From bcec32b59db403ef6d504e6afbaad70e25719198 Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Mon, 14 Oct 2024 01:17:19 -0500 Subject: [PATCH 01/20] Experimental method to aggregate state effects --- Tactics.lean | 1 + Tactics/ArmConstr.lean | 392 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 393 insertions(+) create mode 100644 Tactics/ArmConstr.lean diff --git a/Tactics.lean b/Tactics.lean index b0107828..597da55c 100644 --- a/Tactics.lean +++ b/Tactics.lean @@ -10,3 +10,4 @@ import «Tactics».StepThms import «Tactics».Rename import «Tactics».Name import «Tactics».ClearNamed +import «Tactics».ArmConstr diff --git a/Tactics/ArmConstr.lean b/Tactics/ArmConstr.lean new file mode 100644 index 00000000..2bdd0310 --- /dev/null +++ b/Tactics/ArmConstr.lean @@ -0,0 +1,392 @@ +/- +Copyright (c) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. +Released under Apache 2.0 license as described in the file LICENSE. +Author(s): Shilpi Goel +-/ + +/- +Experimental method to aggregate state effects using reflection. This is +inspired by `simp_arith`, especially the following files: + +`[lean] Init/Data/Nat/Linear.lean` +`[lean] Meta/Tactic/LinearAith/Nat/Basic.lean` +`[lean] Meta/Tactic/LinearAith/Nat/Simp.lean` +-/ + +import Arm.Exec + +namespace ArmConstr + +/- We use `Nat`s to refer to all the state variables in our context. -/ +abbrev StateVar := Nat + +/-- A `GPRVal` can either be a variable or a read from the previous state. + + This is very barebones right now -- for instance, we'd need to support + `BitVec` operators here. +-/ +inductive GPRVal where + | var (i : Nat) + | r_gpr (i : BitVec 5) + deriving DecidableEq, Repr, Inhabited + +abbrev StateContext := List ArmState +abbrev GPRValContext := List (BitVec 64) + +/-- +Context containing all the variables encountered in the problem. The +position of a variable in the context becomes variable name (see, e.g., +`StateVar`, which is a `Nat`). +-/ +structure Context where + state : StateContext + gpr : GPRValContext + deriving Repr, Inhabited + +/-- +Look up variable `v` in the `StateContext`. +-/ +def StateVar.denote (ctx : StateContext) (v : StateVar) : ArmState := + match ctx, v with + | [], _ => ArmState.default + | s :: _, 0 => s + | _ :: ss, i + 1 => denote ss i + +/-- +Denote `GPRVal v`. + +If `v` is a variable then look it up in the `GPRValContext`. Else if `v` is +`r_gpr i`, then look up the `i`th register in `prev_s`. +-/ +def GPRVal.denote (ctx : GPRValContext) (v : GPRVal) (prev_s : ArmState) + : BitVec 64 := + match v with + | var i => go_var ctx i + | r_gpr i => r (.GPR i) prev_s + where go_var (ctx : GPRValContext) (v : Nat) : BitVec 64 := + match ctx, v with + | [], _ => 0#64 + | v0 :: _, 0 => v0 + | _ :: vs, i + 1 => go_var vs i + +/-- +Datastructure that characterizes all the updates that can be made to an +`ArmState`. +-/ +inductive Update where + -- `i` is a constant. + | w_gpr (i : BitVec 5) (v : GPRVal) + -- TODO: Other state components. + deriving DecidableEq, Repr, Inhabited + +/-- +Do updates `x` and `y` refer to the same state component? +-/ +def Update.regEq (x y : Update) : Bool := + match x, y with + | w_gpr i _, w_gpr j _ => i == j + +/-- +Is the register index of update `x` less than that of `y`? +-/ +def Update.regIndexLt (x y : Update) : Bool := + match x, y with + | w_gpr i _, w_gpr j _ => i < j + +/-- +Datastructure to represent expressions characterizing the following state +update. Note that we ensure, by construction, that the `writes` are sorted by +the state components. +``` +curr_state = writes[prev_state] +``` +-/ +structure Expr where + curr_state : StateVar + prev_state : StateVar + writes : List Update -- Sorted by the state components. +deriving DecidableEq, Repr, Inhabited + +/-- +Map updates `us` to state `prev_state` to an `ArmState`. +-/ +def Expr.writes.denote (ctx : Context) (us : List Update) (prev_state : StateVar) + : ArmState := + match us with + | [] => StateVar.denote ctx.state prev_state + | Update.w_gpr i v :: rest => + w (.GPR i) + (GPRVal.denote ctx.gpr v (StateVar.denote ctx.state prev_state)) + (Expr.writes.denote ctx rest prev_state) + +/-- +Denote an `Expr e` to a `Prop` corresponding to `curr_state = writes[prev_state]`. +-/ +def Expr.denote (ctx : Context) (e : Expr) : Prop := + StateVar.denote ctx.state e.curr_state = + Expr.writes.denote ctx e.writes e.prev_state + +/-- +Return a `Prop` corresponding to `e1 = e2`. +-/ +def Expr.denote_eq (ctx : Context) (e1 e2 : Expr) : Prop := + StateVar.denote ctx.state e1.prev_state = StateVar.denote ctx.state e2.prev_state ∧ + StateVar.denote ctx.state e1.curr_state = StateVar.denote ctx.state e2.curr_state ∧ + Expr.denote ctx e1 ∧ + Expr.denote ctx e2 + +abbrev Exprs := List Expr + +/-- +Denote each expression in `es` using `Expr.denote`. +-/ +def Exprs.denote (ctx : Context) (es : Exprs) : Prop := + match es with + | [] => True + | u :: rest => Expr.denote ctx u ∧ Exprs.denote ctx rest + +def Expr.default : Expr := + { prev_state := 0, curr_state := 0, writes := [] } + +def Update.insertSorted (es : List Update) (u : Update) : List Update := + match es with + | [] => [u] + | e :: rest => + if u.regIndexLt e then + -- `u` does not appear in `es` (given that `es` is sorted), so we retain + -- this update. + u :: es + else if u.regEq e then + -- We overwrite `e` with `x`. + u :: rest + else + e :: (insertSorted rest u) + +/-- +Resolve any reads in `u` by looking it up in `es`. +-/ +def Update.resolveRead (es : List Update) (u : Update) : Update := + match u with + | .w_gpr _ (.var _) => u + | .w_gpr i (.r_gpr gpr_idx) => + let ans := go gpr_idx es + .w_gpr i ans + where go (gpr_idx : BitVec 5) (es : List Update) : GPRVal := + match es with + | [] => .r_gpr gpr_idx + | (.w_gpr i v) :: rest => + if i == gpr_idx then v else go gpr_idx rest + +/-- +Resolve any reads in +-/ +def Update.resolveReads (es us : List Update) : List Update := + match us with + | [] => [] + | u :: rest => + (Update.resolveRead es u) :: resolveReads es rest + +/-- +Aggregate `e` and `u`, assuming `u` follows `e`. +-/ +def Expr.aggregate1 (e u : Expr) : Expr := + if e.curr_state == u.prev_state then + let u_resolved_writes := Update.resolveReads e.writes u.writes + { prev_state := e.prev_state, + curr_state := u.curr_state, + writes := go e.writes u_resolved_writes } + else + -- We cannot aggregate two non-consecutive states, so we return the original + -- StateUpdate here. + -- TODO: We should probably throw an error here. + e + where go (es us : List Update) : List Update := + match es, us with + | [], us => us + | es, [] => es + | es, u :: rest_us => + go (Update.insertSorted es u) rest_us + +/-- +info: { curr_state := 2, + prev_state := 0, + writes := [ArmConstr.Update.w_gpr 0x00#5 (ArmConstr.GPRVal.var 1), + ArmConstr.Update.w_gpr 0x01#5 (ArmConstr.GPRVal.var 1), + ArmConstr.Update.w_gpr 0x02#5 (ArmConstr.GPRVal.var 3)] } +-/ +#guard_msgs in +open Expr Update in +#eval Expr.aggregate1 + { prev_state := 0, + curr_state := 1, + writes := [w_gpr 0#5 (.var 1), w_gpr 1#5 (.var 3)] } + { prev_state := 1, + curr_state := 2, + writes := [w_gpr 1#5 (.var 1), w_gpr 2#5 (.r_gpr 1)] } + +/-- +Aggregate `es` onto `init`. +Earlier updates appear first in `es`, and of course, `es` follows `init`. +-/ +def Expr.aggregate (init : Expr) (es : Exprs) : Expr := + match es with + | [] => init + | e :: rest => aggregate (aggregate1 init e) rest + +open Expr Update in +/-- +info: { curr_state := 2, + prev_state := 0, + writes := [ArmConstr.Update.w_gpr 0x01#5 (ArmConstr.GPRVal.var 1), + ArmConstr.Update.w_gpr 0x02#5 (ArmConstr.GPRVal.var 2), + ArmConstr.Update.w_gpr 0x03#5 (ArmConstr.GPRVal.var 3)] } +-/ +#guard_msgs in +#eval Expr.aggregate + Expr.default + [ + { prev_state := 0, + curr_state := 1, + writes := [w_gpr 1#5 (.var 1), + w_gpr 3#5 (.var 3)] }, + { prev_state := 1, + curr_state := 2, + writes := [w_gpr 1#5 (.var 1), + w_gpr 2#5 (.var 2)] } + ] + +/-- Does aggregating `updates` yield `final`? -/ +def Expr.isAggregated (init : Expr) (updates : Exprs) (final : Expr) : Bool := + final == aggregate init updates + +theorem Expr.eq_true_of_isValid (ctx : Context) (init final : Expr) (updates : Exprs) : + (Expr.isAggregated init updates final) → + Expr.denote ctx init ∧ Exprs.denote ctx updates → (Expr.denote ctx final) := by + sorry + +------------------------------------------------------------------------------- + +-- Tests + +#time +open Expr Update in +theorem completely_shadowed_updates + (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s0)) + (h_s2 : s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s1)) : + /- + (NOTE) Replacing the RHS with `xxxx` gives the following type mismatch, which + can help in doing ACL2-style wormhole abstraction. + + type mismatch + this (Eq.refl s0) h_s1 h_s2 + has type + denote { state := [s0, s1, s2], gpr := [x0, x1] } + { prev_state := 0, curr_state := 2, writes := [w_gpr (0#5) 0, w_gpr (1#5) 1] } : Prop + but is expected to have type + s2 = xxxx : Prop + -/ + s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s0) := by + have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], + gpr := [x0, x1] } + -- init + { prev_state := 0, curr_state := 0, writes := []} + -- final + { prev_state := 0, curr_state := 2, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] } + -- updates + [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, + { prev_state := 1, curr_state := 2, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] } ] + (Eq.refl true)) + simp only [Exprs.denote, and_true, and_imp] at this + exact this (Eq.refl s0) h_s1 h_s2 + done + +open Expr Update in +theorem partially_shadowed_and_new_updates + (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) + /- + (NOTE) if any instructions updates are not sorted, as is the case in `h_s2` + below, then we run into a problem because the writes in `Expr` are sorted. + `(h_s2 : s2 = w (.GPR 3#5) x3 (w (.GPR 1#5) x1 s1))` + `{ prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 2, w_gpr 3#5 3] }` + This means that + `exact this (Eq.refl s0) h_s1 h_s2` + will result in a type mismatch. + + Therefore, for convenience, we ought to enforce that instruction updates like + `h_s2` are sorted in the preprocessing step. + -/ + (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) x3 s1)) : + s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) x3 s0)) := by + have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], + gpr := [x0, old_x1, x1, x3] } + -- init + { prev_state := 0, curr_state := 0, writes := []} + -- final + { prev_state := 0, curr_state := 2, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 2), w_gpr 3#5 (.var 3)] } + -- updates + [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, + { prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.var 3)] } ] + (Eq.refl true)) + simp only [Exprs.denote, and_true, and_imp] at this + exact this (Eq.refl s0) h_s1 h_s2 + done + +/-- +info: true +-/ +#guard_msgs in +#eval + Expr.isAggregated + -- init + { curr_state := 0, prev_state := 0, writes := [] } + -- updates + [{ curr_state := 1, prev_state := 0, writes := [.w_gpr (0#5) (GPRVal.var 0), .w_gpr (1#5) (GPRVal.var 1)] }, + { curr_state := 2, prev_state := 1, writes := [.w_gpr (1#5) (GPRVal.var 2), .w_gpr (3#5) (GPRVal.r_gpr 1)] }] + { curr_state := 2, prev_state := 0, + writes := [.w_gpr (0#5) (GPRVal.var 0), .w_gpr (1#5) (GPRVal.var 2), .w_gpr (3#5) (GPRVal.var 1)] } + +#time +open Expr Update in +theorem read_from_prev_update_test1 + (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) + (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 1#5) s1) s1)) : + s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) old_x1 s0)) := by + have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], + gpr := [x0, old_x1, x1] } + -- init + { prev_state := 0, curr_state := 0, writes := []} + -- final + { prev_state := 0, curr_state := 2, + writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 2), w_gpr 3#5 (.var 1)] } + -- updates + [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, + { prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.r_gpr 1)] } ] + (Eq.refl true)) + simp only [Exprs.denote, and_true, and_imp] at this + exact this (Eq.refl s0) h_s1 h_s2 + done + +#time +open Expr Update in +theorem read_from_prev_update_test2 (s0 s1 s2 : ArmState) + (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) + (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 5#5) s1) s1)) : + s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 5#5) s0) s0)) := by + have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], + gpr := [x0, old_x1, x1] } + -- init + { prev_state := 0, curr_state := 0, writes := []} + -- final + { prev_state := 0, curr_state := 2, + writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 2), w_gpr 3#5 (.r_gpr 5#5)] } + -- updates + [ { prev_state := 0, curr_state := 1, + writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, + { prev_state := 1, curr_state := 2, + writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.r_gpr 5#5)] } ] + (Eq.refl true)) + simp only [Exprs.denote, and_true, and_imp] at this + exact this (Eq.refl s0) h_s1 h_s2 + done + +end ArmConstr From 1f8df565250f95272acb9204f7b830fcc7fa0420 Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Mon, 14 Oct 2024 11:03:14 -0500 Subject: [PATCH 02/20] Fix comments --- Tactics/ArmConstr.lean | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tactics/ArmConstr.lean b/Tactics/ArmConstr.lean index 2bdd0310..a3e3a0ad 100644 --- a/Tactics/ArmConstr.lean +++ b/Tactics/ArmConstr.lean @@ -178,7 +178,7 @@ def Update.resolveRead (es : List Update) (u : Update) : Update := if i == gpr_idx then v else go gpr_idx rest /-- -Resolve any reads in +Resolve any reads in each of `us` by looking them up in `es`. -/ def Update.resolveReads (es us : List Update) : List Update := match us with @@ -255,7 +255,7 @@ info: { curr_state := 2, w_gpr 2#5 (.var 2)] } ] -/-- Does aggregating `updates` yield `final`? -/ +/-- Does aggregating `updates` over `init` yield `final`? -/ def Expr.isAggregated (init : Expr) (updates : Exprs) (final : Expr) : Bool := final == aggregate init updates From 85ea0e61197fe630d3eb76fee89e208d24ad0af6 Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Mon, 14 Oct 2024 12:50:34 -0700 Subject: [PATCH 03/20] Update Tactics/ArmConstr.lean Co-authored-by: Siddharth --- Tactics/ArmConstr.lean | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/Tactics/ArmConstr.lean b/Tactics/ArmConstr.lean index a3e3a0ad..8d4435dc 100644 --- a/Tactics/ArmConstr.lean +++ b/Tactics/ArmConstr.lean @@ -180,11 +180,7 @@ def Update.resolveRead (es : List Update) (u : Update) : Update := /-- Resolve any reads in each of `us` by looking them up in `es`. -/ -def Update.resolveReads (es us : List Update) : List Update := - match us with - | [] => [] - | u :: rest => - (Update.resolveRead es u) :: resolveReads es rest +def Update.resolveReads (es us : List Update) : List Update := us.map (Update.resolveRead es) /-- Aggregate `e` and `u`, assuming `u` follows `e`. From c67f1cadbc79ddbfd561496b8dbdbf9080a6f5b0 Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Mon, 14 Oct 2024 16:49:10 -0500 Subject: [PATCH 04/20] Add a test for 30 steps --- Tactics/ArmConstr.lean | 254 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 251 insertions(+), 3 deletions(-) diff --git a/Tactics/ArmConstr.lean b/Tactics/ArmConstr.lean index 8d4435dc..af6a57de 100644 --- a/Tactics/ArmConstr.lean +++ b/Tactics/ArmConstr.lean @@ -5,8 +5,14 @@ Author(s): Shilpi Goel -/ /- -Experimental method to aggregate state effects using reflection. This is -inspired by `simp_arith`, especially the following files: +Experimental method to aggregate state effects using reflection. + +In LNSym, we already have a language that describes reads from and writes to the +`ArmState` using functions `r` and `w` respectively (we ignore memory reads and +writes at this point). We reflect precisely these two functions, as well as arbitrary +bitvector expressions for register updates to the `ArmState`. + +This is inspired by `simp_arith`, especially the following files: `[lean] Init/Data/Nat/Linear.lean` `[lean] Meta/Tactic/LinearAith/Nat/Basic.lean` @@ -180,7 +186,8 @@ def Update.resolveRead (es : List Update) (u : Update) : Update := /-- Resolve any reads in each of `us` by looking them up in `es`. -/ -def Update.resolveReads (es us : List Update) : List Update := us.map (Update.resolveRead es) +def Update.resolveReads (es us : List Update) : List Update := + us.map (Update.resolveRead es) /-- Aggregate `e` and `u`, assuming `u` follows `e`. @@ -255,6 +262,7 @@ info: { curr_state := 2, def Expr.isAggregated (init : Expr) (updates : Exprs) (final : Expr) : Bool := final == aggregate init updates +/-- TODO: we're probably missing a well-formedness hyp. about the `ctx` here. -/ theorem Expr.eq_true_of_isValid (ctx : Context) (init final : Expr) (updates : Exprs) : (Expr.isAggregated init updates final) → Expr.denote ctx init ∧ Exprs.denote ctx updates → (Expr.denote ctx final) := by @@ -385,4 +393,244 @@ theorem read_from_prev_update_test2 (s0 s1 s2 : ArmState) exact this (Eq.refl s0) h_s1 h_s2 done +open Expr Update in +/-- +info: { curr_state := 30, + prev_state := 0, + writes := [ArmConstr.Update.w_gpr 0x01#5 (ArmConstr.GPRVal.var 52), + ArmConstr.Update.w_gpr 0x02#5 (ArmConstr.GPRVal.var 51), + ArmConstr.Update.w_gpr 0x03#5 (ArmConstr.GPRVal.var 53), + ArmConstr.Update.w_gpr 0x04#5 (ArmConstr.GPRVal.var 76), + ArmConstr.Update.w_gpr 0x05#5 (ArmConstr.GPRVal.var 81), + ArmConstr.Update.w_gpr 0x06#5 (ArmConstr.GPRVal.var 74), + ArmConstr.Update.w_gpr 0x07#5 (ArmConstr.GPRVal.var 73), + ArmConstr.Update.w_gpr 0x08#5 (ArmConstr.GPRVal.var 87), + ArmConstr.Update.w_gpr 0x09#5 (ArmConstr.GPRVal.var 86), + ArmConstr.Update.w_gpr 0x0a#5 (ArmConstr.GPRVal.var 85), + ArmConstr.Update.w_gpr 0x0b#5 (ArmConstr.GPRVal.var 84), + ArmConstr.Update.w_gpr 0x0c#5 (ArmConstr.GPRVal.var 61), + ArmConstr.Update.w_gpr 0x0d#5 (ArmConstr.GPRVal.var 83), + ArmConstr.Update.w_gpr 0x0e#5 (ArmConstr.GPRVal.var 82), + ArmConstr.Update.w_gpr 0x0f#5 (ArmConstr.GPRVal.var 19), + ArmConstr.Update.w_gpr 0x10#5 (ArmConstr.GPRVal.var 80), + ArmConstr.Update.w_gpr 0x11#5 (ArmConstr.GPRVal.var 79), + ArmConstr.Update.w_gpr 0x12#5 (ArmConstr.GPRVal.var 78), + ArmConstr.Update.w_gpr 0x13#5 (ArmConstr.GPRVal.var 77), + ArmConstr.Update.w_gpr 0x14#5 (ArmConstr.GPRVal.var 44), + ArmConstr.Update.w_gpr 0x15#5 (ArmConstr.GPRVal.var 43), + ArmConstr.Update.w_gpr 0x16#5 (ArmConstr.GPRVal.var 42), + ArmConstr.Update.w_gpr 0x17#5 (ArmConstr.GPRVal.var 41), + ArmConstr.Update.w_gpr 0x18#5 (ArmConstr.GPRVal.var 3), + ArmConstr.Update.w_gpr 0x19#5 (ArmConstr.GPRVal.var 2), + ArmConstr.Update.w_gpr 0x1a#5 (ArmConstr.GPRVal.var 1), + ArmConstr.Update.w_gpr 0x1b#5 (ArmConstr.GPRVal.var 0), + ArmConstr.Update.w_gpr 0x1c#5 (ArmConstr.GPRVal.var 60), + ArmConstr.Update.w_gpr 0x1d#5 (ArmConstr.GPRVal.var 59), + ArmConstr.Update.w_gpr 0x1e#5 (ArmConstr.GPRVal.var 58), + ArmConstr.Update.w_gpr 0x1f#5 (ArmConstr.GPRVal.var 57)] } +-/ +#guard_msgs in +#eval Expr.aggregate + { prev_state := 0, curr_state := 0, writes := []} + [{ curr_state := 1, prev_state := 0, + writes := + [w_gpr (23#5) (GPRVal.var 4), w_gpr (24#5) (GPRVal.var 3), w_gpr (25#5) (GPRVal.var 2), + w_gpr (26#5) (GPRVal.var 1), w_gpr (27#5) (GPRVal.var 0)] }, + { curr_state := 2, prev_state := 1, writes := [w_gpr (2#5) (GPRVal.var 6), w_gpr (3#5) (GPRVal.var 5)] }, + { curr_state := 3, prev_state := 2, + writes := + [w_gpr (28#5) (GPRVal.var 10), w_gpr (29#5) (GPRVal.var 9), w_gpr (30#5) (GPRVal.var 8), + w_gpr (31#5) (GPRVal.var 7)] }, + { curr_state := 4, prev_state := 3, + writes := + [w_gpr (17#5) (GPRVal.var 14), w_gpr (18#5) (GPRVal.var 13), w_gpr (19#5) (GPRVal.var 12), + w_gpr (20#5) (GPRVal.var 11)] }, + { curr_state := 5, prev_state := 4, writes := [w_gpr (15#5) (GPRVal.var 16), w_gpr (16#5) (GPRVal.var 15)] }, + { curr_state := 6, prev_state := 5, writes := [w_gpr (30#5) (GPRVal.var 17)] }, + { curr_state := 7, prev_state := 6, + writes := + [w_gpr (12#5) (GPRVal.var 22), w_gpr (13#5) (GPRVal.var 21), w_gpr (14#5) (GPRVal.var 20), + w_gpr (15#5) (GPRVal.var 19), w_gpr (16#5) (GPRVal.var 18)] }, + { curr_state := 8, prev_state := 7, + writes := + [w_gpr (8#5) (GPRVal.var 27), w_gpr (9#5) (GPRVal.var 26), w_gpr (10#5) (GPRVal.var 25), + w_gpr (11#5) (GPRVal.var 24), w_gpr (12#5) (GPRVal.var 23)] }, + { curr_state := 9, prev_state := 8, + writes := [w_gpr (28#5) (GPRVal.var 30), w_gpr (29#5) (GPRVal.var 29), w_gpr (30#5) (GPRVal.var 28)] }, + { curr_state := 10, prev_state := 9, writes := [w_gpr (21#5) (GPRVal.var 31)] }, + { curr_state := 11, prev_state := 10, + writes := + [w_gpr (18#5) (GPRVal.var 36), w_gpr (19#5) (GPRVal.var 35), w_gpr (20#5) (GPRVal.var 34), + w_gpr (21#5) (GPRVal.var 33), w_gpr (22#5) (GPRVal.var 32)] }, + { curr_state := 12, prev_state := 11, + writes := + [w_gpr (18#5) (GPRVal.var 40), w_gpr (19#5) (GPRVal.var 39), w_gpr (20#5) (GPRVal.var 38), + w_gpr (21#5) (GPRVal.var 37)] }, + { curr_state := 13, prev_state := 12, + writes := + [w_gpr (20#5) (GPRVal.var 44), w_gpr (21#5) (GPRVal.var 43), w_gpr (22#5) (GPRVal.var 42), + w_gpr (23#5) (GPRVal.var 41)] }, + { curr_state := 14, prev_state := 13, writes := [w_gpr (17#5) (GPRVal.var 45)] }, + { curr_state := 15, prev_state := 14, writes := [w_gpr (14#5) (GPRVal.var 46)] }, + { curr_state := 16, prev_state := 15, writes := [w_gpr (16#5) (GPRVal.var 47)] }, + { curr_state := 17, prev_state := 16, + writes := + [w_gpr (1#5) (GPRVal.var 52), w_gpr (2#5) (GPRVal.var 51), w_gpr (3#5) (GPRVal.var 50), + w_gpr (4#5) (GPRVal.var 49), w_gpr (5#5) (GPRVal.var 48)] }, + { curr_state := 18, prev_state := 17, writes := [w_gpr (3#5) (GPRVal.var 53)] }, + { curr_state := 19, prev_state := 18, writes := [w_gpr (8#5) (GPRVal.var 54)] }, + { curr_state := 20, prev_state := 19, writes := [w_gpr (5#5) (GPRVal.var 55)] }, + { curr_state := 21, prev_state := 20, writes := [w_gpr (9#5) (GPRVal.var 56)] }, + { curr_state := 22, prev_state := 21, + writes := + [w_gpr (28#5) (GPRVal.var 60), w_gpr (29#5) (GPRVal.var 59), w_gpr (30#5) (GPRVal.var 58), + w_gpr (31#5) (GPRVal.var 57)] }, + { curr_state := 23, prev_state := 22, + writes := + [w_gpr (8#5) (GPRVal.var 65), w_gpr (9#5) (GPRVal.var 64), w_gpr (10#5) (GPRVal.var 63), + w_gpr (11#5) (GPRVal.var 62), w_gpr (12#5) (GPRVal.var 61)] }, + { curr_state := 24, prev_state := 23, + writes := + [w_gpr (7#5) (GPRVal.var 70), w_gpr (8#5) (GPRVal.var 69), w_gpr (9#5) (GPRVal.var 68), + w_gpr (10#5) (GPRVal.var 67), w_gpr (11#5) (GPRVal.var 66)] }, + { curr_state := 25, prev_state := 24, writes := [w_gpr (5#5) (GPRVal.var 72), w_gpr (6#5) (GPRVal.var 71)] }, + { curr_state := 26, prev_state := 25, + writes := + [w_gpr (4#5) (GPRVal.var 76), w_gpr (5#5) (GPRVal.var 75), w_gpr (6#5) (GPRVal.var 74), + w_gpr (7#5) (GPRVal.var 73)] }, + { curr_state := 27, prev_state := 26, + writes := + [w_gpr (16#5) (GPRVal.var 80), w_gpr (17#5) (GPRVal.var 79), w_gpr (18#5) (GPRVal.var 78), + w_gpr (19#5) (GPRVal.var 77)] }, + { curr_state := 28, prev_state := 27, writes := [w_gpr (5#5) (GPRVal.var 81)] }, + { curr_state := 29, prev_state := 28, writes := [w_gpr (13#5) (GPRVal.var 83), w_gpr (14#5) (GPRVal.var 82)] }, + { curr_state := 30, prev_state := 29, + writes := + [w_gpr (8#5) (GPRVal.var 87), w_gpr (9#5) (GPRVal.var 86), w_gpr (10#5) (GPRVal.var 85), + w_gpr (11#5) (GPRVal.var 84)] }] + +#time +open Expr Update in +theorem test_30_steps (s0 : ArmState) + (h_step_1 : s1 = (w (.GPR 23#5) val4 (w (.GPR 24#5) val3 (w (.GPR 25#5) val2 (w (.GPR 26#5) val1 (w (.GPR 27#5) val0 s0)))))) + (h_step_2 : s2 = (w (.GPR 2#5) val6 (w (.GPR 3#5) val5 s1))) + (h_step_3 : s3 = (w (.GPR 28#5) val10 (w (.GPR 29#5) val9 (w (.GPR 30#5) val8 (w (.GPR 31#5) val7 s2))))) + (h_step_4 : s4 = (w (.GPR 17#5) val14 (w (.GPR 18#5) val13 (w (.GPR 19#5) val12 (w (.GPR 20#5) val11 s3))))) + (h_step_5 : s5 = (w (.GPR 15#5) val16 (w (.GPR 16#5) val15 s4))) + (h_step_6 : s6 = (w (.GPR 30#5) val17 s5)) + (h_step_7 : s7 = (w (.GPR 12#5) val22 (w (.GPR 13#5) val21 (w (.GPR 14#5) val20 (w (.GPR 15#5) val19 (w (.GPR 16#5) val18 s6)))))) + (h_step_8 : s8 = (w (.GPR 8#5) val27 (w (.GPR 9#5) val26 (w (.GPR 10#5) val25 (w (.GPR 11#5) val24 (w (.GPR 12#5) val23 s7)))))) + (h_step_9 : s9 = (w (.GPR 28#5) val30 (w (.GPR 29#5) val29 (w (.GPR 30#5) val28 s8)))) + (h_step_10 : s10 = (w (.GPR 21#5) val31 s9)) + (h_step_11 : s11 = (w (.GPR 18#5) val36 (w (.GPR 19#5) val35 (w (.GPR 20#5) val34 (w (.GPR 21#5) val33 (w (.GPR 22#5) val32 s10)))))) + (h_step_12 : s12 = (w (.GPR 18#5) val40 (w (.GPR 19#5) val39 (w (.GPR 20#5) val38 (w (.GPR 21#5) val37 s11))))) + (h_step_13 : s13 = (w (.GPR 20#5) val44 (w (.GPR 21#5) val43 (w (.GPR 22#5) val42 (w (.GPR 23#5) val41 s12))))) + (h_step_14 : s14 = (w (.GPR 17#5) val45 s13)) + (h_step_15 : s15 = (w (.GPR 14#5) val46 s14)) + (h_step_16 : s16 = (w (.GPR 16#5) val47 s15)) + (h_step_17 : s17 = (w (.GPR 1#5) val52 (w (.GPR 2#5) val51 (w (.GPR 3#5) val50 (w (.GPR 4#5) val49 (w (.GPR 5#5) val48 s16)))))) + (h_step_18 : s18 = (w (.GPR 3#5) val53 s17)) + (h_step_19 : s19 = (w (.GPR 8#5) val54 s18)) + (h_step_20 : s20 = (w (.GPR 5#5) val55 s19)) + (h_step_21 : s21 = (w (.GPR 9#5) val56 s20)) + (h_step_22 : s22 = (w (.GPR 28#5) val60 (w (.GPR 29#5) val59 (w (.GPR 30#5) val58 (w (.GPR 31#5) val57 s21))))) + (h_step_23 : s23 = (w (.GPR 8#5) val65 (w (.GPR 9#5) val64 (w (.GPR 10#5) val63 (w (.GPR 11#5) val62 (w (.GPR 12#5) val61 s22)))))) + (h_step_24 : s24 = (w (.GPR 7#5) val70 (w (.GPR 8#5) val69 (w (.GPR 9#5) val68 (w (.GPR 10#5) val67 (w (.GPR 11#5) val66 s23)))))) + (h_step_25 : s25 = (w (.GPR 5#5) val72 (w (.GPR 6#5) val71 s24))) + (h_step_26 : s26 = (w (.GPR 4#5) val76 (w (.GPR 5#5) val75 (w (.GPR 6#5) val74 (w (.GPR 7#5) val73 s25))))) + (h_step_27 : s27 = (w (.GPR 16#5) val80 (w (.GPR 17#5) val79 (w (.GPR 18#5) val78 (w (.GPR 19#5) val77 s26))))) + (h_step_28 : s28 = (w (.GPR 5#5) val81 s27)) + (h_step_29 : s29 = (w (.GPR 13#5) val83 (w (.GPR 14#5) val82 s28))) + (h_step_30 : s30 = (w (.GPR 8#5) val87 (w (.GPR 9#5) val86 (w (.GPR 10#5) val85 (w (.GPR 11#5) val84 s29))))) : + s30 = (w (.GPR 0x01#5) val52 (w (.GPR 0x02#5) val51 (w (.GPR 0x03#5) val53 (w (.GPR 0x04#5) val76 (w (.GPR 0x05#5) val81 (w (.GPR 0x06#5) val74 (w (.GPR 0x07#5) val73 (w (.GPR 0x08#5) val87 (w (.GPR 0x09#5) val86 (w (.GPR 0x0a#5) val85 (w (.GPR 0x0b#5) val84 (w (.GPR 0x0c#5) val61 (w (.GPR 0x0d#5) val83 (w (.GPR 0x0e#5) val82 (w (.GPR 0x0f#5) val19 (w (.GPR 0x10#5) val80 (w (.GPR 0x11#5) val79 (w (.GPR 0x12#5) val78 (w (.GPR 0x13#5) val77 (w (.GPR 0x14#5) val44 (w (.GPR 0x15#5) val43 (w (.GPR 0x16#5) val42 (w (.GPR 0x17#5) val41 (w (.GPR 0x18#5) val3 (w (.GPR 0x19#5) val2 (w (.GPR 0x1a#5) val1 (w (.GPR 0x1b#5) val0 (w (.GPR 0x1c#5) val60 (w (.GPR 0x1d#5) val59 (w (.GPR 0x1e#5) val58 (w (.GPR 0x1f#5) val57 s0))))))))))))))))))))))))))))))) + := by + have := + (Expr.eq_true_of_isValid { state := [s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, + s11, s12, s13, s14, s15, s16, s17, s18, s19, + s20, s21, s22, s23, s24, s25, s26, s27, s28, s29, s30], + gpr := [val0, val1, val2, val3, val4, val5, val6, val7, val8, val9, val10, + val11, val12, val13, val14, val15, val16, val17, val18, val19, val20, + val21, val22, val23, val24, val25, val26, val27, val28, val29, val30, + val31, val32, val33, val34, val35, val36, val37, val38, val39, val40, + val41, val42, val43, val44, val45, val46, val47, val48, val49, val50, + val51, val52, val53, val54, val55, val56, val57, val58, val59, val60, + val61, val62, val63, val64, val65, val66, val67, val68, val69, val70, + val71, val72, val73, val74, val75, val76, val77, val78, val79, val80, + val81, val82, val83, val84, val85, val86, val87] } + -- init + { prev_state := 0, curr_state := 0, writes := []} + -- final + { curr_state := 30, + prev_state := 0, + writes := [w_gpr 0x01#5 (.var 52), + w_gpr 0x02#5 (.var 51), + w_gpr 0x03#5 (.var 53), + w_gpr 0x04#5 (.var 76), + w_gpr 0x05#5 (.var 81), + w_gpr 0x06#5 (.var 74), + w_gpr 0x07#5 (.var 73), + w_gpr 0x08#5 (.var 87), + w_gpr 0x09#5 (.var 86), + w_gpr 0x0a#5 (.var 85), + w_gpr 0x0b#5 (.var 84), + w_gpr 0x0c#5 (.var 61), + w_gpr 0x0d#5 (.var 83), + w_gpr 0x0e#5 (.var 82), + w_gpr 0x0f#5 (.var 19), + w_gpr 0x10#5 (.var 80), + w_gpr 0x11#5 (.var 79), + w_gpr 0x12#5 (.var 78), + w_gpr 0x13#5 (.var 77), + w_gpr 0x14#5 (.var 44), + w_gpr 0x15#5 (.var 43), + w_gpr 0x16#5 (.var 42), + w_gpr 0x17#5 (.var 41), + w_gpr 0x18#5 (.var 3), + w_gpr 0x19#5 (.var 2), + w_gpr 0x1a#5 (.var 1), + w_gpr 0x1b#5 (.var 0), + w_gpr 0x1c#5 (.var 60), + w_gpr 0x1d#5 (.var 59), + w_gpr 0x1e#5 (.var 58), + w_gpr 0x1f#5 (.var 57)] } + -- updates + [ + { curr_state := 1, prev_state := 0, writes := [w_gpr 23#5 (.var 4), w_gpr 24#5 (.var 3), w_gpr 25#5 (.var 2), w_gpr 26#5 (.var 1), w_gpr 27#5 (.var 0), ] }, + { curr_state := 2, prev_state := 1, writes := [w_gpr 2#5 (.var 6), w_gpr 3#5 (.var 5), ] }, + { curr_state := 3, prev_state := 2, writes := [w_gpr 28#5 (.var 10), w_gpr 29#5 (.var 9), w_gpr 30#5 (.var 8), w_gpr 31#5 (.var 7), ] }, + { curr_state := 4, prev_state := 3, writes := [w_gpr 17#5 (.var 14), w_gpr 18#5 (.var 13), w_gpr 19#5 (.var 12), w_gpr 20#5 (.var 11), ] }, + { curr_state := 5, prev_state := 4, writes := [w_gpr 15#5 (.var 16), w_gpr 16#5 (.var 15), ] }, + { curr_state := 6, prev_state := 5, writes := [w_gpr 30#5 (.var 17), ] }, + { curr_state := 7, prev_state := 6, writes := [w_gpr 12#5 (.var 22), w_gpr 13#5 (.var 21), w_gpr 14#5 (.var 20), w_gpr 15#5 (.var 19), w_gpr 16#5 (.var 18), ] }, + { curr_state := 8, prev_state := 7, writes := [w_gpr 8#5 (.var 27), w_gpr 9#5 (.var 26), w_gpr 10#5 (.var 25), w_gpr 11#5 (.var 24), w_gpr 12#5 (.var 23), ] }, + { curr_state := 9, prev_state := 8, writes := [w_gpr 28#5 (.var 30), w_gpr 29#5 (.var 29), w_gpr 30#5 (.var 28), ] }, + { curr_state := 10, prev_state := 9, writes := [w_gpr 21#5 (.var 31), ] }, + { curr_state := 11, prev_state := 10, writes := [w_gpr 18#5 (.var 36), w_gpr 19#5 (.var 35), w_gpr 20#5 (.var 34), w_gpr 21#5 (.var 33), w_gpr 22#5 (.var 32), ] }, + { curr_state := 12, prev_state := 11, writes := [w_gpr 18#5 (.var 40), w_gpr 19#5 (.var 39), w_gpr 20#5 (.var 38), w_gpr 21#5 (.var 37), ] }, + { curr_state := 13, prev_state := 12, writes := [w_gpr 20#5 (.var 44), w_gpr 21#5 (.var 43), w_gpr 22#5 (.var 42), w_gpr 23#5 (.var 41), ] }, + { curr_state := 14, prev_state := 13, writes := [w_gpr 17#5 (.var 45), ] }, + { curr_state := 15, prev_state := 14, writes := [w_gpr 14#5 (.var 46), ] }, + { curr_state := 16, prev_state := 15, writes := [w_gpr 16#5 (.var 47), ] }, + { curr_state := 17, prev_state := 16, writes := [w_gpr 1#5 (.var 52), w_gpr 2#5 (.var 51), w_gpr 3#5 (.var 50), w_gpr 4#5 (.var 49), w_gpr 5#5 (.var 48), ] }, + { curr_state := 18, prev_state := 17, writes := [w_gpr 3#5 (.var 53), ] }, + { curr_state := 19, prev_state := 18, writes := [w_gpr 8#5 (.var 54), ] }, + { curr_state := 20, prev_state := 19, writes := [w_gpr 5#5 (.var 55), ] }, + { curr_state := 21, prev_state := 20, writes := [w_gpr 9#5 (.var 56), ] }, + { curr_state := 22, prev_state := 21, writes := [w_gpr 28#5 (.var 60), w_gpr 29#5 (.var 59), w_gpr 30#5 (.var 58), w_gpr 31#5 (.var 57), ] }, + { curr_state := 23, prev_state := 22, writes := [w_gpr 8#5 (.var 65), w_gpr 9#5 (.var 64), w_gpr 10#5 (.var 63), w_gpr 11#5 (.var 62), w_gpr 12#5 (.var 61), ] }, + { curr_state := 24, prev_state := 23, writes := [w_gpr 7#5 (.var 70), w_gpr 8#5 (.var 69), w_gpr 9#5 (.var 68), w_gpr 10#5 (.var 67), w_gpr 11#5 (.var 66), ] }, + { curr_state := 25, prev_state := 24, writes := [w_gpr 5#5 (.var 72), w_gpr 6#5 (.var 71), ] }, + { curr_state := 26, prev_state := 25, writes := [w_gpr 4#5 (.var 76), w_gpr 5#5 (.var 75), w_gpr 6#5 (.var 74), w_gpr 7#5 (.var 73), ] }, + { curr_state := 27, prev_state := 26, writes := [w_gpr 16#5 (.var 80), w_gpr 17#5 (.var 79), w_gpr 18#5 (.var 78), w_gpr 19#5 (.var 77), ] }, + { curr_state := 28, prev_state := 27, writes := [w_gpr 5#5 (.var 81), ] }, + { curr_state := 29, prev_state := 28, writes := [w_gpr 13#5 (.var 83), w_gpr 14#5 (.var 82), ] }, + { curr_state := 30, prev_state := 29, writes := [w_gpr 8#5 (.var 87), w_gpr 9#5 (.var 86), w_gpr 10#5 (.var 85), w_gpr 11#5 (.var 84), ] } + ] + (by native_decide)) + simp only [Exprs.denote, and_true, and_imp] at this + exact this (Eq.refl s0) h_step_1 h_step_2 h_step_3 h_step_4 h_step_5 h_step_6 h_step_7 h_step_8 h_step_9 h_step_10 h_step_11 h_step_12 h_step_13 h_step_14 h_step_15 h_step_16 h_step_17 h_step_18 h_step_19 h_step_20 h_step_21 h_step_22 h_step_23 h_step_24 h_step_25 h_step_26 h_step_27 h_step_28 h_step_29 h_step_30 + done + + + end ArmConstr From a16325c8cfcb7e86920569043d5aaf6e2a8cd4b4 Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Mon, 14 Oct 2024 18:07:57 -0500 Subject: [PATCH 05/20] Add a python script to generate theorems for ArmConstr method --- Tactics/ArmConstr.lean | 73 +++++++++++++++++++++++++++++ scripts/gen_armconstr_cases.py | 85 ++++++++++++++++++++++++++++++++++ 2 files changed, 158 insertions(+) create mode 100644 scripts/gen_armconstr_cases.py diff --git a/Tactics/ArmConstr.lean b/Tactics/ArmConstr.lean index af6a57de..62e69d7f 100644 --- a/Tactics/ArmConstr.lean +++ b/Tactics/ArmConstr.lean @@ -631,6 +631,79 @@ theorem test_30_steps (s0 : ArmState) exact this (Eq.refl s0) h_step_1 h_step_2 h_step_3 h_step_4 h_step_5 h_step_6 h_step_7 h_step_8 h_step_9 h_step_10 h_step_11 h_step_12 h_step_13 h_step_14 h_step_15 h_step_16 h_step_17 h_step_18 h_step_19 h_step_20 h_step_21 h_step_22 h_step_23 h_step_24 h_step_25 h_step_26 h_step_27 h_step_28 h_step_29 h_step_30 done +open Expr Update in +#eval Expr.aggregate + { prev_state := 0, curr_state := 0, writes := []} + [ { curr_state := 1, prev_state := 0, writes := [w_gpr 13#5 (.var 1), w_gpr 14#5 (.var 0), ] }, + { curr_state := 2, prev_state := 1, writes := [w_gpr 11#5 (.var 2), ] }, + { curr_state := 3, prev_state := 2, writes := [w_gpr 11#5 (.var 5), w_gpr 12#5 (.var 4), w_gpr 13#5 (.var 3), ] }, + { curr_state := 4, prev_state := 3, writes := [w_gpr 10#5 (.var 10), w_gpr 11#5 (.var 9), w_gpr 12#5 (.var 8), w_gpr 13#5 (.var 7), w_gpr 14#5 (.var 6), ] }, + { curr_state := 5, prev_state := 4, writes := [w_gpr 21#5 (.var 14), w_gpr 22#5 (.var 13), w_gpr 23#5 (.var 12), w_gpr 24#5 (.var 11), ] }, + { curr_state := 6, prev_state := 5, writes := [w_gpr 2#5 (.var 19), w_gpr 3#5 (.var 18), w_gpr 4#5 (.var 17), w_gpr 5#5 (.var 16), w_gpr 6#5 (.var 15), ] }, + { curr_state := 7, prev_state := 6, writes := [w_gpr 28#5 (.var 22), w_gpr 29#5 (.var 21), w_gpr 30#5 (.var 20), ] }, + { curr_state := 8, prev_state := 7, writes := [w_gpr 21#5 (.var 27), w_gpr 22#5 (.var 26), w_gpr 23#5 (.var 25), w_gpr 24#5 (.var 24), w_gpr 25#5 (.var 23), ] }, + { curr_state := 9, prev_state := 8, writes := [w_gpr 29#5 (.var 28), ] }, + { curr_state := 10, prev_state := 9, writes := [w_gpr 29#5 (.var 29), ] }, + ] + +#time +open Expr Update in +theorem test_10_steps (s0 : ArmState) + (h_step_1 : s1 = (w (.GPR 13#5) val1 (w (.GPR 14#5) val0 s0))) + (h_step_2 : s2 = (w (.GPR 11#5) val2 s1)) + (h_step_3 : s3 = (w (.GPR 11#5) val5 (w (.GPR 12#5) val4 (w (.GPR 13#5) val3 