Mise à jour terminée. Pour connaître les apports de la version 13.8.4 par rapport à notre ancienne version vous pouvez lire les "Release Notes" suivantes :
https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/
https://about.gitlab.com/releases/2021/02/05/gitlab-13-8-3-released/

Commit 548a6ead authored by Raphaël Rieu-Helft's avatar Raphaël Rieu-Helft

Module Main now compiles

parent ad60e3f1
printer "c"
module ref.Ref
syntax type ref "%1"
syntax val ref "%1"
syntax converter ref "%1"
syntax val (!_) "%1"
syntax converter (!_) "%1"
syntax val (:=) "%1 = %2"
end
......@@ -55,7 +59,10 @@ end
module mach.c.C
syntax type ptr "(%1 *)"
prelude "#include <stdlib.h>"
prelude "#include <stdio.h>"
syntax type ptr "%1 *"
syntax val malloc "malloc(%1 * sizeof(%v0))" (* and not %t1 ? *)
syntax val free "free(%1)"
......@@ -64,10 +71,19 @@ module mach.c.C
syntax val is_null "%1 == NULL"
syntax val null "NULL"
syntax val incr "%1+%2"
syntax val get "*(%1)"
syntax val set "*(%1) = %2"
syntax val p2i "%1"
syntax converter p2i "%1"
syntax val break "break"
syntax val return32 "return (%1)"
syntax val print_space "printf(\" \")"
syntax val print_newline "printf(\"\\n\")"
syntax val print_uint32 "printf(\"%#x\",%1)"
end
\ No newline at end of file
......@@ -199,8 +199,6 @@ module N
ensures { c * a < c * b }
= ()
exception Break32 int32
use import ref.Refint
function compare_int (x y:int) : int =
......@@ -275,13 +273,13 @@ module N
};
res := Int32.of_int (-1)
end;
raise Break32 !res
return32 !res;
end
else ()
done;
value_sub_frame_shift (pelts x) (pelts y) x.offset y.offset (p2i sz);
zero
with Break32 r -> r
with Return32 r -> r
end
(* [is_zero] checks if [x[0..sz-1]] is zero. It corresponds to [mpn_zero_p]. *)
......@@ -307,14 +305,14 @@ module N
value_sub_concat (pelts x) x.offset (x.offset+k) (x.offset + p2i sz);
value_sub_lower_bound_tight (pelts x) x.offset (x.offset+k);
value_sub_lower_bound (pelts x) (x.offset+k) (x.offset + p2i sz);
raise Break32 (Int32.of_int 0)
return32 (Int32.of_int 0);
end
else begin
assert { 1+2=3 };
end
done;
Int32.of_int 1
with Break32 r -> r
with Return32 r -> r
end
(** [zero r sz] sets [(r,sz)] to zero. Corresponds to [mpn_zero]. *)
......@@ -335,8 +333,6 @@ module N
(** {2 Addition} *)
exception Break
(** [add_limb r x y sz] adds to [x] the value of the limb [y],
writes the result in [r] and returns the carry. [r] and [x]
have size [sz]. This corresponds to the function [mpn_add_1] *)
......@@ -2112,24 +2108,71 @@ module N
assert { l2i !qh * l2i d + l2i !r = l2i ul + radix * l2i uh };
(!qh,!r)
end
module Main
use import mach.c.C
use import N
use import mach.int.Int32
use import int.Int
use import ref.Ref
let print (p:t) (m n:int32) : unit
requires { 0 <= p.offset + p2i m
<= p.offset + p2i n
<= plength p }
=
let i = ref m in
let q = ref (incr p m) in
let one = Int32.of_int 1 in
while (Int32.(<) !i n) do
invariant { p2i m <= p2i !i <= p2i n }
invariant { (!q).offset = p.offset + p2i !i }
invariant { plength !q = plength p }
variant { p2i n - p2i !i }
print_uint32 (get !q);
print_space ();
q := C.incr !q one;
i := Int32.(+) !i one;
done;
print_newline ()
let from_limb (l:limb) : t
ensures { is_null result \/ plength result = 1 }
ensures { is_null result \/ value_sub_shift result 1 = l2i l }
ensures { result.offset = 0 }
=
let p = malloc (UInt32.of_int 1) in
if not (is_null p)
then C.set p l;
p
let main () = from_limb (Limb.of_int 42)
let two_limbs (l1 l2: limb) : t
ensures { is_null result \/ plength result = 2 }
ensures { is_null result \/ value_sub_shift result 2 = l2i l1 + radix * l2i l2 }
ensures { result.offset = 0 }
=
let p = malloc (UInt32.of_int 2) in
if not (is_null p)
then begin
C.set p l1;
C.set (incr p (Int32.of_int 1)) l2
end;
p
let main () =
let p = from_limb (Limb.of_int 42) in
if not (is_null p)
then begin
print_uint32 (get p);
print_newline ();
end;
free p;
let q = two_limbs (Limb.of_int 42) (Limb.of_int 28) in
if not (is_null q)
then print q (Int32.of_int 0) (Int32.of_int 2);
free q;
end
......
......@@ -10,7 +10,7 @@
<prover id="5" name="CVC4" version="1.4" alternative="noBV" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="6" name="Vampire" version="0.6" timelimit="5" steplimit="0" memlimit="1000"/>
<file name="../mp2.mlw" expanded="true">
<theory name="N" sum="0fd57e69a4e5a85538b534b92177aa8f" expanded="true">
<theory name="N" sum="c3d7d1839f13fa82e0c3d4dacce89969" expanded="true">
<goal name="limb_max_bound">
<proof prover="3"><result status="valid" time="0.02" steps="69"/></proof>
</goal>
......@@ -277,47 +277,65 @@
<goal name="VC compare_same_size.21" expl="21. integer overflow">
<proof prover="4"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="VC compare_same_size.22" expl="22. postcondition">
<goal name="VC compare_same_size.22" expl="22. loop invariant preservation">
<proof prover="3"><result status="valid" time="0.10" steps="70"/></proof>
</goal>
<goal name="VC compare_same_size.23" expl="23. loop invariant preservation">
<proof prover="3"><result status="valid" time="0.03" steps="70"/></proof>
</goal>
<goal name="VC compare_same_size.24" expl="24. loop variant decrease">
<proof prover="3"><result status="valid" time="0.10" steps="70"/></proof>
</goal>
<goal name="VC compare_same_size.25" expl="25. postcondition">
<proof prover="4"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="VC compare_same_size.23" expl="23. assertion">
<goal name="VC compare_same_size.26" expl="26. assertion">
<proof prover="4"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="VC compare_same_size.24" expl="24. precondition">
<goal name="VC compare_same_size.27" expl="27. precondition">
<proof prover="4"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC compare_same_size.25" expl="25. assertion">
<goal name="VC compare_same_size.28" expl="28. assertion">
<proof prover="3"><result status="valid" time="0.26" steps="117"/></proof>
</goal>
<goal name="VC compare_same_size.26" expl="26. assertion">
<goal name="VC compare_same_size.29" expl="29. assertion">
<transf name="split_goal_wp">
<goal name="VC compare_same_size.26.1" expl="1. VC for compare_same_size">
<goal name="VC compare_same_size.29.1" expl="1. VC for compare_same_size">
<proof prover="1"><result status="valid" time="1.08"/></proof>
</goal>
<goal name="VC compare_same_size.26.2" expl="2. VC for compare_same_size">
<goal name="VC compare_same_size.29.2" expl="2. VC for compare_same_size">
<proof prover="4"><result status="valid" time="0.03"/></proof>
</goal>
</transf>
</goal>
<goal name="VC compare_same_size.27" expl="27. integer overflow">
<goal name="VC compare_same_size.30" expl="30. integer overflow">
<proof prover="4"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="VC compare_same_size.28" expl="28. postcondition">
<goal name="VC compare_same_size.31" expl="31. loop invariant preservation">
<proof prover="3"><result status="valid" time="0.10" steps="70"/></proof>
</goal>
<goal name="VC compare_same_size.32" expl="32. loop invariant preservation">
<proof prover="3"><result status="valid" time="0.03" steps="70"/></proof>
</goal>
<goal name="VC compare_same_size.33" expl="33. loop variant decrease">
<proof prover="3"><result status="valid" time="0.10" steps="70"/></proof>
</goal>
<goal name="VC compare_same_size.34" expl="34. postcondition">
<proof prover="4"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="VC compare_same_size.29" expl="29. loop invariant preservation">
<goal name="VC compare_same_size.35" expl="35. loop invariant preservation">
<proof prover="4"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="VC compare_same_size.30" expl="30. loop invariant preservation">
<goal name="VC compare_same_size.36" expl="36. loop invariant preservation">
<proof prover="3"><result status="valid" time="0.04" steps="100"/></proof>
</goal>
<goal name="VC compare_same_size.31" expl="31. loop variant decrease">
<goal name="VC compare_same_size.37" expl="37. loop variant decrease">
<proof prover="4"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="VC compare_same_size.32" expl="32. precondition">
<goal name="VC compare_same_size.38" expl="38. precondition">
<proof prover="3"><result status="valid" time="0.05" steps="90"/></proof>
</goal>
<goal name="VC compare_same_size.33" expl="33. postcondition">
<goal name="VC compare_same_size.39" expl="39. postcondition">
<proof prover="4"><result status="valid" time="0.03"/></proof>
</goal>
</transf>
......@@ -358,31 +376,40 @@
<goal name="VC is_zero.11" expl="11. integer overflow">
<proof prover="4"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC is_zero.12" expl="12. postcondition">
<goal name="VC is_zero.12" expl="12. loop invariant preservation">
<proof prover="3"><result status="valid" time="0.03" steps="70"/></proof>
</goal>
<goal name="VC is_zero.13" expl="13. loop invariant preservation">
<proof prover="3"><result status="valid" time="0.03" steps="70"/></proof>
</goal>
<goal name="VC is_zero.14" expl="14. loop variant decrease">
<proof prover="3"><result status="valid" time="0.02" steps="70"/></proof>
</goal>
<goal name="VC is_zero.15" expl="15. postcondition">
<proof prover="4"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC is_zero.13" expl="13. postcondition">
<proof prover="3"><result status="valid" time="0.21" steps="150"/></proof>
<goal name="VC is_zero.16" expl="16. postcondition">
<proof prover="3"><result status="valid" time="0.21" steps="157"/></proof>
</goal>
<goal name="VC is_zero.14" expl="14. assertion">
<goal name="VC is_zero.17" expl="17. assertion">
<proof prover="4"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC is_zero.15" expl="15. loop invariant preservation">
<goal name="VC is_zero.18" expl="18. loop invariant preservation">
<proof prover="4"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="VC is_zero.16" expl="16. loop invariant preservation">
<goal name="VC is_zero.19" expl="19. loop invariant preservation">
<proof prover="3"><result status="valid" time="0.06" steps="103"/></proof>
</goal>
<goal name="VC is_zero.17" expl="17. loop variant decrease">
<goal name="VC is_zero.20" expl="20. loop variant decrease">
<proof prover="4"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC is_zero.18" expl="18. integer overflow">
<goal name="VC is_zero.21" expl="21. integer overflow">
<proof prover="4"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="VC is_zero.19" expl="19. postcondition">
<goal name="VC is_zero.22" expl="22. postcondition">
<proof prover="4"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC is_zero.20" expl="20. postcondition">
<goal name="VC is_zero.23" expl="23. postcondition">
<proof prover="3"><result status="valid" time="0.04" steps="85"/></proof>
</goal>
</transf>
......@@ -1692,10 +1719,10 @@
<proof prover="4"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC mul_limbs.8" expl="8. loop invariant init">
<proof prover="4"><result status="valid" time="0.02"/></proof>
<proof prover="3"><result status="valid" time="0.02" steps="70"/></proof>
</goal>
<goal name="VC mul_limbs.9" expl="9. loop invariant init">
<proof prover="3"><result status="valid" time="0.02" steps="70"/></proof>
<proof prover="4"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC mul_limbs.10" expl="10. loop invariant init">
<proof prover="4"><result status="valid" time="0.04"/></proof>
......@@ -2274,10 +2301,10 @@
<proof prover="4"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC mul.8" expl="8. loop invariant init">
<proof prover="4"><result status="valid" time="0.01"/></proof>
<proof prover="4"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC mul.9" expl="9. loop invariant init">
<proof prover="4"><result status="valid" time="0.02"/></proof>
<proof prover="4"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC mul.10" expl="10. loop invariant init">
<proof prover="4"><result status="valid" time="0.04"/></proof>
......@@ -2862,7 +2889,6 @@
<goal name="VC lshift.30" expl="30. loop invariant preservation">
<transf name="inline_all">
<goal name="VC lshift.30.1" expl="1. loop invariant preservation">
<proof prover="0" timelimit="10" obsolete="true"><result status="timeout" time="9.50"/></proof>
<proof prover="6"><result status="valid" time="1.85"/></proof>
</goal>
</transf>
......@@ -3999,7 +4025,7 @@
</transf>
</goal>
</theory>
<theory name="Main" sum="1b5018d2448537aeb1d3eb3e920619ba">
<theory name="Main" sum="e3434722a0f609aed57855977bbc7d27">
<goal name="VC from_limb" expl="VC for from_limb">
<transf name="split_goal_wp">
<goal name="VC from_limb.1" expl="1. integer overflow">
......@@ -4015,15 +4041,28 @@
<proof prover="3"><result status="valid" time="0.14" steps="123"/></proof>
</goal>
<goal name="VC from_limb.5" expl="5. postcondition">
<proof prover="3"><result status="valid" time="0.03" steps="75"/></proof>
<proof prover="3"><result status="valid" time="0.04" steps="79"/></proof>
</goal>
<goal name="VC from_limb.6" expl="6. postcondition">
<proof prover="3"><result status="valid" time="0.03" steps="75"/></proof>
</goal>
<goal name="VC from_limb.7" expl="7. postcondition">
<proof prover="3"><result status="valid" time="0.03" steps="75"/></proof>
</goal>
<goal name="VC from_limb.8" expl="8. postcondition">
<proof prover="3"><result status="valid" time="0.03" steps="75"/></proof>
</goal>
</transf>
</goal>
<goal name="VC main" expl="VC for main">
<proof prover="3"><result status="valid" time="0.03" steps="72"/></proof>
<transf name="split_goal_wp">
<goal name="VC main.1" expl="1. integer overflow">
<proof prover="3"><result status="valid" time="0.02" steps="72"/></proof>
</goal>
<goal name="VC main.2" expl="2. precondition">
<proof prover="3"><result status="valid" time="0.02" steps="73"/></proof>
</goal>
</transf>
</goal>
</theory>
</file>
......
