Na=azoneV0anull_zoneqais_not_nullV0F
a=aapeltsV3aoffsetV3aapeltsV1a+aoffsetV1aint32'intV2Aa<aoffsetV3amaxV3Aa<=aminV3aoffsetV3Ia=awritableV3awritableV1Aa=azoneV3azoneV1Aa=amaxV3amaxV1Aa=aminV3aminV1Aa=adataV3adataV1Aa=apeltsV3apeltsV1Aa=aplengthV3aplengthV1Aa=aoffsetV3a+aoffsetV1aint32'intV2FAa<=a+aoffsetV1aint32'intV2amaxV1Aa<=aminV1a+aoffsetV1aint32'intV2Ia<a+aoffsetV1aint32'intV2amaxV1Aa<=aminV1a+aoffsetV1aint32'intV2F
VC for get_ofs
a=aapeltsV6a+aoffsetV6aint32'intV2V3Aa=apeltsV6asetapeltsV1a+aoffsetV6aint32'intV2V3Ia=apeltsV5asetapeltsV4aoffsetV5V3Ia=azoneV6azoneV1Aa=awritableV6awritableV1Aa=amaxV6amaxV1Aa=aminV6aminV1Aa=aoffsetV6aoffsetV1Aa=alengthadataV6alengthadataV1Ia=azoneV5azoneV4Aa=awritableV5awritableV4Aa=amaxV5amaxV4Aa=aminV5aminV4Aa=aoffsetV5aoffsetV4Aa=alengthadataV6alengthadataV4Aa=adataV5adataV6FAa=awritableV4aTrueAa<aoffsetV4amaxV4Aa<=aminV4aoffsetV4Ia=awritableV4awritableV1Aa=azoneV4azoneV1Aa=amaxV4amaxV1Aa=aminV4aminV1Aa=adataV4adataV1Aa=apeltsV4apeltsV1Aa=aplengthV4aplengthV1Aa=aoffsetV4a+aoffsetV1aint32'intV2FAa<=a+aoffsetV1aint32'intV2amaxV1Aa<=aminV1a+aoffsetV1aint32'intV2Ia=awritableV1aTrueAa<a+aoffsetV1aint32'intV2amaxV1Aa<=aminV1a+aoffsetV1aint32'intV2F
VC for set_ofs
avalid_ptr_shiftV1V3Ia<V3V2Aa<=c0V3FIavalidV1V2F
VC for valid_itv_to_shift
a=awritableV5aTrueAa=amaxV5auint32'intV4Aa=aminV5c0Aa=aoffsetV5c0Aa=aplengthV5auint32'intV4Iais_not_nullV5INa=azoneV5anull_zoneqais_not_nullV5Ia=awritableV5aTrueAa=amaxV5aplengthV5Aa=aminV5c0Aa=aoffsetV5c0Aa=aplengthV5auint32'intV4INa=azoneV5anull_zoneFAa<=c0auint32'intV4Ia<=c0auint32'intV4F
VC for salloc
a=awritableV4aTrueAa=amaxV4aplengthV4Aa=aminV4c0Aa=aoffsetV4c0Ia=awritableV4aTrueAa=amaxV4aplengthV4Aa=aminV4c0Aa=aoffsetV4c0F
VC for sfree
a<=c0ai
a<aiastrlenasaofs
a<=c0a+a-aic1c1
a<=c0ak
a<akc0
Na=acodeaasa+aofsakc0
loop invariant init
a<=c0aj
a<=aja-aic1
Na=acodeaasa+aofsV0c0Ia<V0ajAa<=c0V0F
a<ajaiAa<=c0ai
variant decrease
a<ajastrlenasaofsAa<=c0aj
precondition
Na=acodeaasa+aofsajc0
a<aka+ajc1
loop invariant preservation
Na=acodeaasa+aofsV0c0Ia<V0a+a-aic1c1Aa<=c0V0F
a<ajai
assertion
Na=acodeaasa+aofsV1c0Ia<V1aiAa<=c0V1F
Na=acodeaasa+aofsaic0
postcondition