s2)))) + (h_step_4 : s4 = (w (.GPR 10#5) val10 (w (.GPR 11#5) val9 (w (.GPR 12#5) val8 (w (.GPR 13#5) val7 (w (.GPR 14#5) val6 s3)))))) + (h_step_5 : s5 = (w (.GPR 21#5) val14 (w (.GPR 22#5) val13 (w (.GPR 23#5) val12 (w (.GPR 24#5) val11 s4))))) + (h_step_6 : s6 = (w (.GPR 2#5) val19 (w (.GPR 3#5) val18 (w (.GPR 4#5) val17 (w (.GPR 5#5) val16 (w (.GPR 6#5) val15 s5)))))) + (h_step_7 : s7 = (w (.GPR 28#5) val22 (w (.GPR 29#5) val21 (w (.GPR 30#5) val20 s6)))) + (h_step_8 : s8 = (w (.GPR 21#5) val27 (w (.GPR 22#5) val26 (w (.GPR 23#5) val25 (w (.GPR 24#5) val24 (w (.GPR 25#5) val23 s7)))))) + (h_step_9 : s9 = (w (.GPR 29#5) val28 s8)) + (h_step_10 : s10 = (w (.GPR 29#5) val29 s9)) + : + s10 = (w (.GPR 0x02#5) val19 (w (.GPR 0x03#5) val18 (w (.GPR 0x04#5) val17 (w (.GPR 0x05#5) val16 (w (.GPR 0x06#5) val15 (w (.GPR 0x0a#5) val10 (w (.GPR 0x0b#5) val9 (w (.GPR 0x0c#5) val8 (w (.GPR 0x0d#5) val7 (w (.GPR 0x0e#5) val6 (w (.GPR 0x15#5) val27 (w (.GPR 0x16#5) val26 (w (.GPR 0x17#5) val25 (w (.GPR 0x18#5) val24 (w (.GPR 0x19#5) val23 (w (.GPR 0x1c#5) val22 (w (.GPR 0x1d#5) val29 (w (.GPR 0x1e#5) val20 s0)))))))))))))))))) := by + have := (Expr.eq_true_of_isValid + -- Context + { state := [s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10], + gpr := [val0, val1, val2, val3, val4, val5, val6, val7, val8, val9, val10, val11, val12, val13, val14, val15, val16, val17, val18, val19, val20, val21, val22, val23, val24, val25, val26, val27, val28, val29] } + -- init + { curr_state := 0, prev_state := 0, writes := [] } + -- final + { curr_state := 10, + prev_state := 0, + writes := [ArmConstr.Update.w_gpr 0x02#5 (ArmConstr.GPRVal.var 19), + ArmConstr.Update.w_gpr 0x03#5 (ArmConstr.GPRVal.var 18), + ArmConstr.Update.w_gpr 0x04#5 (ArmConstr.GPRVal.var 17), + ArmConstr.Update.w_gpr 0x05#5 (ArmConstr.GPRVal.var 16), + ArmConstr.Update.w_gpr 0x06#5 (ArmConstr.GPRVal.var 15), + ArmConstr.Update.w_gpr 0x0a#5 (ArmConstr.GPRVal.var 10), + ArmConstr.Update.w_gpr 0x0b#5 (ArmConstr.GPRVal.var 9), + ArmConstr.Update.w_gpr 0x0c#5 (ArmConstr.GPRVal.var 8), + ArmConstr.Update.w_gpr 0x0d#5 (ArmConstr.GPRVal.var 7), + ArmConstr.Update.w_gpr 0x0e#5 (ArmConstr.GPRVal.var 6), + ArmConstr.Update.w_gpr 0x15#5 (ArmConstr.GPRVal.var 27), + ArmConstr.Update.w_gpr 0x16#5 (ArmConstr.GPRVal.var 26), + ArmConstr.Update.w_gpr 0x17#5 (ArmConstr.GPRVal.var 25), + ArmConstr.Update.w_gpr 0x18#5 (ArmConstr.GPRVal.var 24), + ArmConstr.Update.w_gpr 0x19#5 (ArmConstr.GPRVal.var 23), + ArmConstr.Update.w_gpr 0x1c#5 (ArmConstr.GPRVal.var 22), + ArmConstr.Update.w_gpr 0x1d#5 (ArmConstr.GPRVal.var 29), + ArmConstr.Update.w_gpr 0x1e#5 (ArmConstr.GPRVal.var 20)] } + -- updates + [ { curr_state := 1, prev_state := 0, writes := [w_gpr 13#5 (.var 1), w_gpr 14#5 (.var 0), ] }, + { curr_state := 2, prev_state := 1, writes := [w_gpr 11#5 (.var 2), ] }, + { curr_state := 3, prev_state := 2, writes := [w_gpr 11#5 (.var 5), w_gpr 12#5 (.var 4), w_gpr 13#5 (.var 3), ] }, + { curr_state := 4, prev_state := 3, writes := [w_gpr 10#5 (.var 10), w_gpr 11#5 (.var 9), w_gpr 12#5 (.var 8), w_gpr 13#5 (.var 7), w_gpr 14#5 (.var 6), ] }, + { curr_state := 5, prev_state := 4, writes := [w_gpr 21#5 (.var 14), w_gpr 22#5 (.var 13), w_gpr 23#5 (.var 12), w_gpr 24#5 (.var 11), ] }, + { curr_state := 6, prev_state := 5, writes := [w_gpr 2#5 (.var 19), w_gpr 3#5 (.var 18), w_gpr 4#5 (.var 17), w_gpr 5#5 (.var 16), w_gpr 6#5 (.var 15), ] }, + { curr_state := 7, prev_state := 6, writes := [w_gpr 28#5 (.var 22), w_gpr 29#5 (.var 21), w_gpr 30#5 (.var 20), ] }, + { curr_state := 8, prev_state := 7, writes := [w_gpr 21#5 (.var 27), w_gpr 22#5 (.var 26), w_gpr 23#5 (.var 25), w_gpr 24#5 (.var 24), w_gpr 25#5 (.var 23), ] }, + { curr_state := 9, prev_state := 8, writes := [w_gpr 29#5 (.var 28), ] }, + { curr_state := 10, prev_state := 9, writes := [w_gpr 29#5 (.var 29), ] }, + ] + (by native_decide)) + simp only [Exprs.denote, and_true, and_imp] at this + exact this (Eq.refl s0) h_step_1 h_step_2 h_step_3 h_step_4 h_step_5 h_step_6 h_step_7 h_step_8 h_step_9 h_step_10] + done end ArmConstr diff --git a/scripts/gen_armconstr_cases.py b/scripts/gen_armconstr_cases.py new file mode 100644 index 00000000..695d6b82 --- /dev/null +++ b/scripts/gen_armconstr_cases.py @@ -0,0 +1,85 @@ +# Copyright (c) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# Released under Apache 2.0 license as described in the file LICENSE. +# Author(s): Shilpi Goel + +# Helper script to generate theorems for the experimental method to +# aggregate state effects using reflection. + +import random + +global val_count + +def generate_nested_writes(depth, start_reg, state): + global val_count + + if depth == 0: + return state, "" + + reg = start_reg + inner_write, inner_expr = generate_nested_writes(depth - 1, start_reg + 1, state) + + h_step = f"(w (.GPR {reg}#5) val{val_count} {inner_write})" + expr = f"w_gpr {reg}#5 (.var {val_count}), {inner_expr}" + + val_count = val_count + 1 + + return h_step, expr + +def generate_expression(n): + depth = random.randint(1, 5) + start_reg = random.randint(1, 32 - depth) # 32 registers + nested_writes, writes = generate_nested_writes(depth, start_reg, f"s{n-1}") + + h_step = f"(h_step_{n} : s{n} = {nested_writes})" + exprs = f"{{ curr_state := {n}, prev_state := {n-1}, writes := [{writes}] }}" + + return h_step, exprs + +def generate_theorem_statement(nsteps): + global val_count + ans = [generate_expression(i) for i in range(1, nsteps+1)] + step_hyps = "" + refl_exprs = "" + + for h_step, expr in ans: + step_hyps = f"{step_hyps} {h_step}\n" + refl_exprs = f"{refl_exprs} {expr},\n" + + state_vars = "[" + ", ".join(["s" + str(suffix) for suffix in list(range(0, nsteps+1))]) + "]" + gpr_vars = "[" + ", ".join(["val" + str(suffix) for suffix in list(range(0, val_count))]) + "]" + h_step_vars = " ".join(["h_step_" + str(suffix) for suffix in list(range(1, nsteps+1))]) + "]" + + return f"open Expr Update in \ + \ntheorem test_{nsteps}_steps (s0 : ArmState)\n{step_hyps} :\ + \n s{nsteps} = := by\ + \n have := (Expr.eq_true_of_isValid \ + \n -- Context \ + \n {{ state := {state_vars}, \ + \n gpr := {gpr_vars} }} \ + \n -- init \ + \n {{ curr_state := 0, prev_state := 0, writes := [] }} \ + \n -- final: run `Exprs.aggregate init updates` to get the following. \ + \n \ + \n -- updates \ + \n [{refl_exprs}] \ + \n (by native_decide)) \ + \n simp only [Exprs.denote, and_true, and_imp] at this \ + \n exact this (Eq.refl s0) {h_step_vars} \ + \n done" + + +# # Generate 30 expressions +# val_count = 0 +# ans = [generate_expression(i) for i in range(1, 31)] +# +# # Print the h_steps +# for h_step, _ in ans: +# print(h_step) +# +# # Print the exprs +# for _, expr in ans: +# print(expr) +# + +val_count = 0 +print (generate_theorem_statement(10)) From 61fa5c310f887efc724ea2e9da0ac479f4558557 Mon Sep 17 00:00:00 2001 From: Siddharth Bhat Date: Mon, 14 Oct 2024 16:18:04 -0500 Subject: [PATCH 06/20] chore: cleanup to use stdlib API --- Tactics/ArmConstr.lean | 76 +++++++++++++++++++++--------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/Tactics/ArmConstr.lean b/Tactics/ArmConstr.lean index 62e69d7f..56a2d2a5 100644 --- a/Tactics/ArmConstr.lean +++ b/Tactics/ArmConstr.lean @@ -32,7 +32,9 @@ abbrev StateVar := Nat `BitVec` operators here. -/ inductive GPRVal where + -- A variable in the context. | var (i : Nat) + -- A read from a previous state. | r_gpr (i : BitVec 5) deriving DecidableEq, Repr, Inhabited @@ -45,18 +47,15 @@ position of a variable in the context becomes variable name (see, e.g., `StateVar`, which is a `Nat`). -/ structure Context where - state : StateContext - gpr : GPRValContext + Γs : StateContext + Γgpr : GPRValContext deriving Repr, Inhabited /-- Look up variable `v` in the `StateContext`. -/ def StateVar.denote (ctx : StateContext) (v : StateVar) : ArmState := - match ctx, v with - | [], _ => ArmState.default - | s :: _, 0 => s - | _ :: ss, i + 1 => denote ss i + ctx.getD v ArmState.default /-- Denote `GPRVal v`. @@ -64,16 +63,10 @@ Denote `GPRVal v`. If `v` is a variable then look it up in the `GPRValContext`. Else if `v` is `r_gpr i`, then look up the `i`th register in `prev_s`. -/ -def GPRVal.denote (ctx : GPRValContext) (v : GPRVal) (prev_s : ArmState) - : BitVec 64 := +def GPRVal.denote (ctx : GPRValContext) (v : GPRVal) (prev_s : ArmState) : BitVec 64 := match v with - | var i => go_var ctx i + | var i => ctx.getD i 0 | r_gpr i => r (.GPR i) prev_s - where go_var (ctx : GPRValContext) (v : Nat) : BitVec 64 := - match ctx, v with - | [], _ => 0#64 - | v0 :: _, 0 => v0 - | _ :: vs, i + 1 => go_var vs i /-- Datastructure that characterizes all the updates that can be made to an @@ -88,17 +81,25 @@ inductive Update where /-- Do updates `x` and `y` refer to the same state component? -/ -def Update.regEq (x y : Update) : Bool := +def Update.regEq (x y : Update) : Prop := match x, y with - | w_gpr i _, w_gpr j _ => i == j + | w_gpr i _, w_gpr j _ => i = j + +instance : Decidable (Update.regEq x y) := by + simp [Update.regEq] + infer_instance /-- Is the register index of update `x` less than that of `y`? -/ -def Update.regIndexLt (x y : Update) : Bool := +def Update.regIndexLt (x y : Update) : Prop := match x, y with | w_gpr i _, w_gpr j _ => i < j +instance : Decidable (Update.regIndexLt x y) := by + simp [Update.regIndexLt] + infer_instance + /-- Datastructure to represent expressions characterizing the following state update. Note that we ensure, by construction, that the `writes` are sorted by @@ -119,25 +120,25 @@ Map updates `us` to state `prev_state` to an `ArmState`. def Expr.writes.denote (ctx : Context) (us : List Update) (prev_state : StateVar) : ArmState := match us with - | [] => StateVar.denote ctx.state prev_state + | [] => StateVar.denote ctx.Γs prev_state | Update.w_gpr i v :: rest => w (.GPR i) - (GPRVal.denote ctx.gpr v (StateVar.denote ctx.state prev_state)) + (GPRVal.denote ctx.Γgpr v (StateVar.denote ctx.Γs prev_state)) (Expr.writes.denote ctx rest prev_state) /-- Denote an `Expr e` to a `Prop` corresponding to `curr_state = writes[prev_state]`. -/ def Expr.denote (ctx : Context) (e : Expr) : Prop := - StateVar.denote ctx.state e.curr_state = + StateVar.denote ctx.Γs e.curr_state = Expr.writes.denote ctx e.writes e.prev_state /-- Return a `Prop` corresponding to `e1 = e2`. -/ def Expr.denote_eq (ctx : Context) (e1 e2 : Expr) : Prop := - StateVar.denote ctx.state e1.prev_state = StateVar.denote ctx.state e2.prev_state ∧ - StateVar.denote ctx.state e1.curr_state = StateVar.denote ctx.state e2.curr_state ∧ + StateVar.denote ctx.Γs e1.prev_state = StateVar.denote ctx.Γs e2.prev_state ∧ + StateVar.denote ctx.Γs e1.curr_state = StateVar.denote ctx.Γs e2.curr_state ∧ Expr.denote ctx e1 ∧ Expr.denote ctx e2 @@ -147,9 +148,7 @@ abbrev Exprs := List Expr Denote each expression in `es` using `Expr.denote`. -/ def Exprs.denote (ctx : Context) (es : Exprs) : Prop := - match es with - | [] => True - | u :: rest => Expr.denote ctx u ∧ Exprs.denote ctx rest + es.foldl (init := True) (fun p e => p ∧ e.denote ctx) def Expr.default : Expr := { prev_state := 0, curr_state := 0, writes := [] } @@ -290,8 +289,8 @@ theorem completely_shadowed_updates s2 = xxxx : Prop -/ s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s0) := by - have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], - gpr := [x0, x1] } + have := (Expr.eq_true_of_isValid { Γs := [s0, s1, s2], + Γgpr := [x0, x1] } -- init { prev_state := 0, curr_state := 0, writes := []} -- final @@ -299,8 +298,8 @@ theorem completely_shadowed_updates -- updates [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, { prev_state := 1, curr_state := 2, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] } ] - (Eq.refl true)) - simp only [Exprs.denote, and_true, and_imp] at this + (by decide)) + simp only [Exprs.denote, List.foldl, true_and, and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 done @@ -321,8 +320,8 @@ theorem partially_shadowed_and_new_updates -/ (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) x3 s1)) : s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) x3 s0)) := by - have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], - gpr := [x0, old_x1, x1, x3] } + have := (Expr.eq_true_of_isValid { Γs := [s0, s1, s2], + Γgpr := [x0, old_x1, x1, x3] } -- init { prev_state := 0, curr_state := 0, writes := []} -- final @@ -331,7 +330,7 @@ theorem partially_shadowed_and_new_updates [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, { prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.var 3)] } ] (Eq.refl true)) - simp only [Exprs.denote, and_true, and_imp] at this + simp only [Exprs.denote, List.foldl_cons, true_and, List.foldl_nil, and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 done @@ -355,8 +354,8 @@ theorem read_from_prev_update_test1 (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 1#5) s1) s1)) : s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) old_x1 s0)) := by - have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], - gpr := [x0, old_x1, x1] } + have := (Expr.eq_true_of_isValid { Γs := [s0, s1, s2], + Γgpr := [x0, old_x1, x1] } -- init { prev_state := 0, curr_state := 0, writes := []} -- final @@ -366,7 +365,8 @@ theorem read_from_prev_update_test1 [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, { prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.r_gpr 1)] } ] (Eq.refl true)) - simp only [Exprs.denote, and_true, and_imp] at this + simp only [Exprs.denote, BitVec.ofNat_eq_ofNat, List.foldl_cons, true_and, List.foldl_nil, + and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 done @@ -376,8 +376,8 @@ theorem read_from_prev_update_test2 (s0 s1 s2 : ArmState) (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 5#5) s1) s1)) : s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 5#5) s0) s0)) := by - have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], - gpr := [x0, old_x1, x1] } + have := (Expr.eq_true_of_isValid { Γs := [s0, s1, s2], + Γgpr := [x0, old_x1, x1] } -- init { prev_state := 0, curr_state := 0, writes := []} -- final @@ -389,7 +389,7 @@ theorem read_from_prev_update_test2 (s0 s1 s2 : ArmState) { prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.r_gpr 5#5)] } ] (Eq.refl true)) - simp only [Exprs.denote, and_true, and_imp] at this + simp only [Exprs.denote, List.foldl, true_and, and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 done From 7de7f7b3f65ae597f281e42729b0f7a18f01d9f4 Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Mon, 14 Oct 2024 22:22:19 -0500 Subject: [PATCH 07/20] Cherry-pick @bollu's commit 7947bbf (https://github.com/leanprover/LNSym/commit/7947bbfc4828a4ae34e740790d490fe75298f70b) --- Tactics/ArmConstr.lean | 42 +++++++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/Tactics/ArmConstr.lean b/Tactics/ArmConstr.lean index 56a2d2a5..bc8175dd 100644 --- a/Tactics/ArmConstr.lean +++ b/Tactics/ArmConstr.lean @@ -47,8 +47,8 @@ position of a variable in the context becomes variable name (see, e.g., `StateVar`, which is a `Nat`). -/ structure Context where - Γs : StateContext - Γgpr : GPRValContext + state : StateContext + gpr : GPRValContext deriving Repr, Inhabited /-- @@ -120,25 +120,25 @@ Map updates `us` to state `prev_state` to an `ArmState`. def Expr.writes.denote (ctx : Context) (us : List Update) (prev_state : StateVar) : ArmState := match us with - | [] => StateVar.denote ctx.Γs prev_state + | [] => StateVar.denote ctx.state prev_state | Update.w_gpr i v :: rest => w (.GPR i) - (GPRVal.denote ctx.Γgpr v (StateVar.denote ctx.Γs prev_state)) + (GPRVal.denote ctx.gpr v (StateVar.denote ctx.state prev_state)) (Expr.writes.denote ctx rest prev_state) /-- Denote an `Expr e` to a `Prop` corresponding to `curr_state = writes[prev_state]`. -/ def Expr.denote (ctx : Context) (e : Expr) : Prop := - StateVar.denote ctx.Γs e.curr_state = + StateVar.denote ctx.state e.curr_state = Expr.writes.denote ctx e.writes e.prev_state /-- Return a `Prop` corresponding to `e1 = e2`. -/ def Expr.denote_eq (ctx : Context) (e1 e2 : Expr) : Prop := - StateVar.denote ctx.Γs e1.prev_state = StateVar.denote ctx.Γs e2.prev_state ∧ - StateVar.denote ctx.Γs e1.curr_state = StateVar.denote ctx.Γs e2.curr_state ∧ + StateVar.denote ctx.state e1.prev_state = StateVar.denote ctx.state e2.prev_state ∧ + StateVar.denote ctx.state e1.curr_state = StateVar.denote ctx.state e2.curr_state ∧ Expr.denote ctx e1 ∧ Expr.denote ctx e2 @@ -148,7 +148,10 @@ abbrev Exprs := List Expr Denote each expression in `es` using `Expr.denote`. -/ def Exprs.denote (ctx : Context) (es : Exprs) : Prop := - es.foldl (init := True) (fun p e => p ∧ e.denote ctx) + -- es.foldl (init := True) (fun p e => p ∧ e.denote ctx) + match es with + | [] => True + | u :: rest => Expr.denote ctx u ∧ Exprs.denote ctx rest def Expr.default : Expr := { prev_state := 0, curr_state := 0, writes := [] } @@ -261,7 +264,8 @@ info: { curr_state := 2, def Expr.isAggregated (init : Expr) (updates : Exprs) (final : Expr) : Bool := final == aggregate init updates -/-- TODO: we're probably missing a well-formedness hyp. about the `ctx` here. -/ +/-- TODO: we're probably missing well-formedness hyps. about the `ctx` and/or + `updates` here. -/ theorem Expr.eq_true_of_isValid (ctx : Context) (init final : Expr) (updates : Exprs) : (Expr.isAggregated init updates final) → Expr.denote ctx init ∧ Exprs.denote ctx updates → (Expr.denote ctx final) := by @@ -289,8 +293,8 @@ theorem completely_shadowed_updates s2 = xxxx : Prop -/ s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s0) := by - have := (Expr.eq_true_of_isValid { Γs := [s0, s1, s2], - Γgpr := [x0, x1] } + have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], + gpr := [x0, x1] } -- init { prev_state := 0, curr_state := 0, writes := []} -- final @@ -298,7 +302,7 @@ theorem completely_shadowed_updates -- updates [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, { prev_state := 1, curr_state := 2, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] } ] - (by decide)) + (Eq.refl true)) simp only [Exprs.denote, List.foldl, true_and, and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 done @@ -320,8 +324,8 @@ theorem partially_shadowed_and_new_updates -/ (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) x3 s1)) : s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) x3 s0)) := by - have := (Expr.eq_true_of_isValid { Γs := [s0, s1, s2], - Γgpr := [x0, old_x1, x1, x3] } + have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], + gpr := [x0, old_x1, x1, x3] } -- init { prev_state := 0, curr_state := 0, writes := []} -- final @@ -354,8 +358,8 @@ theorem read_from_prev_update_test1 (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 1#5) s1) s1)) : s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) old_x1 s0)) := by - have := (Expr.eq_true_of_isValid { Γs := [s0, s1, s2], - Γgpr := [x0, old_x1, x1] } + have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], + gpr := [x0, old_x1, x1] } -- init { prev_state := 0, curr_state := 0, writes := []} -- final @@ -365,7 +369,7 @@ theorem read_from_prev_update_test1 [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, { prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.r_gpr 1)] } ] (Eq.refl true)) - simp only [Exprs.denote, BitVec.ofNat_eq_ofNat, List.foldl_cons, true_and, List.foldl_nil, + simp only [Exprs.denote, List.foldl_cons, true_and, List.foldl_nil, and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 done @@ -376,8 +380,8 @@ theorem read_from_prev_update_test2 (s0 s1 s2 : ArmState) (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 5#5) s1) s1)) : s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 5#5) s0) s0)) := by - have := (Expr.eq_true_of_isValid { Γs := [s0, s1, s2], - Γgpr := [x0, old_x1, x1] } + have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], + gpr := [x0, old_x1, x1] } -- init { prev_state := 0, curr_state := 0, writes := []} -- final From e61e5d63f12fc04ebdb60a73658c97512dbbdd2f Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Mon, 14 Oct 2024 22:46:31 -0500 Subject: [PATCH 08/20] Minor edits --- Tactics/ArmConstr.lean | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/Tactics/ArmConstr.lean b/Tactics/ArmConstr.lean index bc8175dd..9781f066 100644 --- a/Tactics/ArmConstr.lean +++ b/Tactics/ArmConstr.lean @@ -78,6 +78,8 @@ inductive Update where -- TODO: Other state components. deriving DecidableEq, Repr, Inhabited +abbrev Updates := List Update + /-- Do updates `x` and `y` refer to the same state component? -/ @@ -111,13 +113,13 @@ curr_state = writes[prev_state] structure Expr where curr_state : StateVar prev_state : StateVar - writes : List Update -- Sorted by the state components. + writes : Updates -- Sorted by the state components. deriving DecidableEq, Repr, Inhabited /-- Map updates `us` to state `prev_state` to an `ArmState`. -/ -def Expr.writes.denote (ctx : Context) (us : List Update) (prev_state : StateVar) +def Expr.writes.denote (ctx : Context) (us : Updates) (prev_state : StateVar) : ArmState := match us with | [] => StateVar.denote ctx.state prev_state @@ -156,7 +158,7 @@ def Exprs.denote (ctx : Context) (es : Exprs) : Prop := def Expr.default : Expr := { prev_state := 0, curr_state := 0, writes := [] } -def Update.insertSorted (es : List Update) (u : Update) : List Update := +def Update.insertSorted (es : Updates) (u : Update) : Updates := match es with | [] => [u] | e :: rest => @@ -173,13 +175,13 @@ def Update.insertSorted (es : List Update) (u : Update) : List Update := /-- Resolve any reads in `u` by looking it up in `es`. -/ -def Update.resolveRead (es : List Update) (u : Update) : Update := +def Update.resolveRead (es : Updates) (u : Update) : Update := match u with | .w_gpr _ (.var _) => u | .w_gpr i (.r_gpr gpr_idx) => let ans := go gpr_idx es .w_gpr i ans - where go (gpr_idx : BitVec 5) (es : List Update) : GPRVal := + where go (gpr_idx : BitVec 5) (es : Updates) : GPRVal := match es with | [] => .r_gpr gpr_idx | (.w_gpr i v) :: rest => @@ -188,7 +190,7 @@ def Update.resolveRead (es : List Update) (u : Update) : Update := /-- Resolve any reads in each of `us` by looking them up in `es`. -/ -def Update.resolveReads (es us : List Update) : List Update := +def Update.resolveReads (es us : Updates) : Updates := us.map (Update.resolveRead es) /-- @@ -205,7 +207,7 @@ def Expr.aggregate1 (e u : Expr) : Expr := -- StateUpdate here. -- TODO: We should probably throw an error here. e - where go (es us : List Update) : List Update := + where go (es us : Updates) : Updates := match es, us with | [], us => us | es, [] => es @@ -303,7 +305,7 @@ theorem completely_shadowed_updates [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, { prev_state := 1, curr_state := 2, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] } ] (Eq.refl true)) - simp only [Exprs.denote, List.foldl, true_and, and_imp] at this + simp only [Exprs.denote, List.foldl, true_and, and_true, and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 done @@ -334,7 +336,7 @@ theorem partially_shadowed_and_new_updates [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, { prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.var 3)] } ] (Eq.refl true)) - simp only [Exprs.denote, List.foldl_cons, true_and, List.foldl_nil, and_imp] at this + simp only [Exprs.denote, List.foldl_cons, and_true, true_and, List.foldl_nil, and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 done @@ -369,7 +371,7 @@ theorem read_from_prev_update_test1 [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, { prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.r_gpr 1)] } ] (Eq.refl true)) - simp only [Exprs.denote, List.foldl_cons, true_and, List.foldl_nil, + simp only [Exprs.denote, List.foldl_cons, and_true, true_and, List.foldl_nil, and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 done @@ -393,7 +395,7 @@ theorem read_from_prev_update_test2 (s0 s1 s2 : ArmState) { prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.r_gpr 5#5)] } ] (Eq.refl true)) - simp only [Exprs.denote, List.foldl, true_and, and_imp] at this + simp only [Exprs.denote, List.foldl, true_and, and_true, and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 done @@ -706,7 +708,7 @@ theorem test_10_steps (s0 : ArmState) ] (by native_decide)) simp only [Exprs.denote, and_true, and_imp] at this - exact this (Eq.refl s0) h_step_1 h_step_2 h_step_3 h_step_4 h_step_5 h_step_6 h_step_7 h_step_8 h_step_9 h_step_10] + exact this (Eq.refl s0) h_step_1 h_step_2 h_step_3 h_step_4 h_step_5 h_step_6 h_step_7 h_step_8 h_step_9 h_step_10 done From cf0d8a6dfe47e41705263a776a4ce5c740775579 Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Tue, 15 Oct 2024 13:20:20 -0500 Subject: [PATCH 09/20] Sort the updates when doing the aggregation --- Tactics/ArmConstr.lean | 77 ++++++++++++++++++++++++++++++------------ 1 file changed, 56 insertions(+), 21 deletions(-) diff --git a/Tactics/ArmConstr.lean b/Tactics/ArmConstr.lean index 9781f066..2cbe8eba 100644 --- a/Tactics/ArmConstr.lean +++ b/Tactics/ArmConstr.lean @@ -87,25 +87,29 @@ def Update.regEq (x y : Update) : Prop := match x, y with | w_gpr i _, w_gpr j _ => i = j -instance : Decidable (Update.regEq x y) := by - simp [Update.regEq] - infer_instance +instance : Decidable (Update.regEq x y) := + inferInstanceAs (Decidable <| + match x, y with + | .w_gpr i _, .w_gpr j _ => i = j) /-- Is the register index of update `x` less than that of `y`? -/ -def Update.regIndexLt (x y : Update) : Prop := +def Update.regIndexLt (x y : Update) : Bool := match x, y with | w_gpr i _, w_gpr j _ => i < j -instance : Decidable (Update.regIndexLt x y) := by - simp [Update.regIndexLt] - infer_instance +-- instance : Decidable (Update.regIndexLt x y) := + -- inferInstanceAs (Decidable <| + -- match x, y with + -- | Update.w_gpr i _, Update.w_gpr j _ => i < j) +-- +-- def Update.regIndexLtBool (x y : Update) : Bool := + -- decide (x.regIndexLt y) /-- Datastructure to represent expressions characterizing the following state -update. Note that we ensure, by construction, that the `writes` are sorted by -the state components. +update. ``` curr_state = writes[prev_state] ``` @@ -113,7 +117,7 @@ curr_state = writes[prev_state] structure Expr where curr_state : StateVar prev_state : StateVar - writes : Updates -- Sorted by the state components. + writes : Updates deriving DecidableEq, Repr, Inhabited /-- @@ -173,7 +177,8 @@ def Update.insertSorted (es : Updates) (u : Update) : Updates := e :: (insertSorted rest u) /-- -Resolve any reads in `u` by looking it up in `es`. +Resolve any reads in `u` by looking it up in `es`. Note that `es` is expected to +be sorted. -/ def Update.resolveRead (es : Updates) (u : Update) : Update := match u with @@ -188,7 +193,8 @@ def Update.resolveRead (es : Updates) (u : Update) : Update := if i == gpr_idx then v else go gpr_idx rest /-- -Resolve any reads in each of `us` by looking them up in `es`. +Resolve any reads in each of `us` by looking them up in `es`, which is expected +to be sorted. -/ def Update.resolveReads (es us : Updates) : Updates := us.map (Update.resolveRead es) @@ -198,10 +204,11 @@ Aggregate `e` and `u`, assuming `u` follows `e`. -/ def Expr.aggregate1 (e u : Expr) : Expr := if e.curr_state == u.prev_state then - let u_resolved_writes := Update.resolveReads e.writes u.writes + let e_sorted_writes := List.mergeSort e.writes Update.regIndexLt + let u_resolved_writes := Update.resolveReads e_sorted_writes u.writes { prev_state := e.prev_state, curr_state := u.curr_state, - writes := go e.writes u_resolved_writes } + writes := go e_sorted_writes u_resolved_writes } else -- We cannot aggregate two non-consecutive states, so we return the original -- StateUpdate here. @@ -229,7 +236,7 @@ open Expr Update in writes := [w_gpr 0#5 (.var 1), w_gpr 1#5 (.var 3)] } { prev_state := 1, curr_state := 2, - writes := [w_gpr 1#5 (.var 1), w_gpr 2#5 (.r_gpr 1)] } + writes := [w_gpr 2#5 (.r_gpr 1), w_gpr 1#5 (.var 1)] } /-- Aggregate `es` onto `init`. @@ -266,6 +273,15 @@ info: { curr_state := 2, def Expr.isAggregated (init : Expr) (updates : Exprs) (final : Expr) : Bool := final == aggregate init updates +-- +-- #check decidable_of_decidable_of_iff + +-- Hint: Reduction got stuck on '▸' (Eq.rec), which suggests that one of the +-- 'Decidable' instances is defined using tactics such as 'rw' or 'simp'. To +-- avoid tactics, make use of functions such as 'inferInstanceAs' or +-- 'decidable_of_decidable_of_iff' to alter a proposition. + + /-- TODO: we're probably missing well-formedness hyps. about the `ctx` and/or `updates` here. -/ theorem Expr.eq_true_of_isValid (ctx : Context) (init final : Expr) (updates : Exprs) : @@ -277,7 +293,17 @@ theorem Expr.eq_true_of_isValid (ctx : Context) (init final : Expr) (updates : E -- Tests +-- set_option trace.Meta.synthInstance true in +-- open Expr Update in +-- theorem foo : Expr.isAggregated + -- { curr_state := 0, prev_state := 0, writes := [] } + -- [{ curr_state := 1, prev_state := 0, writes := [w_gpr (0#5) (GPRVal.var 0), w_gpr (1#5) (GPRVal.var 1)] }, + -- { curr_state := 2, prev_state := 1, writes := [w_gpr (0#5) (GPRVal.var 0), w_gpr (1#5) (GPRVal.var 1)] }] + -- { curr_state := 2, prev_state := 0, writes := [w_gpr (0#5) (GPRVal.var 0), w_gpr (1#5) (GPRVal.var 1)] } := by + -- decide + #time +-- set_option trace.Meta.synthInstance true in open Expr Update in theorem completely_shadowed_updates (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s0)) @@ -304,15 +330,23 @@ theorem completely_shadowed_updates -- updates [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, { prev_state := 1, curr_state := 2, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] } ] - (Eq.refl true)) + -- (FIXME) `by decide` or `Eq.refl true` fails below. + (by native_decide)) simp only [Exprs.denote, List.foldl, true_and, and_true, and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 done +open Expr Update in +#eval Expr.aggregate + { prev_state := 0, curr_state := 0, writes := []} + [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, + { prev_state := 1, curr_state := 2, writes := [w_gpr 3#5 (.var 3), w_gpr 1#5 (.var 2)] } ] + open Expr Update in theorem partially_shadowed_and_new_updates (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) /- + (NOTE) No (NOTE) if any instructions updates are not sorted, as is the case in `h_s2` below, then we run into a problem because the writes in `Expr` are sorted. `(h_s2 : s2 = w (.GPR 3#5) x3 (w (.GPR 1#5) x1 s1))` @@ -324,7 +358,8 @@ theorem partially_shadowed_and_new_updates Therefore, for convenience, we ought to enforce that instruction updates like `h_s2` are sorted in the preprocessing step. -/ - (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) x3 s1)) : + -- (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) x3 s1)) : + (h_s2 : s2 = w (.GPR 3#5) x3 (w (.GPR 1#5) x1 s1)) : s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) x3 s0)) := by have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], gpr := [x0, old_x1, x1, x3] } @@ -334,8 +369,8 @@ theorem partially_shadowed_and_new_updates { prev_state := 0, curr_state := 2, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 2), w_gpr 3#5 (.var 3)] } -- updates [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, - { prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.var 3)] } ] - (Eq.refl true)) + { prev_state := 1, curr_state := 2, writes := [w_gpr 3#5 (.var 3), w_gpr 1#5 (.var 2)] } ] + (by native_decide)) simp only [Exprs.denote, List.foldl_cons, and_true, true_and, List.foldl_nil, and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 done @@ -370,7 +405,7 @@ theorem read_from_prev_update_test1 -- updates [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, { prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.r_gpr 1)] } ] - (Eq.refl true)) + (by native_decide)) simp only [Exprs.denote, List.foldl_cons, and_true, true_and, List.foldl_nil, and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 @@ -394,7 +429,7 @@ theorem read_from_prev_update_test2 (s0 s1 s2 : ArmState) writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, { prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.r_gpr 5#5)] } ] - (Eq.refl true)) + (by native_decide)) simp only [Exprs.denote, List.foldl, true_and, and_true, and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 done From ad449b0de7e82dfa0190a45de45c9c9f206ca831 Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Tue, 15 Oct 2024 13:57:18 -0500 Subject: [PATCH 10/20] Add note about why decide doesn't do a complete reduction (thanks, @akeizer) --- Tactics/ArmConstr.lean | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/Tactics/ArmConstr.lean b/Tactics/ArmConstr.lean index 2cbe8eba..eee52564 100644 --- a/Tactics/ArmConstr.lean +++ b/Tactics/ArmConstr.lean @@ -293,14 +293,16 @@ theorem Expr.eq_true_of_isValid (ctx : Context) (init final : Expr) (updates : E -- Tests --- set_option trace.Meta.synthInstance true in --- open Expr Update in --- theorem foo : Expr.isAggregated - -- { curr_state := 0, prev_state := 0, writes := [] } - -- [{ curr_state := 1, prev_state := 0, writes := [w_gpr (0#5) (GPRVal.var 0), w_gpr (1#5) (GPRVal.var 1)] }, - -- { curr_state := 2, prev_state := 1, writes := [w_gpr (0#5) (GPRVal.var 0), w_gpr (1#5) (GPRVal.var 1)] }] - -- { curr_state := 2, prev_state := 0, writes := [w_gpr (0#5) (GPRVal.var 0), w_gpr (1#5) (GPRVal.var 1)] } := by - -- decide +open Expr Update in +example : Expr.isAggregated + { curr_state := 0, prev_state := 0, writes := [] } + [{ curr_state := 1, prev_state := 0, writes := [w_gpr (0#5) (GPRVal.var 0), w_gpr (1#5) (GPRVal.var 1)] }, + { curr_state := 2, prev_state := 1, writes := [w_gpr (0#5) (GPRVal.var 0), w_gpr (1#5) (GPRVal.var 1)] }] + { curr_state := 2, prev_state := 0, writes := [w_gpr (0#5) (GPRVal.var 0), w_gpr (1#5) (GPRVal.var 1)] } := by + -- List.mergeSort, using in Expr.aggregate1, is irreducible, which + -- causes reduction to get stuck. We use `with_unfolding_all` below to + -- workaround that problem. We can also use `native_decide` here. + with_unfolding_all decide #time -- set_option trace.Meta.synthInstance true in @@ -330,18 +332,11 @@ theorem completely_shadowed_updates -- updates [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, { prev_state := 1, curr_state := 2, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] } ] - -- (FIXME) `by decide` or `Eq.refl true` fails below. (by native_decide)) simp only [Exprs.denote, List.foldl, true_and, and_true, and_imp] at this exact this (Eq.refl s0) h_s1 h_s2 done -open Expr Update in -#eval Expr.aggregate - { prev_state := 0, curr_state := 0, writes := []} - [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, - { prev_state := 1, curr_state := 2, writes := [w_gpr 3#5 (.var 3), w_gpr 1#5 (.var 2)] } ] - open Expr Update in theorem partially_shadowed_and_new_updates (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) From c23db6268c5a23b54eb00f5acf2b65aa81feefda Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Mon, 21 Oct 2024 11:13:01 -0500 Subject: [PATCH 11/20] Prove Expr.eq_true_of_denote --- Tactics/ArmConstr.lean | 689 ++++++++++++++++++++++++++++----- scripts/gen_armconstr_cases.py | 4 +- 2 files changed, 585 