......@@ -58,7 +58,7 @@ dffa7670276df3f668d6b159221ea268 VC for value_sub_upper_bound_tightainfix <avalu
bb430d1e14374489b52913573b19ded7 preconditionainfix <=V1V3Lainfix -V2c1Iainfix <V1V2F
4bb4f093efbea56103c993724294ca10 postconditionainfix <avalue_subV0V1V2ainfix *apoweraradixainfix -ainfix -V2V1c1ainfix +al2iagetV0ainfix -V2c1c1Iainfix <avalue_subV0V1V3apoweraradixainfix -V3V1Lainfix -V2c1Iainfix <V1V2F
58df47367a249b4dda2c25782c330308 VC for prod_compat_strict_rainfix <ainfix *V2V0ainfix *V2V1Iainfix <c0V2Aainfix <V0V1Aainfix <=c0V0F
07e659451015f1a658593398c7353169 VC for compare_same_sizeiainfix =ap2iV3acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7Aamap_eq_sub_shiftV11V10V9V8V7LapeltsV0LapeltsV1LaoffsetV0LaoffsetV1Lato_intV2iainfix <ap2iV20ap2iV5Aainfix <=c0ap2iV5Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V24amixfix []apeltsV1ainfix +aoffsetV1V24Iainfix <V24ap2iV2Aainfix <=ap2iV20V24FAainfix <=ap2iV20ap2iV2Aainfix <=c0ap2iV20iainfix =ap2iV43acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2Iainfix =V43V42FIainfix =ato_intV42V41FAain_boundsV41Laprefix -c1Aainfix >apoweraradixainfix -V17c1ainfix -avalue_sub_shiftV0ainfix -V17c1avalue_sub_shiftV1ainfix -V17c1Aainfix >=ainfix *ainfix -al2iV22al2iV21apoweraradixainfix -V17c1apoweraradixainfix -V17c1Aainfix =ainfix -avalue_sub_shiftV1V17avalue_sub_shiftV0V17ainfix -ainfix *ainfix -al2iV22al2iV21apoweraradixainfix -V17c1ainfix -avalue_sub_shiftV0ainfix -V17c1avalue_sub_shiftV1ainfix -V17c1Iainfix <=c0avalue_subapeltsV1aoffsetV1ainfix -ainfix +aoffsetV1V17c1Iainfix <avalue_subapeltsV0V40V39apoweraradixainfix -V39V40Aainfix <=V40V39LaoffsetV0Lainfix -ainfix +aoffsetV0V17c1Aainfix >al2iV22al2iV21ainfix =ap2iV47acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2Iainfix =V47V46FIainfix =ato_intV46c1FAain_boundsc1Aainfix >apoweraradixainfix -V17c1ainfix -avalue_sub_shiftV1ainfix -V17c1avalue_sub_shiftV0ainfix -V17c1Aainfix >=ainfix *ainfix -al2iV21al2iV22apoweraradixainfix -V17c1apoweraradixainfix -V17c1Aainfix =ainfix -avalue_sub_shiftV0V17avalue_sub_shiftV1V17ainfix -ainfix *ainfix -al2iV21al2iV22apoweraradixainfix -V17c1ainfix -avalue_sub_shiftV1ainfix -V17c1avalue_sub_shiftV0ainfix -V17c1Iainfix <=c0avalue_subapeltsV0aoffsetV0ainfix -ainfix +aoffsetV0V17c1Iainfix <avalue_subapeltsV1V45V44apoweraradixainfix -V44V45Aainfix <=V45V44LaoffsetV1Lainfix -ainfix +aoffsetV1V17c1ainfix >ato_intV21ato_intV22Iainfix =avalue_subV38V37ainfix +V36c1ainfix +avalue_subV38V37V36ainfix *al2iagetV38V36apoweraradixainfix -V36V37Aainfix <=V37V36LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V17c1Iainfix =avalue_subV35V34ainfix +V33c1ainfix +avalue_subV35V34V33ainfix *al2iagetV35V33apoweraradixainfix -V33V34Aainfix <=V34V33LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V17c1Aainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V17avalue_sub_shiftV1V17Iainfix =avalue_subV32V31V29ainfix +avalue_subV32V31V30ainfix *avalue_subV32V30V29apoweraradixainfix -V30V31Aainfix <=V30V29Aainfix <=V31V30LapeltsV1LaoffsetV1Lainfix +aoffsetV1V17Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV28V27V25ainfix +avalue_subV28V27V26ainfix *avalue_subV28V26V25apoweraradixainfix -V26V27Aainfix <=V26V25Aainfix <=V27V26LapeltsV0LaoffsetV0Lainfix +aoffsetV0V17Lainfix +aoffsetV0ato_intV2ainfix =V23aTrueINainfix =ato_intV21ato_intV22Iainfix =V23aTrueAainfix =V23aTrueINainfix =V21V22FIainfix =V22amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV20FAainfix <ainfix +aoffsetV1ato_intV20aplengthV1Aainfix <=c0ainfix +aoffsetV1ato_intV20Iainfix =V21amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV20FAainfix <ainfix +aoffsetV0ato_intV20aplengthV0Aainfix <=c0ainfix +aoffsetV0ato_intV20Aainfix <ap2iV20ap2iV2Aainfix <=c0ap2iV20Iainfix =V20V19FIainfix =ato_intV19ainfix -ato_intV5ato_intV18FAain_boundsainfix -ato_intV5ato_intV18Iainfix =ato_intV18c1FAain_boundsc1Lato_intV5Iainfix =avalue_subV16V14ainfix +V14V12avalue_subV15V13ainfix +V13V12Aamap_eq_sub_shiftV16V15V14V13V12LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Aainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V48amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V48Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V49amixfix []apeltsV1ainfix +aoffsetV1V49Iainfix <V49ap2iV2Aainfix <=ap2iV5V49Lainfix +ap2iV5V48Iainfix <V48ainfix -ap2iV2ap2iV5Aainfix <=c0V48Fainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FAain_boundsc1Iainfix =amixfix []apeltsV0ainfix +aoffsetV0V50amixfix []apeltsV1ainfix +aoffsetV1V50Iainfix <V50ap2iV2Aainfix <=ap2iV5V50FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FAainfix =amixfix []apeltsV0ainfix +aoffsetV0V51amixfix []apeltsV1ainfix +aoffsetV1V51Iainfix <V51ap2iV2Aainfix <=ap2iV2V51FAainfix <=ap2iV2ap2iV2Aainfix <=c0ap2iV2Iainfix =ato_intV4c0FAain_boundsc0Iainfix =ato_intV3c0FAain_boundsc0Iavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
6da166a5a6fab0fbb25bb49f88da780e VC for compare_same_sizeiainfix =ap2iV3acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7Aamap_eq_sub_shiftV11V10V9V8V7LapeltsV0LapeltsV1LaoffsetV0LaoffsetV1Lato_intV2iainfix <ap2iV20ap2iV5Aainfix <=c0ap2iV5Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V24amixfix []apeltsV1ainfix +aoffsetV1V24Iainfix <V24ap2iV2Aainfix <=ap2iV20V24FAainfix <=ap2iV20ap2iV2Aainfix <=c0ap2iV20iainfix =ap2iV44acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2Iainfix =V43V44FAainfix <ap2iV20ap2iV5Aainfix <=c0ap2iV5Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V45amixfix []apeltsV1ainfix +aoffsetV1V45Iainfix <V45ap2iV2Aainfix <=ap2iV20V45FAainfix <=ap2iV20ap2iV2Aainfix <=c0ap2iV20IfIainfix =V43V42FIainfix =ato_intV42V41FAain_boundsV41Laprefix -c1Aainfix >apoweraradixainfix -V17c1ainfix -avalue_sub_shiftV0ainfix -V17c1avalue_sub_shiftV1ainfix -V17c1Aainfix >=ainfix *ainfix -al2iV22al2iV21apoweraradixainfix -V17c1apoweraradixainfix -V17c1Aainfix =ainfix -avalue_sub_shiftV1V17avalue_sub_shiftV0V17ainfix -ainfix *ainfix -al2iV22al2iV21apoweraradixainfix -V17c1ainfix -avalue_sub_shiftV0ainfix -V17c1avalue_sub_shiftV1ainfix -V17c1Iainfix <=c0avalue_subapeltsV1aoffsetV1ainfix -ainfix +aoffsetV1V17c1Iainfix <avalue_subapeltsV0V40V39apoweraradixainfix -V39V40Aainfix <=V40V39LaoffsetV0Lainfix -ainfix +aoffsetV0V17c1Aainfix >al2iV22al2iV21ainfix =ap2iV50acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2Iainfix =V49V50FAainfix <ap2iV20ap2iV5Aainfix <=c0ap2iV5Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V51amixfix []apeltsV1ainfix +aoffsetV1V51Iainfix <V51ap2iV2Aainfix <=ap2iV20V51FAainfix <=ap2iV20ap2iV2Aainfix <=c0ap2iV20IfIainfix =V49V48FIainfix =ato_intV48c1FAain_boundsc1Aainfix >apoweraradixainfix -V17c1ainfix -avalue_sub_shiftV1ainfix -V17c1avalue_sub_shiftV0ainfix -V17c1Aainfix >=ainfix *ainfix -al2iV21al2iV22apoweraradixainfix -V17c1apoweraradixainfix -V17c1Aainfix =ainfix -avalue_sub_shiftV0V17avalue_sub_shiftV1V17ainfix -ainfix *ainfix -al2iV21al2iV22apoweraradixainfix -V17c1ainfix -avalue_sub_shiftV1ainfix -V17c1avalue_sub_shiftV0ainfix -V17c1Iainfix <=c0avalue_subapeltsV0aoffsetV0ainfix -ainfix +aoffsetV0V17c1Iainfix <avalue_subapeltsV1V47V46apoweraradixainfix -V46V47Aainfix <=V47V46LaoffsetV1Lainfix -ainfix +aoffsetV1V17c1ainfix >ato_intV21ato_intV22Iainfix =avalue_subV38V37ainfix +V36c1ainfix +avalue_subV38V37V36ainfix *al2iagetV38V36apoweraradixainfix -V36V37Aainfix <=V37V36LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V17c1Iainfix =avalue_subV35V34ainfix +V33c1ainfix +avalue_subV35V34V33ainfix *al2iagetV35V33apoweraradixainfix -V33V34Aainfix <=V34V33LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V17c1Aainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V17avalue_sub_shiftV1V17Iainfix =avalue_subV32V31V29ainfix +avalue_subV32V31V30ainfix *avalue_subV32V30V29apoweraradixainfix -V30V31Aainfix <=V30V29Aainfix <=V31V30LapeltsV1LaoffsetV1Lainfix +aoffsetV1V17Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV28V27V25ainfix +avalue_subV28V27V26ainfix *avalue_subV28V26V25apoweraradixainfix -V26V27Aainfix <=V26V25Aainfix <=V27V26LapeltsV0LaoffsetV0Lainfix +aoffsetV0V17Lainfix +aoffsetV0ato_intV2ainfix =V23aTrueINainfix =ato_intV21ato_intV22Iainfix =V23aTrueAainfix =V23aTrueINainfix =V21V22FIainfix =V22amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV20FAainfix <ainfix +aoffsetV1ato_intV20aplengthV1Aainfix <=c0ainfix +aoffsetV1ato_intV20Iainfix =V21amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV20FAainfix <ainfix +aoffsetV0ato_intV20aplengthV0Aainfix <=c0ainfix +aoffsetV0ato_intV20Aainfix <ap2iV20ap2iV2Aainfix <=c0ap2iV20Iainfix =V20V19FIainfix =ato_intV19ainfix -ato_intV5ato_intV18FAain_boundsainfix -ato_intV5ato_intV18Iainfix =ato_intV18c1FAain_boundsc1Lato_intV5Iainfix =avalue_subV16V14ainfix +V14V12avalue_subV15V13ainfix +V13V12Aamap_eq_sub_shiftV16V15V14V13V12LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Aainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V52amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V52Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V53amixfix []apeltsV1ainfix +aoffsetV1V53Iainfix <V53ap2iV2Aainfix <=ap2iV5V53Lainfix +ap2iV5V52Iainfix <V52ainfix -ap2iV2ap2iV5Aainfix <=c0V52Fainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FAain_boundsc1Iainfix =amixfix []apeltsV0ainfix +aoffsetV0V54amixfix []apeltsV1ainfix +aoffsetV1V54Iainfix <V54ap2iV2Aainfix <=ap2iV5V54FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FAainfix =amixfix []apeltsV0ainfix +aoffsetV0V55amixfix []apeltsV1ainfix +aoffsetV1V55Iainfix <V55ap2iV2Aainfix <=ap2iV2V55FAainfix <=ap2iV2ap2iV2Aainfix <=c0ap2iV2Iainfix =ato_intV4c0FAain_boundsc0Iainfix =ato_intV3c0FAain_boundsc0Iavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
