 malloc_count@0) (bvadd R0@0 #x000000000000000b)))))) (=> (and (and (and (and (and (and (forall ((i@@1 Int) ) (! (=> (not (= i@@1 malloc_count@0)) (or (bvugt (select malloc_base@0 malloc_count@0) (select malloc_end@0 i@@1)) (bvult (select malloc_end@0 malloc_count@0) (select malloc_base@0 i@@1)))) - :qid |examplebpl.497:19| - :skolemid |11| -)) (forall ((i@@2 Int) ) (! (=> (not (= i@@2 malloc_count@0)) (and (= (select malloc_base@0 i@@2) (select malloc_base i@@2)) (= (select malloc_end@0 i@@2) (select malloc_end i@@2)))) - :qid |examplebpl.498:19| - :skolemid |12| -))) (and (bvuge R0@0 #x0000000005f5e100) (forall ((i@@3 (_ BitVec 64)) ) (! (=> (and (bvuge i@@3 R0@0) (bvult i@@3 (bvadd R0@0 #x000000000000000b))) (and (select Gamma_mem i@@3) (gamma_load8 Gamma_mem i@@3))) - :qid |examplebpl.500:19| - :skolemid |13| -)))) (and (and (= (memory_load8_le mem #x00000000000009b8) #x01) (= (memory_load8_le mem #x00000000000009b9) #x00)) (and (= (memory_load8_le mem #x00000000000009ba) #x02) (= (memory_load8_le mem #x00000000000009bb) #x00)))) (and (and (and (= (memory_load8_le mem #x000000000001fdc8) #xd0) (= (memory_load8_le mem #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem #x000000000001fdca) #x00) (= (memory_load8_le mem #x000000000001fdcb) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdcc) #x00) (= (memory_load8_le mem #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem #x000000000001fdce) #x00) (= (memory_load8_le mem #x000000000001fdcf) #x00))))) (and (and (and (and (= (memory_load8_le mem #x000000000001fdd0) #x80) (= (memory_load8_le mem #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem #x000000000001fdd2) #x00) (= (memory_load8_le mem #x000000000001fdd3) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdd4) #x00) (= (memory_load8_le mem #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem #x000000000001fdd6) #x00) (= (memory_load8_le mem #x000000000001fdd7) #x00)))) (and (and (and (= (memory_load8_le mem #x000000000001ffd8) #xd4) (= (memory_load8_le mem #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem #x000000000001ffda) #x00) (= (memory_load8_le mem #x000000000001ffdb) #x00))) (and (and (= (memory_load8_le mem #x000000000001ffdc) #x00) (= (memory_load8_le mem #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem #x000000000001ffde) #x00) (= (memory_load8_le mem #x000000000001ffdf) #x00)))))) (and (and (and (and (and (= (memory_load8_le mem #x0000000000020058) #x58) (= (memory_load8_le mem #x0000000000020059) #x00)) (and (= (memory_load8_le mem #x000000000002005a) #x02) (= (memory_load8_le mem #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem #x000000000002005c) #x00) (= (memory_load8_le mem #x000000000002005d) #x00)) (and (= (memory_load8_le mem #x000000000002005e) #x00) (= (memory_load8_le mem #x000000000002005f) #x00)))) (and (and (and (= R0@1 (bvadd #x0000000000020000 #x0000000000000080)) (= mem@0 mem)) (and (= Gamma_mem@0 Gamma_mem) (= (memory_load8_le mem@0 #x00000000000009b8) #x01))) (and (and (= (memory_load8_le mem@0 #x00000000000009b9) #x00) (= (memory_load8_le mem@0 #x00000000000009ba) #x02)) (and (= (memory_load8_le mem@0 #x00000000000009bb) #x00) (= (memory_load8_le mem@0 #x000000000001fdc8) #xd0))))) (and (and (and (and (= (memory_load8_le mem@0 #x000000000001fdc9) #x08) (= (memory_load8_le mem@0 #x000000000001fdca) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdcb) #x00) (= (memory_load8_le mem@0 #x000000000001fdcc) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001fdcd) #x00) (= (memory_load8_le mem@0 #x000000000001fdce) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdcf) #x00) (= (memory_load8_le mem@0 #x000000000001fdd0) #x80)))) (and (and (and (= (memory_load8_le mem@0 #x000000000001fdd1) #x08) (= (memory_load8_le mem@0 #x000000000001fdd2) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdd3) #x00) (= (memory_load8_le mem@0 #x000000000001fdd4) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001fdd5) #x00) (= (memory_load8_le mem@0 #x000000000001fdd6) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdd7) #x00) (= (memory_load8_le mem@0 #x000000000001ffd8) #xd4))))))) (=> (and (and (and (and (and (and (and (= (memory_load8_le mem@0 #x000000000001ffd9) #x08) (= (memory_load8_le mem@0 #x000000000001ffda) #x00)) (and (= (memory_load8_le mem@0 #x000000000001ffdb) #x00) (= (memory_load8_le mem@0 #x000000000001ffdc) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001ffdd) #x00) (= (memory_load8_le mem@0 #x000000000001ffde) #x00)) (and (= (memory_load8_le mem@0 #x000000000001ffdf) #x00) (= (memory_load8_le mem@0 #x0000000000020058) #x58)))) (and (and (and (= (memory_load8_le mem@0 #x0000000000020059) #x00) (= (memory_load8_le mem@0 #x000000000002005a) #x02)) (and (= (memory_load8_le mem@0 #x000000000002005b) #x00) (= (memory_load8_le mem@0 #x000000000002005c) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000002005d) #x00) (= (memory_load8_le mem@0 #x000000000002005e) #x00)) (and (= (memory_load8_le mem@0 #x000000000002005f) #x00) (=> (L mem@0 R0@1) Gamma_R0@0))))) (and (and (and (and (= mem@1 (memory_store64_le mem@0 R0@1 R0@0)) (= Gamma_mem@1 (gamma_store64 Gamma_mem@0 R0@1 Gamma_R0@0))) (= R0@2 (bvadd #x0000000000020000 #x0000000000000080))) (and (= mem@2 mem@1) (= Gamma_mem@2 Gamma_mem@1))) (and (and (and (= (memory_load8_le mem@2 #x00000000000009b8) #x01) (= (memory_load8_le mem@2 #x00000000000009b9) #x00)) (and (= (memory_load8_le mem@2 #x00000000000009ba) #x02) (= (memory_load8_le mem@2 #x00000000000009bb) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@2 #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem@2 #x000000000001fdca) #x00) (= (memory_load8_le mem@2 #x000000000001fdcb) #x00)))))) (and (and (and (and (and (= (memory_load8_le mem@2 #x000000000001fdcc) #x00) (= (memory_load8_le mem@2 #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdce) #x00) (= (memory_load8_le mem@2 #x000000000001fdcf) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdd0) #x80) (= (memory_load8_le mem@2 #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem@2 #x000000000001fdd2) #x00) (= (memory_load8_le mem@2 #x000000000001fdd3) #x00)))) (and (and (and (= (memory_load8_le mem@2 #x000000000001fdd4) #x00) (= (memory_load8_le mem@2 #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdd6) #x00) (= (memory_load8_le mem@2 #x000000000001fdd7) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@2 #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem@2 #x000000000001ffda) #x00) (= (memory_load8_le mem@2 #x000000000001ffdb) #x00))))) (and (and (and (and (= (memory_load8_le mem@2 #x000000000001ffdc) #x00) (= (memory_load8_le mem@2 #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem@2 #x000000000001ffde) #x00) (= (memory_load8_le mem@2 #x000000000001ffdf) #x00))) (and (and (= (memory_load8_le mem@2 #x0000000000020058) #x58) (= (memory_load8_le mem@2 #x0000000000020059) #x00)) (and (= (memory_load8_le mem@2 #x000000000002005a) #x02) (= (memory_load8_le mem@2 #x000000000002005b) #x00)))) (and (and (and (= (memory_load8_le mem@2 #x000000000002005c) #x00) (= (memory_load8_le mem@2 #x000000000002005d) #x00)) (and (= (memory_load8_le mem@2 #x000000000002005e) #x00) (= (memory_load8_le mem@2 #x000000000002005f) #x00))) (and (and (= R19@0 (memory_load64_le mem@2 R0@2)) (= Gamma_R19@0 (or (gamma_load64 Gamma_mem@2 R0@2) (L mem@2 R0@2)))) (= R0@3 (bvadd #x0000000000020000 #x0000000000000068))))))) (and (and (and (and (and (and (= (memory_load64_le mem@2 $buf_addr) (memory_load64_le mem@2 $buf_addr)) (= (memory_load8_le mem@2 $password_addr) (memory_load8_le mem@2 $password_addr))) (= (memory_load8_le mem@2 $stext_addr) (memory_load8_le mem@2 $stext_addr))) (= Gamma_R0@1 true)) (and (forall ((i@@4 (_ BitVec 64)) ) (! (=> (and (bvule R0@3 i@@4) (bvult i@@4 (bvadd R0@3 R0@4))) (not (= (select mem@2 i@@4) #x00))) - :qid |examplebpl.812:19| - :skolemid |18| -)) (= (memory_load8_le mem@2 (bvadd R0@3 R0@4)) #x00))) (and (and (and (bvult R0@3 (bvadd (bvadd R0@3 R0@4) #x0000000000000001)) (= (memory_load8_le mem@2 #x00000000000009b8) #x01)) (and (= (memory_load8_le mem@2 #x00000000000009b9) #x00) (= (memory_load8_le mem@2 #x00000000000009ba) #x02))) (and (and (= (memory_load8_le mem@2 #x00000000000009bb) #x00) (= (memory_load8_le mem@2 #x000000000001fdc8) #xd0)) (and (= (memory_load8_le mem@2 #x000000000001fdc9) #x08) (= (memory_load8_le mem@2 #x000000000001fdca) #x00))))) (and (and (and (and (and (= (memory_load8_le mem@2 #x000000000001fdcb) #x00) (= (memory_load8_le mem@2 #x000000000001fdcc) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdcd) #x00) (= (memory_load8_le mem@2 #x000000000001fdce) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdcf) #x00) (= (memory_load8_le mem@2 #x000000000001fdd0) #x80)) (and (= (memory_load8_le mem@2 #x000000000001fdd1) #x08) (= (memory_load8_le mem@2 #x000000000001fdd2) #x00)))) (and (and (and (= (memory_load8_le mem@2 #x000000000001fdd3) #x00) (= (memory_load8_le mem@2 #x000000000001fdd4) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdd5) #x00) (= (memory_load8_le mem@2 #x000000000001fdd6) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdd7) #x00) (= (memory_load8_le mem@2 #x000000000001ffd8) #xd4)) (and (= (memory_load8_le mem@2 #x000000000001ffd9) #x08) (= (memory_load8_le mem@2 #x000000000001ffda) #x00))))) (and (and (and (and (= (memory_load8_le mem@2 #x000000000001ffdb) #x00) (= (memory_load8_le mem@2 #x000000000001ffdc) #x00)) (and (= (memory_load8_le mem@2 #x000000000001ffdd) #x00) (= (memory_load8_le mem@2 #x000000000001ffde) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001ffdf) #x00) (= (memory_load8_le mem@2 #x0000000000020058) #x58)) (and (= (memory_load8_le mem@2 #x0000000000020059) #x00) (= (memory_load8_le mem@2 #x000000000002005a) #x02)))) (and (and (and (= (memory_load8_le mem@2 #x000000000002005b) #x00) (= (memory_load8_le mem@2 #x000000000002005c) #x00)) (and (= (memory_load8_le mem@2 #x000000000002005d) #x00) (= (memory_load8_le mem@2 #x000000000002005e) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000002005f) #x00) (= R1@0 (bvadd #x0000000000020000 #x0000000000000068))) (and (or (bvugt R19@0 (bvadd R1@0 R0@4)) (bvugt R1@0 (bvadd R19@0 R0@4))) (= (ControlFlow 0 2) (- 0 1))))))))) (and (bvugt (bvadd R19@0 R0@4) R19@0) (bvugt (bvadd R1@0 R0@4) R1@0))))))))) -(let ((PreconditionGeneratedEntry_correct (=> (and (and (= (gamma_load8 Gamma_mem $password_addr) false) (= malloc_count 0)) (and (gamma_load32 Gamma_mem (memory_load64_le mem $stext_addr)) (= R31 #x0000000000000064))) (=> (and (and (and (= (memory_load8_le mem #x0000000000020050) #x00) (= (memory_load8_le mem #x0000000000020051) #x00)) (and (= (memory_load8_le mem #x0000000000020052) #x00) (= (memory_load8_le mem #x0000000000020053) #x00))) (and (and (= (memory_load8_le mem #x0000000000020054) #x00) (= (memory_load8_le mem #x0000000000020055) #x00)) (and (= (memory_load8_le mem #x0000000000020056) #x00) (= (memory_load8_le mem #x0000000000020057) #x00)))) (=> (and (and (and (and (and (and (= (memory_load8_le mem #x0000000000020058) #x58) (= (memory_load8_le mem #x0000000000020059) #x00)) (and (= (memory_load8_le mem #x000000000002005a) #x02) (= (memory_load8_le mem #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem #x000000000002005c) #x00) (= (memory_load8_le mem #x000000000002005d) #x00)) (and (= (memory_load8_le mem #x000000000002005e) #x00) (= (memory_load8_le mem #x000000000002005f) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020060) #x07) (= (memory_load8_le mem #x0000000000020061) #x00)) (and (= (memory_load8_le mem #x0000000000020062) #x00) (= (memory_load8_le mem #x0000000000020063) #x00))) (and (and (= (memory_load8_le mem #x0000000000020064) #x00) (= (memory_load8_le mem #x0000000000020065) #x00)) (and (= (memory_load8_le mem #x0000000000020066) #x00) (= (memory_load8_le mem #x0000000000020067) #x00))))) (and (and (and (and (= (memory_load8_le mem #x0000000000020068) #x68) (= (memory_load8_le mem #x0000000000020069) #x65)) (and (= (memory_load8_le mem #x000000000002006a) #x6c) (= (memory_load8_le mem #x000000000002006b) #x6c))) (and (and (= (memory_load8_le mem #x000000000002006c) #x6f) (= (memory_load8_le mem #x000000000002006d) #x6f)) (and (= (memory_load8_le mem #x000000000002006e) #x00) (= (memory_load8_le mem #x000000000002006f) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020070) #x00) (= (memory_load8_le mem #x0000000000020071) #x00)) (and (= (memory_load8_le mem #x0000000000020072) #x00) (= (memory_load8_le mem #x00000000000009b8) #x01))) (and (and (= (memory_load8_le mem #x00000000000009b9) #x00) (= (memory_load8_le mem #x00000000000009ba) #x02)) (and (= (memory_load8_le mem #x00000000000009bb) #x00) (= (memory_load8_le mem #x000000000001fdc8) #xd0)))))) (and (and (and (and (and (= (memory_load8_le mem #x000000000001fdc9) #x08) (= (memory_load8_le mem #x000000000001fdca) #x00)) (and (= (memory_load8_le mem #x000000000001fdcb) #x00) (= (memory_load8_le mem #x000000000001fdcc) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdcd) #x00) (= (memory_load8_le mem #x000000000001fdce) #x00)) (and (= (memory_load8_le mem #x000000000001fdcf) #x00) (= (memory_load8_le mem #x000000000001fdd0) #x80)))) (and (and (and (= (memory_load8_le mem #x000000000001fdd1) #x08) (= (memory_load8_le mem #x000000000001fdd2) #x00)) (and (= (memory_load8_le mem #x000000000001fdd3) #x00) (= (memory_load8_le mem #x000000000001fdd4) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdd5) #x00) (= (memory_load8_le mem #x000000000001fdd6) #x00)) (and (= (memory_load8_le mem #x000000000001fdd7) #x00) (= (memory_load8_le mem #x000000000001ffd8) #xd4))))) (and (and (and (and (= (memory_load8_le mem #x000000000001ffd9) #x08) (= (memory_load8_le mem #x000000000001ffda) #x00)) (and (= (memory_load8_le mem #x000000000001ffdb) #x00) (= (memory_load8_le mem #x000000000001ffdc) #x00))) (and (and (= (memory_load8_le mem #x000000000001ffdd) #x00) (= (memory_load8_le mem #x000000000001ffde) #x00)) (and (= (memory_load8_le mem #x000000000001ffdf) #x00) (= (memory_load8_le mem #x0000000000020058) #x58)))) (and (and (and (= (memory_load8_le mem #x0000000000020059) #x00) (= (memory_load8_le mem #x000000000002005a) #x02)) (and (= (memory_load8_le mem #x000000000002005b) #x00) (= (memory_load8_le mem #x000000000002005c) #x00))) (and (and (= (memory_load8_le mem #x000000000002005d) #x00) (= (memory_load8_le mem #x000000000002005e) #x00)) (and (= (memory_load8_le mem #x000000000002005f) #x00) (= (ControlFlow 0 3) 2))))))) lmain_correct))))) -PreconditionGeneratedEntry_correct))) -)) -(check-sat) -(get-info :reason-unknown) -(assert (not (= (ControlFlow 0 2) (- 1)))) -(check-sat) -(pop 1) -; Invalid -(get-info :rlimit) -(reset) -(set-option :print-success false) -(set-info :smt-lib-version 2.6) -(set-option :smt.mbqi false) -(set-option :model.compact false) -(set-option :model.v2 true) -(set-option :pp.bv_literals false) -; done setting options - - -(declare-fun tickleBool (Bool) Bool) -(assert (and (tickleBool true) (tickleBool false))) -(declare-fun gamma_store64 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#0| ((_ BitVec 64) (_ BitVec 64) Bool (Array (_ BitVec 64) Bool)) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#1| ((_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (Array (_ BitVec 64) (_ BitVec 8))) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun L ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) Bool) -(declare-fun memory_load64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 64)) -(declare-fun gamma_store8 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun memory_store8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 8)) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun gamma_load64 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load32 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load8 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun $password_addr () (_ BitVec 64)) -(declare-fun $stext_addr () (_ BitVec 64)) -(declare-fun $buf_addr () (_ BitVec 64)) -(declare-fun memory_load8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 8)) -(declare-fun memory_store64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 64)) (Array (_ BitVec 64) (_ BitVec 8))) -(assert (forall ((gammaMap (Array (_ BitVec 64) Bool)) (index (_ BitVec 64)) (value Bool) ) (! (= (gamma_store64 gammaMap index value) (|lambda#0| index #x0000000000000008 value gammaMap)) - :qid |examplebpl.63:34| - :skolemid |4| - :pattern ( (gamma_store64 gammaMap index value)) -))) -(assert (forall ((|l#0| (_ BitVec 64)) (|l#1| (_ BitVec 64)) (|l#2| (_ BitVec 64)) (|l#3| (_ BitVec 64)) (|l#4| (Array (_ BitVec 64) (_ BitVec 8))) (i (_ BitVec 64)) ) (! (= (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i) (ite (ite (bvule |l#0| (bvadd |l#0| |l#1|)) (and (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|))) (or (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|)))) ((_ extract 7 0) (bvlshr |l#2| (bvmul (bvsub i |l#3|) #x0000000000000008))) (select |l#4| i))) - :qid |examplebpl.83:57| - :skolemid |20| - :pattern ( (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i)) -))) -(assert (forall ((memory (Array (_ BitVec 64) (_ BitVec 8))) (index@@0 (_ BitVec 64)) ) (! (= (L memory index@@0) false) - :qid |examplebpl.35:22| - :skolemid |0| - :pattern ( (L memory index@@0)) -))) -(assert (forall ((memory@@0 (Array (_ BitVec 64) (_ BitVec 8))) (index@@1 (_ BitVec 64)) ) (! (= (memory_load64_le memory@@0 index@@1) (concat (select memory@@0 (bvadd index@@1 #x0000000000000007)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000006)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000005)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000004)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000003)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000002)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000001)) (select memory@@0 index@@1))))))))) - :qid |examplebpl.75:37| - :skolemid |6| - :pattern ( (memory_load64_le memory@@0 index@@1)) -))) -(assert (forall ((gammaMap@@0 (Array (_ BitVec 64) Bool)) (index@@2 (_ BitVec 64)) (value@@0 Bool) ) (! (= (gamma_store8 gammaMap@@0 index@@2 value@@0) (store gammaMap@@0 index@@2 value@@0)) - :qid |examplebpl.67:33| - :skolemid |5| - :pattern ( (gamma_store8 gammaMap@@0 index@@2 value@@0)) -))) -(assert (forall ((memory@@1 (Array (_ BitVec 64) (_ BitVec 8))) (index@@3 (_ BitVec 64)) (value@@1 (_ BitVec 8)) ) (! (= (memory_store8_le memory@@1 index@@3 value@@1) (store memory@@1 index@@3 value@@1)) - :qid |examplebpl.87:37| - :skolemid |9| - :pattern ( (memory_store8_le memory@@1 index@@3 value@@1)) -))) -(assert (forall ((|l#0@@0| (_ BitVec 64)) (|l#1@@0| (_ BitVec 64)) (|l#2@@0| Bool) (|l#3@@0| (Array (_ BitVec 64) Bool)) (i@@0 (_ BitVec 64)) ) (! (= (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0) (ite (ite (bvule |l#0@@0| (bvadd |l#0@@0| |l#1@@0|)) (and (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|))) (or (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|)))) |l#2@@0| (select |l#3@@0| i@@0))) - :qid |examplebpl.63:56| - :skolemid |19| - :pattern ( (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0)) -))) -(assert (forall ((gammaMap@@1 (Array (_ BitVec 64) Bool)) (index@@4 (_ BitVec 64)) ) (! (= (gamma_load64 gammaMap@@1 index@@4) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000007)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000006)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000005)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000004)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000003)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000002)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000001)) (select gammaMap@@1 index@@4))))))))) - :qid |examplebpl.55:33| - :skolemid |2| - :pattern ( (gamma_load64 gammaMap@@1 index@@4)) -))) -(assert (forall ((gammaMap@@2 (Array (_ BitVec 64) Bool)) (index@@5 (_ BitVec 64)) ) (! (= (gamma_load32 gammaMap@@2 index@@5) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000003)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000002)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000001)) (select gammaMap@@2 index@@5))))) - :qid |examplebpl.51:33| - :skolemid |1| - :pattern ( (gamma_load32 gammaMap@@2 index@@5)) -))) -(assert (forall ((gammaMap@@3 (Array (_ BitVec 64) Bool)) (index@@6 (_ BitVec 64)) ) (! (= (gamma_load8 gammaMap@@3 index@@6) (select gammaMap@@3 index@@6)) - :qid |examplebpl.59:32| - :skolemid |3| - :pattern ( (gamma_load8 gammaMap@@3 index@@6)) -))) -(assert (= $password_addr #x0000000000020060)) -(assert (= $stext_addr #x0000000000020068)) -(assert (= $buf_addr #x0000000000020080)) -(assert (forall ((memory@@2 (Array (_ BitVec 64) (_ BitVec 8))) (index@@7 (_ BitVec 64)) ) (! (= (memory_load8_le memory@@2 index@@7) (select memory@@2 index@@7)) - :qid |examplebpl.79:36| - :skolemid |7| - :pattern ( (memory_load8_le memory@@2 index@@7)) -))) -(assert (forall ((memory@@3 (Array (_ BitVec 64) (_ BitVec 8))) (index@@8 (_ BitVec 64)) (value@@2 (_ BitVec 64)) ) (! (= (memory_store64_le memory@@3 index@@8 value@@2) (|lambda#1| index@@8 #x0000000000000008 value@@2 index@@8 memory@@3)) - :qid |examplebpl.83:38| - :skolemid |8| - :pattern ( (memory_store64_le memory@@3 index@@8 value@@2)) -))) -; Invalid - -(push 1) -(declare-fun ControlFlow (Int Int) Int) -(declare-fun |#4@0| () (_ BitVec 64)) -(declare-fun R31 () (_ BitVec 64)) -(declare-fun stack@0 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun stack () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R29 () (_ BitVec 64)) -(declare-fun Gamma_stack@0 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_stack () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R29 () Bool) -(declare-fun stack@1 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R30 () (_ BitVec 64)) -(declare-fun Gamma_stack@1 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R30 () Bool) -(declare-fun stack@2 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R19 () (_ BitVec 64)) -(declare-fun Gamma_stack@2 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R19 () Bool) -(declare-fun stack@3 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@3 () (Array (_ BitVec 64) Bool)) -(declare-fun stack@4 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@4 () (Array (_ BitVec 64) Bool)) -(declare-fun mem () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_R0@0 () Bool) -(declare-fun malloc_count@0 () Int) -(declare-fun malloc_count () Int) -(declare-fun malloc_end@0 () (Array Int (_ BitVec 64))) -(declare-fun malloc_base@0 () (Array Int (_ BitVec 64))) -(declare-fun R0@0 () (_ BitVec 64)) -(declare-fun malloc_base () (Array Int (_ BitVec 64))) -(declare-fun malloc_end () (Array Int (_ BitVec 64))) -(declare-fun Gamma_mem () (Array (_ BitVec 64) Bool)) -(declare-fun R0@1 () (_ BitVec 64)) -(declare-fun mem@0 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@0 () (Array (_ BitVec 64) Bool)) -(declare-fun mem@1 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@1 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@2 () (_ BitVec 64)) -(declare-fun mem@2 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@2 () (Array (_ BitVec 64) Bool)) -(declare-fun R19@0 () (_ BitVec 64)) -(declare-fun Gamma_R19@0 () Bool) -(declare-fun R0@3 () (_ BitVec 64)) -(declare-fun Gamma_R0@1 () Bool) -(declare-fun R0@4 () (_ BitVec 64)) -(declare-fun R1@0 () (_ BitVec 64)) -(declare-fun mem@3 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@3 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@5 () (_ BitVec 64)) -(declare-fun mem@4 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@4 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@6 () (_ BitVec 64)) -(declare-fun Gamma_R0@2 () Bool) -(declare-fun R0@7 () (_ BitVec 64)) -(declare-fun mem@5 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@5 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@8 () (_ BitVec 64)) -(declare-fun Gamma_R0@3 () Bool) -(declare-fun R0@9 () (_ BitVec 64)) -(declare-fun stack@5 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@5 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@10 () (_ BitVec 64)) -(declare-fun Gamma_R0@4 () Bool) -(declare-fun mem@6 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@6 () (Array (_ BitVec 64) Bool)) -(set-info :boogie-vc-id main_split6) -(set-option :timeout 0) -(set-option :rlimit 0) -(assert (not - (=> (= (ControlFlow 0 0) 3) (let ((lmain_correct (=> (= |#4@0| (bvadd R31 #xffffffffffffffd0)) (=> (and (and (= stack@0 (memory_store64_le stack |#4@0| R29)) (= Gamma_stack@0 (gamma_store64 Gamma_stack |#4@0| Gamma_R29))) (and (= stack@1 (memory_store64_le stack@0 (bvadd |#4@0| #x0000000000000008) R30)) (= Gamma_stack@1 (gamma_store64 Gamma_stack@0 (bvadd |#4@0| #x0000000000000008) Gamma_R30)))) (=> (and (and (and (and (and (= stack@2 (memory_store64_le stack@1 (bvadd |#4@0| #x0000000000000010) R19)) (= Gamma_stack@2 (gamma_store64 Gamma_stack@1 (bvadd |#4@0| #x0000000000000010) Gamma_R19))) (and (= stack@3 (memory_store64_le stack@2 (bvadd |#4@0| #x0000000000000028) #x0000000000000000)) (= Gamma_stack@3 (gamma_store64 Gamma_stack@2 (bvadd |#4@0| #x0000000000000028) true)))) (and (and (= stack@4 (memory_store64_le stack@3 (bvadd |#4@0| #x0000000000000020) #x0000000000000000)) (= Gamma_stack@4 (gamma_store64 Gamma_stack@3 (bvadd |#4@0| #x0000000000000020) true))) (and (bvugt #x000000000000000b #x0000000000000000) (= true true)))) (and (and (and (= (memory_load64_le mem $buf_addr) (memory_load64_le mem $buf_addr)) (= (memory_load8_le mem $password_addr) (memory_load8_le mem $password_addr))) (= Gamma_R0@0 true)) (and (and (= malloc_count@0 (+ malloc_count 1)) (bvugt (select malloc_end@0 malloc_count@0) (select malloc_base@0 malloc_count@0))) (and (= R0@0 (select malloc_base@0 malloc_count@0)) (= (select malloc_end@0 malloc_count@0) (bvadd R0@0 #x000000000000000b)))))) (and (and (and (and (forall ((i@@1 Int) ) (! (=> (not (= i@@1 malloc_count@0)) (or (bvugt (select malloc_base@0 malloc_count@0) (select malloc_end@0 i@@1)) (bvult (select malloc_end@0 malloc_count@0) (select malloc_base@0 i@@1)))) - :qid |examplebpl.497:19| - :skolemid |11| -)) (forall ((i@@2 Int) ) (! (=> (not (= i@@2 malloc_count@0)) (and (= (select malloc_base@0 i@@2) (select malloc_base i@@2)) (= (select malloc_end@0 i@@2) (select malloc_end i@@2)))) - :qid |examplebpl.498:19| - :skolemid |12| -))) (and (bvuge R0@0 #x0000000005f5e100) (forall ((i@@3 (_ BitVec 64)) ) (! (=> (and (bvuge i@@3 R0@0) (bvult i@@3 (bvadd R0@0 #x000000000000000b))) (and (select Gamma_mem i@@3) (gamma_load8 Gamma_mem i@@3))) - :qid |examplebpl.500:19| - :skolemid |13| -)))) (and (and (= (memory_load8_le mem #x00000000000009b8) #x01) (= (memory_load8_le mem #x00000000000009b9) #x00)) (and (= (memory_load8_le mem #x00000000000009ba) #x02) (= (memory_load8_le mem #x00000000000009bb) #x00)))) (and (and (and (= (memory_load8_le mem #x000000000001fdc8) #xd0) (= (memory_load8_le mem #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem #x000000000001fdca) #x00) (= (memory_load8_le mem #x000000000001fdcb) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdcc) #x00) (= (memory_load8_le mem #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem #x000000000001fdce) #x00) (= (memory_load8_le mem #x000000000001fdcf) #x00)))))) (=> (and (and (and (and (and (and (and (= (memory_load8_le mem #x000000000001fdd0) #x80) (= (memory_load8_le mem #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem #x000000000001fdd2) #x00) (= (memory_load8_le mem #x000000000001fdd3) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdd4) #x00) (= (memory_load8_le mem #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem #x000000000001fdd6) #x00) (= (memory_load8_le mem #x000000000001fdd7) #x00)))) (and (and (and (= (memory_load8_le mem #x000000000001ffd8) #xd4) (= (memory_load8_le mem #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem #x000000000001ffda) #x00) (= (memory_load8_le mem #x000000000001ffdb) #x00))) (and (and (= (memory_load8_le mem #x000000000001ffdc) #x00) (= (memory_load8_le mem #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem #x000000000001ffde) #x00) (= (memory_load8_le mem #x000000000001ffdf) #x00))))) (and (and (and (and (= (memory_load8_le mem #x0000000000020058) #x58) (= (memory_load8_le mem #x0000000000020059) #x00)) (and (= (memory_load8_le mem #x000000000002005a) #x02) (= (memory_load8_le mem #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem #x000000000002005c) #x00) (= (memory_load8_le mem #x000000000002005d) #x00)) (and (= (memory_load8_le mem #x000000000002005e) #x00) (= (memory_load8_le mem #x000000000002005f) #x00)))) (and (and (and (= R0@1 (bvadd #x0000000000020000 #x0000000000000080)) (= mem@0 mem)) (and (= Gamma_mem@0 Gamma_mem) (= (memory_load8_le mem@0 #x00000000000009b8) #x01))) (and (and (= (memory_load8_le mem@0 #x00000000000009b9) #x00) (= (memory_load8_le mem@0 #x00000000000009ba) #x02)) (and (= (memory_load8_le mem@0 #x00000000000009bb) #x00) (= (memory_load8_le mem@0 #x000000000001fdc8) #xd0)))))) (and (and (and (and (and (= (memory_load8_le mem@0 #x000000000001fdc9) #x08) (= (memory_load8_le mem@0 #x000000000001fdca) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdcb) #x00) (= (memory_load8_le mem@0 #x000000000001fdcc) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001fdcd) #x00) (= (memory_load8_le mem@0 #x000000000001fdce) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdcf) #x00) (= (memory_load8_le mem@0 #x000000000001fdd0) #x80)))) (and (and (and (= (memory_load8_le mem@0 #x000000000001fdd1) #x08) (= (memory_load8_le mem@0 #x000000000001fdd2) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdd3) #x00) (= (memory_load8_le mem@0 #x000000000001fdd4) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001fdd5) #x00) (= (memory_load8_le mem@0 #x000000000001fdd6) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdd7) #x00) (= (memory_load8_le mem@0 #x000000000001ffd8) #xd4))))) (and (and (and (and (= (memory_load8_le mem@0 #x000000000001ffd9) #x08) (= (memory_load8_le mem@0 #x000000000001ffda) #x00)) (and (= (memory_load8_le mem@0 #x000000000001ffdb) #x00) (= (memory_load8_le mem@0 #x000000000001ffdc) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001ffdd) #x00) (= (memory_load8_le mem@0 #x000000000001ffde) #x00)) (and (= (memory_load8_le mem@0 #x000000000001ffdf) #x00) (= (memory_load8_le mem@0 #x0000000000020058) #x58)))) (and (and (and (= (memory_load8_le mem@0 #x0000000000020059) #x00) (= (memory_load8_le mem@0 #x000000000002005a) #x02)) (and (= (memory_load8_le mem@0 #x000000000002005b) #x00) (= (memory_load8_le mem@0 #x000000000002005c) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000002005d) #x00) (= (memory_load8_le mem@0 #x000000000002005e) #x00)) (and (= (memory_load8_le mem@0 #x000000000002005f) #x00) (=> (L mem@0 R0@1) Gamma_R0@0))))))) (and (and (and (and (and (and (= mem@1 (memory_store64_le mem@0 R0@1 R0@0)) (= Gamma_mem@1 (gamma_store64 Gamma_mem@0 R0@1 Gamma_R0@0))) (= R0@2 (bvadd #x0000000000020000 #x0000000000000080))) (and (= mem@2 mem@1) (= Gamma_mem@2 Gamma_mem@1))) (and (and (and (= (memory_load8_le mem@2 #x00000000000009b8) #x01) (= (memory_load8_le mem@2 #x00000000000009b9) #x00)) (and (= (memory_load8_le mem@2 #x00000000000009ba) #x02) (= (memory_load8_le mem@2 #x00000000000009bb) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@2 #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem@2 #x000000000001fdca) #x00) (= (memory_load8_le mem@2 #x000000000001fdcb) #x00))))) (and (and (and (and (= (memory_load8_le mem@2 #x000000000001fdcc) #x00) (= (memory_load8_le mem@2 #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdce) #x00) (= (memory_load8_le mem@2 #x000000000001fdcf) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdd0) #x80) (= (memory_load8_le mem@2 #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem@2 #x000000000001fdd2) #x00) (= (memory_load8_le mem@2 #x000000000001fdd3) #x00)))) (and (and (and (= (memory_load8_le mem@2 #x000000000001fdd4) #x00) (= (memory_load8_le mem@2 #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdd6) #x00) (= (memory_load8_le mem@2 #x000000000001fdd7) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@2 #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem@2 #x000000000001ffda) #x00) (= (memory_load8_le mem@2 #x000000000001ffdb) #x00)))))) (and (and (and (and (and (= (memory_load8_le mem@2 #x000000000001ffdc) #x00) (= (memory_load8_le mem@2 #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem@2 #x000000000001ffde) #x00) (= (memory_load8_le mem@2 #x000000000001ffdf) #x00))) (and (and (= (memory_load8_le mem@2 #x0000000000020058) #x58) (= (memory_load8_le mem@2 #x0000000000020059) #x00)) (and (= (memory_load8_le mem@2 #x000000000002005a) #x02) (= (memory_load8_le mem@2 #x000000000002005b) #x00)))) (and (and (and (= (memory_load8_le mem@2 #x000000000002005c) #x00) (= (memory_load8_le mem@2 #x000000000002005d) #x00)) (and (= (memory_load8_le mem@2 #x000000000002005e) #x00) (= (memory_load8_le mem@2 #x000000000002005f) #x00))) (and (and (= R19@0 (memory_load64_le mem@2 R0@2)) (= Gamma_R19@0 (or (gamma_load64 Gamma_mem@2 R0@2) (L mem@2 R0@2)))) (= R0@3 (bvadd #x0000000000020000 #x0000000000000068))))) (and (and (and (and (= (memory_load64_le mem@2 $buf_addr) (memory_load64_le mem@2 $buf_addr)) (= (memory_load8_le mem@2 $password_addr) (memory_load8_le mem@2 $password_addr))) (= (memory_load8_le mem@2 $stext_addr) (memory_load8_le mem@2 $stext_addr))) (and (and (= Gamma_R0@1 true) (forall ((i@@4 (_ BitVec 64)) ) (! (=> (and (bvule R0@3 i@@4) (bvult i@@4 (bvadd R0@3 R0@4))) (not (= (select mem@2 i@@4) #x00))) - :qid |examplebpl.812:19| - :skolemid |18| -))) (and (= (memory_load8_le mem@2 (bvadd R0@3 R0@4)) #x00) (bvult R0@3 (bvadd (bvadd R0@3 R0@4) #x0000000000000001))))) (and (and (and (= (memory_load8_le mem@2 #x00000000000009b8) #x01) (= (memory_load8_le mem@2 #x00000000000009b9) #x00)) (and (= (memory_load8_le mem@2 #x00000000000009ba) #x02) (= (memory_load8_le mem@2 #x00000000000009bb) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@2 #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem@2 #x000000000001fdca) #x00) (= (memory_load8_le mem@2 #x000000000001fdcb) #x00)))))))) (=> (and (and (and (and (and (and (and (and (= (memory_load8_le mem@2 #x000000000001fdcc) #x00) (= (memory_load8_le mem@2 #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdce) #x00) (= (memory_load8_le mem@2 #x000000000001fdcf) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdd0) #x80) (= (memory_load8_le mem@2 #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem@2 #x000000000001fdd2) #x00) (= (memory_load8_le mem@2 #x000000000001fdd3) #x00)))) (and (and (and (= (memory_load8_le mem@2 #x000000000001fdd4) #x00) (= (memory_load8_le mem@2 #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdd6) #x00) (= (memory_load8_le mem@2 #x000000000001fdd7) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@2 #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem@2 #x000000000001ffda) #x00) (= (memory_load8_le mem@2 #x000000000001ffdb) #x00))))) (and (and (and (and (= (memory_load8_le mem@2 #x000000000001ffdc) #x00) (= (memory_load8_le mem@2 #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem@2 #x000000000001ffde) #x00) (= (memory_load8_le mem@2 #x000000000001ffdf) #x00))) (and (and (= (memory_load8_le mem@2 #x0000000000020058) #x58) (= (memory_load8_le mem@2 #x0000000000020059) #x00)) (and (= (memory_load8_le mem@2 #x000000000002005a) #x02) (= (memory_load8_le mem@2 #x000000000002005b) #x00)))) (and (and (and (= (memory_load8_le mem@2 #x000000000002005c) #x00) (= (memory_load8_le mem@2 #x000000000002005d) #x00)) (and (= (memory_load8_le mem@2 #x000000000002005e) #x00) (= (memory_load8_le mem@2 #x000000000002005f) #x00))) (and (and (= R1@0 (bvadd #x0000000000020000 #x0000000000000068)) (or (bvugt R19@0 (bvadd R1@0 R0@4)) (bvugt R1@0 (bvadd R19@0 R0@4)))) (and (bvugt (bvadd R19@0 R0@4) R19@0) (bvugt (bvadd R1@0 R0@4) R1@0)))))) (and (and (and (and (and (= (memory_load64_le mem@3 $buf_addr) (memory_load64_le mem@2 $buf_addr)) (= (memory_load8_le mem@3 $password_addr) (memory_load8_le mem@2 $password_addr))) (forall ((i@@5 (_ BitVec 64)) ) (! (= (select Gamma_mem@3 i@@5) (ite (and (bvule R19@0 i@@5) (bvult i@@5 (bvadd R19@0 R0@4))) (gamma_load8 Gamma_mem@3 (bvadd (bvsub i@@5 R19@0) R1@0)) (gamma_load8 Gamma_mem@2 i@@5))) - :qid |examplebpl.579:19| - :skolemid |14| -))) (and (and (forall ((i@@6 (_ BitVec 64)) ) (! (= (select mem@3 i@@6) (ite (and (bvule R19@0 i@@6) (bvult i@@6 (bvadd R19@0 R0@4))) (memory_load8_le mem@3 (bvadd (bvsub i@@6 R19@0) R1@0)) (memory_load8_le mem@2 i@@6))) - :qid |examplebpl.580:19| - :skolemid |15| -)) (= (memory_load8_le mem@3 #x00000000000009b8) #x01)) (and (= (memory_load8_le mem@3 #x00000000000009b9) #x00) (= (memory_load8_le mem@3 #x00000000000009ba) #x02)))) (and (and (and (= (memory_load8_le mem@3 #x00000000000009bb) #x00) (= (memory_load8_le mem@3 #x000000000001fdc8) #xd0)) (and (= (memory_load8_le mem@3 #x000000000001fdc9) #x08) (= (memory_load8_le mem@3 #x000000000001fdca) #x00))) (and (and (= (memory_load8_le mem@3 #x000000000001fdcb) #x00) (= (memory_load8_le mem@3 #x000000000001fdcc) #x00)) (and (= (memory_load8_le mem@3 #x000000000001fdcd) #x00) (= (memory_load8_le mem@3 #x000000000001fdce) #x00))))) (and (and (and (and (= (memory_load8_le mem@3 #x000000000001fdcf) #x00) (= (memory_load8_le mem@3 #x000000000001fdd0) #x80)) (and (= (memory_load8_le mem@3 #x000000000001fdd1) #x08) (= (memory_load8_le mem@3 #x000000000001fdd2) #x00))) (and (and (= (memory_load8_le mem@3 #x000000000001fdd3) #x00) (= (memory_load8_le mem@3 #x000000000001fdd4) #x00)) (and (= (memory_load8_le mem@3 #x000000000001fdd5) #x00) (= (memory_load8_le mem@3 #x000000000001fdd6) #x00)))) (and (and (and (= (memory_load8_le mem@3 #x000000000001fdd7) #x00) (= (memory_load8_le mem@3 #x000000000001ffd8) #xd4)) (and (= (memory_load8_le mem@3 #x000000000001ffd9) #x08) (= (memory_load8_le mem@3 #x000000000001ffda) #x00))) (and (and (= (memory_load8_le mem@3 #x000000000001ffdb) #x00) (= (memory_load8_le mem@3 #x000000000001ffdc) #x00)) (and (= (memory_load8_le mem@3 #x000000000001ffdd) #x00) (= (memory_load8_le mem@3 #x000000000001ffde) #x00))))))) (and (and (and (and (and (and (= (memory_load8_le mem@3 #x000000000001ffdf) #x00) (= (memory_load8_le mem@3 #x0000000000020058) #x58)) (and (= (memory_load8_le mem@3 #x0000000000020059) #x00) (= (memory_load8_le mem@3 #x000000000002005a) #x02))) (and (and (= (memory_load8_le mem@3 #x000000000002005b) #x00) (= (memory_load8_le mem@3 #x000000000002005c) #x00)) (and (= (memory_load8_le mem@3 #x000000000002005d) #x00) (= (memory_load8_le mem@3 #x000000000002005e) #x00)))) (and (and (and (= (memory_load8_le mem@3 #x000000000002005f) #x00) (= R0@5 (bvadd #x0000000000020000 #x0000000000000080))) (and (= mem@4 mem@3) (= Gamma_mem@4 Gamma_mem@3))) (and (and (= (memory_load8_le mem@4 #x00000000000009b8) #x01) (= (memory_load8_le mem@4 #x00000000000009b9) #x00)) (and (= (memory_load8_le mem@4 #x00000000000009ba) #x02) (= (memory_load8_le mem@4 #x00000000000009bb) #x00))))) (and (and (and (and (= (memory_load8_le mem@4 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@4 #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem@4 #x000000000001fdca) #x00) (= (memory_load8_le mem@4 #x000000000001fdcb) #x00))) (and (and (= (memory_load8_le mem@4 #x000000000001fdcc) #x00) (= (memory_load8_le mem@4 #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem@4 #x000000000001fdce) #x00) (= (memory_load8_le mem@4 #x000000000001fdcf) #x00)))) (and (and (and (= (memory_load8_le mem@4 #x000000000001fdd0) #x80) (= (memory_load8_le mem@4 #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem@4 #x000000000001fdd2) #x00) (= (memory_load8_le mem@4 #x000000000001fdd3) #x00))) (and (and (= (memory_load8_le mem@4 #x000000000001fdd4) #x00) (= (memory_load8_le mem@4 #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem@4 #x000000000001fdd6) #x00) (= (memory_load8_le mem@4 #x000000000001fdd7) #x00)))))) (and (and (and (and (and (= (memory_load8_le mem@4 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@4 #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem@4 #x000000000001ffda) #x00) (= (memory_load8_le mem@4 #x000000000001ffdb) #x00))) (and (and (= (memory_load8_le mem@4 #x000000000001ffdc) #x00) (= (memory_load8_le mem@4 #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem@4 #x000000000001ffde) #x00) (= (memory_load8_le mem@4 #x000000000001ffdf) #x00)))) (and (and (and (= (memory_load8_le mem@4 #x0000000000020058) #x58) (= (memory_load8_le mem@4 #x0000000000020059) #x00)) (and (= (memory_load8_le mem@4 #x000000000002005a) #x02) (= (memory_load8_le mem@4 #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem@4 #x000000000002005c) #x00) (= (memory_load8_le mem@4 #x000000000002005d) #x00)) (and (= (memory_load8_le mem@4 #x000000000002005e) #x00) (= (memory_load8_le mem@4 #x000000000002005f) #x00))))) (and (and (and (and (= R0@6 (memory_load64_le mem@4 R0@5)) (= Gamma_R0@2 (or (gamma_load64 Gamma_mem@4 R0@5) (L mem@4 R0@5)))) (= (memory_load8_le mem@4 #x00000000000009b8) #x01)) (and (= (memory_load8_le mem@4 #x00000000000009b9) #x00) (= (memory_load8_le mem@4 #x00000000000009ba) #x02))) (and (and (and (= (memory_load8_le mem@4 #x00000000000009bb) #x00) (= (memory_load8_le mem@4 #x000000000001fdc8) #xd0)) (and (= (memory_load8_le mem@4 #x000000000001fdc9) #x08) (= (memory_load8_le mem@4 #x000000000001fdca) #x00))) (and (and (= (memory_load8_le mem@4 #x000000000001fdcb) #x00) (= (memory_load8_le mem@4 #x000000000001fdcc) #x00)) (and (= (memory_load8_le mem@4 #x000000000001fdcd) #x00) (= (memory_load8_le mem@4 #x000000000001fdce) #x00)))))))) (and (and (and (and (and (and (and (= (memory_load8_le mem@4 #x000000000001fdcf) #x00) (= (memory_load8_le mem@4 #x000000000001fdd0) #x80)) (and (= (memory_load8_le mem@4 #x000000000001fdd1) #x08) (= (memory_load8_le mem@4 #x000000000001fdd2) #x00))) (and (and (= (memory_load8_le mem@4 #x000000000001fdd3) #x00) (= (memory_load8_le mem@4 #x000000000001fdd4) #x00)) (and (= (memory_load8_le mem@4 #x000000000001fdd5) #x00) (= (memory_load8_le mem@4 #x000000000001fdd6) #x00)))) (and (and (and (= (memory_load8_le mem@4 #x000000000001fdd7) #x00) (= (memory_load8_le mem@4 #x000000000001ffd8) #xd4)) (and (= (memory_load8_le mem@4 #x000000000001ffd9) #x08) (= (memory_load8_le mem@4 #x000000000001ffda) #x00))) (and (and (= (memory_load8_le mem@4 #x000000000001ffdb) #x00) (= (memory_load8_le mem@4 #x000000000001ffdc) #x00)) (and (= (memory_load8_le mem@4 #x000000000001ffdd) #x00) (= (memory_load8_le mem@4 #x000000000001ffde) #x00))))) (and (and (and (and (= (memory_load8_le mem@4 #x000000000001ffdf) #x00) (= (memory_load8_le mem@4 #x0000000000020058) #x58)) (and (= (memory_load8_le mem@4 #x0000000000020059) #x00) (= (memory_load8_le mem@4 #x000000000002005a) #x02))) (and (and (= (memory_load8_le mem@4 #x000000000002005b) #x00) (= (memory_load8_le mem@4 #x000000000002005c) #x00)) (and (= (memory_load8_le mem@4 #x000000000002005d) #x00) (= (memory_load8_le mem@4 #x000000000002005e) #x00)))) (and (and (and (= (memory_load8_le mem@4 #x000000000002005f) #x00) (= R0@7 (bvadd #x0000000000020000 #x0000000000000080))) (and (= mem@5 mem@4) (= Gamma_mem@5 Gamma_mem@4))) (and (and (= (memory_load8_le mem@5 #x00000000000009b8) #x01) (= (memory_load8_le mem@5 #x00000000000009b9) #x00)) (and (= (memory_load8_le mem@5 #x00000000000009ba) #x02) (= (memory_load8_le mem@5 #x00000000000009bb) #x00)))))) (and (and (and (and (and (= (memory_load8_le mem@5 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@5 #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem@5 #x000000000001fdca) #x00) (= (memory_load8_le mem@5 #x000000000001fdcb) #x00))) (and (and (= (memory_load8_le mem@5 #x000000000001fdcc) #x00) (= (memory_load8_le mem@5 #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem@5 #x000000000001fdce) #x00) (= (memory_load8_le mem@5 #x000000000001fdcf) #x00)))) (and (and (and (= (memory_load8_le mem@5 #x000000000001fdd0) #x80) (= (memory_load8_le mem@5 #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem@5 #x000000000001fdd2) #x00) (= (memory_load8_le mem@5 #x000000000001fdd3) #x00))) (and (and (= (memory_load8_le mem@5 #x000000000001fdd4) #x00) (= (memory_load8_le mem@5 #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem@5 #x000000000001fdd6) #x00) (= (memory_load8_le mem@5 #x000000000001fdd7) #x00))))) (and (and (and (and (= (memory_load8_le mem@5 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@5 #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem@5 #x000000000001ffda) #x00) (= (memory_load8_le mem@5 #x000000000001ffdb) #x00))) (and (and (= (memory_load8_le mem@5 #x000000000001ffdc) #x00) (= (memory_load8_le mem@5 #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem@5 #x000000000001ffde) #x00) (= (memory_load8_le mem@5 #x000000000001ffdf) #x00)))) (and (and (and (= (memory_load8_le mem@5 #x0000000000020058) #x58) (= (memory_load8_le mem@5 #x0000000000020059) #x00)) (and (= (memory_load8_le mem@5 #x000000000002005a) #x02) (= (memory_load8_le mem@5 #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem@5 #x000000000002005c) #x00) (= (memory_load8_le mem@5 #x000000000002005d) #x00)) (and (= (memory_load8_le mem@5 #x000000000002005e) #x00) (= (memory_load8_le mem@5 #x000000000002005f) #x00))))))) (and (and (and (and (and (and (= R0@8 (memory_load64_le mem@5 R0@7)) (= Gamma_R0@3 (or (gamma_load64 Gamma_mem@5 R0@7) (L mem@5 R0@7)))) (= R0@9 (bvadd R0@8 #x0000000000000002))) (and (= stack@5 (memory_store64_le stack@4 (bvadd |#4@0| #x0000000000000028) R0@9)) (= Gamma_stack@5 (gamma_store64 Gamma_stack@4 (bvadd |#4@0| #x0000000000000028) Gamma_R0@3)))) (and (and (= R0@10 (memory_load64_le stack@5 (bvadd |#4@0| #x0000000000000028))) (= Gamma_R0@4 (gamma_load64 Gamma_stack@5 (bvadd |#4@0| #x0000000000000028)))) (= mem@6 mem@5))) (and (and (and (= Gamma_mem@6 Gamma_mem@5) (= (memory_load8_le mem@6 #x00000000000009b8) #x01)) (and (= (memory_load8_le mem@6 #x00000000000009b9) #x00) (= (memory_load8_le mem@6 #x00000000000009ba) #x02))) (and (and (= (memory_load8_le mem@6 #x00000000000009bb) #x00) (= (memory_load8_le mem@6 #x000000000001fdc8) #xd0)) (and (= (memory_load8_le mem@6 #x000000000001fdc9) #x08) (= (memory_load8_le mem@6 #x000000000001fdca) #x00))))) (and (and (and (and (and (= (memory_load8_le mem@6 #x000000000001fdcb) #x00) (= (memory_load8_le mem@6 #x000000000001fdcc) #x00)) (and (= (memory_load8_le mem@6 #x000000000001fdcd) #x00) (= (memory_load8_le mem@6 #x000000000001fdce) #x00))) (and (and (= (memory_load8_le mem@6 #x000000000001fdcf) #x00) (= (memory_load8_le mem@6 #x000000000001fdd0) #x80)) (and (= (memory_load8_le mem@6 #x000000000001fdd1) #x08) (= (memory_load8_le mem@6 #x000000000001fdd2) #x00)))) (and (and (and (= (memory_load8_le mem@6 #x000000000001fdd3) #x00) (= (memory_load8_le mem@6 #x000000000001fdd4) #x00)) (and (= (memory_load8_le mem@6 #x000000000001fdd5) #x00) (= (memory_load8_le mem@6 #x000000000001fdd6) #x00))) (and (and (= (memory_load8_le mem@6 #x000000000001fdd7) #x00) (= (memory_load8_le mem@6 #x000000000001ffd8) #xd4)) (and (= (memory_load8_le mem@6 #x000000000001ffd9) #x08) (= (memory_load8_le mem@6 #x000000000001ffda) #x00))))) (and (and (and (and (= (memory_load8_le mem@6 #x000000000001ffdb) #x00) (= (memory_load8_le mem@6 #x000000000001ffdc) #x00)) (and (= (memory_load8_le mem@6 #x000000000001ffdd) #x00) (= (memory_load8_le mem@6 #x000000000001ffde) #x00))) (and (and (= (memory_load8_le mem@6 #x000000000001ffdf) #x00) (= (memory_load8_le mem@6 #x0000000000020058) #x58)) (and (= (memory_load8_le mem@6 #x0000000000020059) #x00) (= (memory_load8_le mem@6 #x000000000002005a) #x02)))) (and (and (and (= (memory_load8_le mem@6 #x000000000002005b) #x00) (= (memory_load8_le mem@6 #x000000000002005c) #x00)) (and (= (memory_load8_le mem@6 #x000000000002005d) #x00) (= (memory_load8_le mem@6 #x000000000002005e) #x00))) (and (and (= (memory_load8_le mem@6 #x000000000002005f) #x00) (= (ControlFlow 0 2) (- 0 1))) (L mem@6 R0@10)))))))) true))))))) -(let ((PreconditionGeneratedEntry_correct (=> (and (and (= (gamma_load8 Gamma_mem $password_addr) false) (= malloc_count 0)) (and (gamma_load32 Gamma_mem (memory_load64_le mem $stext_addr)) (= R31 #x0000000000000064))) (=> (and (and (and (= (memory_load8_le mem #x0000000000020050) #x00) (= (memory_load8_le mem #x0000000000020051) #x00)) (and (= (memory_load8_le mem #x0000000000020052) #x00) (= (memory_load8_le mem #x0000000000020053) #x00))) (and (and (= (memory_load8_le mem #x0000000000020054) #x00) (= (memory_load8_le mem #x0000000000020055) #x00)) (and (= (memory_load8_le mem #x0000000000020056) #x00) (= (memory_load8_le mem #x0000000000020057) #x00)))) (=> (and (and (and (and (and (and (= (memory_load8_le mem #x0000000000020058) #x58) (= (memory_load8_le mem #x0000000000020059) #x00)) (and (= (memory_load8_le mem #x000000000002005a) #x02) (= (memory_load8_le mem #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem #x000000000002005c) #x00) (= (memory_load8_le mem #x000000000002005d) #x00)) (and (= (memory_load8_le mem #x000000000002005e) #x00) (= (memory_load8_le mem #x000000000002005f) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020060) #x07) (= (memory_load8_le mem #x0000000000020061) #x00)) (and (= (memory_load8_le mem #x0000000000020062) #x00) (= (memory_load8_le mem #x0000000000020063) #x00))) (and (and (= (memory_load8_le mem #x0000000000020064) #x00) (= (memory_load8_le mem #x0000000000020065) #x00)) (and (= (memory_load8_le mem #x0000000000020066) #x00) (= (memory_load8_le mem #x0000000000020067) #x00))))) (and (and (and (and (= (memory_load8_le mem #x0000000000020068) #x68) (= (memory_load8_le mem #x0000000000020069) #x65)) (and (= (memory_load8_le mem #x000000000002006a) #x6c) (= (memory_load8_le mem #x000000000002006b) #x6c))) (and (and (= (memory_load8_le mem #x000000000002006c) #x6f) (= (memory_load8_le mem #x000000000002006d) #x6f)) (and (= (memory_load8_le mem #x000000000002006e) #x00) (= (memory_load8_le mem #x000000000002006f) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020070) #x00) (= (memory_load8_le mem #x0000000000020071) #x00)) (and (= (memory_load8_le mem #x0000000000020072) #x00) (= (memory_load8_le mem #x00000000000009b8) #x01))) (and (and (= (memory_load8_le mem #x00000000000009b9) #x00) (= (memory_load8_le mem #x00000000000009ba) #x02)) (and (= (memory_load8_le mem #x00000000000009bb) #x00) (= (memory_load8_le mem #x000000000001fdc8) #xd0)))))) (and (and (and (and (and (= (memory_load8_le mem #x000000000001fdc9) #x08) (= (memory_load8_le mem #x000000000001fdca) #x00)) (and (= (memory_load8_le mem #x000000000001fdcb) #x00) (= (memory_load8_le mem #x000000000001fdcc) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdcd) #x00) (= (memory_load8_le mem #x000000000001fdce) #x00)) (and (= (memory_load8_le mem #x000000000001fdcf) #x00) (= (memory_load8_le mem #x000000000001fdd0) #x80)))) (and (and (and (= (memory_load8_le mem #x000000000001fdd1) #x08) (= (memory_load8_le mem #x000000000001fdd2) #x00)) (and (= (memory_load8_le mem #x000000000001fdd3) #x00) (= (memory_load8_le mem #x000000000001fdd4) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdd5) #x00) (= (memory_load8_le mem #x000000000001fdd6) #x00)) (and (= (memory_load8_le mem #x000000000001fdd7) #x00) (= (memory_load8_le mem #x000000000001ffd8) #xd4))))) (and (and (and (and (= (memory_load8_le mem #x000000000001ffd9) #x08) (= (memory_load8_le mem #x000000000001ffda) #x00)) (and (= (memory_load8_le mem #x000000000001ffdb) #x00) (= (memory_load8_le mem #x000000000001ffdc) #x00))) (and (and (= (memory_load8_le mem #x000000000001ffdd) #x00) (= (memory_load8_le mem #x000000000001ffde) #x00)) (and (= (memory_load8_le mem #x000000000001ffdf) #x00) (= (memory_load8_le mem #x0000000000020058) #x58)))) (and (and (and (= (memory_load8_le mem #x0000000000020059) #x00) (= (memory_load8_le mem #x000000000002005a) #x02)) (and (= (memory_load8_le mem #x000000000002005b) #x00) (= (memory_load8_le mem #x000000000002005c) #x00))) (and (and (= (memory_load8_le mem #x000000000002005d) #x00) (= (memory_load8_le mem #x000000000002005e) #x00)) (and (= (memory_load8_le mem #x000000000002005f) #x00) (= (ControlFlow 0 3) 2))))))) lmain_correct))))) -PreconditionGeneratedEntry_correct))) -)) -(check-sat) -(pop 1) -; Valid -(get-info :rlimit) -(reset) -(set-option :print-success false) -(set-info :smt-lib-version 2.6) -(set-option :smt.mbqi false) -(set-option :model.compact false) -(set-option :model.v2 true) -(set-option :pp.bv_literals false) -; done setting options - - -(declare-fun tickleBool (Bool) Bool) -(assert (and (tickleBool true) (tickleBool false))) -(declare-fun gamma_store64 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#0| ((_ BitVec 64) (_ BitVec 64) Bool (Array (_ BitVec 64) Bool)) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#1| ((_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (Array (_ BitVec 64) (_ BitVec 8))) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun L ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) Bool) -(declare-fun memory_load64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 64)) -(declare-fun gamma_store8 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun memory_store8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 8)) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun gamma_load64 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load32 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load8 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun $password_addr () (_ BitVec 64)) -(declare-fun $stext_addr () (_ BitVec 64)) -(declare-fun $buf_addr () (_ BitVec 64)) -(declare-fun memory_load8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 8)) -(declare-fun memory_store64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 64)) (Array (_ BitVec 64) (_ BitVec 8))) -(assert (forall ((gammaMap (Array (_ BitVec 64) Bool)) (index (_ BitVec 64)) (value Bool) ) (! (= (gamma_store64 gammaMap index value) (|lambda#0| index #x0000000000000008 value gammaMap)) - :qid |examplebpl.63:34| - :skolemid |4| - :pattern ( (gamma_store64 gammaMap index value)) -))) -(assert (forall ((|l#0| (_ BitVec 64)) (|l#1| (_ BitVec 64)) (|l#2| (_ BitVec 64)) (|l#3| (_ BitVec 64)) (|l#4| (Array (_ BitVec 64) (_ BitVec 8))) (i (_ BitVec 64)) ) (! (= (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i) (ite (ite (bvule |l#0| (bvadd |l#0| |l#1|)) (and (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|))) (or (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|)))) ((_ extract 7 0) (bvlshr |l#2| (bvmul (bvsub i |l#3|) #x0000000000000008))) (select |l#4| i))) - :qid |examplebpl.83:57| - :skolemid |20| - :pattern ( (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i)) -))) -(assert (forall ((memory (Array (_ BitVec 64) (_ BitVec 8))) (index@@0 (_ BitVec 64)) ) (! (= (L memory index@@0) false) - :qid |examplebpl.35:22| - :skolemid |0| - :pattern ( (L memory index@@0)) -))) -(assert (forall ((memory@@0 (Array (_ BitVec 64) (_ BitVec 8))) (index@@1 (_ BitVec 64)) ) (! (= (memory_load64_le memory@@0 index@@1) (concat (select memory@@0 (bvadd index@@1 #x0000000000000007)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000006)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000005)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000004)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000003)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000002)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000001)) (select memory@@0 index@@1))))))))) - :qid |examplebpl.75:37| - :skolemid |6| - :pattern ( (memory_load64_le memory@@0 index@@1)) -))) -(assert (forall ((gammaMap@@0 (Array (_ BitVec 64) Bool)) (index@@2 (_ BitVec 64)) (value@@0 Bool) ) (! (= (gamma_store8 gammaMap@@0 index@@2 value@@0) (store gammaMap@@0 index@@2 value@@0)) - :qid |examplebpl.67:33| - :skolemid |5| - :pattern ( (gamma_store8 gammaMap@@0 index@@2 value@@0)) -))) -(assert (forall ((memory@@1 (Array (_ BitVec 64) (_ BitVec 8))) (index@@3 (_ BitVec 64)) (value@@1 (_ BitVec 8)) ) (! (= (memory_store8_le memory@@1 index@@3 value@@1) (store memory@@1 index@@3 value@@1)) - :qid |examplebpl.87:37| - :skolemid |9| - :pattern ( (memory_store8_le memory@@1 index@@3 value@@1)) -))) -(assert (forall ((|l#0@@0| (_ BitVec 64)) (|l#1@@0| (_ BitVec 64)) (|l#2@@0| Bool) (|l#3@@0| (Array (_ BitVec 64) Bool)) (i@@0 (_ BitVec 64)) ) (! (= (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0) (ite (ite (bvule |l#0@@0| (bvadd |l#0@@0| |l#1@@0|)) (and (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|))) (or (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|)))) |l#2@@0| (select |l#3@@0| i@@0))) - :qid |examplebpl.63:56| - :skolemid |19| - :pattern ( (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0)) -))) -(assert (forall ((gammaMap@@1 (Array (_ BitVec 64) Bool)) (index@@4 (_ BitVec 64)) ) (! (= (gamma_load64 gammaMap@@1 index@@4) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000007)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000006)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000005)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000004)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000003)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000002)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000001)) (select gammaMap@@1 index@@4))))))))) - :qid |examplebpl.55:33| - :skolemid |2| - :pattern ( (gamma_load64 gammaMap@@1 index@@4)) -))) -(assert (forall ((gammaMap@@2 (Array (_ BitVec 64) Bool)) (index@@5 (_ BitVec 64)) ) (! (= (gamma_load32 gammaMap@@2 index@@5) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000003)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000002)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000001)) (select gammaMap@@2 index@@5))))) - :qid |examplebpl.51:33| - :skolemid |1| - :pattern ( (gamma_load32 gammaMap@@2 index@@5)) -))) -(assert (forall ((gammaMap@@3 (Array (_ BitVec 64) Bool)) (index@@6 (_ BitVec 64)) ) (! (= (gamma_load8 gammaMap@@3 index@@6) (select gammaMap@@3 index@@6)) - :qid |examplebpl.59:32| - :skolemid |3| - :pattern ( (gamma_load8 gammaMap@@3 index@@6)) -))) -(assert (= $password_addr #x0000000000020060)) -(assert (= $stext_addr #x0000000000020068)) -(assert (= $buf_addr #x0000000000020080)) -(assert (forall ((memory@@2 (Array (_ BitVec 64) (_ BitVec 8))) (index@@7 (_ BitVec 64)) ) (! (= (memory_load8_le memory@@2 index@@7) (select memory@@2 index@@7)) - :qid |examplebpl.79:36| - :skolemid |7| - :pattern ( (memory_load8_le memory@@2 index@@7)) -))) -(assert (forall ((memory@@3 (Array (_ BitVec 64) (_ BitVec 8))) (index@@8 (_ BitVec 64)) (value@@2 (_ BitVec 64)) ) (! (= (memory_store64_le memory@@3 index@@8 value@@2) (|lambda#1| index@@8 #x0000000000000008 value@@2 index@@8 memory@@3)) - :qid |examplebpl.83:38| - :skolemid |8| - :pattern ( (memory_store64_le memory@@3 index@@8 value@@2)) -))) -; Valid - -(push 1) -(declare-fun ControlFlow (Int Int) Int) -(set-info :boogie-vc-id main_split7) -(set-option :timeout 0) -(set-option :rlimit 0) -(assert (not - (=> (= (ControlFlow 0 0) 1) true) -)) -(check-sat) -(pop 1) -; Valid -(get-info :rlimit) -(reset) -(set-option :print-success false) -(set-info :smt-lib-version 2.6) -(set-option :smt.mbqi false) -(set-option :model.compact false) -(set-option :model.v2 true) -(set-option :pp.bv_literals false) -; done setting options - - -(declare-fun tickleBool (Bool) Bool) -(assert (and (tickleBool true) (tickleBool false))) -(declare-fun gamma_store64 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#0| ((_ BitVec 64) (_ BitVec 64) Bool (Array (_ BitVec 64) Bool)) (Array (_ BitVec 64) Bool)) -(declare-fun |lambda#1| ((_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (_ BitVec 64) (Array (_ BitVec 64) (_ BitVec 8))) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun L ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) Bool) -(declare-fun memory_load64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 64)) -(declare-fun gamma_store8 ((Array (_ BitVec 64) Bool) (_ BitVec 64) Bool) (Array (_ BitVec 64) Bool)) -(declare-fun memory_store8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 8)) (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun gamma_load64 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load32 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun gamma_load8 ((Array (_ BitVec 64) Bool) (_ BitVec 64)) Bool) -(declare-fun $password_addr () (_ BitVec 64)) -(declare-fun $stext_addr () (_ BitVec 64)) -(declare-fun $buf_addr () (_ BitVec 64)) -(declare-fun memory_load8_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64)) (_ BitVec 8)) -(declare-fun memory_store64_le ((Array (_ BitVec 64) (_ BitVec 8)) (_ BitVec 64) (_ BitVec 64)) (Array (_ BitVec 64) (_ BitVec 8))) -(assert (forall ((gammaMap (Array (_ BitVec 64) Bool)) (index (_ BitVec 64)) (value Bool) ) (! (= (gamma_store64 gammaMap index value) (|lambda#0| index #x0000000000000008 value gammaMap)) - :qid |examplebpl.63:34| - :skolemid |4| - :pattern ( (gamma_store64 gammaMap index value)) -))) -(assert (forall ((|l#0| (_ BitVec 64)) (|l#1| (_ BitVec 64)) (|l#2| (_ BitVec 64)) (|l#3| (_ BitVec 64)) (|l#4| (Array (_ BitVec 64) (_ BitVec 8))) (i (_ BitVec 64)) ) (! (= (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i) (ite (ite (bvule |l#0| (bvadd |l#0| |l#1|)) (and (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|))) (or (bvule |l#0| i) (bvult i (bvadd |l#0| |l#1|)))) ((_ extract 7 0) (bvlshr |l#2| (bvmul (bvsub i |l#3|) #x0000000000000008))) (select |l#4| i))) - :qid |examplebpl.83:57| - :skolemid |20| - :pattern ( (select (|lambda#1| |l#0| |l#1| |l#2| |l#3| |l#4|) i)) -))) -(assert (forall ((memory (Array (_ BitVec 64) (_ BitVec 8))) (index@@0 (_ BitVec 64)) ) (! (= (L memory index@@0) false) - :qid |examplebpl.35:22| - :skolemid |0| - :pattern ( (L memory index@@0)) -))) -(assert (forall ((memory@@0 (Array (_ BitVec 64) (_ BitVec 8))) (index@@1 (_ BitVec 64)) ) (! (= (memory_load64_le memory@@0 index@@1) (concat (select memory@@0 (bvadd index@@1 #x0000000000000007)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000006)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000005)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000004)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000003)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000002)) (concat (select memory@@0 (bvadd index@@1 #x0000000000000001)) (select memory@@0 index@@1))))))))) - :qid |examplebpl.75:37| - :skolemid |6| - :pattern ( (memory_load64_le memory@@0 index@@1)) -))) -(assert (forall ((gammaMap@@0 (Array (_ BitVec 64) Bool)) (index@@2 (_ BitVec 64)) (value@@0 Bool) ) (! (= (gamma_store8 gammaMap@@0 index@@2 value@@0) (store gammaMap@@0 index@@2 value@@0)) - :qid |examplebpl.67:33| - :skolemid |5| - :pattern ( (gamma_store8 gammaMap@@0 index@@2 value@@0)) -))) -(assert (forall ((memory@@1 (Array (_ BitVec 64) (_ BitVec 8))) (index@@3 (_ BitVec 64)) (value@@1 (_ BitVec 8)) ) (! (= (memory_store8_le memory@@1 index@@3 value@@1) (store memory@@1 index@@3 value@@1)) - :qid |examplebpl.87:37| - :skolemid |9| - :pattern ( (memory_store8_le memory@@1 index@@3 value@@1)) -))) -(assert (forall ((|l#0@@0| (_ BitVec 64)) (|l#1@@0| (_ BitVec 64)) (|l#2@@0| Bool) (|l#3@@0| (Array (_ BitVec 64) Bool)) (i@@0 (_ BitVec 64)) ) (! (= (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0) (ite (ite (bvule |l#0@@0| (bvadd |l#0@@0| |l#1@@0|)) (and (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|))) (or (bvule |l#0@@0| i@@0) (bvult i@@0 (bvadd |l#0@@0| |l#1@@0|)))) |l#2@@0| (select |l#3@@0| i@@0))) - :qid |examplebpl.63:56| - :skolemid |19| - :pattern ( (select (|lambda#0| |l#0@@0| |l#1@@0| |l#2@@0| |l#3@@0|) i@@0)) -))) -(assert (forall ((gammaMap@@1 (Array (_ BitVec 64) Bool)) (index@@4 (_ BitVec 64)) ) (! (= (gamma_load64 gammaMap@@1 index@@4) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000007)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000006)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000005)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000004)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000003)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000002)) (and (select gammaMap@@1 (bvadd index@@4 #x0000000000000001)) (select gammaMap@@1 index@@4))))))))) - :qid |examplebpl.55:33| - :skolemid |2| - :pattern ( (gamma_load64 gammaMap@@1 index@@4)) -))) -(assert (forall ((gammaMap@@2 (Array (_ BitVec 64) Bool)) (index@@5 (_ BitVec 64)) ) (! (= (gamma_load32 gammaMap@@2 index@@5) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000003)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000002)) (and (select gammaMap@@2 (bvadd index@@5 #x0000000000000001)) (select gammaMap@@2 index@@5))))) - :qid |examplebpl.51:33| - :skolemid |1| - :pattern ( (gamma_load32 gammaMap@@2 index@@5)) -))) -(assert (forall ((gammaMap@@3 (Array (_ BitVec 64) Bool)) (index@@6 (_ BitVec 64)) ) (! (= (gamma_load8 gammaMap@@3 index@@6) (select gammaMap@@3 index@@6)) - :qid |examplebpl.59:32| - :skolemid |3| - :pattern ( (gamma_load8 gammaMap@@3 index@@6)) -))) -(assert (= $password_addr #x0000000000020060)) -(assert (= $stext_addr #x0000000000020068)) -(assert (= $buf_addr #x0000000000020080)) -(assert (forall ((memory@@2 (Array (_ BitVec 64) (_ BitVec 8))) (index@@7 (_ BitVec 64)) ) (! (= (memory_load8_le memory@@2 index@@7) (select memory@@2 index@@7)) - :qid |examplebpl.79:36| - :skolemid |7| - :pattern ( (memory_load8_le memory@@2 index@@7)) -))) -(assert (forall ((memory@@3 (Array (_ BitVec 64) (_ BitVec 8))) (index@@8 (_ BitVec 64)) (value@@2 (_ BitVec 64)) ) (! (= (memory_store64_le memory@@3 index@@8 value@@2) (|lambda#1| index@@8 #x0000000000000008 value@@2 index@@8 memory@@3)) - :qid |examplebpl.83:38| - :skolemid |8| - :pattern ( (memory_store64_le memory@@3 index@@8 value@@2)) -))) -; Valid - -(push 1) -(declare-fun ControlFlow (Int Int) Int) -(declare-fun |#4@0| () (_ BitVec 64)) -(declare-fun R31 () (_ BitVec 64)) -(declare-fun stack@0 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun stack () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R29 () (_ BitVec 64)) -(declare-fun Gamma_stack@0 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_stack () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R29 () Bool) -(declare-fun stack@1 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R30 () (_ BitVec 64)) -(declare-fun Gamma_stack@1 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R30 () Bool) -(declare-fun stack@2 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun R19 () (_ BitVec 64)) -(declare-fun Gamma_stack@2 () (Array (_ BitVec 64) Bool)) -(declare-fun Gamma_R19 () Bool) -(declare-fun stack@3 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@3 () (Array (_ BitVec 64) Bool)) -(declare-fun stack@4 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@4 () (Array (_ BitVec 64) Bool)) -(declare-fun mem () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_R0@0 () Bool) -(declare-fun malloc_count@0 () Int) -(declare-fun malloc_count () Int) -(declare-fun malloc_end@0 () (Array Int (_ BitVec 64))) -(declare-fun malloc_base@0 () (Array Int (_ BitVec 64))) -(declare-fun R0@0 () (_ BitVec 64)) -(declare-fun malloc_base () (Array Int (_ BitVec 64))) -(declare-fun malloc_end () (Array Int (_ BitVec 64))) -(declare-fun Gamma_mem () (Array (_ BitVec 64) Bool)) -(declare-fun R0@1 () (_ BitVec 64)) -(declare-fun mem@0 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@0 () (Array (_ BitVec 64) Bool)) -(declare-fun mem@1 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@1 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@2 () (_ BitVec 64)) -(declare-fun mem@2 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@2 () (Array (_ BitVec 64) Bool)) -(declare-fun R19@0 () (_ BitVec 64)) -(declare-fun Gamma_R19@0 () Bool) -(declare-fun R0@3 () (_ BitVec 64)) -(declare-fun Gamma_R0@1 () Bool) -(declare-fun R0@4 () (_ BitVec 64)) -(declare-fun R1@0 () (_ BitVec 64)) -(declare-fun mem@3 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@3 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@5 () (_ BitVec 64)) -(declare-fun mem@4 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@4 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@6 () (_ BitVec 64)) -(declare-fun Gamma_R0@2 () Bool) -(declare-fun R0@7 () (_ BitVec 64)) -(declare-fun mem@5 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@5 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@8 () (_ BitVec 64)) -(declare-fun Gamma_R0@3 () Bool) -(declare-fun R0@9 () (_ BitVec 64)) -(declare-fun stack@5 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_stack@5 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@10 () (_ BitVec 64)) -(declare-fun Gamma_R0@4 () Bool) -(declare-fun mem@6 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@6 () (Array (_ BitVec 64) Bool)) -(declare-fun mem@7 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@7 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@11 () (_ BitVec 64)) -(declare-fun mem@8 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@8 () (Array (_ BitVec 64) Bool)) -(declare-fun R19@1 () (_ BitVec 64)) -(declare-fun Gamma_R19@1 () Bool) -(declare-fun R0@12 () (_ BitVec 64)) -(declare-fun mem@9 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@9 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@13 () (_ BitVec 64)) -(declare-fun Gamma_R0@5 () Bool) -(declare-fun Gamma_R0@6 () Bool) -(declare-fun R0@14 () (_ BitVec 64)) -(declare-fun mem@10 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@10 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@15 () (_ BitVec 64)) -(declare-fun mem@11 () (Array (_ BitVec 64) (_ BitVec 8))) -(declare-fun Gamma_mem@11 () (Array (_ BitVec 64) Bool)) -(declare-fun R0@16 () (_ BitVec 64)) -(declare-fun Gamma_R0@7 () Bool) -(set-info :boogie-vc-id main_split8) -(set-option :timeout 0) -(set-option :rlimit 0) -(assert (not - (=> (= (ControlFlow 0 0) 3) (let ((lmain_correct (=> (= |#4@0| (bvadd R31 #xffffffffffffffd0)) (=> (and (and (= stack@0 (memory_store64_le stack |#4@0| R29)) (= Gamma_stack@0 (gamma_store64 Gamma_stack |#4@0| Gamma_R29))) (and (= stack@1 (memory_store64_le stack@0 (bvadd |#4@0| #x0000000000000008) R30)) (= Gamma_stack@1 (gamma_store64 Gamma_stack@0 (bvadd |#4@0| #x0000000000000008) Gamma_R30)))) (=> (and (and (and (= stack@2 (memory_store64_le stack@1 (bvadd |#4@0| #x0000000000000010) R19)) (= Gamma_stack@2 (gamma_store64 Gamma_stack@1 (bvadd |#4@0| #x0000000000000010) Gamma_R19))) (and (= stack@3 (memory_store64_le stack@2 (bvadd |#4@0| #x0000000000000028) #x0000000000000000)) (= Gamma_stack@3 (gamma_store64 Gamma_stack@2 (bvadd |#4@0| #x0000000000000028) true)))) (and (and (= stack@4 (memory_store64_le stack@3 (bvadd |#4@0| #x0000000000000020) #x0000000000000000)) (= Gamma_stack@4 (gamma_store64 Gamma_stack@3 (bvadd |#4@0| #x0000000000000020) true))) (and (bvugt #x000000000000000b #x0000000000000000) (= true true)))) (=> (and (and (and (and (and (= (memory_load64_le mem $buf_addr) (memory_load64_le mem $buf_addr)) (= (memory_load8_le mem $password_addr) (memory_load8_le mem $password_addr))) (= Gamma_R0@0 true)) (and (and (= malloc_count@0 (+ malloc_count 1)) (bvugt (select malloc_end@0 malloc_count@0) (select malloc_base@0 malloc_count@0))) (and (= R0@0 (select malloc_base@0 malloc_count@0)) (= (select malloc_end@0 malloc_count@0) (bvadd R0@0 #x000000000000000b))))) (and (and (and (forall ((i@@1 Int) ) (! (=> (not (= i@@1 malloc_count@0)) (or (bvugt (select malloc_base@0 malloc_count@0) (select malloc_end@0 i@@1)) (bvult (select malloc_end@0 malloc_count@0) (select malloc_base@0 i@@1)))) - :qid |examplebpl.497:19| - :skolemid |11| -)) (forall ((i@@2 Int) ) (! (=> (not (= i@@2 malloc_count@0)) (and (= (select malloc_base@0 i@@2) (select malloc_base i@@2)) (= (select malloc_end@0 i@@2) (select malloc_end i@@2)))) - :qid |examplebpl.498:19| - :skolemid |12| -))) (and (bvuge R0@0 #x0000000005f5e100) (forall ((i@@3 (_ BitVec 64)) ) (! (=> (and (bvuge i@@3 R0@0) (bvult i@@3 (bvadd R0@0 #x000000000000000b))) (and (select Gamma_mem i@@3) (gamma_load8 Gamma_mem i@@3))) - :qid |examplebpl.500:19| - :skolemid |13| -)))) (and (and (= (memory_load8_le mem #x00000000000009b8) #x01) (= (memory_load8_le mem #x00000000000009b9) #x00)) (and (= (memory_load8_le mem #x00000000000009ba) #x02) (= (memory_load8_le mem #x00000000000009bb) #x00))))) (and (and (and (and (= (memory_load8_le mem #x000000000001fdc8) #xd0) (= (memory_load8_le mem #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem #x000000000001fdca) #x00) (= (memory_load8_le mem #x000000000001fdcb) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdcc) #x00) (= (memory_load8_le mem #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem #x000000000001fdce) #x00) (= (memory_load8_le mem #x000000000001fdcf) #x00)))) (and (and (and (= (memory_load8_le mem #x000000000001fdd0) #x80) (= (memory_load8_le mem #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem #x000000000001fdd2) #x00) (= (memory_load8_le mem #x000000000001fdd3) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdd4) #x00) (= (memory_load8_le mem #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem #x000000000001fdd6) #x00) (= (memory_load8_le mem #x000000000001fdd7) #x00)))))) (=> (and (and (and (and (and (and (= (memory_load8_le mem #x000000000001ffd8) #xd4) (= (memory_load8_le mem #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem #x000000000001ffda) #x00) (= (memory_load8_le mem #x000000000001ffdb) #x00))) (and (and (= (memory_load8_le mem #x000000000001ffdc) #x00) (= (memory_load8_le mem #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem #x000000000001ffde) #x00) (= (memory_load8_le mem #x000000000001ffdf) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020058) #x58) (= (memory_load8_le mem #x0000000000020059) #x00)) (and (= (memory_load8_le mem #x000000000002005a) #x02) (= (memory_load8_le mem #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem #x000000000002005c) #x00) (= (memory_load8_le mem #x000000000002005d) #x00)) (and (= (memory_load8_le mem #x000000000002005e) #x00) (= (memory_load8_le mem #x000000000002005f) #x00))))) (and (and (and (and (= R0@1 (bvadd #x0000000000020000 #x0000000000000080)) (= mem@0 mem)) (and (= Gamma_mem@0 Gamma_mem) (= (memory_load8_le mem@0 #x00000000000009b8) #x01))) (and (and (= (memory_load8_le mem@0 #x00000000000009b9) #x00) (= (memory_load8_le mem@0 #x00000000000009ba) #x02)) (and (= (memory_load8_le mem@0 #x00000000000009bb) #x00) (= (memory_load8_le mem@0 #x000000000001fdc8) #xd0)))) (and (and (and (= (memory_load8_le mem@0 #x000000000001fdc9) #x08) (= (memory_load8_le mem@0 #x000000000001fdca) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdcb) #x00) (= (memory_load8_le mem@0 #x000000000001fdcc) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001fdcd) #x00) (= (memory_load8_le mem@0 #x000000000001fdce) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdcf) #x00) (= (memory_load8_le mem@0 #x000000000001fdd0) #x80)))))) (and (and (and (and (and (= (memory_load8_le mem@0 #x000000000001fdd1) #x08) (= (memory_load8_le mem@0 #x000000000001fdd2) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdd3) #x00) (= (memory_load8_le mem@0 #x000000000001fdd4) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001fdd5) #x00) (= (memory_load8_le mem@0 #x000000000001fdd6) #x00)) (and (= (memory_load8_le mem@0 #x000000000001fdd7) #x00) (= (memory_load8_le mem@0 #x000000000001ffd8) #xd4)))) (and (and (and (= (memory_load8_le mem@0 #x000000000001ffd9) #x08) (= (memory_load8_le mem@0 #x000000000001ffda) #x00)) (and (= (memory_load8_le mem@0 #x000000000001ffdb) #x00) (= (memory_load8_le mem@0 #x000000000001ffdc) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000001ffdd) #x00) (= (memory_load8_le mem@0 #x000000000001ffde) #x00)) (and (= (memory_load8_le mem@0 #x000000000001ffdf) #x00) (= (memory_load8_le mem@0 #x0000000000020058) #x58))))) (and (and (and (and (= (memory_load8_le mem@0 #x0000000000020059) #x00) (= (memory_load8_le mem@0 #x000000000002005a) #x02)) (and (= (memory_load8_le mem@0 #x000000000002005b) #x00) (= (memory_load8_le mem@0 #x000000000002005c) #x00))) (and (and (= (memory_load8_le mem@0 #x000000000002005d) #x00) (= (memory_load8_le mem@0 #x000000000002005e) #x00)) (and (= (memory_load8_le mem@0 #x000000000002005f) #x00) (=> (L mem@0 R0@1) Gamma_R0@0)))) (and (and (and (= mem@1 (memory_store64_le mem@0 R0@1 R0@0)) (= Gamma_mem@1 (gamma_store64 Gamma_mem@0 R0@1 Gamma_R0@0))) (= R0@2 (bvadd #x0000000000020000 #x0000000000000080))) (and (= mem@2 mem@1) (= Gamma_mem@2 Gamma_mem@1)))))) (=> (and (and (and (and (and (and (and (and (= (memory_load8_le mem@2 #x00000000000009b8) #x01) (= (memory_load8_le mem@2 #x00000000000009b9) #x00)) (and (= (memory_load8_le mem@2 #x00000000000009ba) #x02) (= (memory_load8_le mem@2 #x00000000000009bb) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@2 #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem@2 #x000000000001fdca) #x00) (= (memory_load8_le mem@2 #x000000000001fdcb) #x00)))) (and (and (and (= (memory_load8_le mem@2 #x000000000001fdcc) #x00) (= (memory_load8_le mem@2 #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdce) #x00) (= (memory_load8_le mem@2 #x000000000001fdcf) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdd0) #x80) (= (memory_load8_le mem@2 #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem@2 #x000000000001fdd2) #x00) (= (memory_load8_le mem@2 #x000000000001fdd3) #x00))))) (and (and (and (and (= (memory_load8_le mem@2 #x000000000001fdd4) #x00) (= (memory_load8_le mem@2 #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdd6) #x00) (= (memory_load8_le mem@2 #x000000000001fdd7) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@2 #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem@2 #x000000000001ffda) #x00) (= (memory_load8_le mem@2 #x000000000001ffdb) #x00)))) (and (and (and (= (memory_load8_le mem@2 #x000000000001ffdc) #x00) (= (memory_load8_le mem@2 #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem@2 #x000000000001ffde) #x00) (= (memory_load8_le mem@2 #x000000000001ffdf) #x00))) (and (and (= (memory_load8_le mem@2 #x0000000000020058) #x58) (= (memory_load8_le mem@2 #x0000000000020059) #x00)) (and (= (memory_load8_le mem@2 #x000000000002005a) #x02) (= (memory_load8_le mem@2 #x000000000002005b) #x00)))))) (and (and (and (and (and (= (memory_load8_le mem@2 #x000000000002005c) #x00) (= (memory_load8_le mem@2 #x000000000002005d) #x00)) (and (= (memory_load8_le mem@2 #x000000000002005e) #x00) (= (memory_load8_le mem@2 #x000000000002005f) #x00))) (and (and (= R19@0 (memory_load64_le mem@2 R0@2)) (= Gamma_R19@0 (or (gamma_load64 Gamma_mem@2 R0@2) (L mem@2 R0@2)))) (= R0@3 (bvadd #x0000000000020000 #x0000000000000068)))) (and (and (and (= (memory_load64_le mem@2 $buf_addr) (memory_load64_le mem@2 $buf_addr)) (= (memory_load8_le mem@2 $password_addr) (memory_load8_le mem@2 $password_addr))) (= (memory_load8_le mem@2 $stext_addr) (memory_load8_le mem@2 $stext_addr))) (and (and (= Gamma_R0@1 true) (forall ((i@@4 (_ BitVec 64)) ) (! (=> (and (bvule R0@3 i@@4) (bvult i@@4 (bvadd R0@3 R0@4))) (not (= (select mem@2 i@@4) #x00))) - :qid |examplebpl.812:19| - :skolemid |18| -))) (and (= (memory_load8_le mem@2 (bvadd R0@3 R0@4)) #x00) (bvult R0@3 (bvadd (bvadd R0@3 R0@4) #x0000000000000001)))))) (and (and (and (and (= (memory_load8_le mem@2 #x00000000000009b8) #x01) (= (memory_load8_le mem@2 #x00000000000009b9) #x00)) (and (= (memory_load8_le mem@2 #x00000000000009ba) #x02) (= (memory_load8_le mem@2 #x00000000000009bb) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@2 #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem@2 #x000000000001fdca) #x00) (= (memory_load8_le mem@2 #x000000000001fdcb) #x00)))) (and (and (and (= (memory_load8_le mem@2 #x000000000001fdcc) #x00) (= (memory_load8_le mem@2 #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdce) #x00) (= (memory_load8_le mem@2 #x000000000001fdcf) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001fdd0) #x80) (= (memory_load8_le