a>c0a+a-aic1c1
Na=acodeaasa+aofsaic0ANa=acodeaasa+aofsV0c0Ia<V0aiAa<=c0V0F
out of loop bounds
Na=acodeaV0a+V1V2c0ANa=acodeaV0a+V1V4c0Ia<V4V2Aa<=c0V4FIa>c0a+V3c1ANa=acodeaV0a+V1V2c0ANa=acodeaV0a+V1V5c0Ia<V5V2Aa<=c0V5FINa=acodeaV0a+V1V6c0Ia<V6a+V3c1Aa<=c0V6FANa=acodeaV0a+V1V8c0Ia<V8a+V7c1Aa<=c0V8FINa=acodeaV0a+V1V7c0Aa<V7astrlenV0V1Aa<=c0V7Aa<V7V2Aa<=c0V2INa=acodeaV0a+V1V9c0Ia<V9V7Aa<=c0V9FAa<=V7V3Aa<=c0V7FANa=acodeaV0a+V1V10c0Ia<V10c0Aa<=c0V10FIa<=c0a+V3c1La-V2c1Ia<V2astrlenV0V1Aa<=c0V2F
VC for strlen_before_null
Na=acodeaV0a+V1V2c0Ia<V2astrlenV0V1Aa<=c0V2F
a<=c0astrlenasaofs
a<=astrlenasaofsai
a=acodeaasa+aofsaic0
Na=astrlenasaofsai
a=acodeaasa+aofsV3c0Aa<V3aiAa<=c0V3E
witness existence
a=acodeaasa+aofsajc0
a<=astrlenasaofsaj
a=acodeaasa+aofsastrlenasaofsc0Aa=acodeaasa+aofsV3c0Aa<V3aiAa<=c0V3EOa=astrlenasaofsai
a=acodeaasa+aofsastrlenasaofsc0
a=acodeaasa+aofsastrlenasaofsc0Ia=acodeaasa+aofsV3c0Aa<=astrlenasaofsV3F
a=acodeaasa+aofsV4c0Aa<=c0V4E
a<aiastrlenasaofsAa<=c0ai
f
unreachable point
Na<aiastrlenasaofs
a=acodeaV3a+V4astrlenV3V4c0Ia=acodeaV3a+V4astrlenV3V4c0ANa<V5astrlenV3V4Aia=acodeaV3a+V4V5c0Aa<=astrlenV3V4V5fINa=acodeaV3a+V4V5c0Aa<V5astrlenV3V4Aa<=c0V5a<V5astrlenV3V4Ia=acodeaV3a+V4V5c0Aa<=c0V5FAa=acodeaV3a+V4V6c0Aa<=c0V6EIa=acodeaV3a+V4astrlenV3V4c0Ia=acodeaV3a+V4V7c0Aa<=astrlenV3V4V7FAa=acodeaV3a+V4astrlenV3V4c0Ia=acodeaV3a+V4astrlenV3V4c0Aa=acodeaV3a+V4V9c0Aa<V9V8Aa<=c0V9EOa=astrlenV3V4V8Aa=acodeaV3a+V4V10c0Aa<=astrlenV3V4V10Aa<V10V8Aa<=c0V8Ia=acodeaV3a+V4V10c0Aa<V10V8Aa<=c0V10FAa=acodeaV3a+V4V11c0Aa<V11V8Aa<=c0V11EINa=astrlenV3V4V8Ia=acodeaV3a+V4V8c0Aa<=astrlenV3V4V8FIa<=c0astrlenV3V4F
VC for strlen_at_null
a=acodeaV3a+V4astrlenV3V4c0Ia<=c0astrlenV3V4F
a<V7astrlenV5V6INa=acodeaV5a+V6V7c0Ia<V7astrlenV5V6Aa<=c0V7F
empty_shape
a=V10astrlenV8V9Ia=acodeaV8a+V9V10c0Ia<V10astrlenV8V9Aa<=c0V10F
a<=astrlenV11V12V13Aa<=c0astrlenV11V12Aa=astrlenV11V12V13Ia>c0a+V14c1Aa<=astrlenV11V12V13Aa<=c0astrlenV11V12Aa=astrlenV11V12V13INa=acodeaV11a+V12V15c0Ia<V15a+V14c1Aa<=c0V15FAiNa=acodeaV11a+V12V17c0Ia<V17a+V16c1Aa<=c0V17Fa<=astrlenV11V12V13Aa<=c0astrlenV11V12Aa<=V16V13Aa=astrlenV11V12V16Aa<=c0astrlenV11V12a=aV11a+V12V16azero_charINa=acodeaV11a+V12V18c0Ia<V18V16Aa<=c0V18FAa<=V16V14Aa<=c0V16FANa=acodeaV11a+V12V19c0Ia<V19c0Aa<=c0V19FIa<=c0a+V14c1La-V13c1INa>astrlenV11V12V13AfINa=acodeaV11a+V12V13c0Aa<V13astrlenV11V12Aa<=c0V13Ia>astrlenV11V12V13Ia=acodeaV11a+V12V13c0Aa<=c0V13F