ca0518397404719466c5551cb6cb7ab6 integer overflowain_boundsc0Iavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
d253b5dbefa7b4b96a725da7330cd9d8 integer overflowain_boundsc0Iainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
16d65cbbcd234be4f99277322f7dd78f loop invariant initainfix <=ap2iV2ap2iV2Aainfix <=c0ap2iV2Iainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
......@@ -82,7 +82,10 @@ c30a84cc7176d33f8a0d0970e9dbe333 assertionainfix >apoweraradixainfix -V12c1ainfi
df186c0c70a74fa062e067f625628a3d VC for compare_same_sizeainfix >=ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1apoweraradixainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV0V12avalue_sub_shiftV1V12ainfix -ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Iainfix <=c0avalue_subapeltsV0aoffsetV0ainfix -ainfix +aoffsetV0V12c1Iainfix <avalue_subapeltsV1V34V33apoweraradixainfix -V33V34LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V35amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V35Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V36amixfix []apeltsV1ainfix +aoffsetV1V36Iainfix <V36ap2iV2Aainfix <=ap2iV5V36Lainfix +ap2iV5V35Iainfix <V35ainfix -ap2iV2ap2iV5Aainfix <=c0V35FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V37amixfix []apeltsV1ainfix +aoffsetV1V37Iainfix <V37ap2iV2Aainfix <=ap2iV5V37FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
56b4467efa6c6f948d3aa4b855f75445 VC for compare_same_sizeainfix >apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV0V12avalue_sub_shiftV1V12ainfix -ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Iainfix <=c0avalue_subapeltsV0aoffsetV0ainfix -ainfix +aoffsetV0V12c1Iainfix <avalue_subapeltsV1V34V33apoweraradixainfix -V33V34LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V35amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V35Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V36amixfix []apeltsV1ainfix +aoffsetV1V36Iainfix <V36ap2iV2Aainfix <=ap2iV5V36Lainfix +ap2iV5V35Iainfix <V35ainfix -ap2iV2ap2iV5Aainfix <=c0V35FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V37amixfix []apeltsV1ainfix +aoffsetV1V37Iainfix <V37ap2iV2Aainfix <=ap2iV5V37FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
a28d08187a1d4162b5ef34a5000d20a5 integer overflowain_boundsc1Iainfix >apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Aainfix >=ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1apoweraradixainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV0V12avalue_sub_shiftV1V12ainfix -ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Iainfix <=c0avalue_subapeltsV0aoffsetV0ainfix -ainfix +aoffsetV0V12c1Iainfix <avalue_subapeltsV1V34V33apoweraradixainfix -V33V34LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V35amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V35Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V36amixfix []apeltsV1ainfix +aoffsetV1V36Iainfix <V36ap2iV2Aainfix <=ap2iV5V36Lainfix +ap2iV5V35Iainfix <V35ainfix -ap2iV2ap2iV5Aainfix <=c0V35FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V37amixfix []apeltsV1ainfix +aoffsetV1V37Iainfix <V37ap2iV2Aainfix <=ap2iV5V37FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
d7677aff6948138fb31e784edf23a9b0 postconditionainfix =ap2iV36acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2Iainfix =V36V35FIainfix =ato_intV35c1FIainfix >apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Aainfix >=ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1apoweraradixainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV0V12avalue_sub_shiftV1V12ainfix -ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Iainfix <=c0avalue_subapeltsV0aoffsetV0ainfix -ainfix +aoffsetV0V12c1Iainfix <avalue_subapeltsV1V34V33apoweraradixainfix -V33V34LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V37amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V37Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V38amixfix []apeltsV1ainfix +aoffsetV1V38Iainfix <V38ap2iV2Aainfix <=ap2iV5V38Lainfix +ap2iV5V37Iainfix <V37ainfix -ap2iV2ap2iV5Aainfix <=c0V37FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V39amixfix []apeltsV1ainfix +aoffsetV1V39Iainfix <V39ap2iV2Aainfix <=ap2iV5V39FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
9e7ba82406b6997ff991a6ff24808d2d loop invariant preservationainfix <=ap2iV15ap2iV2Aainfix <=c0ap2iV15IfIainfix =V36V35FIainfix =ato_intV35c1FIainfix >apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Aainfix >=ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1apoweraradixainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV0V12avalue_sub_shiftV1V12ainfix -ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Iainfix <=c0avalue_subapeltsV0aoffsetV0ainfix -ainfix +aoffsetV0V12c1Iainfix <avalue_subapeltsV1V34V33apoweraradixainfix -V33V34LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V37amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V37Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V38amixfix []apeltsV1ainfix +aoffsetV1V38Iainfix <V38ap2iV2Aainfix <=ap2iV5V38Lainfix +ap2iV5V37Iainfix <V37ainfix -ap2iV2ap2iV5Aainfix <=c0V37FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V39amixfix []apeltsV1ainfix +aoffsetV1V39Iainfix <V39ap2iV2Aainfix <=ap2iV5V39FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
c474c729c323cf55816bb6dc1f9f3434 loop invariant preservationainfix =amixfix []apeltsV0ainfix +aoffsetV0V37amixfix []apeltsV1ainfix +aoffsetV1V37Iainfix <V37ap2iV2Aainfix <=ap2iV15V37FIfIainfix =V36V35FIainfix =ato_intV35c1FIainfix >apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Aainfix >=ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1apoweraradixainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV0V12avalue_sub_shiftV1V12ainfix -ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Iainfix <=c0avalue_subapeltsV0aoffsetV0ainfix -ainfix +aoffsetV0V12c1Iainfix <avalue_subapeltsV1V34V33apoweraradixainfix -V33V34LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V38amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V38Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V39amixfix []apeltsV1ainfix +aoffsetV1V39Iainfix <V39ap2iV2Aainfix <=ap2iV5V39Lainfix +ap2iV5V38Iainfix <V38ainfix -ap2iV2ap2iV5Aainfix <=c0V38FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V40amixfix []apeltsV1ainfix +aoffsetV1V40Iainfix <V40ap2iV2Aainfix <=ap2iV5V40FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
86ba8998fc00d73086e4abf50b8fa6ff loop variant decreaseainfix <ap2iV15ap2iV5Aainfix <=c0ap2iV5IfIainfix =V36V35FIainfix =ato_intV35c1FIainfix >apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Aainfix >=ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1apoweraradixainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV0V12avalue_sub_shiftV1V12ainfix -ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Iainfix <=c0avalue_subapeltsV0aoffsetV0ainfix -ainfix +aoffsetV0V12c1Iainfix <avalue_subapeltsV1V34V33apoweraradixainfix -V33V34LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V37amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V37Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V38amixfix []apeltsV1ainfix +aoffsetV1V38Iainfix <V38ap2iV2Aainfix <=ap2iV5V38Lainfix +ap2iV5V37Iainfix <V37ainfix -ap2iV2ap2iV5Aainfix <=c0V37FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V39amixfix []apeltsV1ainfix +aoffsetV1V39Iainfix <V39ap2iV2Aainfix <=ap2iV5V39FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
e90daaafa86d4ee6416a2e651885ec8d postconditionainfix =ap2iV37acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2Iainfix =V36V37FIainfix =V36V35FIainfix =ato_intV35c1FIainfix >apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Aainfix >=ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1apoweraradixainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV0V12avalue_sub_shiftV1V12ainfix -ainfix *ainfix -al2iV16al2iV17apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV1ainfix -V12c1avalue_sub_shiftV0ainfix -V12c1Iainfix <=c0avalue_subapeltsV0aoffsetV0ainfix -ainfix +aoffsetV0V12c1Iainfix <avalue_subapeltsV1V34V33apoweraradixainfix -V33V34LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V38amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V38Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V39amixfix []apeltsV1ainfix +aoffsetV1V39Iainfix <V39ap2iV2Aainfix <=ap2iV5V39Lainfix +ap2iV5V38Iainfix <V38ainfix -ap2iV2ap2iV5Aainfix <=c0V38FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V40amixfix []apeltsV1ainfix +aoffsetV1V40Iainfix <V40ap2iV2Aainfix <=ap2iV5V40FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
