0
1
10
100
11
12
13
14
15
16
17
18
19
2
21
22
23
24
25
255
26
27
28
29
3
30
31
3145728
32
4
4198400
4198401
4198402
4198404
4198409
4198410
4198415
4198416
4198418
4198423
4198425
4198426
4198428
4198430
4198431
4198432
4198433
4198434
4198435
4198436
4198440
4198441
4198442
4198443
4198444
4198448
4198452
4198456
4198460
4198464
4198468
4198472
4198476
4198480
4198484
4198488
4198492
4198496
4198500
4198504
4198508
4198512
4198516
4198520
4198524
4198528
4198532
4198536
4198540
4198544
4198548
4198552
4198556
4198560
4198564
4198568
4198572
4198576
4198580
4198584
4198588
4198592
4198596
4198600
4198604
4198608
4198612
4198616
4198620
4198624
4198628
4198632
4198636
4198640
4198644
4198648
4198652
4198656
4198660
4198664
4198668
4198672
4198676
4198680
4198684
4198688
4198692
4198696
4198700
4198704
4198708
4198712
4198716
4198720
4198724
4198728
4198732
4198736
4198740
4198744
4198748
4198752
4198756
4198760
4198764
4198768
4198772
4198776
4198780
4198784
4198788
4198792
4198796
4198800
4198804
4198808
4198812
4198816
4198820
4198824
4198828
4198832
4198836
4198840
4198844
4198848
4198852
4198856
4198860
4198864
4198868
4198872
4198876
4198880
4198884
4198888
4198892
4198896
4198900
4198904
4198908
5
5050
6
7
8
9
=
ADD
ADD?
AF
AF?
Allow
CALL
CALL?
CC
CF
CF?
CMP
CMP?
Conversion
Declarations
EAX
EAX?
EBP
EBP?
EBX
EBX?
ECX
ECX?
EDI
EDI?
EDX
EDX?
EIP
EIP?
ENTER
ENTER?
ESI
ESI?
ESP
ESP?
Equal
Equal?
EqualCC
EqualCC?
EqualCC_1
EqualCC_2
Equal_1
Equal_2
Equality
ErrorState
Extension
False
False?
Function
Functions
GE
GE?
GE_1
GE_2
GT
GT?
GT_1
GT_2
Harness
I
INT16
INT32
INT32Pair
INT32PairEqual
INT8
I_OneOp_1
I_OneOp_2
I_OneOp_3
I_OneOp_4
I_OneOp_4_Immediate_1
I_OneOp_4_Indirect32_1
I_OneOp_4_Indirect32_2
I_OneOp_4_Indirect32_3
I_OneOp_4_Indirect32_4
I_OneOp_4_RegDirect_1
I_Ret_1
I_Ret_2
I_Ret_3
I_TwoOp_1
I_TwoOp_2
I_TwoOp_3
I_TwoOp_4
I_TwoOp_4_Immediate_1
I_TwoOp_4_Indirect32_1
I_TwoOp_4_Indirect32_2
I_TwoOp_4_Indirect32_3
I_TwoOp_4_Indirect32_4
I_TwoOp_4_RegDirect_1
I_TwoOp_5
I_TwoOp_5_Immediate_1
I_TwoOp_5_Indirect32_1
I_TwoOp_5_Indirect32_2
I_TwoOp_5_Indirect32_3
I_TwoOp_5_Indirect32_4
I_TwoOp_5_RegDirect_1
I_ZeroOp_1
I_ZeroOp_2
I_ZeroOp_3
Immediate
Immediate?
Immediate_1
Indirect32
Indirect32?
Indirect32_1
Indirect32_2
Indirect32_3
Indirect32_4
Int16To32SE
Int16To32ZE
Int16To8
Int32Pair
Int32Pair?
Int32Pair_1
Int32Pair_2
Int32To16
Int32To8
Int8To16SE
Int8To16ZE
Int8To32SE
Int8To32ZE
JB
JB?
JMP
JMP?
JZ
JZ?
LE
LE?
LEA
LEA?
LEAVE
LEAVE?
LE_1
LE_2
LT
LT?
LT_1
LT_2
MOV
MOV?
MemAccumulate_32_8_LE_32
MemUpdate_32_8_LE_32
Mem_32_8_LE_32
NotEqual
NotEqual?
NotEqualCC
NotEqualCC?
NotEqualCC_1
NotEqualCC_2
NotEqual_1
NotEqual_2
NullReg
NullReg?
OF
OF?