mem@2 #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem@2 #x000000000001fdd2) #x00) (= (memory_load8_le mem@2 #x000000000001fdd3) #x00))))))) (and (and (and (and (and (and (= (memory_load8_le mem@2 #x000000000001fdd4) #x00) (= (memory_load8_le mem@2 #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem@2 #x000000000001fdd6) #x00) (= (memory_load8_le mem@2 #x000000000001fdd7) #x00))) (and (and (= (memory_load8_le mem@2 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@2 #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem@2 #x000000000001ffda) #x00) (= (memory_load8_le mem@2 #x000000000001ffdb) #x00)))) (and (and (and (= (memory_load8_le mem@2 #x000000000001ffdc) #x00) (= (memory_load8_le mem@2 #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem@2 #x000000000001ffde) #x00) (= (memory_load8_le mem@2 #x000000000001ffdf) #x00))) (and (and (= (memory_load8_le mem@2 #x0000000000020058) #x58) (= (memory_load8_le mem@2 #x0000000000020059) #x00)) (and (= (memory_load8_le mem@2 #x000000000002005a) #x02) (= (memory_load8_le mem@2 #x000000000002005b) #x00))))) (and (and (and (and (= (memory_load8_le mem@2 #x000000000002005c) #x00) (= (memory_load8_le mem@2 #x000000000002005d) #x00)) (and (= (memory_load8_le mem@2 #x000000000002005e) #x00) (= (memory_load8_le mem@2 #x000000000002005f) #x00))) (and (and (= R1@0 (bvadd #x0000000000020000 #x0000000000000068)) (or (bvugt R19@0 (bvadd R1@0 R0@4)) (bvugt R1@0 (bvadd R19@0 R0@4)))) (and (bvugt (bvadd R19@0 R0@4) R19@0) (bvugt (bvadd R1@0 R0@4) R1@0)))) (and (and (and (= (memory_load64_le mem@3 $buf_addr) (memory_load64_le mem@2 $buf_addr)) (= (memory_load8_le mem@3 $password_addr) (memory_load8_le mem@2 $password_addr))) (forall ((i@@5 (_ BitVec 64)) ) (! (= (select Gamma_mem@3 i@@5) (ite (and (bvule R19@0 i@@5) (bvult i@@5 (bvadd R19@0 R0@4))) (gamma_load8 Gamma_mem@3 (bvadd (bvsub i@@5 R19@0) R1@0)) (gamma_load8 Gamma_mem@2 i@@5))) - :qid |examplebpl.579:19| - :skolemid |14| -))) (and (and (forall ((i@@6 (_ BitVec 64)) ) (! (= (select mem@3 i@@6) (ite (and (bvule R19@0 i@@6) (bvult i@@6 (bvadd R19@0 R0@4))) (memory_load8_le mem@3 (bvadd (bvsub i@@6 R19@0) R1@0)) (memory_load8_le mem@2 i@@6))) - :qid |examplebpl.580:19| - :skolemid |15| -)) (= (memory_load8_le mem@3 #x00000000000009b8) #x01)) (and (= (memory_load8_le mem@3 #x00000000000009b9) #x00) (= (memory_load8_le mem@3 #x00000000000009ba) #x02)))))) (and (and (and (and (and (= (memory_load8_le mem@3 #x00000000000009bb) #x00) (= (memory_load8_le mem@3 #x000000000001fdc8) #xd0)) (and (= (memory_load8_le mem@3 #x000000000001fdc9) #x08) (= (memory_load8_le mem@3 #x000000000001fdca) #x00))) (and (and (= (memory_load8_le mem@3 #x000000000001fdcb) #x00) (= (memory_load8_le mem@3 #x000000000001fdcc) #x00)) (and (= (memory_load8_le mem@3 #x000000000001fdcd) #x00) (= (memory_load8_le mem@3 #x000000000001fdce) #x00)))) (and (and (and (= (memory_load8_le mem@3 #x000000000001fdcf) #x00) (= (memory_load8_le mem@3 #x000000000001fdd0) #x80)) (and (= (memory_load8_le mem@3 #x000000000001fdd1) #x08) (= (memory_load8_le mem@3 #x000000000001fdd2) #x00))) (and (and (= (memory_load8_le mem@3 #x000000000001fdd3) #x00) (= (memory_load8_le mem@3 #x000000000001fdd4) #x00)) (and (= (memory_load8_le mem@3 #x000000000001fdd5) #x00) (= (memory_load8_le mem@3 #x000000000001fdd6) #x00))))) (and (and (and (and (= (memory_load8_le mem@3 #x000000000001fdd7) #x00) (= (memory_load8_le mem@3 #x000000000001ffd8) #xd4)) (and (= (memory_load8_le mem@3 #x000000000001ffd9) #x08) (= (memory_load8_le mem@3 #x000000000001ffda) #x00))) (and (and (= (memory_load8_le mem@3 #x000000000001ffdb) #x00) (= (memory_load8_le mem@3 #x000000000001ffdc) #x00)) (and (= (memory_load8_le mem@3 #x000000000001ffdd) #x00) (= (memory_load8_le mem@3 #x000000000001ffde) #x00)))) (and (and (and (= (memory_load8_le mem@3 #x000000000001ffdf) #x00) (= (memory_load8_le mem@3 #x0000000000020058) #x58)) (and (= (memory_load8_le mem@3 #x0000000000020059) #x00) (= (memory_load8_le mem@3 #x000000000002005a) #x02))) (and (and (= (memory_load8_le mem@3 #x000000000002005b) #x00) (= (memory_load8_le mem@3 #x000000000002005c) #x00)) (and (= (memory_load8_le mem@3 #x000000000002005d) #x00) (= (memory_load8_le mem@3 #x000000000002005e) #x00)))))))) (and (and (and (and (and (and (and (= (memory_load8_le mem@3 #x000000000002005f) #x00) (= R0@5 (bvadd #x0000000000020000 #x0000000000000080))) (and (= mem@4 mem@3) (= Gamma_mem@4 Gamma_mem@3))) (and (and (= (memory_load8_le mem@4 #x00000000000009b8) #x01) (= (memory_load8_le mem@4 #x00000000000009b9) #x00)) (and (= (memory_load8_le mem@4 #x00000000000009ba) #x02) (= (memory_load8_le mem@4 #x00000000000009bb) #x00)))) (and (and (and (= (memory_load8_le mem@4 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@4 #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem@4 #x000000000001fdca) #x00) (= (memory_load8_le mem@4 #x000000000001fdcb) #x00))) (and (and (= (memory_load8_le mem@4 #x000000000001fdcc) #x00) (= (memory_load8_le mem@4 #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem@4 #x000000000001fdce) #x00) (= (memory_load8_le mem@4 #x000000000001fdcf) #x00))))) (and (and (and (and (= (memory_load8_le mem@4 #x000000000001fdd0) #x80) (= (memory_load8_le mem@4 #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem@4 #x000000000001fdd2) #x00) (= (memory_load8_le mem@4 #x000000000001fdd3) #x00))) (and (and (= (memory_load8_le mem@4 #x000000000001fdd4) #x00) (= (memory_load8_le mem@4 #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem@4 #x000000000001fdd6) #x00) (= (memory_load8_le mem@4 #x000000000001fdd7) #x00)))) (and (and (and (= (memory_load8_le mem@4 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@4 #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem@4 #x000000000001ffda) #x00) (= (memory_load8_le mem@4 #x000000000001ffdb) #x00))) (and (and (= (memory_load8_le mem@4 #x000000000001ffdc) #x00) (= (memory_load8_le mem@4 #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem@4 #x000000000001ffde) #x00) (= (memory_load8_le mem@4 #x000000000001ffdf) #x00)))))) (and (and (and (and (and (= (memory_load8_le mem@4 #x0000000000020058) #x58) (= (memory_load8_le mem@4 #x0000000000020059) #x00)) (and (= (memory_load8_le mem@4 #x000000000002005a) #x02) (= (memory_load8_le mem@4 #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem@4 #x000000000002005c) #x00) (= (memory_load8_le mem@4 #x000000000002005d) #x00)) (and (= (memory_load8_le mem@4 #x000000000002005e) #x00) (= (memory_load8_le mem@4 #x000000000002005f) #x00)))) (and (and (and (= R0@6 (memory_load64_le mem@4 R0@5)) (= Gamma_R0@2 (or (gamma_load64 Gamma_mem@4 R0@5) (L mem@4 R0@5)))) (= (memory_load8_le mem@4 #x00000000000009b8) #x01)) (and (= (memory_load8_le mem@4 #x00000000000009b9) #x00) (= (memory_load8_le mem@4 #x00000000000009ba) #x02)))) (and (and (and (and (= (memory_load8_le mem@4 #x00000000000009bb) #x00) (= (memory_load8_le mem@4 #x000000000001fdc8) #xd0)) (and (= (memory_load8_le mem@4 #x000000000001fdc9) #x08) (= (memory_load8_le mem@4 #x000000000001fdca) #x00))) (and (and (= (memory_load8_le mem@4 #x000000000001fdcb) #x00) (= (memory_load8_le mem@4 #x000000000001fdcc) #x00)) (and (= (memory_load8_le mem@4 #x000000000001fdcd) #x00) (= (memory_load8_le mem@4 #x000000000001fdce) #x00)))) (and (and (and (= (memory_load8_le mem@4 #x000000000001fdcf) #x00) (= (memory_load8_le mem@4 #x000000000001fdd0) #x80)) (and (= (memory_load8_le mem@4 #x000000000001fdd1) #x08) (= (memory_load8_le mem@4 #x000000000001fdd2) #x00))) (and (and (= (memory_load8_le mem@4 #x000000000001fdd3) #x00) (= (memory_load8_le mem@4 #x000000000001fdd4) #x00)) (and (= (memory_load8_le mem@4 #x000000000001fdd5) #x00) (= (memory_load8_le mem@4 #x000000000001fdd6) #x00))))))) (and (and (and (and (and (and (= (memory_load8_le mem@4 #x000000000001fdd7) #x00) (= (memory_load8_le mem@4 #x000000000001ffd8) #xd4)) (and (= (memory_load8_le mem@4 #x000000000001ffd9) #x08) (= (memory_load8_le mem@4 #x000000000001ffda) #x00))) (and (and (= (memory_load8_le mem@4 #x000000000001ffdb) #x00) (= (memory_load8_le mem@4 #x000000000001ffdc) #x00)) (and (= (memory_load8_le mem@4 #x000000000001ffdd) #x00) (= (memory_load8_le mem@4 #x000000000001ffde) #x00)))) (and (and (and (= (memory_load8_le mem@4 #x000000000001ffdf) #x00) (= (memory_load8_le mem@4 #x0000000000020058) #x58)) (and (= (memory_load8_le mem@4 #x0000000000020059) #x00) (= (memory_load8_le mem@4 #x000000000002005a) #x02))) (and (and (= (memory_load8_le mem@4 #x000000000002005b) #x00) (= (memory_load8_le mem@4 #x000000000002005c) #x00)) (and (= (memory_load8_le mem@4 #x000000000002005d) #x00) (= (memory_load8_le mem@4 #x000000000002005e) #x00))))) (and (and (and (and (= (memory_load8_le mem@4 #x000000000002005f) #x00) (= R0@7 (bvadd #x0000000000020000 #x0000000000000080))) (and (= mem@5 mem@4) (= Gamma_mem@5 Gamma_mem@4))) (and (and (= (memory_load8_le mem@5 #x00000000000009b8) #x01) (= (memory_load8_le mem@5 #x00000000000009b9) #x00)) (and (= (memory_load8_le mem@5 #x00000000000009ba) #x02) (= (memory_load8_le mem@5 #x00000000000009bb) #x00)))) (and (and (and (= (memory_load8_le mem@5 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@5 #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem@5 #x000000000001fdca) #x00) (= (memory_load8_le mem@5 #x000000000001fdcb) #x00))) (and (and (= (memory_load8_le mem@5 #x000000000001fdcc) #x00) (= (memory_load8_le mem@5 #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem@5 #x000000000001fdce) #x00) (= (memory_load8_le mem@5 #x000000000001fdcf) #x00)))))) (and (and (and (and (and (= (memory_load8_le mem@5 #x000000000001fdd0) #x80) (= (memory_load8_le mem@5 #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem@5 #x000000000001fdd2) #x00) (= (memory_load8_le mem@5 #x000000000001fdd3) #x00))) (and (and (= (memory_load8_le mem@5 #x000000000001fdd4) #x00) (= (memory_load8_le mem@5 #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem@5 #x000000000001fdd6) #x00) (= (memory_load8_le mem@5 #x000000000001fdd7) #x00)))) (and (and (and (= (memory_load8_le mem@5 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@5 #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem@5 #x000000000001ffda) #x00) (= (memory_load8_le mem@5 #x000000000001ffdb) #x00))) (and (and (= (memory_load8_le mem@5 #x000000000001ffdc) #x00) (= (memory_load8_le mem@5 #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem@5 #x000000000001ffde) #x00) (= (memory_load8_le mem@5 #x000000000001ffdf) #x00))))) (and (and (and (and (= (memory_load8_le mem@5 #x0000000000020058) #x58) (= (memory_load8_le mem@5 #x0000000000020059) #x00)) (and (= (memory_load8_le mem@5 #x000000000002005a) #x02) (= (memory_load8_le mem@5 #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem@5 #x000000000002005c) #x00) (= (memory_load8_le mem@5 #x000000000002005d) #x00)) (and (= (memory_load8_le mem@5 #x000000000002005e) #x00) (= (memory_load8_le mem@5 #x000000000002005f) #x00)))) (and (and (and (= R0@8 (memory_load64_le mem@5 R0@7)) (= Gamma_R0@3 (or (gamma_load64 Gamma_mem@5 R0@7) (L mem@5 R0@7)))) (= R0@9 (bvadd R0@8 #x0000000000000002))) (and (= stack@5 (memory_store64_le stack@4 (bvadd |#4@0| #x0000000000000028) R0@9)) (= Gamma_stack@5 (gamma_store64 Gamma_stack@4 (bvadd |#4@0| #x0000000000000028) Gamma_R0@3))))))))) (=> (and (and (and (and (and (and (and (and (and (= R0@10 (memory_load64_le stack@5 (bvadd |#4@0| #x0000000000000028))) (= Gamma_R0@4 (gamma_load64 Gamma_stack@5 (bvadd |#4@0| #x0000000000000028)))) (= mem@6 mem@5)) (and (= Gamma_mem@6 Gamma_mem@5) (= (memory_load8_le mem@6 #x00000000000009b8) #x01))) (and (and (= (memory_load8_le mem@6 #x00000000000009b9) #x00) (= (memory_load8_le mem@6 #x00000000000009ba) #x02)) (and (= (memory_load8_le mem@6 #x00000000000009bb) #x00) (= (memory_load8_le mem@6 #x000000000001fdc8) #xd0)))) (and (and (and (= (memory_load8_le mem@6 #x000000000001fdc9) #x08) (= (memory_load8_le mem@6 #x000000000001fdca) #x00)) (and (= (memory_load8_le mem@6 #x000000000001fdcb) #x00) (= (memory_load8_le mem@6 #x000000000001fdcc) #x00))) (and (and (= (memory_load8_le mem@6 #x000000000001fdcd) #x00) (= (memory_load8_le mem@6 #x000000000001fdce) #x00)) (and (= (memory_load8_le mem@6 #x000000000001fdcf) #x00) (= (memory_load8_le mem@6 #x000000000001fdd0) #x80))))) (and (and (and (and (= (memory_load8_le mem@6 #x000000000001fdd1) #x08) (= (memory_load8_le mem@6 #x000000000001fdd2) #x00)) (and (= (memory_load8_le mem@6 #x000000000001fdd3) #x00) (= (memory_load8_le mem@6 #x000000000001fdd4) #x00))) (and (and (= (memory_load8_le mem@6 #x000000000001fdd5) #x00) (= (memory_load8_le mem@6 #x000000000001fdd6) #x00)) (and (= (memory_load8_le mem@6 #x000000000001fdd7) #x00) (= (memory_load8_le mem@6 #x000000000001ffd8) #xd4)))) (and (and (and (= (memory_load8_le mem@6 #x000000000001ffd9) #x08) (= (memory_load8_le mem@6 #x000000000001ffda) #x00)) (and (= (memory_load8_le mem@6 #x000000000001ffdb) #x00) (= (memory_load8_le mem@6 #x000000000001ffdc) #x00))) (and (and (= (memory_load8_le mem@6 #x000000000001ffdd) #x00) (= (memory_load8_le mem@6 #x000000000001ffde) #x00)) (and (= (memory_load8_le mem@6 #x000000000001ffdf) #x00) (= (memory_load8_le mem@6 #x0000000000020058) #x58)))))) (and (and (and (and (and (= (memory_load8_le mem@6 #x0000000000020059) #x00) (= (memory_load8_le mem@6 #x000000000002005a) #x02)) (and (= (memory_load8_le mem@6 #x000000000002005b) #x00) (= (memory_load8_le mem@6 #x000000000002005c) #x00))) (and (and (= (memory_load8_le mem@6 #x000000000002005d) #x00) (= (memory_load8_le mem@6 #x000000000002005e) #x00)) (and (= (memory_load8_le mem@6 #x000000000002005f) #x00) (=> (L mem@6 R0@10) true)))) (and (and (and (= mem@7 (memory_store8_le mem@6 R0@10 #x00)) (= Gamma_mem@7 (gamma_store8 Gamma_mem@6 R0@10 true))) (= R0@11 (bvadd #x0000000000020000 #x0000000000000080))) (and (= mem@8 mem@7) (= Gamma_mem@8 Gamma_mem@7)))) (and (and (and (and (= (memory_load8_le mem@8 #x00000000000009b8) #x01) (= (memory_load8_le mem@8 #x00000000000009b9) #x00)) (and (= (memory_load8_le mem@8 #x00000000000009ba) #x02) (= (memory_load8_le mem@8 #x00000000000009bb) #x00))) (and (and (= (memory_load8_le mem@8 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@8 #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem@8 #x000000000001fdca) #x00) (= (memory_load8_le mem@8 #x000000000001fdcb) #x00)))) (and (and (and (= (memory_load8_le mem@8 #x000000000001fdcc) #x00) (= (memory_load8_le mem@8 #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem@8 #x000000000001fdce) #x00) (= (memory_load8_le mem@8 #x000000000001fdcf) #x00))) (and (and (= (memory_load8_le mem@8 #x000000000001fdd0) #x80) (= (memory_load8_le mem@8 #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem@8 #x000000000001fdd2) #x00) (= (memory_load8_le mem@8 #x000000000001fdd3) #x00))))))) (and (and (and (and (and (and (= (memory_load8_le mem@8 #x000000000001fdd4) #x00) (= (memory_load8_le mem@8 #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem@8 #x000000000001fdd6) #x00) (= (memory_load8_le mem@8 #x000000000001fdd7) #x00))) (and (and (= (memory_load8_le mem@8 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@8 #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem@8 #x000000000001ffda) #x00) (= (memory_load8_le mem@8 #x000000000001ffdb) #x00)))) (and (and (and (= (memory_load8_le mem@8 #x000000000001ffdc) #x00) (= (memory_load8_le mem@8 #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem@8 #x000000000001ffde) #x00) (= (memory_load8_le mem@8 #x000000000001ffdf) #x00))) (and (and (= (memory_load8_le mem@8 #x0000000000020058) #x58) (= (memory_load8_le mem@8 #x0000000000020059) #x00)) (and (= (memory_load8_le mem@8 #x000000000002005a) #x02) (= (memory_load8_le mem@8 #x000000000002005b) #x00))))) (and (and (and (and (= (memory_load8_le mem@8 #x000000000002005c) #x00) (= (memory_load8_le mem@8 #x000000000002005d) #x00)) (and (= (memory_load8_le mem@8 #x000000000002005e) #x00) (= (memory_load8_le mem@8 #x000000000002005f) #x00))) (and (and (= R19@1 (memory_load64_le mem@8 R0@11)) (= Gamma_R19@1 (or (gamma_load64 Gamma_mem@8 R0@11) (L mem@8 R0@11)))) (= R0@12 (bvadd #x0000000000020000 #x0000000000000080)))) (and (and (and (= mem@9 mem@8) (= Gamma_mem@9 Gamma_mem@8)) (and (= (memory_load8_le mem@9 #x00000000000009b8) #x01) (= (memory_load8_le mem@9 #x00000000000009b9) #x00))) (and (and (= (memory_load8_le mem@9 #x00000000000009ba) #x02) (= (memory_load8_le mem@9 #x00000000000009bb) #x00)) (and (= (memory_load8_le mem@9 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@9 #x000000000001fdc9) #x08)))))) (and (and (and (and (and (= (memory_load8_le mem@9 #x000000000001fdca) #x00) (= (memory_load8_le mem@9 #x000000000001fdcb) #x00)) (and (= (memory_load8_le mem@9 #x000000000001fdcc) #x00) (= (memory_load8_le mem@9 #x000000000001fdcd) #x00))) (and (and (= (memory_load8_le mem@9 #x000000000001fdce) #x00) (= (memory_load8_le mem@9 #x000000000001fdcf) #x00)) (and (= (memory_load8_le mem@9 #x000000000001fdd0) #x80) (= (memory_load8_le mem@9 #x000000000001fdd1) #x08)))) (and (and (and (= (memory_load8_le mem@9 #x000000000001fdd2) #x00) (= (memory_load8_le mem@9 #x000000000001fdd3) #x00)) (and (= (memory_load8_le mem@9 #x000000000001fdd4) #x00) (= (memory_load8_le mem@9 #x000000000001fdd5) #x00))) (and (and (= (memory_load8_le mem@9 #x000000000001fdd6) #x00) (= (memory_load8_le mem@9 #x000000000001fdd7) #x00)) (and (= (memory_load8_le mem@9 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@9 #x000000000001ffd9) #x08))))) (and (and (and (and (= (memory_load8_le mem@9 #x000000000001ffda) #x00) (= (memory_load8_le mem@9 #x000000000001ffdb) #x00)) (and (= (memory_load8_le mem@9 #x000000000001ffdc) #x00) (= (memory_load8_le mem@9 #x000000000001ffdd) #x00))) (and (and (= (memory_load8_le mem@9 #x000000000001ffde) #x00) (= (memory_load8_le mem@9 #x000000000001ffdf) #x00)) (and (= (memory_load8_le mem@9 #x0000000000020058) #x58) (= (memory_load8_le mem@9 #x0000000000020059) #x00)))) (and (and (and (= (memory_load8_le mem@9 #x000000000002005a) #x02) (= (memory_load8_le mem@9 #x000000000002005b) #x00)) (and (= (memory_load8_le mem@9 #x000000000002005c) #x00) (= (memory_load8_le mem@9 #x000000000002005d) #x00))) (and (and (= (memory_load8_le mem@9 #x000000000002005e) #x00) (= (memory_load8_le mem@9 #x000000000002005f) #x00)) (and (= R0@13 (memory_load64_le mem@9 R0@12)) (= Gamma_R0@5 (or (gamma_load64 Gamma_mem@9 R0@12) (L mem@9 R0@12)))))))))) (and (and (and (and (and (and (and (= (memory_load64_le mem@9 $buf_addr) (memory_load64_le mem@9 $buf_addr)) (= (memory_load8_le mem@9 $password_addr) (memory_load8_le mem@9 $password_addr))) (= (memory_load8_le mem@9 $stext_addr) (memory_load8_le mem@9 $stext_addr))) (and (and (= Gamma_R0@6 true) (forall ((i@@7 (_ BitVec 64)) ) (! (=> (and (bvule R0@13 i@@7) (bvult i@@7 (bvadd R0@13 R0@14))) (not (= (select mem@9 i@@7) #x00))) - :qid |examplebpl.812:19| - :skolemid |18| -))) (and (= (memory_load8_le mem@9 (bvadd R0@13 R0@14)) #x00) (bvult R0@13 (bvadd (bvadd R0@13 R0@14) #x0000000000000001))))) (and (and (and (= (memory_load8_le mem@9 #x00000000000009b8) #x01) (= (memory_load8_le mem@9 #x00000000000009b9) #x00)) (and (= (memory_load8_le mem@9 #x00000000000009ba) #x02) (= (memory_load8_le mem@9 #x00000000000009bb) #x00))) (and (and (= (memory_load8_le mem@9 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@9 #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem@9 #x000000000001fdca) #x00) (= (memory_load8_le mem@9 #x000000000001fdcb) #x00))))) (and (and (and (and (= (memory_load8_le mem@9 #x000000000001fdcc) #x00) (= (memory_load8_le mem@9 #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem@9 #x000000000001fdce) #x00) (= (memory_load8_le mem@9 #x000000000001fdcf) #x00))) (and (and (= (memory_load8_le mem@9 #x000000000001fdd0) #x80) (= (memory_load8_le mem@9 #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem@9 #x000000000001fdd2) #x00) (= (memory_load8_le mem@9 #x000000000001fdd3) #x00)))) (and (and (and (= (memory_load8_le mem@9 #x000000000001fdd4) #x00) (= (memory_load8_le mem@9 #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem@9 #x000000000001fdd6) #x00) (= (memory_load8_le mem@9 #x000000000001fdd7) #x00))) (and (and (= (memory_load8_le mem@9 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@9 #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem@9 #x000000000001ffda) #x00) (= (memory_load8_le mem@9 #x000000000001ffdb) #x00)))))) (and (and (and (and (and (= (memory_load8_le mem@9 #x000000000001ffdc) #x00) (= (memory_load8_le mem@9 #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem@9 #x000000000001ffde) #x00) (= (memory_load8_le mem@9 #x000000000001ffdf) #x00))) (and (and (= (memory_load8_le mem@9 #x0000000000020058) #x58) (= (memory_load8_le mem@9 #x0000000000020059) #x00)) (and (= (memory_load8_le mem@9 #x000000000002005a) #x02) (= (memory_load8_le mem@9 #x000000000002005b) #x00)))) (and (and (and (= (memory_load8_le mem@9 #x000000000002005c) #x00) (= (memory_load8_le mem@9 #x000000000002005d) #x00)) (and (= (memory_load8_le mem@9 #x000000000002005e) #x00) (= (memory_load8_le mem@9 #x000000000002005f) #x00))) (and (and (= (memory_load64_le mem@10 $buf_addr) (memory_load64_le mem@9 $buf_addr)) (= (memory_load8_le mem@10 $password_addr) (memory_load8_le mem@9 $password_addr))) (forall ((i@@8 (_ BitVec 64)) ) (! (= (select Gamma_mem@10 i@@8) (ite (and (bvule R19@1 i@@8) (bvult i@@8 (bvadd R19@1 R0@14))) true (gamma_load8 Gamma_mem@9 i@@8))) - :qid |examplebpl.658:19| - :skolemid |16| -))))) (and (and (and (and (forall ((i@@9 (_ BitVec 64)) ) (! (= (select mem@10 i@@9) (ite (and (bvule R19@1 i@@9) (bvult i@@9 (bvadd R19@1 R0@14))) ((_ extract 7 0) #x0000000000000001) (memory_load8_le mem@9 i@@9))) - :qid |examplebpl.659:19| - :skolemid |17| -)) (= (memory_load8_le mem@10 #x00000000000009b8) #x01)) (and (= (memory_load8_le mem@10 #x00000000000009b9) #x00) (= (memory_load8_le mem@10 #x00000000000009ba) #x02))) (and (and (= (memory_load8_le mem@10 #x00000000000009bb) #x00) (= (memory_load8_le mem@10 #x000000000001fdc8) #xd0)) (and (= (memory_load8_le mem@10 #x000000000001fdc9) #x08) (= (memory_load8_le mem@10 #x000000000001fdca) #x00)))) (and (and (and (= (memory_load8_le mem@10 #x000000000001fdcb) #x00) (= (memory_load8_le mem@10 #x000000000001fdcc) #x00)) (and (= (memory_load8_le mem@10 #x000000000001fdcd) #x00) (= (memory_load8_le mem@10 #x000000000001fdce) #x00))) (and (and (= (memory_load8_le mem@10 #x000000000001fdcf) #x00) (= (memory_load8_le mem@10 #x000000000001fdd0) #x80)) (and (= (memory_load8_le mem@10 #x000000000001fdd1) #x08) (= (memory_load8_le mem@10 #x000000000001fdd2) #x00))))))) (and (and (and (and (and (and (= (memory_load8_le mem@10 #x000000000001fdd3) #x00) (= (memory_load8_le mem@10 #x000000000001fdd4) #x00)) (and (= (memory_load8_le mem@10 #x000000000001fdd5) #x00) (= (memory_load8_le mem@10 #x000000000001fdd6) #x00))) (and (and (= (memory_load8_le mem@10 #x000000000001fdd7) #x00) (= (memory_load8_le mem@10 #x000000000001ffd8) #xd4)) (and (= (memory_load8_le mem@10 #x000000000001ffd9) #x08) (= (memory_load8_le mem@10 #x000000000001ffda) #x00)))) (and (and (and (= (memory_load8_le mem@10 #x000000000001ffdb) #x00) (= (memory_load8_le mem@10 #x000000000001ffdc) #x00)) (and (= (memory_load8_le mem@10 #x000000000001ffdd) #x00) (= (memory_load8_le mem@10 #x000000000001ffde) #x00))) (and (and (= (memory_load8_le mem@10 #x000000000001ffdf) #x00) (= (memory_load8_le mem@10 #x0000000000020058) #x58)) (and (= (memory_load8_le mem@10 #x0000000000020059) #x00) (= (memory_load8_le mem@10 #x000000000002005a) #x02))))) (and (and (and (and (= (memory_load8_le mem@10 #x000000000002005b) #x00) (= (memory_load8_le mem@10 #x000000000002005c) #x00)) (and (= (memory_load8_le mem@10 #x000000000002005d) #x00) (= (memory_load8_le mem@10 #x000000000002005e) #x00))) (and (and (= (memory_load8_le mem@10 #x000000000002005f) #x00) (= R0@15 (bvadd #x0000000000020000 #x0000000000000080))) (and (= mem@11 mem@10) (= Gamma_mem@11 Gamma_mem@10)))) (and (and (and (= (memory_load8_le mem@11 #x00000000000009b8) #x01) (= (memory_load8_le mem@11 #x00000000000009b9) #x00)) (and (= (memory_load8_le mem@11 #x00000000000009ba) #x02) (= (memory_load8_le mem@11 #x00000000000009bb) #x00))) (and (and (= (memory_load8_le mem@11 #x000000000001fdc8) #xd0) (= (memory_load8_le mem@11 #x000000000001fdc9) #x08)) (and (= (memory_load8_le mem@11 #x000000000001fdca) #x00) (= (memory_load8_le mem@11 #x000000000001fdcb) #x00)))))) (and (and (and (and (and (= (memory_load8_le mem@11 #x000000000001fdcc) #x00) (= (memory_load8_le mem@11 #x000000000001fdcd) #x00)) (and (= (memory_load8_le mem@11 #x000000000001fdce) #x00) (= (memory_load8_le mem@11 #x000000000001fdcf) #x00))) (and (and (= (memory_load8_le mem@11 #x000000000001fdd0) #x80) (= (memory_load8_le mem@11 #x000000000001fdd1) #x08)) (and (= (memory_load8_le mem@11 #x000000000001fdd2) #x00) (= (memory_load8_le mem@11 #x000000000001fdd3) #x00)))) (and (and (and (= (memory_load8_le mem@11 #x000000000001fdd4) #x00) (= (memory_load8_le mem@11 #x000000000001fdd5) #x00)) (and (= (memory_load8_le mem@11 #x000000000001fdd6) #x00) (= (memory_load8_le mem@11 #x000000000001fdd7) #x00))) (and (and (= (memory_load8_le mem@11 #x000000000001ffd8) #xd4) (= (memory_load8_le mem@11 #x000000000001ffd9) #x08)) (and (= (memory_load8_le mem@11 #x000000000001ffda) #x00) (= (memory_load8_le mem@11 #x000000000001ffdb) #x00))))) (and (and (and (and (= (memory_load8_le mem@11 #x000000000001ffdc) #x00) (= (memory_load8_le mem@11 #x000000000001ffdd) #x00)) (and (= (memory_load8_le mem@11 #x000000000001ffde) #x00) (= (memory_load8_le mem@11 #x000000000001ffdf) #x00))) (and (and (= (memory_load8_le mem@11 #x0000000000020058) #x58) (= (memory_load8_le mem@11 #x0000000000020059) #x00)) (and (= (memory_load8_le mem@11 #x000000000002005a) #x02) (= (memory_load8_le mem@11 #x000000000002005b) #x00)))) (and (and (and (= (memory_load8_le mem@11 #x000000000002005c) #x00) (= (memory_load8_le mem@11 #x000000000002005d) #x00)) (and (= (memory_load8_le mem@11 #x000000000002005e) #x00) (= (memory_load8_le mem@11 #x000000000002005f) #x00))) (and (and (= R0@16 (memory_load64_le mem@11 R0@15)) (= Gamma_R0@7 (or (gamma_load64 Gamma_mem@11 R0@15) (L mem@11 R0@15)))) (= (ControlFlow 0 2) (- 0 1))))))))) (forall ((i@@10 Int) (j (_ BitVec 64)) ) (! (=> (and (= (select malloc_base@0 i@@10) R0@16) (and (bvuge j R0@16) (bvult j (select malloc_end@0 i@@10)))) (select Gamma_mem@11 j)) - :qid |examplebpl.148:20| - :skolemid |10| -))))))))))) -(let ((PreconditionGeneratedEntry_correct (=> (and (and (= (gamma_load8 Gamma_mem $password_addr) false) (= malloc_count 0)) (and (gamma_load32 Gamma_mem (memory_load64_le mem $stext_addr)) (= R31 #x0000000000000064))) (=> (and (and (and (= (memory_load8_le mem #x0000000000020050) #x00) (= (memory_load8_le mem #x0000000000020051) #x00)) (and (= (memory_load8_le mem #x0000000000020052) #x00) (= (memory_load8_le mem #x0000000000020053) #x00))) (and (and (= (memory_load8_le mem #x0000000000020054) #x00) (= (memory_load8_le mem #x0000000000020055) #x00)) (and (= (memory_load8_le mem #x0000000000020056) #x00) (= (memory_load8_le mem #x0000000000020057) #x00)))) (=> (and (and (and (and (and (and (= (memory_load8_le mem #x0000000000020058) #x58) (= (memory_load8_le mem #x0000000000020059) #x00)) (and (= (memory_load8_le mem #x000000000002005a) #x02) (= (memory_load8_le mem #x000000000002005b) #x00))) (and (and (= (memory_load8_le mem #x000000000002005c) #x00) (= (memory_load8_le mem #x000000000002005d) #x00)) (and (= (memory_load8_le mem #x000000000002005e) #x00) (= (memory_load8_le mem #x000000000002005f) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020060) #x07) (= (memory_load8_le mem #x0000000000020061) #x00)) (and (= (memory_load8_le mem #x0000000000020062) #x00) (= (memory_load8_le mem #x0000000000020063) #x00))) (and (and (= (memory_load8_le mem #x0000000000020064) #x00) (= (memory_load8_le mem #x0000000000020065) #x00)) (and (= (memory_load8_le mem #x0000000000020066) #x00) (= (memory_load8_le mem #x0000000000020067) #x00))))) (and (and (and (and (= (memory_load8_le mem #x0000000000020068) #x68) (= (memory_load8_le mem #x0000000000020069) #x65)) (and (= (memory_load8_le mem #x000000000002006a) #x6c) (= (memory_load8_le mem #x000000000002006b) #x6c))) (and (and (= (memory_load8_le mem #x000000000002006c) #x6f) (= (memory_load8_le mem #x000000000002006d) #x6f)) (and (= (memory_load8_le mem #x000000000002006e) #x00) (= (memory_load8_le mem #x000000000002006f) #x00)))) (and (and (and (= (memory_load8_le mem #x0000000000020070) #x00) (= (memory_load8_le mem #x0000000000020071) #x00)) (and (= (memory_load8_le mem #x0000000000020072) #x00) (= (memory_load8_le mem #x00000000000009b8) #x01))) (and (and (= (memory_load8_le mem #x00000000000009b9) #x00) (= (memory_load8_le mem #x00000000000009ba) #x02)) (and (= (memory_load8_le mem #x00000000000009bb) #x00) (= (memory_load8_le mem #x000000000001fdc8) #xd0)))))) (and (and (and (and (and (= (memory_load8_le mem #x000000000001fdc9) #x08) (= (memory_load8_le mem #x000000000001fdca) #x00)) (and (= (memory_load8_le mem #x000000000001fdcb) #x00) (= (memory_load8_le mem #x000000000001fdcc) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdcd) #x00) (= (memory_load8_le mem #x000000000001fdce) #x00)) (and (= (memory_load8_le mem #x000000000001fdcf) #x00) (= (memory_load8_le mem #x000000000001fdd0) #x80)))) (and (and (and (= (memory_load8_le mem #x000000000001fdd1) #x08) (= (memory_load8_le mem #x000000000001fdd2) #x00)) (and (= (memory_load8_le mem #x000000000001fdd3) #x00) (= (memory_load8_le mem #x000000000001fdd4) #x00))) (and (and (= (memory_load8_le mem #x000000000001fdd5) #x00) (= (memory_load8_le mem #x000000000001fdd6) #x00)) (and (= (memory_load8_le mem #x000000000001fdd7) #x00) (= (memory_load8_le mem #x000000000001ffd8) #xd4))))) (and (and (and (and (= (memory_load8_le mem #x000000000001ffd9) #x08) (= (memory_load8_le mem #x000000000001ffda) #x00)) (and (= (memory_load8_le mem #x000000000001ffdb) #x00) (= (memory_load8_le mem #x000000000001ffdc) #x00))) (and (and (= (memory_load8_le mem #x000000000001ffdd) #x00) (= (memory_load8_le mem #x000000000001ffde) #x00)) (and (= (memory_load8_le mem #x000000000001ffdf) #x00) (= (memory_load8_le mem #x0000000000020058) #x58)))) (and (and (and (= (memory_load8_le mem #x0000000000020059) #x00) (= (memory_load8_le mem #x000000000002005a) #x02)) (and (= (memory_load8_le mem #x000000000002005b) #x00) (= (memory_load8_le mem #x000000000002005c) #x00))) (and (and (= (memory_load8_le mem #x000000000002005d) #x00) (= (memory_load8_le mem #x000000000002005e) #x00)) (and (= (memory_load8_le mem #x000000000002005f) #x00) (= (ControlFlow 0 3) 2))))))) lmain_correct))))) -PreconditionGeneratedEntry_correct))) -)) -(check-sat) -(get-info :reason-unknown) -(assert (not (= (ControlFlow 0 2) (- 1)))) -(check-sat) -(pop 1) -; Invalid -(get-info :rlimit) diff --git a/examples/simplified_http_parse_basic/example.adt b/examples/simplified_http_parse_basic/example.adt deleted file mode 100644 index 57c3fb417..000000000 --- a/examples/simplified_http_parse_basic/example.adt +++ /dev/null @@ -1,769 +0,0 @@ -Project(Attrs([Attr("filename","/tmp/tmp3ywqtcgw/a.out"), -Attr("image-specification","(declare abi (name str))\n(declare arch (name str))\n(declare base-address (addr int))\n(declare bias (off int))\n(declare bits (size int))\n(declare code-region (addr int) (size int) (off int))\n(declare code-start (addr int))\n(declare entry-point (addr int))\n(declare external-reference (addr int) (name str))\n(declare format (name str))\n(declare is-executable (flag bool))\n(declare is-little-endian (flag bool))\n(declare llvm:base-address (addr int))\n(declare llvm:code-entry (name str) (off int) (size int))\n(declare llvm:coff-import-library (name str))\n(declare llvm:coff-virtual-section-header (name str) (addr int) (size int))\n(declare llvm:elf-program-header (name str) (off int) (size int))\n(declare llvm:elf-program-header-flags (name str) (ld bool) (r bool) \n (w bool) (x bool))\n(declare llvm:elf-virtual-program-header (name str) (addr int) (size int))\n(declare llvm:entry-point (addr int))\n(declare llvm:macho-symbol (name str) (value int))\n(declare llvm:name-reference (at int) (name str))\n(declare llvm:relocation (at int) (addr int))\n(declare llvm:section-entry (name str) (addr int) (size int) (off int))\n(declare llvm:section-flags (name str) (r bool) (w bool) (x bool))\n(declare llvm:segment-command (name str) (off int) (size int))\n(declare llvm:segment-command-flags (name str) (r bool) (w bool) (x bool))\n(declare llvm:symbol-entry (name str) (addr int) (size int) (off int)\n (value int))\n(declare llvm:virtual-segment-command (name str) (addr int) (size int))\n(declare mapped (addr int) (size int) (off int))\n(declare named-region (addr int) (size int) (name str))\n(declare named-symbol (addr int) (name str))\n(declare require (name str))\n(declare section (addr int) (size int))\n(declare segment (addr int) (size int) (r bool) (w bool) (x bool))\n(declare subarch (name str))\n(declare symbol-chunk (addr int) (size int) (root int))\n(declare symbol-value (addr int) (value int))\n(declare system (name str))\n(declare vendor (name str))\n\n(abi unknown)\n(arch aarch64)\n(base-address 0)\n(bias 0)\n(bits 64)\n(code-region 2468 20 2468)\n(code-region 2048 420 2048)\n(code-region 1856 192 1856)\n(code-region 1832 24 1832)\n(code-start 2100)\n(code-start 2048)\n(code-start 2324)\n(entry-point 2048)\n(external-reference 131008 _ITM_deregisterTMCloneTable)\n(external-reference 131016 __cxa_finalize)\n(external-reference 131024 __gmon_start__)\n(external-reference 131040 _ITM_registerTMCloneTable)\n(external-reference 131072 memcpy)\n(external-reference 131080 strlen)\n(external-reference 131088 __libc_start_main)\n(external-reference 131096 __cxa_finalize)\n(external-reference 131104 malloc)\n(external-reference 131112 memset)\n(external-reference 131120 __gmon_start__)\n(external-reference 131128 abort)\n(external-reference 131136 puts)\n(external-reference 131144 free)\n(format elf)\n(is-executable true)\n(is-little-endian true)\n(llvm:base-address 0)\n(llvm:code-entry free 0 0)\n(llvm:code-entry puts 0 0)\n(llvm:code-entry abort 0 0)\n(llvm:code-entry memset 0 0)\n(llvm:code-entry malloc 0 0)\n(llvm:code-entry __cxa_finalize 0 0)\n(llvm:code-entry __libc_start_main 0 0)\n(llvm:code-entry strlen 0 0)\n(llvm:code-entry memcpy 0 0)\n(llvm:code-entry _init 1832 0)\n(llvm:code-entry main 2324 144)\n(llvm:code-entry _start 2048 52)\n(llvm:code-entry free@GLIBC_2.17 0 0)\n(llvm:code-entry puts@GLIBC_2.17 0 0)\n(llvm:code-entry abort@GLIBC_2.17 0 0)\n(llvm:code-entry memset@GLIBC_2.17 0 0)\n(llvm:code-entry malloc@GLIBC_2.17 0 0)\n(llvm:code-entry _fini 2468 0)\n(llvm:code-entry __cxa_finalize@GLIBC_2.17 0 0)\n(llvm:code-entry __libc_start_main@GLIBC_2.34 0 0)\n(llvm:code-entry strlen@GLIBC_2.17 0 0)\n(llvm:code-entry memcpy@GLIBC_2.17 0 0)\n(llvm:code-entry frame_dummy 2320 0)\n(llvm:code-entry __do_global_dtors_aux 2240 0)\n(llvm:code-entry register_tm_clones 2176 0)\n(llvm:code-entry deregister_tm_clones 2128 0)\n(llvm:code-entry call_weak_fn 2100 20)\n(llvm:code-entry .fini 2468 20)\n(llvm:code-entry .text 2048 420)\n(llvm:code-entry .plt 1856 192)\n(llvm:code-entry .init 1832 24)\n(llvm:elf-program-header 08 64936 600)\n(llvm:elf-program-header 07 0 0)\n(llvm:elf-program-header 06 2492 60)\n(llvm:elf-program-header 05 596 68)\n(llvm:elf-program-header 04 64952 512)\n(llvm:elf-program-header 03 64936 708)\n(llvm:elf-program-header 02 0 2764)\n(llvm:elf-program-header 01 568 27)\n(llvm:elf-program-header 00 64 504)\n(llvm:elf-program-header-flags 08 false true false false)\n(llvm:elf-program-header-flags 07 false true true false)\n(llvm:elf-program-header-flags 06 false true false false)\n(llvm:elf-program-header-flags 05 false true false false)\n(llvm:elf-program-header-flags 04 false true true false)\n(llvm:elf-program-header-flags 03 true true true false)\n(llvm:elf-program-header-flags 02 true true false true)\n(llvm:elf-program-header-flags 01 false true false false)\n(llvm:elf-program-header-flags 00 false true false false)\n(llvm:elf-virtual-program-header 08 130472 600)\n(llvm:elf-virtual-program-header 07 0 0)\n(llvm:elf-virtual-program-header 06 2492 60)\n(llvm:elf-virtual-program-header 05 596 68)\n(llvm:elf-virtual-program-header 04 130488 512)\n(llvm:elf-virtual-program-header 03 130472 728)\n(llvm:elf-virtual-program-header 02 0 2764)\n(llvm:elf-virtual-program-header 01 568 27)\n(llvm:elf-virtual-program-header 00 64 504)\n(llvm:entry-point 2048)\n(llvm:name-reference 131144 free)\n(llvm:name-reference 131136 puts)\n(llvm:name-reference 131128 abort)\n(llvm:name-reference 131120 __gmon_start__)\n(llvm:name-reference 131112 memset)\n(llvm:name-reference 131104 malloc)\n(llvm:name-reference 131096 __cxa_finalize)\n(llvm:name-reference 131088 __libc_start_main)\n(llvm:name-reference 131080 strlen)\n(llvm:name-reference 131072 memcpy)\n(llvm:name-reference 131040 _ITM_registerTMCloneTable)\n(llvm:name-reference 131024 __gmon_start__)\n(llvm:name-reference 131016 __cxa_finalize)\n(llvm:name-reference 131008 _ITM_deregisterTMCloneTable)\n(llvm:section-entry .shstrtab 0 371 70374)\n(llvm:section-entry .strtab 0 734 69640)\n(llvm:section-entry .symtab 0 2784 66856)\n(llvm:section-entry .debug_str_offsets 0 60 66790)\n(llvm:section-entry .debug_loclists 0 31 66759)\n(llvm:section-entry .debug_line_str 0 211 66548)\n(llvm:section-entry .debug_addr 0 48 66500)\n(llvm:section-entry .debug_str 0 212 66288)\n(llvm:section-entry .debug_line 0 206 66082)\n(llvm:section-entry .debug_abbrev 0 193 65889)\n(llvm:section-entry .debug_info 0 174 65715)\n(llvm:section-entry .comment 0 71 65644)\n(llvm:section-entry .bss 131184 16 65644)\n(llvm:section-entry .data 131152 28 65616)\n(llvm:section-entry .got.plt 131048 104 65512)\n(llvm:section-entry .got 131000 48 65464)\n(llvm:section-entry .dynamic 130488 512 64952)\n(llvm:section-entry .fini_array 130480 8 64944)\n(llvm:section-entry .init_array 130472 8 64936)\n(llvm:section-entry .eh_frame 2552 212 2552)\n(llvm:section-entry .eh_frame_hdr 2492 60 2492)\n(llvm:section-entry .rodata 2488 4 2488)\n(llvm:section-entry .fini 2468 20 2468)\n(llvm:section-entry .text 2048 420 2048)\n(llvm:section-entry .plt 1856 192 1856)\n(llvm:section-entry .init 1832 24 1832)\n(llvm:section-entry .rela.plt 1592 240 1592)\n(llvm:section-entry .rela.dyn 1400 192 1400)\n(llvm:section-entry .gnu.version_r 1352 48 1352)\n(llvm:section-entry .gnu.version 1322 30 1322)\n(llvm:section-entry .dynstr 1136 185 1136)\n(llvm:section-entry .dynsym 776 360 776)\n(llvm:section-entry .gnu.hash 744 28 744)\n(llvm:section-entry .hash 664 80 664)\n(llvm:section-entry .note.ABI-tag 632 32 632)\n(llvm:section-entry .note.gnu.build-id 596 36 596)\n(llvm:section-entry .interp 568 27 568)\n(llvm:section-flags .shstrtab true false false)\n(llvm:section-flags .strtab true false false)\n(llvm:section-flags .symtab true false false)\n(llvm:section-flags .debug_str_offsets true false false)\n(llvm:section-flags .debug_loclists true false false)\n(llvm:section-flags .debug_line_str true false false)\n(llvm:section-flags .debug_addr true false false)\n(llvm:section-flags .debug_str true false false)\n(llvm:section-flags .debug_line true false false)\n(llvm:section-flags .debug_abbrev true false false)\n(llvm:section-flags .debug_info true false false)\n(llvm:section-flags .comment true false false)\n(llvm:section-flags .bss true true false)\n(llvm:section-flags .data true true false)\n(llvm:section-flags .got.plt true true false)\n(llvm:section-flags .got true true false)\n(llvm:section-flags .dynamic true true false)\n(llvm:section-flags .fini_array true true false)\n(llvm:section-flags .init_array true true false)\n(llvm:section-flags .eh_frame true false false)\n(llvm:section-flags .eh_frame_hdr true false false)\n(llvm:section-flags .rodata true false false)\n(llvm:section-flags .fini true false true)\n(llvm:section-flags .text true false true)\n(llvm:section-flags .plt true false true)\n(llvm:section-flags .init true false