fedb31fb1760bb5fe620fd6f4f90a766 assertionainfix >al2iV17al2iV16INainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V33amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V33Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V34amixfix []apeltsV1ainfix +aoffsetV1V34Iainfix <V34ap2iV2Aainfix <=ap2iV5V34Lainfix +ap2iV5V33Iainfix <V33ainfix -ap2iV2ap2iV5Aainfix <=c0V33FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V35amixfix []apeltsV1ainfix +aoffsetV1V35Iainfix <V35ap2iV2Aainfix <=ap2iV5V35FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
cd23ab83b226d0a881ec8624819d8433 preconditionainfix <=V34V33LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix >al2iV17al2iV16INainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V35amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V35Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V36amixfix []apeltsV1ainfix +aoffsetV1V36Iainfix <V36ap2iV2Aainfix <=ap2iV5V36Lainfix +ap2iV5V35Iainfix <V35ainfix -ap2iV2ap2iV5Aainfix <=c0V35FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V37amixfix []apeltsV1ainfix +aoffsetV1V37Iainfix <V37ap2iV2Aainfix <=ap2iV5V37FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
ec16cf69423d9096662be356609f5866 assertionainfix =ainfix -avalue_sub_shiftV1V12avalue_sub_shiftV0V12ainfix -ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Iainfix <=c0avalue_subapeltsV1aoffsetV1ainfix -ainfix +aoffsetV1V12c1Iainfix <avalue_subapeltsV0V34V33apoweraradixainfix -V33V34LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix >al2iV17al2iV16INainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V35amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V35Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V36amixfix []apeltsV1ainfix +aoffsetV1V36Iainfix <V36ap2iV2Aainfix <=ap2iV5V36Lainfix +ap2iV5V35Iainfix <V35ainfix -ap2iV2ap2iV5Aainfix <=c0V35FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V37amixfix []apeltsV1ainfix +aoffsetV1V37Iainfix <V37ap2iV2Aainfix <=ap2iV5V37FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
......@@ -90,13 +93,16 @@ b674e7a78fec8345f54b46ddc2838ae6 assertionainfix >apoweraradixainfix -V12c1ainfi
17a3414eb42d2f18aa1e45536791cc32 VC for compare_same_sizeainfix >=ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1apoweraradixainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV1V12avalue_sub_shiftV0V12ainfix -ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Iainfix <=c0avalue_subapeltsV1aoffsetV1ainfix -ainfix +aoffsetV1V12c1Iainfix <avalue_subapeltsV0V34V33apoweraradixainfix -V33V34LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix >al2iV17al2iV16INainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V35amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V35Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V36amixfix []apeltsV1ainfix +aoffsetV1V36Iainfix <V36ap2iV2Aainfix <=ap2iV5V36Lainfix +ap2iV5V35Iainfix <V35ainfix -ap2iV2ap2iV5Aainfix <=c0V35FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V37amixfix []apeltsV1ainfix +aoffsetV1V37Iainfix <V37ap2iV2Aainfix <=ap2iV5V37FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
8f35d88cac8fe93a75347449e536c28c VC for compare_same_sizeainfix >apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV1V12avalue_sub_shiftV0V12ainfix -ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Iainfix <=c0avalue_subapeltsV1aoffsetV1ainfix -ainfix +aoffsetV1V12c1Iainfix <avalue_subapeltsV0V34V33apoweraradixainfix -V33V34LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix >al2iV17al2iV16INainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V35amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V35Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V36amixfix []apeltsV1ainfix +aoffsetV1V36Iainfix <V36ap2iV2Aainfix <=ap2iV5V36Lainfix +ap2iV5V35Iainfix <V35ainfix -ap2iV2ap2iV5Aainfix <=c0V35FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V37amixfix []apeltsV1ainfix +aoffsetV1V37Iainfix <V37ap2iV2Aainfix <=ap2iV5V37FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
0dddce32a95c725465bf08ba369174a6 integer overflowain_boundsV35Laprefix -c1Iainfix >apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Aainfix >=ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1apoweraradixainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV1V12avalue_sub_shiftV0V12ainfix -ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Iainfix <=c0avalue_subapeltsV1aoffsetV1ainfix -ainfix +aoffsetV1V12c1Iainfix <avalue_subapeltsV0V34V33apoweraradixainfix -V33V34LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix >al2iV17al2iV16INainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V36amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V36Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V37amixfix []apeltsV1ainfix +aoffsetV1V37Iainfix <V37ap2iV2Aainfix <=ap2iV5V37Lainfix +ap2iV5V36Iainfix <V36ainfix -ap2iV2ap2iV5Aainfix <=c0V36FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V38amixfix []apeltsV1ainfix +aoffsetV1V38Iainfix <V38ap2iV2Aainfix <=ap2iV5V38FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
3bd32dbc4145fdd5556acbe5f25bd065 postconditionainfix =ap2iV37acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2Iainfix =V37V36FIainfix =ato_intV36V35FLaprefix -c1Iainfix >apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Aainfix >=ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1apoweraradixainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV1V12avalue_sub_shiftV0V12ainfix -ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Iainfix <=c0avalue_subapeltsV1aoffsetV1ainfix -ainfix +aoffsetV1V12c1Iainfix <avalue_subapeltsV0V34V33apoweraradixainfix -V33V34LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix >al2iV17al2iV16INainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V38amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V38Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V39amixfix []apeltsV1ainfix +aoffsetV1V39Iainfix <V39ap2iV2Aainfix <=ap2iV5V39Lainfix +ap2iV5V38Iainfix <V38ainfix -ap2iV2ap2iV5Aainfix <=c0V38FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V40amixfix []apeltsV1ainfix +aoffsetV1V40Iainfix <V40ap2iV2Aainfix <=ap2iV5V40FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
152114c24e0a32dd53c3b9e8ea161bb9 loop invariant preservationainfix <=ap2iV15ap2iV2Aainfix <=c0ap2iV15IfIainfix =V37V36FIainfix =ato_intV36V35FLaprefix -c1Iainfix >apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Aainfix >=ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1apoweraradixainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV1V12avalue_sub_shiftV0V12ainfix -ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Iainfix <=c0avalue_subapeltsV1aoffsetV1ainfix -ainfix +aoffsetV1V12c1Iainfix <avalue_subapeltsV0V34V33apoweraradixainfix -V33V34LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix >al2iV17al2iV16INainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V38amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V38Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V39amixfix []apeltsV1ainfix +aoffsetV1V39Iainfix <V39ap2iV2Aainfix <=ap2iV5V39Lainfix +ap2iV5V38Iainfix <V38ainfix -ap2iV2ap2iV5Aainfix <=c0V38FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V40amixfix []apeltsV1ainfix +aoffsetV1V40Iainfix <V40ap2iV2Aainfix <=ap2iV5V40FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
33b0966399b2b973de19fea4302d72a7 loop invariant preservationainfix =amixfix []apeltsV0ainfix +aoffsetV0V38amixfix []apeltsV1ainfix +aoffsetV1V38Iainfix <V38ap2iV2Aainfix <=ap2iV15V38FIfIainfix =V37V36FIainfix =ato_intV36V35FLaprefix -c1Iainfix >apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Aainfix >=ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1apoweraradixainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV1V12avalue_sub_shiftV0V12ainfix -ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Iainfix <=c0avalue_subapeltsV1aoffsetV1ainfix -ainfix +aoffsetV1V12c1Iainfix <avalue_subapeltsV0V34V33apoweraradixainfix -V33V34LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix >al2iV17al2iV16INainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V39amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V39Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V40amixfix []apeltsV1ainfix +aoffsetV1V40Iainfix <V40ap2iV2Aainfix <=ap2iV5V40Lainfix +ap2iV5V39Iainfix <V39ainfix -ap2iV2ap2iV5Aainfix <=c0V39FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V41amixfix []apeltsV1ainfix +aoffsetV1V41Iainfix <V41ap2iV2Aainfix <=ap2iV5V41FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