VC for strlen_sup
ain_boundsaschar'intV0F
a=V1V2Ia=aschar'intV1aschar'intV2F
ain_boundsauchar'intV0F
a=V1V2Ia=auchar'intV1auchar'intV2F
a=auchar'intazero_unsignedc0
a=aradixa+auchar'maxIntc1

b5185d155c47bf39a3cc2d9924639461 2H1H0
4107994eae3eb80d1a76eb6e5a19a750 4H3H0
a7b90891f1becc7e7eaa5107307cbb40 6H5H0
fb087389593c9e7ca9d71ae01ac7b3cc 8H7H5H0
690e6febf6461bdee115a66c220eeaec 10H9H5H0
475058d12493218ab767f757efb8c9eb 38H37
81aaf3cc4a5e99bd702e1e74329c9515 17H16H15H14H13H12H11
eb4344606ae7085f6f67c006dc623b15 22H21H20H19H18H13H12H11
03f8db3ab1151fddd9309e4d0364fafb 24H23H20H19H18H13H12H11
678d1c7ba6d6211fac7e16e33b2ec74b 27H16H26H14H25H20H19H18H13H12H11
1c36ba29d15e00bf3264b61d67414af4 30H25H29H18H28H13H12H11
c6dbfb182180e28305529727ad00726e 33H32H31H28H13H12H11
98987dac20e3070d1d696c18eb03ed30 36H35H34H12H11
1fa1da3b579fda819ead1f2dbd04502b 57H56H39
7825452c809fef416127c3ddde54fd92 45H44H43H42H41H40H39
4bef10857fcd1bd58e87e6d273122c23 22H21H46H29H18H43H42H41H40H39
d6fce8b20103fcd98f822abd6d03717b 24H47H46H29H18H43H42H41H40H39
263bc11540932cfbc7e6fa7c8de67dee 24H46H47H46H29H18H43H42H41H40H39
5797640bdad7e83c49b87b16ab6d56b6 33H49H48H42H41H40H39
c2929596a5c2b30ec7cf8860ed2ff1f9 45H51H50H40H39
5a2f0bdadee980e8250ebad2650b4126 24H52H12H42H11H50H40H39
9e81f6c1367e9ca8a3b1dae79ef304bf 54H53H32H12H42H11H50H40H39
6755e161e75309f9b14ac6906f86f23a 24H41H55H42H11H50H40H39
1d7aa3e0d5e7ba9903a3d2424eb2c52f 24H42H41H55H42H11H50H40H39
e72126ba38b5ca8d932219d2c1d566a0 33H49H49H55H42H11H50H40H39
132662c6a5e59f774f9a99b3e2328b33 60H59H58H39
0df1f528e94ff923cbd4c9824a447240 60H61H59H58H39
94551d0c2a7d71233ecc945d145d3062 63H62H61H59H58H39
c5b300e95510400793da2e4bf3ce3af3 60H64
f430d64aa5e2c5e681eab38bf518a289 60H65H64
b53f4194e764d4d5887809ee0c0238ef 60H66
70c08f317cbd760caa815c8840a64902 60H67H66
2e115dde1b573c89fb18944fa8495dfd 60H68H67H66
94a1d73f2db73e1b34332388f54a8cf2 60H69H68H67H66