OneOp
OneOp?
OneOp_1
OneOp_2
OneOp_3
OneOp_4
Op
Op_Immediate_1
Op_Indirect32_1
Op_Indirect32_2
Op_Indirect32_3
Op_Indirect32_4
Op_RegDirect_1
PF
PF?
POP
POP?
PUSH
PUSH?
Pop
Push
RegDirect
RegDirect?
RegDirect_1
Required
Ret
Ret?
Ret_1
Ret_2
Ret_3
S
S0
S1
S10
S100
S101
S102
S103
S104
S105
S106
S107
S108
S109
S11
S110
S111
S112
S113
S114
S115
S116
S117
S118
S119
S12
S120
S121
S122
S123
S124
S125
S126
S127
S128
S129
S13
S130
S131
S132
S133
S134
S135
S136
S137
S138
S139
S14
S140
S141
S142
S143
S144
S145
S146
S147
S148
S149
S15
S150
S151
S152
S153
S154
S155
S156
S157
S158
S159
S16
S160
S161
S162
S163
S164
S165
S166
S167
S168
S169
S17
S170
S171
S172
S173
S174
S175
S176
S177
S178
S179
S18
S180
S181
S182
S183
S184
S185
S186
S187
S188
S189
S19
S190
S191
S192
S193
S194
S195
S196
S197
S198
S199
S2
S20
S200
S201
S202
S203
S204
S205
S206
S207
S208
S209
S21
S210
S211
S212
S213
S214
S215
S216
S217
S218
S219
S22
S220
S221
S222
S223
S224
S225
S226
S227
S228
S229
S23
S230
S231
S232
S233
S234
S235
S236
S237
S238
S239
S24
S240
S241
S242
S243
S244
S245
S246
S247
S248
S249
S25
S250
S251
S252
S253
S254
S255
S256
S257
S258
S259
S26
S260
S261
S262
S263
S264
S265
S266
S267
S268
S269
S27
S270
S271
S272
S273
S274
S275
S276
S277
S278
S279
S28
S280
S281
S282
S283
S284
S285
S286
S287
S288
S289
S29
S290
S291
S292
S293
S294
S295
S296
S297
S298
S299
S3
S30
S300
S301
S302
S303
S304
S305
S306
S307
S308
S309
S31
S310
S311
S312
S313
S314
S315
S316
S317
S318
S319
S32
S320
S321
S322
S323
S324
S325
S326
S327
S328
S329
S33
S330
S331
S332
S333
S334
S335
S336
S337
S338
S339
S34
S340
S341
S342
S343
S344
S345
S346
S347
S348
S349
S35
S350
S351
S352
S353
S354
S355
S356
S357
S358
S359
S36
S360
S361
S362
S363
S364
S365
S366
S367
S368
S369
S37
S370
S371
S372
S373
S374
S375
S376
S377
S378
S379
S38
S380
S381
S382
S383
S384
S385
S386
S387
S388
S389
S39
S390
S391
S392
S393
S394
S395
S396
S397
S398
S399
S4
S40
S400
S401
S402
S403
S404
S405
S406
S407
S408
S409
S41
S410
S411
S412
S413
S414
S415
S416
S417
S418
S419
S42
S420
S421
S422
S423
S424
S425
S426
S427
S428
S429
S43
S430
S431
S432
S433
S434
S435
S436
S437
S438
S439
S44
S440
S441
S442
S443
S444
S445
S446
S447
S448
S449
S45
S450
S451
S452
S453
S454
S455
S456
S457
S458
S459
S46
S460
S461
S462
S463
S464
S465
S466
S467
S468
S469
S47
S470
S471
S472
S473
S474
S475
S476
S477
S478
S479
S48
S480
S481
S482
S483
S484
S485
S486
S487
S488
S489
S49
S490
S491
S492
S493
S494
S495
S496
S497
S498
S499
S5
S50
S500
S501
S502
S503
S504
S505
S506
S507
S508
S509
S51
S510
S511
S512
S513
S514
S515
S516
S517
S518
S519
S52
S520
S521
S522
S523
S524
S525
S526
S527
S528
S529
S53
S530
S531
S532
S533
S534
S535
S536
S537
S538
S539
S54
S540
S541
S542
S543
S544
S545
S546
S547
S548
S549
S55
S550
S551
S552
S553
S554
S555
S556
S557
S558
S559
S56
S560
S561
S562
S563
S564
S565
S566
S567
S568
S569
S57