fb38e9efa575dff4c2d8d6c671d4fc0f loop variant decreaseainfix <ap2iV15ap2iV5Aainfix <=c0ap2iV5IfIainfix =V37V36FIainfix =ato_intV36V35FLaprefix -c1Iainfix >apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Aainfix >=ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1apoweraradixainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV1V12avalue_sub_shiftV0V12ainfix -ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Iainfix <=c0avalue_subapeltsV1aoffsetV1ainfix -ainfix +aoffsetV1V12c1Iainfix <avalue_subapeltsV0V34V33apoweraradixainfix -V33V34LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix >al2iV17al2iV16INainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V38amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V38Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V39amixfix []apeltsV1ainfix +aoffsetV1V39Iainfix <V39ap2iV2Aainfix <=ap2iV5V39Lainfix +ap2iV5V38Iainfix <V38ainfix -ap2iV2ap2iV5Aainfix <=c0V38FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V40amixfix []apeltsV1ainfix +aoffsetV1V40Iainfix <V40ap2iV2Aainfix <=ap2iV5V40FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
39c48455f8133f0b828ecfcf56f478f5 postconditionainfix =ap2iV38acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2Iainfix =V37V38FIainfix =V37V36FIainfix =ato_intV36V35FLaprefix -c1Iainfix >apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Aainfix >=ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1apoweraradixainfix -V12c1Iainfix =ainfix -avalue_sub_shiftV1V12avalue_sub_shiftV0V12ainfix -ainfix *ainfix -al2iV17al2iV16apoweraradixainfix -V12c1ainfix -avalue_sub_shiftV0ainfix -V12c1avalue_sub_shiftV1ainfix -V12c1Iainfix <=c0avalue_subapeltsV1aoffsetV1ainfix -ainfix +aoffsetV1V12c1Iainfix <avalue_subapeltsV0V34V33apoweraradixainfix -V33V34LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix >al2iV17al2iV16INainfix >ato_intV16ato_intV17Iainfix =avalue_subV32V31ainfix +V30c1ainfix +avalue_subV32V31V30ainfix *al2iagetV32V30apoweraradixainfix -V30V31LapeltsV1LaoffsetV1Lainfix -ainfix +aoffsetV1V12c1Iainfix =avalue_subV29V28ainfix +V27c1ainfix +avalue_subV29V28V27ainfix *al2iagetV29V27apoweraradixainfix -V27V28LapeltsV0LaoffsetV0Lainfix -ainfix +aoffsetV0V12c1Iainfix =acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2acompare_intavalue_sub_shiftV0V12avalue_sub_shiftV1V12Iainfix =avalue_subV26V25V23ainfix +avalue_subV26V25V24ainfix *avalue_subV26V24V23apoweraradixainfix -V24V25LapeltsV1LaoffsetV1Lainfix +aoffsetV1V12Lainfix +aoffsetV1ato_intV2Iainfix =avalue_subV22V21V19ainfix +avalue_subV22V21V20ainfix *avalue_subV22V20V19apoweraradixainfix -V20V21LapeltsV0LaoffsetV0Lainfix +aoffsetV0V12Lainfix +aoffsetV0ato_intV2Iainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V39amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V39Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V40amixfix []apeltsV1ainfix +aoffsetV1V40Iainfix <V40ap2iV2Aainfix <=ap2iV5V40Lainfix +ap2iV5V39Iainfix <V39ainfix -ap2iV2ap2iV5Aainfix <=c0V39FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V41amixfix []apeltsV1ainfix +aoffsetV1V41Iainfix <V41ap2iV2Aainfix <=ap2iV5V41FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
d9956d68dc5e2ca4f2333f8b6590bbaf loop invariant preservationainfix <=ap2iV15ap2iV2Aainfix <=c0ap2iV15INainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V19amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V19Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V20amixfix []apeltsV1ainfix +aoffsetV1V20Iainfix <V20ap2iV2Aainfix <=ap2iV5V20Lainfix +ap2iV5V19Iainfix <V19ainfix -ap2iV2ap2iV5Aainfix <=c0V19FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V21amixfix []apeltsV1ainfix +aoffsetV1V21Iainfix <V21ap2iV2Aainfix <=ap2iV5V21FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
386cc07629afc8fe2b4174ab6c6f5600 loop invariant preservationainfix =amixfix []apeltsV0ainfix +aoffsetV0V19amixfix []apeltsV1ainfix +aoffsetV1V19Iainfix <V19ap2iV2Aainfix <=ap2iV15V19FINainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V20amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V20Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V21amixfix []apeltsV1ainfix +aoffsetV1V21Iainfix <V21ap2iV2Aainfix <=ap2iV5V21Lainfix +ap2iV5V20Iainfix <V20ainfix -ap2iV2ap2iV5Aainfix <=c0V20FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V22amixfix []apeltsV1ainfix +aoffsetV1V22Iainfix <V22ap2iV2Aainfix <=ap2iV5V22FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
3a4e15bd3e63f87a7623aac26b339ba5 loop variant decreaseainfix <ap2iV15ap2iV5Aainfix <=c0ap2iV5INainfix =V18aTrueINainfix =ato_intV16ato_intV17Iainfix =V18aTrueAainfix =V18aTrueINainfix =V16V17FIainfix =V17amixfix []acontentsadataV1ainfix +aoffsetV1ato_intV15FIainfix =V16amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV15FIainfix <ap2iV15ap2iV2Aainfix <=c0ap2iV15Iainfix =V15V14FIainfix =ato_intV14ainfix -ato_intV5ato_intV13FIainfix =ato_intV13c1FLato_intV5Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1Lainfix +ato_intV5aoffsetV0Lainfix +ato_intV5aoffsetV1Lainfix -ato_intV2ato_intV5Iainfix =amixfix []apeltsV0ainfix +ainfix +ap2iV5aoffsetV0V19amixfix []apeltsV1ainfix +ainfix +ap2iV5aoffsetV1V19Aainfix =amixfix []apeltsV0ainfix +aoffsetV0V20amixfix []apeltsV1ainfix +aoffsetV1V20Iainfix <V20ap2iV2Aainfix <=ap2iV5V20Lainfix +ap2iV5V19Iainfix <V19ainfix -ap2iV2ap2iV5Aainfix <=c0V19FIainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V21amixfix []apeltsV1ainfix +aoffsetV1V21Iainfix <V21ap2iV2Aainfix <=ap2iV5V21FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
21bdad9473bdceac6b9d9c1c2b9e6a2c preconditionamap_eq_sub_shiftV11V10V9V8V7LapeltsV0LapeltsV1LaoffsetV0LaoffsetV1Lato_intV2INainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V12amixfix []apeltsV1ainfix +aoffsetV1V12Iainfix <V12ap2iV2Aainfix <=ap2iV5V12FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
a17dd04bb83796751d6acfbcd19fd0ae postconditionainfix =ap2iV3acompare_intavalue_sub_shiftV0ap2iV2avalue_sub_shiftV1ap2iV2Iainfix =avalue_subV11V9ainfix +V9V7avalue_subV10V8ainfix +V8V7LapeltsV0LapeltsV1LaoffsetV0LaoffsetV1Lato_intV2INainfix >=ato_intV5ato_intV6Iainfix =ato_intV6c1FIainfix =amixfix []apeltsV0ainfix +aoffsetV0V12amixfix []apeltsV1ainfix +aoffsetV1V12Iainfix <V12ap2iV2Aainfix <=ap2iV5V12FAainfix <=ap2iV5ap2iV2Aainfix <=c0ap2iV5FIainfix =ato_intV4c0FIainfix =ato_intV3c0FIavalid_ptr_itvV1ap2iV2Aavalid_ptr_itvV0ap2iV2F
78521a1af9351dc7adb3274b3f3da5de VC for is_zeroiainfix =avalue_sub_shiftV0ap2iV1c0qainfix =ato_intV5c1Aainfix <=ato_intV5c1Aainfix <=c0ato_intV5Iainfix =ato_intV5c1FAain_boundsc1iainfix <ap2iV9ap2iV3Aainfix <=c0ap2iV3Aainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV9ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV9ap2iV1Aainfix <=c0ap2iV9Aainfix =ainfix +c1c2c3ainfix =avalue_sub_shiftV0ap2iV1c0qainfix =ato_intV19c1Aainfix <=ato_intV19c1Aainfix <=c0ato_intV19Iainfix =ato_intV19c0FAain_boundsc0Iainfix <=c0avalue_subapeltsV0ainfix +aoffsetV0V6ainfix +aoffsetV0ato_intV1Iainfix <=ainfix *apoweraradixainfix -ainfix -V16V17c1al2iagetV18ainfix -V16c1avalue_subV18V17V16Aainfix <V17V16LapeltsV0LaoffsetV0Lainfix +aoffsetV0V6Iainfix =avalue_subV15V14V12ainfix +avalue_subV15V14V13ainfix *avalue_subV15V13V12apoweraradixainfix -V13V14Aainfix <=V13V12Aainfix <=V14V13LapeltsV0LaoffsetV0Lainfix +aoffsetV0V6Lainfix +aoffsetV0ato_intV1ainfix =V11aTrueINainfix =ato_intV10ato_intV2Iainfix =V11aTrueAainfix =V11aTrueINainfix =V10V2FIainfix =V10amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV9FAainfix <ainfix +aoffsetV0ato_intV9aplengthV0Aainfix <=c0ainfix +aoffsetV0ato_intV9Aainfix <ap2iV9ap2iV1Aainfix <=c0ap2iV9Iainfix =V9V8FIainfix =ato_intV8ainfix -ato_intV3ato_intV7FAain_boundsainfix -ato_intV3ato_intV7Iainfix =ato_intV7c1FAain_boundsc1Lato_intV3ainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FAain_boundsc1Iainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FAainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV1ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV1ap2iV1Aainfix <=c0ap2iV1Iainfix =ato_intV2c0FAain_boundsc0Iavalid_ptr_itvV0ap2iV1F
ad60ff58618a4cc9179cb8b1c2999189 VC for is_zeroiainfix =avalue_sub_shiftV0ap2iV1c0qainfix =ato_intV5c1Aainfix <=ato_intV5c1Aainfix <=c0ato_intV5Iainfix =ato_intV5c1FAain_boundsc1iainfix <ap2iV9ap2iV3Aainfix <=c0ap2iV3Aainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV9ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV9ap2iV1Aainfix <=c0ap2iV9Aainfix =ainfix +c1c2c3ainfix =avalue_sub_shiftV0ap2iV1c0qainfix =ato_intV20c1Aainfix <=ato_intV20c1Aainfix <=c0ato_intV20Iainfix =V19V20FAainfix <ap2iV9ap2iV3Aainfix <=c0ap2iV3Aainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV9ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV9ap2iV1Aainfix <=c0ap2iV9IfIainfix =ato_intV19c0FAain_boundsc0Iainfix <=c0avalue_subapeltsV0ainfix +aoffsetV0V6ainfix +aoffsetV0ato_intV1Iainfix <=ainfix *apoweraradixainfix -ainfix -V16V17c1al2iagetV18ainfix -V16c1avalue_subV18V17V16Aainfix <V17V16LapeltsV0LaoffsetV0Lainfix +aoffsetV0V6Iainfix =avalue_subV15V14V12ainfix +avalue_subV15V14V13ainfix *avalue_subV15V13V12apoweraradixainfix -V13V14Aainfix <=V13V12Aainfix <=V14V13LapeltsV0LaoffsetV0Lainfix +aoffsetV0V6Lainfix +aoffsetV0ato_intV1ainfix =V11aTrueINainfix =ato_intV10ato_intV2Iainfix =V11aTrueAainfix =V11aTrueINainfix =V10V2FIainfix =V10amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV9FAainfix <ainfix +aoffsetV0ato_intV9aplengthV0Aainfix <=c0ainfix +aoffsetV0ato_intV9Aainfix <ap2iV9ap2iV1Aainfix <=c0ap2iV9Iainfix =V9V8FIainfix =ato_intV8ainfix -ato_intV3ato_intV7FAain_boundsainfix -ato_intV3ato_intV7Iainfix =ato_intV7c1FAain_boundsc1Lato_intV3ainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FAain_boundsc1Iainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FAainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV1ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV1ap2iV1Aainfix <=c0ap2iV1Iainfix =ato_intV2c0FAain_boundsc0Iavalid_ptr_itvV0ap2iV1F