insertions(+), 108 deletions(-) diff --git a/Tactics/ArmConstr.lean b/Tactics/ArmConstr.lean index eee52564..1815e965 100644 --- a/Tactics/ArmConstr.lean +++ b/Tactics/ArmConstr.lean @@ -20,6 +20,7 @@ This is inspired by `simp_arith`, especially the following files: -/ import Arm.Exec +import Arm.FromMathlib namespace ArmConstr @@ -58,16 +59,21 @@ def StateVar.denote (ctx : StateContext) (v : StateVar) : ArmState := ctx.getD v ArmState.default /-- -Denote `GPRVal v`. - -If `v` is a variable then look it up in the `GPRValContext`. Else if `v` is -`r_gpr i`, then look up the `i`th register in `prev_s`. +Denote `GPRVal v` over `ArmState prev_s`. That is, if `v` is a variable then +look it up in the `GPRValContext`. Else if `v` is `r_gpr i`, then look up the +`i`th register in `prev_s`. -/ def GPRVal.denote (ctx : GPRValContext) (v : GPRVal) (prev_s : ArmState) : BitVec 64 := match v with | var i => ctx.getD i 0 | r_gpr i => r (.GPR i) prev_s +@[local simp] +theorem GPRVal.denote_of_var : + GPRVal.denote ctx (GPRVal.var v) s = ctx.getD v 0 := by + simp [GPRVal.denote] + done + /-- Datastructure that characterizes all the updates that can be made to an `ArmState`. @@ -93,19 +99,23 @@ instance : Decidable (Update.regEq x y) := | .w_gpr i _, .w_gpr j _ => i = j) /-- -Is the register index of update `x` less than that of `y`? +Is the register index of update `x` less than or equal to that of `y`? -/ -def Update.regIndexLt (x y : Update) : Bool := +def Update.regIndexLe (x y : Update) : Bool := match x, y with - | w_gpr i _, w_gpr j _ => i < j + | w_gpr i _, w_gpr j _ => i <= j + +theorem Update.regIndexLe_trans (a b c : Update) + (h1 : Update.regIndexLe a b) + (h2 : Update.regIndexLe b c) : + Update.regIndexLe a c := by + simp_all [Update.regIndexLe] + exact BitVec.le_trans h1 h2 --- instance : Decidable (Update.regIndexLt x y) := - -- inferInstanceAs (Decidable <| - -- match x, y with - -- | Update.w_gpr i _, Update.w_gpr j _ => i < j) --- --- def Update.regIndexLtBool (x y : Update) : Bool := - -- decide (x.regIndexLt y) +theorem Update.regIndexLe_total (a b : Update) : + Update.regIndexLe a b || Update.regIndexLe b a := by + simp_all [Update.regIndexLe] + exact BitVec.le_total a.1 b.1 /-- Datastructure to represent expressions characterizing the following state @@ -123,21 +133,108 @@ deriving DecidableEq, Repr, Inhabited /-- Map updates `us` to state `prev_state` to an `ArmState`. -/ -def Expr.writes.denote (ctx : Context) (us : Updates) (prev_state : StateVar) +def Expr.denote_writes (ctx : Context) (us : Updates) (prev_state : StateVar) : ArmState := match us with | [] => StateVar.denote ctx.state prev_state | Update.w_gpr i v :: rest => w (.GPR i) (GPRVal.denote ctx.gpr v (StateVar.denote ctx.state prev_state)) - (Expr.writes.denote ctx rest prev_state) + (Expr.denote_writes ctx rest prev_state) + +@[local simp] +theorem denote_writes_empty : + Expr.denote_writes ctx [] prev_state = StateVar.denote ctx.state prev_state := by + simp only [Expr.denote_writes] + +@[local simp] +theorem denote_writes_cons : + Expr.denote_writes ctx (e :: us) prev_state = + w (StateField.GPR e.1) (GPRVal.denote ctx.gpr e.2 (StateVar.denote ctx.state prev_state)) + (Expr.denote_writes ctx us prev_state) := by + simp only [Expr.denote_writes] + +theorem denote_statevar_eq_denote_writes_eq + (h : StateVar.denote ctx.state v1 = StateVar.denote ctx.state v2) : + Expr.denote_writes ctx writes v1 = Expr.denote_writes ctx writes v2 := by + induction writes + case nil => simpa [Expr.denote_writes] + case cons => + rename_i head tail h_ind + simp [Expr.denote_writes] + simp_all only + done + +-- TODO: Generalize and move to Arm/State. +theorem w_of_w_gpr_commute (i j : BitVec 5) + (h : i ≠ j) : + w (StateField.GPR i) v1 (w (StateField.GPR j) v2 s) = + w (StateField.GPR j) v2 (w (StateField.GPR i) v1 s) := by + simp_all [w, write_base_gpr, Update.regIndexLe] + unfold write_store + ext i + (repeat (split <;> simp_all!)) + done + +private theorem denote_writes_sorted_helper + (h : ∀ (b : Update), b ∈ l1 → (!head.regIndexLe b) = true) : + Expr.denote_writes ctx (l1 ++ head :: l2) s = + Expr.denote_writes ctx (head :: l1 ++ l2) s := by + induction l1 + case nil => simp_all only [List.not_mem_nil, + Bool.not_eq_eq_eq_not, + Bool.not_true, false_implies, + implies_true, List.nil_append, + denote_writes_cons, + List.singleton_append] + case cons => + rename_i head' tail' ih + simp [denote_writes_cons] + rw [ih] + simp only [List.cons_append, denote_writes_cons] + · rw [w_of_w_gpr_commute] + simp_all [Update.regIndexLe] + apply BitVec.ne_of_lt + simp_all + · simp_all only [List.mem_cons, + or_true, implies_true, + List.cons_append, denote_writes_cons, + true_implies, Bool.not_eq_eq_eq_not, + Bool.not_true, forall_eq_or_imp, Bool.not_false] + +/-- +Sorting `Updates xs` using `Update.regIndexLe` is immaterial to their denotation +over `StateVar s`. + +-/ +@[local simp] +theorem denote_writes_sorted : + Expr.denote_writes ctx (List.mergeSort xs Update.regIndexLe) s = + Expr.denote_writes ctx xs s := by + induction xs + case nil => simp only [List.mergeSort_nil, denote_writes_empty] + case cons => + rename_i head tail ih + simp only [denote_writes_cons] + have ⟨l1, l2, h1, h2, h3⟩ := + @List.mergeSort_cons Update Update.regIndexLe + (by apply Update.regIndexLe_trans) + (by apply Update.regIndexLe_total) + head tail + rw [h1] + simp_all only [Bool.not_eq_eq_eq_not, + Bool.not_true, + denote_writes_sorted_helper h3, + List.cons_append, denote_writes_cons] + done + /-- Denote an `Expr e` to a `Prop` corresponding to `curr_state = writes[prev_state]`. -/ def Expr.denote (ctx : Context) (e : Expr) : Prop := StateVar.denote ctx.state e.curr_state = - Expr.writes.denote ctx e.writes e.prev_state + Expr.denote_writes ctx e.writes e.prev_state /-- Return a `Prop` corresponding to `e1 = e2`. @@ -162,17 +259,23 @@ def Exprs.denote (ctx : Context) (es : Exprs) : Prop := def Expr.default : Expr := { prev_state := 0, curr_state := 0, writes := [] } +/-- +Insert `u`, which comes after `es`, at an appropriate safe point in `es`. + +Note that `u` only changes `es` only if it shadows some update in it. +Independent updates are unaffected. +-/ def Update.insertSorted (es : Updates) (u : Update) : Updates := match es with | [] => [u] | e :: rest => - if u.regIndexLt e then - -- `u` does not appear in `es` (given that `es` is sorted), so we retain - -- this update. - u :: es - else if u.regEq e then - -- We overwrite `e` with `x`. + if u.regEq e then + -- We overwrite `e` with `u`. u :: rest + else if u.regIndexLe e then + -- `u` does not appear in `es` (given that `es` is + -- sorted). We order `u` before `e` to retain this update. + u :: es else e :: (insertSorted rest u) @@ -192,6 +295,25 @@ def Update.resolveRead (es : Updates) (u : Update) : Update := | (.w_gpr i v) :: rest => if i == gpr_idx then v else go gpr_idx rest +@[local simp] +theorem Update.resolveRead_w_gpr : + Update.resolveRead es (.w_gpr i (.var v)) = (.w_gpr i (.var v)) := by + simp [Update.resolveRead] + done + +@[local simp] +theorem Update.resolveRead_empty_1 : + Update.resolveRead [] u = u := by + simp [Update.resolveRead] + split <;> rfl + +@[local simp] +theorem Update.resolveRead_index_unchanged (w : Updates) : + (Update.resolveRead w u).1 = u.1 := by + simp [Update.resolveRead] + split <;> simp only + done + /-- Resolve any reads in each of `us` by looking them up in `es`, which is expected to be sorted. @@ -199,12 +321,55 @@ to be sorted. def Update.resolveReads (es us : Updates) : Updates := us.map (Update.resolveRead es) +@[local simp] +theorem Update.resolveReads_cons_w_gpr : + Update.resolveReads es (Update.w_gpr i (GPRVal.var idx) :: tail) = + Update.w_gpr i (GPRVal.var idx) :: (Update.resolveReads es tail) := by + simp [Update.resolveReads, Update.resolveRead] + +@[local simp] +theorem Update.resolveReads_empty_1 : + Update.resolveReads [] us = us := by + simp [Update.resolveReads] + apply List.map_id''; intro i + apply Update.resolveRead_empty_1 + done + +@[local simp] +theorem Update.resolvedReads_empty_2 : + Update.resolveReads es [] = [] := by + simp only [resolveReads, List.map_nil] + +@[local simp] +theorem Update.resolveRead_empty_1_fn_is_id : + (Update.resolveRead []) = id := by + ext + simp [resolveRead] + split <;> simp_all [resolveRead.go] + done + +@[local simp] +theorem map_resolveRead_empty_1 : + (List.map (Update.resolveRead []) us) = us := by + simp [Update.resolveRead_empty_1_fn_is_id] + done + +-- If a write shadows another, then `List.mergeSort` with `Update.regIndexLe` +-- will preserve the order of the writes. +open Expr Update in +/-- +info: [ArmConstr.Update.w_gpr 0x01#5 (ArmConstr.GPRVal.var 1), +ArmConstr.Update.w_gpr 0x01#5 (ArmConstr.GPRVal.var 2)] +-/ +#guard_msgs in +#eval List.mergeSort [.w_gpr 1#5 (.var 1), .w_gpr 1#5 (.var 2)] Update.regIndexLe + /-- Aggregate `e` and `u`, assuming `u` follows `e`. -/ def Expr.aggregate1 (e u : Expr) : Expr := if e.curr_state == u.prev_state then - let e_sorted_writes := List.mergeSort e.writes Update.regIndexLt + let e_sorted_writes := List.mergeSort e.writes Update.regIndexLe let u_resolved_writes := Update.resolveReads e_sorted_writes u.writes { prev_state := e.prev_state, curr_state := u.curr_state, @@ -219,7 +384,19 @@ def Expr.aggregate1 (e u : Expr) : Expr := | [], us => us | es, [] => es | es, u :: rest_us => - go (Update.insertSorted es u) rest_us + Update.insertSorted (go es rest_us) u + +@[local simp] +theorem Expr.aggregate1.go_empty_1 : + Expr.aggregate1.go [] us = us := by + simp [Expr.aggregate1.go] + +@[local simp] +theorem Expr.aggregate1.go_empty_2 : + Expr.aggregate1.go es [] = es := by + unfold Expr.aggregate1.go + split <;> simp_all + done /-- info: { curr_state := 2, @@ -240,7 +417,7 @@ open Expr Update in /-- Aggregate `es` onto `init`. -Earlier updates appear first in `es`, and of course, `es` follows `init`. +Earlier updates appear first in `es`, and `es` follow `init`. -/ def Expr.aggregate (init : Expr) (es : Exprs) : Expr := match es with @@ -273,25 +450,190 @@ info: { curr_state := 2, def Expr.isAggregated (init : Expr) (updates : Exprs) (final : Expr) : Bool := final == aggregate init updates --- --- #check decidable_of_decidable_of_iff +/-- +If `next.writes` is empty, then +``` +next.curr_state = sorted(init.writes(init.prev_state)) +``` +-/ +theorem Expr.denote_when_next_writes_empty + (h_init : denote ctx init) + (h_next : denote ctx next) + (h_init_curr_next_prev : init.curr_state = next.prev_state) + (h_next_writes_empty : next.writes = []) : + denote ctx + { curr_state := next.curr_state, prev_state := init.prev_state, + writes := List.mergeSort init.writes Update.regIndexLe } := by + simp only [denote] at * + simp [h_next_writes_empty] at h_next + rw [h_next, ←h_init_curr_next_prev, h_init, denote_writes_sorted] + done --- Hint: Reduction got stuck on '▸' (Eq.rec), which suggests that one of the --- 'Decidable' instances is defined using tactics such as 'rw' or 'simp'. To --- avoid tactics, make use of functions such as 'inferInstanceAs' or --- 'decidable_of_decidable_of_iff' to alter a proposition. +/-- +Using `Update.insertSorted es u` is equivalent to inserting `u` at the beginning +of `es`, vis-a-vis denotation. This is because `Update.insertSorted` only +modifies an `Update` in `es` if `u` shadows it. +-/ +@[local simp] +theorem denote_writes_insertSorted : + Expr.denote_writes ctx (Update.insertSorted es u) s = + Expr.denote_writes ctx (u :: es) s := by + induction es + case nil => + simp [Update.insertSorted] + case cons => + rename_i head tail ih + simp [Update.insertSorted] + split + case isTrue => + rename_i h_u_head_eq + simp only [denote_writes_cons] + simp_all only [Update.regEq] + rw [h_u_head_eq, w_of_w_shadow] + case isFalse => + rename_i h_u_head_neq + simp_all only [Update.regEq] + split + · simp only [denote_writes_cons] + · simp only [denote_writes_cons] + rw [ih] + simp only [denote_writes_cons] + rw [w_of_w_gpr_commute] + exact fun a => h_u_head_neq (id (Eq.symm a)) + done +/-- +Resolving `Update u` w.r.t. `writes` and then denoting it over `StateVar s0` +is equivalent to denoting the _unresolved_ `u` w.r.t. `writes` denoted over +`s0`. +-/ +theorem GPRVal.denote_resolveRead (ctx : Context) : + GPRVal.denote ctx.gpr (Update.resolveRead writes u).2 (StateVar.denote ctx.state s0) = + GPRVal.denote ctx.gpr u.2 (Expr.denote_writes ctx writes s0) := by + induction writes generalizing u + case nil => + simp only [denote_writes_empty, Update.resolveRead_empty_1] + case cons => + rename_i head tail ih + simp only [denote_writes_cons] + simp [Update.resolveRead] + split + case h_1 => + rename_i u' idx var + simp [GPRVal.denote_of_var] + case h_2 => + rename_i u' i' gpr_idx + simp [Update.resolveRead.go] + split + case isTrue => + rename_i h_eq + subst gpr_idx + simp [GPRVal.denote, r_of_w_same] + case isFalse => + rename_i h_neq + conv => rhs; simp [GPRVal.denote] + rw [r_of_w_different (by simp_all; exact fun a => h_neq (id (Eq.symm a)))] + have ih' := @ih (.w_gpr gpr_idx (GPRVal.r_gpr gpr_idx)) + simp [Update.resolveRead] at ih' + rw [ih'] + simp [GPRVal.denote] + done -/-- TODO: we're probably missing well-formedness hyps. about the `ctx` and/or - `updates` here. -/ -theorem Expr.eq_true_of_isValid (ctx : Context) (init final : Expr) (updates : Exprs) : +/-- +`Expr.aggregate1` aggregates `first` and `second` correctly, allowing +us to express `second.curr_state` in terms of `first.prev_state`. That is: +``` +if first.curr_state = first.writes[first.prev_state] and + second.curr_state = second.writes[second.prev_state] then + second.curr_state = resolveReads(second.writes, first.writes)[first.prev_state] +``` +-/ +theorem Expr.denote_aggregate1 + (h1 : Expr.denote ctx first) + (h2 : Expr.denote ctx second) : + Expr.denote ctx (aggregate1 first second) := by + simp [aggregate1] + by_cases h₀ : first.curr_state = second.prev_state + case neg => -- h0 : first.curr_state ≠ second.prev_state + simp_all only [minimal_theory] + case pos => -- first.curr_state = second.prev_state + simp_all [denote] + rw [←h₀] at h1 h2 ⊢ + generalize first.prev_state = s0 at * + generalize first.curr_state = s1 at * + generalize first.writes = writes1 at * + generalize second.writes = writes2 at * + clear h₀ h2 first second + induction writes2 generalizing s0 s1 writes1 + case nil => + simp_all + rw [Update.resolvedReads_empty_2] + unfold aggregate1.go + split + · have : writes1 = [] := by + have := @List.length_mergeSort Update Update.regIndexLe writes1 + simp_all only [List.length_nil] + exact List.length_eq_zero.mp (id (Eq.symm this)) + simp_all only [denote_writes_empty] + · simp [denote_writes_sorted] + · simp_all + case cons => + rename_i u us ih + simp [denote_writes_cons] + simp [Update.resolveReads] + conv => rhs; unfold aggregate1.go + split + case h_1 => + have : writes1 = [] := by + have := @List.length_mergeSort Update Update.regIndexLe writes1 + simp_all only [List.length_nil] + exact List.length_eq_zero.mp (id (Eq.symm this)) + simp_all [Update.resolveRead_empty_1] + rw [ih s0 s1 [] h1] + simp [Expr.aggregate1.go_empty_1, Update.resolveReads_empty_1, map_resolveRead_empty_1] + case h_2 => contradiction + case h_3 => + rename_i es' us' u' rest_us' h_eq h_nonempty + have h_u' : u' = Update.resolveRead (List.mergeSort writes1 Update.regIndexLe) u := by + simp_all + have h_rest_us' : rest_us' = List.map (Update.resolveRead (List.mergeSort writes1 Update.regIndexLe)) us := by + simp_all + subst u' rest_us' + clear h_eq + rw [denote_writes_insertSorted] + simp [denote_writes_cons] + rw [Update.resolveRead_index_unchanged] + simp [Update.resolveReads] at ih + rw [←ih s0 s1 writes1 h1] + rw [GPRVal.denote_resolveRead] + rw [denote_writes_sorted, h1] + done + +/-- +If `Expr.isAggregated` computes that aggregating `updates` over `init` yields +`final`, then it accurately represents `ArmState` aggregation in logic. +-/ +theorem Expr.eq_true_of_denote (ctx : Context) (init final : Expr) (updates : Exprs) : (Expr.isAggregated init updates final) → Expr.denote ctx init ∧ Exprs.denote ctx updates → (Expr.denote ctx final) := by - sorry + induction updates generalizing init + case nil => + simp only [isAggregated, aggregate, beq_iff_eq, Exprs.denote, and_true] + intro i; simp_all only [minimal_theory] + case cons => + rename_i head tail h_ind + simp [isAggregated] at * + simp [aggregate, Exprs.denote] + intros h_final h_init h_head h_tail + have h_aggr1 := @Expr.denote_aggregate1 ctx init head h_init h_head + have h_ind' := h_ind (init.aggregate1 head) h_final h_aggr1 h_tail + exact h_ind' + done ------------------------------------------------------------------------------- +------------------------------------------------------------------------------- --- Tests +-- Litmus Tests open Expr Update in example : Expr.isAggregated @@ -305,7 +647,6 @@ example : Expr.isAggregated with_unfolding_all decide #time --- set_option trace.Meta.synthInstance true in open Expr Update in theorem completely_shadowed_updates (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s0)) @@ -323,7 +664,7 @@ theorem completely_shadowed_updates s2 = xxxx : Prop -/ s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s0) := by - have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], + have := (Expr.eq_true_of_denote { state := [s0, s1, s2], gpr := [x0, x1] } -- init { prev_state := 0, curr_state := 0, writes := []} @@ -337,6 +678,12 @@ theorem completely_shadowed_updates exact this (Eq.refl s0) h_s1 h_s2 done +/-- +info: 'ArmConstr.completely_shadowed_updates' depends on axioms: [propext, +Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ +#guard_msgs in #print axioms completely_shadowed_updates + open Expr Update in theorem partially_shadowed_and_new_updates (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) @@ -356,7 +703,7 @@ theorem partially_shadowed_and_new_updates -- (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) x3 s1)) : (h_s2 : s2 = w (.GPR 3#5) x3 (w (.GPR 1#5) x1 s1)) : s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) x3 s0)) := by - have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], + have := (Expr.eq_true_of_denote { state := [s0, s1, s2], gpr := [x0, old_x1, x1, x3] } -- init { prev_state := 0, curr_state := 0, writes := []} @@ -390,7 +737,7 @@ theorem read_from_prev_update_test1 (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 1#5) s1) s1)) : s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) old_x1 s0)) := by - have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], + have := (Expr.eq_true_of_denote { state := [s0, s1, s2], gpr := [x0, old_x1, x1] } -- init { prev_state := 0, curr_state := 0, writes := []} @@ -412,7 +759,7 @@ theorem read_from_prev_update_test2 (s0 s1 s2 : ArmState) (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 5#5) s1) s1)) : s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 5#5) s0) s0)) := by - have := (Expr.eq_true_of_isValid { state := [s0, s1, s2], + have := (Expr.eq_true_of_denote { state := [s0, s1, s2], gpr := [x0, old_x1, x1] } -- init { prev_state := 0, curr_state := 0, writes := []} @@ -545,6 +892,80 @@ info: { curr_state := 30, [w_gpr (8#5) (GPRVal.var 87), w_gpr (9#5) (GPRVal.var 86), w_gpr (10#5) (GPRVal.var 85), w_gpr (11#5) (GPRVal.var 84)] }] +open Expr Update in +#eval Expr.aggregate + { prev_state := 0, curr_state := 0, writes := []} + [ { curr_state := 1, prev_state := 0, writes := [w_gpr 13#5 (.var 1), w_gpr 14#5 (.var 0), ] }, + { curr_state := 2, prev_state := 1, writes := [w_gpr 11#5 (.var 2), ] }, + { curr_state := 3, prev_state := 2, writes := [w_gpr 11#5 (.var 5), w_gpr 12#5 (.var 4), w_gpr 13#5 (.var 3), ] }, + { curr_state := 4, prev_state := 3, writes := [w_gpr 10#5 (.var 10), w_gpr 11#5 (.var 9), w_gpr 12#5 (.var 8), w_gpr 13#5 (.var 7), w_gpr 14#5 (.var 6), ] }, + { curr_state := 5, prev_state := 4, writes := [w_gpr 21#5 (.var 14), w_gpr 22#5 (.var 13), w_gpr 23#5 (.var 12), w_gpr 24#5 (.var 11), ] }, + { curr_state := 6, prev_state := 5, writes := [w_gpr 2#5 (.var 19), w_gpr 3#5 (.var 18), w_gpr 4#5 (.var 17), w_gpr 5#5 (.var 16), w_gpr 6#5 (.var 15), ] }, + { curr_state := 7, prev_state := 6, writes := [w_gpr 28#5 (.var 22), w_gpr 29#5 (.var 21), w_gpr 30#5 (.var 20), ] }, + { curr_state := 8, prev_state := 7, writes := [w_gpr 21#5 (.var 27), w_gpr 22#5 (.var 26), w_gpr 23#5 (.var 25), w_gpr 24#5 (.var 24), w_gpr 25#5 (.var 23), ] }, + { curr_state := 9, prev_state := 8, writes := [w_gpr 29#5 (.var 28), ] }, + { curr_state := 10, prev_state := 9, writes := [w_gpr 29#5 (.var 29), ] }, + ] + +#time +open Expr Update in +theorem test_10_steps (s0 : ArmState) + (h_step_1 : s1 = (w (.GPR 13#5) val1 (w (.GPR 14#5) val0 s0))) + (h_step_2 : s2 = (w (.GPR 11#5) val2 s1)) + (h_step_3 : s3 = (w (.GPR 11#5) val5 (w (.GPR 12#5) val4 (w (.GPR 13#5) val3 s2)))) + (h_step_4 : s4 = (w (.GPR 10#5) val10 (w (.GPR 11#5) val9 (w (.GPR 12#5) val8 (w (.GPR 13#5) val7 (w (.GPR 14#5) val6 s3)))))) + (h_step_5 : s5 = (w (.GPR 21#5) val14 (w (.GPR 22#5) val13 (w (.GPR 23#5) val12 (w (.GPR 24#5) val11 s4))))) + (h_step_6 : s6 = (w (.GPR 2#5) val19 (w (.GPR 3#5) val18 (w (.GPR 4#5) val17 (w (.GPR 5#5) val16 (w (.GPR 6#5) val15 s5)))))) + (h_step_7 : s7 = (w (.GPR 28#5) val22 (w (.GPR 29#5) val21 (w (.GPR 30#5) val20 s6)))) + (h_step_8 : s8 = (w (.GPR 21#5) val27 (w (.GPR 22#5) val26 (w (.GPR 23#5) val25 (w (.GPR 24#5) val24 (w (.GPR 25#5) val23 s7)))))) + (h_step_9 : s9 = (w (.GPR 29#5) val28 s8)) + (h_step_10 : s10 = (w (.GPR 29#5) val29 s9)) + : + s10 = (w (.GPR 0x02#5) val19 (w (.GPR 0x03#5) val18 (w (.GPR 0x04#5) val17 (w (.GPR 0x05#5) val16 (w (.GPR 0x06#5) val15 (w (.GPR 0x0a#5) val10 (w (.GPR 0x0b#5) val9 (w (.GPR 0x0c#5) val8 (w (.GPR 0x0d#5) val7 (w (.GPR 0x0e#5) val6 (w (.GPR 0x15#5) val27 (w (.GPR 0x16#5) val26 (w (.GPR 0x17#5) val25 (w (.GPR 0x18#5) val24 (w (.GPR 0x19#5) val23 (w (.GPR 0x1c#5) val22 (w (.GPR 0x1d#5) val29 (w (.GPR 0x1e#5) val20 s0)))))))))))))))))) := by + have := (Expr.eq_true_of_denote + -- Context + { state := [s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10], + gpr := [val0, val1, val2, val3, val4, val5, val6, val7, val8, val9, val10, val11, val12, val13, val14, val15, val16, val17, val18, val19, val20, val21, val22, val23, val24, val25, val26, val27, val28, val29] } + -- init + { curr_state := 0, prev_state := 0, writes := [] } + -- final + { curr_state := 10, + prev_state := 0, + writes := [ArmConstr.Update.w_gpr 0x02#5 (ArmConstr.GPRVal.var 19), + ArmConstr.Update.w_gpr 0x03#5 (ArmConstr.GPRVal.var 18), + ArmConstr.Update.w_gpr 0x04#5 (ArmConstr.GPRVal.var 17), + ArmConstr.Update.w_gpr 0x05#5 (ArmConstr.GPRVal.var 16), + ArmConstr.Update.w_gpr 0x06#5 (ArmConstr.GPRVal.var 15), + ArmConstr.Update.w_gpr 0x0a#5 (ArmConstr.GPRVal.var 10), + ArmConstr.Update.w_gpr 0x0b#5 (ArmConstr.GPRVal.var 9), + ArmConstr.Update.w_gpr 0x0c#5 (ArmConstr.GPRVal.var 8), + ArmConstr.Update.w_gpr 0x0d#5 (ArmConstr.GPRVal.var 7), + ArmConstr.Update.w_gpr 0x0e#5 (ArmConstr.GPRVal.var 6), + ArmConstr.Update.w_gpr 0x15#5 (ArmConstr.GPRVal.var 27), + ArmConstr.Update.w_gpr 0x16#5 (ArmConstr.GPRVal.var 26), + ArmConstr.Update.w_gpr 0x17#5 (ArmConstr.GPRVal.var 25), + ArmConstr.Update.w_gpr 0x18#5 (ArmConstr.GPRVal.var 24), + ArmConstr.Update.w_gpr 0x19#5 (ArmConstr.GPRVal.var 23), + ArmConstr.Update.w_gpr 0x1c#5 (ArmConstr.GPRVal.var 22), + ArmConstr.Update.w_gpr 0x1d#5 (ArmConstr.GPRVal.var 29), + ArmConstr.Update.w_gpr 0x1e#5 (ArmConstr.GPRVal.var 20)] } + -- updates + [ { curr_state := 1, prev_state := 0, writes := [w_gpr 13#5 (.var 1), w_gpr 14#5 (.var 0), ] }, + { curr_state := 2, prev_state := 1, writes := [w_gpr 11#5 (.var 2), ] }, + { curr_state := 3, prev_state := 2, writes := [w_gpr 11#5 (.var 5), w_gpr 12#5 (.var 4), w_gpr 13#5 (.var 3), ] }, + { curr_state := 4, prev_state := 3, writes := [w_gpr 10#5 (.var 10), w_gpr 11#5 (.var 9), w_gpr 12#5 (.var 8), w_gpr 13#5 (.var 7), w_gpr 14#5 (.var 6), ] }, + { curr_state := 5, prev_state := 4, writes := [w_gpr 21#5 (.var 14), w_gpr 22#5 (.var 13), w_gpr 23#5 (.var 12), w_gpr 24#5 (.var 11), ] }, + { curr_state := 6, prev_state := 5, writes := [w_gpr 2#5 (.var 19), w_gpr 3#5 (.var 18), w_gpr 4#5 (.var 17), w_gpr 5#5 (.var 16), w_gpr 6#5 (.var 15), ] }, + { curr_state := 7, prev_state := 6, writes := [w_gpr 28#5 (.var 22), w_gpr 29#5 (.var 21), w_gpr 30#5 (.var 20), ] }, + { curr_state := 8, prev_state := 7, writes := [w_gpr 21#5 (.var 27), w_gpr 22#5 (.var 26), w_gpr 23#5 (.var 25), w_gpr 24#5 (.var 24), w_gpr 25#5 (.var 23), ] }, + { curr_state := 9, prev_state := 8, writes := [w_gpr 29#5 (.var 28), ] }, + { curr_state := 10, prev_state := 9, writes := [w_gpr 29#5 (.var 29), ] }, + ] + (by native_decide)) + simp only [Exprs.denote, and_true, and_imp] at this + exact this (Eq.refl s0) h_step_1 h_step_2 h_step_3 h_step_4 h_step_5 h_step_6 h_step_7 h_step_8 h_step_9 h_step_10 + done + #time open Expr Update in theorem test_30_steps (s0 : ArmState) @@ -581,7 +1002,7 @@ theorem test_30_steps (s0 : ArmState) s30 = (w (.GPR 0x01#5) val52 (w (.GPR 0x02#5) val51 (w (.GPR 0x03#5) val53 (w (.GPR 0x04#5) val76 (w (.GPR 0x05#5) val81 (w (.GPR 0x06#5) val74 (w (.GPR 0x07#5) val73 (w (.GPR 0x08#5) val87 (w (.GPR 0x09#5) val86 (w (.GPR 0x0a#5) val85 (w (.GPR 0x0b#5) val84 (w (.GPR 0x0c#5) val61 (w (.GPR 0x0d#5) val83 (w (.GPR 0x0e#5) val82 (w (.GPR 0x0f#5) val19 (w (.GPR 0x10#5) val80 (w (.GPR 0x11#5) val79 (w (.GPR 0x12#5) val78 (w (.GPR 0x13#5) val77 (w (.GPR 0x14#5) val44 (w (.GPR 0x15#5) val43 (w (.GPR 0x16#5) val42 (w (.GPR 0x17#5) val41 (w (.GPR 0x18#5) val3 (w (.GPR 0x19#5) val2 (w (.GPR 0x1a#5) val1 (w (.GPR 0x1b#5) val0 (w (.GPR 0x1c#5) val60 (w (.GPR 0x1d#5) val59 (w (.GPR 0x1e#5) val58 (w (.GPR 0x1f#5) val57 s0))))))))))))))))))))))))))))))) := by have := - (Expr.eq_true_of_isValid { state := [s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, + (Expr.eq_true_of_denote { state := [s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, s16, s17, s18, s19, s20, s21, s22, s23, s24, s25, s26, s27, s28, s29, s30], gpr := [val0, val1, val2, val3, val4, val5, val6, val7, val8, val9, val10, @@ -667,79 +1088,135 @@ theorem test_30_steps (s0 : ArmState) exact this (Eq.refl s0) h_step_1 h_step_2 h_step_3 h_step_4 h_step_5 h_step_6 h_step_7 h_step_8 h_step_9 h_step_10 h_step_11 h_step_12 h_step_13 h_step_14 h_step_15 h_step_16 h_step_17 h_step_18 h_step_19 h_step_20 h_step_21 h_step_22 h_step_23 h_step_24 h_step_25 h_step_26 h_step_27 h_step_28 h_step_29 h_step_30 done -open Expr Update in -#eval Expr.aggregate - { prev_state := 0, curr_state := 0, writes := []} - [ { curr_state := 1, prev_state := 0, writes := [w_gpr 13#5 (.var 1), w_gpr 14#5 (.var 0), ] }, - { curr_state := 2, prev_state := 1, writes := [w_gpr 11#5 (.var 2), ] }, - { curr_state := 3, prev_state := 2, writes := [w_gpr 11#5 (.var 5), w_gpr 12#5 (.var 4), w_gpr 13#5 (.var 3), ] }, - { curr_state := 4, prev_state := 3, writes := [w_gpr 10#5 (.var 10), w_gpr 11#5 (.var 9), w_gpr 12#5 (.var 8), w_gpr 13#5 (.var 7), w_gpr 14#5 (.var 6), ] }, - { curr_state := 5, prev_state := 4, writes := [w_gpr 21#5 (.var 14), w_gpr 22#5 (.var 13), w_gpr 23#5 (.var 12), w_gpr 24#5 (.var 11), ] }, - { curr_state := 6, prev_state := 5, writes := [w_gpr 2#5 (.var 19), w_gpr 3#5 (.var 18), w_gpr 4#5 (.var 17), w_gpr 5#5 (.var 16), w_gpr 6#5 (.var 15), ] }, - { curr_state := 7, prev_state := 6, writes := [w_gpr 28#5 (.var 22), w_gpr 29#5 (.var 21), w_gpr 30#5 (.var 20), ] }, - { curr_state := 8, prev_state := 7, writes := [w_gpr 21#5 (.var 27), w_gpr 22#5 (.var 26), w_gpr 23#5 (.var 25), w_gpr 24#5 (.var 24), w_gpr 25#5 (.var 23), ] }, - { curr_state := 9, prev_state := 8, writes := [w_gpr 29#5 (.var 28), ] }, - { curr_state := 10, prev_state := 9, writes := [w_gpr 29#5 (.var 29), ] }, - ] - #time open Expr Update in -theorem test_10_steps (s0 : ArmState) - (h_step_1 : s1 = (w (.GPR 13#5) val1 (w (.GPR 14#5) val0 s0))) - (h_step_2 : s2 = (w (.GPR 11#5) val2 s1)) - (h_step_3 : s3 = (w (.GPR 11#5) val5 (w (.GPR 12#5) val4 (w (.GPR 13#5) val3 s2)))) - (h_step_4 : s4 = (w (.GPR 10#5) val10 (w (.GPR 11#5) val9 (w (.GPR 12#5) val8 (w (.GPR 13#5) val7 (w (.GPR 14#5) val6 s3)))))) - (h_step_5 : s5 = (w (.GPR 21#5) val14 (w (.GPR 22#5) val13 (w (.GPR 23#5) val12 (w (.GPR 24#5) val11 s4))))) - (h_step_6 : s6 = (w (.GPR 2#5) val19 (w (.GPR 3#5) val18 (w (.GPR 4#5) val17 (w (.GPR 5#5) val16 (w (.GPR 6#5) val15 s5)))))) - (h_step_7 : s7 = (w (.GPR 28#5) val22 (w (.GPR 29#5) val21 (w (.GPR 30#5) val20 s6)))) - (h_step_8 : s8 = (w (.GPR 21#5) val27 (w (.GPR 22#5) val26 (w (.GPR 23#5) val25 (w (.GPR 24#5) val24 (w (.GPR 25#5) val23 s7)))))) - (h_step_9 : s9 = (w (.GPR 29#5) val28 s8)) - (h_step_10 : s10 = (w (.GPR 29#5) val29 s9)) +theorem test_40_steps (s0 : ArmState) + (h_step_1 : s1 = (w (.GPR 4#5) val3 (w (.GPR 5#5) val2 (w (.GPR 6#5) val1 (w (.GPR 7#5) val0 s0))))) + (h_step_2 : s2 = (w (.GPR 6#5) val7 (w (.GPR 7#5) val6 (w (.GPR 8#5) val5 (w (.GPR 9#5) val4 s1))))) + (h_step_3 : s3 = (w (.GPR 6#5) val8 s2)) + (h_step_4 : s4 = (w (.GPR 23#5) val11 (w (.GPR 24#5) val10 (w (.GPR 25#5) val9 s3)))) + (h_step_5 : s5 = (w (.GPR 2#5) val12 s4)) + (h_step_6 : s6 = (w (.GPR 22#5) val17 (w (.GPR 23#5) val16 (w (.GPR 24#5) val15 (w (.GPR 25#5) val14 (w (.GPR 26#5) val13 s5)))))) + (h_step_7 : s7 = (w (.GPR 5#5) val19 (w (.GPR 6#5) val18 s6))) + (h_step_8 : s8 = (w (.GPR 23#5) val21 (w (.GPR 24#5) val20 s7))) + (h_step_9 : s9 = (w (.GPR 13#5) val22 s8)) + (h_step_10 : s10 = (w (.GPR 1#5) val25 (w (.GPR 2#5) val24 (w (.GPR 3#5) val23 s9)))) + (h_step_11 : s11 = (w (.GPR 14#5) val26 s10)) + (h_step_12 : s12 = (w (.GPR 28#5) val27 s11)) + (h_step_13 : s13 = (w (.GPR 15#5) val28 s12)) + (h_step_14 : s14 = (w (.GPR 24#5) val29 s13)) + (h_step_15 : s15 = (w (.GPR 4#5) val34 (w (.GPR 5#5) val33 (w (.GPR 6#5) val32 (w (.GPR 7#5) val31 (w (.GPR 8#5) val30 s14)))))) + (h_step_16 : s16 = (w (.GPR 13#5) val38 (w (.GPR 14#5) val37 (w (.GPR 15#5) val36 (w (.GPR 16#5) val35 s15))))) + (h_step_17 : s17 = (w (.GPR 13#5) val40 (w (.GPR 14#5) val39 s16))) + (h_step_18 : s18 = (w (.GPR 20#5) val45 (w (.GPR 21#5) val44 (w (.GPR 22#5) val43 (w (.GPR 23#5) val42 (w (.GPR 24#5) val41 s17)))))) + (h_step_19 : s19 = (w (.GPR 2#5) val46 s18)) + (h_step_20 : s20 = (w (.GPR 11#5) val51 (w (.GPR 12#5) val50 (w (.GPR 13#5) val49 (w (.GPR 14#5) val48 (w (.GPR 15#5) val47 s19)))))) + (h_step_21 : s21 = (w (.GPR 17#5) val55 (w (.GPR 18#5) val54 (w (.GPR 19#5) val53 (w (.GPR 20#5) val52 s20))))) + (h_step_22 : s22 = (w (.GPR 20#5) val60 (w (.GPR 21#5) val59 (w (.GPR 22#5) val58 (w (.GPR 23#5) val57 (w (.GPR 24#5) val56 s21)))))) + (h_step_23 : s23 = (w (.GPR 9#5) val65 (w (.GPR 10#5) val64 (w (.GPR 11#5) val63 (w (.GPR 12#5) val62 (w (.GPR 13#5) val61 s22)))))) + (h_step_24 : s24 = (w (.GPR 27#5) val67 (w (.GPR 28#5) val66 s23))) + (h_step_25 : s25 = (w (.GPR 2#5) val68 s24)) + (h_step_26 : s26 = (w (.GPR 11#5) val69 s25)) + (h_step_27 : s27 = (w (.GPR 1#5) val73 (w (.GPR 2#5) val72 (w (.GPR 3#5) val71 (w (.GPR 4#5) val70 s26))))) + (h_step_28 : s28 = (w (.GPR 11#5) val76 (w (.GPR 12#5) val75 (w (.GPR 13#5) val74 s27)))) + (h_step_29 : s29 = (w (.GPR 26#5) val80 (w (.GPR 27#5) val79 (w (.GPR 28#5) val78 (w (.GPR 29#5) val77 s28))))) + (h_step_30 : s30 = (w (.GPR 13#5) val81 s29)) + (h_step_31 : s31 = (w (.GPR 25#5) val82 s30)) + (h_step_32 : s32 = (w (.GPR 7#5) val86 (w (.GPR 8#5) val85 (w (.GPR 9#5) val84 (w (.GPR 10#5) val83 s31))))) + (h_step_33 : s33 = (w (.GPR 5#5) val90 (w (.GPR 6#5) val89 (w (.GPR 7#5) val88 (w (.GPR 8#5) val87 s32))))) + (h_step_34 : s34 = (w (.GPR 9#5) val93 (w (.GPR 10#5) val92 (w (.GPR 11#5) val91 s33)))) + (h_step_35 : s35 = (w (.GPR 8#5) val95 (w (.GPR 9#5) val94 s34))) + (h_step_36 : s36 = (w (.GPR 4#5) val97 (w (.GPR 5#5) val96 s35))) + (h_step_37 : s37 = (w (.GPR 28#5) val101 (w (.GPR 29#5) val100 (w (.GPR 30#5) val99 (w (.GPR 31#5) val98 s36))))) + (h_step_38 : s38 = (w (.GPR 17#5) val104 (w (.GPR 18#5) val103 (w (.GPR 19#5) val102 s37)))) + (h_step_39 : s39 = (w (.GPR 19#5) val109 (w (.GPR 20#5) val108 (w (.GPR 21#5) val107 (w (.GPR 22#5) val106 (w (.GPR 23#5) val105 s38)))))) + (h_step_40 : s40 = (w (.GPR 7#5) val110 s39)) : - s10 = (w (.GPR 0x02#5) val19 (w (.GPR 0x03#5) val18 (w (.GPR 0x04#5) val17 (w (.GPR 0x05#5) val16 (w (.GPR 0x06#5) val15 (w (.GPR 0x0a#5) val10 (w (.GPR 0x0b#5) val9 (w (.GPR 0x0c#5) val8 (w (.GPR 0x0d#5) val7 (w (.GPR 0x0e#5) val6 (w (.GPR 0x15#5) val27 (w (.GPR 0x16#5) val26 (w (.GPR 0x17#5) val25 (w (.GPR 0x18#5) val24 (w (.GPR 0x19#5) val23 (w (.GPR 0x1c#5) val22 (w (.GPR 0x1d#5) val29 (w (.GPR 0x1e#5) val20 s0)))))))))))))))))) := by - have := (Expr.eq_true_of_isValid + s40 = w (.GPR 1#5) (val73) (w (.GPR 2#5) (val72) (w (.GPR 3#5) (val71) (w (.GPR 4#5) (val97) (w (.GPR 5#5) (val96) (w (.GPR 6#5) (val89) (w (.GPR 7#5) (val110) (w (.GPR 8#5) (val95) (w (.GPR 9#5) (val94) (w (.GPR 10#5) (val92) (w (.GPR 11#5) (val91) (w (.GPR 12#5) (val75) (w (.GPR 13#5) (val81) (w (.GPR 14#5) (val48) (w (.GPR 15#5) (val47) (w (.GPR 16#5) (val35) (w (.GPR 17#5) (val104) (w (.GPR 18#5) (val103) (w (.GPR 19#5) (val109) (w (.GPR 20#5) (val108) (w (.GPR 21#5) (val107) (w (.GPR 22#5) (val106) (w (.GPR 23#5) (val105) (w (.GPR 24#5) (val56) (w (.GPR 25#5) (val82) (w (.GPR 26#5) (val80) (w (.GPR 27#5) (val79) (w (.GPR 28#5) (val101) (w (.GPR 29#5) (val100) (w (.GPR 30#5) (val99) (w (.GPR 31#5) (val98) s0)))))))))))))))))))))))))))))) := by + have := (Expr.eq_true_of_denote -- Context - { state := [s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10], - gpr := [val0, val1, val2, val3, val4, val5, val6, val7, val8, val9, val10, val11, val12, val13, val14, val15, val16, val17, val18, val19, val20, val21, val22, val23, val24, val25, val26, val27, val28, val29] } + { state := [s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, s16, s17, s18, s19, s20, s21, s22, s23, s24, s25, s26, s27, s28, s29, s30, s31, s32, s33, s34, s35, s36, s37, s38, s39, s40], + gpr := [val0, val1, val2, val3, val4, val5, val6, val7, val8, val9, val10, val11, val12, val13, val14, val15, val16, val17, val18, val19, val20, val21, val22, val23, val24, val25, val26, val27, val28, val29, val30, val31, val32, val33, val34, val35, val36, val37, val38, val39, val40, val41, val42, val43, val44, val45, val46, val47, val48, val49, val50, val51, val52, val53, val54, val55, val56, val57, val58, val59, val60, val61, val62, val63, val64, val65, val66, val67, val68, val69, val70, val71, val72, val73, val74, val75, val76, val77, val78, val79, val80, val81, val82, val83, val84, val85, val86, val87, val88, val89, val90, val91, val92, val93, val94, val95, val96, val97, val98, val99, val100, val101, val102, val103, val104, val105, val106, val107, val108, val109, val110] } -- init { curr_state := 0, prev_state := 0, writes := [] } - -- final - { curr_state := 10, + -- final: run `Exprs.aggregate init updates` to get the following. + { curr_state := 40, prev_state := 0, - writes := [ArmConstr.Update.w_gpr 0x02#5 (ArmConstr.GPRVal.var 19), - ArmConstr.Update.w_gpr 0x03#5 (ArmConstr.GPRVal.var 18), - ArmConstr.Update.w_gpr 0x04#5 (ArmConstr.GPRVal.var 17), - ArmConstr.Update.w_gpr 0x05#5 (ArmConstr.GPRVal.var 16), - ArmConstr.Update.w_gpr 0x06#5 (ArmConstr.GPRVal.var 