true)\n(llvm:section-flags .rela.plt true false false)\n(llvm:section-flags .rela.dyn true false false)\n(llvm:section-flags .gnu.version_r true false false)\n(llvm:section-flags .gnu.version true false false)\n(llvm:section-flags .dynstr true false false)\n(llvm:section-flags .dynsym true false false)\n(llvm:section-flags .gnu.hash true false false)\n(llvm:section-flags .hash true false false)\n(llvm:section-flags .note.ABI-tag true false false)\n(llvm:section-flags .note.gnu.build-id true false false)\n(llvm:section-flags .interp true false false)\n(llvm:symbol-entry free 0 0 0 0)\n(llvm:symbol-entry puts 0 0 0 0)\n(llvm:symbol-entry abort 0 0 0 0)\n(llvm:symbol-entry memset 0 0 0 0)\n(llvm:symbol-entry malloc 0 0 0 0)\n(llvm:symbol-entry __cxa_finalize 0 0 0 0)\n(llvm:symbol-entry __libc_start_main 0 0 0 0)\n(llvm:symbol-entry strlen 0 0 0 0)\n(llvm:symbol-entry memcpy 0 0 0 0)\n(llvm:symbol-entry _init 1832 0 1832 1832)\n(llvm:symbol-entry main 2324 144 2324 2324)\n(llvm:symbol-entry _start 2048 52 2048 2048)\n(llvm:symbol-entry free@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry puts@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry abort@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry memset@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry malloc@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry _fini 2468 0 2468 2468)\n(llvm:symbol-entry __cxa_finalize@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry __libc_start_main@GLIBC_2.34 0 0 0 0)\n(llvm:symbol-entry strlen@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry memcpy@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry frame_dummy 2320 0 2320 2320)\n(llvm:symbol-entry __do_global_dtors_aux 2240 0 2240 2240)\n(llvm:symbol-entry register_tm_clones 2176 0 2176 2176)\n(llvm:symbol-entry deregister_tm_clones 2128 0 2128 2128)\n(llvm:symbol-entry call_weak_fn 2100 20 2100 2100)\n(mapped 0 2764 0)\n(mapped 130472 708 64936)\n(named-region 0 2764 02)\n(named-region 130472 728 03)\n(named-region 568 27 .interp)\n(named-region 596 36 .note.gnu.build-id)\n(named-region 632 32 .note.ABI-tag)\n(named-region 664 80 .hash)\n(named-region 744 28 .gnu.hash)\n(named-region 776 360 .dynsym)\n(named-region 1136 185 .dynstr)\n(named-region 1322 30 .gnu.version)\n(named-region 1352 48 .gnu.version_r)\n(named-region 1400 192 .rela.dyn)\n(named-region 1592 240 .rela.plt)\n(named-region 1832 24 .init)\n(named-region 1856 192 .plt)\n(named-region 2048 420 .text)\n(named-region 2468 20 .fini)\n(named-region 2488 4 .rodata)\n(named-region 2492 60 .eh_frame_hdr)\n(named-region 2552 212 .eh_frame)\n(named-region 130472 8 .init_array)\n(named-region 130480 8 .fini_array)\n(named-region 130488 512 .dynamic)\n(named-region 131000 48 .got)\n(named-region 131048 104 .got.plt)\n(named-region 131152 28 .data)\n(named-region 131184 16 .bss)\n(named-region 0 71 .comment)\n(named-region 0 174 .debug_info)\n(named-region 0 193 .debug_abbrev)\n(named-region 0 206 .debug_line)\n(named-region 0 212 .debug_str)\n(named-region 0 48 .debug_addr)\n(named-region 0 211 .debug_line_str)\n(named-region 0 31 .debug_loclists)\n(named-region 0 60 .debug_str_offsets)\n(named-region 0 2784 .symtab)\n(named-region 0 734 .strtab)\n(named-region 0 371 .shstrtab)\n(named-symbol 2100 call_weak_fn)\n(named-symbol 2128 deregister_tm_clones)\n(named-symbol 2176 register_tm_clones)\n(named-symbol 2240 __do_global_dtors_aux)\n(named-symbol 2320 frame_dummy)\n(named-symbol 0 memcpy@GLIBC_2.17)\n(named-symbol 0 strlen@GLIBC_2.17)\n(named-symbol 0 __libc_start_main@GLIBC_2.34)\n(named-symbol 0 __cxa_finalize@GLIBC_2.17)\n(named-symbol 2468 _fini)\n(named-symbol 0 malloc@GLIBC_2.17)\n(named-symbol 0 memset@GLIBC_2.17)\n(named-symbol 0 abort@GLIBC_2.17)\n(named-symbol 0 puts@GLIBC_2.17)\n(named-symbol 0 free@GLIBC_2.17)\n(named-symbol 2048 _start)\n(named-symbol 2324 main)\n(named-symbol 1832 _init)\n(named-symbol 0 memcpy)\n(named-symbol 0 strlen)\n(named-symbol 0 __libc_start_main)\n(named-symbol 0 __cxa_finalize)\n(named-symbol 0 malloc)\n(named-symbol 0 memset)\n(named-symbol 0 abort)\n(named-symbol 0 puts)\n(named-symbol 0 free)\n(require libc.so.6)\n(section 568 27)\n(section 596 36)\n(section 632 32)\n(section 664 80)\n(section 744 28)\n(section 776 360)\n(section 1136 185)\n(section 1322 30)\n(section 1352 48)\n(section 1400 192)\n(section 1592 240)\n(section 1832 24)\n(section 1856 192)\n(section 2048 420)\n(section 2468 20)\n(section 2488 4)\n(section 2492 60)\n(section 2552 212)\n(section 130472 8)\n(section 130480 8)\n(section 130488 512)\n(section 131000 48)\n(section 131048 104)\n(section 131152 28)\n(section 131184 16)\n(section 0 71)\n(section 0 174)\n(section 0 193)\n(section 0 206)\n(section 0 212)\n(section 0 48)\n(section 0 211)\n(section 0 31)\n(section 0 60)\n(section 0 2784)\n(section 0 734)\n(section 0 371)\n(segment 0 2764 true false true)\n(segment 130472 728 true true false)\n(subarch v8)\n(symbol-chunk 2100 20 2100)\n(symbol-chunk 2048 52 2048)\n(symbol-chunk 2324 144 2324)\n(symbol-value 2100 2100)\n(symbol-value 2128 2128)\n(symbol-value 2176 2176)\n(symbol-value 2240 2240)\n(symbol-value 2320 2320)\n(symbol-value 2468 2468)\n(symbol-value 2048 2048)\n(symbol-value 2324 2324)\n(symbol-value 1832 1832)\n(symbol-value 0 0)\n(system \"\")\n(vendor \"\")\n"), -Attr("abi-name","aarch64-linux-gnu-elf")]), -Sections([Section(".shstrtab", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x60\x14\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x26\x00\x25\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc\x0a\x00\x00\x00\x00\x00\x00\xcc\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\xa8\xfd\x00\x00\x00\x00\x00\x00\xa8\xfd\x01\x00\x00\x00\x00\x00\xa8\xfd\x01\x00\x00\x00\x00\x00\xc4\x02\x00\x00\x00\x00\x00\x00\xd8\x02\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\xb8\xfd\x00\x00\x00\x00\x00\x00\xb8\xfd\x01\x00\x00\x00\x00\x00\xb8\xfd\x01\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00"), -Section(".strtab", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x60\x14\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x26\x00\x25\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc\x0a\x00\x00\x00\x00\x00\x00\xcc\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\xa8\xfd\x00\x00\x00\x00\x00\x00\xa8\xfd\x01\x00\x00\x00\x00\x00\xa8\xfd\x01\x00\x00\x00\x00\x00\xc4\x02\x00\x00\x00\x00\x00\x00\xd8\x02\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\xb8\xfd\x00\x00\x00\x00\x00\x00\xb8\xfd\x01\x00\x00\x00\x00\x00\xb8\xfd\x01\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x50\xe5\x74\x64\x04\x00\x00\x00\xbc\x09\x00\x00\x00\x00\x00\x00\xbc\x09\x00\x00\x00\x00\x00\x00\xbc\x09\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x51\xe5\x74\x64\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x52\xe5\x74\x64\x04\x00\x00\x00\xa8\xfd\x00\x00\x00\x00\x00\x00\xa8\xfd\x01\x00\x00\x00\x00\x00\xa8\xfd\x01\x00\x00\x00\x00\x00\x58\x02\x00\x00\x00\x00\x00\x00\x58\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x2f\x6c\x69\x62\x2f\x6c\x64\x2d\x6c\x69\x6e\x75\x78\x2d\x61\x61\x72\x63\x68\x36\x34\x2e\x73\x6f\x2e\x31\x00\x00\x04\x00\x00\x00\x14\x00\x00\x00\x03\x00\x00\x00\x47\x4e\x55\x00\x8e\x54\x4e\x34\xa5\x36\x3e\xb3\x17\xdc\x78\xe2\xa5\x81\x5c\x16\x52\x55\x80\xef\x04\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x47\x4e\x55\x00\x00\x00\x00\x00\x03\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x0f\x00\x00\x00\x0a\x00\x00\x00\x0e\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x03\x00\x00\x00\x09\x00\x00\x00\x08\x00\x00\x00\x06\x00"), -Section(".debug_str_offsets", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x60\x14\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00"), -Section(".debug_loclists", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00"), -Section(".debug_line_str", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x60\x14\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x26\x00\x25\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc\x0a\x00"), -Section(".debug_addr", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x60\x14\x01\x00\x00\x00\x00\x00"), -Section(".debug_str", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x60\x14\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x26\x00\x25\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc\x0a\x00\x00"), -Section(".debug_line", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x60\x14\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x26\x00\x25\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".debug_abbrev", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x60\x14\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x26\x00\x25\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".debug_info", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x60\x14\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x26\x00\x25\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00"), -Section(".comment", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x60\x14\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x26\x00\x25\x00\x06\x00\x00\x00\x04\x00\x00"), -Section(".interp", 0x238, "\x2f\x6c\x69\x62\x2f\x6c\x64\x2d\x6c\x69\x6e\x75\x78\x2d\x61\x61\x72\x63\x68\x36\x34\x2e\x73\x6f\x2e\x31\x00"), -Section(".note.gnu.build-id", 0x254, "\x04\x00\x00\x00\x14\x00\x00\x00\x03\x00\x00\x00\x47\x4e\x55\x00\x8e\x54\x4e\x34\xa5\x36\x3e\xb3\x17\xdc\x78\xe2\xa5\x81\x5c\x16\x52\x55\x80\xef"), -Section(".note.ABI-tag", 0x278, "\x04\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x47\x4e\x55\x00\x00\x00\x00\x00\x03\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00"), -Section(".hash", 0x298, "\x03\x00\x00\x00\x0f\x00\x00\x00\x0a\x00\x00\x00\x0e\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x03\x00\x00\x00\x09\x00\x00\x00\x08\x00\x00\x00\x06\x00\x00\x00\x0c\x00\x00\x00\x0d\x00\x00\x00"), -Section(".gnu.hash", 0x2E8, "\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".dynsym", 0x308, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x0c\x00\x28\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x18\x00\x50\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x41\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x74\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2b\x00\x00\x00\x22\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3a\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x90\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x48\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9f\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".dynstr", 0x470, "\x00\x70\x75\x74\x73\x00\x66\x72\x65\x65\x00\x73\x74\x72\x6c\x65\x6e\x00\x6d\x61\x6c\x6c\x6f\x63\x00\x5f\x5f\x6c\x69\x62\x63\x5f\x73\x74\x61\x72\x74\x5f\x6d\x61\x69\x6e\x00\x5f\x5f\x63\x78\x61\x5f\x66\x69\x6e\x61\x6c\x69\x7a\x65\x00\x6d\x65\x6d\x73\x65\x74\x00\x6d\x65\x6d\x63\x70\x79\x00\x61\x62\x6f\x72\x74\x00\x6c\x69\x62\x63\x2e\x73\x6f\x2e\x36\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x33\x34\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x31\x37\x00\x2e\x2f\x6c\x69\x62\x00\x5f\x49\x54\x4d\x5f\x64\x65\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00\x5f\x5f\x67\x6d\x6f\x6e\x5f\x73\x74\x61\x72\x74\x5f\x5f\x00\x5f\x49\x54\x4d\x5f\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00"), -Section(".gnu.version", 0x52A, "\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\x03\x00\x01\x00\x02\x00\x02\x00\x02\x00\x01\x00\x02\x00\x02\x00\x02\x00\x01\x00"), -Section(".gnu.version_r", 0x548, "\x01\x00\x02\x00\x4e\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xb4\x91\x96\x06\x00\x00\x03\x00\x58\x00\x00\x00\x10\x00\x00\x00\x97\x91\x96\x06\x00\x00\x02\x00\x63\x00\x00\x00\x00\x00\x00\x00"), -Section(".rela.dyn", 0x578, "\xa8\xfd\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x10\x09\x00\x00\x00\x00\x00\x00\xb0\xfd\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\xc0\x08\x00\x00\x00\x00\x00\x00\xd8\xff\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x14\x09\x00\x00\x00\x00\x00\x00\x58\x00\x02\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x58\x00\x02\x00\x00\x00\x00\x00\xc0\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd0\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".rela.plt", 0x638, "\x00\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x30\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x38\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x48\x00\x02\x00\x00\x00\x00\x00\x02\x04\x00\x00\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".init", 0x728, "\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\x40\x00\x00\x94\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6"), -Section(".plt", 0x740, "\xf0\x7b\xbf\xa9\xf0\x00\x00\xf0\x11\xfe\x47\xf9\x10\xe2\x3f\x91\x20\x02\x1f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x10\x01\x00\x90\x11\x02\x40\xf9\x10\x02\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x06\x40\xf9\x10\x22\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x0a\x40\xf9\x10\x42\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x0e\x40\xf9\x10\x62\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x12\x40\xf9\x10\x82\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x16\x40\xf9\x10\xa2\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x1a\x40\xf9\x10\xc2\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x1e\x40\xf9\x10\xe2\x00\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x22\x40\xf9\x10\x02\x01\x91\x20\x02\x1f\xd6\x10\x01\x00\x90\x11\x26\x40\xf9\x10\x22\x01\x91\x20\x02\x1f\xd6"), -Section(".fini", 0x9A4, "\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6"), -Section(".rodata", 0x9B8, "\x01\x00\x02\x00"), -Section(".eh_frame_hdr", 0x9BC, "\x01\x1b\x03\x3b\x38\x00\x00\x00\x06\x00\x00\x00\x44\xfe\xff\xff\x50\x00\x00\x00\x94\xfe\xff\xff\x64\x00\x00\x00\xc4\xfe\xff\xff\x78\x00\x00\x00\x04\xff\xff\xff\x8c\x00\x00\x00\x54\xff\xff\xff\xb0\x00\x00\x00\x58\xff\xff\xff\xd8\x00\x00\x00"), -Section(".eh_frame", 0x9F8, "\x10\x00\x00\x00\x00\x00\x00\x00\x01\x7a\x52\x00\x04\x78\x1e\x01\x1b\x0c\x1f\x00\x10\x00\x00\x00\x18\x00\x00\x00\xec\xfd\xff\xff\x34\x00\x00\x00\x00\x41\x07\x1e\x10\x00\x00\x00\x2c\x00\x00\x00\x28\xfe\xff\xff\x30\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x40\x00\x00\x00\x44\xfe\xff\xff\x3c\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x54\x00\x00\x00\x70\xfe\xff\xff\x48\x00\x00\x00\x00\x41\x0e\x20\x9d\x04\x9e\x03\x42\x93\x02\x4e\xde\xdd\xd3\x0e\x00\x00\x00\x00\x10\x00\x00\x00\x78\x00\x00\x00\x9c\xfe\xff\xff\x04\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x01\x7a\x52\x00\x01\x7c\x1e\x01\x1b\x0c\x1f\x00\x30\x00\x00\x00\x18\x00\x00\x00\x78\xfe\xff\xff\x90\x00\x00\x00\x00\x44\x0e\x30\x4c\x0c\x1d\x30\x93\x02\x94\x04\x95\x06\x96\x08\x9e\x0a\x9d\x0c\x02\x70\x0c\x1f\x30\x4c\x0e\x00\xd3\xd4\xd5\xd6\xde\xdd\x00\x00\x00\x00\x00\x00"), -Section(".fini_array", 0x1FDB0, "\xc0\x08\x00\x00\x00\x00\x00\x00"), -Section(".dynamic", 0x1FDB8, "\x01\x00\x00\x00\x00\x00\x00\x00\x4e\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x00\x00\x00\x00\x00\x00\x6e\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x28\x07\x00\x00\x00\x00\x00\x00\x0d\x00\x00\x00\x00\x00\x00\x00\xa4\x09\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\xa8\xfd\x01\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00\xb0\xfd\x01\x00\x00\x00\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x98\x02\x00\x00\x00\x00\x00\x00\xf5\xfe\xff\x6f\x00\x00\x00\x00\xe8\x02\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x70\x04\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x08\x03\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\xb9\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\xe8\xff\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xf0\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00\x00\x00\x00\x00\x38\x06\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x78\x05\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\xfb\xff\xff\x6f\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\xfe\xff\xff\x6f\x00\x00\x00\x00\x48\x05\x00\x00\x00\x00\x00\x00\xff\xff\xff\x6f\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\x6f\x00\x00\x00\x00\x2a\x05\x00\x00\x00\x00\x00\x00\xf9\xff\xff\x6f\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".init_array", 0x1FDA8, "\x10\x09\x00\x00\x00\x00\x00\x00"), -Section(".got", 0x1FFB8, "\xb8\xfd\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".got.plt", 0x1FFE8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x07\x00\x00\x00\x00\x00\x00\x40\x07\x00\x00\x00\x00\x00\x00\x40\x07\x00\x00\x00\x00\x00\x00\x40\x07\x00\x00\x00\x00\x00\x00\x40\x07\x00\x00\x00\x00\x00\x00\x40\x07\x00\x00\x00\x00\x00\x00\x40\x07\x00\x00\x00\x00\x00\x00\x40\x07\x00\x00\x00\x00\x00\x00\x40\x07\x00\x00\x00\x00\x00\x00\x40\x07\x00\x00\x00\x00\x00\x00"), -Section(".data", 0x20050, "\x00\x00\x00\x00\x00\x00\x00\x00\x58\x00\x02\x00\x00\x00\x00\x00\x07\x68\x65\x6c\x00\x00\x00\x00\x00\x00\x00\x00"), -Section(".text", 0x800, "\x1f\x20\x03\xd5\x1d\x00\x80\xd2\x1e\x00\x80\xd2\xe5\x03\x00\xaa\xe1\x03\x40\xf9\xe2\x23\x00\x91\xe6\x03\x00\x91\xe0\x00\x00\xf0\x00\xec\x47\xf9\x03\x00\x80\xd2\x04\x00\x80\xd2\xd5\xff\xff\x97\xe8\xff\xff\x97\xe0\x00\x00\xf0\x00\xe8\x47\xf9\x40\x00\x00\xb4\xe0\xff\xff\x17\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x00\x01\x00\x90\x00\xc0\x01\x91\x01\x01\x00\x90\x21\xc0\x01\x91\x3f\x00\x00\xeb\xc0\x00\x00\x54\xe1\x00\x00\xf0\x21\xe0\x47\xf9\x61\x00\x00\xb4\xf0\x03\x01\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x00\x01\x00\x90\x00\xc0\x01\x91\x01\x01\x00\x90\x21\xc0\x01\x91\x21\x00\x00\xcb\x22\xfc\x7f\xd3\x41\x0c\x81\x8b\x21\xfc\x41\x93\xc1\x00\x00\xb4\xe2\x00\x00\xf0\x42\xf0\x47\xf9\x62\x00\x00\xb4\xf0\x03\x02\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\xfd\x7b\xbe\xa9\xfd\x03\x00\x91\xf3\x0b\x00\xf9\x13\x01\x00\x90\x60\xc2\x41\x39\x40\x01\x00\x37\xe0\x00\x00\xf0\x00\xe4\x47\xf9\x80\x00\x00\xb4\x00\x01\x00\x90\x00\x2c\x40\xf9\xa9\xff\xff\x97\xd8\xff\xff\x97\x20\x00\x80\x52\x60\xc2\x01\x39\xf3\x0b\x40\xf9\xfd\x7b\xc2\xa8\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\xdc\xff\xff\x17\xfd\x7b\xbd\xa9\xf6\x57\x01\xa9\xf4\x4f\x02\xa9\xfd\x03\x00\x91\x08\x01\x00\x90\x13\x01\x00\x90\x73\x86\x01\x91\xe0\x03\x13\xaa\x08\x81\x41\x39\x68\x0a\x00\x39\x8d\xff\xff\x97\x14\x04\x00\x91\xe0\x03\x14\xaa\x96\xff\xff\x97\x16\x01\x00\x90\xe1\x03\x13\xaa\xe2\x03\x14\xaa\xf5\x03\x00\xaa\xc0\x3e\x00\xf9\x80\xff\xff\x97\xe0\x03\x15\xaa\x9e\xff\xff\x97\xd3\x3e\x40\xf9\xe0\x03\x13\xaa\x7f\xff\xff\x97\x02\x04\x00\x91\xe0\x03\x13\xaa\xe1\x03\x1f\x2a\x8b\xff\xff\x97\xc0\x3e\x40\xf9\x99\xff\xff\x97\xe0\x03\x1f\x2a\xf4\x4f\x42\xa9\xf6\x57\x41\xa9\xfd\x7b\xc3\xa8\xc0\x03\x5f\xd6")]), -Memmap([Annotation(Region(0x0,0xACB), Attr("segment","02 0 2764")), -Annotation(Region(0x800,0x833), Attr("symbol","_start")), -Annotation(Region(0x0,0x172), Attr("section",".shstrtab")), -Annotation(Region(0x0,0x2DD), Attr("section",".strtab")), -Annotation(Region(0x0,0x3B), Attr("section",".debug_str_offsets")), -Annotation(Region(0x0,0x1E), Attr("section",".debug_loclists")), -Annotation(Region(0x0,0xD2), Attr("section",".debug_line_str")), -Annotation(Region(0x0,0x2F), Attr("section",".debug_addr")), -Annotation(Region(0x0,0xD3), Attr("section",".debug_str")), -Annotation(Region(0x0,0xCD), Attr("section",".debug_line")), -Annotation(Region(0x0,0xC0), Attr("section",".debug_abbrev")), -Annotation(Region(0x0,0xAD), Attr("section",".debug_info")), -Annotation(Region(0x0,0x46), Attr("section",".comment")), -Annotation(Region(0x238,0x252), Attr("section",".interp")), -Annotation(Region(0x254,0x277), Attr("section",".note.gnu.build-id")), -Annotation(Region(0x278,0x297), Attr("section",".note.ABI-tag")), -Annotation(Region(0x298,0x2E7), Attr("section",".hash")), -Annotation(Region(0x2E8,0x303), Attr("section",".gnu.hash")), -Annotation(Region(0x308,0x46F), Attr("section",".dynsym")), -Annotation(Region(0x470,0x528), Attr("section",".dynstr")), -Annotation(Region(0x52A,0x547), Attr("section",".gnu.version")), -Annotation(Region(0x548,0x577), Attr("section",".gnu.version_r")), -Annotation(Region(0x578,0x637), Attr("section",".rela.dyn")), -Annotation(Region(0x638,0x727), Attr("section",".rela.plt")), -Annotation(Region(0x728,0x73F), Attr("section",".init")), -Annotation(Region(0x740,0x7FF), Attr("section",".plt")), -Annotation(Region(0x728,0x73F), Attr("code-region","()")), -Annotation(Region(0x740,0x7FF), Attr("code-region","()")), -Annotation(Region(0x800,0x833), Attr("symbol-info","_start 0x800 52")), -Annotation(Region(0x834,0x847), Attr("symbol","call_weak_fn")), -Annotation(Region(0x834,0x847), Attr("symbol-info","call_weak_fn 0x834 20")), -Annotation(Region(0x914,0x9A3), Attr("symbol","main")), -Annotation(Region(0x914,0x9A3), Attr("symbol-info","main 0x914 144")), -Annotation(Region(0x9A4,0x9B7), Attr("section",".fini")), -Annotation(Region(0x9B8,0x9BB), Attr("section",".rodata")), -Annotation(Region(0x9BC,0x9F7), Attr("section",".eh_frame_hdr")), -Annotation(Region(0x9F8,0xACB), Attr("section",".eh_frame")), -Annotation(Region(0x1FDA8,0x2006B), Attr("segment","03 0x1FDA8 728")), -Annotation(Region(0x1FDB0,0x1FDB7), Attr("section",".fini_array")), -Annotation(Region(0x1FDB8,0x1FFB7), Attr("section",".dynamic")), -Annotation(Region(0x1FDA8,0x1FDAF), Attr("section",".init_array")), -Annotation(Region(0x1FFB8,0x1FFE7), Attr("section",".got")), -Annotation(Region(0x1FFE8,0x2004F), Attr("section",".got.plt")), -Annotation(Region(0x20050,0x2006B), Attr("section",".data")), -Annotation(Region(0x800,0x9A3), Attr("section",".text")), -Annotation(Region(0x800,0x9A3), Attr("code-region","()")), -Annotation(Region(0x9A4,0x9B7), Attr("code-region","()"))]), -Program(Tid(2_128, "%00000850"), Attrs([]), - Subs([Sub(Tid(2_100, "@__cxa_finalize"), Attrs([Attr("address","0x790"), -Attr("stub","()"), Attr("c.proto","signed (*)(void)")]), "__cxa_finalize", - Args([Arg(Tid(2_129, "%00000851"), Attrs([Attr("c.data","Top:u32"), -Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), - Var("__cxa_finalize_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), -Blks([Blk(Tid(1_204, "@__cxa_finalize"), Attrs([Attr("address","0x790")]), - Phis([]), Defs([Def(Tid(1_592, "%00000638"), Attrs([Attr("address","0x790"), -Attr("insn","adrp x16, #131072")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_599, "%0000063f"), Attrs([Attr("address","0x794"), -Attr("insn","ldr x17, [x16, #0x18]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(24,64)),LittleEndian(),64)), -Def(Tid(1_605, "%00000645"), Attrs([Attr("address","0x798"), -Attr("insn","add x16, x16, #0x18")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(24,64)))]), Jmps([Call(Tid(1_610, "%0000064a"), - Attrs([Attr("address","0x79C"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), -Sub(Tid(2_101, "@__do_global_dtors_aux"), Attrs([Attr("address","0x8C0"), -Attr("c.proto","signed (*)(void)")]), "__do_global_dtors_aux", - Args([Arg(Tid(2_130, "%00000852"), Attrs([Attr("c.data","Top:u32"), -Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), - Var("__do_global_dtors_aux_result",Imm(32)), LOW(32,Var("R0",Imm(64))), -Out())]), Blks([Blk(Tid(758, "@__do_global_dtors_aux"), - Attrs([Attr("address","0x8C0")]), Phis([]), Defs([Def(Tid(762, "%000002fa"), - Attrs([Attr("address","0x8C0"), -Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("#3",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(18446744073709551584,64))), -Def(Tid(768, "%00000300"), Attrs([Attr("address","0x8C0"), -Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),Var("#3",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), -Def(Tid(774, "%00000306"), Attrs([Attr("address","0x8C0"), -Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("#3",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), -Def(Tid(778, "%0000030a"), Attrs([Attr("address","0x8C0"), -Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("R31",Imm(64)), -Var("#3",Imm(64))), Def(Tid(784, "%00000310"), - Attrs([Attr("address","0x8C4"), Attr("insn","mov x29, sp")]), - Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(792, "%00000318"), - Attrs([Attr("address","0x8C8"), Attr("insn","str x19, [sp, #0x10]")]), - Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),Var("R19",Imm(64)),LittleEndian(),64)), -Def(Tid(797, "%0000031d"), Attrs([Attr("address","0x8CC"), -Attr("insn","adrp x19, #131072")]), Var("R19",Imm(64)), Int(131072,64)), -Def(Tid(804, "%00000324"), Attrs([Attr("address","0x8D0"), -Attr("insn","ldrb w0, [x19, #0x70]")]), Var("R0",Imm(64)), -UNSIGNED(64,Load(Var("mem",Mem(64,8)),PLUS(Var("R19",Imm(64)),Int(112,64)),LittleEndian(),8)))]), -Jmps([Goto(Tid(810, "%0000032a"), Attrs([Attr("address","0x8D4"), -Attr("insn","tbnz w0, #0x0, #0x28")]), - EQ(Extract(0,0,Var("R0",Imm(64))),Int(1,1)), Direct(Tid(808, "%00000328"))), -Goto(Tid(2_102, "%00000836"), Attrs([]), Int(1,1), -Direct(Tid(1_149, "%0000047d")))])), Blk(Tid(1_149, "%0000047d"), - Attrs([Attr("address","0x8D8")]), Phis([]), -Defs([Def(Tid(1_152, "%00000480"), Attrs([Attr("address","0x8D8"), -Attr("insn","adrp x0, #126976")]), Var("R0",Imm(64)), Int(126976,64)), -Def(Tid(1_159, "%00000487"), Attrs([Attr("address","0x8DC"), -Attr("insn","ldr x0, [x0, #0xfc8]")]), Var("R0",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4040,64)),LittleEndian(),64))]), -Jmps([Goto(Tid(1_165, "%0000048d"), Attrs([Attr("address","0x8E0"), -Attr("insn","cbz x0, #0x10")]), EQ(Var("R0",Imm(64)),Int(0,64)), -Direct(Tid(1_163, "%0000048b"))), Goto(Tid(2_103, "%00000837"), Attrs([]), - Int(1,1), Direct(Tid(1_188, "%000004a4")))])), Blk(Tid(1_188, "%000004a4"), - Attrs([Attr("address","0x8E4")]), Phis([]), -Defs([Def(Tid(1_191, "%000004a7"), Attrs([Attr("address","0x8E4"), -Attr("insn","adrp x0, #131072")]), Var("R0",Imm(64)), Int(131072,64)), -Def(Tid(1_198, "%000004ae"), Attrs([Attr("address","0x8E8"), -Attr("insn","ldr x0, [x0, #0x58]")]), Var("R0",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(88,64)),LittleEndian(),64)), -Def(Tid(1_203, "%000004b3"), Attrs([Attr("address","0x8EC"), -Attr("insn","bl #-0x15c")]), Var("R30",Imm(64)), Int(2288,64))]), -Jmps([Call(Tid(1_206, "%000004b6"), Attrs([Attr("address","0x8EC"), -Attr("insn","bl #-0x15c")]), Int(1,1), -(Direct(Tid(2_100, "@__cxa_finalize")),Direct(Tid(1_163, "%0000048b"))))])), -Blk(Tid(1_163, "%0000048b"), Attrs([Attr("address","0x8F0")]), Phis([]), -Defs([Def(Tid(1_171, "%00000493"), Attrs([Attr("address","0x8F0"), -Attr("insn","bl #-0xa0")]), Var("R30",Imm(64)), Int(2292,64))]), -Jmps([Call(Tid(1_173, "%00000495"), Attrs([Attr("address","0x8F0"), -Attr("insn","bl #-0xa0")]), Int(1,1), -(Direct(Tid(2_114, "@deregister_tm_clones")),Direct(Tid(1_175, "%00000497"))))])), -Blk(Tid(1_175, "%00000497"), Attrs([Attr("address","0x8F4")]), Phis([]), -Defs([Def(Tid(1_178, "%0000049a"), Attrs([Attr("address","0x8F4"), -Attr("insn","mov w0, #0x1")]), Var("R0",Imm(64)), Int(1,64)), -Def(Tid(1_186, "%000004a2"), Attrs([Attr("address","0x8F8"), -Attr("insn","strb w0, [x19, #0x70]")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("R19",Imm(64)),Int(112,64)),Extract(7,0,Var("R0",Imm(64))),LittleEndian(),8))]), -Jmps([Goto(Tid(2_104, "%00000838"), Attrs([]), Int(1,1), -Direct(Tid(808, "%00000328")))])), Blk(Tid(808, "%00000328"), - Attrs([Attr("address","0x8FC")]), Phis([]), Defs([Def(Tid(818, "%00000332"), - Attrs([Attr("address","0x8FC"), Attr("insn","ldr x19, [sp, #0x10]")]), - Var("R19",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),LittleEndian(),64)), -Def(Tid(825, "%00000339"), Attrs([Attr("address","0x900"), -Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R29",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), -Def(Tid(830, "%0000033e"), Attrs([Attr("address","0x900"), -Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R30",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), -Def(Tid(834, "%00000342"), Attrs([Attr("address","0x900"), -Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R31",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(32,64)))]), Jmps([Call(Tid(839, "%00000347"), - Attrs([Attr("address","0x904"), Attr("insn","ret")]), Int(1,1), -(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(2_105, "@__libc_start_main"), - Attrs([Attr("address","0x780"), Attr("stub","()"), -Attr("c.proto","signed (*)(signed (*)(signed , char** , char** );* main, signed , char** , \nvoid* auxv)")]), - "__libc_start_main", Args([Arg(Tid(2_131, "%00000853"), - Attrs([Attr("c.data","Top:u64 ptr ptr"), -Attr("c.layout","**[ : 64]"), -Attr("c.type","signed (*)(signed , char** , char** );*")]), - Var("__libc_start_main_main",Imm(64)), Var("R0",Imm(64)), In()), -Arg(Tid(2_132, "%00000854"), Attrs([Attr("c.data","Top:u32"), -Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), - Var("__libc_start_main_arg2",Imm(32)), LOW(32,Var("R1",Imm(64))), In()), -Arg(Tid(2_133, "%00000855"), Attrs([Attr("c.data","Top:u8 ptr ptr"), -Attr("c.layout","**[char : 8]"), Attr("c.type","char**")]), - Var("__libc_start_main_arg3",Imm(64)), Var("R2",Imm(64)), Both()), -Arg(Tid(2_134, "%00000856"), Attrs([Attr("c.data","{} ptr"), -Attr("c.layout","*[ : 8]"), Attr("c.type","void*")]), - Var("__libc_start_main_auxv",Imm(64)), Var("R3",Imm(64)), Both()), -Arg(Tid(2_135, "%00000857"), Attrs([Attr("c.data","Top:u32"), -Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), - Var("__libc_start_main_result",Imm(32)), LOW(32,Var("R0",Imm(64))), -Out())]), Blks([Blk(Tid(591, "@__libc_start_main"), - Attrs([Attr("address","0x780")]), Phis([]), -Defs([Def(Tid(1_570, "%00000622"), Attrs([Attr("address","0x780"), -Attr("insn","adrp x16, #131072")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_577, "%00000629"), Attrs([Attr("address","0x784"), -Attr("insn","ldr x17, [x16, #0x10]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(16,64)),LittleEndian(),64)), -Def(Tid(1_583, "%0000062f"), Attrs([Attr("address","0x788"), -Attr("insn","add x16, x16, #0x10")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(1_588, "%00000634"), - Attrs([Attr("address","0x78C"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(2_106, "@_fini"), - Attrs([Attr("address","0x9A4"), Attr("c.proto","signed (*)(void)")]), - "_fini", Args([Arg(Tid(2_136, "%00000858"), Attrs([Attr("c.data","Top:u32"), -Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), - Var("_fini_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), -Blks([Blk(Tid(55, "@_fini"), Attrs([Attr("address","0x9A4")]), Phis([]), -Defs([Def(Tid(61, "%0000003d"), Attrs([Attr("address","0x9A8"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("#0",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))), -Def(Tid(67, "%00000043"), Attrs([Attr("address","0x9A8"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),Var("#0",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), -Def(Tid(73, "%00000049"), Attrs([Attr("address","0x9A8"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("#0",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), -Def(Tid(77, "%0000004d"), Attrs([Attr("address","0x9A8"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("R31",Imm(64)), -Var("#0",Imm(64))), Def(Tid(83, "%00000053"), Attrs([Attr("address","0x9AC"), -Attr("insn","mov x29, sp")]), Var("R29",Imm(64)), Var("R31",Imm(64))), -Def(Tid(90, "%0000005a"), Attrs([Attr("address","0x9B0"), -Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R29",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), -Def(Tid(95, "%0000005f"), Attrs([Attr("address","0x9B0"), -Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R30",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), -Def(Tid(99, "%00000063"), Attrs([Attr("address","0x9B0"), -Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R31",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(104, "%00000068"), - Attrs([Attr("address","0x9B4"), Attr("insn","ret")]), Int(1,1), -(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(2_107, "@_init"), - Attrs([Attr("address","0x728"), Attr("c.proto","signed (*)(void)")]), - "_init", Args([Arg(Tid(2_137, "%00000859"), Attrs([Attr("c.data","Top:u32"), -Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), - Var("_init_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), -Blks([Blk(Tid(1_882, "@_init"), Attrs([Attr("address","0x728")]), Phis([]), -Defs([Def(Tid(1_888, "%00000760"), Attrs([Attr("address","0x72C"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("#10",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))), -Def(Tid(1_894, "%00000766"), Attrs([Attr("address","0x72C"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),Var("#10",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), -Def(Tid(1_900, "%0000076c"), Attrs([Attr("address","0x72C"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("#10",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), -Def(Tid(1_904, "%00000770"), Attrs([Attr("address","0x72C"), -Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("R31",Imm(64)), -Var("#10",Imm(64))), Def(Tid(1_910, "%00000776"), - Attrs([Attr("address","0x730"), Attr("insn","mov x29, sp")]), - Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(1_915, "%0000077b"), - Attrs([Attr("address","0x734"), Attr("insn","bl #0x100")]), - Var("R30",Imm(64)), Int(1848,64))]), Jmps([Call(Tid(1_917, "%0000077d"), - Attrs([Attr("address","0x734"), Attr("insn","bl #0x100")]), Int(1,1), -(Direct(Tid(2_112, "@call_weak_fn")),Direct(Tid(1_919, "%0000077f"))))])), -Blk(Tid(1_919, "%0000077f"), Attrs([Attr("address","0x738")]), Phis([]), -Defs([Def(Tid(1_924, "%00000784"), Attrs([Attr("address","0x738"), -Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R29",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), -Def(Tid(1_929, "%00000789"), Attrs([Attr("address","0x738"), -Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R30",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), -Def(Tid(1_933, "%0000078d"), Attrs([Attr("address","0x738"), -Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R31",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(1_938, "%00000792"), - Attrs([Attr("address","0x73C"), Attr("insn","ret")]), Int(1,1), -(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(2_108, "@_start"), - Attrs([Attr("address","0x800"), Attr("stub","()"), Attr("entry-point","()"), -Attr("c.proto","signed (*)(void)")]), "_start", - Args([Arg(Tid(2_138, "%0000085a"), Attrs([Attr("c.data","Top:u32"), -Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), - Var("_start_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), -Blks([Blk(Tid(528, "@_start"), Attrs([Attr("address","0x800")]), Phis([]), -Defs([Def(Tid(533, "%00000215"), Attrs([Attr("address","0x804"), -Attr("insn","mov x29, #0x0")]), Var("R29",Imm(64)), Int(0,64)), -Def(Tid(538, "%0000021a"), Attrs([Attr("address","0x808"), -Attr("insn","mov x30, #0x0")]), Var("R30",Imm(64)), Int(0,64)), -Def(Tid(544, "%00000220"), Attrs([Attr("address","0x80C"), -Attr("insn","mov x5, x0")]), Var("R5",Imm(64)), Var("R0",Imm(64))), -Def(Tid(551, "%00000227"), Attrs([Attr("address","0x810"), -Attr("insn","ldr x1, [sp]")]), Var("R1",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), -Def(Tid(557, "%0000022d"), Attrs([Attr("address","0x814"), -Attr("insn","add x2, sp, #0x8")]), Var("R2",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(8,64))), Def(Tid(563, "%00000233"), - Attrs([Attr("address","0x818"), Attr("insn","mov x6, sp")]), - Var("R6",Imm(64)), Var("R31",Imm(64))), Def(Tid(568, "%00000238"), - Attrs([Attr("address","0x81C"), Attr("insn","adrp x0, #126976")]), - Var("R0",Imm(64)), Int(126976,64)), Def(Tid(575, "%0000023f"), - Attrs([Attr("address","0x820"), Attr("insn","ldr x0, [x0, #0xfd8]")]), - Var("R0",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4056,64)),LittleEndian(),64)), -Def(Tid(580, "%00000244"), Attrs([Attr("address","0x824"), -Attr("insn","mov x3, #0x0")]), Var("R3",Imm(64)), Int(0,64)), -Def(Tid(585, "%00000249"), Attrs([Attr("address","0x828"), -Attr("insn","mov x4, #0x0")]), Var("R4",Imm(64)), Int(0,64)), -Def(Tid(590, "%0000024e"), Attrs([Attr("address","0x82C"), -Attr("insn","bl #-0xac")]), Var("R30",Imm(64)), Int(2096,64))]), -Jmps([Call(Tid(593, "%00000251"), Attrs([Attr("address","0x82C"), -Attr("insn","bl #-0xac")]), Int(1,1), -(Direct(Tid(2_105, "@__libc_start_main")),Direct(Tid(595, "%00000253"))))])), -Blk(Tid(595, "%00000253"), Attrs([Attr("address","0x830")]), Phis([]), -Defs([Def(Tid(598, "%00000256"), Attrs([Attr("address","0x830"), -Attr("insn","bl #-0x60")]), Var("R30",Imm(64)), Int(2100,64))]), -Jmps([Call(Tid(601, "%00000259"), Attrs([Attr("address","0x830"), -Attr("insn","bl #-0x60")]), Int(1,1), -(Direct(Tid(2_111, "@abort")),Direct(Tid(2_109, "%0000083d"))))])), -Blk(Tid(2_109, "%0000083d"), Attrs([]), Phis([]), Defs([]), -Jmps([Call(Tid(2_110, "%0000083e"), Attrs([]), Int(1,1), -(Direct(Tid(2_112, "@call_weak_fn")),))]))])), Sub(Tid(2_111, "@abort"), - Attrs([Attr("address","0x7D0"), Attr("stub","()"), Attr("noreturn","()"), -Attr("c.proto","void (*)(void)")]), "abort", Args([]), -Blks([Blk(Tid(599, "@abort"), Attrs([Attr("address","0x7D0")]), Phis([]), -Defs([Def(Tid(1_680, "%00000690"), Attrs([Attr("address","0x7D0"), -Attr("insn","adrp x16, #131072")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_687, "%00000697"), Attrs([Attr("address","0x7D4"), -Attr("insn","ldr x17, [x16, #0x38]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(56,64)),LittleEndian(),64)), -Def(Tid(1_693, "%0000069d"), Attrs([Attr("address","0x7D8"), -Attr("insn","add x16, x16, #0x38")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(56,64)))]), Jmps([Call(Tid(1_698, "%000006a2"), - Attrs([Attr("address","0x7DC"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(2_112, "@call_weak_fn"), - Attrs([Attr("address","0x834"), Attr("c.proto","signed (*)(void)")]), - "call_weak_fn", Args([Arg(Tid(2_139, "%0000085b"), - Attrs([Attr("c.data","Top:u32"), Attr("c.layout","[signed : 32]"), -Attr("c.type","signed")]), Var("call_weak_fn_result",Imm(32)), -LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(603, "@call_weak_fn"), - Attrs([Attr("address","0x834")]), Phis([]), Defs([Def(Tid(606, "%0000025e"), - Attrs([Attr("address","0x834"), Attr("insn","adrp x0, #126976")]), - Var("R0",Imm(64)), Int(126976,64)), Def(Tid(613, "%00000265"), - Attrs([Attr("address","0x838"), Attr("insn","ldr x0, [x0, #0xfd0]")]), - Var("R0",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4048,64)),LittleEndian(),64))]), -Jmps([Goto(Tid(619, "%0000026b"), Attrs([Attr("address","0x83C"), -Attr("insn","cbz x0, #0x8")]), EQ(Var("R0",Imm(64)),Int(0,64)), -Direct(Tid(617, "%00000269"))), Goto(Tid(2_113, "%00000841"), Attrs([]), - Int(1,1), Direct(Tid(1_268, "%000004f4")))])), Blk(Tid(617, "%00000269"), - Attrs([Attr("address","0x844")]), Phis([]), Defs([]), -Jmps([Call(Tid(625, "%00000271"), Attrs([Attr("address","0x844"), -Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), -Blk(Tid(1_268, "%000004f4"), Attrs([Attr("address","0x840")]), Phis([]), -Defs([]), Jmps([Goto(Tid(1_271, "%000004f7"), Attrs([Attr("address","0x840"), -Attr("insn","b #-0x80")]), Int(1,1), -Direct(Tid(1_269, "@__gmon_start__")))])), Blk(Tid(1_269, "@__gmon_start__"), - Attrs([Attr("address","0x7C0")]), Phis([]), -Defs([Def(Tid(1_658, "%0000067a"), Attrs([Attr("address","0x7C0"), -Attr("insn","adrp x16, #131072")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_665, "%00000681"), Attrs([Attr("address","0x7C4"), -Attr("insn","ldr x17, [x16, #0x30]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(48,64)),LittleEndian(),64)), -Def(Tid(1_671, "%00000687"), Attrs([Attr("address","0x7C8"), -Attr("insn","add x16, x16, #0x30")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(48,64)))]), Jmps([Call(Tid(1_676, "%0000068c"), - Attrs([Attr("address","0x7CC"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), -Sub(Tid(2_114, "@deregister_tm_clones"), Attrs([Attr("address","0x850"), -Attr("c.proto","signed (*)(void)")]), "deregister_tm_clones", - Args([Arg(Tid(2_140, "%0000085c"), Attrs([Attr("c.data","Top:u32"), -Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), - Var("deregister_tm_clones_result",Imm(32)), LOW(32,Var("R0",Imm(64))), -Out())]), Blks([Blk(Tid(631, "@deregister_tm_clones"), - Attrs([Attr("address","0x850")]), Phis([]), Defs([Def(Tid(634, "%0000027a"), - Attrs([Attr("address","0x850"), Attr("insn","adrp x0, #131072")]), - Var("R0",Imm(64)), Int(131072,64)), Def(Tid(640, "%00000280"), - Attrs([Attr("address","0x854"), Attr("insn","add x0, x0, #0x70")]), - Var("R0",Imm(64)), PLUS(Var("R0",Imm(64)),Int(112,64))), -Def(Tid(645, "%00000285"), Attrs([Attr("address","0x858"), -Attr("insn","adrp x1, #131072")]), Var("R1",Imm(64)), Int(131072,64)), -Def(Tid(651, "%0000028b"), Attrs([Attr("address","0x85C"), -Attr("insn","add x1, x1, #0x70")]), Var("R1",Imm(64)), -PLUS(Var("R1",Imm(64)),Int(112,64))), Def(Tid(657, "%00000291"), - Attrs([Attr("address","0x860"), Attr("insn","cmp x1, x0")]), - Var("#1",Imm(64)), NOT(Var("R0",Imm(64)))), Def(Tid(662, "%00000296"), - Attrs([Attr("address","0x860"), Attr("insn","cmp x1, x0")]), - Var("#2",Imm(64)), PLUS(Var("R1",Imm(64)),NOT(Var("R0",Imm(64))))), -Def(Tid(668, "%0000029c"), Attrs([Attr("address","0x860"), -Attr("insn","cmp x1, x0")]), Var("VF",Imm(1)), -NEQ(SIGNED(65,PLUS(Var("#2",Imm(64)),Int(1,64))),PLUS(PLUS(SIGNED(65,Var("R1",Imm(64))),SIGNED(65,Var("#1",Imm(64)))),Int(1,65)))), -Def(Tid(674, "%000002a2"), Attrs([Attr("address","0x860"), -Attr("insn","cmp x1, x0")]), Var("CF",Imm(1)), -NEQ(UNSIGNED(65,PLUS(Var("#2",Imm(64)),Int(1,64))),PLUS(PLUS(UNSIGNED(65,Var("R1",Imm(64))),UNSIGNED(65,Var("#1",Imm(64)))),Int(1,65)))), -Def(Tid(678, "%000002a6"), Attrs([Attr("address","0x860"), -Attr("insn","cmp x1, x0")]), Var("ZF",Imm(1)), -EQ(PLUS(Var("#2",Imm(64)),Int(1,64)),Int(0,64))), Def(Tid(682, "%000002aa"), - Attrs([Attr("address","0x860"), Attr("insn","cmp x1, x0")]), - Var("NF",Imm(1)), Extract(63,63,PLUS(Var("#2",Imm(64)),Int(1,64))))]), -Jmps([Goto(Tid(688, "%000002b0"), Attrs([Attr("address","0x864"), -Attr("insn","b.eq #0x18")]), EQ(Var("ZF",Imm(1)),Int(1,1)), -Direct(Tid(686, "%000002ae"))), Goto(Tid(2_115, "%00000843"), Attrs([]), - Int(1,1), Direct(Tid(1_238, "%000004d6")))])), Blk(Tid(1_238, "%000004d6"), - Attrs([Attr("address","0x868")]), Phis([]), -Defs([Def(Tid(1_241, "%000004d9"), Attrs([Attr("address","0x868"), -Attr("insn","adrp x1, #126976")]), Var("R1",Imm(64)), Int(126976,64)), -Def(Tid(1_248, "%000004e0"), Attrs([Attr("address","0x86C"), -Attr("insn","ldr x1, [x1, #0xfc0]")]), Var("R1",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R1",Imm(64)),Int(4032,64)),LittleEndian(),64))]), -Jmps([Goto(Tid(1_253, "%000004e5"), Attrs([Attr("address","0x870"), -Attr("insn","cbz x1, #0xc")]), EQ(Var("R1",Imm(64)),Int(0,64)), -Direct(Tid(686, "%000002ae"))), Goto(Tid(2_116, "%00000844"), Attrs([]), - Int(1,1), Direct(Tid(1_257, "%000004e9")))])), Blk(Tid(686, "%000002ae"), - Attrs([Attr("address","0x87C")]), Phis([]), Defs([]), -Jmps([Call(Tid(694, "%000002b6"), Attrs([Attr("address","0x87C"), -Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), -Blk(Tid(1_257, "%000004e9"), Attrs([Attr("address","0x874")]), Phis([]), -Defs([Def(Tid(1_261, "%000004ed"), Attrs([Attr("address","0x874"), -Attr("insn","mov x16, x1")]), Var("R16",Imm(64)), Var("R1",Imm(64)))]), -Jmps([Call(Tid(1_266, "%000004f2"), Attrs([Attr("address","0x878"), -Attr("insn","br x16")]), Int(1,1), (Indirect(Var("R16",Imm(64))),))]))])), -Sub(Tid(2_117, "@frame_dummy"), Attrs([Attr("address","0x910"), -Attr("c.proto","signed (*)(void)")]), "frame_dummy", - Args([Arg(Tid(2_141, "%0000085d"), Attrs([Attr("c.data","Top:u32"), -Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), - Var("frame_dummy_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), -Blks([Blk(Tid(845, "@frame_dummy"), Attrs([Attr("address","0x910")]), - Phis([]), Defs([]), Jmps([Call(Tid(847, "%0000034f"), - Attrs([Attr("address","0x910"), Attr("insn","b #-0x90")]), Int(1,1), -(Direct(Tid(2_124, "@register_tm_clones")),))]))])), Sub(Tid(2_118, "@free"), - Attrs([Attr("address","0x7F0"), Attr("stub","()"), -Attr("c.proto","void (*)(void* ptr)")]), "free", - Args([Arg(Tid(2_142, "%0000085e"), Attrs([Attr("c.data","{} ptr"), -Attr("c.layout","*[ : 8]"), Attr("c.type","void*")]), - Var("free_ptr",Imm(64)), Var("R0",Imm(64)), Both())]), -Blks([Blk(Tid(1_087, "@free"), Attrs([Attr("address","0x7F0")]), Phis([]), -Defs([Def(Tid(1_724, "%000006bc"), Attrs([Attr("address","0x7F0"), -Attr("insn","adrp x16, #131072")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_731, "%000006c3"), Attrs([Attr("address","0x7F4"), -Attr("insn","ldr x17, [x16, #0x48]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(72,64)),LittleEndian(),64)), -Def(Tid(1_737, "%000006c9"), Attrs([Attr("address","0x7F8"), -Attr("insn","add x16, x16, #0x48")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(72,64)))]), Jmps([Call(Tid(1_742, "%000006ce"), - Attrs([Attr("address","0x7FC"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(2_119, "@main"), - Attrs([Attr("address","0x914"), -Attr("c.proto","signed (*)(signed argc, const char** argv)")]), "main", - Args([Arg(Tid(2_143, "%0000085f"), Attrs([Attr("c.data","Top:u32"), -Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), - Var("main_argc",Imm(32)), LOW(32,Var("R0",Imm(64))), In()), -Arg(Tid(2_144, "%00000860"), Attrs([Attr("c.data","Top:u8 ptr ptr"), -Attr("c.layout","**[char : 8]"), Attr("c.type"," const char**")]), - Var("main_argv",Imm(64)), Var("R1",Imm(64)), Both()), -Arg(Tid(2_145, "%00000861"), Attrs([Attr("c.data","Top:u32"), -Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), - Var("main_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), -Blks([Blk(Tid(849, "@main"), Attrs([Attr("address","0x914")]), Phis([]), -Defs([Def(Tid(853, "%00000355"), Attrs([Attr("address","0x914"), -Attr("insn","stp x29, x30, [sp, #-0x30]!")]), Var("#4",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(18446744073709551568,64))), -Def(Tid(859, "%0000035b"), Attrs([Attr("address","0x914"), -Attr("insn","stp x29, x30, [sp, #-0x30]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),Var("#4",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), -Def(Tid(865, "%00000361"), Attrs([Attr("address","0x914"), -Attr("insn","stp x29, x30, [sp, #-0x30]!")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("#4",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), -Def(Tid(869, "%00000365"), Attrs([Attr("address","0x914"), -Attr("insn","stp x29, x30, [sp, #-0x30]!")]), Var("R31",Imm(64)), -Var("#4",Imm(64))), Def(Tid(875, "%0000036b"), - Attrs([Attr("address","0x918"), Attr("insn","stp x22, x21, [sp, #0x10]")]), - Var("#5",Imm(64)), PLUS(Var("R31",Imm(64)),Int(16,64))), -Def(Tid(881, "%00000371"), Attrs([Attr("address","0x918"), -Attr("insn","stp x22, x21, [sp, #0x10]")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),Var("#5",Imm(64)),Var("R22",Imm(64)),LittleEndian(),64)), -Def(Tid(887, "%00000377"), Attrs([Attr("address","0x918"), -Attr("insn","stp x22, x21, [sp, #0x10]")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("#5",Imm(64)),Int(8,64)),Var("R21",Imm(64)),LittleEndian(),64)), -Def(Tid(893, "%0000037d"), Attrs([Attr("address","0x91C"), -Attr("insn","stp x20, x19, [sp, #0x20]")]), Var("#6",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(32,64))), Def(Tid(899, "%00000383"), - Attrs([Attr("address","0x91C"), Attr("insn","stp x20, x19, [sp, #0x20]")]), - Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),Var("#6",Imm(64)),Var("R20",Imm(64)),LittleEndian(),64)), -Def(Tid(905, "%00000389"), Attrs([Attr("address","0x91C"), -Attr("insn","stp x20, x19, [sp, #0x20]")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("#6",Imm(64)),Int(8,64)),Var("R19",Imm(64)),LittleEndian(),64)), -Def(Tid(911, "%0000038f"), Attrs([Attr("address","0x920"), -Attr("insn","mov x29, sp")]), Var("R29",Imm(64)), Var("R31",Imm(64))), -Def(Tid(916, "%00000394"), Attrs([Attr("address","0x924"), -Attr("insn","adrp x8, #131072")]), Var("R8",Imm(64)), Int(131072,64)), -Def(Tid(921, "%00000399"), Attrs([Attr("address","0x928"), -Attr("insn","adrp x19, #131072")]), Var("R19",Imm(64)), Int(131072,64)), -Def(Tid(927, "%0000039f"), Attrs([Attr("address","0x92C"), -Attr("insn","add x19, x19, #0x61")]), Var("R19",Imm(64)), -PLUS(Var("R19",Imm(64)),Int(97,64))), Def(Tid(933, "%000003a5"), - Attrs([Attr("address","0x930"), Attr("insn","mov x0, x19")]), - Var("R0",Imm(64)), Var("R19",Imm(64))), Def(Tid(940, "%000003ac"), - Attrs([Attr("address","0x934"), Attr("insn","ldrb w8, [x8, #0x60]")]), - Var("R8",Imm(64)), -UNSIGNED(64,Load(Var("mem",Mem(64,8)),PLUS(Var("R8",Imm(64)),Int(96,64)),LittleEndian(),8))), -Def(Tid(948, "%000003b4"), Attrs([Attr("address","0x938"), -Attr("insn","strb w8, [x19, #0x2]")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("R19",Imm(64)),Int(2,64)),Extract(7,0,Var("R8",Imm(64))),LittleEndian(),8)), -Def(Tid(953, "%000003b9"), Attrs([Attr("address","0x93C"), -Attr("insn","bl #-0x1cc")]), Var("R30",Imm(64)), Int(2368,64))]), -Jmps([Call(Tid(956, "%000003bc"), Attrs([Attr("address","0x93C"), -Attr("insn","bl #-0x1cc")]), Int(1,1), -(Direct(Tid(2_127, "@strlen")),Direct(Tid(958, "%000003be"))))])), -Blk(Tid(958, "%000003be"), Attrs([Attr("address","0x940")]), Phis([]), -Defs([Def(Tid(962, "%000003c2"), Attrs([Attr("address","0x940"), -Attr("insn","add x20, x0, #0x1")]), Var("R20",Imm(64)), -PLUS(Var("R0",Imm(64)),Int(1,64))), Def(Tid(968, "%000003c8"), - Attrs([Attr("address","0x944"), Attr("insn","mov x0, x20")]), - Var("R0",Imm(64)), Var("R20",Imm(64))), Def(Tid(973, "%000003cd"), - Attrs([Attr("address","0x948"), Attr("insn","bl #-0x1a8")]), - Var("R30",Imm(64)), Int(2380,64))]), Jmps([Call(Tid(976, "%000003d0"), - Attrs([Attr("address","0x948"), Attr("insn","bl #-0x1a8")]), Int(1,1), -(Direct(Tid(2_120, "@malloc")),Direct(Tid(978, "%000003d2"))))])), -Blk(Tid(978, "%000003d2"), Attrs([Attr("address","0x94C")]), Phis([]), -Defs([Def(Tid(981, "%000003d5"), Attrs([Attr("address","0x94C"), -Attr("insn","adrp x22, #131072")]), Var("R22",Imm(64)), Int(131072,64)), -Def(Tid(987, "%000003db"), Attrs([Attr("address","0x950"), -Attr("insn","mov x1, x19")]), Var("R1",Imm(64)), Var("R19",Imm(64))), -Def(Tid(993, "%000003e1"), Attrs([Attr("address","0x954"), -Attr("insn","mov x2, x20")]), Var("R2",Imm(64)), Var("R20",Imm(64))), -Def(Tid(999, "%000003e7"), Attrs([Attr("address","0x958"), -Attr("insn","mov x21, x0")]), Var("R21",Imm(64)), Var("R0",Imm(64))), -Def(Tid(1_007, "%000003ef"), Attrs([Attr("address","0x95C"), -Attr("insn","str x0, [x22, #0x78]")]), Var("mem",Mem(64,8)), -Store(Var("mem",Mem(64,8)),PLUS(Var("R22",Imm(64)),Int(120,64)),Var("R0",Imm(64)),LittleEndian(),64)), -Def(Tid(1_012, "%000003f4"), Attrs([Attr("address","0x960"), -Attr("insn","bl #-0x200")]), Var("R30",Imm(64)), Int(2404,64))]), -Jmps([Call(Tid(1_015, "%000003f7"), Attrs([Attr("address","0x960"), -Attr("insn","bl #-0x200")]), Int(1,1), -(Direct(Tid(2_121, "@memcpy")),Direct(Tid(1_017, "%000003f9"))))])), -Blk(Tid(1_017, "%000003f9"), Attrs([Attr("address","0x964")]), Phis([]), -Defs([Def(Tid(1_021, "%000003fd"), Attrs([Attr("address","0x964"), -Attr("insn","mov x0, x21")]), Var("R0",Imm(64)), Var("R21",Imm(64))), -Def(Tid(1_026, "%00000402"), Attrs([Attr("address","0x968"), -Attr("insn","bl #-0x188")]), Var("R30",Imm(64)), Int(2412,64))]), -Jmps([Call(Tid(1_029, "%00000405"), Attrs([Attr("address","0x968"), -Attr("insn","bl #-0x188")]), Int(1,1), -(Direct(Tid(2_123, "@puts")),Direct(Tid(1_031, "%00000407"))))])), -Blk(Tid(1_031, "%00000407"), Attrs([Attr("address","0x96C")]), Phis([]), -Defs([Def(Tid(1_036, "%0000040c"), Attrs([Attr("address","0x96C"), -Attr("insn","ldr x19, [x22, #0x78]")]), Var("R19",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R22",Imm(64)),Int(120,64)),LittleEndian(),64)), -Def(Tid(1_042, "%00000412"), Attrs([Attr("address","0x970"), -Attr("insn","mov x0, x19")]), Var("R0",Imm(64)), Var("R19",Imm(64))), -Def(Tid(1_047, "%00000417"), Attrs([Attr("address","0x974"), -Attr("insn","bl #-0x204")]), Var("R30",Imm(64)), Int(2424,64))]), -Jmps([Call(Tid(1_049, "%00000419"), Attrs([Attr("address","0x974"), -Attr("insn","bl #-0x204")]), Int(1,1), -(Direct(Tid(2_127, "@strlen")),Direct(Tid(1_051, "%0000041b"))))])), -Blk(Tid(1_051, "%0000041b"), Attrs([Attr("address","0x978")]), Phis([]), -Defs([Def(Tid(1_055, "%0000041f"), Attrs([Attr("address","0x978"), -Attr("insn","add x2, x0, #0x1")]), Var("R2",Imm(64)), -PLUS(Var("R0",Imm(64)),Int(1,64))), Def(Tid(1_061, "%00000425"), - Attrs([Attr("address","0x97C"), Attr("insn","mov x0, x19")]), - Var("R0",Imm(64)), Var("R19",Imm(64))), Def(Tid(1_066, "%0000042a"), - Attrs([Attr("address","0x980"), Attr("insn","mov w1, wzr")]), - Var("R1",Imm(64)), Int(0,64)), Def(Tid(1_071, "%0000042f"), - Attrs([Attr("address","0x984"), Attr("insn","bl #-0x1d4")]), - Var("R30",Imm(64)), Int(2440,64))]), Jmps([Call(Tid(1_074, "%00000432"), - Attrs([Attr("address","0x984"), Attr("insn","bl #-0x1d4")]), Int(1,1), -(Direct(Tid(2_122, "@memset")),Direct(Tid(1_076, "%00000434"))))])), -Blk(Tid(1_076, "%00000434"), Attrs([Attr("address","0x988")]), Phis([]), -Defs([Def(Tid(1_081, "%00000439"), Attrs([Attr("address","0x988"), -Attr("insn","ldr x0, [x22, #0x78]")]), Var("R0",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R22",Imm(64)),Int(120,64)),LittleEndian(),64)), -Def(Tid(1_086, "%0000043e"), Attrs([Attr("address","0x98C"), -Attr("insn","bl #-0x19c")]), Var("R30",Imm(64)), Int(2448,64))]), -Jmps([Call(Tid(1_089, "%00000441"), Attrs([Attr("address","0x98C"), -Attr("insn","bl #-0x19c")]), Int(1,1), -(Direct(Tid(2_118, "@free")),Direct(Tid(1_091, "%00000443"))))])), -Blk(Tid(1_091, "%00000443"), Attrs([Attr("address","0x990")]), Phis([]), -Defs([Def(Tid(1_094, "%00000446"), Attrs([Attr("address","0x990"), -Attr("insn","mov w0, wzr")]), Var("R0",Imm(64)), Int(0,64)), -Def(Tid(1_100, "%0000044c"), Attrs([Attr("address","0x994"), -Attr("insn","ldp x20, x19, [sp, #0x20]")]), Var("#7",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(32,64))), Def(Tid(1_105, "%00000451"), - Attrs([Attr("address","0x994"), Attr("insn","ldp x20, x19, [sp, #0x20]")]), - Var("R20",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("#7",Imm(64)),LittleEndian(),64)), -Def(Tid(1_110, "%00000456"), Attrs([Attr("address","0x994"), -Attr("insn","ldp x20, x19, [sp, #0x20]")]), Var("R19",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("#7",Imm(64)),Int(8,64)),LittleEndian(),64)), -Def(Tid(1_116, "%0000045c"), Attrs([Attr("address","0x998"), -Attr("insn","ldp x22, x21, [sp, #0x10]")]), Var("#8",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(16,64))), Def(Tid(1_121, "%00000461"), - Attrs([Attr("address","0x998"), Attr("insn","ldp x22, x21, [sp, #0x10]")]), - Var("R22",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("#8",Imm(64)),LittleEndian(),64)), -Def(Tid(1_126, "%00000466"), Attrs([Attr("address","0x998"), -Attr("insn","ldp x22, x21, [sp, #0x10]")]), Var("R21",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("#8",Imm(64)),Int(8,64)),LittleEndian(),64)), -Def(Tid(1_133, "%0000046d"), Attrs([Attr("address","0x99C"), -Attr("insn","ldp x29, x30, [sp], #0x30")]), Var("R29",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), -Def(Tid(1_138, "%00000472"), Attrs([Attr("address","0x99C"), -Attr("insn","ldp x29, x30, [sp], #0x30")]), Var("R30",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), -Def(Tid(1_142, "%00000476"), Attrs([Attr("address","0x99C"), -Attr("insn","ldp x29, x30, [sp], #0x30")]), Var("R31",Imm(64)), -PLUS(Var("R31",Imm(64)),Int(48,64)))]), Jmps([Call(Tid(1_147, "%0000047b"), - Attrs([Attr("address","0x9A0"), Attr("insn","ret")]), Int(1,1), -(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(2_120, "@malloc"), - Attrs([Attr("address","0x7A0"), Attr("stub","()"), Attr("malloc","()"), -Attr("c.proto","void* (*)(unsigned long size)")]), "malloc", - Args([Arg(Tid(2_146, "%00000862"), Attrs([Attr("alloc-size","()"), -Attr("c.data","Top:u64"), Attr("c.layout","[unsigned long : 64]"), -Attr("c.type","unsigned long")]), Var("malloc_size",Imm(64)), -Var("R0",Imm(64)), In()), Arg(Tid(2_147, "%00000863"), - Attrs([Attr("warn-unused","()"), Attr("c.data","{} ptr"), -Attr("c.layout","*[ : 8]"), Attr("c.type","void*")]), - Var("malloc_result",Imm(64)), Var("R0",Imm(64)), Out())]), -Blks([Blk(Tid(974, "@malloc"), Attrs([Attr("address","0x7A0")]), Phis([]), -Defs([Def(Tid(1_614, "%0000064e"), Attrs([Attr("address","0x7A0"), -Attr("insn","adrp x16, #131072")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_621, "%00000655"), Attrs([Attr("address","0x7A4"), -Attr("insn","ldr x17, [x16, #0x20]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(32,64)),LittleEndian(),64)), -Def(Tid(1_627, "%0000065b"), Attrs([Attr("address","0x7A8"), -Attr("insn","add x16, x16, #0x20")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(32,64)))]), Jmps([Call(Tid(1_632, "%00000660"), - Attrs([Attr("address","0x7AC"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(2_121, "@memcpy"), - Attrs([Attr("address","0x760"), Attr("stub","()"), -Attr("c.proto","void* (*)(void restrict * dst, void restrict * src, unsigned long n)")]), - "memcpy", Args([Arg(Tid(2_148, "%00000864"), Attrs([Attr("nonnull","()"), -Attr("c.data","{} ptr"), Attr("c.layout","*[ : 8]"), -Attr("c.type","void restrict *")]), Var("memcpy_dst",Imm(64)), -Var("R0",Imm(64)), Both()), Arg(Tid(2_149, "%00000865"), - Attrs([Attr("nonnull","()"), Attr("c.data","{} ptr"), -Attr("c.layout","*[ : 8]"), Attr("c.type","void restrict *")]), - Var("memcpy_src",Imm(64)), Var("R1",Imm(64)), Both()), -Arg(Tid(2_150, "%00000866"), Attrs([Attr("c.data","Top:u64"), -Attr("c.layout","[unsigned long : 64]"), Attr("c.type","unsigned long")]), - Var("memcpy_n",Imm(64)), Var("R2",Imm(64)), In()), -Arg(Tid(2_151, "%00000867"), Attrs([Attr("c.data","{} ptr"), -Attr("c.layout","*[ : 8]"), Attr("c.type","void*")]), - Var("memcpy_result",Imm(64)), Var("R0",Imm(64)), Out())]), -Blks([Blk(Tid(1_013, "@memcpy"), Attrs([Attr("address","0x760")]), Phis([]), -Defs([Def(Tid(1_526, "%000005f6"), Attrs([Attr("address","0x760"), -Attr("insn","adrp x16, #131072")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_533, "%000005fd"), Attrs([Attr("address","0x764"), -Attr("insn","ldr x17, [x16]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),Var("R16",Imm(64)),LittleEndian(),64)), -Def(Tid(1_539, "%00000603"), Attrs([Attr("address","0x768"), -Attr("insn","add x16, x16, #0x0")]), Var("R16",Imm(64)), -Var("R16",Imm(64)))]), Jmps([Call(Tid(1_544, "%00000608"), - Attrs([Attr("address","0x76C"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(2_122, "@memset"), - Attrs([Attr("address","0x7B0"), Attr("stub","()"), -Attr("c.proto","void* (*)(void* buf, signed c, unsigned long n)")]), - "memset", Args([Arg(Tid(2_152, "%00000868"), Attrs([Attr("nonnull","()"), -Attr("c.data","{} ptr"), Attr("c.layout","*[ : 8]"), -Attr("c.type","void*")]), Var("memset_buf",Imm(64)), Var("R0",Imm(64)), -Both()), Arg(Tid(2_153, "%00000869"), Attrs([Attr("c.data","Top:u32"), -Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), - Var("memset_c",Imm(32)), LOW(32,Var("R1",Imm(64))), In()), -Arg(Tid(2_154, "%0000086a"), Attrs([Attr("c.data","Top:u64"), -Attr("c.layout","[unsigned long : 64]"), Attr("c.type","unsigned long")]), - Var("memset_n",Imm(64)), Var("R2",Imm(64)), In()), -Arg(Tid(2_155, "%0000086b"), Attrs([Attr("c.data","{} ptr"), -Attr("c.layout","*[ : 8]"), Attr("c.type","void*")]), - Var("memset_result",Imm(64)), Var("R0",Imm(64)), Out())]), -Blks([Blk(Tid(1_072, "@memset"), Attrs([Attr("address","0x7B0")]), Phis([]), -Defs([Def(Tid(1_636, "%00000664"), Attrs([Attr("address","0x7B0"), -Attr("insn","adrp x16, #131072")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_643, "%0000066b"), Attrs([Attr("address","0x7B4"), -Attr("insn","ldr x17, [x16, #0x28]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(40,64)),LittleEndian(),64)), -Def(Tid(1_649, "%00000671"), Attrs([Attr("address","0x7B8"), -Attr("insn","add x16, x16, #0x28")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(40,64)))]), Jmps([Call(Tid(1_654, "%00000676"), - Attrs([Attr("address","0x7BC"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(2_123, "@puts"), - Attrs([Attr("address","0x7E0"), Attr("stub","()"), -Attr("c.proto","signed (*)( const char* s)")]), "puts", - Args([Arg(Tid(2_156, "%0000086c"), Attrs([Attr("c.data","Top:u8 ptr"), -Attr("c.layout","*[char : 8]"), Attr("c.type"," const char*")]), - Var("puts_s",Imm(64)), Var("R0",Imm(64)), In()), -Arg(Tid(2_157, "%0000086d"), Attrs([Attr("c.data","Top:u32"), -Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), - Var("puts_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), -Blks([Blk(Tid(1_027, "@puts"), Attrs([Attr("address","0x7E0")]), Phis([]), -Defs([Def(Tid(1_702, "%000006a6"), Attrs([Attr("address","0x7E0"), -Attr("insn","adrp x16, #131072")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_709, "%000006ad"), Attrs([Attr("address","0x7E4"), -Attr("insn","ldr x17, [x16, #0x40]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(64,64)),LittleEndian(),64)), -Def(Tid(1_715, "%000006b3"), Attrs([Attr("address","0x7E8"), -Attr("insn","add x16, x16, #0x40")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(64,64)))]), Jmps([Call(Tid(1_720, "%000006b8"), - Attrs([Attr("address","0x7EC"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))])), -Sub(Tid(2_124, "@register_tm_clones"), Attrs([Attr("address","0x880"), -Attr("c.proto","signed (*)(void)")]), "register_tm_clones", - Args([Arg(Tid(2_158, "%0000086e"), Attrs([Attr("c.data","Top:u32"), -Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), - Var("register_tm_clones_result",Imm(32)), LOW(32,Var("R0",Imm(64))), -Out())]), Blks([Blk(Tid(696, "@register_tm_clones"), - Attrs([Attr("address","0x880")]), Phis([]), Defs([Def(Tid(699, "%000002bb"), - Attrs([Attr("address","0x880"), Attr("insn","adrp x0, #131072")]), - Var("R0",Imm(64)), Int(131072,64)), Def(Tid(705, "%000002c1"), - Attrs([Attr("address","0x884"), Attr("insn","add x0, x0, #0x70")]), - Var("R0",Imm(64)), PLUS(Var("R0",Imm(64)),Int(112,64))), -Def(Tid(710, "%000002c6"), Attrs([Attr("address","0x888"), -Attr("insn","adrp x1, #131072")]), Var("R1",Imm(64)), Int(131072,64)), -Def(Tid(716, "%000002cc"), Attrs([Attr("address","0x88C"), -Attr("insn","add x1, x1, #0x70")]), Var("R1",Imm(64)), -PLUS(Var("R1",Imm(64)),Int(112,64))), Def(Tid(723, "%000002d3"), - Attrs([Attr("address","0x890"), Attr("insn","sub x1, x1, x0")]), - Var("R1",Imm(64)), -PLUS(PLUS(Var("R1",Imm(64)),NOT(Var("R0",Imm(64)))),Int(1,64))), -Def(Tid(729, "%000002d9"), Attrs([Attr("address","0x894"), -Attr("insn","lsr x2, x1, #63")]), Var("R2",Imm(64)), -Concat(Int(0,63),Extract(63,63,Var("R1",Imm(64))))), -Def(Tid(736, "%000002e0"), Attrs([Attr("address","0x898"), -Attr("insn","add x1, x2, x1, asr #3")]), Var("R1",Imm(64)), -PLUS(Var("R2",Imm(64)),ARSHIFT(Var("R1",Imm(64)),Int(3,3)))), -Def(Tid(742, "%000002e6"), Attrs([Attr("address","0x89C"), -Attr("insn","asr x1, x1, #1")]), Var("R1",Imm(64)), -SIGNED(64,Extract(63,1,Var("R1",Imm(64)))))]), -Jmps([Goto(Tid(748, "%000002ec"), Attrs([Attr("address","0x8A0"), -Attr("insn","cbz x1, #0x18")]), EQ(Var("R1",Imm(64)),Int(0,64)), -Direct(Tid(746, "%000002ea"))), Goto(Tid(2_125, "%0000084d"), Attrs([]), - Int(1,1), Direct(Tid(1_208, "%000004b8")))])), Blk(Tid(1_208, "%000004b8"), - Attrs([Attr("address","0x8A4")]), Phis([]), -Defs([Def(Tid(1_211, "%000004bb"), Attrs([Attr("address","0x8A4"), -Attr("insn","adrp x2, #126976")]), Var("R2",Imm(64)), Int(126976,64)), -Def(Tid(1_218, "%000004c2"), Attrs([Attr("address","0x8A8"), -Attr("insn","ldr x2, [x2, #0xfe0]")]), Var("R2",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R2",Imm(64)),Int(4064,64)),LittleEndian(),64))]), -Jmps([Goto(Tid(1_223, "%000004c7"), Attrs([Attr("address","0x8AC"), -Attr("insn","cbz x2, #0xc")]), EQ(Var("R2",Imm(64)),Int(0,64)), -Direct(Tid(746, "%000002ea"))), Goto(Tid(2_126, "%0000084e"), Attrs([]), - Int(1,1), Direct(Tid(1_227, "%000004cb")))])), Blk(Tid(746, "%000002ea"), - Attrs([Attr("address","0x8B8")]), Phis([]), Defs([]), -Jmps([Call(Tid(754, "%000002f2"), Attrs([Attr("address","0x8B8"), -Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), -Blk(Tid(1_227, "%000004cb"), Attrs([Attr("address","0x8B0")]), Phis([]), -Defs([Def(Tid(1_231, "%000004cf"), Attrs([Attr("address","0x8B0"), -Attr("insn","mov x16, x2")]), Var("R16",Imm(64)), Var("R2",Imm(64)))]), -Jmps([Call(Tid(1_236, "%000004d4"), Attrs([Attr("address","0x8B4"), -Attr("insn","br x16")]), Int(1,1), (Indirect(Var("R16",Imm(64))),))]))])), -Sub(Tid(2_127, "@strlen"), Attrs([Attr("address","0x770"), Attr("pure","()"), -Attr("stub","()"), Attr("c.proto","unsigned long (*)( const char* s)")]), - "strlen", Args([Arg(Tid(2_159, "%0000086f"), Attrs([Attr("nonnull","()"), -Attr("c.data","Top:u8 ptr"), Attr("c.layout","*[char : 8]"), -Attr("c.type"," const char*")]), Var("strlen_s",Imm(64)), Var("R0",Imm(64)), -In()), Arg(Tid(2_160, "%00000870"), Attrs([Attr("c.data","Top:u64"), -Attr("c.layout","[unsigned long : 64]"), Attr("c.type","unsigned long")]), - Var("strlen_result",Imm(64)), Var("R0",Imm(64)), Out())]), -Blks([Blk(Tid(954, "@strlen"), Attrs([Attr("address","0x770")]), Phis([]), -Defs([Def(Tid(1_548, "%0000060c"), Attrs([Attr("address","0x770"), -Attr("insn","adrp x16, #131072")]), Var("R16",Imm(64)), Int(131072,64)), -Def(Tid(1_555, "%00000613"), Attrs([Attr("address","0x774"), -Attr("insn","ldr x17, [x16, #0x8]")]), Var("R17",Imm(64)), -Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(8,64)),LittleEndian(),64)), -Def(Tid(1_561, "%00000619"), Attrs([Attr("address","0x778"), -Attr("insn","add x16, x16, #0x8")]), Var("R16",Imm(64)), -PLUS(Var("R16",Imm(64)),Int(8,64)))]), Jmps([Call(Tid(1_566, "%0000061e"), - Attrs([Attr("address","0x77C"), Attr("insn","br x17")]), Int(1,1), -(Indirect(Var("R17",Imm(64))),))]))]))]))) diff --git a/examples/simplified_http_parse_basic/example.bir b/examples/simplified_http_parse_basic/example.bir deleted file mode 100644 index e559a302f..000000000 --- a/examples/simplified_http_parse_basic/example.bir +++ /dev/null @@ -1,356 +0,0 @@ -00000850: program -00000834: sub __cxa_finalize(__cxa_finalize_result) -00000851: __cxa_finalize_result :: out u32 = low:32[R0] - -000004b4: -00000638: R16 := 0x20000 -0000063f: R17 := mem[R16 + 0x18, el]:u64 -00000645: R16 := R16 + 0x18 -0000064a: call R17 with noreturn - -00000835: sub __do_global_dtors_aux(__do_global_dtors_aux_result) -00000852: __do_global_dtors_aux_result :: out u32 = low:32[R0] - -000002f6: -000002fa: #3 := R31 - 0x20 -00000300: mem := mem with [#3, el]:u64 <- R29 -00000306: mem := mem with [#3 + 8, el]:u64 <- R30 -0000030a: R31 := #3 -00000310: R29 := R31 -00000318: mem := mem with [R31 + 0x10, el]:u64 <- R19 -0000031d: R19 := 0x20000 -00000324: R0 := pad:64[mem[R19 + 0x70]] -0000032a: when 0:0[R0] goto %00000328 -00000836: goto %0000047d - -0000047d: -00000480: R0 := 0x1F000 -00000487: R0 := mem[R0 + 0xFC8, el]:u64 -0000048d: when R0 = 0 goto %0000048b -00000837: goto %000004a4 - -000004a4: -000004a7: R0 := 0x20000 -000004ae: R0 := mem[R0 + 0x58, el]:u64 -000004b3: R30 := 0x8F0 -000004b6: call @__cxa_finalize with return %0000048b - -0000048b: -00000493: R30 := 0x8F4 -00000495: call @deregister_tm_clones with return %00000497 - -00000497: -0000049a: R0 := 1 -000004a2: mem := mem with [R19 + 0x70] <- 7:0[R0] -00000838: goto %00000328 - -00000328: -00000332: R19 := mem[R31 + 0x10, el]:u64 -00000339: R29 := mem[R31, el]:u64 -0000033e: R30 := mem[R31 + 8, el]:u64 -00000342: R31 := R31 + 0x20 -00000347: call R30 with noreturn - -00000839: sub __libc_start_main(__libc_start_main_main, __libc_start_main_arg2, __libc_start_main_arg3, __libc_start_main_auxv, __libc_start_main_result) -00000853: __libc_start_main_main :: in u64 = R0 -00000854: __libc_start_main_arg2 :: in u32 = low:32[R1] -00000855: __libc_start_main_arg3 :: in out u64 = R2 -00000856: __libc_start_main_auxv :: in out u64 = R3 -00000857: __libc_start_main_result :: out u32 = low:32[R0] - -0000024f: -00000622: R16 := 0x20000 -00000629: R17 := mem[R16 + 0x10, el]:u64 -0000062f: R16 := R16 + 0x10 -00000634: call R17 with noreturn - -0000083a: sub _fini(_fini_result) -00000858: _fini_result :: out u32 = low:32[R0] - -00000037: -0000003d: #0 := R31 - 0x10 -00000043: mem := mem with [#0, el]:u64 <- R29 -00000049: mem := mem with [#0 + 8, el]:u64 <- R30 -0000004d: R31 := #0 -00000053: R29 := R31 -0000005a: R29 := mem[R31, el]:u64 -0000005f: R30 := mem[R31 + 8, el]:u64 -00000063: R31 := R31 + 0x10 -00000068: call R30 with noreturn - -0000083b: sub _init(_init_result) -00000859: _init_result :: out u32 = low:32[R0] - -0000075a: -00000760: #10 := R31 - 0x10 -00000766: mem := mem with [#10, el]:u64 <- R29 -0000076c: mem := mem with [#10 + 8, el]:u64 <- R30 -00000770: R31 := #10 -00000776: R29 := R31 -0000077b: R30 := 0x738 -0000077d: call @call_weak_fn with return %0000077f - -0000077f: -00000784: R29 := mem[R31, el]:u64 -00000789: R30 := mem[R31 + 8, el]:u64 -0000078d: R31 := R31 + 0x10 -00000792: call R30 with noreturn - -0000083c: sub _start(_start_result) -0000085a: _start_result :: out u32 = low:32[R0] - -00000210: -00000215: R29 := 0 -0000021a: R30 := 0 -00000220: R5 := R0 -00000227: R1 := mem[R31, el]:u64 -0000022d: R2 := R31 + 8 -00000233: R6 := R31 -00000238: R0 := 0x1F000 -0000023f: R0 := mem[R0 + 0xFD8, el]:u64 -00000244: R3 := 0 -00000249: R4 := 0 -0000024e: R30 := 0x830 -00000251: call @__libc_start_main with return %00000253 - -00000253: -00000256: R30 := 0x834 -00000259: call @abort with return %0000083d - -0000083d: -0000083e: call @call_weak_fn with noreturn - -0000083f: sub abort() - - -00000257: -00000690: R16 := 0x20000 -00000697: R17 := mem[R16 + 0x38, el]:u64 -0000069d: R16 := R16 + 0x38 -000006a2: call R17 with noreturn - -00000840: sub call_weak_fn(call_weak_fn_result) -0000085b: call_weak_fn_result :: out u32 = low:32[R0] - -0000025b: -0000025e: R0 := 0x1F000 -00000265: R0 := mem[R0 + 0xFD0, el]:u64 -0000026b: when R0 = 0 goto %00000269 -00000841: goto %000004f4 - -00000269: -00000271: call R30 with noreturn - -000004f4: -000004f7: goto @__gmon_start__ - -000004f5: -0000067a: R16 := 0x20000 -00000681: R17 := mem[R16 + 0x30, el]:u64 -00000687: R16 := R16 + 0x30 -0000068c: call R17 with noreturn - -00000842: sub deregister_tm_clones(deregister_tm_clones_result) -0000085c: deregister_tm_clones_result :: out u32 = low:32[R0] - -00000277: -0000027a: R0 := 0x20000 -00000280: R0 := R0 + 0x70 -00000285: R1 := 0x20000 -0000028b: R1 := R1 + 0x70 -00000291: #1 := ~R0 -00000296: #2 := R1 + ~R0 -0000029c: VF := extend:65[#2 + 1] <> extend:65[R1] + extend:65[#1] + 1 -000002a2: CF := pad:65[#2 + 1] <> pad:65[R1] + pad:65[#1] + 1 -000002a6: ZF := #2 + 1 = 0 -000002aa: NF := 63:63[#2 + 1] -000002b0: when ZF goto %000002ae -00000843: goto %000004d6 - -000004d6: -000004d9: R1 := 0x1F000 -000004e0: R1 := mem[R1 + 0xFC0, el]:u64 -000004e5: when R1 = 0 goto %000002ae -00000844: goto %000004e9 - -000002ae: -000002b6: call R30 with noreturn - -000004e9: -000004ed: R16 := R1 -000004f2: call R16 with noreturn - -00000845: sub frame_dummy(frame_dummy_result) -0000085d: frame_dummy_result :: out u32 = low:32[R0] - -0000034d: -0000034f: call @register_tm_clones with noreturn - -00000846: sub free(free_ptr) -0000085e: free_ptr :: in out u64 = R0 - -0000043f: -000006bc: R16 := 0x20000 -000006c3: R17 := mem[R16 + 0x48, el]:u64 -000006c9: R16 := R16 + 0x48 -000006ce: call R17 with noreturn - -00000847: sub main(main_argc, main_argv, main_result) -0000085f: main_argc :: in u32 = low:32[R0] -00000860: main_argv :: in out u64 = R1 -00000861: main_result :: out u32 = low:32[R0] - -00000351: -00000355: #4 := R31 - 0x30 -0000035b: mem := mem with [#4, el]:u64 <- R29 -00000361: mem := mem with [#4 + 8, el]:u64 <- R30 -00000365: R31 := #4 -0000036b: #5 := R31 + 0x10 -00000371: mem := mem with [#5, el]:u64 <- R22 -00000377: mem := mem with [#5 + 8, el]:u64 <- R21 -0000037d: #6 := R31 + 0x20 -00000383: mem := mem with [#6, el]:u64 <- R20 -00000389: mem := mem with [#6 + 8, el]:u64 <- R19 -0000038f: R29 := R31 -00000394: R8 := 0x20000 -00000399: R19 := 0x20000 -0000039f: R19 := R19 + 0x61 -000003a5: R0 := R19 -000003ac: R8 := pad:64[mem[R8 + 0x60]] -000003b4: mem := mem with [R19 + 2] <- 7:0[R8] -000003b9: R30 := 0x940 -000003bc: call @strlen with return %000003be - -000003be: -000003c2: R20 := R0 + 1 -000003c8: R0 := R20 -000003cd: R30 := 0x94C -000003d0: call @malloc with return %000003d2 - -000003d2: -000003d5: R22 := 0x20000 -000003db: R1 := R19 -000003e1: R2 := R20 -000003e7: R21 := R0 -000003ef: mem := mem with [R22 + 0x78, el]:u64 <- R0 -000003f4: R30 := 0x964 -000003f7: call @memcpy with return %000003f9 - -000003f9: -000003fd: R0 := R21 -00000402: R30 := 0x96C -00000405: call @puts with return %00000407 - -00000407: -0000040c: R19 := mem[R22 + 0x78, el]:u64 -00000412: R0 := R19 -00000417: R30 := 0x978 -00000419: call @strlen with return %0000041b - -0000041b: -0000041f: R2 := R0 + 1 -00000425: R0 := R19 -0000042a: R1 := 0 -0000042f: R30 := 0x988 -00000432: call @memset with return %00000434 - -00000434: -00000439: R0 := mem[R22 + 0x78, el]:u64 -0000043e: R30 := 0x990 -00000441: call @free with return %00000443 - -00000443: -00000446: R0 := 0 -0000044c: #7 := R31 + 0x20 -00000451: R20 := mem[#7, el]:u64 -00000456: R19 := mem[#7 + 8, el]:u64 -0000045c: #8 := R31 + 0x10 -00000461: R22 := mem[#8, el]:u64 -00000466: R21 := mem[#8 + 8, el]:u64 -0000046d: R29 := mem[R31, el]:u64 -00000472: R30 := mem[R31 + 8, el]:u64 -00000476: R31 := R31 + 0x30 -0000047b: call R30 with noreturn - -00000848: sub malloc(malloc_size, malloc_result) -00000862: malloc_size :: in u64 = R0 -00000863: malloc_result :: out u64 = R0 - -000003ce: -0000064e: R16 := 0x20000 -00000655: R17 := mem[R16 + 0x20, el]:u64 -0000065b: R16 := R16 + 0x20 -00000660: call R17 with noreturn - -00000849: sub memcpy(memcpy_dst, memcpy_src, memcpy_n, memcpy_result) -00000864: memcpy_dst :: in out u64 = R0 -00000865: memcpy_src :: in out u64 = R1 -00000866: memcpy_n :: in u64 = R2 -00000867: memcpy_result :: out u64 = R0 - -000003f5: -000005f6: R16 := 0x20000 -000005fd: R17 := mem[R16, el]:u64 -00000603: R16 := R16 -00000608: call R17 with noreturn - -0000084a: sub memset(memset_buf, memset_c, memset_n, memset_result) -00000868: memset_buf :: in out u64 = R0 -00000869: memset_c :: in u32 = low:32[R1] -0000086a: memset_n :: in u64 = R2 -0000086b: memset_result :: out u64 = R0 - -00000430: -00000664: R16 := 0x20000 -0000066b: R17 := mem[R16 + 0x28, el]:u64 -00000671: R16 := R16 + 0x28 -00000676: call R17 with noreturn - -0000084b: sub puts(puts_s, puts_result) -0000086c: puts_s :: in u64 = R0 -0000086d: puts_result :: out u32 = low:32[R0] - -00000403: -000006a6: R16 := 0x20000 -000006ad: R17 := mem[R16 + 0x40, el]:u64 -000006b3: R16 := R16 + 0x40 -000006b8: call R17 with noreturn - -0000084c: sub register_tm_clones(register_tm_clones_result) -0000086e: register_tm_clones_result :: out u32 = low:32[R0] - -000002b8: -000002bb: R0 := 0x20000 -000002c1: R0 := R0 + 0x70 -000002c6: R1 := 0x20000 -000002cc: R1 := R1 + 0x70 -000002d3: R1 := R1 + ~R0 + 1 -000002d9: R2 := 0.63:63[R1] -000002e0: R1 := R2 + (R1 ~>> 3) -000002e6: R1 := extend:64[63:1[R1]] -000002ec: when R1 = 0 goto %000002ea -0000084d: goto %000004b8 - -000004b8: -000004bb: R2 := 0x1F000 -000004c2: R2 := mem[R2 + 0xFE0, el]:u64 -000004c7: when R2 = 0 goto %000002ea -0000084e: goto %000004cb - -000002ea: -000002f2: call R30 with noreturn - -000004cb: -000004cf: R16 := R2 -000004d4: call R16 with noreturn - -0000084f: sub strlen(strlen_s, strlen_result) -0000086f: strlen_s :: in u64 = R0 -00000870: strlen_result :: out u64 = R0 - -000003ba: -0000060c: R16 := 0x20000 -00000613: R17 := mem[R16 + 8, el]:u64 -00000619: R16 := R16 + 8 -0000061e: call R17 with noreturn - diff --git a/examples/simplified_http_parse_basic/example.bpl b/examples/simplified_http_parse_basic/example.bpl deleted file mode 100644 index f51b5c72a..000000000 --- a/examples/simplified_http_parse_basic/example.bpl +++ /dev/null @@ -1,811 +0,0 @@ -var Gamma_R0: bool; -var Gamma_R1: bool; -var Gamma_R16: bool; -var Gamma_R17: bool; -var Gamma_R19: bool; -var Gamma_R2: bool; -var Gamma_R20: bool; -var Gamma_R21: bool; -var Gamma_R22: bool; -var Gamma_R29: bool; -var Gamma_R30: bool; -var Gamma_R31: bool; -var Gamma_R8: bool; -var Gamma_mem: [bv64]bool; -var Gamma_stack: [bv64]bool; -var R0: bv64; -var R1: bv64; -var R16: bv64; -var R17: bv64; -var R19: bv64; -var R2: bv64; -var R20: bv64; -var R21: bv64; -var R22: bv64; -var R29: bv64; -var R30: bv64; -var R31: bv64; -var R8: bv64; -var mem: [bv64]bv8; -var stack: [bv64]bv8; -const $buf_addr: bv64; -axiom ($buf_addr == 131192bv64); -const $password_addr: bv64; -axiom ($password_addr == 131168bv64); -const $stext_addr: bv64; -axiom ($stext_addr == 131169bv64); -function L(memory: [bv64]bv8, index: bv64) returns (bool) { - false -} - -function {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64); -function {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64); -function {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool); -function {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool); -function gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) { - (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index]))) -} - -function gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) { - (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index]))))))) -} - -function gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool) { - gammaMap[index] -} - -function gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) { - gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value] -} - -function gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) { - gammaMap[index := value] -} - -function memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) { - (memory[bvadd64(index, 7bv64)] ++ (memory[bvadd64(index, 6bv64)] ++ (memory[bvadd64(index, 5bv64)] ++ (memory[bvadd64(index, 4bv64)] ++ (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index]))))))) -} - -function memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8) { - memory[index] -} - -function memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) { - memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]] -} - -function memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) { - memory[index := value[8:0]] -} - -function {:bvbuiltin "zero_extend 56"} zero_extend56_8(bv8) returns (bv64); -procedure rely(); - modifies mem, Gamma_mem; - ensures (mem == old(mem)); - ensures (Gamma_mem == old(Gamma_mem)); - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130472bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130473bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130474bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130476bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130477bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130478bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130480bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130481bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130482bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130483bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130484bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130485bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130486bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); - -procedure rely_transitive() - modifies mem, Gamma_mem; - ensures (mem == old(mem)); - ensures (Gamma_mem == old(Gamma_mem)); -{ - call rely(); - call rely(); -} - -procedure rely_reflexive(); - -procedure guarantee_reflexive(); - modifies mem, Gamma_mem; - -procedure #free(); - modifies Gamma_R16, Gamma_R17, R16, R17; - requires gamma_load8(Gamma_mem, bvadd64(R0, 0bv64)) == true; - requires gamma_load8(Gamma_mem, bvadd64(R0, 1bv64)) == true; - requires gamma_load8(Gamma_mem, bvadd64(R0, 2bv64)) == true; - requires gamma_load8(Gamma_mem, bvadd64(R0, 3bv64)) == true; - free requires (memory_load8_le(mem, 2488bv64) == 1bv8); - free requires (memory_load8_le(mem, 2489bv64) == 