8165a33f7d709afc6e795fa9bc6671e9 integer overflowain_boundsc0Iavalid_ptr_itvV0ap2iV1F
ece28b26bf664f1b65f7e53695df0edc loop invariant initainfix <=ap2iV1ap2iV1Aainfix <=c0ap2iV1Iainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
86d9abaa7bf49633e942a8e6b3f65379 loop invariant initainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV1ainfix +aoffsetV0ap2iV1c0Iainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
......@@ -108,8 +114,11 @@ b9d8df98e9348e26ab7349e8fd057cdd assertionainfix <ap2iV8ap2iV1Aainfix <=c0ap2iV8
7143b801aee1b6dec2e03e01f2dd5144 preconditionainfix <=V12V11Aainfix <=V13V12LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Lainfix +aoffsetV0ato_intV1Iainfix =V10aTrueINainfix =ato_intV9ato_intV2Iainfix =V10aTrueAainfix =V10aTrueINainfix =V9V2FIainfix =V9amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV8FIainfix <ap2iV8ap2iV1Aainfix <=c0ap2iV8Iainfix =V8V7FIainfix =ato_intV7ainfix -ato_intV3ato_intV6FIainfix =ato_intV6c1FLato_intV3Iainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FIainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FIainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
1ae9bcca5a5297cc9689f8f2187e09eb preconditionainfix <V16V15LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Iainfix =avalue_subV14V13V11ainfix +avalue_subV14V13V12ainfix *avalue_subV14V12V11apoweraradixainfix -V12V13LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Lainfix +aoffsetV0ato_intV1Iainfix =V10aTrueINainfix =ato_intV9ato_intV2Iainfix =V10aTrueAainfix =V10aTrueINainfix =V9V2FIainfix =V9amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV8FIainfix <ap2iV8ap2iV1Aainfix <=c0ap2iV8Iainfix =V8V7FIainfix =ato_intV7ainfix -ato_intV3ato_intV6FIainfix =ato_intV6c1FLato_intV3Iainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FIainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FIainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
4e678f0e3c74bc6cb81d74b27e2a2d13 integer overflowain_boundsc0Iainfix <=c0avalue_subapeltsV0ainfix +aoffsetV0V5ainfix +aoffsetV0ato_intV1Iainfix <=ainfix *apoweraradixainfix -ainfix -V15V16c1al2iagetV17ainfix -V15c1avalue_subV17V16V15LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Iainfix =avalue_subV14V13V11ainfix +avalue_subV14V13V12ainfix *avalue_subV14V12V11apoweraradixainfix -V12V13LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Lainfix +aoffsetV0ato_intV1Iainfix =V10aTrueINainfix =ato_intV9ato_intV2Iainfix =V10aTrueAainfix =V10aTrueINainfix =V9V2FIainfix =V9amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV8FIainfix <ap2iV8ap2iV1Aainfix <=c0ap2iV8Iainfix =V8V7FIainfix =ato_intV7ainfix -ato_intV3ato_intV6FIainfix =ato_intV6c1FLato_intV3Iainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FIainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FIainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
b58d1c4b678cec2a603b143b006dd9fe postconditionainfix <=ato_intV18c1Aainfix <=c0ato_intV18Iainfix =ato_intV18c0FIainfix <=c0avalue_subapeltsV0ainfix +aoffsetV0V5ainfix +aoffsetV0ato_intV1Iainfix <=ainfix *apoweraradixainfix -ainfix -V15V16c1al2iagetV17ainfix -V15c1avalue_subV17V16V15LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Iainfix =avalue_subV14V13V11ainfix +avalue_subV14V13V12ainfix *avalue_subV14V12V11apoweraradixainfix -V12V13LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Lainfix +aoffsetV0ato_intV1Iainfix =V10aTrueINainfix =ato_intV9ato_intV2Iainfix =V10aTrueAainfix =V10aTrueINainfix =V9V2FIainfix =V9amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV8FIainfix <ap2iV8ap2iV1Aainfix <=c0ap2iV8Iainfix =V8V7FIainfix =ato_intV7ainfix -ato_intV3ato_intV6FIainfix =ato_intV6c1FLato_intV3Iainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FIainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FIainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
997383c9edb4463a1ca9ebd9fb625f51 postconditionainfix =avalue_sub_shiftV0ap2iV1c0qainfix =ato_intV18c1Iainfix =ato_intV18c0FIainfix <=c0avalue_subapeltsV0ainfix +aoffsetV0V5ainfix +aoffsetV0ato_intV1Iainfix <=ainfix *apoweraradixainfix -ainfix -V15V16c1al2iagetV17ainfix -V15c1avalue_subV17V16V15LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Iainfix =avalue_subV14V13V11ainfix +avalue_subV14V13V12ainfix *avalue_subV14V12V11apoweraradixainfix -V12V13LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Lainfix +aoffsetV0ato_intV1Iainfix =V10aTrueINainfix =ato_intV9ato_intV2Iainfix =V10aTrueAainfix =V10aTrueINainfix =V9V2FIainfix =V9amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV8FIainfix <ap2iV8ap2iV1Aainfix <=c0ap2iV8Iainfix =V8V7FIainfix =ato_intV7ainfix -ato_intV3ato_intV6FIainfix =ato_intV6c1FLato_intV3Iainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FIainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FIainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
7d4f4bf3cefa79804b0e250ff247ebdb loop invariant preservationainfix <=ap2iV8ap2iV1Aainfix <=c0ap2iV8IfIainfix =ato_intV18c0FIainfix <=c0avalue_subapeltsV0ainfix +aoffsetV0V5ainfix +aoffsetV0ato_intV1Iainfix <=ainfix *apoweraradixainfix -ainfix -V15V16c1al2iagetV17ainfix -V15c1avalue_subV17V16V15LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Iainfix =avalue_subV14V13V11ainfix +avalue_subV14V13V12ainfix *avalue_subV14V12V11apoweraradixainfix -V12V13LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Lainfix +aoffsetV0ato_intV1Iainfix =V10aTrueINainfix =ato_intV9ato_intV2Iainfix =V10aTrueAainfix =V10aTrueINainfix =V9V2FIainfix =V9amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV8FIainfix <ap2iV8ap2iV1Aainfix <=c0ap2iV8Iainfix =V8V7FIainfix =ato_intV7ainfix -ato_intV3ato_intV6FIainfix =ato_intV6c1FLato_intV3Iainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FIainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FIainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
5d35fe099d9591a72627242bc41a448a loop invariant preservationainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV8ainfix +aoffsetV0ap2iV1c0IfIainfix =ato_intV18c0FIainfix <=c0avalue_subapeltsV0ainfix +aoffsetV0V5ainfix +aoffsetV0ato_intV1Iainfix <=ainfix *apoweraradixainfix -ainfix -V15V16c1al2iagetV17ainfix -V15c1avalue_subV17V16V15LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Iainfix =avalue_subV14V13V11ainfix +avalue_subV14V13V12ainfix *avalue_subV14V12V11apoweraradixainfix -V12V13LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Lainfix +aoffsetV0ato_intV1Iainfix =V10aTrueINainfix =ato_intV9ato_intV2Iainfix =V10aTrueAainfix =V10aTrueINainfix =V9V2FIainfix =V9amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV8FIainfix <ap2iV8ap2iV1Aainfix <=c0ap2iV8Iainfix =V8V7FIainfix =ato_intV7ainfix -ato_intV3ato_intV6FIainfix =ato_intV6c1FLato_intV3Iainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FIainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FIainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
b8236cdea1f42985345fae7af9622d8f loop variant decreaseainfix <ap2iV8ap2iV3Aainfix <=c0ap2iV3IfIainfix =ato_intV18c0FIainfix <=c0avalue_subapeltsV0ainfix +aoffsetV0V5ainfix +aoffsetV0ato_intV1Iainfix <=ainfix *apoweraradixainfix -ainfix -V15V16c1al2iagetV17ainfix -V15c1avalue_subV17V16V15LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Iainfix =avalue_subV14V13V11ainfix +avalue_subV14V13V12ainfix *avalue_subV14V12V11apoweraradixainfix -V12V13LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Lainfix +aoffsetV0ato_intV1Iainfix =V10aTrueINainfix =ato_intV9ato_intV2Iainfix =V10aTrueAainfix =V10aTrueINainfix =V9V2FIainfix =V9amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV8FIainfix <ap2iV8ap2iV1Aainfix <=c0ap2iV8Iainfix =V8V7FIainfix =ato_intV7ainfix -ato_intV3ato_intV6FIainfix =ato_intV6c1FLato_intV3Iainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FIainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FIainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