15), - ArmConstr.Update.w_gpr 0x0a#5 (ArmConstr.GPRVal.var 10), - ArmConstr.Update.w_gpr 0x0b#5 (ArmConstr.GPRVal.var 9), - ArmConstr.Update.w_gpr 0x0c#5 (ArmConstr.GPRVal.var 8), - ArmConstr.Update.w_gpr 0x0d#5 (ArmConstr.GPRVal.var 7), - ArmConstr.Update.w_gpr 0x0e#5 (ArmConstr.GPRVal.var 6), - ArmConstr.Update.w_gpr 0x15#5 (ArmConstr.GPRVal.var 27), - ArmConstr.Update.w_gpr 0x16#5 (ArmConstr.GPRVal.var 26), - ArmConstr.Update.w_gpr 0x17#5 (ArmConstr.GPRVal.var 25), - ArmConstr.Update.w_gpr 0x18#5 (ArmConstr.GPRVal.var 24), - ArmConstr.Update.w_gpr 0x19#5 (ArmConstr.GPRVal.var 23), - ArmConstr.Update.w_gpr 0x1c#5 (ArmConstr.GPRVal.var 22), - ArmConstr.Update.w_gpr 0x1d#5 (ArmConstr.GPRVal.var 29), - ArmConstr.Update.w_gpr 0x1e#5 (ArmConstr.GPRVal.var 20)] } + writes := [ArmConstr.Update.w_gpr 0x01#5 (ArmConstr.GPRVal.var 73), + ArmConstr.Update.w_gpr 0x02#5 (ArmConstr.GPRVal.var 72), + ArmConstr.Update.w_gpr 0x03#5 (ArmConstr.GPRVal.var 71), + ArmConstr.Update.w_gpr 0x04#5 (ArmConstr.GPRVal.var 97), + ArmConstr.Update.w_gpr 0x05#5 (ArmConstr.GPRVal.var 96), + ArmConstr.Update.w_gpr 0x06#5 (ArmConstr.GPRVal.var 89), + ArmConstr.Update.w_gpr 0x07#5 (ArmConstr.GPRVal.var 110), + ArmConstr.Update.w_gpr 0x08#5 (ArmConstr.GPRVal.var 95), + ArmConstr.Update.w_gpr 0x09#5 (ArmConstr.GPRVal.var 94), + ArmConstr.Update.w_gpr 0x0a#5 (ArmConstr.GPRVal.var 92), + ArmConstr.Update.w_gpr 0x0b#5 (ArmConstr.GPRVal.var 91), + ArmConstr.Update.w_gpr 0x0c#5 (ArmConstr.GPRVal.var 75), + ArmConstr.Update.w_gpr 0x0d#5 (ArmConstr.GPRVal.var 81), + ArmConstr.Update.w_gpr 0x0e#5 (ArmConstr.GPRVal.var 48), + ArmConstr.Update.w_gpr 0x0f#5 (ArmConstr.GPRVal.var 47), + ArmConstr.Update.w_gpr 0x10#5 (ArmConstr.GPRVal.var 35), + ArmConstr.Update.w_gpr 0x11#5 (ArmConstr.GPRVal.var 104), + ArmConstr.Update.w_gpr 0x12#5 (ArmConstr.GPRVal.var 103), + ArmConstr.Update.w_gpr 0x13#5 (ArmConstr.GPRVal.var 109), + ArmConstr.Update.w_gpr 0x14#5 (ArmConstr.GPRVal.var 108), + ArmConstr.Update.w_gpr 0x15#5 (ArmConstr.GPRVal.var 107), + ArmConstr.Update.w_gpr 0x16#5 (ArmConstr.GPRVal.var 106), + ArmConstr.Update.w_gpr 0x17#5 (ArmConstr.GPRVal.var 105), + ArmConstr.Update.w_gpr 0x18#5 (ArmConstr.GPRVal.var 56), + ArmConstr.Update.w_gpr 0x19#5 (ArmConstr.GPRVal.var 82), + ArmConstr.Update.w_gpr 0x1a#5 (ArmConstr.GPRVal.var 80), + ArmConstr.Update.w_gpr 0x1b#5 (ArmConstr.GPRVal.var 79), + ArmConstr.Update.w_gpr 0x1c#5 (ArmConstr.GPRVal.var 101), + ArmConstr.Update.w_gpr 0x1d#5 (ArmConstr.GPRVal.var 100), + ArmConstr.Update.w_gpr 0x1e#5 (ArmConstr.GPRVal.var 99), + ArmConstr.Update.w_gpr 0x1f#5 (ArmConstr.GPRVal.var 98)] } -- updates - [ { curr_state := 1, prev_state := 0, writes := [w_gpr 13#5 (.var 1), w_gpr 14#5 (.var 0), ] }, - { curr_state := 2, prev_state := 1, writes := [w_gpr 11#5 (.var 2), ] }, - { curr_state := 3, prev_state := 2, writes := [w_gpr 11#5 (.var 5), w_gpr 12#5 (.var 4), w_gpr 13#5 (.var 3), ] }, - { curr_state := 4, prev_state := 3, writes := [w_gpr 10#5 (.var 10), w_gpr 11#5 (.var 9), w_gpr 12#5 (.var 8), w_gpr 13#5 (.var 7), w_gpr 14#5 (.var 6), ] }, - { curr_state := 5, prev_state := 4, writes := [w_gpr 21#5 (.var 14), w_gpr 22#5 (.var 13), w_gpr 23#5 (.var 12), w_gpr 24#5 (.var 11), ] }, - { curr_state := 6, prev_state := 5, writes := [w_gpr 2#5 (.var 19), w_gpr 3#5 (.var 18), w_gpr 4#5 (.var 17), w_gpr 5#5 (.var 16), w_gpr 6#5 (.var 15), ] }, - { curr_state := 7, prev_state := 6, writes := [w_gpr 28#5 (.var 22), w_gpr 29#5 (.var 21), w_gpr 30#5 (.var 20), ] }, - { curr_state := 8, prev_state := 7, writes := [w_gpr 21#5 (.var 27), w_gpr 22#5 (.var 26), w_gpr 23#5 (.var 25), w_gpr 24#5 (.var 24), w_gpr 25#5 (.var 23), ] }, - { curr_state := 9, prev_state := 8, writes := [w_gpr 29#5 (.var 28), ] }, - { curr_state := 10, prev_state := 9, writes := [w_gpr 29#5 (.var 29), ] }, - ] + [ { curr_state := 1, prev_state := 0, writes := [w_gpr 4#5 (.var 3), w_gpr 5#5 (.var 2), w_gpr 6#5 (.var 1), w_gpr 7#5 (.var 0), ] }, + { curr_state := 2, prev_state := 1, writes := [w_gpr 6#5 (.var 7), w_gpr 7#5 (.var 6), w_gpr 8#5 (.var 5), w_gpr 9#5 (.var 4), ] }, + { curr_state := 3, prev_state := 2, writes := [w_gpr 6#5 (.var 8), ] }, + { curr_state := 4, prev_state := 3, writes := [w_gpr 23#5 (.var 11), w_gpr 24#5 (.var 10), w_gpr 25#5 (.var 9), ] }, + { curr_state := 5, prev_state := 4, writes := [w_gpr 2#5 (.var 12), ] }, + { curr_state := 6, prev_state := 5, writes := [w_gpr 22#5 (.var 17), w_gpr 23#5 (.var 16), w_gpr 24#5 (.var 15), w_gpr 25#5 (.var 14), w_gpr 26#5 (.var 13), ] }, + { curr_state := 7, prev_state := 6, writes := [w_gpr 5#5 (.var 19), w_gpr 6#5 (.var 18), ] }, + { curr_state := 8, prev_state := 7, writes := [w_gpr 23#5 (.var 21), w_gpr 24#5 (.var 20), ] }, + { curr_state := 9, prev_state := 8, writes := [w_gpr 13#5 (.var 22), ] }, + { curr_state := 10, prev_state := 9, writes := [w_gpr 1#5 (.var 25), w_gpr 2#5 (.var 24), w_gpr 3#5 (.var 23), ] }, + { curr_state := 11, prev_state := 10, writes := [w_gpr 14#5 (.var 26), ] }, + { curr_state := 12, prev_state := 11, writes := [w_gpr 28#5 (.var 27), ] }, + { curr_state := 13, prev_state := 12, writes := [w_gpr 15#5 (.var 28), ] }, + { curr_state := 14, prev_state := 13, writes := [w_gpr 24#5 (.var 29), ] }, + { curr_state := 15, prev_state := 14, writes := [w_gpr 4#5 (.var 34), w_gpr 5#5 (.var 33), w_gpr 6#5 (.var 32), w_gpr 7#5 (.var 31), w_gpr 8#5 (.var 30), ] }, + { curr_state := 16, prev_state := 15, writes := [w_gpr 13#5 (.var 38), w_gpr 14#5 (.var 37), w_gpr 15#5 (.var 36), w_gpr 16#5 (.var 35), ] }, + { curr_state := 17, prev_state := 16, writes := [w_gpr 13#5 (.var 40), w_gpr 14#5 (.var 39), ] }, + { curr_state := 18, prev_state := 17, writes := [w_gpr 20#5 (.var 45), w_gpr 21#5 (.var 44), w_gpr 22#5 (.var 43), w_gpr 23#5 (.var 42), w_gpr 24#5 (.var 41), ] }, + { curr_state := 19, prev_state := 18, writes := [w_gpr 2#5 (.var 46), ] }, + { curr_state := 20, prev_state := 19, writes := [w_gpr 11#5 (.var 51), w_gpr 12#5 (.var 50), w_gpr 13#5 (.var 49), w_gpr 14#5 (.var 48), w_gpr 15#5 (.var 47), ] }, + { curr_state := 21, prev_state := 20, writes := [w_gpr 17#5 (.var 55), w_gpr 18#5 (.var 54), w_gpr 19#5 (.var 53), w_gpr 20#5 (.var 52), ] }, + { curr_state := 22, prev_state := 21, writes := [w_gpr 20#5 (.var 60), w_gpr 21#5 (.var 59), w_gpr 22#5 (.var 58), w_gpr 23#5 (.var 57), w_gpr 24#5 (.var 56), ] }, + { curr_state := 23, prev_state := 22, writes := [w_gpr 9#5 (.var 65), w_gpr 10#5 (.var 64), w_gpr 11#5 (.var 63), w_gpr 12#5 (.var 62), w_gpr 13#5 (.var 61), ] }, + { curr_state := 24, prev_state := 23, writes := [w_gpr 27#5 (.var 67), w_gpr 28#5 (.var 66), ] }, + { curr_state := 25, prev_state := 24, writes := [w_gpr 2#5 (.var 68), ] }, + { curr_state := 26, prev_state := 25, writes := [w_gpr 11#5 (.var 69), ] }, + { curr_state := 27, prev_state := 26, writes := [w_gpr 1#5 (.var 73), w_gpr 2#5 (.var 72), w_gpr 3#5 (.var 71), w_gpr 4#5 (.var 70), ] }, + { curr_state := 28, prev_state := 27, writes := [w_gpr 11#5 (.var 76), w_gpr 12#5 (.var 75), w_gpr 13#5 (.var 74), ] }, + { curr_state := 29, prev_state := 28, writes := [w_gpr 26#5 (.var 80), w_gpr 27#5 (.var 79), w_gpr 28#5 (.var 78), w_gpr 29#5 (.var 77), ] }, + { curr_state := 30, prev_state := 29, writes := [w_gpr 13#5 (.var 81), ] }, + { curr_state := 31, prev_state := 30, writes := [w_gpr 25#5 (.var 82), ] }, + { curr_state := 32, prev_state := 31, writes := [w_gpr 7#5 (.var 86), w_gpr 8#5 (.var 85), w_gpr 9#5 (.var 84), w_gpr 10#5 (.var 83), ] }, + { curr_state := 33, prev_state := 32, writes := [w_gpr 5#5 (.var 90), w_gpr 6#5 (.var 89), w_gpr 7#5 (.var 88), w_gpr 8#5 (.var 87), ] }, + { curr_state := 34, prev_state := 33, writes := [w_gpr 9#5 (.var 93), w_gpr 10#5 (.var 92), w_gpr 11#5 (.var 91), ] }, + { curr_state := 35, prev_state := 34, writes := [w_gpr 8#5 (.var 95), w_gpr 9#5 (.var 94), ] }, + { curr_state := 36, prev_state := 35, writes := [w_gpr 4#5 (.var 97), w_gpr 5#5 (.var 96), ] }, + { curr_state := 37, prev_state := 36, writes := [w_gpr 28#5 (.var 101), w_gpr 29#5 (.var 100), w_gpr 30#5 (.var 99), w_gpr 31#5 (.var 98), ] }, + { curr_state := 38, prev_state := 37, writes := [w_gpr 17#5 (.var 104), w_gpr 18#5 (.var 103), w_gpr 19#5 (.var 102), ] }, + { curr_state := 39, prev_state := 38, writes := [w_gpr 19#5 (.var 109), w_gpr 20#5 (.var 108), w_gpr 21#5 (.var 107), w_gpr 22#5 (.var 106), w_gpr 23#5 (.var 105), ] }, + { curr_state := 40, prev_state := 39, writes := [w_gpr 7#5 (.var 110), ] }] (by native_decide)) simp only [Exprs.denote, and_true, and_imp] at this - exact this (Eq.refl s0) h_step_1 h_step_2 h_step_3 h_step_4 h_step_5 h_step_6 h_step_7 h_step_8 h_step_9 h_step_10 + exact this (Eq.refl s0) h_step_1 h_step_2 h_step_3 h_step_4 h_step_5 h_step_6 h_step_7 h_step_8 h_step_9 h_step_10 h_step_11 h_step_12 h_step_13 h_step_14 h_step_15 h_step_16 h_step_17 h_step_18 h_step_19 h_step_20 h_step_21 h_step_22 h_step_23 h_step_24 h_step_25 h_step_26 h_step_27 h_step_28 h_step_29 h_step_30 h_step_31 h_step_32 h_step_33 h_step_34 h_step_35 h_step_36 h_step_37 h_step_38 h_step_39 h_step_40 done - end ArmConstr diff --git a/scripts/gen_armconstr_cases.py b/scripts/gen_armconstr_cases.py index 695d6b82..839f5831 100644 --- a/scripts/gen_armconstr_cases.py +++ b/scripts/gen_armconstr_cases.py @@ -52,7 +52,7 @@ def generate_theorem_statement(nsteps): return f"open Expr Update in \ \ntheorem test_{nsteps}_steps (s0 : ArmState)\n{step_hyps} :\ \n s{nsteps} = := by\ - \n have := (Expr.eq_true_of_isValid \ + \n have := (Expr.eq_true_of_denote \ \n -- Context \ \n {{ state := {state_vars}, \ \n gpr := {gpr_vars} }} \ @@ -82,4 +82,4 @@ def generate_theorem_statement(nsteps): # val_count = 0 -print (generate_theorem_statement(10)) +print (generate_theorem_statement(40)) From 421b76a4acac4811d635dc60eaf8a25502e075ca Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Mon, 21 Oct 2024 11:52:19 -0500 Subject: [PATCH 12/20] Minor comments --- Tactics/ArmConstr.lean | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/Tactics/ArmConstr.lean b/Tactics/ArmConstr.lean index 1815e965..e4dc89e7 100644 --- a/Tactics/ArmConstr.lean +++ b/Tactics/ArmConstr.lean @@ -204,8 +204,10 @@ private theorem denote_writes_sorted_helper /-- Sorting `Updates xs` using `Update.regIndexLe` is immaterial to their denotation -over `StateVar s`. - +over `StateVar s`. This is because sorting preserves the order of shadowed +updates in `xs`, which means that the most recent one appears first in the +sorted list (see `w_of_w_shadow`); changing the order of independent updates +does not affect the semantics (see, e.g., `w_of_w_gpr_commute`). -/ @[local simp] theorem denote_writes_sorted : @@ -262,8 +264,8 @@ def Expr.default : Expr := /-- Insert `u`, which comes after `es`, at an appropriate safe point in `es`. -Note that `u` only changes `es` only if it shadows some update in it. -Independent updates are unaffected. +Note that `u` only changes `es` only if the former shadows some update in the +latter. Independent updates are unaffected. -/ def Update.insertSorted (es : Updates) (u : Update) : Updates := match es with @@ -373,10 +375,13 @@ def Expr.aggregate1 (e u : Expr) : Expr := let u_resolved_writes := Update.resolveReads e_sorted_writes u.writes { prev_state := e.prev_state, curr_state := u.curr_state, + -- In principle, we can simply append `u_resolved_writes` to + -- `e_sorted_writes`. However, it is prudent to weed out shadowed updates + -- to keep the size of the update nest in check. writes := go e_sorted_writes u_resolved_writes } else -- We cannot aggregate two non-consecutive states, so we return the original - -- StateUpdate here. + -- Expr here. -- TODO: We should probably throw an error here. e where go (es us : Updates) : Updates := From 8295aa593d577159405b92a7a898034329ca9f86 Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Tue, 22 Oct 2024 22:36:40 -0500 Subject: [PATCH 13/20] Add sym_block; manually aggregate basic blocks for SHA512; simulate SHA512 loop --- Arm/Exec.lean | 5 + Proofs/Proofs.lean | 2 +- Proofs/SHA512/SHA512.lean | 1 + Proofs/SHA512/SHA512BlockSym.lean | 23 + Proofs/SHA512/SHA512LoopBlocks.lean | 15600 ++++++++++++++++++++++++++ Proofs/SHA512/SHA512StepLemmas.lean | 2 + Tactics/Sym.lean | 6 +- Tactics/SymBlock.lean | 287 + Tests/Tactics/SymBlock.lean | 88 + 9 files changed, 16010 insertions(+), 4 deletions(-) create mode 100644 Proofs/SHA512/SHA512BlockSym.lean create mode 100644 Proofs/SHA512/SHA512LoopBlocks.lean create mode 100644 Tactics/SymBlock.lean create mode 100644 Tests/Tactics/SymBlock.lean diff --git a/Arm/Exec.lean b/Arm/Exec.lean index 18ff7562..765a419f 100644 --- a/Arm/Exec.lean +++ b/Arm/Exec.lean @@ -162,6 +162,11 @@ theorem run_onestep {s s': ArmState} {n : Nat} : (s' = run (n + 1) s) → ∃ s'', stepi s = s'' ∧ s' = run n s'' := by simp only [run, exists_eq_left', imp_self] +theorem run_oneblock {s s' : ArmState} {n1 n2 : Nat} : + (s' = run (n1 + n2) s) → + ∃ s'', run n1 s = s'' ∧ s' = run n2 s'' := by + simp only [run_plus, exists_eq_left', imp_self] + /-- helper lemma for automation -/ theorem stepi_eq_of_fetch_inst_of_decode_raw_inst (s : ArmState) (addr : BitVec 64) (rawInst : BitVec 32) (inst : ArmInst) diff --git a/Proofs/Proofs.lean b/Proofs/Proofs.lean index 6bec1d1f..9e1b4102 100644 --- a/Proofs/Proofs.lean +++ b/Proofs/Proofs.lean @@ -8,7 +8,7 @@ import «Proofs».«SHA512».SHA512 import Proofs.«AES-GCM».GCM import Proofs.Popcount32 -/- Experiments we use to test proof strategies and automation ideas. -/ +-- /- Experiments we use to test proof strategies and automation ideas. -/ import Proofs.Experiments.Summary1 import Proofs.Experiments.MemoryAliasing import Proofs.Experiments.SHA512MemoryAliasing diff --git a/Proofs/SHA512/SHA512.lean b/Proofs/SHA512/SHA512.lean index f044c44e..699bc9b9 100644 --- a/Proofs/SHA512/SHA512.lean +++ b/Proofs/SHA512/SHA512.lean @@ -5,3 +5,4 @@ Author(s): Shilpi Goel -/ import Proofs.SHA512.SHA512_block_armv8_rules import Proofs.SHA512.SHA512Sym +import Proofs.SHA512.SHA512BlockSym diff --git a/Proofs/SHA512/SHA512BlockSym.lean b/Proofs/SHA512/SHA512BlockSym.lean new file mode 100644 index 00000000..bc4c3679 --- /dev/null +++ b/Proofs/SHA512/SHA512BlockSym.lean @@ -0,0 +1,23 @@ +/- +Copyright (c) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. +Released under Apache 2.0 license as described in the file LICENSE. +Author(s): Shilpi Goel +-/ +import Proofs.SHA512.SHA512LoopBlocks +import Tactics.SymBlock + +open BitVec + +namespace SHA512 + +#time +set_option pp.maxSteps 100 in +theorem sha512_loop_sym {s sf : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126500#64) + (h_err : r StateField.ERR s = StateError.None) + (h_run : sf = run 485 s) : + r .ERR sf = .None ∧ + r .PC sf = (if ¬r (StateField.GPR 0x2#5) s - 0x1#64 = 0x0#64 then 0x126500#64 else 0x126c94#64) := by + sym_block 485 (block_size := 20) -- ceiling|485/20| blocks + done diff --git a/Proofs/SHA512/SHA512LoopBlocks.lean b/Proofs/SHA512/SHA512LoopBlocks.lean new file mode 100644 index 00000000..2f3fcc32 --- /dev/null +++ b/Proofs/SHA512/SHA512LoopBlocks.lean @@ -0,0 +1,15600 @@ +/- +Copyright (c) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. +Released under Apache 2.0 license as described in the file LICENSE. +Author(s): Shilpi Goel +-/ +import Proofs.SHA512.SHA512Prelude +import Proofs.SHA512.SHA512_block_armv8_rules +import Arm.Cfg.Cfg +open BitVec + +namespace SHA512 + +-- Prove block lemmas for the Loop. + +-- #eval ((Cfg.create' (0x126500#64) (0x126500#64 + 20*4) SHA512.program).toOption.get!).maybe_modified_regs +#time +theorem program.blocki_eq_0x126500 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126500#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w (StateField.SFP 0x3#5) + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x0#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x0#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)))) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x0#5) s)) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))))) + (w StateField.PC 0x126550#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))) + 0x0#128) + (w (StateField.SFP 0x10#5) + (SHA2.message_schedule_word_aux (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x15#5) s ++ r (StateField.SFP 0x14#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.message_schedule_word_aux (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x15#5) s ++ r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (w StateField.PC 0x126548#64 + (w (StateField.SFP 0x3#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))) + (w StateField.PC 0x126544#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 (r (StateField.SFP 0x15#5) s ++ r (StateField.SFP 0x14#5) s)) + (w (StateField.SFP 0x10#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x11#5) s) (r (StateField.SFP 0x10#5) s)) + (w StateField.PC 0x12653c#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x10#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x10#5) s) + 0x0#128)) + 0x0#128) + (w StateField.PC 0x126534#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s)) + (w StateField.PC 0x126530#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s)) + (w StateField.PC 0x12652c#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x10#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x10#5) s) 0x0#128)) + (w StateField.PC 0x126528#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x19#5) + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w StateField.PC 0x126524#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x10#5) s) 0x0#128) + (w (StateField.GPR 0x1#5) + (if + ¬(AddWithCarry (r (StateField.GPR 0x2#5) s) 0xfffffffffffffffe#64 + 0x1#1).snd.z = + 0x1#1 then + r (StateField.GPR 0x1#5) s + else r (StateField.GPR 0x1#5) s - 0x80#64) + (w StateField.PC 0x126520#64 + (w (StateField.SFP 0x1d#5) (r (StateField.SFP 0x3#5) s) + (w StateField.PC 0x126518#64 + (w (StateField.SFP 0x1c#5) (r (StateField.SFP 0x2#5) s) + (w StateField.PC 0x126514#64 + (w (StateField.SFP 0x1b#5) (r (StateField.SFP 0x1#5) s) + (w StateField.PC 0x126510#64 + (w (StateField.SFP 0x1a#5) (r (StateField.SFP 0x0#5) s) + (w (StateField.GPR 0x4#5) + (r (StateField.GPR 0x1#5) s - 0x80#64) + (w StateField.PC 0x12650c#64 + (w (StateField.GPR 0x2#5) + (r (StateField.GPR 0x2#5) s - 0x1#64) + (w (StateField.FLAG PFlag.V) + (AddWithCarry (r (StateField.GPR 0x2#5) s) + 0xfffffffffffffffe#64 0x1#1).snd.v + (w (StateField.FLAG PFlag.C) + (AddWithCarry (r (StateField.GPR 0x2#5) s) + 0xfffffffffffffffe#64 0x1#1).snd.c + (w (StateField.FLAG PFlag.Z) + (AddWithCarry (r (StateField.GPR 0x2#5) s) + 0xfffffffffffffffe#64 0x1#1).snd.z + (w (StateField.FLAG PFlag.N) + (AddWithCarry (r (StateField.GPR 0x2#5) s) + 0xfffffffffffffffe#64 0x1#1).snd.n + (w StateField.PC 0x126508#64 + (w (StateField.GPR 0x3#5) + (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) + (read_mem_bytes 16 + (r (StateField.GPR 0x3#5) s) s) + s)))))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +#time +theorem program.blocki_eq_0x126550 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126550#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w StateField.PC 0x1265a0#64 + (w (StateField.SFP 0x7#5) (extractLsb' 64 128 (r (StateField.SFP 0x17#5) s ++ r (StateField.SFP 0x16#5) s)) + (w (StateField.SFP 0x12#5) (DPSFP.sha512su0 (r (StateField.SFP 0x13#5) s) (r (StateField.SFP 0x12#5) s)) + (w StateField.PC 0x12659c#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x12#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x12#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126594#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s)) + (w StateField.PC 0x126590#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))) + 0x0#128)) + (w StateField.PC 0x12658c#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x12#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x12#5) s) 0x0#128)) + (w StateField.PC 0x126588#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x19#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w StateField.PC 0x126584#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x12#5) s) + 0x0#128) + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s)))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))))) + (w StateField.PC 0x126580#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))) + 0x0#128) + (w (StateField.SFP 0x11#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x16#5) s ++ r (StateField.SFP 0x15#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x16#5) s ++ r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (w StateField.PC 0x126578#64 + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))) + (w StateField.PC 0x126574#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x16#5) s ++ r (StateField.SFP 0x15#5) s)) + (w (StateField.SFP 0x11#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x12#5) s) + (r (StateField.SFP 0x11#5) s)) + (w StateField.PC 0x12656c#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x2#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x11#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x11#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126564#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + r (StateField.SFP 0x0#5) s)) + (w StateField.PC 0x126560#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ + r (StateField.SFP 0x4#5) s)) + (w StateField.PC 0x12655c#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x11#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x11#5) s) 0x0#128)) + (w StateField.PC 0x126558#64 + (w (StateField.GPR 0x3#5) + (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) + (read_mem_bytes 16 + (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x126554#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 + BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x11#5) s) 0x0#128) + s))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + + +#time +theorem program.blocki_eq_0x1265a0 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x1265a0#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w StateField.PC 0x1265f0#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))) + 0x0#128)) + (w StateField.PC 0x1265ec#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x14#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x14#5) s) 0x0#128)) + (w StateField.PC 0x1265e8#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x19#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w StateField.PC 0x1265e4#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x14#5) s) 0x0#128) + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))))) + (w StateField.PC 0x1265e0#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))) + 0x0#128) + (w (StateField.SFP 0x13#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 + (DPSFP.sha512su1 (r (StateField.SFP 0x11#5) s) (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x10#5) s ++ r (StateField.SFP 0x17#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 + (DPSFP.sha512su1 (r (StateField.SFP 0x11#5) s) (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x12#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x10#5) s ++ r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (w StateField.PC 0x1265d8#64 + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))) + (w StateField.PC 0x1265d4#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 (r (StateField.SFP 0x10#5) s ++ r (StateField.SFP 0x17#5) s)) + (w (StateField.SFP 0x13#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x14#5) s) (r (StateField.SFP 0x13#5) s)) + (w StateField.PC 0x1265cc#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x13#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x13#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x1265c4#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + (w StateField.PC 0x1265c0#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128)) + (w StateField.PC 0x1265bc#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x13#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x13#5) s) + 0x0#128)) + (w StateField.PC 0x1265b8#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x1265b4#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x13#5) s) 0x0#128) + (w (StateField.SFP 0x4#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 + (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)))) + (w StateField.PC 0x1265b0#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128) + (w (StateField.SFP 0x12#5) + (DPSFP.sha512su1 (r (StateField.SFP 0x11#5) s) + (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x12#5) s)) + (w StateField.PC 0x1265a8#64 + (w (StateField.SFP 0x4#5) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + (w StateField.PC 0x1265a4#64 + s))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + + +set_option pp.maxSteps 8000 in +#time +theorem program.blocki_eq_0x1265f0 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x1265f0#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w (StateField.SFP 0x3#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))))) + (w StateField.PC 0x126640#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) + 0x0#128) + (w (StateField.SFP 0x15#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 + (SHA2.message_schedule_word_aux (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x11#5) s ++ r (StateField.SFP 0x10#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.message_schedule_word_aux (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x11#5) s ++ r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x12#5) s ++ r (StateField.SFP 0x11#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 + (SHA2.message_schedule_word_aux (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x11#5) s ++ r (StateField.SFP 0x10#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.message_schedule_word_aux (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x11#5) s ++ r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x12#5) s ++ r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (w StateField.PC 0x126638#64 + (w (StateField.SFP 0x3#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) + (w StateField.PC 0x126634#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 (r (StateField.SFP 0x12#5) s ++ r (StateField.SFP 0x11#5) s)) + (w (StateField.SFP 0x15#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x16#5) s) (r (StateField.SFP 0x15#5) s)) + (w StateField.PC 0x12662c#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x15#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x15#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126624#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + (w StateField.PC 0x126620#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128)) + (w StateField.PC 0x12661c#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x15#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x15#5) s) 0x0#128)) + (w StateField.PC 0x126618#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x126614#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x15#5) s) 0x0#128) + (w (StateField.SFP 0x0#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)))) + (w StateField.PC 0x126610#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) + 0x0#128) + (w (StateField.SFP 0x14#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x11#5) s ++ + r (StateField.SFP 0x10#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x11#5) s ++ + r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s))) + (w StateField.PC 0x126608#64 + (w (StateField.SFP 0x0#5) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) + (w StateField.PC 0x126604#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x11#5) s ++ + r (StateField.SFP 0x10#5) s)) + (w (StateField.SFP 0x14#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x15#5) s) + (r (StateField.SFP 0x14#5) s)) + (w StateField.PC 0x1265fc#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128) + (w StateField.PC 0x1265f4#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + s)))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +-- #eval 0x1265f0#64 + 20*4 + +#time +theorem program.blocki_eq_0x126640 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126640#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w StateField.PC 0x126690#64 + (w (StateField.SFP 0x7#5) (extractLsb' 64 128 (r (StateField.SFP 0x14#5) s ++ r (StateField.SFP 0x13#5) s)) + (w (StateField.SFP 0x17#5) (DPSFP.sha512su0 (r (StateField.SFP 0x10#5) s) (r (StateField.SFP 0x17#5) s)) + (w StateField.PC 0x12668c#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x17#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x17#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126684#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s))) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s)) + (w StateField.PC 0x126680#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s))) + 0x0#128)) + (w StateField.PC 0x12667c#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x17#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x17#5) s) 0x0#128)) + (w StateField.PC 0x126678#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x18#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w StateField.PC 0x126674#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x17#5) s) + 0x0#128) + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s)))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s))))) + (w StateField.PC 0x126670#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s))) + 0x0#128) + (w (StateField.SFP 0x16#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x13#5) s ++ r (StateField.SFP 0x12#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x13#5) s ++ r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (w StateField.PC 0x126668#64 + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s))) + (w StateField.PC 0x126664#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x13#5) s ++ r (StateField.SFP 0x12#5) s)) + (w (StateField.SFP 0x16#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x17#5) s) + (r (StateField.SFP 0x16#5) s)) + (w StateField.PC 0x12665c#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x2#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x16#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x16#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126654#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + r (StateField.SFP 0x0#5) s)) + (w StateField.PC 0x126650#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ + r (StateField.SFP 0x4#5) s)) + (w StateField.PC 0x12664c#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x16#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x16#5) s) 0x0#128)) + (w StateField.PC 0x126648#64 + (w (StateField.GPR 0x3#5) + (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x19#5) + (read_mem_bytes 16 + (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x126644#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 + BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x16#5) s) 0x0#128) + s))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +--#eval 0x126640#64 + 20*4 + +#time +theorem program.blocki_eq_0x126690 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126690#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w StateField.PC 0x1266e0#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))) + 0x0#128)) + (w StateField.PC 0x1266dc#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x11#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x11#5) s) 0x0#128)) + (w StateField.PC 0x1266d8#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x18#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w StateField.PC 0x1266d4#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x11#5) s) 0x0#128) + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))))) + (w StateField.PC 0x1266d0#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))) + 0x0#128) + (w (StateField.SFP 0x10#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 + (DPSFP.sha512su1 (r (StateField.SFP 0x16#5) s) (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x15#5) s ++ r (StateField.SFP 0x14#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 + (DPSFP.sha512su1 (r (StateField.SFP 0x16#5) s) (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x17#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x15#5) s ++ r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (w StateField.PC 0x1266c8#64 + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))) + (w StateField.PC 0x1266c4#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 (r (StateField.SFP 0x15#5) s ++ r (StateField.SFP 0x14#5) s)) + (w (StateField.SFP 0x10#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x11#5) s) (r (StateField.SFP 0x10#5) s)) + (w StateField.PC 0x1266bc#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x10#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x10#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x1266b4#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + (w StateField.PC 0x1266b0#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128)) + (w StateField.PC 0x1266ac#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x10#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x10#5) s) + 0x0#128)) + (w StateField.PC 0x1266a8#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x19#5) + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x1266a4#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x10#5) s) 0x0#128) + (w (StateField.SFP 0x4#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 + (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)))) + (w StateField.PC 0x1266a0#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128) + (w (StateField.SFP 0x17#5) + (DPSFP.sha512su1 (r (StateField.SFP 0x16#5) s) + (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x17#5) s)) + (w StateField.PC 0x126698#64 + (w (StateField.SFP 0x4#5) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + (w StateField.PC 0x126694#64 + s))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +-- #eval 0x126690#64 + 20*4 + +set_option pp.maxSteps 8000 in +#time +theorem program.blocki_eq_0x1266e0 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x1266e0#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w (StateField.SFP 0x3#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))))) + (w StateField.PC 0x126730#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))) + 0x0#128) + (w (StateField.SFP 0x12#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 + (SHA2.message_schedule_word_aux (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x16#5) s ++ r (StateField.SFP 0x15#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.message_schedule_word_aux (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x16#5) s ++ r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x17#5) s ++ r (StateField.SFP 0x16#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 + (SHA2.message_schedule_word_aux (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x16#5) s ++ r (StateField.SFP 0x15#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.message_schedule_word_aux (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x16#5) s ++ r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x17#5) s ++ r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (w StateField.PC 0x126728#64 + (w (StateField.SFP 0x3#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))) + (w StateField.PC 0x126724#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 (r (StateField.SFP 0x17#5) s ++ r (StateField.SFP 0x16#5) s)) + (w (StateField.SFP 0x12#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x13#5) s) (r (StateField.SFP 0x12#5) s)) + (w StateField.PC 0x12671c#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x12#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x12#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126714#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + (w StateField.PC 0x126710#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128)) + (w StateField.PC 0x12670c#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x12#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x12#5) s) 0x0#128)) + (w StateField.PC 0x126708#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x19#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x126704#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x12#5) s) 0x0#128) + (w (StateField.SFP 0x0#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128)))) + (w StateField.PC 0x126700#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128)) + 0x0#128) + (w (StateField.SFP 0x11#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x16#5) s ++ + r (StateField.SFP 0x15#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x16#5) s ++ + r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (w StateField.PC 0x1266f8#64 + (w (StateField.SFP 0x0#5) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128)) + (w StateField.PC 0x1266f4#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x16#5) s ++ + r (StateField.SFP 0x15#5) s)) + (w (StateField.SFP 0x11#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x12#5) s) + (r (StateField.SFP 0x11#5) s)) + (w StateField.PC 0x1266ec#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128) + (w StateField.PC 0x1266e4#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + s)))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +-- #eval 0x1266e0#64 + 20*4 + +#time +theorem program.blocki_eq_0x126730 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126730#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w StateField.PC 0x126780#64 + (w (StateField.SFP 0x7#5) (extractLsb' 64 128 (r (StateField.SFP 0x11#5) s ++ r (StateField.SFP 0x10#5) s)) + (w (StateField.SFP 0x14#5) (DPSFP.sha512su0 (r (StateField.SFP 0x15#5) s) (r (StateField.SFP 0x14#5) s)) + (w StateField.PC 0x12677c#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x14#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x14#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126774#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s)) + (w StateField.PC 0x126770#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))) + 0x0#128)) + (w StateField.PC 0x12676c#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x14#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x14#5) s) 0x0#128)) + (w StateField.PC 0x126768#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x19#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w StateField.PC 0x126764#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x14#5) s) + 0x0#128) + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))))) + (w StateField.PC 0x126760#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))) + 0x0#128) + (w (StateField.SFP 0x13#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x10#5) s ++ r (StateField.SFP 0x17#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x10#5) s ++ r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (w StateField.PC 0x126758#64 + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))) + (w StateField.PC 0x126754#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x10#5) s ++ r (StateField.SFP 0x17#5) s)) + (w (StateField.SFP 0x13#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x14#5) s) + (r (StateField.SFP 0x13#5) s)) + (w StateField.PC 0x12674c#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x2#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x13#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x13#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126744#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + r (StateField.SFP 0x0#5) s)) + (w StateField.PC 0x126740#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ + r (StateField.SFP 0x4#5) s)) + (w StateField.PC 0x12673c#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x13#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x13#5) s) 0x0#128)) + (w StateField.PC 0x126738#64 + (w (StateField.GPR 0x3#5) + (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) + (read_mem_bytes 16 + (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x126734#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 + BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x13#5) s) 0x0#128) + s))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +-- #eval 0x126730#64 + 20*4 + +#time +theorem program.blocki_eq_0x126780 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126780#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w StateField.PC 0x1267d0#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) + 0x0#128)) + (w StateField.PC 0x1267cc#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x16#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x16#5) s) 0x0#128)) + (w StateField.PC 0x1267c8#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x19#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w StateField.PC 0x1267c4#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x16#5) s) 0x0#128) + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))))) + (w StateField.PC 0x1267c0#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) + 0x0#128) + (w (StateField.SFP 0x15#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 + (DPSFP.sha512su1 (r (StateField.SFP 0x13#5) s) (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x12#5) s ++ r (StateField.SFP 0x11#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 + (DPSFP.sha512su1 (r (StateField.SFP 0x13#5) s) (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x14#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x12#5) s ++ r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (w StateField.PC 0x1267b8#64 + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) + (w StateField.PC 0x1267b4#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 (r (StateField.SFP 0x12#5) s ++ r (StateField.SFP 0x11#5) s)) + (w (StateField.SFP 0x15#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x16#5) s) (r (StateField.SFP 0x15#5) s)) + (w StateField.PC 0x1267ac#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x15#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x15#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x1267a4#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + (w StateField.PC 0x1267a0#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128)) + (w StateField.PC 0x12679c#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x15#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x15#5) s) + 0x0#128)) + (w StateField.PC 0x126798#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x126794#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x15#5) s) 0x0#128) + (w (StateField.SFP 0x4#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 + (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)))) + (w StateField.PC 0x126790#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128) + (w (StateField.SFP 0x14#5) + (DPSFP.sha512su1 (r (StateField.SFP 0x13#5) s) + (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x14#5) s)) + (w StateField.PC 0x126788#64 + (w (StateField.SFP 0x4#5) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + (w StateField.PC 0x126784#64 + s))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +-- #eval 0x126780#64 + 20*4 + +set_option pp.maxSteps 8000 in +#time +theorem program.blocki_eq_0x1267d0 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x1267d0#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w (StateField.SFP 0x3#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))))) + (w StateField.PC 0x126820#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128) + (w (StateField.SFP 0x17#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 + (SHA2.message_schedule_word_aux (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x13#5) s ++ r (StateField.SFP 0x12#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.message_schedule_word_aux (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x13#5) s ++ r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x14#5) s ++ r (StateField.SFP 0x13#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 + (SHA2.message_schedule_word_aux (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x13#5) s ++ r (StateField.SFP 0x12#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.message_schedule_word_aux (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x13#5) s ++ r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x14#5) s ++ r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (w StateField.PC 0x126818#64 + (w (StateField.SFP 0x3#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + (w StateField.PC 0x126814#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 (r (StateField.SFP 0x14#5) s ++ r (StateField.SFP 0x13#5) s)) + (w (StateField.SFP 0x17#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x10#5) s) (r (StateField.SFP 0x17#5) s)) + (w StateField.PC 0x12680c#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126804#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + (w StateField.PC 0x126800#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128)) + (w StateField.PC 0x1267fc#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128)) + (w StateField.PC 0x1267f8#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x1267f4#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x17#5) s) 0x0#128) + (w (StateField.SFP 0x0#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)))) + (w StateField.PC 0x1267f0#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) + 0x0#128) + (w (StateField.SFP 0x16#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x13#5) s ++ + r (StateField.SFP 0x12#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x13#5) s ++ + r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (w StateField.PC 0x1267e8#64 + (w (StateField.SFP 0x0#5) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) + (w StateField.PC 0x1267e4#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x13#5) s ++ + r (StateField.SFP 0x12#5) s)) + (w (StateField.SFP 0x16#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x17#5) s) + (r (StateField.SFP 0x16#5) s)) + (w StateField.PC 0x1267dc#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128) + (w StateField.PC 0x1267d4#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + s)))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +-- #eval 0x1267d0#64 + 20*4 + +#time +theorem program.blocki_eq_0x126820 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126820#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w StateField.PC 0x126870#64 + (w (StateField.SFP 0x7#5) (extractLsb' 64 128 (r (StateField.SFP 0x16#5) s ++ r (StateField.SFP 0x15#5) s)) + (w (StateField.SFP 0x11#5) (DPSFP.sha512su0 (r (StateField.SFP 0x12#5) s) (r (StateField.SFP 0x11#5) s)) + (w StateField.PC 0x12686c#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x11#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x11#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126864#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s)) + (w StateField.PC 0x126860#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))) + 0x0#128)) + (w StateField.PC 0x12685c#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x11#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x11#5) s) 0x0#128)) + (w StateField.PC 0x126858#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x18#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w StateField.PC 0x126854#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x11#5) s) + 0x0#128) + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))))) + (w StateField.PC 0x126850#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))) + 0x0#128) + (w (StateField.SFP 0x10#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x15#5) s ++ r (StateField.SFP 0x14#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x15#5) s ++ r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (w StateField.PC 0x126848#64 + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))) + (w StateField.PC 0x126844#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x15#5) s ++ r (StateField.SFP 0x14#5) s)) + (w (StateField.SFP 0x10#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x11#5) s) + (r (StateField.SFP 0x10#5) s)) + (w StateField.PC 0x12683c#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x2#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x10#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x10#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126834#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + r (StateField.SFP 0x0#5) s)) + (w StateField.PC 0x126830#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ + r (StateField.SFP 0x4#5) s)) + (w StateField.PC 0x12682c#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x10#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x10#5) s) 0x0#128)) + (w StateField.PC 0x126828#64 + (w (StateField.GPR 0x3#5) + (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x19#5) + (read_mem_bytes 16 + (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x126824#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 + BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x10#5) s) 0x0#128) + s))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +#time +theorem program.blocki_eq_0x126870 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126870#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = + w StateField.PC 0x1268c0#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))) + 0x0#128)) + (w StateField.PC 0x1268bc#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x13#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x13#5) s) 0x0#128)) + (w StateField.PC 0x1268b8#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x18#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w StateField.PC 0x1268b4#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x13#5) s) 0x0#128) + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))))) + (w StateField.PC 0x1268b0#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))) + 0x0#128) + (w (StateField.SFP 0x12#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 + (DPSFP.sha512su1 (r (StateField.SFP 0x10#5) s) (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x17#5) s ++ r (StateField.SFP 0x16#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 + (DPSFP.sha512su1 (r (StateField.SFP 0x10#5) s) (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x11#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x17#5) s ++ r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (w StateField.PC 0x1268a8#64 + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))) + (w StateField.PC 0x1268a4#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 (r (StateField.SFP 0x17#5) s ++ r (StateField.SFP 0x16#5) s)) + (w (StateField.SFP 0x12#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x13#5) s) (r (StateField.SFP 0x12#5) s)) + (w StateField.PC 0x12689c#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x12#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x12#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126894#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + (w StateField.PC 0x126890#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128)) + (w StateField.PC 0x12688c#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x12#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x12#5) s) + 0x0#128)) + (w StateField.PC 0x126888#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x19#5) + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x126884#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x12#5) s) 0x0#128) + (w (StateField.SFP 0x4#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 + (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)))) + (w StateField.PC 0x126880#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128) + (w (StateField.SFP 0x11#5) + (DPSFP.sha512su1 (r (StateField.SFP 0x10#5) s) + (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x11#5) s)) + (w StateField.PC 0x126878#64 + (w (StateField.SFP 0x4#5) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + (w StateField.PC 0x126874#64 + s))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +set_option pp.maxSteps 8000 in +#time +theorem program.blocki_eq_0x1268c0 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x1268c0#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w (StateField.SFP 0x3#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s))))) + (w StateField.PC 0x126910#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s))) + 0x0#128) + (w (StateField.SFP 0x14#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 + (SHA2.message_schedule_word_aux (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x10#5) s ++ r (StateField.SFP 0x17#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.message_schedule_word_aux (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x10#5) s ++ r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x11#5) s ++ r (StateField.SFP 0x10#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 + (SHA2.message_schedule_word_aux (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x10#5) s ++ r (StateField.SFP 0x17#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.message_schedule_word_aux (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x10#5) s ++ r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x11#5) s ++ r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s))) + (w StateField.PC 0x126908#64 + (w (StateField.SFP 0x3#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s))) + (w StateField.PC 0x126904#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 (r (StateField.SFP 0x11#5) s ++ r (StateField.SFP 0x10#5) s)) + (w (StateField.SFP 0x14#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x15#5) s) (r (StateField.SFP 0x14#5) s)) + (w StateField.PC 0x1268fc#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x14#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x14#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x1268f4#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + (w StateField.PC 0x1268f0#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128)) + (w StateField.PC 0x1268ec#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x14#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x14#5) s) 0x0#128)) + (w StateField.PC 0x1268e8#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x19#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x1268e4#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x14#5) s) 0x0#128) + (w (StateField.SFP 0x0#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128)))) + (w StateField.PC 0x1268e0#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128)) + 0x0#128) + (w (StateField.SFP 0x13#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x10#5) s ++ + r (StateField.SFP 0x17#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x10#5) s ++ + r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (w StateField.PC 0x1268d8#64 + (w (StateField.SFP 0x0#5) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128)) + (w StateField.PC 0x1268d4#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x10#5) s ++ + r (StateField.SFP 0x17#5) s)) + (w (StateField.SFP 0x13#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x14#5) s) + (r (StateField.SFP 0x13#5) s)) + (w StateField.PC 0x1268cc#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128) + (w StateField.PC 0x1268c4#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + s)))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +#time +theorem program.blocki_eq_0x126910 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126910#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w StateField.PC 0x126960#64 + (w (StateField.SFP 0x7#5) (extractLsb' 64 128 (r (StateField.SFP 0x13#5) s ++ r (StateField.SFP 0x12#5) s)) + (w (StateField.SFP 0x16#5) (DPSFP.sha512su0 (r (StateField.SFP 0x17#5) s) (r (StateField.SFP 0x16#5) s)) + (w StateField.PC 0x12695c#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x16#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x16#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126954#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s)) + (w StateField.PC 0x126950#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) + 0x0#128)) + (w StateField.PC 0x12694c#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x16#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x16#5) s) 0x0#128)) + (w StateField.PC 0x126948#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x19#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w StateField.PC 0x126944#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x16#5) s) + 0x0#128) + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))))) + (w StateField.PC 0x126940#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) + 0x0#128) + (w (StateField.SFP 0x15#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x12#5) s ++ r (StateField.SFP 0x11#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x12#5) s ++ r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (w StateField.PC 0x126938#64 + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) + (w StateField.PC 0x126934#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x12#5) s ++ r (StateField.SFP 0x11#5) s)) + (w (StateField.SFP 0x15#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x16#5) s) + (r (StateField.SFP 0x15#5) s)) + (w StateField.PC 0x12692c#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x2#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x15#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x15#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126924#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + r (StateField.SFP 0x0#5) s)) + (w StateField.PC 0x126920#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ + r (StateField.SFP 0x4#5) s)) + (w StateField.PC 0x12691c#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x15#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x15#5) s) 0x0#128)) + (w StateField.PC 0x126918#64 + (w (StateField.GPR 0x3#5) + (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) + (read_mem_bytes 16 + (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x126914#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 + BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x15#5) s) 0x0#128) + s))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +#time +theorem program.blocki_eq_0x126960 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126960#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w StateField.PC 0x1269b0#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128)) + (w StateField.PC 0x1269ac#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x10#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x10#5) s) 0x0#128)) + (w StateField.PC 0x1269a8#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x19#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w StateField.PC 0x1269a4#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x10#5) s) 0x0#128) + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))))) + (w StateField.PC 0x1269a0#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128) + (w (StateField.SFP 0x17#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 + (DPSFP.sha512su1 (r (StateField.SFP 0x15#5) s) (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x14#5) s ++ r (StateField.SFP 0x13#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 + (DPSFP.sha512su1 (r (StateField.SFP 0x15#5) s) (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x16#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x14#5) s ++ r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (w StateField.PC 0x126998#64 + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + (w StateField.PC 0x126994#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 (r (StateField.SFP 0x14#5) s ++ r (StateField.SFP 0x13#5) s)) + (w (StateField.SFP 0x17#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x10#5) s) (r (StateField.SFP 0x17#5) s)) + (w StateField.PC 0x12698c#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x17#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x17#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126984#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + (w StateField.PC 0x126980#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128)) + (w StateField.PC 0x12697c#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x17#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x17#5) s) + 0x0#128)) + (w StateField.PC 0x126978#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x126974#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128) + (w (StateField.SFP 0x4#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 + (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)))) + (w StateField.PC 0x126970#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128) + (w (StateField.SFP 0x16#5) + (DPSFP.sha512su1 (r (StateField.SFP 0x15#5) s) + (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x16#5) s)) + (w StateField.PC 0x126968#64 + (w (StateField.SFP 0x4#5) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + (w StateField.PC 0x126964#64 + s))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +-- #eval 0x126960#64 + 20*4 + +set_option pp.maxSteps 8000 in +#time +theorem program.blocki_eq_0x1269b0 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x1269b0#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w (StateField.SFP 0x3#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))))) + (w StateField.PC 0x126a00#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))) + 0x0#128) + (w (StateField.SFP 0x11#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 + (SHA2.message_schedule_word_aux (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x15#5) s ++ r (StateField.SFP 0x14#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.message_schedule_word_aux (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x15#5) s ++ r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x16#5) s ++ r (StateField.SFP 0x15#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 + (SHA2.message_schedule_word_aux (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x15#5) s ++ r (StateField.SFP 0x14#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.message_schedule_word_aux (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x15#5) s ++ r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x16#5) s ++ r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (w StateField.PC 0x1269f8#64 + (w (StateField.SFP 0x3#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))) + (w StateField.PC 0x1269f4#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 (r (StateField.SFP 0x16#5) s ++ r (StateField.SFP 0x15#5) s)) + (w (StateField.SFP 0x11#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x12#5) s) (r (StateField.SFP 0x11#5) s)) + (w StateField.PC 0x1269ec#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x11#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x11#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x1269e4#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + (w StateField.PC 0x1269e0#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128)) + (w StateField.PC 0x1269dc#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x11#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x11#5) s) 0x0#128)) + (w StateField.PC 0x1269d8#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x1269d4#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x11#5) s) 0x0#128) + (w (StateField.SFP 0x0#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)))) + (w StateField.PC 0x1269d0#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) + 0x0#128) + (w (StateField.SFP 0x10#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x15#5) s ++ + r (StateField.SFP 0x14#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x15#5) s ++ + r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (w StateField.PC 0x1269c8#64 + (w (StateField.SFP 0x0#5) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) + (w StateField.PC 0x1269c4#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x15#5) s ++ + r (StateField.SFP 0x14#5) s)) + (w (StateField.SFP 0x10#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x11#5) s) + (r (StateField.SFP 0x10#5) s)) + (w StateField.PC 0x1269bc#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128) + (w StateField.PC 0x1269b4#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + s)))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +#time +theorem program.blocki_eq_0x126a00 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126a00#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w StateField.PC 0x126a50#64 + (w (StateField.SFP 0x7#5) (extractLsb' 64 128 (r (StateField.SFP 0x10#5) s ++ r (StateField.SFP 0x17#5) s)) + (w (StateField.SFP 0x13#5) (DPSFP.sha512su0 (r (StateField.SFP 0x14#5) s) (r (StateField.SFP 0x13#5) s)) + (w StateField.PC 0x126a4c#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x13#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x13#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126a44#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s)) + (w StateField.PC 0x126a40#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))) + 0x0#128)) + (w StateField.PC 0x126a3c#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x13#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x13#5) s) 0x0#128)) + (w StateField.PC 0x126a38#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x18#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w StateField.PC 0x126a34#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x13#5) s) + 0x0#128) + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s)))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))))) + (w StateField.PC 0x126a30#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))) + 0x0#128) + (w (StateField.SFP 0x12#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x17#5) s ++ r (StateField.SFP 0x16#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x17#5) s ++ r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (w StateField.PC 0x126a28#64 + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x12#5) s))) + (w StateField.PC 0x126a24#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x17#5) s ++ r (StateField.SFP 0x16#5) s)) + (w (StateField.SFP 0x12#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x13#5) s) + (r (StateField.SFP 0x12#5) s)) + (w StateField.PC 0x126a1c#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x2#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x12#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x12#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126a14#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + r (StateField.SFP 0x0#5) s)) + (w StateField.PC 0x126a10#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ + r (StateField.SFP 0x4#5) s)) + (w StateField.PC 0x126a0c#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x12#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x12#5) s) 0x0#128)) + (w StateField.PC 0x126a08#64 + (w (StateField.GPR 0x3#5) + (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x19#5) + (read_mem_bytes 16 + (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x126a04#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 + BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x12#5) s) 0x0#128) + s))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +#time +theorem program.blocki_eq_0x126a50 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126a50#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w StateField.PC 0x126aa0#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s))) + 0x0#128)) + (w StateField.PC 0x126a9c#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x15#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x15#5) s) 0x0#128)) + (w StateField.PC 0x126a98#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x18#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w StateField.PC 0x126a94#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x15#5) s) 0x0#128) + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s))))) + (w StateField.PC 0x126a90#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s))) + 0x0#128) + (w (StateField.SFP 0x14#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 + (DPSFP.sha512su1 (r (StateField.SFP 0x12#5) s) (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x11#5) s ++ r (StateField.SFP 0x10#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 + (DPSFP.sha512su1 (r (StateField.SFP 0x12#5) s) (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x13#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x11#5) s ++ r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s))) + (w StateField.PC 0x126a88#64 + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s))) + (w StateField.PC 0x126a84#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 (r (StateField.SFP 0x11#5) s ++ r (StateField.SFP 0x10#5) s)) + (w (StateField.SFP 0x14#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x15#5) s) (r (StateField.SFP 0x14#5) s)) + (w StateField.PC 0x126a7c#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x14#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x14#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126a74#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + (w StateField.PC 0x126a70#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) (r (StateField.SFP 0x4#5) s)) + 0x0#128)) + (w StateField.PC 0x126a6c#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x14#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x14#5) s) + 0x0#128)) + (w StateField.PC 0x126a68#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x19#5) + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x126a64#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x14#5) s) 0x0#128) + (w (StateField.SFP 0x4#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 + (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)))) + (w StateField.PC 0x126a60#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + 0x0#128) + (w (StateField.SFP 0x13#5) + (DPSFP.sha512su1 (r (StateField.SFP 0x12#5) s) + (r (StateField.SFP 0x7#5) s) + (r (StateField.SFP 0x13#5) s)) + (w StateField.PC 0x126a58#64 + (w (StateField.SFP 0x4#5) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (r (StateField.SFP 