S570
S571
S572
S573
S574
S575
S576
S577
S578
S579
S58
S580
S581
S582
S583
S584
S585
S586
S587
S588
S589
S59
S590
S591
S592
S593
S594
S595
S596
S597
S598
S599
S6
S60
S600
S601
S602
S603
S604
S605
S606
S607
S608
S609
S61
S610
S611
S612
S613
S614
S615
S616
S617
S618
S619
S62
S620
S621
S622
S623
S624
S625
S626
S627
S628
S629
S63
S630
S631
S632
S633
S634
S635
S636
S637
S638
S639
S64
S640
S641
S642
S643
S644
S645
S646
S647
S648
S649
S65
S650
S651
S652
S653
S654
S655
S656
S657
S658
S659
S66
S660
S661
S662
S663
S664
S665
S666
S667
S668
S669
S67
S670
S671
S672
S673
S674
S675
S676
S677
S678
S679
S68
S680
S681
S682
S683
S684
S685
S686
S687
S688
S689
S69
S690
S691
S692
S693
S694
S695
S696
S697
S698
S699
S7
S70
S700
S701
S702
S703
S704
S705
S706
S706
S707
S71
S72
S73
S74
S75
S76
S77
S78
S79
S8
S80
S81
S82
S83
S84
S85
S86
S87
S88
S89
S9
S90
S91
S92
S93
S94
S95
S96
S97
S98
S99
SF
SF?
SS
SUB
S_State_1
S_State_2
S_State_3
Sign-extension
State
State_1
State_2
State_3
TEST
TEST?
TSL
Top
True
True?
TwoOp
TwoOp?
TwoOp_1
TwoOp_2
TwoOp_3
TwoOp_4
Type
XOR
XOR?
Yices
ZF
ZF?
Zero-extension
ZeroOp
ZeroOp?
ZeroOp_1
ZeroOp_2
ZeroOp_3
a
accumulateState
addr
adjust
and
ans
argument
argument.
assert
b
be
bitvector
bool
bv-add
bv-and
bv-concat
bv-extract
bv-ge
bv-gt
bv-gt
bv-le
bv-lt
bv-lt
bv-mul
bv-neg
bv-not
bv-shift-left0
bv-shift-left0-ext
bv-shift-left0-extv
bv-shift-right0
bv-shift-right0-ext
bv-shift-right0-extv
bv-sign-extend
bv-sub
bv-xor
c
c1
c2
c_EqualCC_1
c_EqualCC_2
c_Equal_1
c_Equal_2
c_GE_1
c_GE_2
c_GT_1
c_GT_2
c_LE_1
c_LE_2
c_LT_1
c_LT_2
c_NotEqualCC_1
c_NotEqualCC_2
c_NotEqual_1
c_NotEqual_2
cc
ccEqual
check
cond
condEqual
consistentEIP
constant
conversion
conversions
curEIP
datatype
define
define-type
dest
dstAddr
dstOperand
dstOperand_Immediate_1
dstOperand_Indirect32_1
dstOperand_Indirect32_2
dstOperand_Indirect32_3
dstOperand_Indirect32_4
dstOperand_RegDirect_1
dstVal
ea707
ea707\n
ebpValue
echo
eip706
equal
esp0
esp706
expression
false
flags_for_add
flags_for_and
flags_for_subtract
flags_for_xor
flags_n_add
flags_n_subtract
flags_n_xor
for
formulas
frameTemp
functions
happen,
if
instruction
instructionEqual
integer.
interpCond
interpInstr
interpOp
k
lambda
let
m
m1
m2
m3
m4
mem
mk-bv
n
non
not
ntz
ntzHelper
of
oneOpInstr
oneOpInstrEqual
op
operand
operandEqual
or
out
output
parity
range
reg
regEqual
regs
routines
second
set-evidence!
should
sign
signedOverflowAdd
signedOverflowSub
specs
src
srcVal
state
subrange
tempEIP
the
to
translation
true
twoOpInstr
twoOpInstrEqual
type
types
unsignedOverflowAdd
unsignedOverflowSub
update
updateCC
updateEIP
updateState
v
v1
v1_Int32Pair_1
v1_Int32Pair_2
v2
v2_Int32Pair_1
v2_Int32Pair_2
v3
v3_Int32Pair_1
v3_Int32Pair_2
v4
v4_Int32Pair_1
v4_Int32Pair_2
v5
v5_Int32Pair_1
v5_Int32Pair_2
x
x1
x2
y
yices
zero
zeroOpInstr
zeroOpInstrEqual