c3796d9755d9479a4b4b40bc2dfce5a1 postconditionainfix <=ato_intV19c1Aainfix <=c0ato_intV19Iainfix =V18V19FIainfix =ato_intV18c0FIainfix <=c0avalue_subapeltsV0ainfix +aoffsetV0V5ainfix +aoffsetV0ato_intV1Iainfix <=ainfix *apoweraradixainfix -ainfix -V15V16c1al2iagetV17ainfix -V15c1avalue_subV17V16V15LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Iainfix =avalue_subV14V13V11ainfix +avalue_subV14V13V12ainfix *avalue_subV14V12V11apoweraradixainfix -V12V13LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Lainfix +aoffsetV0ato_intV1Iainfix =V10aTrueINainfix =ato_intV9ato_intV2Iainfix =V10aTrueAainfix =V10aTrueINainfix =V9V2FIainfix =V9amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV8FIainfix <ap2iV8ap2iV1Aainfix <=c0ap2iV8Iainfix =V8V7FIainfix =ato_intV7ainfix -ato_intV3ato_intV6FIainfix =ato_intV6c1FLato_intV3Iainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FIainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FIainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
c684ae73d897343a7c6d1a0b15272826 postconditionainfix =avalue_sub_shiftV0ap2iV1c0qainfix =ato_intV19c1Iainfix =V18V19FIainfix =ato_intV18c0FIainfix <=c0avalue_subapeltsV0ainfix +aoffsetV0V5ainfix +aoffsetV0ato_intV1Iainfix <=ainfix *apoweraradixainfix -ainfix -V15V16c1al2iagetV17ainfix -V15c1avalue_subV17V16V15LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Iainfix =avalue_subV14V13V11ainfix +avalue_subV14V13V12ainfix *avalue_subV14V12V11apoweraradixainfix -V12V13LapeltsV0LaoffsetV0Lainfix +aoffsetV0V5Lainfix +aoffsetV0ato_intV1Iainfix =V10aTrueINainfix =ato_intV9ato_intV2Iainfix =V10aTrueAainfix =V10aTrueINainfix =V9V2FIainfix =V9amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV8FIainfix <ap2iV8ap2iV1Aainfix <=c0ap2iV8Iainfix =V8V7FIainfix =ato_intV7ainfix -ato_intV3ato_intV6FIainfix =ato_intV6c1FLato_intV3Iainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FIainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FIainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
00a4c212c0cafc66df5c397d3fb1e2ae assertionainfix =ainfix +c1c2c3INainfix =V10aTrueINainfix =ato_intV9ato_intV2Iainfix =V10aTrueAainfix =V10aTrueINainfix =V9V2FIainfix =V9amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV8FIainfix <ap2iV8ap2iV1Aainfix <=c0ap2iV8Iainfix =V8V7FIainfix =ato_intV7ainfix -ato_intV3ato_intV6FIainfix =ato_intV6c1FLato_intV3Iainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FIainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FIainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
4a7c429d8e2628e2a0ffbf3275905f65 loop invariant preservationainfix <=ap2iV8ap2iV1Aainfix <=c0ap2iV8Iainfix =ainfix +c1c2c3INainfix =V10aTrueINainfix =ato_intV9ato_intV2Iainfix =V10aTrueAainfix =V10aTrueINainfix =V9V2FIainfix =V9amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV8FIainfix <ap2iV8ap2iV1Aainfix <=c0ap2iV8Iainfix =V8V7FIainfix =ato_intV7ainfix -ato_intV3ato_intV6FIainfix =ato_intV6c1FLato_intV3Iainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FIainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FIainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
a524eb6c0d94e3e5f158c573a4f67795 loop invariant preservationainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV8ainfix +aoffsetV0ap2iV1c0Iainfix =ainfix +c1c2c3INainfix =V10aTrueINainfix =ato_intV9ato_intV2Iainfix =V10aTrueAainfix =V10aTrueINainfix =V9V2FIainfix =V9amixfix []acontentsadataV0ainfix +aoffsetV0ato_intV8FIainfix <ap2iV8ap2iV1Aainfix <=c0ap2iV8Iainfix =V8V7FIainfix =ato_intV7ainfix -ato_intV3ato_intV6FIainfix =ato_intV6c1FLato_intV3Iainfix >=ato_intV3ato_intV4Iainfix =ato_intV4c1FIainfix =avalue_subapeltsV0ainfix +aoffsetV0ap2iV3ainfix +aoffsetV0ap2iV1c0Aainfix <=ap2iV3ap2iV1Aainfix <=c0ap2iV3FIainfix =ato_intV2c0FIavalid_ptr_itvV0ap2iV1F
......@@ -1239,11 +1248,15 @@ ce4d148ace55bfbcf7fa26d1b24767f1 assertionainfix <al2iV28al2iV2Aainfix <=c0al2iV
c3517e383b2beed11fecd35500586715 assertionainfix =ainfix +ainfix *al2iV18al2iV2al2iV20ainfix +al2iV1ainfix *aradixal2iV0Iainfix <al2iV20al2iV2Aainfix <=c0al2iV20INainfix >=ato_intV20ato_intV2Iainfix =ainfix +ainfix *al2iV18al2iV2al2iV20ainfix +al2iV1ainfix *aradixal2iV0Iainfix <V15aradixAainfix <=c1V15Iainfix >=V16c0INainfix >ato_intV20ato_intV10Iainfix =ainfix +ainfix *al2iV18al2iV2V16V7Aainfix =al2iV18V15Iainfix <V15aradixAainfix <=c1V15Iainfix <V16c0Iainfix =V15aradixIainfix =V15aradixAainfix =al2iV18c0Oainfix =al2iV18V15Iainfix <=V15aradixAainfix <=c1V15Iainfix >al2iV20al2iV10Iainfix <V16c0Iainfix =V21ainfix +V16aradixIainfix <V16c0Iainfix =V21V16Iainfix >=V16c0Iainfix <V16amaxainfix -aradixal2iV2V14Aainfix <=ainfix -amaxainfix -aradixal2iV2ainfix +V14c1aradixV16Iainfix <ainfix *V22V24ainfix *V22V23Lal2iV1LaradixLainfix -aradixal2iV2Iainfix =ainfix *aradixV16ainfix -ainfix +ainfix +ainfix *al2iV0V6ainfix *al2iV1ainfix -aradixal2iV2ainfix *V14al2iV2ainfix *aradixal2iV2Iainfix =V21amodV16aradixLal2iV20Iainfix =ato_intV20amodainfix -ato_intV1ato_intV19ainfix +amax_uint32c1FIainfix =ato_intV19amodainfix *ato_intV18ato_intV2ainfix +amax_uint32c1FIainfix =al2iV18amodV15aradixIainfix =V18V17FIainfix =ato_intV17amodainfix +ato_intV12ato_intV5ainfix +amax_uint32c1FIainfix =ainfix +ainfix *V15al2iV2V16V7Lainfix +ainfix -al2iV1ainfix *V15al2iV2ainfix *aradixal2iV0Lainfix +al2iV12c1Lal2iV10Iainfix =ainfix +ainfix +ainfix *al2iV3al2iV0al2iV1ainfix *aradixal2iV0ainfix +al2iV1ainfix *ainfix +aradixal2iV3al2iV0Aainfix =ainfix +ainfix +ainfix +al2iV8ainfix *aradixal2iV9al2iV1ainfix *aradixal2iV0ainfix +ainfix +ainfix *al2iV3al2iV0al2iV1ainfix *aradixal2iV0Aainfix =ainfix +al2iV10ainfix *aradixal2iV12ainfix +ainfix +ainfix +al2iV8ainfix *aradixal2iV9al2iV1ainfix *aradixal2iV0Iainfix =al2iV13c0Iainfix =ainfix +ainfix +al2iV10ainfix *aradixal2iV12ainfix *ainfix *aradixaradixal2iV13ainfix +ainfix +ainfix +al2iV8ainfix *aradixal2iV9al2iV1ainfix *aradixal2iV0Iainfix <=ato_intV13c1Aainfix <=c0ato_intV13Aainfix =ainfix +ato_intV12ainfix *ainfix +amax_uint32c1ato_intV13ainfix +ainfix +ato_intV0ato_intV9ato_intV11FIainfix <=ato_intV11c1Aainfix <=c0ato_intV11Aainfix =ainfix +ato_intV10ainfix *ainfix +amax_uint32c1ato_intV11ainfix +ainfix +ato_intV8ato_intV1ato_intV4FIainfix =ainfix +ato_intV8ainfix *ainfix +amax_uint32c1ato_intV9ainfix *ato_intV3ato_intV0FIainfix <=V6al2iV2Aainfix <=c1V6Lainfix +al2iV1ainfix *aradixal2iV0Lainfix -ainfix *aradixaradixainfix *ainfix +aradixal2iV3al2iV2Iainfix =ato_intV5c1FIainfix =ato_intV4c0FIainfix =al2iV3ainfix -adivainfix -ainfix *aradixaradixc1al2iV2aradixAainfix <al2iV0al2iV2Aainfix >=al2iV2adivaradixc2F
67f10a81fa43ccec26dfbce6e2b1a735 postconditionainfix =ainfix +ainfix *al2iV18al2iV2al2iV20ainfix +al2iV1ainfix *aradixal2iV0Iainfix =ainfix +ainfix *al2iV18al2iV2al2iV20ainfix +al2iV1ainfix *aradixal2iV0Iainfix <al2iV20al2iV2Aainfix <=c0al2iV20INainfix >=ato_intV20ato_intV2Iainfix =ainfix +ainfix *al2iV18al2iV2al2iV20ainfix +al2iV1ainfix *aradixal2iV0Iainfix <V15aradixAainfix <=c1V15Iainfix >=V16c0INainfix >ato_intV20ato_intV10Iainfix =ainfix +ainfix *al2iV18al2iV2V16V7Aainfix =al2iV18V15Iainfix <V15aradixAainfix <=c1V15Iainfix <V16c0Iainfix =V15aradixIainfix =V15aradixAainfix =al2iV18c0Oainfix =al2iV18V15Iainfix <=V15aradixAainfix <=c1V15Iainfix >al2iV20al2iV10Iainfix <V16c0Iainfix =V21ainfix +V16aradixIainfix <V16c0Iainfix =V21V16Iainfix >=V16c0Iainfix <V16amaxainfix -aradixal2iV2V14Aainfix <=ainfix -amaxainfix -aradixal2iV2ainfix +V14c1aradixV16Iainfix <ainfix *V22V24ainfix *V22V23Lal2iV1LaradixLainfix -aradixal2iV2Iainfix =ainfix *aradixV16ainfix -ainfix +ainfix +ainfix *al2iV0V6ainfix *al2iV1ainfix -aradixal2iV2ainfix *V14al2iV2ainfix *aradixal2iV2Iainfix =V21amodV16aradixLal2iV20Iainfix =ato_intV20amodainfix -ato_intV1ato_intV19ainfix +amax_uint32c1FIainfix =ato_intV19amodainfix *ato_intV18ato_intV2ainfix +amax_uint32c1FIainfix =al2iV18amodV15aradixIainfix =V18V17FIainfix =ato_intV17amodainfix +ato_intV12ato_intV5ainfix +amax_uint32c1FIainfix =ainfix +ainfix *V15al2iV2V16V7Lainfix +ainfix -al2iV1ainfix *V15al2iV2ainfix *aradixal2iV0Lainfix +al2iV12c1Lal2iV10Iainfix =ainfix +ainfix +ainfix *al2iV3al2iV0al2iV1ainfix *aradixal2iV0ainfix +al2iV1ainfix *ainfix +aradixal2iV3al2iV0Aainfix =ainfix +ainfix +ainfix +al2iV8ainfix *aradixal2iV9al2iV1ainfix *aradixal2iV0ainfix +ainfix +ainfix *al2iV3al2iV0al2iV1ainfix *aradixal2iV0Aainfix =ainfix +al2iV10ainfix *aradixal2iV12ainfix +ainfix +ainfix +al2iV8ainfix *aradixal2iV9al2iV1ainfix *aradixal2iV0Iainfix =al2iV13c0Iainfix =ainfix +ainfix +al2iV10ainfix *aradixal2iV12ainfix *ainfix *aradixaradixal2iV13ainfix +ainfix +ainfix +al2iV8ainfix *aradixal2iV9al2iV1ainfix *aradixal2iV0Iainfix <=ato_intV13c1Aainfix <=c0ato_intV13Aainfix =ainfix +ato_intV12ainfix *ainfix +amax_uint32c1ato_intV13ainfix +ainfix +ato_intV0ato_intV9ato_intV11FIainfix <=ato_intV11c1Aainfix <=c0ato_intV11Aainfix =ainfix +ato_intV10ainfix *ainfix +amax_uint32c1ato_intV11ainfix +ainfix +ato_intV8ato_intV1ato_intV4FIainfix =ainfix +ato_intV8ainfix *ainfix +amax_uint32c1ato_intV9ainfix *ato_intV3ato_intV0FIainfix <=V6al2iV2Aainfix <=c1V6Lainfix +al2iV1ainfix *aradixal2iV0Lainfix -ainfix *aradixaradixainfix *ainfix +aradixal2iV3al2iV2Iainfix =ato_intV5c1FIainfix =ato_intV4c0FIainfix =al2iV3ainfix -adivainfix -ainfix *aradixaradixc1al2iV2aradixAainfix <al2iV0al2iV2Aainfix >=al2iV2adivaradixc2F