0x4#5) s)) + (w StateField.PC 0x126a54#64 + s))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +set_option pp.maxSteps 8000 in +#time +theorem program.blocki_eq_0x126aa0 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126aa0#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w (StateField.SFP 0x3#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s))))) + (w StateField.PC 0x126af0#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s))) + 0x0#128) + (w (StateField.SFP 0x16#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 + (SHA2.message_schedule_word_aux (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x12#5) s ++ r (StateField.SFP 0x11#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.message_schedule_word_aux (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x12#5) s ++ r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x13#5) s ++ r (StateField.SFP 0x12#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 + (SHA2.message_schedule_word_aux (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x12#5) s ++ r (StateField.SFP 0x11#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.message_schedule_word_aux (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x12#5) s ++ r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x13#5) s ++ r (StateField.SFP 0x12#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (w StateField.PC 0x126ae8#64 + (w (StateField.SFP 0x3#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x18#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s))) + (w StateField.PC 0x126ae4#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 (r (StateField.SFP 0x13#5) s ++ r (StateField.SFP 0x12#5) s)) + (w (StateField.SFP 0x16#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x17#5) s) (r (StateField.SFP 0x16#5) s)) + (w StateField.PC 0x126adc#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x16#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x16#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126ad4#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + (w StateField.PC 0x126ad0#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128)) + 0x0#128)) + (w StateField.PC 0x126acc#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x16#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x18#5) s) + (r (StateField.SFP 0x16#5) s) 0x0#128)) + (w StateField.PC 0x126ac8#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x19#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x126ac4#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x18#5) s) (r (StateField.SFP 0x16#5) s) 0x0#128) + (w (StateField.SFP 0x0#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128)))) + (w StateField.PC 0x126ac0#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128)) + 0x0#128) + (w (StateField.SFP 0x15#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x12#5) s ++ + r (StateField.SFP 0x11#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 (r (StateField.SFP 0x14#5) s)) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x12#5) s ++ + r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (w StateField.PC 0x126ab8#64 + (w (StateField.SFP 0x0#5) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x19#5) s) + 0x0#128)) + (w StateField.PC 0x126ab4#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x12#5) s ++ + r (StateField.SFP 0x11#5) s)) + (w (StateField.SFP 0x15#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x16#5) s) + (r (StateField.SFP 0x15#5) s)) + (w StateField.PC 0x126aac#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x19#5) s) 0x0#128) + (w StateField.PC 0x126aa4#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + r (StateField.SFP 0x4#5) s)) + s)))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +set_option pp.maxSteps 8000 in +#time +theorem program.blocki_eq_0x126af0 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126af0#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w (StateField.SFP 0x4#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x10#5) s))) + (w StateField.PC 0x126b40#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x10#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x10#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126b38#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s)) + (w StateField.PC 0x126b34#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128)) + (w StateField.PC 0x126b30#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x10#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x10#5) s) 0x0#128)) + (w StateField.PC 0x126b2c#64 + (w (StateField.GPR 0x1#5) (r (StateField.GPR 0x1#5) s + 0x10#64) + (w (StateField.SFP 0x10#5) (read_mem_bytes 16 (r (StateField.GPR 0x1#5) s) s) + (w StateField.PC 0x126b28#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) (r (StateField.SFP 0x10#5) s) + 0x0#128) + (w StateField.PC 0x126b24#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x19#5) + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))))) + (w StateField.PC 0x126b20#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128) + (w (StateField.SFP 0x17#5) + (SHA2.message_schedule_word_aux + (extractLsb' 64 64 (r (StateField.SFP 0x16#5) s)) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x14#5) s ++ r (StateField.SFP 0x13#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x10#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.message_schedule_word_aux + (extractLsb' 0 64 (r (StateField.SFP 0x16#5) s)) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x14#5) s ++ r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (w StateField.PC 0x126b18#64 + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + (w StateField.PC 0x126b14#64 + (w (StateField.SFP 0x7#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x14#5) s ++ r (StateField.SFP 0x13#5) s)) + (w (StateField.SFP 0x17#5) + (DPSFP.sha512su0 (r (StateField.SFP 0x10#5) s) + (r (StateField.SFP 0x17#5) s)) + (w StateField.PC 0x126b0c#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x2#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126b04#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + r (StateField.SFP 0x0#5) s)) + (w StateField.PC 0x126b00#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ + r (StateField.SFP 0x4#5) s)) + (w StateField.PC 0x126afc#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128)) + (w StateField.PC 0x126af8#64 + (w (StateField.GPR 0x3#5) + (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) + (read_mem_bytes 16 + (r (StateField.GPR 0x3#5) s) s) + (w StateField.PC 0x126af4#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 + BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128) + s)))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +#time +theorem program.blocki_eq_0x126b40 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126b40#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w StateField.PC 0x126b90#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))) + 0x0#128 ++ + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 (r (StateField.SFP 0x4#5) s) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 (r (StateField.SFP 0x4#5) s))))) + (w StateField.PC 0x126b8c#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))) + 0x0#128)) + (w StateField.PC 0x126b88#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x12#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x12#5) s) 0x0#128)) + (w StateField.PC 0x126b84#64 + (w (StateField.GPR 0x1#5) (r (StateField.GPR 0x1#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x12#5) (read_mem_bytes 16 (r (StateField.GPR 0x1#5) s + 0x10#64) s) + (w StateField.PC 0x126b80#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x12#5) s) 0x0#128) + (w StateField.PC 0x126b7c#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x19#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 (r (StateField.SFP 0x4#5) s) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 (r (StateField.SFP 0x4#5) s) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 (r (StateField.SFP 0x4#5) s) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)))) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 (r (StateField.SFP 0x4#5) s) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 (r (StateField.SFP 0x4#5) s) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 (r (StateField.SFP 0x4#5) s) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))))) + (w StateField.PC 0x126b78#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))) + 0x0#128) + (w StateField.PC 0x126b70#64 + (w (StateField.SFP 0x11#5) + (DPSFP.vrev128_64_8 (read_mem_bytes 16 (r (StateField.GPR 0x1#5) s) s)) + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x11#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x11#5) s))) + (w StateField.PC 0x126b6c#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x11#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x11#5) s) + 0x0#128)) + 0x0#128) + (w StateField.PC 0x126b64#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128 ++ + r (StateField.SFP 0x2#5) s)) + (w StateField.PC 0x126b60#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x4#5) s) + 0x0#128)) + (w StateField.PC 0x126b5c#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x11#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x11#5) s) 0x0#128)) + (w StateField.PC 0x126b58#64 + (w (StateField.GPR 0x1#5) + (r (StateField.GPR 0x1#5) s + 0x10#64) + (w (StateField.SFP 0x11#5) + (read_mem_bytes 16 (r (StateField.GPR 0x1#5) s) s) + (w StateField.PC 0x126b54#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x11#5) s) 0x0#128) + (w StateField.PC 0x126b50#64 + (w (StateField.GPR 0x3#5) + (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) + (read_mem_bytes 16 + (r (StateField.GPR 0x3#5) s) s) + (w (StateField.SFP 0x4#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 + (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (r (StateField.SFP 0x4#5) s) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (r (StateField.SFP 0x2#5) s)) + (extractLsb' 0 64 + (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 64 64 + (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 + (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x2#5) s)) + + extractLsb' 0 64 + (r (StateField.SFP 0x4#5) s))) + (w StateField.PC 0x126b4c#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 + BitVec.add + (r (StateField.SFP 0x3#5) s) + (r (StateField.SFP 0x4#5) s) 0x0#128) + (w StateField.PC 0x126b44#64 + (w (StateField.SFP 0x10#5) + (DPSFP.vrev128_64_8 + (r (StateField.SFP 0x10#5) s)) + s)))))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +set_option pp.maxSteps 8000 in +#time +theorem program.blocki_eq_0x126b90 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126b90#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w StateField.PC 0x126be0#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x14#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x14#5) s) 0x0#128)) + (w StateField.PC 0x126bdc#64 + (w (StateField.GPR 0x1#5) (r (StateField.GPR 0x1#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x14#5) (read_mem_bytes 16 (r (StateField.GPR 0x1#5) s + 0x10#64) s) + (w StateField.PC 0x126bd8#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x14#5) s) 0x0#128) + (w StateField.PC 0x126bd4#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x19#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w (StateField.SFP 0x3#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))))) + (w StateField.PC 0x126bd0#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))) + 0x0#128) + (w StateField.PC 0x126bc8#64 + (w (StateField.SFP 0x13#5) + (DPSFP.vrev128_64_8 (read_mem_bytes 16 (r (StateField.GPR 0x1#5) s) s)) + (w (StateField.SFP 0x3#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x13#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x13#5) s))) + (w StateField.PC 0x126bc4#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x13#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x13#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126bbc#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x1#5) s)) + (w StateField.PC 0x126bb8#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x3#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) (r (StateField.SFP 0x18#5) s) + 0x0#128)) + 0x0#128)) + (w StateField.PC 0x126bb4#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x13#5) s) + 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x13#5) s) + 0x0#128)) + (w StateField.PC 0x126bb0#64 + (w (StateField.GPR 0x1#5) (r (StateField.GPR 0x1#5) s + 0x10#64) + (w (StateField.SFP 0x13#5) + (read_mem_bytes 16 (r (StateField.GPR 0x1#5) s) s) + (w StateField.PC 0x126bac#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x13#5) s) 0x0#128) + (w StateField.PC 0x126ba8#64 + (w (StateField.GPR 0x3#5) + (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (w (StateField.SFP 0x0#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 + (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 + BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (r (StateField.SFP 0x1#5) s)) + (extractLsb' 0 64 + (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x1#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 + BitVec.add + (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) + 0x0#128))) + (extractLsb' 0 64 + (r (StateField.SFP 0x1#5) s)) + (extractLsb' 64 64 + (r (StateField.SFP 0x1#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 + BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)))) + (w StateField.PC 0x126ba4#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x4#5) s) + (DPSFP.sha512h (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 + BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126b9c#64 + (w (StateField.SFP 0x12#5) + (DPSFP.vrev128_64_8 + (r (StateField.SFP 0x12#5) s)) + (w (StateField.SFP 0x0#5) + (DPSFP.sha512h + (r (StateField.SFP 0x5#5) s) + (r (StateField.SFP 0x6#5) s) + (DPSFP.binary_vector_op_aux 0 2 64 + BitVec.add + (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) + 0x0#128)) + (w StateField.PC 0x126b98#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 + BitVec.add + (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x18#5) s) + 0x0#128) + s))))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +set_option pp.maxSteps 8000 in +#time +theorem program.blocki_eq_0x126be0 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126be0#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w StateField.PC 0x126c30#64 + (w (StateField.SFP 0x18#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (r (StateField.SFP 0x16#5) s) 0x0#128) + (w StateField.PC 0x126c2c#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x19#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s + 0x10#64) s) + (w (StateField.SFP 0x4#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))))) + (w StateField.PC 0x126c28#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) + 0x0#128) + (w StateField.PC 0x126c20#64 + (w (StateField.SFP 0x15#5) (DPSFP.vrev128_64_8 (read_mem_bytes 16 (r (StateField.GPR 0x1#5) s) s)) + (w (StateField.SFP 0x4#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x15#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x15#5) s))) + (w StateField.PC 0x126c1c#64 + (w (StateField.SFP 0x4#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x15#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x15#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126c14#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x3#5) s)) + (w StateField.PC 0x126c10#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128)) + (w StateField.PC 0x126c0c#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x15#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x15#5) s) 0x0#128)) + (w StateField.PC 0x126c08#64 + (w (StateField.GPR 0x1#5) (r (StateField.GPR 0x1#5) s + 0x10#64) + (w (StateField.SFP 0x15#5) + (read_mem_bytes 16 (r (StateField.GPR 0x1#5) s) s) + (w StateField.PC 0x126c04#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x19#5) s) (r (StateField.SFP 0x15#5) s) 0x0#128) + (w StateField.PC 0x126c00#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) + (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + (w (StateField.SFP 0x2#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ + r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ + r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x3#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x3#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ + r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)))) + (w StateField.PC 0x126bfc#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ + r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126bf4#64 + (w (StateField.SFP 0x14#5) + (DPSFP.vrev128_64_8 (r (StateField.SFP 0x14#5) s)) + (w (StateField.SFP 0x2#5) + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ + r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + r (StateField.SFP 0x0#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128)) + (w StateField.PC 0x126bf0#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x2#5) s) + (r (StateField.SFP 0x18#5) s) 0x0#128) + (w StateField.PC 0x126be8#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x4#5) s ++ + r (StateField.SFP 0x0#5) s)) + (w StateField.PC 0x126be4#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x2#5) s ++ + r (StateField.SFP 0x4#5) s)) + s)))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +set_option pp.maxSteps 8000 in +#time +theorem program.blocki_eq_0x126c30 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126c30#64) + (h_err : r StateField.ERR s = StateError.None) : + run 20 s = w (StateField.SFP 0x0#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128))))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128))))) + + extractLsb' 64 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s)))) + (extractLsb' 0 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128))))) + (extractLsb' 64 64 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128))))) + + extractLsb' 0 64 + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))))) + (w StateField.PC 0x126c80#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x4#5) s) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + 0x0#128) + (w StateField.PC 0x126c78#64 + (w (StateField.SFP 0x17#5) (DPSFP.vrev128_64_8 (read_mem_bytes 16 (r (StateField.GPR 0x1#5) s + 0x10#64) s)) + (w (StateField.SFP 0x0#5) + (SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s)) ++ + SHA2.compression_update_t1 + (extractLsb' 0 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s)) + + SHA2.compression_update_t1 + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 64 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 0 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x17#5) s))) + (extractLsb' 64 64 + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s))) + (extractLsb' 0 64 + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x0#5) s)) (extractLsb' 64 64 (r (StateField.SFP 0x19#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x17#5) s))) + (w StateField.PC 0x126c74#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128)) + 0x0#128) + (w StateField.PC 0x126c6c#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128 ++ + r (StateField.SFP 0x4#5) s)) + (w StateField.PC 0x126c68#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128)) + (w StateField.PC 0x126c64#64 + (w (StateField.SFP 0x19#5) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128)) + (w StateField.PC 0x126c60#64 + (w (StateField.GPR 0x1#5) (r (StateField.GPR 0x1#5) s + 0x10#64 + 0x10#64) + (w (StateField.SFP 0x17#5) + (read_mem_bytes 16 (r (StateField.GPR 0x1#5) s + 0x10#64) s) + (w StateField.PC 0x126c5c#64 + (w (StateField.SFP 0x19#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x19#5) s) + (r (StateField.SFP 0x17#5) s) 0x0#128) + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s - 0x280#64) + (w StateField.PC 0x126c58#64 + (w (StateField.SFP 0x1#5) + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) ++ + (SHA2.compression_update_t2 + (SHA2.compression_update_t2 + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 0 64 (r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 64 64 + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x18#5) s ++ + r (StateField.SFP 0x18#5) s)) + 0x0#128))) + (extractLsb' 0 64 (r (StateField.SFP 0x4#5) s)) + (extractLsb' 64 64 (r (StateField.SFP 0x4#5) s)) + + extractLsb' 0 64 + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)))) + (w StateField.PC 0x126c54#64 + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x2#5) s) + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x18#5) s ++ r (StateField.SFP 0x18#5) s)) + 0x0#128)) + 0x0#128) + (w StateField.PC 0x126c4c#64 + (w (StateField.SFP 0x16#5) + (DPSFP.vrev128_64_8 + (read_mem_bytes 16 (r (StateField.GPR 0x1#5) s) s)) + (w (StateField.SFP 0x1#5) + (DPSFP.sha512h + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ r (StateField.SFP 0x0#5) s)) + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ r (StateField.SFP 0x2#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x18#5) s ++ + r (StateField.SFP 0x18#5) s)) + 0x0#128)) + (w StateField.PC 0x126c48#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add + (r (StateField.SFP 0x1#5) s) + (extractLsb' 64 128 + (r (StateField.SFP 0x18#5) s ++ + r (StateField.SFP 0x18#5) s)) + 0x0#128) + (w StateField.PC 0x126c40#64 + (w (StateField.SFP 0x6#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x0#5) s ++ + r (StateField.SFP 0x2#5) s)) + (w StateField.PC 0x126c3c#64 + (w (StateField.SFP 0x5#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x1#5) s ++ + r (StateField.SFP 0x0#5) s)) + (w StateField.PC 0x126c38#64 + (w (StateField.SFP 0x18#5) + (extractLsb' 64 128 + (r (StateField.SFP 0x18#5) s ++ + r (StateField.SFP 0x18#5) s)) + (w StateField.PC 0x126c34#64 + (w (StateField.GPR 0x1#5) + (r (StateField.GPR 0x1#5) s + 0x10#64) + (w (StateField.SFP 0x16#5) + (read_mem_bytes 16 + (r (StateField.GPR 0x1#5) s) s) + s))))))))))))))))))))))))))))))))))))) + := by + generalize h_run : run 20 s = sf + replace h_run := h_run.symm + sym_n 20 + simp (config := {decide := true}) only + [h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_20 + exact h_step_20 + done + +#time +theorem program.blocki_eq_0x126c80 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126c80#64) + (h_err : r StateField.ERR s = StateError.None) : + run 5 s = w StateField.PC (if ¬r (StateField.GPR 0x2#5) s = 0x0#64 then 0x126500#64 else 0x126c94#64) + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x1d#5) s) 0x0#128) + (w StateField.PC 0x126c8c#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) (r (StateField.SFP 0x1c#5) s) + 0x0#128) + (w StateField.PC 0x126c88#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) (r (StateField.SFP 0x1b#5) s) + 0x0#128) + (w StateField.PC 0x126c84#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x1a#5) s) 0x0#128) + s))))))) + := by + generalize h_run : run 5 s = sf + replace h_run := h_run.symm + sym_n 5 + simp (config := {decide := true}) only + [h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_5 + exact h_step_5 + done diff --git a/Proofs/SHA512/SHA512StepLemmas.lean b/Proofs/SHA512/SHA512StepLemmas.lean index ee35149a..62b55373 100644 --- a/Proofs/SHA512/SHA512StepLemmas.lean +++ b/Proofs/SHA512/SHA512StepLemmas.lean @@ -10,8 +10,10 @@ import Tactics.StepThms -- set_option trace.gen_step.debug.heartBeats true in -- set_option trace.gen_step.print_names true in set_option maxHeartbeats 2000000 in +#time #genStepEqTheorems SHA512.program + /-- info: SHA512.program.stepi_eq_0x126c90 {s : ArmState} (h_program : s.program = SHA512.program) (h_pc : r StateField.PC s = 1207440#64) (h_err : r StateField.ERR s = StateError.None) : diff --git a/Tactics/Sym.lean b/Tactics/Sym.lean index bd7bc808..2979c155 100644 --- a/Tactics/Sym.lean +++ b/Tactics/Sym.lean @@ -19,12 +19,12 @@ open Sym (withTraceNode withInfoTraceNode) /-- A wrapper around `evalTactic` that traces the passed tactic script, executes those tactics, and then traces the new goal state -/ -private def evalTacticAndTrace (tactic : TSyntax `tactic) : TacticM Unit := +def evalTacticAndTrace (tactic : TSyntax `tactic) : TacticM Unit := withTraceNode m!"running: {tactic}" <| do evalTactic tactic trace[Tactic.sym] "new goal state:\n{← getGoals}" -private def Sym.traceHeartbeats (header : Option String := none) := +def Sym.traceHeartbeats (header : Option String := none) := _root_.traceHeartbeats `Tactic.sym.heartbeats header open Sym (traceHeartbeats) @@ -291,7 +291,7 @@ def sym1 (whileTac : TSyntax `tactic) : SymM Unit := do prepareForNextStep let goal ← getMainGoal - let goal ← goal.clear hStep.fvarId + -- let goal ← goal.clear hStep.fvarId replaceMainGoal [goal] traceHeartbeats diff --git a/Tactics/SymBlock.lean b/Tactics/SymBlock.lean new file mode 100644 index 00000000..db5b6af7 --- /dev/null +++ b/Tactics/SymBlock.lean @@ -0,0 +1,287 @@ +/- +Copyright (c) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. +Released under Apache 2.0 license as described in the file LICENSE. +Author(s): Shilpi Goel, Alex Keizer +-/ +import Arm.Exec +import Arm.Memory.MemoryProofs +import Tactics.FetchAndDecode +import Tactics.Sym.Context +import Tactics.Sym + +import Lean + +open BitVec +open Lean +open Lean.Meta Lean.Elab.Tactic + +open AxEffects SymContext +open Sym (withTraceNode withInfoTraceNode traceHeartbeats) + +/-- `init_next_block h_run blocki_eq sn block_size steps_left` splits the hypothesis + `h_run: s_final = run (n + block_size) s` +by adding a new state variable, `sn`, and two new hypotheses: + `blocki_eq : run block_size s = s_next` + `h_run' : s_final = run n s_next` +to the local context of the main goal. +The names are obtained from the respectively named arguments to the tactic -/ +macro "init_next_block" h_run:ident blocki_eq:ident sn:ident block_size:num steps_left:num : tactic => + `(tactic| + (-- use `let` over `obtain` to prevent `.intro` goal tags + let ⟨$sn:ident, ⟨$blocki_eq:ident, h_run_new⟩⟩ := + @run_oneblock _ _ $block_size:num $steps_left:num $h_run:ident + replace $h_run:ident := h_run_new + clear h_run_new + )) + +section blockiTac + +/-- Apply the relevant pre-generated block lemma to an expression + `blocki_eq : run ?n ?s = ?s'` +to add a new local hypothesis in terms of `w` and `write_mem` + `h_block_s' : ?s' = w _ _ (w _ _ (... ?s))` +-/ +def blockiTac (blockiEq : Expr) (hBlock : Name) : SymReaderM Unit := fun ctx => + withMainContext' <| + withInfoTraceNode m!"blockiTac: {blockiEq}\n {ctx.runSteps?} {ctx.effects}" (tag := "blockiTac") <| do + let pc := (Nat.toDigits 16 ctx.pc.toNat).asString + -- ^^ The PC in hex + let blockiLemma := Name.str ctx.program s!"blocki_eq_0x{pc}" + let eff := ctx.effects + let hStepExpr ← mkEqTrans + (← mkEqSymm blockiEq) + (← mkAppM blockiLemma #[ + eff.programProof, + (← eff.getField .PC).proof, + (← eff.getField .ERR).proof + ]) + + let goal ← getMainGoal + let ⟨_, goal⟩ ← goal.note hBlock hStepExpr + replaceMainGoal [goal] + +end blockiTac + +def prepareForNextStep' (n : Nat) : SymM Unit := do + withInfoTraceNode "prepareForNextStep'" (tag := "prepareForNextStep'") <| do + let pc ← do + let { value, ..} ← AxEffects.getFieldM .PC + try + reflectBitVecLiteral 64 value + catch err => + trace[Tactic.sym] "failed to reflect PC: {err.toMessageData}" + pure <| (← getThe SymContext).pc + 4 + + modifyThe SymContext (fun c => { c with + pc + runSteps? := (· - n) <$> c.runSteps? + currentStateNumber := c.currentStateNumber + n + }) + +/-- +Symbolically simulate a single step, according the the symbolic simulation +context `c`, returning the context for the next step in simulation. -/ +def sym_block1 (blockSize stepsLeft : Nat) : SymM Unit := do + /- `withCurrHeartbeats` sets the initial heartbeats to the current heartbeats, + effectively resetting our heartbeat budget back to the maximum. -/ + withCurrHeartbeats <| do + + let stateNumber ← getCurrentStateNumber + withTraceNode m!"(sym_block1): simulating block {stateNumber}" (tag:="sym_block1") <| + withMainContext' do + withInfoTraceNode "verbose context" (tag := "infoDump") <| do + traceSymContext + trace[Tactic.sym] "Goal state:\n {← getMainGoal}" + + let blocki_eq := Lean.mkIdent (.mkSimple s!"blocki_{← getCurrentStateName}") + let h_block := Lean.mkIdent (.mkSimple s!"h_block_{stateNumber + blockSize - 1}") + + -- unfoldRun (fun _ => evalTacticAndTrace whileTac) + + -- Add new state to local context + withTraceNode "initNextBlock" (tag := "initNextBlock") <| do + let hRunId := mkIdent <|← getHRunName + let nextStateId := mkIdent <|← getNextStateName + let block_size : TSyntax `num := quote blockSize + let steps_left : TSyntax `num := quote stepsLeft + evalTacticAndTrace <|← `(tactic| + init_next_block $hRunId:ident $blocki_eq:ident $nextStateId:ident $block_size:num $steps_left:num + ) + + -- Apply relevant pre-generated `blocki` lemma + withMainContext' <| do + let blockiEq ← SymContext.findFromUserName blocki_eq.getId + blockiTac blockiEq.toExpr h_block.getId + + -- WORKAROUND: eventually we'd like to eagerly simp away `if`s in the + -- pre-generation of instruction semantics. For now, though, we keep a + -- `simp` here + withMainContext' <| do + let hStep ← SymContext.findFromUserName h_block.getId + + -- If we know SP is aligned, `simp` with that fact + if let some hSp := (← getThe AxEffects).stackAlignmentProof? then + let msg := m!"simplifying {hStep.toExpr} with {hSp}" + withTraceNode msg (tag := "simplifyHStep") <| do + let some goal ← do + let (ctx, simprocs) ← LNSymSimpContext + (config := {decide := false}) (exprs := #[hSp]) + let goal ← getMainGoal + LNSymSimp goal ctx simprocs hStep.fvarId + | throwError "internal error: simp closed goal unexpectedly" + replaceMainGoal [goal] + else + trace[Tactic.sym] "we have no relevant local hypotheses, \ + skipping simplification step" + + -- Prepare `h_program`,`h_err`,`h_pc`, etc. for next state + withMainContext' <| do + let hBlock ← SymContext.findFromUserName h_block.getId + -- ^^ we can't reuse `hBlock` from before, since its fvarId might've been + -- changed by `simp` + explodeStep hBlock.toExpr + prepareForNextStep' blockSize + + let goal ← getMainGoal + let goal ← goal.clear hBlock.fvarId + replaceMainGoal [goal] + + traceHeartbeats + +syntax sym_block_size := "(" "block_size" " := " num ")" + +/- +open Elab.Term (elabTerm) in +elab "sym_block" n:num block_size:(sym_block_size)? s:(sym_at)? : tactic => do + traceHeartbeats "initial heartbeats" + + let s ← s.mapM fun + | `(sym_at|at $s:ident) => pure s.getId + | _ => Lean.Elab.throwUnsupportedSyntax + let block_size ← block_size.mapM fun + | `(sym_block_size|(block_size := $val)) => pure val.getNat + | _ => -- If no block size is specified, we step one instruction at a time. + pure 1 + + let c ← SymContext.fromMainContext s + let total_steps := c.runSteps?.get! + let block_size := block_size.get! + -- let steps_to_simulate := n.getNat + -- let num_blocks := steps_to_simulate / block_size + -- let block_list := List.replicate num_blocks block_size + -- let block_list := if num_blocks * block_size = steps_to_simulate + -- then block_list + -- else block_list ++ [steps_to_simulate % block_size] + + SymM.run' c <| withMainContext' <| do + -- Check pre-conditions + + withMainContext' <| do + -- The main loop + for i in List.range' (step := block_size) 0 n.getNat do + let steps_left := (total_steps - block_size - i) + sym_block1 block_size steps_left + + traceHeartbeats "symbolic simulation total" + withCurrHeartbeats <| + withTraceNode "Post processing" (tag := "postProccessing") <| do + let c ← getThe SymContext + -- Check if we can substitute the final state + if c.runSteps? = some 0 then + let msg := do + let hRun ← userNameToMessageData c.h_run + pure m!"runSteps := 0, substituting along {hRun}" + withMainContext' <| + withTraceNode `Tactic.sym (fun _ => msg) <| do + let sfEq ← mkEq (← getCurrentState) c.finalState + + let goal ← getMainGoal + trace[Tactic.sym] "original goal:\n{goal}" + let ⟨hEqId, goal⟩ ← do + let hRun ← SymContext.findFromUserName c.h_run + goal.note `this (← mkEqSymm hRun.toExpr) sfEq + goal.withContext <| do + trace[Tactic.sym] "added {← userNameToMessageData `this} of type \ + {sfEq} in:\n{goal}" + + let goal ← subst goal hEqId + trace[Tactic.sym] "performed subsitutition in:\n{goal}" + replaceMainGoal [goal] + + -- Rudimentary aggregation: we feed all the axiomatic effect hypotheses + -- added while symbolically evaluating to `simp` + withMainContext' <| + withTraceNode m!"aggregating (non-)effects" (tag := "aggregateEffects") <| do + let goal? ← LNSymSimp (← getMainGoal) c.aggregateSimpCtx c.aggregateSimprocs + replaceMainGoal goal?.toList + + traceHeartbeats "aggregation" +-/ + +open Elab.Term (elabTerm) in +elab "sym_block" n:num block_size:(sym_block_size)? s:(sym_at)? : tactic => do + traceHeartbeats "initial heartbeats" + + let s ← s.mapM fun + | `(sym_at|at $s:ident) => pure s.getId + | _ => Lean.Elab.throwUnsupportedSyntax + let block_size ← block_size.mapM fun + | `(sym_block_size|(block_size := $val)) => pure val.getNat + | _ => -- If no block size is specified, we step one instruction at a time. + pure 1 + + let c ← SymContext.fromMainContext s + -- TODO: Is this `get!