0bv8); - free requires (memory_load8_le(mem, 2490bv64) == 2bv8); - free requires (memory_load8_le(mem, 2491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130472bv64) == 16bv8); - free requires (memory_load8_le(mem, 130473bv64) == 9bv8); - free requires (memory_load8_le(mem, 130474bv64) == 0bv8); - free requires (memory_load8_le(mem, 130475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130476bv64) == 0bv8); - free requires (memory_load8_le(mem, 130477bv64) == 0bv8); - free requires (memory_load8_le(mem, 130478bv64) == 0bv8); - free requires (memory_load8_le(mem, 130479bv64) == 0bv8); - free requires (memory_load8_le(mem, 130480bv64) == 192bv8); - free requires (memory_load8_le(mem, 130481bv64) == 8bv8); - free requires (memory_load8_le(mem, 130482bv64) == 0bv8); - free requires (memory_load8_le(mem, 130483bv64) == 0bv8); - free requires (memory_load8_le(mem, 130484bv64) == 0bv8); - free requires (memory_load8_le(mem, 130485bv64) == 0bv8); - free requires (memory_load8_le(mem, 130486bv64) == 0bv8); - free requires (memory_load8_le(mem, 130487bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); - ensures Gamma_R0 == true; - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130472bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130473bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130474bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130476bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130477bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130478bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130480bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130481bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130482bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130483bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130484bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130485bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130486bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); - -procedure main() - modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R19, Gamma_R2, Gamma_R20, Gamma_R21, Gamma_R22, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R19, R2, R20, R21, R22, R29, R30, R31, R8, mem, stack; - requires (gamma_load8(Gamma_mem, $password_addr) == false); - requires gamma_load32(Gamma_mem, memory_load64_le(mem, $stext_addr)); - requires R31 == 100bv64; - free requires (memory_load8_le(mem, 131152bv64) == 0bv8); - free requires (memory_load8_le(mem, 131153bv64) == 0bv8); - free requires (memory_load8_le(mem, 131154bv64) == 0bv8); - free requires (memory_load8_le(mem, 131155bv64) == 0bv8); - free requires (memory_load8_le(mem, 131156bv64) == 0bv8); - free requires (memory_load8_le(mem, 131157bv64) == 0bv8); - free requires (memory_load8_le(mem, 131158bv64) == 0bv8); - free requires (memory_load8_le(mem, 131159bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); - free requires (memory_load8_le(mem, 131168bv64) == 7bv8); - free requires (memory_load8_le(mem, 131169bv64) == 104bv8); - free requires (memory_load8_le(mem, 131170bv64) == 101bv8); - free requires (memory_load8_le(mem, 131171bv64) == 108bv8); - free requires (memory_load8_le(mem, 131172bv64) == 0bv8); - free requires (memory_load8_le(mem, 131173bv64) == 0bv8); - free requires (memory_load8_le(mem, 131174bv64) == 0bv8); - free requires (memory_load8_le(mem, 131175bv64) == 0bv8); - free requires (memory_load8_le(mem, 131176bv64) == 0bv8); - free requires (memory_load8_le(mem, 131177bv64) == 0bv8); - free requires (memory_load8_le(mem, 131178bv64) == 0bv8); - free requires (memory_load8_le(mem, 131179bv64) == 0bv8); - free requires (memory_load8_le(mem, 2488bv64) == 1bv8); - free requires (memory_load8_le(mem, 2489bv64) == 0bv8); - free requires (memory_load8_le(mem, 2490bv64) == 2bv8); - free requires (memory_load8_le(mem, 2491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130472bv64) == 16bv8); - free requires (memory_load8_le(mem, 130473bv64) == 9bv8); - free requires (memory_load8_le(mem, 130474bv64) == 0bv8); - free requires (memory_load8_le(mem, 130475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130476bv64) == 0bv8); - free requires (memory_load8_le(mem, 130477bv64) == 0bv8); - free requires (memory_load8_le(mem, 130478bv64) == 0bv8); - free requires (memory_load8_le(mem, 130479bv64) == 0bv8); - free requires (memory_load8_le(mem, 130480bv64) == 192bv8); - free requires (memory_load8_le(mem, 130481bv64) == 8bv8); - free requires (memory_load8_le(mem, 130482bv64) == 0bv8); - free requires (memory_load8_le(mem, 130483bv64) == 0bv8); - free requires (memory_load8_le(mem, 130484bv64) == 0bv8); - free requires (memory_load8_le(mem, 130485bv64) == 0bv8); - free requires (memory_load8_le(mem, 130486bv64) == 0bv8); - free requires (memory_load8_le(mem, 130487bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); - free ensures (Gamma_R19 == old(Gamma_R19)); - free ensures (Gamma_R20 == old(Gamma_R20)); - free ensures (Gamma_R21 == old(Gamma_R21)); - free ensures (Gamma_R22 == old(Gamma_R22)); - free ensures (Gamma_R29 == old(Gamma_R29)); - free ensures (Gamma_R31 == old(Gamma_R31)); - free ensures (R19 == old(R19)); - free ensures (R20 == old(R20)); - free ensures (R21 == old(R21)); - free ensures (R22 == old(R22)); - free ensures (R29 == old(R29)); - free ensures (R31 == old(R31)); - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130472bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130473bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130474bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130476bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130477bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130478bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130480bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130481bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130482bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130483bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130484bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130485bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130486bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); -{ - var #4: bv64; - var #5: bv64; - var #6: bv64; - var #7: bv64; - var #8: bv64; - var Gamma_#4: bool; - var Gamma_#5: bool; - var Gamma_#6: bool; - var Gamma_#7: bool; - var Gamma_#8: bool; - lmain: - #4, Gamma_#4 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31; - stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29); - stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30); - R31, Gamma_R31 := #4, Gamma_#4; - #5, Gamma_#5 := bvadd64(R31, 16bv64), Gamma_R31; - stack, Gamma_stack := memory_store64_le(stack, #5, R22), gamma_store64(Gamma_stack, #5, Gamma_R22); - stack, Gamma_stack := memory_store64_le(stack, bvadd64(#5, 8bv64), R21), gamma_store64(Gamma_stack, bvadd64(#5, 8bv64), Gamma_R21); - #6, Gamma_#6 := bvadd64(R31, 32bv64), Gamma_R31; - stack, Gamma_stack := memory_store64_le(stack, #6, R20), gamma_store64(Gamma_stack, #6, Gamma_R20); - stack, Gamma_stack := memory_store64_le(stack, bvadd64(#6, 8bv64), R19), gamma_store64(Gamma_stack, bvadd64(#6, 8bv64), Gamma_R19); - R29, Gamma_R29 := R31, Gamma_R31; - R8, Gamma_R8 := 131072bv64, true; - R19, Gamma_R19 := 131072bv64, true; - R19, Gamma_R19 := bvadd64(R19, 97bv64), Gamma_R19; - R0, Gamma_R0 := R19, Gamma_R19; - R8, Gamma_R8 := zero_extend56_8(memory_load8_le(mem, bvadd64(R8, 96bv64))), (gamma_load8(Gamma_mem, bvadd64(R8, 96bv64)) || L(mem, bvadd64(R8, 96bv64))); - call rely(); - assert (L(mem, bvadd64(R19, 2bv64)) ==> Gamma_R8); - mem, Gamma_mem := memory_store8_le(mem, bvadd64(R19, 2bv64), R8[8:0]), gamma_store8(Gamma_mem, bvadd64(R19, 2bv64), Gamma_R8); - R30, Gamma_R30 := 2368bv64, true; - call strlen(); - goto l000003be; - l000003be: - R20, Gamma_R20 := bvadd64(R0, 1bv64), Gamma_R0; - R0, Gamma_R0 := R20, Gamma_R20; - R30, Gamma_R30 := 2380bv64, true; - call malloc(); - goto l000003d2; - l000003d2: - R22, Gamma_R22 := 131072bv64, true; - R1, Gamma_R1 := R19, Gamma_R19; - R2, Gamma_R2 := R20, Gamma_R20; - R21, Gamma_R21 := R0, Gamma_R0; - call rely(); - assert (L(mem, bvadd64(R22, 120bv64)) ==> Gamma_R0); - mem, Gamma_mem := memory_store64_le(mem, bvadd64(R22, 120bv64), R0), gamma_store64(Gamma_mem, bvadd64(R22, 120bv64), Gamma_R0); - R30, Gamma_R30 := 2404bv64, true; - call memcpy(); - goto l000003f9; - l000003f9: - R0, Gamma_R0 := R21, Gamma_R21; - R30, Gamma_R30 := 2412bv64, true; - call puts(); - goto l00000407; - l00000407: - R19, Gamma_R19 := memory_load64_le(mem, bvadd64(R22, 120bv64)), (gamma_load64(Gamma_mem, bvadd64(R22, 120bv64)) || L(mem, bvadd64(R22, 120bv64))); - R0, Gamma_R0 := R19, Gamma_R19; - R30, Gamma_R30 := 2424bv64, true; - call strlen(); - goto l0000041b; - l0000041b: - R2, Gamma_R2 := bvadd64(R0, 1bv64), Gamma_R0; - R0, Gamma_R0 := R19, Gamma_R19; - R1, Gamma_R1 := 0bv64, true; - R30, Gamma_R30 := 2440bv64, true; - call memset(); - goto l00000434; - l00000434: - R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R22, 120bv64)), (gamma_load64(Gamma_mem, bvadd64(R22, 120bv64)) || L(mem, bvadd64(R22, 120bv64))); - R30, Gamma_R30 := 2448bv64, true; - call #free(); - goto l00000443; - l00000443: - R0, Gamma_R0 := 0bv64, true; - #7, Gamma_#7 := bvadd64(R31, 32bv64), Gamma_R31; - R20, Gamma_R20 := memory_load64_le(stack, #7), gamma_load64(Gamma_stack, #7); - R19, Gamma_R19 := memory_load64_le(stack, bvadd64(#7, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#7, 8bv64)); - #8, Gamma_#8 := bvadd64(R31, 16bv64), Gamma_R31; - R22, Gamma_R22 := memory_load64_le(stack, #8), gamma_load64(Gamma_stack, #8); - R21, Gamma_R21 := memory_load64_le(stack, bvadd64(#8, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#8, 8bv64)); - R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31); - R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64)); - R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31; - return; -} - -procedure malloc(); - modifies Gamma_R0, Gamma_R16, Gamma_R17, R0, R16, R17; - free requires (memory_load8_le(mem, 2488bv64) == 1bv8); - free requires (memory_load8_le(mem, 2489bv64) == 0bv8); - free requires (memory_load8_le(mem, 2490bv64) == 2bv8); - free requires (memory_load8_le(mem, 2491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130472bv64) == 16bv8); - free requires (memory_load8_le(mem, 130473bv64) == 9bv8); - free requires (memory_load8_le(mem, 130474bv64) == 0bv8); - free requires (memory_load8_le(mem, 130475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130476bv64) == 0bv8); - free requires (memory_load8_le(mem, 130477bv64) == 0bv8); - free requires (memory_load8_le(mem, 130478bv64) == 0bv8); - free requires (memory_load8_le(mem, 130479bv64) == 0bv8); - free requires (memory_load8_le(mem, 130480bv64) == 192bv8); - free requires (memory_load8_le(mem, 130481bv64) == 8bv8); - free requires (memory_load8_le(mem, 130482bv64) == 0bv8); - free requires (memory_load8_le(mem, 130483bv64) == 0bv8); - free requires (memory_load8_le(mem, 130484bv64) == 0bv8); - free requires (memory_load8_le(mem, 130485bv64) == 0bv8); - free requires (memory_load8_le(mem, 130486bv64) == 0bv8); - free requires (memory_load8_le(mem, 130487bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); - ensures (((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))) && (memory_load8_le(mem, $stext_addr) == old(memory_load8_le(mem, $stext_addr)))); - ensures R0 == 990000000bv64; - ensures Gamma_R0 == true; - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130472bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130473bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130474bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130476bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130477bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130478bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130480bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130481bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130482bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130483bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130484bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130485bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130486bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); - -procedure memcpy(); - modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; - free requires (memory_load8_le(mem, 2488bv64) == 1bv8); - free requires (memory_load8_le(mem, 2489bv64) == 0bv8); - free requires (memory_load8_le(mem, 2490bv64) == 2bv8); - free requires (memory_load8_le(mem, 2491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130472bv64) == 16bv8); - free requires (memory_load8_le(mem, 130473bv64) == 9bv8); - free requires (memory_load8_le(mem, 130474bv64) == 0bv8); - free requires (memory_load8_le(mem, 130475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130476bv64) == 0bv8); - free requires (memory_load8_le(mem, 130477bv64) == 0bv8); - free requires (memory_load8_le(mem, 130478bv64) == 0bv8); - free requires (memory_load8_le(mem, 130479bv64) == 0bv8); - free requires (memory_load8_le(mem, 130480bv64) == 192bv8); - free requires (memory_load8_le(mem, 130481bv64) == 8bv8); - free requires (memory_load8_le(mem, 130482bv64) == 0bv8); - free requires (memory_load8_le(mem, 130483bv64) == 0bv8); - free requires (memory_load8_le(mem, 130484bv64) == 0bv8); - free requires (memory_load8_le(mem, 130485bv64) == 0bv8); - free requires (memory_load8_le(mem, 130486bv64) == 0bv8); - free requires (memory_load8_le(mem, 130487bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); - ensures (((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))) && (memory_load8_le(mem, $stext_addr) == old(memory_load8_le(mem, $stext_addr)))); - ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then gamma_load8(old(Gamma_mem), bvadd64(bvsub64(i, R0), R1)) else old(gamma_load8(Gamma_mem, i)))); - ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then memory_load8_le(old(mem), bvadd64(bvsub64(i, R0), R1)) else old(memory_load8_le(mem, i)))); - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130472bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130473bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130474bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130476bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130477bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130478bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130480bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130481bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130482bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130483bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130484bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130485bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130486bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); - -procedure memset(); - modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; - free requires (memory_load8_le(mem, 2488bv64) == 1bv8); - free requires (memory_load8_le(mem, 2489bv64) == 0bv8); - free requires (memory_load8_le(mem, 2490bv64) == 2bv8); - free requires (memory_load8_le(mem, 2491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130472bv64) == 16bv8); - free requires (memory_load8_le(mem, 130473bv64) == 9bv8); - free requires (memory_load8_le(mem, 130474bv64) == 0bv8); - free requires (memory_load8_le(mem, 130475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130476bv64) == 0bv8); - free requires (memory_load8_le(mem, 130477bv64) == 0bv8); - free requires (memory_load8_le(mem, 130478bv64) == 0bv8); - free requires (memory_load8_le(mem, 130479bv64) == 0bv8); - free requires (memory_load8_le(mem, 130480bv64) == 192bv8); - free requires (memory_load8_le(mem, 130481bv64) == 8bv8); - free requires (memory_load8_le(mem, 130482bv64) == 0bv8); - free requires (memory_load8_le(mem, 130483bv64) == 0bv8); - free requires (memory_load8_le(mem, 130484bv64) == 0bv8); - free requires (memory_load8_le(mem, 130485bv64) == 0bv8); - free requires (memory_load8_le(mem, 130486bv64) == 0bv8); - free requires (memory_load8_le(mem, 130487bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); - ensures (((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))) && (memory_load8_le(mem, $stext_addr) == old(memory_load8_le(mem, $stext_addr)))); - ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then Gamma_R1 else old(Gamma_mem[i]))); - ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i)))); - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130472bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130473bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130474bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130476bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130477bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130478bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130480bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130481bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130482bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130483bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130484bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130485bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130486bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); - -procedure puts(); - modifies Gamma_R16, Gamma_R17, R16, R17; - free requires (memory_load8_le(mem, 2488bv64) == 1bv8); - free requires (memory_load8_le(mem, 2489bv64) == 0bv8); - free requires (memory_load8_le(mem, 2490bv64) == 2bv8); - free requires (memory_load8_le(mem, 2491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130472bv64) == 16bv8); - free requires (memory_load8_le(mem, 130473bv64) == 9bv8); - free requires (memory_load8_le(mem, 130474bv64) == 0bv8); - free requires (memory_load8_le(mem, 130475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130476bv64) == 0bv8); - free requires (memory_load8_le(mem, 130477bv64) == 0bv8); - free requires (memory_load8_le(mem, 130478bv64) == 0bv8); - free requires (memory_load8_le(mem, 130479bv64) == 0bv8); - free requires (memory_load8_le(mem, 130480bv64) == 192bv8); - free requires (memory_load8_le(mem, 130481bv64) == 8bv8); - free requires (memory_load8_le(mem, 130482bv64) == 0bv8); - free requires (memory_load8_le(mem, 130483bv64) == 0bv8); - free requires (memory_load8_le(mem, 130484bv64) == 0bv8); - free requires (memory_load8_le(mem, 130485bv64) == 0bv8); - free requires (memory_load8_le(mem, 130486bv64) == 0bv8); - free requires (memory_load8_le(mem, 130487bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130472bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130473bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130474bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130476bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130477bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130478bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130480bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130481bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130482bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130483bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130484bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130485bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130486bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); - -procedure strlen(); - modifies Gamma_R0, Gamma_R16, Gamma_R17, R0, R16, R17; - requires (memory_load8_le(mem, R0) == 0bv8) || (memory_load8_le(mem, bvadd64(R0, 1bv64)) == 0bv8)|| (memory_load8_le(mem, bvadd64(R0, 2bv64)) == 0bv8)|| (memory_load8_le(mem, bvadd64(R0, 3bv64)) == 0bv8); - free requires (memory_load8_le(mem, 2488bv64) == 1bv8); - free requires (memory_load8_le(mem, 2489bv64) == 0bv8); - free requires (memory_load8_le(mem, 2490bv64) == 2bv8); - free requires (memory_load8_le(mem, 2491bv64) == 0bv8); - free requires (memory_load8_le(mem, 130472bv64) == 16bv8); - free requires (memory_load8_le(mem, 130473bv64) == 9bv8); - free requires (memory_load8_le(mem, 130474bv64) == 0bv8); - free requires (memory_load8_le(mem, 130475bv64) == 0bv8); - free requires (memory_load8_le(mem, 130476bv64) == 0bv8); - free requires (memory_load8_le(mem, 130477bv64) == 0bv8); - free requires (memory_load8_le(mem, 130478bv64) == 0bv8); - free requires (memory_load8_le(mem, 130479bv64) == 0bv8); - free requires (memory_load8_le(mem, 130480bv64) == 192bv8); - free requires (memory_load8_le(mem, 130481bv64) == 8bv8); - free requires (memory_load8_le(mem, 130482bv64) == 0bv8); - free requires (memory_load8_le(mem, 130483bv64) == 0bv8); - free requires (memory_load8_le(mem, 130484bv64) == 0bv8); - free requires (memory_load8_le(mem, 130485bv64) == 0bv8); - free requires (memory_load8_le(mem, 130486bv64) == 0bv8); - free requires (memory_load8_le(mem, 130487bv64) == 0bv8); - free requires (memory_load8_le(mem, 131032bv64) == 20bv8); - free requires (memory_load8_le(mem, 131033bv64) == 9bv8); - free requires (memory_load8_le(mem, 131034bv64) == 0bv8); - free requires (memory_load8_le(mem, 131035bv64) == 0bv8); - free requires (memory_load8_le(mem, 131036bv64) == 0bv8); - free requires (memory_load8_le(mem, 131037bv64) == 0bv8); - free requires (memory_load8_le(mem, 131038bv64) == 0bv8); - free requires (memory_load8_le(mem, 131039bv64) == 0bv8); - free requires (memory_load8_le(mem, 131160bv64) == 88bv8); - free requires (memory_load8_le(mem, 131161bv64) == 0bv8); - free requires (memory_load8_le(mem, 131162bv64) == 2bv8); - free requires (memory_load8_le(mem, 131163bv64) == 0bv8); - free requires (memory_load8_le(mem, 131164bv64) == 0bv8); - free requires (memory_load8_le(mem, 131165bv64) == 0bv8); - free requires (memory_load8_le(mem, 131166bv64) == 0bv8); - free requires (memory_load8_le(mem, 131167bv64) == 0bv8); - ensures (((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))) && (memory_load8_le(mem, $stext_addr) == old(memory_load8_le(mem, $stext_addr)))); - ensures Gamma_R0 == true; - ensures (forall i: bv64 :: (bvule64(old(R0), i)) && (bvult64(i, bvadd64(old(R0), R0))) ==> mem[i] != 0bv8); - ensures (memory_load8_le(mem, bvadd64(old(R0), R0)) == 0bv8); - ensures (bvule64(old(R0), bvadd64(old(R0), R0))); - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130472bv64) == 16bv8); - free ensures (memory_load8_le(mem, 130473bv64) == 9bv8); - free ensures (memory_load8_le(mem, 130474bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130475bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130476bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130477bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130478bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130479bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130480bv64) == 192bv8); - free ensures (memory_load8_le(mem, 130481bv64) == 8bv8); - free ensures (memory_load8_le(mem, 130482bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130483bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130484bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130485bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130486bv64) == 0bv8); - free ensures (memory_load8_le(mem, 130487bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131032bv64) == 20bv8); - free ensures (memory_load8_le(mem, 131033bv64) == 9bv8); - free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); - free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); - free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); - free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); - diff --git a/examples/simplified_http_parse_basic/example.c b/examples/simplified_http_parse_basic/example.c deleted file mode 100644 index c8a695ad6..000000000 --- a/examples/simplified_http_parse_basic/example.c +++ /dev/null @@ -1,36 +0,0 @@ -#include -#include -#include - -#define MALLOC_SIZE 4 -// times out with 64 bit buffer - -// cntlm 22 - -char *buf; -char password = 7; // secret value; has to be a variable so that we get a Gamma_password variable -char stext[11] = "hel"; - - - -int main() { - char *pos = NULL, *dom = NULL; - - - stext[2] = password; - buf = malloc(strlen(stext) + 1); - memcpy(buf, stext, strlen(stext) + 1); // inlined by -O2 - - puts(buf); - - // find the split between username and password ("username:password") - pos = buf + 1; - - // including this makes verification fail - // *pos = 0; - - memset(buf, 0, strlen(buf) + 1); - free(buf); // requires secret[i] == true - -} - diff --git a/examples/simplified_http_parse_basic/example.relf b/examples/simplified_http_parse_basic/example.relf deleted file mode 100644 index be671042a..000000000 --- a/examples/simplified_http_parse_basic/example.relf +++ /dev/null @@ -1,162 +0,0 @@ - -Relocation section '.rela.dyn' at offset 0x578 contains 8 entries: - Offset Info Type Symbol's Value Symbol's Name + Addend -000000000001fda8 0000000000000403 R_AARCH64_RELATIVE 910 -000000000001fdb0 0000000000000403 R_AARCH64_RELATIVE 8c0 -000000000001ffd8 0000000000000403 R_AARCH64_RELATIVE 914 -0000000000020058 0000000000000403 R_AARCH64_RELATIVE 20058 -000000000001ffc0 0000000600000401 R_AARCH64_GLOB_DAT 0000000000000000 _ITM_deregisterTMCloneTable + 0 -000000000001ffc8 0000000700000401 R_AARCH64_GLOB_DAT 0000000000000000 __cxa_finalize@GLIBC_2.17 + 0 -000000000001ffd0 0000000a00000401 R_AARCH64_GLOB_DAT 0000000000000000 __gmon_start__ + 0 -000000000001ffe0 0000000e00000401 R_AARCH64_GLOB_DAT 0000000000000000 _ITM_registerTMCloneTable + 0 - -Relocation section '.rela.plt' at offset 0x638 contains 10 entries: - Offset Info Type Symbol's Value Symbol's Name + Addend -0000000000020000 0000000300000402 R_AARCH64_JUMP_SLOT 0000000000000000 memcpy@GLIBC_2.17 + 0 -0000000000020008 0000000400000402 R_AARCH64_JUMP_SLOT 0000000000000000 strlen@GLIBC_2.17 + 0 -0000000000020010 0000000500000402 R_AARCH64_JUMP_SLOT 0000000000000000 __libc_start_main@GLIBC_2.34 + 0 -0000000000020018 0000000700000402 R_AARCH64_JUMP_SLOT 0000000000000000 __cxa_finalize@GLIBC_2.17 + 0 -0000000000020020 0000000800000402 R_AARCH64_JUMP_SLOT 0000000000000000 malloc@GLIBC_2.17 + 0 -0000000000020028 0000000900000402 R_AARCH64_JUMP_SLOT 0000000000000000 memset@GLIBC_2.17 + 0 -0000000000020030 0000000a00000402 R_AARCH64_JUMP_SLOT 0000000000000000 __gmon_start__ + 0 -0000000000020038 0000000b00000402 R_AARCH64_JUMP_SLOT 0000000000000000 abort@GLIBC_2.17 + 0 -0000000000020040 0000000c00000402 R_AARCH64_JUMP_SLOT 0000000000000000 puts@GLIBC_2.17 + 0 -0000000000020048 0000000d00000402 R_AARCH64_JUMP_SLOT 0000000000000000 free@GLIBC_2.17 + 0 - -Symbol table '.dynsym' contains 15 entries: - Num: Value Size Type Bind Vis Ndx Name - 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND - 1: 0000000000000728 0 SECTION LOCAL DEFAULT 12 .init - 2: 0000000000020050 0 SECTION LOCAL DEFAULT 24 .data - 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND memcpy@GLIBC_2.17 (2) - 4: 0000000000000000 0 FUNC GLOBAL DEFAULT UND strlen@GLIBC_2.17 (2) - 5: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.34 (3) - 6: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable - 7: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.17 (2) - 8: 0000000000000000 0 FUNC GLOBAL DEFAULT UND malloc@GLIBC_2.17 (2) - 9: 0000000000000000 0 FUNC GLOBAL DEFAULT UND memset@GLIBC_2.17 (2) - 10: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ - 11: 0000000000000000 0 FUNC GLOBAL DEFAULT UND abort@GLIBC_2.17 (2) - 12: 0000000000000000 0 FUNC GLOBAL DEFAULT UND puts@GLIBC_2.17 (2) - 13: 0000000000000000 0 FUNC GLOBAL DEFAULT UND free@GLIBC_2.17 (2) - 14: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable - -Symbol table '.symtab' contains 116 entries: - Num: Value Size Type Bind Vis Ndx Name - 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND - 1: 0000000000000238 0 SECTION LOCAL DEFAULT 1 .interp - 2: 0000000000000254 0 SECTION LOCAL DEFAULT 2 .note.gnu.build-id - 3: 0000000000000278 0 SECTION LOCAL DEFAULT 3 .note.ABI-tag - 4: 0000000000000298 0 SECTION LOCAL DEFAULT 4 .hash - 5: 00000000000002e8 0 SECTION LOCAL DEFAULT 5 .gnu.hash - 6: 0000000000000308 0 SECTION LOCAL DEFAULT 6 .dynsym - 7: 0000000000000470 0 SECTION LOCAL DEFAULT 7 .dynstr - 8: 000000000000052a 0 SECTION LOCAL DEFAULT 8 .gnu.version - 9: 0000000000000548 0 SECTION LOCAL DEFAULT 9 .gnu.version_r - 10: 0000000000000578 0 SECTION LOCAL DEFAULT 10 .rela.dyn - 11: 0000000000000638 0 SECTION LOCAL DEFAULT 11 .rela.plt - 12: 0000000000000728 0 SECTION LOCAL DEFAULT 12 .init - 13: 0000000000000740 0 SECTION LOCAL DEFAULT 13 .plt - 14: 0000000000000800 0 SECTION LOCAL DEFAULT 14 .text - 15: 00000000000009a4 0 SECTION LOCAL DEFAULT 15 .fini - 16: 00000000000009b8 0 SECTION LOCAL DEFAULT 16 .rodata - 17: 00000000000009bc 0 SECTION LOCAL DEFAULT 17 .eh_frame_hdr - 18: 00000000000009f8 0 SECTION LOCAL DEFAULT 18 .eh_frame - 19: 000000000001fda8 0 SECTION LOCAL DEFAULT 19 .init_array - 20: 000000000001fdb0 0 SECTION LOCAL DEFAULT 20 .fini_array - 21: 000000000001fdb8 0 SECTION LOCAL DEFAULT 21 .dynamic - 22: 000000000001ffb8 0 SECTION LOCAL DEFAULT 22 .got - 23: 000000000001ffe8 0 SECTION LOCAL DEFAULT 23 .got.plt - 24: 0000000000020050 0 SECTION LOCAL DEFAULT 24 .data - 25: 0000000000020070 0 SECTION LOCAL DEFAULT 25 .bss - 26: 0000000000000000 0 SECTION LOCAL DEFAULT 26 .comment - 27: 0000000000000000 0 SECTION LOCAL DEFAULT 27 .debug_info - 28: 0000000000000000 0 SECTION LOCAL DEFAULT 28 .debug_abbrev - 29: 0000000000000000 0 SECTION LOCAL DEFAULT 29 .debug_line - 30: 0000000000000000 0 SECTION LOCAL DEFAULT 30 .debug_str - 31: 0000000000000000 0 SECTION LOCAL DEFAULT 31 .debug_addr - 32: 0000000000000000 0 SECTION LOCAL DEFAULT 32 .debug_line_str - 33: 0000000000000000 0 SECTION LOCAL DEFAULT 33 .debug_loclists - 34: 0000000000000000 0 SECTION LOCAL DEFAULT 34 .debug_str_offsets - 35: 0000000000000000 0 FILE LOCAL DEFAULT ABS Scrt1.o - 36: 0000000000000278 0 NOTYPE LOCAL DEFAULT 3 $d - 37: 0000000000000278 32 OBJECT LOCAL DEFAULT 3 __abi_tag - 38: 0000000000000800 0 NOTYPE LOCAL DEFAULT 14 $x - 39: 0000000000000a0c 0 NOTYPE LOCAL DEFAULT 18 $d - 40: 00000000000009b8 0 NOTYPE LOCAL DEFAULT 16 $d - 41: 0000000000000000 0 FILE LOCAL DEFAULT ABS crti.o - 42: 0000000000000834 0 NOTYPE LOCAL DEFAULT 14 $x - 43: 0000000000000834 20 FUNC LOCAL DEFAULT 14 call_weak_fn - 44: 0000000000000728 0 NOTYPE LOCAL DEFAULT 12 $x - 45: 00000000000009a4 0 NOTYPE LOCAL DEFAULT 15 $x - 46: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtn.o - 47: 0000000000000738 0 NOTYPE LOCAL DEFAULT 12 $x - 48: 00000000000009b0 0 NOTYPE LOCAL DEFAULT 15 $x - 49: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c - 50: 0000000000000850 0 NOTYPE LOCAL DEFAULT 14 $x - 51: 0000000000000850 0 FUNC LOCAL DEFAULT 14 deregister_tm_clones - 52: 0000000000000880 0 FUNC LOCAL DEFAULT 14 register_tm_clones - 53: 0000000000020058 0 NOTYPE LOCAL DEFAULT 24 $d - 54: 00000000000008c0 0 FUNC LOCAL DEFAULT 14 __do_global_dtors_aux - 55: 0000000000020070 1 OBJECT LOCAL DEFAULT 25 completed.0 - 56: 000000000001fdb0 0 NOTYPE LOCAL DEFAULT 20 $d - 57: 000000000001fdb0 0 OBJECT LOCAL DEFAULT 20 __do_global_dtors_aux_fini_array_entry - 58: 0000000000000910 0 FUNC LOCAL DEFAULT 14 frame_dummy - 59: 000000000001fda8 0 NOTYPE LOCAL DEFAULT 19 $d - 60: 000000000001fda8 0 OBJECT LOCAL DEFAULT 19 __frame_dummy_init_array_entry - 61: 0000000000000a20 0 NOTYPE LOCAL DEFAULT 18 $d - 62: 0000000000020070 0 NOTYPE LOCAL DEFAULT 25 $d - 63: 0000000000000000 0 FILE LOCAL DEFAULT ABS example.c - 64: 0000000000000914 0 NOTYPE LOCAL DEFAULT 14 $x.0 - 65: 0000000000020060 0 NOTYPE LOCAL DEFAULT 24 $d.1 - 66: 0000000000020078 0 NOTYPE LOCAL DEFAULT 25 $d.2 - 67: 0000000000000000 0 NOTYPE LOCAL DEFAULT 33 $d.3 - 68: 0000000000000000 0 NOTYPE LOCAL DEFAULT 28 $d.4 - 69: 0000000000000000 0 NOTYPE LOCAL DEFAULT 27 $d.5 - 70: 0000000000000000 0 NOTYPE LOCAL DEFAULT 34 $d.6 - 71: 0000000000000000 0 NOTYPE LOCAL DEFAULT 30 $d.7 - 72: 0000000000000000 0 NOTYPE LOCAL DEFAULT 31 $d.8 - 73: 000000000000002a 0 NOTYPE LOCAL DEFAULT 26 $d.9 - 74: 0000000000000a80 0 NOTYPE LOCAL DEFAULT 18 $d.10 - 75: 0000000000000000 0 NOTYPE LOCAL DEFAULT 29 $d.11 - 76: 0000000000000000 0 NOTYPE LOCAL DEFAULT 32 $d.12 - 77: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c - 78: 0000000000000ac8 0 NOTYPE LOCAL DEFAULT 18 $d - 79: 0000000000000ac8 0 OBJECT LOCAL DEFAULT 18 __FRAME_END__ - 80: 0000000000000000 0 FILE LOCAL DEFAULT ABS - 81: 000000000001fdb8 0 OBJECT LOCAL DEFAULT ABS _DYNAMIC - 82: 00000000000009bc 0 NOTYPE LOCAL DEFAULT 17 __GNU_EH_FRAME_HDR - 83: 000000000001ffb8 0 OBJECT LOCAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_ - 84: 0000000000000740 0 NOTYPE LOCAL DEFAULT 13 $x - 85: 0000000000000000 0 FUNC GLOBAL DEFAULT UND memcpy@GLIBC_2.17 - 86: 0000000000000000 0 FUNC GLOBAL DEFAULT UND strlen@GLIBC_2.17 - 87: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.34 - 88: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable - 89: 0000000000020050 0 NOTYPE WEAK DEFAULT 24 data_start - 90: 000000000002006c 0 NOTYPE GLOBAL DEFAULT 25 __bss_start__ - 91: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.17 - 92: 0000000000020080 0 NOTYPE GLOBAL DEFAULT 25 _bss_end__ - 93: 000000000002006c 0 NOTYPE GLOBAL DEFAULT 24 _edata - 94: 00000000000009a4 0 FUNC GLOBAL HIDDEN 15 _fini - 95: 0000000000020080 0 NOTYPE GLOBAL DEFAULT 25 __bss_end__ - 96: 0000000000000000 0 FUNC GLOBAL DEFAULT UND malloc@GLIBC_2.17 - 97: 0000000000000000 0 FUNC GLOBAL DEFAULT UND memset@GLIBC_2.17 - 98: 0000000000020060 1 OBJECT GLOBAL DEFAULT 24 password - 99: 0000000000020050 0 NOTYPE GLOBAL DEFAULT 24 __data_start - 100: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ - 101: 0000000000020058 0 OBJECT GLOBAL HIDDEN 24 __dso_handle - 102: 0000000000000000 0 FUNC GLOBAL DEFAULT UND abort@GLIBC_2.17 - 103: 00000000000009b8 4 OBJECT GLOBAL DEFAULT 16 _IO_stdin_used - 104: 0000000000000000 0 FUNC GLOBAL DEFAULT UND puts@GLIBC_2.17 - 105: 0000000000020080 0 NOTYPE GLOBAL DEFAULT 25 _end - 106: 0000000000000000 0 FUNC GLOBAL DEFAULT UND free@GLIBC_2.17 - 107: 0000000000000800 52 FUNC GLOBAL DEFAULT 14 _start - 108: 0000000000020078 8 OBJECT GLOBAL DEFAULT 25 buf - 109: 0000000000020080 0 NOTYPE GLOBAL DEFAULT 25 __end__ - 110: 0000000000020061 11 OBJECT GLOBAL DEFAULT 24 stext - 111: 000000000002006c 0 NOTYPE GLOBAL DEFAULT 25 __bss_start - 112: 0000000000000914 144 FUNC GLOBAL DEFAULT 14 main - 113: 0000000000020070 0 OBJECT GLOBAL HIDDEN 24 __TMC_END__ - 114: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable - 115: 0000000000000728 0 FUNC GLOBAL HIDDEN 12 _init - diff --git a/examples/simplified_http_parse_basic/example.spec b/examples/simplified_http_parse_basic/example.spec deleted file mode 100644 index bd505ed0d..000000000 --- a/examples/simplified_http_parse_basic/example.spec +++ /dev/null @@ -1,53 +0,0 @@ -Globals: -password: char -buf: long -stext: char[11] - - -DIRECT functions: gamma_load64, gamma_load8, memory_load8_le, bvult64, bvule64, bvsub64, gamma_load32 - - -Subroutine: #free - Requires DIRECT: "gamma_load8(Gamma_mem, bvadd64(R0, 0bv64)) == true" - Requires DIRECT: "gamma_load8(Gamma_mem, bvadd64(R0, 1bv64)) == true" - Requires DIRECT: "gamma_load8(Gamma_mem, bvadd64(R0, 2bv64)) == true" - Requires DIRECT: "gamma_load8(Gamma_mem, bvadd64(R0, 3bv64)) == true" - Ensures DIRECT: "Gamma_R0 == true" - - -Subroutine: main -Requires: Gamma_password == false -Requires DIRECT: "gamma_load32(Gamma_mem, memory_load64_le(mem, $stext_addr))" -Requires DIRECT: "R31 == 100bv64" - -Subroutine: malloc -Modifies: R0 -Ensures: buf == old(buf) && password == old(password) && stext==old(stext) -// modifies R0, Gamma_R0; -Ensures DIRECT: "R0 == 990000000bv64" -Ensures DIRECT: "Gamma_R0 == true" - - -Subroutine: memcpy - Modifies: mem - Ensures: buf == old(buf) && password == old(password) && stext==old(stext) - Ensures DIRECT: "(forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then gamma_load8(old(Gamma_mem), bvadd64(bvsub64(i, R0), R1)) else old(gamma_load8(Gamma_mem, i))))" - Ensures DIRECT: "(forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then memory_load8_le(old(mem), bvadd64(bvsub64(i, R0), R1)) else old(memory_load8_le(mem, i))))" - -// forall i <= n, Gamma_mem[R0] low -Subroutine: memset - Modifies: mem - Ensures: buf == old(buf) && password == old(password) && stext==old(stext) - Ensures DIRECT: "(forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then Gamma_R1 else old(Gamma_mem[i])))" - Ensures DIRECT: "(forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i))))" - - -Subroutine: strlen - Modifies: R0 - Requires DIRECT: "(memory_load8_le(mem, R0) == 0bv8) || (memory_load8_le(mem, bvadd64(R0, 1bv64)) == 0bv8)|| (memory_load8_le(mem, bvadd64(R0, 2bv64)) == 0bv8)|| (memory_load8_le(mem, bvadd64(R0, 3bv64)) == 0bv8)" - Ensures: buf == old(buf) && password == old(password) && stext==old(stext) - Ensures DIRECT: "Gamma_R0 == true" - Ensures DIRECT: "(forall i: bv64 :: (bvule64(old(R0), i)) && (bvult64(i, bvadd64(old(R0), R0))) ==> mem[i] != 0bv8)" - Ensures DIRECT: "(memory_load8_le(mem, bvadd64(old(R0), R0)) == 0bv8)" - Ensures DIRECT: "(bvule64(old(R0), bvadd64(old(R0), R0)))" - diff --git a/examples/simplified_http_parse_basic/malloc.md b/examples/simplified_http_parse_basic/malloc.md deleted file mode 100644 index 6d62aedb8..000000000 --- a/examples/simplified_http_parse_basic/malloc.md +++ /dev/null @@ -1,26 +0,0 @@ - -This has been tested with minimal examples - -Allocator gives a new pointer to a region disjoint from all other regions on each call. - -Todo: Representation compatible with reusing allocated regions that have been freed. - -```bpl -var malloc_count: int; -var malloc_base: [int]bv64; -var malloc_end: [int]bv64; - -procedure malloc(); -modifies mem, Gamma_mem, malloc_count, malloc_base, malloc_end, R0, Gamma_R0; -requires Gamma_R0 == true; -ensures Gamma_R0 == true; -ensures malloc_count == old(malloc_count) + 1; -ensures bvuge64(malloc_end[malloc_count], malloc_base[malloc_count]); -ensures R0 == malloc_base[malloc_count]; -ensures malloc_end[malloc_count] == bvadd64(R0, old(R0)); -ensures (forall i: int :: i != malloc_count ==> bvugt64(malloc_base[malloc_count], malloc_end[i]) || bvult64(malloc_end[malloc_count], malloc_base[i])); -ensures (forall i: int :: i != malloc_count ==> malloc_base[i] == old(malloc_base[i]) && malloc_end[i] == old(malloc_end[i])); -ensures bvuge64(R0, 100000000bv64); // above the got -``` - - diff --git a/examples/simplified_http_parse_basic/string-specs.md b/examples/simplified_http_parse_basic/string-specs.md deleted file mode 100644 index 0fdea8641..000000000 --- a/examples/simplified_http_parse_basic/string-specs.md +++ /dev/null @@ -1,84 +0,0 @@ -We want general specs for standard library functions and with this example -we made some progress on that front. - -Generalising specifications often requires quantification to summarise loops, -and this requires dealing with the challenges of triggers. - -### Triggers - -In short quantifications are not instantiated in Z3 unless they are 'triggered' -by some existing facts pattern-matching against a chosen subexpression of the -quantification. Normally boogie and Z3 try to choose triggers, but can -struggle if the quantification is not in a "nice" form. Without a good trigger -Z3 responds as if the quantification does not exist, appearing to give "incorrect" -counterexamples. - -In short quantifications which have simple sub-expressions in the left-hand-side -(i.e. the facts we begin with and try to deduce from) to trigger instantiation on -work better. - -Quantification instantiation can also be less reliable when you would -want to trigger on expressions hidden behind a function call, -so it is more reliable to write `mem[i]` than `memory_load8_le(mem, i)`. - - -For example, for the `memset` function the following **does** work: - -```bpl -procedure memset(); - modifies mem, Gamma_mem; - ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then Gamma_R1 else old(Gamma_mem[i]))); - // Works - //ensures (forall i: bv64 :: {mem[i]} (memory_load8_le(mem, i) == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i)))); - // Faster - ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i)))); - // Does not verify - // ensures (forall i: bv64 :: (memory_load8_le(mem, i) == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i)))); -``` - -Similarly for `memcpy` - - -```bpl -procedure memcpy(); - modifies mem, Gamma_mem; - // Works - //ensures (forall i: bv64 :: {mem[i]} (memory_load8_le(mem, i) == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then memory_load8_le(old(mem), bvadd64(bvsub64(i, R0), R1)) else old(memory_load8_le(mem, i)))); - // Faster - ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then memory_load8_le(old(mem), bvadd64(bvsub64(i, R0), R1)) else old(memory_load8_le(mem, i)))); - // Does not verify - // ensures (forall i: bv64 :: (memory_load8_le(mem, i) == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then memory_load8_le(old(mem), bvadd64(bvsub64(i, R0), R1)) else old(memory_load8_le(mem, i)))); -``` - -(Thank you to Nick for these examples) - -Similarly `strlen()` works in this form, - -```bpl -procedure strlen(); - modifies R0, Gamma_R0; - ensures Gamma_R0 == true; - ensures (forall i: bv64 :: (bvule64(old(R0), i)) && (bvult64(i, bvadd64(old(R0), R0))) ==> mem[i] != 0bv8); - ensures (memory_load8_le(mem, bvadd64(old(R0), R0)) == 0bv8); - ensures (bvule64(old(R0), bvadd64(old(R0), R0))); -``` - -But **does not** work when we do the address calculation in the memory access rather than the quantification bound. - -```bpl -procedure strlen(); - // does not work - modifies R0, Gamma_R0; - ensures Gamma_R0 == true; - ensures (forall i: bv64 :: (bvule64(0bv64, i)) && (bvult64(i, R0)) ==> mem[bvadd64(old(R0), i)] != 0bv8); - ensures (memory_load8_le(mem, bvadd64(old(R0), R0)) == 0bv8); - ensures (bvule64(old(R0), bvadd64(old(R0), R0))); -``` - -### Dafny inferred triggers - -Dafny can also infer triggers, which may be worth comparing. To get Dafny to emit its -generated boogie code run it with `dafny -print:a.bpl b.dfy`. - -- https://leino.science/papers/krml253.pdf -- https://github.com/dafny-lang/dafny/wiki/FAQ#how-does-dafny-handle-quantifiers-ive-heard-about-triggers-what-are-those diff --git a/src/test/correct/malloc_memcpy_strlen_memset_free/clang_O2/malloc_memcpy_strlen_memset_free.expected b/src/test/correct/malloc_memcpy_strlen_memset_free/clang_O2/malloc_memcpy_strlen_memset_free.expected new file mode 100644 index 000000000..b55cad018 --- /dev/null +++ b/src/test/correct/malloc_memcpy_strlen_memset_free/clang_O2/malloc_memcpy_strlen_memset_free.expected @@ -0,0 +1,812 @@ +var {:extern} Gamma_R0: bool; +var {:extern} Gamma_R1: bool; +var {:extern} Gamma_R16: bool; +var {:extern} Gamma_R17: bool; +var {:extern} Gamma_R19: bool; +var {:extern} Gamma_R2: bool; +var {:extern} Gamma_R20: bool; +var {:extern} Gamma_R21: bool; +var {:extern} Gamma_R29: bool; +var {:extern} Gamma_R30: bool; +var {:extern} Gamma_R31: bool; +var {:extern} Gamma_malloc_base: [bv64]bool; +var {:extern} Gamma_malloc_count: [bv64]bool; +var {:extern} Gamma_malloc_end: [bv64]bool; +var {:extern} Gamma_mem: [bv64]bool; +var {:extern} Gamma_stack: [bv64]bool; +var {:extern} R0: bv64; +var {:extern} R1: bv64; +var {:extern} R16: bv64; +var {:extern} R17: bv64; +var {:extern} R19: bv64; +var {:extern} R2: bv64; +var {:extern} R20: bv64; +var {:extern} R21: bv64; +var {:extern} R29: bv64; +var {:extern} R30: bv64; +var {:extern} R31: bv64; +var {:extern} malloc_base: [bv64]bv8; +var {:extern} malloc_count: [bv64]bv8; +var {:extern} malloc_end: [bv64]bv8; +var {:extern} mem: [bv64]bv8; +var {:extern} stack: [bv64]bv8; +const {:extern} $buf_addr: bv64; +axiom ($buf_addr == 131192bv64); +const {:extern} $password_addr: bv64; +axiom ($password_addr == 131168bv64); +const {:extern} $stext_addr: bv64; +axiom ($stext_addr == 131169bv64); +function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) { + false +} + +function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64); +function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64); +function {:extern} {:bvbuiltin "bvuge"} bvuge64(bv64, bv64) returns (bool); +function {:extern} {:bvbuiltin "bvugt"} bvugt64(bv64, bv64) returns (bool); +function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool); +function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool); +function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) { + (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index]))) +} + +function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) { + (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index]))))))) +} + +function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool) { + gammaMap[index] +} + +function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) { + gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value] +} + +function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) { + (memory[bvadd64(index, 7bv64)] ++ (memory[bvadd64(index, 6bv64)] ++ (memory[bvadd64(index, 5bv64)] ++ (memory[bvadd64(index, 4bv64)] ++ (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index]))))))) +} + +function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8) { + memory[index] +} + +function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) { + memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]] +} + +procedure {:extern} rely(); + modifies Gamma_mem, mem; + ensures (mem == old(mem)); + ensures (Gamma_mem == old(Gamma_mem)); + free ensures (memory_load8_le(mem, 2412bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2413bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2414bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2415bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure {:extern} rely_transitive() + modifies Gamma_mem, mem; + ensures (mem == old(mem)); + ensures (Gamma_mem == old(Gamma_mem)); +{ + call rely(); + call rely(); +} + +procedure {:extern} rely_reflexive(); + +procedure {:extern} guarantee_reflexive(); + modifies Gamma_mem, mem; + +procedure #free(); + modifies Gamma_R16, Gamma_R17, R16, R17; + requires (forall i : int, j: bv64 :: (malloc_base[i] == R0 && bvuge64(j, R0) && bvult64(j, malloc_end[i])) ==> Gamma_mem[j]); + free requires (memory_load8_le(mem, 2412bv64) == 1bv8); + free requires (memory_load8_le(mem, 2413bv64) == 0bv8); + free requires (memory_load8_le(mem, 2414bv64) == 2bv8); + free requires (memory_load8_le(mem, 2415bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 208bv8); + free requires (memory_load8_le(mem, 130505bv64) == 8bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 128bv8); + free requires (memory_load8_le(mem, 130513bv64) == 8bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 212bv8); + free requires (memory_load8_le(mem, 131033bv64) == 8bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2412bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2413bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2414bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2415bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure main() + modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R19, Gamma_R2, Gamma_R20, Gamma_R21, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R19, R2, R20, R21, R29, R30, R31, malloc_base, malloc_count, malloc_end, mem, stack; + requires (gamma_load8(Gamma_mem, $password_addr) == false); + requires malloc_count == 0; + requires gamma_load32(Gamma_mem, memory_load64_le(mem, $stext_addr)); + requires R31 == 100bv64; + free requires (memory_load8_le(mem, 131152bv64) == 0bv8); + free requires (memory_load8_le(mem, 131153bv64) == 0bv8); + free requires (memory_load8_le(mem, 131154bv64) == 0bv8); + free requires (memory_load8_le(mem, 131155bv64) == 0bv8); + free requires (memory_load8_le(mem, 131156bv64) == 0bv8); + free requires (memory_load8_le(mem, 131157bv64) == 0bv8); + free requires (memory_load8_le(mem, 131158bv64) == 0bv8); + free requires (memory_load8_le(mem, 131159bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load8_le(mem, 131168bv64) == 7bv8); + free requires (memory_load8_le(mem, 131169bv64) == 117bv8); + free requires (memory_load8_le(mem, 131170bv64) == 115bv8); + free requires (memory_load8_le(mem, 131171bv64) == 101bv8); + free requires (memory_load8_le(mem, 131172bv64) == 114bv8); + free requires (memory_load8_le(mem, 131173bv64) == 58bv8); + free requires (memory_load8_le(mem, 131174bv64) == 112bv8); + free requires (memory_load8_le(mem, 131175bv64) == 97bv8); + free requires (memory_load8_le(mem, 131176bv64) == 115bv8); + free requires (memory_load8_le(mem, 131177bv64) == 115bv8); + free requires (memory_load8_le(mem, 131178bv64) == 0bv8); + free requires (memory_load8_le(mem, 131179bv64) == 0bv8); + free requires (memory_load8_le(mem, 2412bv64) == 1bv8); + free requires (memory_load8_le(mem, 2413bv64) == 0bv8); + free requires (memory_load8_le(mem, 2414bv64) == 2bv8); + free requires (memory_load8_le(mem, 2415bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 208bv8); + free requires (memory_load8_le(mem, 130505bv64) == 8bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 128bv8); + free requires (memory_load8_le(mem, 130513bv64) == 8bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 212bv8); + free requires (memory_load8_le(mem, 131033bv64) == 8bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (Gamma_R19 == old(Gamma_R19)); + free ensures (Gamma_R20 == old(Gamma_R20)); + free ensures (Gamma_R21 == old(Gamma_R21)); + free ensures (Gamma_R29 == old(Gamma_R29)); + free ensures (Gamma_R31 == old(Gamma_R31)); + free ensures (R19 == old(R19)); + free ensures (R20 == old(R20)); + free ensures (R21 == old(R21)); + free ensures (R29 == old(R29)); + free ensures (R31 == old(R31)); + free ensures (memory_load8_le(mem, 2412bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2413bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2414bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2415bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); +{ + var #4: bv64; + var #5: bv64; + var #6: bv64; + var Gamma_#4: bool; + var Gamma_#5: bool; + var Gamma_#6: bool; + lmain: + assume {:captureState "lmain"} true; + #4, Gamma_#4 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31; + stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29); + assume {:captureState "%00000338"} true; + stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30); + assume {:captureState "%0000033e"} true; + R31, Gamma_R31 := #4, Gamma_#4; + stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R21), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R21); + assume {:captureState "%0000034a"} true; + #5, Gamma_#5 := bvadd64(R31, 32bv64), Gamma_R31; + stack, Gamma_stack := memory_store64_le(stack, #5, R20), gamma_store64(Gamma_stack, #5, Gamma_R20); + assume {:captureState "%00000356"} true; + stack, Gamma_stack := memory_store64_le(stack, bvadd64(#5, 8bv64), R19), gamma_store64(Gamma_stack, bvadd64(#5, 8bv64), Gamma_R19); + assume {:captureState "%0000035c"} true; + R29, Gamma_R29 := R31, Gamma_R31; + R0, Gamma_R0 := 11bv64, true; + R30, Gamma_R30 := 2284bv64, true; + call malloc(); + goto l00000371; + l00000371: + assume {:captureState "l00000371"} true; + R21, Gamma_R21 := 131072bv64, true; + R20, Gamma_R20 := 131072bv64, true; + R20, Gamma_R20 := bvadd64(R20, 97bv64), Gamma_R20; + R19, Gamma_R19 := R0, Gamma_R0; + call rely(); + assert (L(mem, bvadd64(R21, 120bv64)) ==> Gamma_R0); + mem, Gamma_mem := memory_store64_le(mem, bvadd64(R21, 120bv64), R0), gamma_store64(Gamma_mem, bvadd64(R21, 120bv64), Gamma_R0); + assume {:captureState "%0000038d"} true; + R0, Gamma_R0 := R20, Gamma_R20; + R30, Gamma_R30 := 2312bv64, true; + call strlen(); + goto l0000039d; + l0000039d: + assume {:captureState "l0000039d"} true; + R2, Gamma_R2 := R0, Gamma_R0; + R0, Gamma_R0 := R19, Gamma_R19; + R1, Gamma_R1 := R20, Gamma_R20; + R30, Gamma_R30 := 2328bv64, true; + call memcpy(); + goto l000003b7; + l000003b7: + assume {:captureState "l000003b7"} true; + R0, Gamma_R0 := R19, Gamma_R19; + R30, Gamma_R30 := 2336bv64, true; + call puts(); + goto l000003c5; + l000003c5: + assume {:captureState "l000003c5"} true; + call rely(); + R19, Gamma_R19 := memory_load64_le(mem, bvadd64(R21, 120bv64)), (gamma_load64(Gamma_mem, bvadd64(R21, 120bv64)) || L(mem, bvadd64(R21, 120bv64))); + R0, Gamma_R0 := R19, Gamma_R19; + R30, Gamma_R30 := 2348bv64, true; + call strlen(); + goto l000003d9; + l000003d9: + assume {:captureState "l000003d9"} true; + R2, Gamma_R2 := R0, Gamma_R0; + R0, Gamma_R0 := R19, Gamma_R19; + R1, Gamma_R1 := 1bv64, true; + R30, Gamma_R30 := 2364bv64, true; + call memset(); + goto l000003f2; + l000003f2: + assume {:captureState "l000003f2"} true; + call rely(); + R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R21, 120bv64)), (gamma_load64(Gamma_mem, bvadd64(R21, 120bv64)) || L(mem, bvadd64(R21, 120bv64))); + R30, Gamma_R30 := 2372bv64, true; + call #free(); + goto l00000401; + l00000401: + assume {:captureState "l00000401"} true; + R0, Gamma_R0 := 0bv64, true; + #6, Gamma_#6 := bvadd64(R31, 32bv64), Gamma_R31; + R20, Gamma_R20 := memory_load64_le(stack, #6), gamma_load64(Gamma_stack, #6); + R19, Gamma_R19 := memory_load64_le(stack, bvadd64(#6, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#6, 8bv64)); + R21, Gamma_R21 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64)); + R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31); + R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64)); + R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31; + return; +} + +procedure malloc(); + modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, R0, R16, R17, malloc_base, malloc_count, malloc_end; + requires bvugt64(R0, 0bv64); + requires Gamma_R0 == true; + free requires (memory_load8_le(mem, 2412bv64) == 1bv8); + free requires (memory_load8_le(mem, 2413bv64) == 0bv8); + free requires (memory_load8_le(mem, 2414bv64) == 2bv8); + free requires (memory_load8_le(mem, 2415bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 208bv8); + free requires (memory_load8_le(mem, 130505bv64) == 8bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 128bv8); + free requires (memory_load8_le(mem, 130513bv64) == 8bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 212bv8); + free requires (memory_load8_le(mem, 131033bv64) == 8bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); + ensures Gamma_R0 == true; + ensures malloc_count == old(malloc_count) + 1; + ensures bvugt64(malloc_end[malloc_count], malloc_base[malloc_count]); + ensures R0 == malloc_base[malloc_count]; + ensures malloc_end[malloc_count] == bvadd64(R0, old(R0)); + ensures (forall i: int :: i != malloc_count ==> bvugt64(malloc_base[malloc_count], malloc_end[i]) || bvult64(malloc_end[malloc_count], malloc_base[i])); + ensures (forall i: int :: i != malloc_count ==> malloc_base[i] == old(malloc_base[i]) && malloc_end[i] == old(malloc_end[i])); + ensures bvuge64(R0, 100000000bv64); + ensures (forall i : bv64 :: (bvuge64(i, R0) && bvult64(i, bvadd64(R0, old(R0)))) ==> (Gamma_mem[i] && gamma_load8(Gamma_mem, i))); + free ensures (memory_load8_le(mem, 2412bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2413bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2414bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2415bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure memcpy(); + modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; + free requires (memory_load8_le(mem, 2412bv64) == 1bv8); + free requires (memory_load8_le(mem, 2413bv64) == 0bv8); + free requires (memory_load8_le(mem, 2414bv64) == 2bv8); + free requires (memory_load8_le(mem, 2415bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 208bv8); + free requires (memory_load8_le(mem, 130505bv64) == 8bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 128bv8); + free requires (memory_load8_le(mem, 130513bv64) == 8bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 212bv8); + free requires (memory_load8_le(mem, 131033bv64) == 8bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); + ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i, bvadd64(R0, R2))) then gamma_load8((Gamma_mem), bvadd64(bvsub64(i, R0), R1)) else old(gamma_load8(Gamma_mem, i)))); + ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then memory_load8_le((mem), bvadd64(bvsub64(i, R0), R1)) else old(memory_load8_le(mem, i)))); + free ensures (memory_load8_le(mem, 2412bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2413bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2414bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2415bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure memset(); + modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; + requires Gamma_R1; + free requires (memory_load8_le(mem, 2412bv64) == 1bv8); + free requires (memory_load8_le(mem, 2413bv64) == 0bv8); + free requires (memory_load8_le(mem, 2414bv64) == 2bv8); + free requires (memory_load8_le(mem, 2415bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 208bv8); + free requires (memory_load8_le(mem, 130505bv64) == 8bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 128bv8); + free requires (memory_load8_le(mem, 130513bv64) == 8bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 212bv8); + free requires (memory_load8_le(mem, 131033bv64) == 8bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); + ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then Gamma_R1 else old(gamma_load8(Gamma_mem, i)))); + ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i)))); + free ensures (memory_load8_le(mem, 2412bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2413bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2414bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2415bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure puts(); + modifies Gamma_R16, Gamma_R17, R16, R17; + free requires (memory_load8_le(mem, 2412bv64) == 1bv8); + free requires (memory_load8_le(mem, 2413bv64) == 0bv8); + free requires (memory_load8_le(mem, 2414bv64) == 2bv8); + free requires (memory_load8_le(mem, 2415bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 208bv8); + free requires (memory_load8_le(mem, 130505bv64) == 8bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 128bv8); + free requires (memory_load8_le(mem, 130513bv64) == 8bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 212bv8); + free requires (memory_load8_le(mem, 131033bv64) == 8bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2412bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2413bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2414bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2415bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure strlen(); + modifies Gamma_R0, Gamma_R16, Gamma_R17, R0, R16, R17; + free requires (memory_load8_le(mem, 2412bv64) == 1bv8); + free requires (memory_load8_le(mem, 2413bv64) == 0bv8); + free requires (memory_load8_le(mem, 2414bv64) == 2bv8); + free requires (memory_load8_le(mem, 2415bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 208bv8); + free requires (memory_load8_le(mem, 130505bv64) == 8bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 128bv8); + free requires (memory_load8_le(mem, 130513bv64) == 8bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 212bv8); + free requires (memory_load8_le(mem, 131033bv64) == 8bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + ensures (((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))) && (memory_load8_le(mem, $stext_addr) == old(memory_load8_le(mem, $stext_addr)))); + ensures Gamma_R0 == true; + ensures (forall i: bv64 :: (bvule64(old(R0), i)) && (bvult64(i, bvadd64(old(R0), R0))) ==> mem[i] != 0bv8); + ensures (memory_load8_le(mem, bvadd64(old(R0), R0)) == 0bv8); + ensures (bvult64(old(R0), bvadd64(bvadd64(old(R0), R0), 1bv64))); + free ensures (memory_load8_le(mem, 2412bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2413bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2414bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2415bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); diff --git a/examples/http_parse_basic/example.bpl b/src/test/correct/malloc_memcpy_strlen_memset_free/gcc/malloc_memcpy_strlen_memset_free.expected similarity index 86% rename from examples/http_parse_basic/example.bpl rename to src/test/correct/malloc_memcpy_strlen_memset_free/gcc/malloc_memcpy_strlen_memset_free.expected index 175e49ed2..05c767d15 100644 --- a/examples/http_parse_basic/example.bpl +++ b/src/test/correct/malloc_memcpy_strlen_memset_free/gcc/malloc_memcpy_strlen_memset_free.expected @@ -37,17 +37,11 @@ function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) { } function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64); -function {:extern} {:bvbuiltin "bvlshr"} bvlshr64(bv64, bv64) returns (bv64); -function {:extern} {:bvbuiltin "bvmul"} bvmul64(bv64, bv64) returns (bv64); function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64); function {:extern} {:bvbuiltin "bvuge"} bvuge64(bv64, bv64) returns (bool); function {:extern} {:bvbuiltin "bvugt"} bvugt64(bv64, bv64) returns (bool); function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool); function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool); -function {:inline} byte_extract64_64(value: bv64, offset: bv64) returns (bv8) { - bvlshr64(value, bvmul64(offset, 8bv64))[8:0] -} - function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) { (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index]))) } @@ -61,15 +55,7 @@ function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool) } function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) { - (lambda i: bv64 :: ((if in_bounds64(index, 8bv64, i) then value else gammaMap[i]))) -} - -function {:extern} gamma_store8(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) { - gammaMap[index := value] -} - -function {:inline} in_bounds64_le(base: bv64, len: bv64, i: bv64) returns (bool) { - (if bvule64(base, bvadd64(base, len)) then (bvule64(base, i) && bvult64(i, bvadd64(base, len))) else (bvule64(base, i) || bvult64(i, bvadd64(base, len)))) + gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value] } function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) { @@ -81,21 +67,17 @@ function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8) } function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) { - (lambda i: bv64 :: ((if in_bounds64(index, 8bv64, i) then byte_extract64_64(value, bvsub64(i, index)) else memory[i]))) -} - -function {:extern} memory_store8_le(memory: [bv64]bv8, index: bv64, value: bv8) returns ([bv64]bv8) { - memory[index := value] + memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]] } procedure {:extern} rely(); modifies Gamma_mem, mem; ensures (mem == old(mem)); ensures (Gamma_mem == old(Gamma_mem)); - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2480bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2481bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2482bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2483bv64) == 0bv8); free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); @@ -146,10 +128,10 @@ procedure {:extern} guarantee_reflexive(); procedure #free(); modifies Gamma_R16, Gamma_R17, R16, R17; requires (forall i : int, j: bv64 :: (malloc_base[i] == R0 && bvuge64(j, R0) && bvult64(j, malloc_end[i])) ==> Gamma_mem[j]); - free requires (memory_load8_le(mem, 2488bv64) == 1bv8); - free requires (memory_load8_le(mem, 2489bv64) == 0bv8); - free requires (memory_load8_le(mem, 2490bv64) == 2bv8); - free requires (memory_load8_le(mem, 2491bv64) == 0bv8); + free requires (memory_load8_le(mem, 2480bv64) == 1bv8); + free requires (memory_load8_le(mem, 2481bv64) == 0bv8); + free requires (memory_load8_le(mem, 2482bv64) == 2bv8); + free requires (memory_load8_le(mem, 2483bv64) == 0bv8); free requires (memory_load8_le(mem, 130504bv64) == 208bv8); free requires (memory_load8_le(mem, 130505bv64) == 8bv8); free requires (memory_load8_le(mem, 130506bv64) == 0bv8); @@ -182,10 +164,10 @@ procedure #free(); free requires (memory_load8_le(mem, 131165bv64) == 0bv8); free requires (memory_load8_le(mem, 131166bv64) == 0bv8); free requires (memory_load8_le(mem, 131167bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2480bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2481bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2482bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2483bv64) == 0bv8); free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); @@ -249,21 +231,21 @@ procedure main() free requires (memory_load8_le(mem, 131173bv64) == 0bv8); free requires (memory_load8_le(mem, 131174bv64) == 0bv8); free requires (memory_load8_le(mem, 131175bv64) == 0bv8); - free requires (memory_load8_le(mem, 131176bv64) == 104bv8); - free requires (memory_load8_le(mem, 131177bv64) == 101bv8); - free requires (memory_load8_le(mem, 131178bv64) == 108bv8); - free requires (memory_load8_le(mem, 131179bv64) == 108bv8); - free requires (memory_load8_le(mem, 131180bv64) == 111bv8); - free requires (memory_load8_le(mem, 131181bv64) == 111bv8); - free requires (memory_load8_le(mem, 131182bv64) == 0bv8); - free requires (memory_load8_le(mem, 131183bv64) == 0bv8); - free requires (memory_load8_le(mem, 131184bv64) == 0bv8); + free requires (memory_load8_le(mem, 131176bv64) == 117bv8); + free requires (memory_load8_le(mem, 131177bv64) == 115bv8); + free requires (memory_load8_le(mem, 131178bv64) == 101bv8); + free requires (memory_load8_le(mem, 131179bv64) == 114bv8); + free requires (memory_load8_le(mem, 131180bv64) == 58bv8); + free requires (memory_load8_le(mem, 131181bv64) == 112bv8); + free requires (memory_load8_le(mem, 131182bv64) == 97bv8); + free requires (memory_load8_le(mem, 131183bv64) == 115bv8); + free requires (memory_load8_le(mem, 131184bv64) == 115bv8); free requires (memory_load8_le(mem, 131185bv64) == 0bv8); free requires (memory_load8_le(mem, 131186bv64) == 0bv8); - free requires (memory_load8_le(mem, 2488bv64) == 1bv8); - free requires (memory_load8_le(mem, 2489bv64) == 0bv8); - free requires (memory_load8_le(mem, 2490bv64) == 2bv8); - free requires (memory_load8_le(mem, 2491bv64) == 0bv8); + free requires (memory_load8_le(mem, 2480bv64) == 1bv8); + free requires (memory_load8_le(mem, 2481bv64) == 0bv8); + free requires (memory_load8_le(mem, 2482bv64) == 2bv8); + free requires (memory_load8_le(mem, 2483bv64) == 0bv8); free requires (memory_load8_le(mem, 130504bv64) == 208bv8); free requires (memory_load8_le(mem, 130505bv64) == 8bv8); free requires (memory_load8_le(mem, 130506bv64) == 0bv8); @@ -302,10 +284,10 @@ procedure main() free ensures (R19 == old(R19)); free ensures (R29 == old(R29)); free ensures (R31 == old(R31)); - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2480bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2481bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2482bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2483bv64) == 0bv8); free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); @@ -345,30 +327,30 @@ procedure main() assume {:captureState "lmain"} true; #4, Gamma_#4 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31; stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29); - assume {:captureState "%00000384"} true; + assume {:captureState "%0000037c"} true; stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30); - assume {:captureState "%0000038a"} true; + assume {:captureState "%00000382"} true; R31, Gamma_R31 := #4, Gamma_#4; R29, Gamma_R29 := R31, Gamma_R31; stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R19), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R19); - assume {:captureState "%0000039c"} true; + assume {:captureState "%00000394"} true; stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), true); - assume {:captureState "%000003a3"} true; + assume {:captureState "%0000039b"} true; stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 32bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R31, 32bv64), true); - assume {:captureState "%000003aa"} true; + assume {:captureState "%000003a2"} true; R0, Gamma_R0 := 11bv64, true; R30, Gamma_R30 := 2288bv64, true; call malloc(); - goto l000003b9; - l000003b9: - assume {:captureState "l000003b9"} true; + goto l000003b1; + l000003b1: + assume {:captureState "l000003b1"} true; R1, Gamma_R1 := R0, Gamma_R0; R0, Gamma_R0 := 131072bv64, true; R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; call rely(); assert (L(mem, R0) ==> Gamma_R1); mem, Gamma_mem := memory_store64_le(mem, R0, R1), gamma_store64(Gamma_mem, R0, Gamma_R1); - assume {:captureState "%000003d0"} true; + assume {:captureState "%000003c8"} true; R0, Gamma_R0 := 131072bv64, true; R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; call rely(); @@ -377,39 +359,34 @@ procedure main() R0, Gamma_R0 := bvadd64(R0, 104bv64), Gamma_R0; R30, Gamma_R30 := 2328bv64, true; call strlen(); - goto l000003f7; - l000003f7: - assume {:captureState "l000003f7"} true; + goto l000003ef; + l000003ef: + assume {:captureState "l000003ef"} true; R2, Gamma_R2 := R0, Gamma_R0; R0, Gamma_R0 := 131072bv64, true; R1, Gamma_R1 := bvadd64(R0, 104bv64), Gamma_R0; R0, Gamma_R0 := R19, Gamma_R19; R30, Gamma_R30 := 2348bv64, true; call memcpy(); - goto l00000416; - l00000416: - assume {:captureState "l00000416"} true; + goto l0000040e; + l0000040e: + assume {:captureState "l0000040e"} true; R0, Gamma_R0 := 131072bv64, true; R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; call rely(); R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0)); R30, Gamma_R30 := 2364bv64, true; call puts(); - goto l00000430; - l00000430: - assume {:captureState "l00000430"} true; + goto l00000428; + l00000428: + assume {:captureState "l00000428"} true; R0, Gamma_R0 := 131072bv64, true; R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; call rely(); R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0)); - R0, Gamma_R0 := bvadd64(R0, 2bv64), Gamma_R0; + R0, Gamma_R0 := bvadd64(R0, 4bv64), Gamma_R0; stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 40bv64), R0), gamma_store64(Gamma_stack, bvadd64(R31, 40bv64), Gamma_R0); - assume {:captureState "%0000044e"} true; - R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 40bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 40bv64)); - call rely(); - assert (L(mem, R0) ==> true); - mem, Gamma_mem := memory_store8_le(mem, R0, 0bv8), gamma_store8(Gamma_mem, R0, true); - assume {:captureState "%0000045c"} true; + assume {:captureState "%00000446"} true; R0, Gamma_R0 := 131072bv64, true; R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; call rely(); @@ -418,28 +395,28 @@ procedure main() R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; call rely(); R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0)); - R30, Gamma_R30 := 2420bv64, true; + R30, Gamma_R30 := 2412bv64, true; call strlen(); - goto l00000489; - l00000489: - assume {:captureState "l00000489"} true; + goto l00000473; + l00000473: + assume {:captureState "l00000473"} true; R2, Gamma_R2 := R0, Gamma_R0; R1, Gamma_R1 := 1bv64, true; R0, Gamma_R0 := R19, Gamma_R19; - R30, Gamma_R30 := 2436bv64, true; + R30, Gamma_R30 := 2428bv64, true; call memset(); - goto l000004a2; - l000004a2: - assume {:captureState "l000004a2"} true; + goto l0000048c; + l0000048c: + assume {:captureState "l0000048c"} true; R0, Gamma_R0 := 131072bv64, true; R0, Gamma_R0 := bvadd64(R0, 128bv64), Gamma_R0; call rely(); R0, Gamma_R0 := memory_load64_le(mem, R0), (gamma_load64(Gamma_mem, R0) || L(mem, R0)); - R30, Gamma_R30 := 2452bv64, true; + R30, Gamma_R30 := 2444bv64, true; call #free(); - goto l000004bc; - l000004bc: - assume {:captureState "l000004bc"} true; + goto l000004a6; + l000004a6: + assume {:captureState "l000004a6"} true; R0, Gamma_R0 := 0bv64, true; R19, Gamma_R19 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64)); R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31); @@ -452,10 +429,10 @@ procedure malloc(); modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, R0, R16, R17, malloc_base, malloc_count, malloc_end; requires bvugt64(R0, 0bv64); requires Gamma_R0 == true; - free requires (memory_load8_le(mem, 2488bv64) == 1bv8); - free requires (memory_load8_le(mem, 2489bv64) == 0bv8); - free requires (memory_load8_le(mem, 2490bv64) == 2bv8); - free requires (memory_load8_le(mem, 2491bv64) == 0bv8); + free requires (memory_load8_le(mem, 2480bv64) == 1bv8); + free requires (memory_load8_le(mem, 2481bv64) == 0bv8); + free requires (memory_load8_le(mem, 2482bv64) == 2bv8); + free requires (memory_load8_le(mem, 2483bv64) == 0bv8); free requires (memory_load8_le(mem, 130504bv64) == 208bv8); free requires (memory_load8_le(mem, 130505bv64) == 8bv8); free requires (memory_load8_le(mem, 130506bv64) == 0bv8); @@ -498,10 +475,10 @@ procedure malloc(); ensures (forall i: int :: i != malloc_count ==> malloc_base[i] == old(malloc_base[i]) && malloc_end[i] == old(malloc_end[i])); ensures bvuge64(R0, 100000000bv64); ensures (forall i : bv64 :: (bvuge64(i, R0) && bvult64(i, bvadd64(R0, old(R0)))) ==> (Gamma_mem[i] && gamma_load8(Gamma_mem, i))); - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2480bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2481bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2482bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2483bv64) == 0bv8); free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); @@ -537,10 +514,10 @@ procedure malloc(); procedure memcpy(); modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; - free requires (memory_load8_le(mem, 2488bv64) == 1bv8); - free requires (memory_load8_le(mem, 2489bv64) == 0bv8); - free requires (memory_load8_le(mem, 2490bv64) == 2bv8); - free requires (memory_load8_le(mem, 2491bv64) == 0bv8); + free requires (memory_load8_le(mem, 2480bv64) == 1bv8); + free requires (memory_load8_le(mem, 2481bv64) == 0bv8); + free requires (memory_load8_le(mem, 2482bv64) == 2bv8); + free requires (memory_load8_le(mem, 2483bv64) == 0bv8); free requires (memory_load8_le(mem, 130504bv64) == 208bv8); free requires (memory_load8_le(mem, 130505bv64) == 8bv8); free requires (memory_load8_le(mem, 130506bv64) == 0bv8); @@ -576,10 +553,10 @@ procedure memcpy(); ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i, bvadd64(R0, R2))) then gamma_load8((Gamma_mem), bvadd64(bvsub64(i, R0), R1)) else old(gamma_load8(Gamma_mem, i)))); ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then memory_load8_le((mem), bvadd64(bvsub64(i, R0), R1)) else old(memory_load8_le(mem, i)))); - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2480bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2481bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2482bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2483bv64) == 0bv8); free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); @@ -616,10 +593,10 @@ procedure memcpy(); procedure memset(); modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; requires Gamma_R1; - free requires (memory_load8_le(mem, 2488bv64) == 1bv8); - free requires (memory_load8_le(mem, 2489bv64) == 0bv8); - free requires (memory_load8_le(mem, 2490bv64) == 2bv8); - free requires (memory_load8_le(mem, 2491bv64) == 0bv8); + free requires (memory_load8_le(mem, 2480bv64) == 1bv8); + free requires (memory_load8_le(mem, 2481bv64) == 0bv8); + free requires (memory_load8_le(mem, 2482bv64) == 2bv8); + free requires (memory_load8_le(mem, 2483bv64) == 0bv8); free requires (memory_load8_le(mem, 130504bv64) == 208bv8); free requires (memory_load8_le(mem, 130505bv64) == 8bv8); free requires (memory_load8_le(mem, 130506bv64) == 0bv8); @@ -655,10 +632,10 @@ procedure memset(); ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then Gamma_R1 else old(gamma_load8(Gamma_mem, i)))); ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i)))); - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2480bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2481bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2482bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2483bv64) == 0bv8); free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); @@ -694,10 +671,10 @@ procedure memset(); procedure puts(); modifies Gamma_R16, Gamma_R17, R16, R17; - free requires (memory_load8_le(mem, 2488bv64) == 1bv8); - free requires (memory_load8_le(mem, 2489bv64) == 0bv8); - free requires (memory_load8_le(mem, 2490bv64) == 2bv8); - free requires (memory_load8_le(mem, 2491bv64) == 0bv8); + free requires (memory_load8_le(mem, 2480bv64) == 1bv8); + free requires (memory_load8_le(mem, 2481bv64) == 0bv8); + free requires (memory_load8_le(mem, 2482bv64) == 2bv8); + free requires (memory_load8_le(mem, 2483bv64) == 0bv8); free requires (memory_load8_le(mem, 130504bv64) == 208bv8); free requires (memory_load8_le(mem, 130505bv64) == 8bv8); free requires (memory_load8_le(mem, 130506bv64) == 0bv8); @@ -730,10 +707,10 @@ procedure puts(); free requires (memory_load8_le(mem, 131165bv64) == 0bv8); free requires (memory_load8_le(mem, 131166bv64) == 0bv8); free requires (memory_load8_le(mem, 131167bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2480bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2481bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2482bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2483bv64) == 0bv8); free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); @@ -769,10 +746,10 @@ procedure puts(); procedure strlen(); modifies Gamma_R0, Gamma_R16, Gamma_R17, R0, R16, R17; - free requires (memory_load8_le(mem, 2488bv64) == 1bv8); - free requires (memory_load8_le(mem, 2489bv64) == 0bv8); - free requires (memory_load8_le(mem, 2490bv64) == 2bv8); - free requires (memory_load8_le(mem, 2491bv64) == 0bv8); + free requires (memory_load8_le(mem, 2480bv64) == 1bv8); + free requires (memory_load8_le(mem, 2481bv64) == 0bv8); + free requires (memory_load8_le(mem, 2482bv64) == 2bv8); + free requires (memory_load8_le(mem, 2483bv64) == 0bv8); free requires (memory_load8_le(mem, 130504bv64) == 208bv8); free requires (memory_load8_le(mem, 130505bv64) == 8bv8); free requires (memory_load8_le(mem, 130506bv64) == 0bv8); @@ -810,10 +787,10 @@ procedure strlen(); ensures (forall i: bv64 :: (bvule64(old(R0), i)) && (bvult64(i, bvadd64(old(R0), R0))) ==> mem[i] != 0bv8); ensures (memory_load8_le(mem, bvadd64(old(R0), R0)) == 0bv8); ensures (bvult64(old(R0), bvadd64(bvadd64(old(R0), R0), 1bv64))); - free ensures (memory_load8_le(mem, 2488bv64) == 1bv8); - free ensures (memory_load8_le(mem, 2489bv64) == 0bv8); - free ensures (memory_load8_le(mem, 2490bv64) == 2bv8); - free ensures (memory_load8_le(mem, 2491bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2480bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2481bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2482bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2483bv64) == 0bv8); free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); diff --git a/src/test/correct/malloc_memcpy_strlen_memset_free/gcc_O2/malloc_memcpy_strlen_memset_free.expected b/src/test/correct/malloc_memcpy_strlen_memset_free/gcc_O2/malloc_memcpy_strlen_memset_free.expected new file mode 100644 index 000000000..3579f04f2 --- /dev/null +++ b/src/test/correct/malloc_memcpy_strlen_memset_free/gcc_O2/malloc_memcpy_strlen_memset_free.expected @@ -0,0 +1,812 @@ +var {:extern} Gamma_R0: bool; +var {:extern} Gamma_R1: bool; +var {:extern} Gamma_R16: bool; +var {:extern} Gamma_R17: bool; +var {:extern} Gamma_R19: bool; +var {:extern} Gamma_R2: bool; +var {:extern} Gamma_R20: bool; +var {:extern} Gamma_R21: bool; +var {:extern} Gamma_R29: bool; +var {:extern} Gamma_R30: bool; +var {:extern} Gamma_R31: bool; +var {:extern} Gamma_malloc_base: [bv64]bool; +var {:extern} Gamma_malloc_count: [bv64]bool; +var {:extern} Gamma_malloc_end: [bv64]bool; +var {:extern} Gamma_mem: [bv64]bool; +var {:extern} Gamma_stack: [bv64]bool; +var {:extern} R0: bv64; +var {:extern} R1: bv64; +var {:extern} R16: bv64; +var {:extern} R17: bv64; +var {:extern} R19: bv64; +var {:extern} R2: bv64; +var {:extern} R20: bv64; +var {:extern} R21: bv64; +var {:extern} R29: bv64; +var {:extern} R30: bv64; +var {:extern} R31: bv64; +var {:extern} malloc_base: [bv64]bv8; +var {:extern} malloc_count: [bv64]bv8; +var {:extern} malloc_end: [bv64]bv8; +var {:extern} mem: [bv64]bv8; +var {:extern} stack: [bv64]bv8; +const {:extern} $buf_addr: bv64; +axiom ($buf_addr == 131192bv64); +const {:extern} $password_addr: bv64; +axiom ($password_addr == 131179bv64); +const {:extern} $stext_addr: bv64; +axiom ($stext_addr == 131168bv64); +function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) { + false +} + +function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64); +function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64); +function {:extern} {:bvbuiltin "bvuge"} bvuge64(bv64, bv64) returns (bool); +function {:extern} {:bvbuiltin "bvugt"} bvugt64(bv64, bv64) returns (bool); +function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool); +function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool); +function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) { + (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index]))) +} + +function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) { + (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index]))))))) +} + +function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool) { + gammaMap[index] +} + +function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) { + gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value] +} + +function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) { + (memory[bvadd64(index, 7bv64)] ++ (memory[bvadd64(index, 6bv64)] ++ (memory[bvadd64(index, 5bv64)] ++ (memory[bvadd64(index, 4bv64)] ++ (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index]))))))) +} + +function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8) { + memory[index] +} + +function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) { + memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]] +} + +procedure {:extern} rely(); + modifies Gamma_mem, mem; + ensures (mem == old(mem)); + ensures (Gamma_mem == old(Gamma_mem)); + free ensures (memory_load8_le(mem, 2472bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure {:extern} rely_transitive() + modifies Gamma_mem, mem; + ensures (mem == old(mem)); + ensures (Gamma_mem == old(Gamma_mem)); +{ + call rely(); + call rely(); +} + +procedure {:extern} rely_reflexive(); + +procedure {:extern} guarantee_reflexive(); + modifies Gamma_mem, mem; + +procedure #free(); + modifies Gamma_R16, Gamma_R17, R16, R17; + requires (forall i : int, j: bv64 :: (malloc_base[i] == R0 && bvuge64(j, R0) && bvult64(j, malloc_end[i])) ==> Gamma_mem[j]); + free requires (memory_load8_le(mem, 2472bv64) == 1bv8); + free requires (memory_load8_le(mem, 2473bv64) == 0bv8); + free requires (memory_load8_le(mem, 2474bv64) == 2bv8); + free requires (memory_load8_le(mem, 2475bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 144bv8); + free requires (memory_load8_le(mem, 130505bv64) == 9bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 64bv8); + free requires (memory_load8_le(mem, 130513bv64) == 9bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 192bv8); + free requires (memory_load8_le(mem, 131033bv64) == 7bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2472bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure main() + modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R19, Gamma_R2, Gamma_R20, Gamma_R21, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R19, R2, R20, R21, R29, R30, R31, malloc_base, malloc_count, malloc_end, mem, stack; + requires (gamma_load8(Gamma_mem, $password_addr) == false); + requires malloc_count == 0; + requires gamma_load32(Gamma_mem, memory_load64_le(mem, $stext_addr)); + requires R31 == 100bv64; + free requires (memory_load8_le(mem, 131152bv64) == 0bv8); + free requires (memory_load8_le(mem, 131153bv64) == 0bv8); + free requires (memory_load8_le(mem, 131154bv64) == 0bv8); + free requires (memory_load8_le(mem, 131155bv64) == 0bv8); + free requires (memory_load8_le(mem, 131156bv64) == 0bv8); + free requires (memory_load8_le(mem, 131157bv64) == 0bv8); + free requires (memory_load8_le(mem, 131158bv64) == 0bv8); + free requires (memory_load8_le(mem, 131159bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load8_le(mem, 131168bv64) == 117bv8); + free requires (memory_load8_le(mem, 131169bv64) == 115bv8); + free requires (memory_load8_le(mem, 131170bv64) == 101bv8); + free requires (memory_load8_le(mem, 131171bv64) == 114bv8); + free requires (memory_load8_le(mem, 131172bv64) == 58bv8); + free requires (memory_load8_le(mem, 131173bv64) == 112bv8); + free requires (memory_load8_le(mem, 131174bv64) == 97bv8); + free requires (memory_load8_le(mem, 131175bv64) == 115bv8); + free requires (memory_load8_le(mem, 131176bv64) == 115bv8); + free requires (memory_load8_le(mem, 131177bv64) == 0bv8); + free requires (memory_load8_le(mem, 131178bv64) == 0bv8); + free requires (memory_load8_le(mem, 131179bv64) == 7bv8); + free requires (memory_load8_le(mem, 2472bv64) == 1bv8); + free requires (memory_load8_le(mem, 2473bv64) == 0bv8); + free requires (memory_load8_le(mem, 2474bv64) == 2bv8); + free requires (memory_load8_le(mem, 2475bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 144bv8); + free requires (memory_load8_le(mem, 130505bv64) == 9bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 64bv8); + free requires (memory_load8_le(mem, 130513bv64) == 9bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 192bv8); + free requires (memory_load8_le(mem, 131033bv64) == 7bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (Gamma_R19 == old(Gamma_R19)); + free ensures (Gamma_R20 == old(Gamma_R20)); + free ensures (Gamma_R21 == old(Gamma_R21)); + free ensures (Gamma_R29 == old(Gamma_R29)); + free ensures (Gamma_R31 == old(Gamma_R31)); + free ensures (R19 == old(R19)); + free ensures (R20 == old(R20)); + free ensures (R21 == old(R21)); + free ensures (R29 == old(R29)); + free ensures (R31 == old(R31)); + free ensures (memory_load8_le(mem, 2472bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); +{ + var #1: bv64; + var #2: bv64; + var #3: bv64; + var Gamma_#1: bool; + var Gamma_#2: bool; + var Gamma_#3: bool; + lmain: + assume {:captureState "lmain"} true; + #1, Gamma_#1 := bvadd64(R31, 18446744073709551568bv64), Gamma_R31; + stack, Gamma_stack := memory_store64_le(stack, #1, R29), gamma_store64(Gamma_stack, #1, Gamma_R29); + assume {:captureState "%00000233"} true; + stack, Gamma_stack := memory_store64_le(stack, bvadd64(#1, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#1, 8bv64), Gamma_R30); + assume {:captureState "%00000239"} true; + R31, Gamma_R31 := #1, Gamma_#1; + R0, Gamma_R0 := 11bv64, true; + R29, Gamma_R29 := R31, Gamma_R31; + stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 32bv64), R21), gamma_store64(Gamma_stack, bvadd64(R31, 32bv64), Gamma_R21); + assume {:captureState "%00000250"} true; + R21, Gamma_R21 := 131072bv64, true; + #2, Gamma_#2 := bvadd64(R31, 16bv64), Gamma_R31; + stack, Gamma_stack := memory_store64_le(stack, #2, R19), gamma_store64(Gamma_stack, #2, Gamma_R19); + assume {:captureState "%00000261"} true; + stack, Gamma_stack := memory_store64_le(stack, bvadd64(#2, 8bv64), R20), gamma_store64(Gamma_stack, bvadd64(#2, 8bv64), Gamma_R20); + assume {:captureState "%00000267"} true; + R30, Gamma_R30 := 2012bv64, true; + call malloc(); + goto l00000271; + l00000271: + assume {:captureState "l00000271"} true; + R20, Gamma_R20 := 131072bv64, true; + R20, Gamma_R20 := bvadd64(R20, 96bv64), Gamma_R20; + R19, Gamma_R19 := R0, Gamma_R0; + R0, Gamma_R0 := R20, Gamma_R20; + call rely(); + assert (L(mem, bvadd64(R21, 120bv64)) ==> Gamma_R19); + mem, Gamma_mem := memory_store64_le(mem, bvadd64(R21, 120bv64), R19), gamma_store64(Gamma_mem, bvadd64(R21, 120bv64), Gamma_R19); + assume {:captureState "%0000028e"} true; + R30, Gamma_R30 := 2036bv64, true; + call strlen(); + goto l00000298; + l00000298: + assume {:captureState "l00000298"} true; + R2, Gamma_R2 := R0, Gamma_R0; + R1, Gamma_R1 := R20, Gamma_R20; + R0, Gamma_R0 := R19, Gamma_R19; + R30, Gamma_R30 := 2052bv64, true; + call memcpy(); + goto l000002b2; + l000002b2: + assume {:captureState "l000002b2"} true; + R0, Gamma_R0 := R19, Gamma_R19; + R30, Gamma_R30 := 2060bv64, true; + call puts(); + goto l000002c0; + l000002c0: + assume {:captureState "l000002c0"} true; + call rely(); + R19, Gamma_R19 := memory_load64_le(mem, bvadd64(R21, 120bv64)), (gamma_load64(Gamma_mem, bvadd64(R21, 120bv64)) || L(mem, bvadd64(R21, 120bv64))); + R0, Gamma_R0 := R19, Gamma_R19; + R30, Gamma_R30 := 2072bv64, true; + call strlen(); + goto l000002d4; + l000002d4: + assume {:captureState "l000002d4"} true; + R1, Gamma_R1 := 1bv64, true; + R2, Gamma_R2 := R0, Gamma_R0; + R0, Gamma_R0 := R19, Gamma_R19; + R30, Gamma_R30 := 2088bv64, true; + call memset(); + goto l000002ed; + l000002ed: + assume {:captureState "l000002ed"} true; + call rely(); + R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R21, 120bv64)), (gamma_load64(Gamma_mem, bvadd64(R21, 120bv64)) || L(mem, bvadd64(R21, 120bv64))); + R30, Gamma_R30 := 2096bv64, true; + call #free(); + goto l000002fc; + l000002fc: + assume {:captureState "l000002fc"} true; + #3, Gamma_#3 := bvadd64(R31, 16bv64), Gamma_R31; + R19, Gamma_R19 := memory_load64_le(stack, #3), gamma_load64(Gamma_stack, #3); + R20, Gamma_R20 := memory_load64_le(stack, bvadd64(#3, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#3, 8bv64)); + R0, Gamma_R0 := 0bv64, true; + R21, Gamma_R21 := memory_load64_le(stack, bvadd64(R31, 32bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 32bv64)); + R29, Gamma_R29 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31); + R30, Gamma_R30 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64)); + R31, Gamma_R31 := bvadd64(R31, 48bv64), Gamma_R31; + return; +} + +procedure malloc(); + modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, R0, R16, R17, malloc_base, malloc_count, malloc_end; + requires bvugt64(R0, 0bv64); + requires Gamma_R0 == true; + free requires (memory_load8_le(mem, 2472bv64) == 1bv8); + free requires (memory_load8_le(mem, 2473bv64) == 0bv8); + free requires (memory_load8_le(mem, 2474bv64) == 2bv8); + free requires (memory_load8_le(mem, 2475bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 144bv8); + free requires (memory_load8_le(mem, 130505bv64) == 9bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 64bv8); + free requires (memory_load8_le(mem, 130513bv64) == 9bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 192bv8); + free requires (memory_load8_le(mem, 131033bv64) == 7bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); + ensures Gamma_R0 == true; + ensures malloc_count == old(malloc_count) + 1; + ensures bvugt64(malloc_end[malloc_count], malloc_base[malloc_count]); + ensures R0 == malloc_base[malloc_count]; + ensures malloc_end[malloc_count] == bvadd64(R0, old(R0)); + ensures (forall i: int :: i != malloc_count ==> bvugt64(malloc_base[malloc_count], malloc_end[i]) || bvult64(malloc_end[malloc_count], malloc_base[i])); + ensures (forall i: int :: i != malloc_count ==> malloc_base[i] == old(malloc_base[i]) && malloc_end[i] == old(malloc_end[i])); + ensures bvuge64(R0, 100000000bv64); + ensures (forall i : bv64 :: (bvuge64(i, R0) && bvult64(i, bvadd64(R0, old(R0)))) ==> (Gamma_mem[i] && gamma_load8(Gamma_mem, i))); + free ensures (memory_load8_le(mem, 2472bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure memcpy(); + modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; + free requires (memory_load8_le(mem, 2472bv64) == 1bv8); + free requires (memory_load8_le(mem, 2473bv64) == 0bv8); + free requires (memory_load8_le(mem, 2474bv64) == 2bv8); + free requires (memory_load8_le(mem, 2475bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 144bv8); + free requires (memory_load8_le(mem, 130505bv64) == 9bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 64bv8); + free requires (memory_load8_le(mem, 130513bv64) == 9bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 192bv8); + free requires (memory_load8_le(mem, 131033bv64) == 7bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); + ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i, bvadd64(R0, R2))) then gamma_load8((Gamma_mem), bvadd64(bvsub64(i, R0), R1)) else old(gamma_load8(Gamma_mem, i)))); + ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then memory_load8_le((mem), bvadd64(bvsub64(i, R0), R1)) else old(memory_load8_le(mem, i)))); + free ensures (memory_load8_le(mem, 2472bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure memset(); + modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; + requires Gamma_R1; + free requires (memory_load8_le(mem, 2472bv64) == 1bv8); + free requires (memory_load8_le(mem, 2473bv64) == 0bv8); + free requires (memory_load8_le(mem, 2474bv64) == 2bv8); + free requires (memory_load8_le(mem, 2475bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 144bv8); + free requires (memory_load8_le(mem, 130505bv64) == 9bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 64bv8); + free requires (memory_load8_le(mem, 130513bv64) == 9bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 192bv8); + free requires (memory_load8_le(mem, 131033bv64) == 7bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); + ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then Gamma_R1 else old(gamma_load8(Gamma_mem, i)))); + ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i)))); + free ensures (memory_load8_le(mem, 2472bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure puts(); + modifies Gamma_R16, Gamma_R17, R16, R17; + free requires (memory_load8_le(mem, 2472bv64) == 1bv8); + free requires (memory_load8_le(mem, 2473bv64) == 0bv8); + free requires (memory_load8_le(mem, 2474bv64) == 2bv8); + free requires (memory_load8_le(mem, 2475bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 144bv8); + free requires (memory_load8_le(mem, 130505bv64) == 9bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 64bv8); + free requires (memory_load8_le(mem, 130513bv64) == 9bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 192bv8); + free requires (memory_load8_le(mem, 131033bv64) == 7bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2472bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure strlen(); + modifies Gamma_R0, Gamma_R16, Gamma_R17, R0, R16, R17; + free requires (memory_load8_le(mem, 2472bv64) == 1bv8); + free requires (memory_load8_le(mem, 2473bv64) == 0bv8); + free requires (memory_load8_le(mem, 2474bv64) == 2bv8); + free requires (memory_load8_le(mem, 2475bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 144bv8); + free requires (memory_load8_le(mem, 130505bv64) == 9bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 64bv8); + free requires (memory_load8_le(mem, 130513bv64) == 9bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 192bv8); + free requires (memory_load8_le(mem, 131033bv64) == 7bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + ensures (((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))) && (memory_load8_le(mem, $stext_addr) == old(memory_load8_le(mem, $stext_addr)))); + ensures Gamma_R0 == true; + ensures (forall i: bv64 :: (bvule64(old(R0), i)) && (bvult64(i, bvadd64(old(R0), R0))) ==> mem[i] != 0bv8); + ensures (memory_load8_le(mem, bvadd64(old(R0), R0)) == 0bv8); + ensures (bvult64(old(R0), bvadd64(bvadd64(old(R0), R0), 1bv64))); + free ensures (memory_load8_le(mem, 2472bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2473bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2474bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2475bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 144bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 64bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 9bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 192bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 7bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); diff --git a/src/test/incorrect/malloc_memcpy_strlen_memset_free/clang/malloc_memcpy_strlen_memset_free.expected b/src/test/incorrect/malloc_memcpy_strlen_memset_free/clang/malloc_memcpy_strlen_memset_free.expected new file mode 100644 index 000000000..56b362747 --- /dev/null +++ b/src/test/incorrect/malloc_memcpy_strlen_memset_free/clang/malloc_memcpy_strlen_memset_free.expected @@ -0,0 +1,814 @@ +var {:extern} Gamma_R0: bool; +var {:extern} Gamma_R1: bool; +var {:extern} Gamma_R16: bool; +var {:extern} Gamma_R17: bool; +var {:extern} Gamma_R2: bool; +var {:extern} Gamma_R29: bool; +var {:extern} Gamma_R30: bool; +var {:extern} Gamma_R31: bool; +var {:extern} Gamma_R8: bool; +var {:extern} Gamma_R9: bool; +var {:extern} Gamma_malloc_base: [bv64]bool; +var {:extern} Gamma_malloc_count: [bv64]bool; +var {:extern} Gamma_malloc_end: [bv64]bool; +var {:extern} Gamma_mem: [bv64]bool; +var {:extern} Gamma_stack: [bv64]bool; +var {:extern} R0: bv64; +var {:extern} R1: bv64; +var {:extern} R16: bv64; +var {:extern} R17: bv64; +var {:extern} R2: bv64; +var {:extern} R29: bv64; +var {:extern} R30: bv64; +var {:extern} R31: bv64; +var {:extern} R8: bv64; +var {:extern} R9: bv64; +var {:extern} malloc_base: [bv64]bv8; +var {:extern} malloc_count: [bv64]bv8; +var {:extern} malloc_end: [bv64]bv8; +var {:extern} mem: [bv64]bv8; +var {:extern} stack: [bv64]bv8; +const {:extern} $buf_addr: bv64; +axiom ($buf_addr == 131192bv64); +const {:extern} $password_addr: bv64; +axiom ($password_addr == 131168bv64); +const {:extern} $stext_addr: bv64; +axiom ($stext_addr == 131169bv64); +function {:extern} L(memory: [bv64]bv8, index: bv64) returns (bool) { + false +} + +function {:extern} {:bvbuiltin "bvadd"} bvadd64(bv64, bv64) returns (bv64); +function {:extern} {:bvbuiltin "bvsub"} bvsub64(bv64, bv64) returns (bv64); +function {:extern} {:bvbuiltin "bvuge"} bvuge64(bv64, bv64) returns (bool); +function {:extern} {:bvbuiltin "bvugt"} bvugt64(bv64, bv64) returns (bool); +function {:extern} {:bvbuiltin "bvule"} bvule64(bv64, bv64) returns (bool); +function {:extern} {:bvbuiltin "bvult"} bvult64(bv64, bv64) returns (bool); +function {:extern} gamma_load32(gammaMap: [bv64]bool, index: bv64) returns (bool) { + (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index]))) +} + +function {:extern} gamma_load64(gammaMap: [bv64]bool, index: bv64) returns (bool) { + (gammaMap[bvadd64(index, 7bv64)] && (gammaMap[bvadd64(index, 6bv64)] && (gammaMap[bvadd64(index, 5bv64)] && (gammaMap[bvadd64(index, 4bv64)] && (gammaMap[bvadd64(index, 3bv64)] && (gammaMap[bvadd64(index, 2bv64)] && (gammaMap[bvadd64(index, 1bv64)] && gammaMap[index]))))))) +} + +function {:extern} gamma_load8(gammaMap: [bv64]bool, index: bv64) returns (bool) { + gammaMap[index] +} + +function {:extern} gamma_store64(gammaMap: [bv64]bool, index: bv64, value: bool) returns ([bv64]bool) { + gammaMap[index := value][bvadd64(index, 1bv64) := value][bvadd64(index, 2bv64) := value][bvadd64(index, 3bv64) := value][bvadd64(index, 4bv64) := value][bvadd64(index, 5bv64) := value][bvadd64(index, 6bv64) := value][bvadd64(index, 7bv64) := value] +} + +function {:extern} memory_load64_le(memory: [bv64]bv8, index: bv64) returns (bv64) { + (memory[bvadd64(index, 7bv64)] ++ (memory[bvadd64(index, 6bv64)] ++ (memory[bvadd64(index, 5bv64)] ++ (memory[bvadd64(index, 4bv64)] ++ (memory[bvadd64(index, 3bv64)] ++ (memory[bvadd64(index, 2bv64)] ++ (memory[bvadd64(index, 1bv64)] ++ memory[index]))))))) +} + +function {:extern} memory_load8_le(memory: [bv64]bv8, index: bv64) returns (bv8) { + memory[index] +} + +function {:extern} memory_store64_le(memory: [bv64]bv8, index: bv64, value: bv64) returns ([bv64]bv8) { + memory[index := value[8:0]][bvadd64(index, 1bv64) := value[16:8]][bvadd64(index, 2bv64) := value[24:16]][bvadd64(index, 3bv64) := value[32:24]][bvadd64(index, 4bv64) := value[40:32]][bvadd64(index, 5bv64) := value[48:40]][bvadd64(index, 6bv64) := value[56:48]][bvadd64(index, 7bv64) := value[64:56]] +} + +procedure {:extern} rely(); + modifies Gamma_mem, mem; + ensures (mem == old(mem)); + ensures (Gamma_mem == old(Gamma_mem)); + free ensures (memory_load8_le(mem, 2448bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2449bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2450bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2451bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure {:extern} rely_transitive() + modifies Gamma_mem, mem; + ensures (mem == old(mem)); + ensures (Gamma_mem == old(Gamma_mem)); +{ + call rely(); + call rely(); +} + +procedure {:extern} rely_reflexive(); + +procedure {:extern} guarantee_reflexive(); + modifies Gamma_mem, mem; + +procedure #free(); + modifies Gamma_R16, Gamma_R17, R16, R17; + requires (forall i : int, j: bv64 :: (malloc_base[i] == R0 && bvuge64(j, R0) && bvult64(j, malloc_end[i])) ==> Gamma_mem[j]); + free requires (memory_load8_le(mem, 2448bv64) == 1bv8); + free requires (memory_load8_le(mem, 2449bv64) == 0bv8); + free requires (memory_load8_le(mem, 2450bv64) == 2bv8); + free requires (memory_load8_le(mem, 2451bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 208bv8); + free requires (memory_load8_le(mem, 130505bv64) == 8bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 128bv8); + free requires (memory_load8_le(mem, 130513bv64) == 8bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 212bv8); + free requires (memory_load8_le(mem, 131033bv64) == 8bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2448bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2449bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2450bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2451bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure main() + modifies Gamma_R0, Gamma_R1, Gamma_R16, Gamma_R17, Gamma_R2, Gamma_R29, Gamma_R30, Gamma_R31, Gamma_R8, Gamma_R9, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, Gamma_mem, Gamma_stack, R0, R1, R16, R17, R2, R29, R30, R31, R8, R9, malloc_base, malloc_count, malloc_end, mem, stack; + requires (gamma_load8(Gamma_mem, $password_addr) == false); + requires malloc_count == 0; + requires gamma_load32(Gamma_mem, memory_load64_le(mem, $stext_addr)); + requires R31 == 100bv64; + free requires (memory_load8_le(mem, 131152bv64) == 0bv8); + free requires (memory_load8_le(mem, 131153bv64) == 0bv8); + free requires (memory_load8_le(mem, 131154bv64) == 0bv8); + free requires (memory_load8_le(mem, 131155bv64) == 0bv8); + free requires (memory_load8_le(mem, 131156bv64) == 0bv8); + free requires (memory_load8_le(mem, 131157bv64) == 0bv8); + free requires (memory_load8_le(mem, 131158bv64) == 0bv8); + free requires (memory_load8_le(mem, 131159bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free requires (memory_load8_le(mem, 131168bv64) == 7bv8); + free requires (memory_load8_le(mem, 131169bv64) == 117bv8); + free requires (memory_load8_le(mem, 131170bv64) == 115bv8); + free requires (memory_load8_le(mem, 131171bv64) == 101bv8); + free requires (memory_load8_le(mem, 131172bv64) == 114bv8); + free requires (memory_load8_le(mem, 131173bv64) == 58bv8); + free requires (memory_load8_le(mem, 131174bv64) == 112bv8); + free requires (memory_load8_le(mem, 131175bv64) == 97bv8); + free requires (memory_load8_le(mem, 131176bv64) == 115bv8); + free requires (memory_load8_le(mem, 131177bv64) == 115bv8); + free requires (memory_load8_le(mem, 131178bv64) == 0bv8); + free requires (memory_load8_le(mem, 131179bv64) == 0bv8); + free requires (memory_load8_le(mem, 2448bv64) == 1bv8); + free requires (memory_load8_le(mem, 2449bv64) == 0bv8); + free requires (memory_load8_le(mem, 2450bv64) == 2bv8); + free requires (memory_load8_le(mem, 2451bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 208bv8); + free requires (memory_load8_le(mem, 130505bv64) == 8bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 128bv8); + free requires (memory_load8_le(mem, 130513bv64) == 8bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 212bv8); + free requires (memory_load8_le(mem, 131033bv64) == 8bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (Gamma_R29 == old(Gamma_R29)); + free ensures (Gamma_R31 == old(Gamma_R31)); + free ensures (R29 == old(R29)); + free ensures (R31 == old(R31)); + free ensures (memory_load8_le(mem, 2448bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2449bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2450bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2451bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); +{ + var #4: bv64; + var #5: bv64; + var Gamma_#4: bool; + var Gamma_#5: bool; + lmain: + assume {:captureState "lmain"} true; + R31, Gamma_R31 := bvadd64(R31, 18446744073709551552bv64), Gamma_R31; + #4, Gamma_#4 := bvadd64(R31, 48bv64), Gamma_R31; + stack, Gamma_stack := memory_store64_le(stack, #4, R29), gamma_store64(Gamma_stack, #4, Gamma_R29); + assume {:captureState "%00000362"} true; + stack, Gamma_stack := memory_store64_le(stack, bvadd64(#4, 8bv64), R30), gamma_store64(Gamma_stack, bvadd64(#4, 8bv64), Gamma_R30); + assume {:captureState "%00000368"} true; + R29, Gamma_R29 := bvadd64(R31, 48bv64), Gamma_R31; + stack, Gamma_stack := memory_store64_le(stack, bvadd64(R29, 18446744073709551608bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R29, 18446744073709551608bv64), true); + assume {:captureState "%00000375"} true; + stack, Gamma_stack := memory_store64_le(stack, bvadd64(R29, 18446744073709551600bv64), 0bv64), gamma_store64(Gamma_stack, bvadd64(R29, 18446744073709551600bv64), true); + assume {:captureState "%0000037c"} true; + R0, Gamma_R0 := 11bv64, true; + R30, Gamma_R30 := 2288bv64, true; + call malloc(); + goto l0000038b; + l0000038b: + assume {:captureState "l0000038b"} true; + R8, Gamma_R8 := 131072bv64, true; + stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 24bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 24bv64), Gamma_R8); + assume {:captureState "%00000396"} true; + call rely(); + assert (L(mem, bvadd64(R8, 120bv64)) ==> Gamma_R0); + mem, Gamma_mem := memory_store64_le(mem, bvadd64(R8, 120bv64), R0), gamma_store64(Gamma_mem, bvadd64(R8, 120bv64), Gamma_R0); + assume {:captureState "%0000039e"} true; + call rely(); + R8, Gamma_R8 := memory_load64_le(mem, bvadd64(R8, 120bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 120bv64)) || L(mem, bvadd64(R8, 120bv64))); + stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 8bv64), R8), gamma_store64(Gamma_stack, bvadd64(R31, 8bv64), Gamma_R8); + assume {:captureState "%000003ad"} true; + R0, Gamma_R0 := 131072bv64, true; + R0, Gamma_R0 := bvadd64(R0, 97bv64), Gamma_R0; + stack, Gamma_stack := memory_store64_le(stack, R31, R0), gamma_store64(Gamma_stack, R31, Gamma_R0); + assume {:captureState "%000003c0"} true; + R30, Gamma_R30 := 2324bv64, true; + call strlen(); + goto l000003ca; + l000003ca: + assume {:captureState "l000003ca"} true; + R1, Gamma_R1 := memory_load64_le(stack, R31), gamma_load64(Gamma_stack, R31); + R2, Gamma_R2 := R0, Gamma_R0; + R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 8bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 8bv64)); + R30, Gamma_R30 := 2340bv64, true; + call memcpy(); + goto l000003e6; + l000003e6: + assume {:captureState "l000003e6"} true; + R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64)); + call rely(); + R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R8, 120bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 120bv64)) || L(mem, bvadd64(R8, 120bv64))); + R30, Gamma_R30 := 2352bv64, true; + call puts(); + goto l000003fc; + l000003fc: + assume {:captureState "l000003fc"} true; + R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64)); + call rely(); + R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R8, 120bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 120bv64)) || L(mem, bvadd64(R8, 120bv64))); + R9, Gamma_R9 := bvadd64(R9, 4bv64), Gamma_R9; + stack, Gamma_stack := memory_store64_le(stack, bvadd64(R29, 18446744073709551608bv64), R9), gamma_store64(Gamma_stack, bvadd64(R29, 18446744073709551608bv64), Gamma_R9); + assume {:captureState "%00000416"} true; + call rely(); + R9, Gamma_R9 := memory_load64_le(mem, bvadd64(R8, 120bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 120bv64)) || L(mem, bvadd64(R8, 120bv64))); + stack, Gamma_stack := memory_store64_le(stack, bvadd64(R31, 16bv64), R9), gamma_store64(Gamma_stack, bvadd64(R31, 16bv64), Gamma_R9); + assume {:captureState "%00000425"} true; + call rely(); + R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R8, 120bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 120bv64)) || L(mem, bvadd64(R8, 120bv64))); + R30, Gamma_R30 := 2384bv64, true; + call strlen(); + goto l00000435; + l00000435: + assume {:captureState "l00000435"} true; + R2, Gamma_R2 := R0, Gamma_R0; + R0, Gamma_R0 := memory_load64_le(stack, bvadd64(R31, 16bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 16bv64)); + R1, Gamma_R1 := 1bv64, true; + R30, Gamma_R30 := 2400bv64, true; + call memset(); + goto l0000044f; + l0000044f: + assume {:captureState "l0000044f"} true; + R8, Gamma_R8 := memory_load64_le(stack, bvadd64(R31, 24bv64)), gamma_load64(Gamma_stack, bvadd64(R31, 24bv64)); + call rely(); + R0, Gamma_R0 := memory_load64_le(mem, bvadd64(R8, 120bv64)), (gamma_load64(Gamma_mem, bvadd64(R8, 120bv64)) || L(mem, bvadd64(R8, 120bv64))); + R30, Gamma_R30 := 2412bv64, true; + call #free(); + goto l00000465; + l00000465: + assume {:captureState "l00000465"} true; + R0, Gamma_R0 := 0bv64, true; + #5, Gamma_#5 := bvadd64(R31, 48bv64), Gamma_R31; + R29, Gamma_R29 := memory_load64_le(stack, #5), gamma_load64(Gamma_stack, #5); + R30, Gamma_R30 := memory_load64_le(stack, bvadd64(#5, 8bv64)), gamma_load64(Gamma_stack, bvadd64(#5, 8bv64)); + R31, Gamma_R31 := bvadd64(R31, 64bv64), Gamma_R31; + return; +} + +procedure malloc(); + modifies Gamma_R0, Gamma_R16, Gamma_R17, Gamma_malloc_base, Gamma_malloc_count, Gamma_malloc_end, R0, R16, R17, malloc_base, malloc_count, malloc_end; + requires bvugt64(R0, 0bv64); + requires Gamma_R0 == true; + free requires (memory_load8_le(mem, 2448bv64) == 1bv8); + free requires (memory_load8_le(mem, 2449bv64) == 0bv8); + free requires (memory_load8_le(mem, 2450bv64) == 2bv8); + free requires (memory_load8_le(mem, 2451bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 208bv8); + free requires (memory_load8_le(mem, 130505bv64) == 8bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 128bv8); + free requires (memory_load8_le(mem, 130513bv64) == 8bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 212bv8); + free requires (memory_load8_le(mem, 131033bv64) == 8bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); + ensures Gamma_R0 == true; + ensures malloc_count == old(malloc_count) + 1; + ensures bvugt64(malloc_end[malloc_count], malloc_base[malloc_count]); + ensures R0 == malloc_base[malloc_count]; + ensures malloc_end[malloc_count] == bvadd64(R0, old(R0)); + ensures (forall i: int :: i != malloc_count ==> bvugt64(malloc_base[malloc_count], malloc_end[i]) || bvult64(malloc_end[malloc_count], malloc_base[i])); + ensures (forall i: int :: i != malloc_count ==> malloc_base[i] == old(malloc_base[i]) && malloc_end[i] == old(malloc_end[i])); + ensures bvuge64(R0, 100000000bv64); + ensures (forall i : bv64 :: (bvuge64(i, R0) && bvult64(i, bvadd64(R0, old(R0)))) ==> (Gamma_mem[i] && gamma_load8(Gamma_mem, i))); + free ensures (memory_load8_le(mem, 2448bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2449bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2450bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2451bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure memcpy(); + modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; + free requires (memory_load8_le(mem, 2448bv64) == 1bv8); + free requires (memory_load8_le(mem, 2449bv64) == 0bv8); + free requires (memory_load8_le(mem, 2450bv64) == 2bv8); + free requires (memory_load8_le(mem, 2451bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 208bv8); + free requires (memory_load8_le(mem, 130505bv64) == 8bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 128bv8); + free requires (memory_load8_le(mem, 130513bv64) == 8bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 212bv8); + free requires (memory_load8_le(mem, 131033bv64) == 8bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); + ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i, bvadd64(R0, R2))) then gamma_load8((Gamma_mem), bvadd64(bvsub64(i, R0), R1)) else old(gamma_load8(Gamma_mem, i)))); + ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then memory_load8_le((mem), bvadd64(bvsub64(i, R0), R1)) else old(memory_load8_le(mem, i)))); + free ensures (memory_load8_le(mem, 2448bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2449bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2450bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2451bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure memset(); + modifies Gamma_R16, Gamma_R17, Gamma_mem, R16, R17, mem; + requires Gamma_R1; + free requires (memory_load8_le(mem, 2448bv64) == 1bv8); + free requires (memory_load8_le(mem, 2449bv64) == 0bv8); + free requires (memory_load8_le(mem, 2450bv64) == 2bv8); + free requires (memory_load8_le(mem, 2451bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 208bv8); + free requires (memory_load8_le(mem, 130505bv64) == 8bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 128bv8); + free requires (memory_load8_le(mem, 130513bv64) == 8bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 212bv8); + free requires (memory_load8_le(mem, 131033bv64) == 8bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + ensures ((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))); + ensures (forall i: bv64 :: (Gamma_mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then Gamma_R1 else old(gamma_load8(Gamma_mem, i)))); + ensures (forall i: bv64 :: (mem[i] == if (bvule64(R0, i) && bvult64(i,bvadd64(R0, R2))) then R1[8:0] else old(memory_load8_le(mem, i)))); + free ensures (memory_load8_le(mem, 2448bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2449bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2450bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2451bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure puts(); + modifies Gamma_R16, Gamma_R17, R16, R17; + free requires (memory_load8_le(mem, 2448bv64) == 1bv8); + free requires (memory_load8_le(mem, 2449bv64) == 0bv8); + free requires (memory_load8_le(mem, 2450bv64) == 2bv8); + free requires (memory_load8_le(mem, 2451bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 208bv8); + free requires (memory_load8_le(mem, 130505bv64) == 8bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 128bv8); + free requires (memory_load8_le(mem, 130513bv64) == 8bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 212bv8); + free requires (memory_load8_le(mem, 131033bv64) == 8bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2448bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2449bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2450bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2451bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8); + +procedure strlen(); + modifies Gamma_R0, Gamma_R16, Gamma_R17, R0, R16, R17; + free requires (memory_load8_le(mem, 2448bv64) == 1bv8); + free requires (memory_load8_le(mem, 2449bv64) == 0bv8); + free requires (memory_load8_le(mem, 2450bv64) == 2bv8); + free requires (memory_load8_le(mem, 2451bv64) == 0bv8); + free requires (memory_load8_le(mem, 130504bv64) == 208bv8); + free requires (memory_load8_le(mem, 130505bv64) == 8bv8); + free requires (memory_load8_le(mem, 130506bv64) == 0bv8); + free requires (memory_load8_le(mem, 130507bv64) == 0bv8); + free requires (memory_load8_le(mem, 130508bv64) == 0bv8); + free requires (memory_load8_le(mem, 130509bv64) == 0bv8); + free requires (memory_load8_le(mem, 130510bv64) == 0bv8); + free requires (memory_load8_le(mem, 130511bv64) == 0bv8); + free requires (memory_load8_le(mem, 130512bv64) == 128bv8); + free requires (memory_load8_le(mem, 130513bv64) == 8bv8); + free requires (memory_load8_le(mem, 130514bv64) == 0bv8); + free requires (memory_load8_le(mem, 130515bv64) == 0bv8); + free requires (memory_load8_le(mem, 130516bv64) == 0bv8); + free requires (memory_load8_le(mem, 130517bv64) == 0bv8); + free requires (memory_load8_le(mem, 130518bv64) == 0bv8); + free requires (memory_load8_le(mem, 130519bv64) == 0bv8); + free requires (memory_load8_le(mem, 131032bv64) == 212bv8); + free requires (memory_load8_le(mem, 131033bv64) == 8bv8); + free requires (memory_load8_le(mem, 131034bv64) == 0bv8); + free requires (memory_load8_le(mem, 131035bv64) == 0bv8); + free requires (memory_load8_le(mem, 131036bv64) == 0bv8); + free requires (memory_load8_le(mem, 131037bv64) == 0bv8); + free requires (memory_load8_le(mem, 131038bv64) == 0bv8); + free requires (memory_load8_le(mem, 131039bv64) == 0bv8); + free requires (memory_load8_le(mem, 131160bv64) == 88bv8); + free requires (memory_load8_le(mem, 131161bv64) == 0bv8); + free requires (memory_load8_le(mem, 131162bv64) == 2bv8); + free requires (memory_load8_le(mem, 131163bv64) == 0bv8); + free requires (memory_load8_le(mem, 131164bv64) == 0bv8); + free requires (memory_load8_le(mem, 131165bv64) == 0bv8); + free requires (memory_load8_le(mem, 131166bv64) == 0bv8); + free requires (memory_load8_le(mem, 131167bv64) == 0bv8); + ensures (((memory_load64_le(mem, $buf_addr) == old(memory_load64_le(mem, $buf_addr))) && (memory_load8_le(mem, $password_addr) == old(memory_load8_le(mem, $password_addr)))) && (memory_load8_le(mem, $stext_addr) == old(memory_load8_le(mem, $stext_addr)))); + ensures Gamma_R0 == true; + ensures (forall i: bv64 :: (bvule64(old(R0), i)) && (bvult64(i, bvadd64(old(R0), R0))) ==> mem[i] != 0bv8); + ensures (memory_load8_le(mem, bvadd64(old(R0), R0)) == 0bv8); + ensures (bvult64(old(R0), bvadd64(bvadd64(old(R0), R0), 1bv64))); + free ensures (memory_load8_le(mem, 2448bv64) == 1bv8); + free ensures (memory_load8_le(mem, 2449bv64) == 0bv8); + free ensures (memory_load8_le(mem, 2450bv64) == 2bv8); + free ensures (memory_load8_le(mem, 2451bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130504bv64) == 208bv8); + free ensures (memory_load8_le(mem, 130505bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130506bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130507bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130508bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130509bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130510bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130511bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130512bv64) == 128bv8); + free ensures (memory_load8_le(mem, 130513bv64) == 8bv8); + free ensures (memory_load8_le(mem, 130514bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130515bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130516bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130517bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130518bv64) == 0bv8); + free ensures (memory_load8_le(mem, 130519bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131032bv64) == 212bv8); + free ensures (memory_load8_le(mem, 131033bv64) == 8bv8); + free ensures (memory_load8_le(mem, 131034bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131035bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131036bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131037bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131038bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131039bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131160bv64) == 88bv8); + free ensures (memory_load8_le(mem, 131161bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131162bv64) == 2bv8); + free ensures (memory_load8_le(mem, 131163bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131164bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131165bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131166bv64) == 0bv8); + free ensures (memory_load8_le(mem, 131167bv64) == 0bv8);