f67145ce89f992dddc3d3e5ebfb0b351 postconditionainfix <al2iV20al2iV2Aainfix <=c0al2iV20Iainfix =ainfix +ainfix *al2iV18al2iV2al2iV20ainfix +al2iV1ainfix *aradixal2iV0Iainfix <al2iV20al2iV2Aainfix <=c0al2iV20INainfix >=ato_intV20ato_intV2Iainfix =ainfix +ainfix *al2iV18al2iV2al2iV20ainfix +al2iV1ainfix *aradixal2iV0Iainfix <V15aradixAainfix <=c1V15Iainfix >=V16c0INainfix >ato_intV20ato_intV10Iainfix =ainfix +ainfix *al2iV18al2iV2V16V7Aainfix =al2iV18V15Iainfix <V15aradixAainfix <=c1V15Iainfix <V16c0Iainfix =V15aradixIainfix =V15aradixAainfix =al2iV18c0Oainfix =al2iV18V15Iainfix <=V15aradixAainfix <=c1V15Iainfix >al2iV20al2iV10Iainfix <V16c0Iainfix =V21ainfix +V16aradixIainfix <V16c0Iainfix =V21V16Iainfix >=V16c0Iainfix <V16amaxainfix -aradixal2iV2V14Aainfix <=ainfix -amaxainfix -aradixal2iV2ainfix +V14c1aradixV16Iainfix <ainfix *V22V24ainfix *V22V23Lal2iV1LaradixLainfix -aradixal2iV2Iainfix =ainfix *aradixV16ainfix -ainfix +ainfix +ainfix *al2iV0V6ainfix *al2iV1ainfix -aradixal2iV2ainfix *V14al2iV2ainfix *aradixal2iV2Iainfix =V21amodV16aradixLal2iV20Iainfix =ato_intV20amodainfix -ato_intV1ato_intV19ainfix +amax_uint32c1FIainfix =ato_intV19amodainfix *ato_intV18ato_intV2ainfix +amax_uint32c1FIainfix =al2iV18amodV15aradixIainfix =V18V17FIainfix =ato_intV17amodainfix +ato_intV12ato_intV5ainfix +amax_uint32c1FIainfix =ainfix +ainfix *V15al2iV2V16V7Lainfix +ainfix -al2iV1ainfix *V15al2iV2ainfix *aradixal2iV0Lainfix +al2iV12c1Lal2iV10Iainfix =ainfix +ainfix +ainfix *al2iV3al2iV0al2iV1ainfix *aradixal2iV0ainfix +al2iV1ainfix *ainfix +aradixal2iV3al2iV0Aainfix =ainfix +ainfix +ainfix +al2iV8ainfix *aradixal2iV9al2iV1ainfix *aradixal2iV0ainfix +ainfix +ainfix *al2iV3al2iV0al2iV1ainfix *aradixal2iV0Aainfix =ainfix +al2iV10ainfix *aradixal2iV12ainfix +ainfix +ainfix +al2iV8ainfix *aradixal2iV9al2iV1ainfix *aradixal2iV0Iainfix =al2iV13c0Iainfix =ainfix +ainfix +al2iV10ainfix *aradixal2iV12ainfix *ainfix *aradixaradixal2iV13ainfix +ainfix +ainfix +al2iV8ainfix *aradixal2iV9al2iV1ainfix *aradixal2iV0Iainfix <=ato_intV13c1Aainfix <=c0ato_intV13Aainfix =ainfix +ato_intV12ainfix *ainfix +amax_uint32c1ato_intV13ainfix +ainfix +ato_intV0ato_intV9ato_intV11FIainfix <=ato_intV11c1Aainfix <=c0ato_intV11Aainfix =ainfix +ato_intV10ainfix *ainfix +amax_uint32c1ato_intV11ainfix +ainfix +ato_intV8ato_intV1ato_intV4FIainfix =ainfix +ato_intV8ainfix *ainfix +amax_uint32c1ato_intV9ainfix *ato_intV3ato_intV0FIainfix <=V6al2iV2Aainfix <=c1V6Lainfix +al2iV1ainfix *aradixal2iV0Lainfix -ainfix *aradixaradixainfix *ainfix +aradixal2iV3al2iV2Iainfix =ato_intV5c1FIainfix =ato_intV4c0FIainfix =al2iV3ainfix -adivainfix -ainfix *aradixaradixc1al2iV2aradixAainfix <al2iV0al2iV2Aainfix >=al2iV2adivaradixc2F
0fa0f3e179db8b06686d792748c9e1c7 VC for from_limbiainfix =avalue_sub_shiftV2c1al2iV0Oais_nullV2Aainfix =aplengthV2c1Oais_nullV2ainfix =avalue_sub_shiftV3c1al2iV0Oais_nullV3Aainfix =aplengthV3c1Oais_nullV3Iainfix =apeltsV3asetapeltsV2aoffsetV3V0Iainfix =alengthacontentsadataV3alengthacontentsadataV2Aainfix =V3amk ptradataV3aoffsetV2FAainfix <aoffsetV2aplengthV2Aainfix <=c0aoffsetV2Nais_nullV2Iainfix =aplengthV2c0qais_nullV2Iainfix =aoffsetV2c0Aainfix =aplengthV2c0Oainfix =aplengthV2ato_intV1FIainfix =ato_intV1c1FAain_boundsc1F
47b53f7ee684d3533c9fd9f70a93ced6 VC for from_limbiainfix =aoffsetV2c0Aainfix =avalue_sub_shiftV2c1al2iV0Oais_nullV2Aainfix =aplengthV2c1Oais_nullV2ainfix =aoffsetV3c0Aainfix =avalue_sub_shiftV3c1al2iV0Oais_nullV3Aainfix =aplengthV3c1Oais_nullV3Iainfix =apeltsV3asetapeltsV2aoffsetV3V0Iainfix =alengthacontentsadataV3alengthacontentsadataV2Aainfix =V3amk ptradataV3aoffsetV2FAainfix <aoffsetV2aplengthV2Aainfix <=c0aoffsetV2Nais_nullV2Iainfix =aplengthV2c0qais_nullV2Iainfix =aoffsetV2c0Aainfix =aplengthV2c0Oainfix =aplengthV2ato_intV1FIainfix =ato_intV1c1FAain_boundsc1F
46a0df4916627e33120aa826ad7ce3f4 integer overflowain_boundsc1F
b390695ee0917a345f2464047ae5228a preconditionainfix <aoffsetV2aplengthV2Aainfix <=c0aoffsetV2INais_nullV2Iainfix =aplengthV2c0qais_nullV2Iainfix =aoffsetV2c0Aainfix =aplengthV2c0Oainfix =aplengthV2ato_intV1FIainfix =ato_intV1c1FF
1b115d7cb0705db503985ec7750664e3 postconditionainfix =aplengthV3c1Oais_nullV3Iainfix =apeltsV3asetapeltsV2aoffsetV3V0Iainfix =alengthacontentsadataV3alengthacontentsadataV2Aainfix =V3amk ptradataV3aoffsetV2FINais_nullV2Iainfix =aplengthV2c0qais_nullV2Iainfix =aoffsetV2c0Aainfix =aplengthV2c0Oainfix =aplengthV2ato_intV1FIainfix =ato_intV1c1FF
7d5d5702c2c81c1f905fa204376b9d22 postconditionainfix =avalue_sub_shiftV3c1al2iV0Oais_nullV3Iainfix =apeltsV3asetapeltsV2aoffsetV3V0Iainfix =alengthacontentsadataV3alengthacontentsadataV2Aainfix =V3amk ptradataV3aoffsetV2FINais_nullV2Iainfix =aplengthV2c0qais_nullV2Iainfix =aoffsetV2c0Aainfix =aplengthV2c0Oainfix =aplengthV2ato_intV1FIainfix =ato_intV1c1FF
7ef8e8e52da4de473889a43b57a95102 postconditionainfix =aoffsetV3c0Iainfix =apeltsV3asetapeltsV2aoffsetV3V0Iainfix =alengthacontentsadataV3alengthacontentsadataV2Aainfix =V3amk ptradataV3aoffsetV2FINais_nullV2Iainfix =aplengthV2c0qais_nullV2Iainfix =aoffsetV2c0Aainfix =aplengthV2c0Oainfix =aplengthV2ato_intV1FIainfix =ato_intV1c1FF
d9591f8aa12c225b2d06fb20e1b4b98e postconditionainfix =aplengthV2c1Oais_nullV2INNais_nullV2Iainfix =aplengthV2c0qais_nullV2Iainfix =aoffsetV2c0Aainfix =aplengthV2c0Oainfix =aplengthV2ato_intV1FIainfix =ato_intV1c1FF
3c2c3d7afe1c70c474a24fb6c6e197f8 postconditionainfix =avalue_sub_shiftV2c1al2iV0Oais_nullV2INNais_nullV2Iainfix =aplengthV2c0qais_nullV2Iainfix =aoffsetV2c0Aainfix =aplengthV2c0Oainfix =aplengthV2ato_intV1FIainfix =ato_intV1c1FF
3e7de9eb05731dc56276b209caf43fc5 VC for mainain_boundsc42
e8cf5f8566b38d5e29233d9b8f04393c postconditionainfix =aoffsetV2c0INNais_nullV2Iainfix =aplengthV2c0qais_nullV2Iainfix =aoffsetV2c0Aainfix =aplengthV2c0Oainfix =aplengthV2ato_intV1FIainfix =ato_intV1c1FF
299d6ebba75a8d5ceb6d3e9a83c22895 VC for mainainfix =aoffsetV1c0Iainfix =aoffsetV1c0Aainfix =avalue_sub_shiftV1c1al2iV0Oais_nullV1Aainfix =aplengthV1c1Oais_nullV1FIainfix =ato_intV0c42FAain_boundsc42
3e7de9eb05731dc56276b209caf43fc5 integer overflowain_boundsc42
fcc53c68e9a35b2f67160e9f1ca2ee4e preconditionainfix =aoffsetV1c0Iainfix =aoffsetV1c0Aainfix =avalue_sub_shiftV1c1al2iV0Oais_nullV1Aainfix =aplengthV1c1Oais_nullV1FIainfix =ato_intV0c42F
......@@ -109,5 +109,25 @@ module C
!(result.data)[i] = !((old p).data)[i] }
ensures { plength result <> Int32.to_int sz -> p = old p }
(** break/return*)
exception Break
val break () : unit
raises { Break }
returns { _ -> false }
exception Return32 int32
val return32 (x:int32) : unit
raises { Return32 n -> x = n }
returns { _ -> false }
(** Printing *)
val print_space () : unit
val print_newline () : unit
val print_uint32 (n:uint32):unit
end
......@@ -41,7 +41,9 @@ module C = struct
| Eindex of expr * expr (* Array access *)
| Edot of expr * ident (* Field access with dot *)
| Earrow of expr * ident (* Pointer access with arrow *)
| Esyntax of string * ty * (ty array) * (expr*ty) list
| Esyntax of string * ty * (ty array) * (expr*ty) list * bool
(* template, type and type arguments of result, typed arguments,
is/is not converter*)
and constant =
| Cint of string
......@@ -75,8 +77,9 @@ module C = struct
(* [assignify id] transforms a statement that computes a value into
a statement that assigns that value to id *)
let rec assignify id = function
| Snop -> raise NotAValue
let rec assignify id s =
match s with
| Snop -> (*Format.printf "assign snop@."; Snop*) raise NotAValue (* ? *)
| Sexpr e -> Sexpr (Ebinop (Bassign, Evar id, e))
| Sblock (ds, s) -> Sblock (ds, assignify id s)
| Sseq (s1, s2) -> Sseq (s1, assignify id s2)
......@@ -101,8 +104,8 @@ module C = struct
propagate_in_expr id v e2)
| Edot (e,i) -> Edot (propagate_in_expr id v e, i)
| Earrow (e,i) -> Earrow (propagate_in_expr id v e, i)
| Esyntax (s,t,ta,l) ->
Esyntax (s,t,ta,List.map (fun (e,t) -> (propagate_in_expr id v e),t) l)
| Esyntax (s,t,ta,l,b) ->
Esyntax (s,t,ta,List.map (fun (e,t) -> (propagate_in_expr id v e),t) l,b)
| Enothing -> Enothing
| Econst c -> Econst c
| Esize_type ty -> Esize_type ty
......@@ -154,6 +157,19 @@ module C = struct
let is_empty_block s = s = Sblock([], Snop)
let block_of_expr e = [], Sexpr e
let rec is_nop = function
| Snop -> true
| Sblock ([], s) -> is_nop s
| Sseq (s1,s2) -> is_nop s1 && is_nop s2
| _ -> false
let one_stmt = function
| Snop -> true
| Sexpr _ -> true
| Sblock _ -> true
| _ -> false
end
type info = Pdriver.printer_args = private {
......@@ -165,6 +181,147 @@ type info = Pdriver.printer_args = private {
converter : Printer.syntax_map;
}
module Print = struct
open C
open Format
open Printer
open Pp
exception Unprinted of string
let c_keywords = ["auto"; "break"; "case"; "char"; "const"; "continue"; "default"; "do"; "double"; "else"; "enum"; "extern"; "float"; "for"; "goto"; "if"; "int"; "long"; "register"; "return"; "short"; "signed"; "sizeof"; "static"; "struct"; "switch"; "typedef"; "union"; "unsigned"; "void"; "volatile"; "while" ]
let () = assert (List.length c_keywords = 32)
let sanitizer = sanitizer char_to_lalpha char_to_alnumus
let printer = create_ident_printer c_keywords ~sanitizer
let print_ident fmt id = fprintf fmt "%s" (id_unique printer id)
let protect_on x s = if x then "(" ^^ s ^^ ")" else s
let rec print_ty ?(paren=false) fmt = function
| Tvoid -> fprintf fmt