` safe? + let total_steps := c.runSteps?.get! + let block_size := block_size.get! + -- The number of instructions, not blocks, the user asked to simulate. + let sim_steps := n.getNat + -- We compute the number of blocks to be simulated using a ceiling divide. + -- Note that the last block can be < `block_size`. + let num_blocks := (sim_steps + block_size - 1) / block_size + + SymM.run' c <| withMainContext' <| do + -- Check pre-conditions + -- TODO + + withMainContext' <| do + -- The main loop + for i in List.range num_blocks do + let block_size' := min (sim_steps - (i * block_size)) block_size + let steps_left := (total_steps - (i * block_size) - block_size') + sym_block1 block_size' steps_left + + traceHeartbeats "symbolic simulation total" + withCurrHeartbeats <| + withTraceNode "Post processing" (tag := "postProccessing") <| do + let c ← getThe SymContext + -- Check if we can substitute the final state + if c.runSteps? = some 0 then + let msg := do + let hRun ← userNameToMessageData c.h_run + pure m!"runSteps := 0, substituting along {hRun}" + withMainContext' <| + withTraceNode `Tactic.sym (fun _ => msg) <| do + let sfEq ← mkEq (← getCurrentState) c.finalState + + let goal ← getMainGoal + trace[Tactic.sym] "original goal:\n{goal}" + let ⟨hEqId, goal⟩ ← do + let hRun ← SymContext.findFromUserName c.h_run + goal.note `this (← mkEqSymm hRun.toExpr) sfEq + goal.withContext <| do + trace[Tactic.sym] "added {← userNameToMessageData `this} of type \ + {sfEq} in:\n{goal}" + + let goal ← subst goal hEqId + trace[Tactic.sym] "performed subsitutition in:\n{goal}" + replaceMainGoal [goal] + + -- Rudimentary aggregation: we feed all the axiomatic effect hypotheses + -- added while symbolically evaluating to `simp` + withMainContext' <| + withTraceNode m!"aggregating (non-)effects" (tag := "aggregateEffects") <| do + let goal? ← LNSymSimp (← getMainGoal) c.aggregateSimpCtx c.aggregateSimprocs + replaceMainGoal goal?.toList + + traceHeartbeats "aggregation" diff --git a/Tests/Tactics/SymBlock.lean b/Tests/Tactics/SymBlock.lean new file mode 100644 index 00000000..bbc57eaf --- /dev/null +++ b/Tests/Tactics/SymBlock.lean @@ -0,0 +1,88 @@ +import Tactics.SymBlock +import Tactics.StepThms + +section Foo + +def ugh_program : Program := + def_program + [(0x12650c#64 , 0x4ea01c1a#32), -- mov v26.16b, v0.16b + (0x126510#64 , 0x4ea11c3b#32), -- mov v27.16b, v1.16b + (0x126514#64 , 0x4ea21c5c#32), -- mov v28.16b, v2.16b + (0x126518#64 , 0x4ea31c7d#32), -- mov v29.16b, v3.16b + (0x12651c#64 , 0x4ea01c1a#32), -- mov v26.16b, v0.16b + (0x126520#64 , 0x4ea11c3b#32), -- mov v27.16b, v1.16b + (0x126524#64 , 0x4ea21c5c#32), -- mov v28.16b, v2.16b + (0x126528#64 , 0x4ea31c7d#32)] -- mov v29.16b, v3.16b + +set_option trace.gen_step.print_names true in +#genStepEqTheorems ugh_program + +#time +-- set_option trace.Tactic.sym.info true in +theorem ugh_program.blocki_eq_0x12650c {s : ArmState} + (h_program : s.program = ugh_program) + (h_pc : r StateField.PC s = 0x12650c#64) + (h_err : r StateField.ERR s = StateError.None) : + run 4 s = + w StateField.PC (1205532#64) + (w (StateField.SFP 29#5) (r (StateField.SFP 3#5) s) + (w StateField.PC (1205528#64) + (w (StateField.SFP 28#5) (r (StateField.SFP 2#5) s) + (w StateField.PC (1205524#64) + (w (StateField.SFP 27#5) (r (StateField.SFP 1#5) s) + (w StateField.PC (1205520#64) (w (StateField.SFP 26#5) (r (StateField.SFP 0#5) s) s))))))) := by + -- generalize h_run : run 4 s = sf + -- replace h_run := h_run.symm + -- sym_n 4 + -- simp (config := {decide := true}) only [h_step_3, h_step_2, h_step_1, bitvec_rules, minimal_theory, state_simp_rules] at h_step_4 + -- assumption + -- done + sorry + +theorem ugh_program.blocki_eq_0x12650c_alt {s : ArmState} + (h_program : s.program = ugh_program) + (h_pc : r StateField.PC s = 0x12650c#64) + (h_err : r StateField.ERR s = StateError.None) : + run 4 s = w StateField.PC (1205532#64) + (w (StateField.SFP 29#5) (r (StateField.SFP 3#5) s) + (w (StateField.SFP 28#5) (r (StateField.SFP 2#5) s) + (w (StateField.SFP 27#5) (r (StateField.SFP 1#5) s) + (w (StateField.SFP 26#5) (r (StateField.SFP 0#5) s) s)))) := by + -- sym_n 4 + -- simp (config := {decide := true}) + -- [h_step_3, h_step_2, h_step_1, state_simp_rules] at h_step_4 + sorry +theorem ugh_program.blocki_eq_0x12651c {s : ArmState} + (h_program : s.program = ugh_program) + (h_pc : r StateField.PC s = 0x12651c#64) + (h_err : r StateField.ERR s = StateError.None) : + run 4 s = w StateField.PC (0x12652c#64) + (w (StateField.SFP 29#5) (r (StateField.SFP 3#5) s) + (w (StateField.SFP 28#5) (r (StateField.SFP 2#5) s) + (w (StateField.SFP 27#5) (r (StateField.SFP 1#5) s) + (w (StateField.SFP 26#5) (r (StateField.SFP 0#5) s) s)))) := by + -- sym_n 4 + -- simp (config := {decide := true}) + -- [h_step_3, h_step_2, h_step_1, state_simp_rules] at h_step_4 + sorry + +#time +theorem test_orig {s0 : ArmState} + (h_program : s0.program = ugh_program) + (h_pc : r StateField.PC s0 = 0x12650c#64) + (h_err : r StateField.ERR s0 = StateError.None) + (h_run : sf = run 8 s0) : + sf.program = ugh_program := by + sym_n 8 (add_hyps := true) + + +#time +-- set_option trace.Tactic.sym.info true in +theorem test {s0 : ArmState} + (h_program : s0.program = ugh_program) + (h_pc : r StateField.PC s0 = 0x12650c#64) + (h_err : r StateField.ERR s0 = StateError.None) + (h_run : sf = run 8 s0) : + sf.program = ugh_program := by + sym_block 8 (block_size := 4) -- 2 blocks: size 4 each + done From 45f4742e63c3c6a842bd45cbfe8fa07e2a1bcbe4 Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Thu, 24 Oct 2024 14:28:41 -0500 Subject: [PATCH 14/20] Clean up sym_block; account for blockSize in some Sym/Context functions --- Proofs/SHA512/SHA512BlockSym.lean | 14 ++-- Tactics/Sym.lean | 6 +- Tactics/Sym/Context.lean | 17 ++--- Tactics/SymBlock.lean | 112 +++++------------------------- 4 files changed, 36 insertions(+), 113 deletions(-) diff --git a/Proofs/SHA512/SHA512BlockSym.lean b/Proofs/SHA512/SHA512BlockSym.lean index bc4c3679..90c190e5 100644 --- a/Proofs/SHA512/SHA512BlockSym.lean +++ b/Proofs/SHA512/SHA512BlockSym.lean @@ -11,13 +11,15 @@ open BitVec namespace SHA512 #time +-- set_option trace.Tactic.sym.info true in +-- set_option trace.Tactic.sym true in set_option pp.maxSteps 100 in -theorem sha512_loop_sym {s sf : ArmState} - (h_program : s.program = program) - (h_pc : r StateField.PC s = 0x126500#64) - (h_err : r StateField.ERR s = StateError.None) - (h_run : sf = run 485 s) : +theorem sha512_loop_sym {s0 sf : ArmState} + (h_program : s0.program = program) + (h_pc : r StateField.PC s0 = 0x126500#64) + (h_err : r StateField.ERR s0 = StateError.None) + (h_run : sf = run 485 s0) : r .ERR sf = .None ∧ - r .PC sf = (if ¬r (StateField.GPR 0x2#5) s - 0x1#64 = 0x0#64 then 0x126500#64 else 0x126c94#64) := by + r .PC sf = (if ¬r (StateField.GPR 0x2#5) s0 - 0x1#64 = 0x0#64 then 0x126500#64 else 0x126c94#64) := by sym_block 485 (block_size := 20) -- ceiling|485/20| blocks done diff --git a/Tactics/Sym.lean b/Tactics/Sym.lean index 2979c155..5e574124 100644 --- a/Tactics/Sym.lean +++ b/Tactics/Sym.lean @@ -166,7 +166,7 @@ def unfoldRun (whileTac : Unit → TacticM Unit) : SymReaderM Unit := do add the relevant hypotheses to the local context, and store an `AxEffects` object with the newly added variables in the monad state -/ -def explodeStep (hStep : Expr) : SymM Unit := +def explodeStep (hStep : Expr) (blockSize : Nat := 1) : SymM Unit := withMainContext' <| withTraceNode m!"explodeStep {hStep}" (tag := "explodeStep") <| do let c ← getThe SymContext @@ -197,7 +197,7 @@ def explodeStep (hStep : Expr) : SymM Unit := if let some subGoal := subGoal? then trace[Tactic.sym] "subgoal got simplified to:\n{subGoal}" - subGoal.setTag (.mkSimple s!"h_{← getNextStateName}_sp_aligned") + subGoal.setTag (.mkSimple s!"h_{← getNextStateName blockSize}_sp_aligned") appendGoals [subGoal] else trace[Tactic.sym] "subgoal got closed by simplification" @@ -210,7 +210,7 @@ def explodeStep (hStep : Expr) : SymM Unit := if ←(getBoolOption `Tactic.sym.debug) then eff.validate - let eff ← eff.addHypothesesToLContext s!"h_{← getNextStateName}_" + let eff ← eff.addHypothesesToLContext s!"h_{← getNextStateName blockSize}_" withMainContext' <| do let simpThms ← eff.toSimpTheorems modifyThe SymContext (·.addSimpTheorems simpThms) diff --git a/Tactics/Sym/Context.lean b/Tactics/Sym/Context.lean index e25f3d57..ced47fe2 100644 --- a/Tactics/Sym/Context.lean +++ b/Tactics/Sym/Context.lean @@ -93,7 +93,7 @@ structure SymContext where to determine the name of the next state variable that is added by `sym` -/ state_prefix : String := "s" /-- `curr_state_number` is incremented each simulation step, - and used together with `curr_state_number` + and used together with `state_prefix` to determine the name of the next state variable that is added by `sym` -/ currentStateNumber : Nat := 0 @@ -183,9 +183,9 @@ def getHRunName : m Name := do return (← read).h_run NOTE: `getNextStateName` does not increment the state, so consecutive calls will give the same name. Calling `prepareForNextStep` will increment the state. -/ -def getNextStateName : m Name := do +def getNextStateName (blockSize : Nat := 1) : m Name := do let c ← read - return Name.mkSimple s!"{c.state_prefix}{c.currentStateNumber + 1}" + return Name.mkSimple s!"{c.state_prefix}{c.currentStateNumber + blockSize}" end MonadicGetters @@ -462,18 +462,19 @@ evaluation: * `runSteps?`, if specified, is decremented, * the `currentStateNumber` is incremented -/ -def prepareForNextStep : SymM Unit := do - withInfoTraceNode "prepareForNextStep" (tag := "prepareForNextStep") <| do +def prepareForNextStep (blockSize : Nat := 1) : SymM Unit := do + withInfoTraceNode "prepareForNextStep'" (tag := "prepareForNextStep'") <| do let pc ← do let { value, ..} ← AxEffects.getFieldM .PC try reflectBitVecLiteral 64 value catch err => - trace[Tactic.sym] "failed to reflect PC: {err.toMessageData}" + trace[Tactic.sym.info] "failed to reflect PC: {err.toMessageData}" pure <| (← getThe SymContext).pc + 4 modifyThe SymContext (fun c => { c with pc - runSteps? := (· - 1) <$> c.runSteps? - currentStateNumber := c.currentStateNumber + 1 + runSteps? := (· - blockSize) <$> c.runSteps? + currentStateNumber := c.currentStateNumber + blockSize }) + trace[Tactic.sym] "New currentStateNumber:\n {← getCurrentStateNumber}" diff --git a/Tactics/SymBlock.lean b/Tactics/SymBlock.lean index db5b6af7..978ac06d 100644 --- a/Tactics/SymBlock.lean +++ b/Tactics/SymBlock.lean @@ -62,22 +62,6 @@ def blockiTac (blockiEq : Expr) (hBlock : Name) : SymReaderM Unit := fun ctx => end blockiTac -def prepareForNextStep' (n : Nat) : SymM Unit := do - withInfoTraceNode "prepareForNextStep'" (tag := "prepareForNextStep'") <| do - let pc ← do - let { value, ..} ← AxEffects.getFieldM .PC - try - reflectBitVecLiteral 64 value - catch err => - trace[Tactic.sym] "failed to reflect PC: {err.toMessageData}" - pure <| (← getThe SymContext).pc + 4 - - modifyThe SymContext (fun c => { c with - pc - runSteps? := (· - n) <$> c.runSteps? - currentStateNumber := c.currentStateNumber + n - }) - /-- Symbolically simulate a single step, according the the symbolic simulation context `c`, returning the context for the next step in simulation. -/ @@ -91,17 +75,17 @@ def sym_block1 (blockSize stepsLeft : Nat) : SymM Unit := do withMainContext' do withInfoTraceNode "verbose context" (tag := "infoDump") <| do traceSymContext - trace[Tactic.sym] "Goal state:\n {← getMainGoal}" + trace[Tactic.sym.info] "Goal state:\n {← getMainGoal}" let blocki_eq := Lean.mkIdent (.mkSimple s!"blocki_{← getCurrentStateName}") - let h_block := Lean.mkIdent (.mkSimple s!"h_block_{stateNumber + blockSize - 1}") + let h_block := Lean.mkIdent (.mkSimple s!"h_block_{stateNumber + blockSize}") -- unfoldRun (fun _ => evalTacticAndTrace whileTac) -- Add new state to local context withTraceNode "initNextBlock" (tag := "initNextBlock") <| do let hRunId := mkIdent <|← getHRunName - let nextStateId := mkIdent <|← getNextStateName + let nextStateId := mkIdent <|← getNextStateName blockSize let block_size : TSyntax `num := quote blockSize let steps_left : TSyntax `num := quote stepsLeft evalTacticAndTrace <|← `(tactic| @@ -131,7 +115,7 @@ def sym_block1 (blockSize stepsLeft : Nat) : SymM Unit := do | throwError "internal error: simp closed goal unexpectedly" replaceMainGoal [goal] else - trace[Tactic.sym] "we have no relevant local hypotheses, \ + trace[Tactic.sym.info] "we have no relevant local hypotheses, \ skipping simplification step" -- Prepare `h_program`,`h_err`,`h_pc`, etc. for next state @@ -139,18 +123,19 @@ def sym_block1 (blockSize stepsLeft : Nat) : SymM Unit := do let hBlock ← SymContext.findFromUserName h_block.getId -- ^^ we can't reuse `hBlock` from before, since its fvarId might've been -- changed by `simp` - explodeStep hBlock.toExpr - prepareForNextStep' blockSize + explodeStep hBlock.toExpr blockSize + prepareForNextStep blockSize let goal ← getMainGoal let goal ← goal.clear hBlock.fvarId replaceMainGoal [goal] - + trace[Tactic.sym.info] "CurrentStateNumber: {← getCurrentStateNumber}" + trace[Tactic.sym.info] "CurrentState: {← getCurrentState}" + trace[Tactic.sym.info] "CurrentStateName: {← getCurrentStateName}" traceHeartbeats syntax sym_block_size := "(" "block_size" " := " num ")" -/- open Elab.Term (elabTerm) in elab "sym_block" n:num block_size:(sym_block_size)? s:(sym_at)? : tactic => do traceHeartbeats "initial heartbeats" @@ -158,82 +143,15 @@ elab "sym_block" n:num block_size:(sym_block_size)? s:(sym_at)? : tactic => do let s ← s.mapM fun | `(sym_at|at $s:ident) => pure s.getId | _ => Lean.Elab.throwUnsupportedSyntax - let block_size ← block_size.mapM fun + let block_size ← block_size.mapM (fun | `(sym_block_size|(block_size := $val)) => pure val.getNat | _ => -- If no block size is specified, we step one instruction at a time. - pure 1 - - let c ← SymContext.fromMainContext s - let total_steps := c.runSteps?.get! + pure 1) let block_size := block_size.get! - -- let steps_to_simulate := n.getNat - -- let num_blocks := steps_to_simulate / block_size - -- let block_list := List.replicate num_blocks block_size - -- let block_list := if num_blocks * block_size = steps_to_simulate - -- then block_list - -- else block_list ++ [steps_to_simulate % block_size] - - SymM.run' c <| withMainContext' <| do - -- Check pre-conditions - - withMainContext' <| do - -- The main loop - for i in List.range' (step := block_size) 0 n.getNat do - let steps_left := (total_steps - block_size - i) - sym_block1 block_size steps_left - - traceHeartbeats "symbolic simulation total" - withCurrHeartbeats <| - withTraceNode "Post processing" (tag := "postProccessing") <| do - let c ← getThe SymContext - -- Check if we can substitute the final state - if c.runSteps? = some 0 then - let msg := do - let hRun ← userNameToMessageData c.h_run - pure m!"runSteps := 0, substituting along {hRun}" - withMainContext' <| - withTraceNode `Tactic.sym (fun _ => msg) <| do - let sfEq ← mkEq (← getCurrentState) c.finalState - - let goal ← getMainGoal - trace[Tactic.sym] "original goal:\n{goal}" - let ⟨hEqId, goal⟩ ← do - let hRun ← SymContext.findFromUserName c.h_run - goal.note `this (← mkEqSymm hRun.toExpr) sfEq - goal.withContext <| do - trace[Tactic.sym] "added {← userNameToMessageData `this} of type \ - {sfEq} in:\n{goal}" - - let goal ← subst goal hEqId - trace[Tactic.sym] "performed subsitutition in:\n{goal}" - replaceMainGoal [goal] - - -- Rudimentary aggregation: we feed all the axiomatic effect hypotheses - -- added while symbolically evaluating to `simp` - withMainContext' <| - withTraceNode m!"aggregating (non-)effects" (tag := "aggregateEffects") <| do - let goal? ← LNSymSimp (← getMainGoal) c.aggregateSimpCtx c.aggregateSimprocs - replaceMainGoal goal?.toList - - traceHeartbeats "aggregation" --/ - -open Elab.Term (elabTerm) in -elab "sym_block" n:num block_size:(sym_block_size)? s:(sym_at)? : tactic => do - traceHeartbeats "initial heartbeats" - - let s ← s.mapM fun - | `(sym_at|at $s:ident) => pure s.getId - | _ => Lean.Elab.throwUnsupportedSyntax - let block_size ← block_size.mapM fun - | `(sym_block_size|(block_size := $val)) => pure val.getNat - | _ => -- If no block size is specified, we step one instruction at a time. - pure 1 let c ← SymContext.fromMainContext s -- TODO: Is this `get!` safe? let total_steps := c.runSteps?.get! - let block_size := block_size.get! -- The number of instructions, not blocks, the user asked to simulate. let sim_steps := n.getNat -- We compute the number of blocks to be simulated using a ceiling divide. @@ -243,6 +161,8 @@ elab "sym_block" n:num block_size:(sym_block_size)? s:(sym_at)? : tactic => do SymM.run' c <| withMainContext' <| do -- Check pre-conditions -- TODO + -- assertStepTheoremsGenerated + -- let n ← ensureAtMostRunSteps n.getNat withMainContext' <| do -- The main loop @@ -265,16 +185,16 @@ elab "sym_block" n:num block_size:(sym_block_size)? s:(sym_at)? : tactic => do let sfEq ← mkEq (← getCurrentState) c.finalState let goal ← getMainGoal - trace[Tactic.sym] "original goal:\n{goal}" + trace[Tactic.sym.info] "original goal:\n{goal}" let ⟨hEqId, goal⟩ ← do let hRun ← SymContext.findFromUserName c.h_run goal.note `this (← mkEqSymm hRun.toExpr) sfEq goal.withContext <| do - trace[Tactic.sym] "added {← userNameToMessageData `this} of type \ + trace[Tactic.sym.info] "added {← userNameToMessageData `this} of type \ {sfEq} in:\n{goal}" let goal ← subst goal hEqId - trace[Tactic.sym] "performed subsitutition in:\n{goal}" + trace[Tactic.sym.info] "performed subsitutition in:\n{goal}" replaceMainGoal [goal] -- Rudimentary aggregation: we feed all the axiomatic effect hypotheses From d4429bbfa9b7137c0b484ff609fafc9f8a6f2c51 Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Tue, 5 Nov 2024 12:56:55 -0600 Subject: [PATCH 15/20] prune_updates ready for GPR writes --- Arm/State.lean | 22 + Tactics/ArmConstr.lean | 1112 +++++----------------------------- Tactics/ArmConstrToExpr.lean | 347 +++++++++++ 3 files changed, 521 insertions(+), 960 deletions(-) create mode 100644 Tactics/ArmConstrToExpr.lean diff --git a/Arm/State.lean b/Arm/State.lean index 4f264183..11cb8b00 100644 --- a/Arm/State.lean +++ b/Arm/State.lean @@ -55,6 +55,15 @@ theorem store_write_irrelevant [DecidableEq α] unfold write_store read_store simp +@[local simp] +theorem write_store_commute [DecidableEq α] (store : Store α β) + (h : i ≠ j) : + write_store i x (write_store j y store) = + write_store j y (write_store i x store) := by + apply funext; intro idx + simp [write_store] + split <;> simp_all + instance [Repr β]: Repr (Store (BitVec n) β) where reprPrec store _ := let rec helper (a : Nat) (acc : Lean.Format) := @@ -451,6 +460,19 @@ theorem w_irrelevant : w fld (r fld s) s = s := by unfold read_base_error write_base_error repeat (split <;> simp_all) +theorem w_of_w_commute (h : fld1 ≠ fld2) : + w fld1 v1 (w fld2 v2 s) = w fld2 v2 (w fld1 v1 s) := by + unfold w + unfold write_base_gpr + unfold write_base_sfp + unfold write_base_pc + unfold write_base_flag + unfold write_base_error + split <;> split <;> (simp_all; try rwa [write_store_commute]) + rename_i fld1 t1 i1 v1 fld2 t2 i2 v2 + cases i1 <;> (cases i2 <;> (split <;> simp_all)) + done + @[state_simp_rules] theorem fetch_inst_of_w : fetch_inst addr (w fld val s) = fetch_inst addr s := by unfold fetch_inst w diff --git a/Tactics/ArmConstr.lean b/Tactics/ArmConstr.lean index e4dc89e7..e2766a28 100644 --- a/Tactics/ArmConstr.lean +++ b/Tactics/ArmConstr.lean @@ -7,10 +7,18 @@ Author(s): Shilpi Goel /- Experimental method to aggregate state effects using reflection. -In LNSym, we already have a language that describes reads from and writes to the -`ArmState` using functions `r` and `w` respectively (we ignore memory reads and -writes at this point). We reflect precisely these two functions, as well as arbitrary -bitvector expressions for register updates to the `ArmState`. +In LNSym, we already have a language that describes writes to the `ArmState` +using functions `w` and `Memory.write_bytes`. However, these writes can shadow +others, which causes the nest of writes to grow large. We reflect `w` and +`Memory.write_bytes` to get a pruned nest of writes. As a simple example, +consider the following nest of writes: +``` +s1 = w .PC pc (w (.GPR 0) x0 (w .PC pc' (w (.GPR 0) x0' s0))) +``` +We would like to prune this to the equivalent term below: +``` +s1 = w .PC pc (w (.GPR 0) x0 s0) +``` This is inspired by `simp_arith`, especially the following files: @@ -27,16 +35,10 @@ namespace ArmConstr /- We use `Nat`s to refer to all the state variables in our context. -/ abbrev StateVar := Nat -/-- A `GPRVal` can either be a variable or a read from the previous state. - - This is very barebones right now -- for instance, we'd need to support - `BitVec` operators here. --/ +/-- A `GPRVal` is simply a variable. -/ inductive GPRVal where -- A variable in the context. | var (i : Nat) - -- A read from a previous state. - | r_gpr (i : BitVec 5) deriving DecidableEq, Repr, Inhabited abbrev StateContext := List ArmState @@ -60,19 +62,16 @@ def StateVar.denote (ctx : StateContext) (v : StateVar) : ArmState := /-- Denote `GPRVal v` over `ArmState prev_s`. That is, if `v` is a variable then -look it up in the `GPRValContext`. Else if `v` is `r_gpr i`, then look up the -`i`th register in `prev_s`. +look it up in the `GPRValContext`. -/ -def GPRVal.denote (ctx : GPRValContext) (v : GPRVal) (prev_s : ArmState) : BitVec 64 := +def GPRVal.denote (ctx : GPRValContext) (v : GPRVal) : BitVec 64 := match v with | var i => ctx.getD i 0 - | r_gpr i => r (.GPR i) prev_s @[local simp] theorem GPRVal.denote_of_var : - GPRVal.denote ctx (GPRVal.var v) s = ctx.getD v 0 := by + GPRVal.denote ctx (GPRVal.var v) = ctx.getD v 0 := by simp [GPRVal.denote] - done /-- Datastructure that characterizes all the updates that can be made to an @@ -84,6 +83,10 @@ inductive Update where -- TODO: Other state components. deriving DecidableEq, Repr, Inhabited +def Update.field (u : Update) : BitVec 5 := + match u with + | w_gpr i _ => i + abbrev Updates := List Update /-- @@ -139,7 +142,7 @@ def Expr.denote_writes (ctx : Context) (us : Updates) (prev_state : StateVar) | [] => StateVar.denote ctx.state prev_state | Update.w_gpr i v :: rest => w (.GPR i) - (GPRVal.denote ctx.gpr v (StateVar.denote ctx.state prev_state)) + (GPRVal.denote ctx.gpr v) (Expr.denote_writes ctx rest prev_state) @[local simp] @@ -150,7 +153,7 @@ theorem denote_writes_empty : @[local simp] theorem denote_writes_cons : Expr.denote_writes ctx (e :: us) prev_state = - w (StateField.GPR e.1) (GPRVal.denote ctx.gpr e.2 (StateVar.denote ctx.state prev_state)) + w (StateField.GPR e.1) (GPRVal.denote ctx.gpr e.2) (Expr.denote_writes ctx us prev_state) := by simp only [Expr.denote_writes] @@ -165,17 +168,6 @@ theorem denote_statevar_eq_denote_writes_eq simp_all only done --- TODO: Generalize and move to Arm/State. -theorem w_of_w_gpr_commute (i j : BitVec 5) - (h : i ≠ j) : - w (StateField.GPR i) v1 (w (StateField.GPR j) v2 s) = - w (StateField.GPR j) v2 (w (StateField.GPR i) v1 s) := by - simp_all [w, write_base_gpr, Update.regIndexLe] - unfold write_store - ext i - (repeat (split <;> simp_all!)) - done - private theorem denote_writes_sorted_helper (h : ∀ (b : Update), b ∈ l1 → (!head.regIndexLe b) = true) : Expr.denote_writes ctx (l1 ++ head :: l2) s = @@ -192,7 +184,7 @@ private theorem denote_writes_sorted_helper simp [denote_writes_cons] rw [ih] simp only [List.cons_append, denote_writes_cons] - · rw [w_of_w_gpr_commute] + · rw [w_of_w_commute] simp_all [Update.regIndexLe] apply BitVec.ne_of_lt simp_all @@ -207,7 +199,7 @@ Sorting `Updates xs` using `Update.regIndexLe` is immaterial to their denotation over `StateVar s`. This is because sorting preserves the order of shadowed updates in `xs`, which means that the most recent one appears first in the sorted list (see `w_of_w_shadow`); changing the order of independent updates -does not affect the semantics (see, e.g., `w_of_w_gpr_commute`). +does not affect the semantics (see, e.g., `w_of_w_commute`). -/ @[local simp] theorem denote_writes_sorted : @@ -261,967 +253,167 @@ def Exprs.denote (ctx : Context) (es : Exprs) : Prop := def Expr.default : Expr := { prev_state := 0, curr_state := 0, writes := [] } -/-- -Insert `u`, which comes after `es`, at an appropriate safe point in `es`. - -Note that `u` only changes `es` only if the former shadows some update in the -latter. Independent updates are unaffected. --/ -def Update.insertSorted (es : Updates) (u : Update) : Updates := - match es with - | [] => [u] - | e :: rest => - if u.regEq e then - -- We overwrite `e` with `u`. - u :: rest - else if u.regIndexLe e then - -- `u` does not appear in `es` (given that `es` is - -- sorted). We order `u` before `e` to retain this update. - u :: es - else - e :: (insertSorted rest u) - -/-- -Resolve any reads in `u` by looking it up in `es`. Note that `es` is expected to -be sorted. --/ -def Update.resolveRead (es : Updates) (u : Update) : Update := - match u with - | .w_gpr _ (.var _) => u - | .w_gpr i (.r_gpr gpr_idx) => - let ans := go gpr_idx es - .w_gpr i ans - where go (gpr_idx : BitVec 5) (es : Updates) : GPRVal := - match es with - | [] => .r_gpr gpr_idx - | (.w_gpr i v) :: rest => - if i == gpr_idx then v else go gpr_idx rest - -@[local simp] -theorem Update.resolveRead_w_gpr : - Update.resolveRead es (.w_gpr i (.var v)) = (.w_gpr i (.var v)) := by - simp [Update.resolveRead] - done - -@[local simp] -theorem Update.resolveRead_empty_1 : - Update.resolveRead [] u = u := by - simp [Update.resolveRead] - split <;> rfl - -@[local simp] -theorem Update.resolveRead_index_unchanged (w : Updates) : - (Update.resolveRead w u).1 = u.1 := by - simp [Update.resolveRead] - split <;> simp only - done - -/-- -Resolve any reads in each of `us` by looking them up in `es`, which is expected -to be sorted. --/ -def Update.resolveReads (es us : Updates) : Updates := - us.map (Update.resolveRead es) - -@[local simp] -theorem Update.resolveReads_cons_w_gpr : - Update.resolveReads es (Update.w_gpr i (GPRVal.var idx) :: tail) = - Update.w_gpr i (GPRVal.var idx) :: (Update.resolveReads es tail) := by - simp [Update.resolveReads, Update.resolveRead] - -@[local simp] -theorem Update.resolveReads_empty_1 : - Update.resolveReads [] us = us := by - simp [Update.resolveReads] - apply List.map_id''; intro i - apply Update.resolveRead_empty_1 - done - -@[local simp] -theorem Update.resolvedReads_empty_2 : - Update.resolveReads es [] = [] := by - simp only [resolveReads, List.map_nil] - -@[local simp] -theorem Update.resolveRead_empty_1_fn_is_id : - (Update.resolveRead []) = id := by - ext - simp [resolveRead] - split <;> simp_all [resolveRead.go] - done - -@[local simp] -theorem map_resolveRead_empty_1 : - (List.map (Update.resolveRead []) us) = us := by - simp [Update.resolveRead_empty_1_fn_is_id] - done - --- If a write shadows another, then `List.mergeSort` with `Update.regIndexLe` --- will preserve the order of the writes. open Expr Update in /-- -info: [ArmConstr.Update.w_gpr 0x01#5 (ArmConstr.GPRVal.var 1), -ArmConstr.Update.w_gpr 0x01#5 (ArmConstr.GPRVal.var 2)] +info: true -/ #guard_msgs in -#eval List.mergeSort [.w_gpr 1#5 (.var 1), .w_gpr 1#5 (.var 2)] Update.regIndexLe +#eval List.mergeSort [.w_gpr 1#5 (.var 1), .w_gpr 1#5 (.var 2)] Update.regIndexLe = + -- If a write shadows another, then `List.mergeSort` with `Update.regIndexLe` + -- will preserve the order of the writes. + [.w_gpr 1#5 (.var 1), .w_gpr 1#5 (.var 2)] /-- -Aggregate `e` and `u`, assuming `u` follows `e`. --/ -def Expr.aggregate1 (e u : Expr) : Expr := - if e.curr_state == u.prev_state then - let e_sorted_writes := List.mergeSort e.writes Update.regIndexLe - let u_resolved_writes := Update.resolveReads e_sorted_writes u.writes - { prev_state := e.prev_state, - curr_state := u.curr_state, - -- In principle, we can simply append `u_resolved_writes` to - -- `e_sorted_writes`. However, it is prudent to weed out shadowed updates - -- to keep the size of the update nest in check. - writes := go e_sorted_writes u_resolved_writes } - else - -- We cannot aggregate two non-consecutive states, so we return the original - -- Expr here. - -- TODO: We should probably throw an error here. - e - where go (es us : Updates) : Updates := - match es, us with - | [], us => us - | es, [] => es - | es, u :: rest_us => - Update.insertSorted (go es rest_us) u - -@[local simp] -theorem Expr.aggregate1.go_empty_1 : - Expr.aggregate1.go [] us = us := by - simp [Expr.aggregate1.go] +Erase repeated adjacent elements. Keeps the first occurrence of each run. -@[local simp] -theorem Expr.aggregate1.go_empty_2 : - Expr.aggregate1.go es [] = es := by - unfold Expr.aggregate1.go - split <;> simp_all - done - -/-- -info: { curr_state := 2, - prev_state := 0, - writes := [ArmConstr.Update.w_gpr 0x00#5 (ArmConstr.GPRVal.var 1), - ArmConstr.Update.w_gpr 0x01#5 (ArmConstr.GPRVal.var 1), - ArmConstr.Update.w_gpr 0x02#5 (ArmConstr.GPRVal.var 3)] } +Non tail-recursive version. -/ -#guard_msgs in -open Expr Update in -#eval Expr.aggregate1 - { prev_state := 0, - curr_state := 1, - writes := [w_gpr 0#5 (.var 1), w_gpr 1#5 (.var 3)] } - { prev_state := 1, - curr_state := 2, - writes := [w_gpr 2#5 (.r_gpr 1), w_gpr 1#5 (.var 1)] } +def Expr.eraseReps (us : Updates) : Updates := + match us with + | [] => [] + | [x] => [x] + | x :: y :: rest => + match x.field == y.field with + | true => x :: eraseReps rest + | false => x :: eraseReps (y :: rest) -/-- -Aggregate `es` onto `init`. -Earlier updates appear first in `es`, and `es` follow `init`. --/ -def Expr.aggregate (init : Expr) (es : Exprs) : Expr := - match es with - | [] => init - | e :: rest => aggregate (aggregate1 init e) rest +@[local simp] +theorem denote_writes_eraseReps : + Expr.denote_writes ctx (Expr.eraseReps xs) s = + Expr.denote_writes ctx xs s := by + induction xs using Expr.eraseReps.induct + case case1 => + simp_all [Expr.eraseReps] + case case2 => + rename_i x + simp [Expr.eraseReps] + case case3 => + rename_i x y rest h_eq ih + simp [Expr.eraseReps, h_eq] + simp [Update.field] at h_eq + rw [h_eq, w_of_w_shadow] + simp_all + case case4 => + rename_i x y rest h_eq ih + simp [Expr.eraseReps, h_eq] + simp [Update.field] at h_eq + simp_all + done -open Expr Update in +def Expr.eraseAdjReps.loop (u : Update) (us rs : Updates) : Updates := +match u, us, rs with +| a, [], rs => (a::rs).reverse +| a, a'::as, rs => + match a.field == a'.field with + | true => loop a as rs + | false => loop a' as (a::rs) /-- -info: { curr_state := 2, - prev_state := 0, - writes := [ArmConstr.Update.w_gpr 0x01#5 (ArmConstr.GPRVal.var 1), - ArmConstr.Update.w_gpr 0x02#5 (ArmConstr.GPRVal.var 2), - ArmConstr.Update.w_gpr 0x03#5 (ArmConstr.GPRVal.var 3)] } +Tail-recursive version of `Expr.eraseReps`. -/ -#guard_msgs in -#eval Expr.aggregate - Expr.default - [ - { prev_state := 0, - curr_state := 1, - writes := [w_gpr 1#5 (.var 1), - w_gpr 3#5 (.var 3)] }, - { prev_state := 1, - curr_state := 2, - writes := [w_gpr 1#5 (.var 1), - w_gpr 2#5 (.var 2)] } - ] - -/-- Does aggregating `updates` over `init` yield `final`? -/ -def Expr.isAggregated (init : Expr) (updates : Exprs) (final : Expr) : Bool := - final == aggregate init updates +def Expr.eraseAdjReps (us : Updates) : Updates := + match us with + | [] => [] + | a::as => Expr.eraseAdjReps.loop a as [] -/-- -If `next.writes` is empty, then -``` -next.curr_state = sorted(init.writes(init.prev_state)) -``` --/ -theorem Expr.denote_when_next_writes_empty - (h_init : denote ctx init) - (h_next : denote ctx next) - (h_init_curr_next_prev : init.curr_state = next.prev_state) - (h_next_writes_empty : next.writes = []) : - denote ctx - { curr_state := next.curr_state, prev_state := init.prev_state, - writes := List.mergeSort init.writes Update.regIndexLe } := by - simp only [denote] at * - simp [h_next_writes_empty] at h_next - rw [h_next, ←h_init_curr_next_prev, h_init, denote_writes_sorted] - done +@[local simp] +theorem Expr.eraseAdjReps_empty : + eraseAdjReps [] = [] := by + simp [eraseAdjReps] -/-- -Using `Update.insertSorted es u` is equivalent to inserting `u` at the beginning -of `es`, vis-a-vis denotation. This is because `Update.insertSorted` only -modifies an `Update` in `es` if `u` shadows it. --/ @[local simp] -theorem denote_writes_insertSorted : - Expr.denote_writes ctx (Update.insertSorted es u) s = - Expr.denote_writes ctx (u :: es) s := by - induction es - case nil => - simp [Update.insertSorted] - case cons => - rename_i head tail ih - simp [Update.insertSorted] - split - case isTrue => - rename_i h_u_head_eq - simp only [denote_writes_cons] - simp_all only [Update.regEq] - rw [h_u_head_eq, w_of_w_shadow] - case isFalse => - rename_i h_u_head_neq - simp_all only [Update.regEq] - split - · simp only [denote_writes_cons] - · simp only [denote_writes_cons] - rw [ih] - simp only [denote_writes_cons] - rw [w_of_w_gpr_commute] - exact fun a => h_u_head_neq (id (Eq.symm a)) +theorem Expr.eraseAdjReps_one : + eraseAdjReps [a] = [a] := by + simp [eraseAdjReps] + unfold eraseAdjReps.loop; simp + +private theorem Expr.eraseAdjReps.loop_eq : + Expr.eraseAdjReps.loop x (u :: us) rs = + if x.field == u.field then Expr.eraseAdjReps.loop x us rs + else Expr.eraseAdjReps.loop u us (x :: rs) := by + simp [loop] + split + · rename_i h_eq + simp_all [Update.field] + · rename_i h_eq + simp_all [Update.field] done -/-- -Resolving `Update u` w.r.t. `writes` and then denoting it over `StateVar s0` -is equivalent to denoting the _unresolved_ `u` w.r.t. `writes` denoted over -`s0`. --/ -theorem GPRVal.denote_resolveRead (ctx : Context) : - GPRVal.denote ctx.gpr (Update.resolveRead writes u).2 (StateVar.denote ctx.state s0) = - GPRVal.denote ctx.gpr u.2 (Expr.denote_writes ctx writes s0) := by - induction writes generalizing u - case nil => - simp only [denote_writes_empty, Update.resolveRead_empty_1] +private theorem Expr.eraseAdjReps.loop_append : + Expr.eraseAdjReps.loop x xs (acc2 ++ acc1) = + acc1.reverse ++ (Expr.eraseAdjReps.loop x xs acc2) := by + induction xs generalizing x acc1 acc2 + case nil => simp [Expr.eraseAdjReps.loop] case cons => rename_i head tail ih - simp only [denote_writes_cons] - simp [Update.resolveRead] + simp [Expr.eraseAdjReps.loop] split - case h_1 => - rename_i u' idx var - simp [GPRVal.denote_of_var] - case h_2 => - rename_i u' i' gpr_idx - simp [Update.resolveRead.go] - split - case isTrue => - rename_i h_eq - subst gpr_idx - simp [GPRVal.denote, r_of_w_same] - case isFalse => - rename_i h_neq - conv => rhs; simp [GPRVal.denote] - rw [r_of_w_different (by simp_all; exact fun a => h_neq (id (Eq.symm a)))] - have ih' := @ih (.w_gpr gpr_idx (GPRVal.r_gpr gpr_idx)) - simp [Update.resolveRead] at ih' - rw [ih'] - simp [GPRVal.denote] - done - -/-- -`Expr.aggregate1` aggregates `first` and `second` correctly, allowing -us to express `second.curr_state` in terms of `first.prev_state`. That is: -``` -if first.curr_state = first.writes[first.prev_state] and - second.curr_state = second.writes[second.prev_state] then - second.curr_state = resolveReads(second.writes, first.writes)[first.prev_state] -``` --/ -theorem Expr.denote_aggregate1 - (h1 : Expr.denote ctx first) - (h2 : Expr.denote ctx second) : - Expr.denote ctx (aggregate1 first second) := by - simp [aggregate1] - by_cases h₀ : first.curr_state = second.prev_state - case neg => -- h0 : first.curr_state ≠ second.prev_state - simp_all only [minimal_theory] - case pos => -- first.curr_state = second.prev_state - simp_all [denote] - rw [←h₀] at h1 h2 ⊢ - generalize first.prev_state = s0 at * - generalize first.curr_state = s1 at * - generalize first.writes = writes1 at * - generalize second.writes = writes2 at * - clear h₀ h2 first second - induction writes2 generalizing s0 s1 writes1 - case nil => - simp_all - rw [Update.resolvedReads_empty_2] - unfold aggregate1.go - split - · have : writes1 = [] := by - have := @List.length_mergeSort Update Update.regIndexLe writes1 - simp_all only [List.length_nil] - exact List.length_eq_zero.mp (id (Eq.symm this)) - simp_all only [denote_writes_empty] - · simp [denote_writes_sorted] - · simp_all - case cons => - rename_i u us ih - simp [denote_writes_cons] - simp [Update.resolveReads] - conv => rhs; unfold aggregate1.go - split - case h_1 => - have : writes1 = [] := by - have := @List.length_mergeSort Update Update.regIndexLe writes1 - simp_all only [List.length_nil] - exact List.length_eq_zero.mp (id (Eq.symm this)) - simp_all [Update.resolveRead_empty_1] - rw [ih s0 s1 [] h1] - simp [Expr.aggregate1.go_empty_1, Update.resolveReads_empty_1, map_resolveRead_empty_1] - case h_2 => contradiction - case h_3 => - rename_i es' us' u' rest_us' h_eq h_nonempty - have h_u' : u' = Update.resolveRead (List.mergeSort writes1 Update.regIndexLe) u := by - simp_all - have h_rest_us' : rest_us' = List.map (Update.resolveRead (List.mergeSort writes1 Update.regIndexLe)) us := by - simp_all - subst u' rest_us' - clear h_eq - rw [denote_writes_insertSorted] - simp [denote_writes_cons] - rw [Update.resolveRead_index_unchanged] - simp [Update.resolveReads] at ih - rw [←ih s0 s1 writes1 h1] - rw [GPRVal.denote_resolveRead] - rw [denote_writes_sorted, h1] - done - -/-- -If `Expr.isAggregated` computes that aggregating `updates` over `init` yields -`final`, then it accurately represents `ArmState` aggregation in logic. + · rename_i h_eq + simp [Update.field] at h_eq + rw [ih] + · rename_i h_neq + simp [Update.field] at h_neq + have : (x :: (acc2 ++ acc1)) = x :: acc2 ++ acc1 := by + simp only [List.cons_append] + rw [this, ih] + done + +-- #check Expr.eraseReps.induct +-- #check Expr.eraseAdjReps.loop.induct +/- +theorem Expr.eraseReps_and_eraseAdjReps.loop : + acc.reverse ++ eraseReps (x :: xs) = eraseAdjReps.loop x xs acc := by + induction x, xs, acc using eraseAdjReps.loop.induct + case case1 => simp [eraseAdjReps.loop, eraseReps] + case case2 => + rename_i a a' as rs h_eq ih + simp [eraseReps, eraseAdjReps.loop, h_eq] + sorry + repeat sorry -/ -theorem Expr.eq_true_of_denote (ctx : Context) (init final : Expr) (updates : Exprs) : - (Expr.isAggregated init updates final) → - Expr.denote ctx init ∧ Exprs.denote ctx updates → (Expr.denote ctx final) := by - induction updates generalizing init - case nil => - simp only [isAggregated, aggregate, beq_iff_eq, Exprs.denote, and_true] - intro i; simp_all only [minimal_theory] - case cons => - rename_i head tail h_ind - simp [isAggregated] at * - simp [aggregate, Exprs.denote] - intros h_final h_init h_head h_tail - have h_aggr1 := @Expr.denote_aggregate1 ctx init head h_init h_head - have h_ind' := h_ind (init.aggregate1 head) h_final h_aggr1 h_tail - exact h_ind' - done - -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- - --- Litmus Tests - -open Expr Update in -example : Expr.isAggregated - { curr_state := 0, prev_state := 0, writes := [] } - [{ curr_state := 1, prev_state := 0, writes := [w_gpr (0#5) (GPRVal.var 0), w_gpr (1#5) (GPRVal.var 1)] }, - { curr_state := 2, prev_state := 1, writes := [w_gpr (0#5) (GPRVal.var 0), w_gpr (1#5) (GPRVal.var 1)] }] - { curr_state := 2, prev_state := 0, writes := [w_gpr (0#5) (GPRVal.var 0), w_gpr (1#5) (GPRVal.var 1)] } := by - -- List.mergeSort, using in Expr.aggregate1, is irreducible, which - -- causes reduction to get stuck. We use `with_unfolding_all` below to - -- workaround that problem. We can also use `native_decide` here. - with_unfolding_all decide - -#time -open Expr Update in -theorem completely_shadowed_updates - (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s0)) - (h_s2 : s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s1)) : - /- - (NOTE) Replacing the RHS with `xxxx` gives the following type mismatch, which - can help in doing ACL2-style wormhole abstraction. - type mismatch - this (Eq.refl s0) h_s1 h_s2 - has type - denote { state := [s0, s1, s2], gpr := [x0, x1] } - { prev_state := 0, curr_state := 2, writes := [w_gpr (0#5) 0, w_gpr (1#5) 1] } : Prop - but is expected to have type - s2 = xxxx : Prop - -/ - s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s0) := by - have := (Expr.eq_true_of_denote { state := [s0, s1, s2], - gpr := [x0, x1] } - -- init - { prev_state := 0, curr_state := 0, writes := []} - -- final - { prev_state := 0, curr_state := 2, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] } - -- updates - [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, - { prev_state := 1, curr_state := 2, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] } ] - (by native_decide)) - simp only [Exprs.denote, List.foldl, true_and, and_true, and_imp] at this - exact this (Eq.refl s0) h_s1 h_s2 - done - -/-- -info: 'ArmConstr.completely_shadowed_updates' depends on axioms: [propext, -Classical.choice, Lean.ofReduceBool, Quot.sound] --/ -#guard_msgs in #print axioms completely_shadowed_updates +def Expr.prune (e : Expr) : Expr := + let e_nodups := eraseReps $ List.mergeSort e.writes Update.regIndexLe + { e with writes := e_nodups } open Expr Update in -theorem partially_shadowed_and_new_updates - (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) - /- - (NOTE) No - (NOTE) if any instructions updates are not sorted, as is the case in `h_s2` - below, then we run into a problem because the writes in `Expr` are sorted. - `(h_s2 : s2 = w (.GPR 3#5) x3 (w (.GPR 1#5) x1 s1))` - `{ prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 2, w_gpr 3#5 3] }` - This means that - `exact this (Eq.refl s0) h_s1 h_s2` - will result in a type mismatch. - - Therefore, for convenience, we ought to enforce that instruction updates like - `h_s2` are sorted in the preprocessing step. - -/ - -- (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) x3 s1)) : - (h_s2 : s2 = w (.GPR 3#5) x3 (w (.GPR 1#5) x1 s1)) : - s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) x3 s0)) := by - have := (Expr.eq_true_of_denote { state := [s0, s1, s2], - gpr := [x0, old_x1, x1, x3] } - -- init - { prev_state := 0, curr_state := 0, writes := []} - -- final - { prev_state := 0, curr_state := 2, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 2), w_gpr 3#5 (.var 3)] } - -- updates - [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, - { prev_state := 1, curr_state := 2, writes := [w_gpr 3#5 (.var 3), w_gpr 1#5 (.var 2)] } ] - (by native_decide)) - simp only [Exprs.denote, List.foldl_cons, and_true, true_and, List.foldl_nil, and_imp] at this - exact this (Eq.refl s0) h_s1 h_s2 - done - /-- -info: true +info: { curr_state := 1, prev_state := 0, writes := [ArmConstr.Update.w_gpr 0x00#5 (ArmConstr.GPRVal.var 0)] } -/ #guard_msgs in -#eval - Expr.isAggregated - -- init - { curr_state := 0, prev_state := 0, writes := [] } - -- updates - [{ curr_state := 1, prev_state := 0, writes := [.w_gpr (0#5) (GPRVal.var 0), .w_gpr (1#5) (GPRVal.var 1)] }, - { curr_state := 2, prev_state := 1, writes := [.w_gpr (1#5) (GPRVal.var 2), .w_gpr (3#5) (GPRVal.r_gpr 1)] }] - { curr_state := 2, prev_state := 0, - writes := [.w_gpr (0#5) (GPRVal.var 0), .w_gpr (1#5) (GPRVal.var 2), .w_gpr (3#5) (GPRVal.var 1)] } - -#time -open Expr Update in -theorem read_from_prev_update_test1 - (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) - (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 1#5) s1) s1)) : - s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) old_x1 s0)) := by - have := (Expr.eq_true_of_denote { state := [s0, s1, s2], - gpr := [x0, old_x1, x1] } - -- init - { prev_state := 0, curr_state := 0, writes := []} - -- final - { prev_state := 0, curr_state := 2, - writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 2), w_gpr 3#5 (.var 1)] } - -- updates - [ { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, - { prev_state := 1, curr_state := 2, writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.r_gpr 1)] } ] - (by native_decide)) - simp only [Exprs.denote, List.foldl_cons, and_true, true_and, List.foldl_nil, - and_imp] at this - exact this (Eq.refl s0) h_s1 h_s2 - done +#eval prune { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 0#5 (.var 1)] } -#time -open Expr Update in -theorem read_from_prev_update_test2 (s0 s1 s2 : ArmState) - (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) old_x1 s0)) - (h_s2 : s2 = w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 5#5) s1) s1)) : - s2 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 3#5) (r (.GPR 5#5) s0) s0)) := by - have := (Expr.eq_true_of_denote { state := [s0, s1, s2], - gpr := [x0, old_x1, x1] } - -- init - { prev_state := 0, curr_state := 0, writes := []} - -- final - { prev_state := 0, curr_state := 2, - writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 2), w_gpr 3#5 (.r_gpr 5#5)] } - -- updates - [ { prev_state := 0, curr_state := 1, - writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] }, - { prev_state := 1, curr_state := 2, - writes := [w_gpr 1#5 (.var 2), w_gpr 3#5 (.r_gpr 5#5)] } ] - (by native_decide)) - simp only [Exprs.denote, List.foldl, true_and, and_true, and_imp] at this - exact this (Eq.refl s0) h_s1 h_s2 - done - -open Expr Update in /-- -info: { curr_state := 30, - prev_state := 0, - writes := [ArmConstr.Update.w_gpr 0x01#5 (ArmConstr.GPRVal.var 52), - ArmConstr.Update.w_gpr 0x02#5 (ArmConstr.GPRVal.var 51), - ArmConstr.Update.w_gpr 0x03#5 (ArmConstr.GPRVal.var 53), - ArmConstr.Update.w_gpr 0x04#5 (ArmConstr.GPRVal.var 76), - ArmConstr.Update.w_gpr 0x05#5 (ArmConstr.GPRVal.var 81), - ArmConstr.Update.w_gpr 0x06#5 (ArmConstr.GPRVal.var 74), - ArmConstr.Update.w_gpr 0x07#5 (ArmConstr.GPRVal.var 73), - ArmConstr.Update.w_gpr 0x08#5 (ArmConstr.GPRVal.var 87), - ArmConstr.Update.w_gpr 0x09#5 (ArmConstr.GPRVal.var 86), - ArmConstr.Update.w_gpr 0x0a#5 (ArmConstr.GPRVal.var 85), - ArmConstr.Update.w_gpr 0x0b#5 (ArmConstr.GPRVal.var 84), - ArmConstr.Update.w_gpr 0x0c#5 (ArmConstr.GPRVal.var 61), - ArmConstr.Update.w_gpr 0x0d#5 (ArmConstr.GPRVal.var 83), - ArmConstr.Update.w_gpr 0x0e#5 (ArmConstr.GPRVal.var 82), - ArmConstr.Update.w_gpr 0x0f#5 (ArmConstr.GPRVal.var 19), - ArmConstr.Update.w_gpr 0x10#5 (ArmConstr.GPRVal.var 80), - ArmConstr.Update.w_gpr 0x11#5 (ArmConstr.GPRVal.var 79), - ArmConstr.Update.w_gpr 0x12#5 (ArmConstr.GPRVal.var 78), - ArmConstr.Update.w_gpr 0x13#5 (ArmConstr.GPRVal.var 77), - ArmConstr.Update.w_gpr 0x14#5 (ArmConstr.GPRVal.var 44), - ArmConstr.Update.w_gpr 0x15#5 (ArmConstr.GPRVal.var 43), - ArmConstr.Update.w_gpr 0x16#5 (ArmConstr.GPRVal.var 42), - ArmConstr.Update.w_gpr 0x17#5 (ArmConstr.GPRVal.var 41), - ArmConstr.Update.w_gpr 0x18#5 (ArmConstr.GPRVal.var 3), - ArmConstr.Update.w_gpr 0x19#5 (ArmConstr.GPRVal.var 2), - ArmConstr.Update.w_gpr 0x1a#5 (ArmConstr.GPRVal.var 1), - ArmConstr.Update.w_gpr 0x1b#5 (ArmConstr.GPRVal.var 0), - ArmConstr.Update.w_gpr 0x1c#5 (ArmConstr.GPRVal.var 60), - ArmConstr.Update.w_gpr 0x1d#5 (ArmConstr.GPRVal.var 59), - ArmConstr.Update.w_gpr 0x1e#5 (ArmConstr.GPRVal.var 58), - ArmConstr.Update.w_gpr 0x1f#5 (ArmConstr.GPRVal.var 57)] } +Does removing shadowed writes in `e1` give `e2`? -/ -#guard_msgs in -#eval Expr.aggregate - { prev_state := 0, curr_state := 0, writes := []} - [{ curr_state := 1, prev_state := 0, - writes := - [w_gpr (23#5) (GPRVal.var 4), w_gpr (24#5) (GPRVal.var 3), w_gpr (25#5) (GPRVal.var 2), - w_gpr (26#5) (GPRVal.var 1), w_gpr (27#5) (GPRVal.var 0)] }, - { curr_state := 2, prev_state := 1, writes := [w_gpr (2#5) (GPRVal.var 6), w_gpr (3#5) (GPRVal.var 5)] }, - { curr_state := 3, prev_state := 2, - writes := - [w_gpr (28#5) (GPRVal.var 10), w_gpr (29#5) (GPRVal.var 9), w_gpr (30#5) (GPRVal.var 8), - w_gpr (31#5) (GPRVal.var 7)] }, - { curr_state := 4, prev_state := 3, - writes := - [w_gpr (17#5) (GPRVal.var 14), w_gpr (18#5) (GPRVal.var 13), w_gpr (19#5) (GPRVal.var 12), - w_gpr (20#5) (GPRVal.var 11)] }, - { curr_state := 5, prev_state := 4, writes := [w_gpr (15#5) (GPRVal.var 16), w_gpr (16#5) (GPRVal.var 15)] }, - { curr_state := 6, prev_state := 5, writes := [w_gpr (30#5) (GPRVal.var 17)] }, - { curr_state := 7, prev_state := 6, - writes := - [w_gpr (12#5) (GPRVal.var 22), w_gpr (13#5) (GPRVal.var 21), w_gpr (14#5) (GPRVal.var 20), - w_gpr (15#5) (GPRVal.var 19), w_gpr (16#5) (GPRVal.var 18)] }, - { curr_state := 8, prev_state := 7, - writes := - [w_gpr (8#5) (GPRVal.var 27), w_gpr (9#5) (GPRVal.var 26), w_gpr (10#5) (GPRVal.var 25), - w_gpr (11#5) (GPRVal.var 24), w_gpr (12#5) (GPRVal.var 23)] }, - { curr_state := 9, prev_state := 8, - writes := [w_gpr (28#5) (GPRVal.var 30), w_gpr (29#5) (GPRVal.var 29), w_gpr (30#5) (GPRVal.var 28)] }, - { curr_state := 10, prev_state := 9, writes := [w_gpr (21#5) (GPRVal.var 31)] }, - { curr_state := 11, prev_state := 10, - writes := - [w_gpr (18#5) (GPRVal.var 36), w_gpr (19#5) (GPRVal.var 35), w_gpr (20#5) (GPRVal.var 34), - w_gpr (21#5) (GPRVal.var 33), w_gpr (22#5) (GPRVal.var 32)] }, - { curr_state := 12, prev_state := 11, - writes := - [w_gpr (18#5) (GPRVal.var 40), w_gpr (19#5) (GPRVal.var 39), w_gpr (20#5) (GPRVal.var 38), - w_gpr (21#5) (GPRVal.var 37)] }, - { curr_state := 13, prev_state := 12, - writes := - [w_gpr (20#5) (GPRVal.var 44), w_gpr (21#5) (GPRVal.var 43), w_gpr (22#5) (GPRVal.var 42), - w_gpr (23#5) (GPRVal.var 41)] }, - { curr_state := 14, prev_state := 13, writes := [w_gpr (17#5) (GPRVal.var 45)] }, - { curr_state := 15, prev_state := 14, writes := [w_gpr (14#5) (GPRVal.var 46)] }, - { curr_state := 16, prev_state := 15, writes := [w_gpr (16#5) (GPRVal.var 47)] }, - { curr_state := 17, prev_state := 16, - writes := - [w_gpr (1#5) (GPRVal.var 52), w_gpr (2#5) (GPRVal.var 51), w_gpr (3#5) (GPRVal.var 50), - w_gpr (4#5) (GPRVal.var 49), w_gpr (5#5) (GPRVal.var 48)] }, - { curr_state := 18, prev_state := 17, writes := [w_gpr (3#5) (GPRVal.var 53)] }, - { curr_state := 19, prev_state := 18, writes := [w_gpr (8#5) (GPRVal.var 54)] }, - { curr_state := 20, prev_state := 19, writes := [w_gpr (5#5) (GPRVal.var 55)] }, - { curr_state := 21, prev_state := 20, writes := [w_gpr (9#5) (GPRVal.var 56)] }, - { curr_state := 22, prev_state := 21, - writes := - [w_gpr (28#5) (GPRVal.var 60), w_gpr (29#5) (GPRVal.var 59), w_gpr (30#5) (GPRVal.var 58), - w_gpr (31#5) (GPRVal.var 57)] }, - { curr_state := 23, prev_state := 22, - writes := - [w_gpr (8#5) (GPRVal.var 65), w_gpr (9#5) (GPRVal.var 64), w_gpr (10#5) (GPRVal.var 63), - w_gpr (11#5) (GPRVal.var 62), w_gpr (12#5) (GPRVal.var 61)] }, - { curr_state := 24, prev_state := 23, - writes := - [w_gpr (7#5) (GPRVal.var 70), w_gpr (8#5) (GPRVal.var 69), w_gpr (9#5) (GPRVal.var 68), - w_gpr (10#5) (GPRVal.var 67), w_gpr (11#5) (GPRVal.var 66)] }, - { curr_state := 25, prev_state := 24, writes := [w_gpr (5#5) (GPRVal.var 72), w_gpr (6#5) (GPRVal.var 71)] }, - { curr_state := 26, prev_state := 25, - writes := - [w_gpr (4#5) (GPRVal.var 76), w_gpr (5#5) (GPRVal.var 75), w_gpr (6#5) (GPRVal.var 74), - w_gpr (7#5) (GPRVal.var 73)] }, - { curr_state := 27, prev_state := 26, - writes := - [w_gpr (16#5) (GPRVal.var 80), w_gpr (17#5) (GPRVal.var 79), w_gpr (18#5) (GPRVal.var 78), - w_gpr (19#5) (GPRVal.var 77)] }, - { curr_state := 28, prev_state := 27, writes := [w_gpr (5#5) (GPRVal.var 81)] }, - { curr_state := 29, prev_state := 28, writes := [w_gpr (13#5) (GPRVal.var 83), w_gpr (14#5) (GPRVal.var 82)] }, - { curr_state := 30, prev_state := 29, - writes := - [w_gpr (8#5) (GPRVal.var 87), w_gpr (9#5) (GPRVal.var 86), w_gpr (10#5) (GPRVal.var 85), - w_gpr (11#5) (GPRVal.var 84)] }] - -open Expr Update in -#eval Expr.aggregate - { prev_state := 0, curr_state := 0, writes := []} - [ { curr_state := 1, prev_state := 0, writes := [w_gpr 13#5 (.var 1), w_gpr 14#5 (.var 0), ] }, - { curr_state := 2, prev_state := 1, writes := [w_gpr 11#5 (.var 2), ] }, - { curr_state := 3, prev_state := 2, writes := [w_gpr 11#5 (.var 5), w_gpr 12#5 (.var 4), w_gpr 13#5 (.var 3), ] }, - { curr_state := 4, prev_state := 3, writes := [w_gpr 10#5 (.var 10), w_gpr 11#5 (.var 9), w_gpr 12#5 (.var 8), w_gpr 13#5 (.var 7), w_gpr 14#5 (.var 6), ] }, - { curr_state := 5, prev_state := 4, writes := [w_gpr 21#5 (.var 14), w_gpr 22#5 (.var 13), w_gpr 23#5 (.var 12), w_gpr 24#5 (.var 11), ] }, - { curr_state := 6, prev_state := 5, writes := [w_gpr 2#5 (.var 19), w_gpr 3#5 (.var 18), w_gpr 4#5 (.var 17), w_gpr 5#5 (.var 16), w_gpr 6#5 (.var 15), ] }, - { curr_state := 7, prev_state := 6, writes := [w_gpr 28#5 (.var 22), w_gpr 29#5 (.var 21), w_gpr 30#5 (.var 20), ] }, - { curr_state := 8, prev_state := 7, writes := [w_gpr 21#5 (.var 27), w_gpr 22#5 (.var 26), w_gpr 23#5 (.var 25), w_gpr 24#5 (.var 24), w_gpr 25#5 (.var 23), ] }, - { curr_state := 9, prev_state := 8, writes := [w_gpr 29#5 (.var 28), ] }, - { curr_state := 10, prev_state := 9, writes := [w_gpr 29#5 (.var 29), ] }, - ] - -#time -open Expr Update in -theorem test_10_steps (s0 : ArmState) - (h_step_1 : s1 = (w (.GPR 13#5) val1 (w (.GPR 14#5) val0 s0))) - (h_step_2 : s2 = (w (.GPR 11#5) val2 s1)) - (h_step_3 : s3 = (w (.GPR 11#5) val5 (w (.GPR 12#5) val4 (w (.GPR 13#5) val3 s2)))) - (h_step_4 : s4 = (w (.GPR 10#5) val10 (w (.GPR 11#5) val9 (w (.GPR 12#5) val8 (w (.GPR 13#5) val7 (w (.GPR 14#5) val6 s3)))))) - (h_step_5 : s5 = (w (.GPR 21#5) val14 (w (.GPR 22#5) val13 (w (.GPR 23#5) val12 (w (.GPR 24#5) val11 s4))))) - (h_step_6 : s6 = (w (.GPR 2#5) val19 (w (.GPR 3#5) val18 (w (.GPR 4#5) val17 (w (.GPR 5#5) val16 (w (.GPR 6#5) val15 s5)))))) - (h_step_7 : s7 = (w (.GPR 28#5) val22 (w (.GPR 29#5) val21 (w (.GPR 30#5) val20 s6)))) - (h_step_8 : s8 = (w (.GPR 21#5) val27 (w (.GPR 22#5) val26 (w (.GPR 23#5) val25 (w (.GPR 24#5) val24 (w (.GPR 25#5) val23 s7)))))) - (h_step_9 : s9 = (w (.GPR 29#5) val28 s8)) - (h_step_10 : s10 = (w (.GPR 29#5) val29 s9)) - : - s10 = (w (.GPR 0x02#5) val19 (w (.GPR 0x03#5) val18 (w (.GPR 0x04#5) val17 (w (.GPR 0x05#5) val16 (w (.GPR 0x06#5) val15 (w (.GPR 0x0a#5) val10 (w (.GPR 0x0b#5) val9 (w (.GPR 0x0c#5) val8 (w (.GPR 0x0d#5) val7 (w (.GPR 0x0e#5) val6 (w (.GPR 0x15#5) val27 (w (.GPR 0x16#5) val26 (w (.GPR 0x17#5) val25 (w (.GPR 0x18#5) val24 (w (.GPR 0x19#5) val23 (w (.GPR 0x1c#5) val22 (w (.GPR 0x1d#5) val29 (w (.GPR 0x1e#5) val20 s0)))))))))))))))))) := by - have := (Expr.eq_true_of_denote - -- Context - { state := [s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10], - gpr := [val0, val1, val2, val3, val4, val5, val6, val7, val8, val9, val10, val11, val12, val13, val14, val15, val16, val17, val18, val19, val20, val21, val22, val23, val24, val25, val26, val27, val28, val29] } - -- init - { curr_state := 0, prev_state := 0, writes := [] } - -- final - { curr_state := 10, - prev_state := 0, - writes := [ArmConstr.Update.w_gpr 0x02#5 (ArmConstr.GPRVal.var 19), - ArmConstr.Update.w_gpr 0x03#5 (ArmConstr.GPRVal.var 18), - ArmConstr.Update.w_gpr 0x04#5 (ArmConstr.GPRVal.var 17), - ArmConstr.Update.w_gpr 0x05#5 (ArmConstr.GPRVal.var 16), - ArmConstr.Update.w_gpr 0x06#5 (ArmConstr.GPRVal.var 15), - ArmConstr.Update.w_gpr 0x0a#5 (ArmConstr.GPRVal.var 10), - ArmConstr.Update.w_gpr 0x0b#5 (ArmConstr.GPRVal.var 9), - ArmConstr.Update.w_gpr 0x0c#5 (ArmConstr.GPRVal.var 8), - ArmConstr.Update.w_gpr 0x0d#5 (ArmConstr.GPRVal.var 7), - ArmConstr.Update.w_gpr 0x0e#5 (ArmConstr.GPRVal.var 6), - ArmConstr.Update.w_gpr 0x15#5 (ArmConstr.GPRVal.var 27), - ArmConstr.Update.w_gpr 0x16#5 (ArmConstr.GPRVal.var 26), - ArmConstr.Update.w_gpr 0x17#5 (ArmConstr.GPRVal.var 25), - ArmConstr.Update.w_gpr 0x18#5 (ArmConstr.GPRVal.var 24), - ArmConstr.Update.w_gpr 0x19#5 (ArmConstr.GPRVal.var 23), - ArmConstr.Update.w_gpr 0x1c#5 (ArmConstr.GPRVal.var 22), - ArmConstr.Update.w_gpr 0x1d#5 (ArmConstr.GPRVal.var 29), - ArmConstr.Update.w_gpr 0x1e#5 (ArmConstr.GPRVal.var 20)] } - -- updates - [ { curr_state := 1, prev_state := 0, writes := [w_gpr 13#5 (.var 1), w_gpr 14#5 (.var 0), ] }, - { curr_state := 2, prev_state := 1, writes := [w_gpr 11#5 (.var 2), ] }, - { curr_state := 3, prev_state := 2, writes := [w_gpr 11#5 (.var 5), w_gpr 12#5 (.var 4), w_gpr 13#5 (.var 3), ] }, - { curr_state := 4, prev_state := 3, writes := [w_gpr 10#5 (.var 10), w_gpr 11#5 (.var 9), w_gpr 12#5 (.var 8), w_gpr 13#5 (.var 7), w_gpr 14#5 (.var 6), ] }, - { curr_state := 5, prev_state := 4, writes := [w_gpr 21#5 (.var 14), w_gpr 22#5 (.var 13), w_gpr 23#5 (.var 12), w_gpr 24#5 (.var 11), ] }, - { curr_state := 6, prev_state := 5, writes := [w_gpr 2#5 (.var 19), w_gpr 3#5 (.var 18), w_gpr 4#5 (.var 17), w_gpr 5#5 (.var 16), w_gpr 6#5 (.var 15), ] }, - { curr_state := 7, prev_state := 6, writes := [w_gpr 28#5 (.var 22), w_gpr 29#5 (.var 21), w_gpr 30#5 (.var 20), ] }, - { curr_state := 8, prev_state := 7, writes := [w_gpr 21#5 (.var 27), w_gpr 22#5 (.var 26), w_gpr 23#5 (.var 25), w_gpr 24#5 (.var 24), w_gpr 25#5 (.var 23), ] }, - { curr_state := 9, prev_state := 8, writes := [w_gpr 29#5 (.var 28), ] }, - { curr_state := 10, prev_state := 9, writes := [w_gpr 29#5 (.var 29), ] }, - ] - (by native_decide)) - simp only [Exprs.denote, and_true, and_imp] at this - exact this (Eq.refl s0) h_step_1 h_step_2 h_step_3 h_step_4 h_step_5 h_step_6 h_step_7 h_step_8 h_step_9 h_step_10 - done - -#time -open Expr Update in -theorem test_30_steps (s0 : ArmState) - (h_step_1 : s1 = (w (.GPR 23#5) val4 (w (.GPR 24#5) val3 (w (.GPR 25#5) val2 (w (.GPR 26#5) val1 (w (.GPR 27#5) val0 s0)))))) - (h_step_2 : s2 = (w (.GPR 2#5) val6 (w (.GPR 3#5) val5 s1))) - (h_step_3 : s3 = (w (.GPR 28#5) val10 (w (.GPR 29#5) val9 (w (.GPR 30#5) val8 (w (.GPR 31#5) val7 s2))))) - (h_step_4 : s4 = (w (.GPR 17#5) val14 (w (.GPR 18#5) val13 (w (.GPR 19#5) val12 (w (.GPR 20#5) val11 s3))))) - (h_step_5 : s5 = (w (.GPR 15#5) val16 (w (.GPR 16#5) val15 s4))) - (h_step_6 : s6 = (w (.GPR 30#5) val17 s5)) - (h_step_7 : s7 = (w (.GPR 12#5) val22 (w (.GPR 13#5) val21 (w (.GPR 14#5) val20 (w (.GPR 15#5) val19 (w (.GPR 16#5) val18 s6)))))) - (h_step_8 : s8 = (w (.GPR 8#5) val27 (w (.GPR 9#5) val26 (w (.GPR 10#5) val25 (w (.GPR 11#5) val24 (w (.GPR 12#5) val23 s7)))))) - (h_step_9 : s9 = (w (.GPR 28#5) val30 (w (.GPR 29#5) val29 (w (.GPR 30#5) val28 s8)))) - (h_step_10 : s10 = (w (.GPR 21#5) val31 s9)) - (h_step_11 : s11 = (w (.GPR 18#5) val36 (w (.GPR 19#5) val35 (w (.GPR 20#5) val34 (w (.GPR 21#5) val33 (w (.GPR 22#5) val32 s10)))))) - (h_step_12 : s12 = (w (.GPR 18#5) val40 (w (.GPR 19#5) val39 (w (.GPR 20#5) val38 (w (.GPR 21#5) val37 s11))))) - (h_step_13 : s13 = (w (.GPR 20#5) val44 (w (.GPR 21#5) val43 (w (.GPR 22#5) val42 (w (.GPR 23#5) val41 s12))))) - (h_step_14 : s14 = (w (.GPR 17#5) val45 s13)) - (h_step_15 : s15 = (w (.GPR 14#5) val46 s14)) - (h_step_16 : s16 = (w (.GPR 16#5) val47 s15)) - (h_step_17 : s17 = (w (.GPR 1#5) val52 (w (.GPR 2#5) val51 (w (.GPR 3#5) val50 (w (.GPR 4#5) val49 (w (.GPR 5#5) val48 s16)))))) - (h_step_18 : s18 = (w (.GPR 3#5) val53 s17)) - (h_step_19 : s19 = (w (.GPR 8#5) val54 s18)) - (h_step_20 : s20 = (w (.GPR 5#5) val55 s19)) - (h_step_21 : s21 = (w (.GPR 9#5) val56 s20)) - (h_step_22 : s22 = (w (.GPR 28#5) val60 (w (.GPR 29#5) val59 (w (.GPR 30#5) val58 (w (.GPR 31#5) val57 s21))))) - (h_step_23 : s23 = (w (.GPR 8#5) val65 (w (.GPR 9#5) val64 (w (.GPR 10#5) val63 (w (.GPR 11#5) val62 (w (.GPR 12#5) val61 s22)))))) - (h_step_24 : s24 = (w (.GPR 7#5) val70 (w (.GPR 8#5) val69 (w (.GPR 9#5) val68 (w (.GPR 10#5) val67 (w (.GPR 11#5) val66 s23)))))) - (h_step_25 : s25 = (w (.GPR 5#5) val72 (w (.GPR 6#5) val71 s24))) - (h_step_26 : s26 = (w (.GPR 4#5) val76 (w (.GPR 5#5) val75 (w (.GPR 6#5) val74 (w (.GPR 7#5) val73 s25))))) - (h_step_27 : s27 = (w (.GPR 16#5) val80 (w (.GPR 17#5) val79 (w (.GPR 18#5) val78 (w (.GPR 19#5) val77 s26))))) - (h_step_28 : s28 = (w (.GPR 5#5) val81 s27)) - (h_step_29 : s29 = (w (.GPR 13#5) val83 (w (.GPR 14#5) val82 s28))) - (h_step_30 : s30 = (w (.GPR 8#5) val87 (w (.GPR 9#5) val86 (w (.GPR 10#5) val85 (w (.GPR 11#5) val84 s29))))) : - s30 = (w (.GPR 0x01#5) val52 (w (.GPR 0x02#5) val51 (w (.GPR 0x03#5) val53 (w (.GPR 0x04#5) val76 (w (.GPR 0x05#5) val81 (w (.GPR 0x06#5) val74 (w (.GPR 0x07#5) val73 (w (.GPR 0x08#5) val87 (w (.GPR 0x09#5) val86 (w (.GPR 0x0a#5) val85 (w (.GPR 0x0b#5) val84 (w (.GPR 0x0c#5) val61 (w (.GPR 0x0d#5) val83 (w (.GPR 0x0e#5) val82 (w (.GPR 0x0f#5) val19 (w (.GPR 0x10#5) val80 (w (.GPR 0x11#5) val79 (w (.GPR 0x12#5) val78 (w (.GPR 0x13#5) val77 (w (.GPR 0x14#5) val44 (w (.GPR 0x15#5) val43 (w (.GPR 0x16#5) val42 (w (.GPR 0x17#5) val41 (w (.GPR 0x18#5) val3 (w (.GPR 0x19#5) val2 (w (.GPR 0x1a#5) val1 (w (.GPR 0x1b#5) val0 (w (.GPR 0x1c#5) val60 (w (.GPR 0x1d#5) val59 (w (.GPR 0x1e#5) val58 (w (.GPR 0x1f#5) val57 s0))))))))))))))))))))))))))))))) - := by - have := - (Expr.eq_true_of_denote { state := [s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, - s11, s12, s13, s14, s15, s16, s17, s18, s19, - s20, s21, s22, s23, s24, s25, s26, s27, s28, s29, s30], - gpr := [val0, val1, val2, val3, val4, val5, val6, val7, val8, val9, val10, - val11, val12, val13, val14, val15, val16, val17, val18, val19, val20, - val21, val22, val23, val24, val25, val26, val27, val28, val29, val30, - val31, val32, val33, val34, val35, val36, val37, val38, val39, val40, - val41, val42, val43, val44, val45, val46, val47, val48, val49, val50, - val51, val52, val53, val54, val55, val56, val57, val58, val59, val60, - val61, val62, val63, val64, val65, val66, val67, val68, val69, val70, - val71, val72, val73, val74, val75, val76, val77, val78, val79, val80, - val81, val82, val83, val84, val85, val86, val87] } - -- init - { prev_state := 0, curr_state := 0, writes := []} - -- final - { curr_state := 30, - prev_state := 0, - writes := [w_gpr 0x01#5 (.var 52), - w_gpr 0x02#5 (.var 51), - w_gpr 0x03#5 (.var 53), - w_gpr 0x04#5 (.var 76), - w_gpr 0x05#5 (.var 81), - w_gpr 0x06#5 (.var 74), - w_gpr 0x07#5 (.var 73), - w_gpr 0x08#5 (.var 87), - w_gpr 0x09#5 (.var 86), - w_gpr 0x0a#5 (.var 85), - w_gpr 0x0b#5 (.var 84), - w_gpr 0x0c#5 (.var 61), - w_gpr 0x0d#5 (.var 83), - w_gpr 0x0e#5 (.var 82), - w_gpr 0x0f#5 (.var 19), - w_gpr 0x10#5 (.var 80), - w_gpr 0x11#5 (.var 79), - w_gpr 0x12#5 (.var 78), - w_gpr 0x13#5 (.var 77), - w_gpr 0x14#5 (.var 44), - w_gpr 0x15#5 (.var 43), - w_gpr 0x16#5 (.var 42), - w_gpr 0x17#5 (.var 41), - w_gpr 0x18#5 (.var 3), - w_gpr 0x19#5 (.var 2), - w_gpr 0x1a#5 (.var 1), - w_gpr 0x1b#5 (.var 0), - w_gpr 0x1c#5 (.var 60), - w_gpr 0x1d#5 (.var 59), - w_gpr 0x1e#5 (.var 58), - w_gpr 0x1f#5 (.var 57)] } - -- updates - [ - { curr_state := 1, prev_state := 0, writes := [w_gpr 23#5 (.var 4), w_gpr 24#5 (.var 3), w_gpr 25#5 (.var 2), w_gpr 26#5 (.var 1), w_gpr 27#5 (.var 0), ] }, - { curr_state := 2, prev_state := 1, writes := [w_gpr 2#5 (.var 6), w_gpr 3#5 (.var 5), ] }, - { curr_state := 3, prev_state := 2, writes := [w_gpr 28#5 (.var 10), w_gpr 29#5 (.var 9), w_gpr 30#5 (.var 8), w_gpr 31#5 (.var 7), ] }, - { curr_state := 4, prev_state := 3, writes := [w_gpr 17#5 (.var 14), w_gpr 18#5 (.var 13), w_gpr 19#5 (.var 12), w_gpr 20#5 (.var 11), ] }, - { curr_state := 5, prev_state := 4, writes := [w_gpr 15#5 (.var 16), w_gpr 16#5 (.var 15), ] }, - { curr_state := 6, prev_state := 5, writes := [w_gpr 30#5 (.var 17), ] }, - { curr_state := 7, prev_state := 6, writes := [w_gpr 12#5 (.var 22), w_gpr 13#5 (.var 21), w_gpr 14#5 (.var 20), w_gpr 15#5 (.var 19), w_gpr 16#5 (.var 18), ] }, - { curr_state := 8, prev_state := 7, writes := [w_gpr 8#5 (.var 27), w_gpr 9#5 (.var 26), w_gpr 10#5 (.var 25), w_gpr 11#5 (.var 24), w_gpr 12#5 (.var 23), ] }, - { curr_state := 9, prev_state := 8, writes := [w_gpr 28#5 (.var 30), w_gpr 29#5 (.var 29), w_gpr 30#5 (.var 28), ] }, - { curr_state := 10, prev_state := 9, writes := [w_gpr 21#5 (.var 31), ] }, - { curr_state := 11, prev_state := 10, writes := [w_gpr 18#5 (.var 36), w_gpr 19#5 (.var 35), w_gpr 20#5 (.var 34), w_gpr 21#5 (.var 33), w_gpr 22#5 (.var 32), ] }, - { curr_state := 12, prev_state := 11, writes := [w_gpr 18#5 (.var 40), w_gpr 19#5 (.var 39), w_gpr 20#5 (.var 38), w_gpr 21#5 (.var 37), ] }, - { curr_state := 13, prev_state := 12, writes := [w_gpr 20#5 (.var 44), w_gpr 21#5 (.var 43), w_gpr 22#5 (.var 42), w_gpr 23#5 (.var 41), ] }, - { curr_state := 14, prev_state := 13, writes := [w_gpr 17#5 (.var 45), ] }, - { curr_state := 15, prev_state := 14, writes := [w_gpr 14#5 (.var 46), ] }, - { curr_state := 16, prev_state := 15, writes := [w_gpr 16#5 (.var 47), ] }, - { curr_state := 17, prev_state := 16, writes := [w_gpr 1#5 (.var 52), w_gpr 2#5 (.var 51), w_gpr 3#5 (.var 50), w_gpr 4#5 (.var 49), w_gpr 5#5 (.var 48), ] }, - { curr_state := 18, prev_state := 17, writes := [w_gpr 3#5 (.var 53), ] }, - { curr_state := 19, prev_state := 18, writes := [w_gpr 8#5 (.var 54), ] }, - { curr_state := 20, prev_state := 19, writes := [w_gpr 5#5 (.var 55), ] }, - { curr_state := 21, prev_state := 20, writes := [w_gpr 9#5 (.var 56), ] }, - { curr_state := 22, prev_state := 21, writes := [w_gpr 28#5 (.var 60), w_gpr 29#5 (.var 59), w_gpr 30#5 (.var 58), w_gpr 31#5 (.var 57), ] }, - { curr_state := 23, prev_state := 22, writes := [w_gpr 8#5 (.var 65), w_gpr 9#5 (.var 64), w_gpr 10#5 (.var 63), w_gpr 11#5 (.var 62), w_gpr 12#5 (.var 61), ] }, - { curr_state := 24, prev_state := 23, writes := [w_gpr 7#5 (.var 70), w_gpr 8#5 (.var 69), w_gpr 9#5 (.var 68), w_gpr 10#5 (.var 67), w_gpr 11#5 (.var 66), ] }, - { curr_state := 25, prev_state := 24, writes := [w_gpr 5#5 (.var 72), w_gpr 6#5 (.var 71), ] }, - { curr_state := 26, prev_state := 25, writes := [w_gpr 4#5 (.var 76), w_gpr 5#5 (.var 75), w_gpr 6#5 (.var 74), w_gpr 7#5 (.var 73), ] }, - { curr_state := 27, prev_state := 26, writes := [w_gpr 16#5 (.var 80), w_gpr 17#5 (.var 79), w_gpr 18#5 (.var 78), w_gpr 19#5 (.var 77), ] }, - { curr_state := 28, prev_state := 27, writes := [w_gpr 5#5 (.var 81), ] }, - { curr_state := 29, prev_state := 28, writes := [w_gpr 13#5 (.var 83), w_gpr 14#5 (.var 82), ] }, - { curr_state := 30, prev_state := 29, writes := [w_gpr 8#5 (.var 87), w_gpr 9#5 (.var 86), w_gpr 10#5 (.var 85), w_gpr 11#5 (.var 84), ] } - ] - (by native_decide)) - simp only [Exprs.denote, and_true, and_imp] at this - exact this (Eq.refl s0) h_step_1 h_step_2 h_step_3 h_step_4 h_step_5 h_step_6 h_step_7 h_step_8 h_step_9 h_step_10 h_step_11 h_step_12 h_step_13 h_step_14 h_step_15 h_step_16 h_step_17 h_step_18 h_step_19 h_step_20 h_step_21 h_step_22 h_step_23 h_step_24 h_step_25 h_step_26 h_step_27 h_step_28 h_step_29 h_step_30 +def Expr.isPruned (e1 e2 : Expr) : Bool := + prune e1 == e2 + +theorem Expr.eq_true_of_denote (ctx : Context) (e1 e2 : Expr) : + (Expr.isPruned e1 e2) → Expr.denote ctx e1 → Expr.denote ctx e2 := by + simp [isPruned, prune, denote] + intro h; cases e2 + rename_i s1 s0 writes; simp_all only [mk.injEq] + rw [←h.right.right]; clear h + simp only [denote_writes_eraseReps, denote_writes_sorted, implies_true] done #time open Expr Update in -theorem test_40_steps (s0 : ArmState) - (h_step_1 : s1 = (w (.GPR 4#5) val3 (w (.GPR 5#5) val2 (w (.GPR 6#5) val1 (w (.GPR 7#5) val0 s0))))) - (h_step_2 : s2 = (w (.GPR 6#5) val7 (w (.GPR 7#5) val6 (w (.GPR 8#5) val5 (w (.GPR 9#5) val4 s1))))) - (h_step_3 : s3 = (w (.GPR 6#5) val8 s2)) - (h_step_4 : s4 = (w (.GPR 23#5) val11 (w (.GPR 24#5) val10 (w (.GPR 25#5) val9 s3)))) - (h_step_5 : s5 = (w (.GPR 2#5) val12 s4)) - (h_step_6 : s6 = (w (.GPR 22#5) val17 (w (.GPR 23#5) val16 (w (.GPR 24#5) val15 (w (.GPR 25#5) val14 (w (.GPR 26#5) val13 s5)))))) - (h_step_7 : s7 = (w (.GPR 5#5) val19 (w (.GPR 6#5) val18 s6))) - (h_step_8 : s8 = (w (.GPR 23#5) val21 (w (.GPR 24#5) val20 s7))) - (h_step_9 : s9 = (w (.GPR 13#5) val22 s8)) - (h_step_10 : s10 = (w (.GPR 1#5) val25 (w (.GPR 2#5) val24 (w (.GPR 3#5) val23 s9)))) - (h_step_11 : s11 = (w (.GPR 14#5) val26 s10)) - (h_step_12 : s12 = (w (.GPR 28#5) val27 s11)) - (h_step_13 : s13 = (w (.GPR 15#5) val28 s12)) - (h_step_14 : s14 = (w (.GPR 24#5) val29 s13)) - (h_step_15 : s15 = (w (.GPR 4#5) val34 (w (.GPR 5#5) val33 (w (.GPR 6#5) val32 (w (.GPR 7#5) val31 (w (.GPR 8#5) val30 s14)))))) - (h_step_16 : s16 = (w (.GPR 13#5) val38 (w (.GPR 14#5) val37 (w (.GPR 15#5) val36 (w (.GPR 16#5) val35 s15))))) - (h_step_17 : s17 = (w (.GPR 13#5) val40 (w (.GPR 14#5) val39 s16))) - (h_step_18 : s18 = (w (.GPR 20#5) val45 (w (.GPR 21#5) val44 (w (.GPR 22#5) val43 (w (.GPR 23#5) val42 (w (.GPR 24#5) val41 s17)))))) - (h_step_19 : s19 = (w (.GPR 2#5) val46 s18)) - (h_step_20 : s20 = (w (.GPR 11#5) val51 (w (.GPR 12#5) val50 (w (.GPR 13#5) val49 (w (.GPR 14#5) val48 (w (.GPR 15#5) val47 s19)))))) - (h_step_21 : s21 = (w (.GPR 17#5) val55 (w (.GPR 18#5) val54 (w (.GPR 19#5) val53 (w (.GPR 20#5) val52 s20))))) - (h_step_22 : s22 = (w (.GPR 20#5) val60 (w (.GPR 21#5) val59 (w (.GPR 22#5) val58 (w (.GPR 23#5) val57 (w (.GPR 24#5) val56 s21)))))) - (h_step_23 : s23 = (w (.GPR 9#5) val65 (w (.GPR 10#5) val64 (w (.GPR 11#5) val63 (w (.GPR 12#5) val62 (w (.GPR 13#5) val61 s22)))))) - (h_step_24 : s24 = (w (.GPR 27#5) val67 (w (.GPR 28#5) val66 s23))) - (h_step_25 : s25 = (w (.GPR 2#5) val68 s24)) - (h_step_26 : s26 = (w (.GPR 11#5) val69 s25)) - (h_step_27 : s27 = (w (.GPR 1#5) val73 (w (.GPR 2#5) val72 (w (.GPR 3#5) val71 (w (.GPR 4#5) val70 s26))))) - (h_step_28 : s28 = (w (.GPR 11#5) val76 (w (.GPR 12#5) val75 (w (.GPR 13#5) val74 s27)))) - (h_step_29 : s29 = (w (.GPR 26#5) val80 (w (.GPR 27#5) val79 (w (.GPR 28#5) val78 (w (.GPR 29#5) val77 s28))))) - (h_step_30 : s30 = (w (.GPR 13#5) val81 s29)) - (h_step_31 : s31 = (w (.GPR 25#5) val82 s30)) - (h_step_32 : s32 = (w (.GPR 7#5) val86 (w (.GPR 8#5) val85 (w (.GPR 9#5) val84 (w (.GPR 10#5) val83 s31))))) - (h_step_33 : s33 = (w (.GPR 5#5) val90 (w (.GPR 6#5) val89 (w (.GPR 7#5) val88 (w (.GPR 8#5) val87 s32))))) - (h_step_34 : s34 = (w (.GPR 9#5) val93 (w (.GPR 10#5) val92 (w (.GPR 11#5) val91 s33)))) - (h_step_35 : s35 = (w (.GPR 8#5) val95 (w (.GPR 9#5) val94 s34))) - (h_step_36 : s36 = (w (.GPR 4#5) val97 (w (.GPR 5#5) val96 s35))) - (h_step_37 : s37 = (w (.GPR 28#5) val101 (w (.GPR 29#5) val100 (w (.GPR 30#5) val99 (w (.GPR 31#5) val98 s36))))) - (h_step_38 : s38 = (w (.GPR 17#5) val104 (w (.GPR 18#5) val103 (w (.GPR 19#5) val102 s37)))) - (h_step_39 : s39 = (w (.GPR 19#5) val109 (w (.GPR 20#5) val108 (w (.GPR 21#5) val107 (w (.GPR 22#5) val106 (w (.GPR 23#5) val105 s38)))))) - (h_step_40 : s40 = (w (.GPR 7#5) val110 s39)) - : - s40 = w (.GPR 1#5) (val73) (w (.GPR 2#5) (val72) (w (.GPR 3#5) (val71) (w (.GPR 4#5) (val97) (w (.GPR 5#5) (val96) (w (.GPR 6#5) (val89) (w (.GPR 7#5) (val110) (w (.GPR 8#5) (val95) (w (.GPR 9#5) (val94) (w (.GPR 10#5) (val92) (w (.GPR 11#5) (val91) (w (.GPR 12#5) (val75) (w (.GPR 13#5) (val81) (w (.GPR 14#5) (val48) (w (.GPR 15#5) (val47) (w (.GPR 16#5) (val35) (w (.GPR 17#5) (val104) (w (.GPR 18#5) (val103) (w (.GPR 19#5) (val109) (w (.GPR 20#5) (val108) (w (.GPR 21#5) (val107) (w (.GPR 22#5) (val106) (w (.GPR 23#5) (val105) (w (.GPR 24#5) (val56) (w (.GPR 25#5) (val82) (w (.GPR 26#5) (val80) (w (.GPR 27#5) (val79) (w (.GPR 28#5) (val101) (w (.GPR 29#5) (val100) (w (.GPR 30#5) (val99) (w (.GPR 31#5) (val98) s0)))))))))))))))))))))))))))))) := by - have := (Expr.eq_true_of_denote - -- Context - { state := [s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, s16, s17, s18, s19, s20, s21, s22, s23, s24, s25, s26, s27, s28, s29, s30, s31, s32, s33, s34, s35, s36, s37, s38, s39, s40], - gpr := [val0, val1, val2, val3, val4, val5, val6, val7, val8, val9, val10, val11, val12, val13, val14, val15, val16, val17, val18, val19, val20, val21, val22, val23, val24, val25, val26, val27, val28, val29, val30, val31, val32, val33, val34, val35, val36, val37, val38, val39, val40, val41, val42, val43, val44, val45, val46, val47, val48, val49, val50, val51, val52, val53, val54, val55, val56, val57, val58, val59, val60, val61, val62, val63, val64, val65, val66, val67, val68, val69, val70, val71, val72, val73, val74, val75, val76, val77, val78, val79, val80, val81, val82, val83, val84, val85, val86, val87, val88, val89, val90, val91, val92, val93, val94, val95, val96, val97, val98, val99, val100, val101, val102, val103, val104, val105, val106, val107, val108, val109, val110] } - -- init - { curr_state := 0, prev_state := 0, writes := [] } - -- final: run `Exprs.aggregate init updates` to get the following. - { curr_state := 40, - prev_state := 0, - writes := [ArmConstr.Update.w_gpr 0x01#5 (ArmConstr.GPRVal.var 73), - ArmConstr.Update.w_gpr 0x02#5 (ArmConstr.GPRVal.var 72), - ArmConstr.Update.w_gpr 0x03#5 (ArmConstr.GPRVal.var 71), - ArmConstr.Update.w_gpr 0x04#5 (ArmConstr.GPRVal.var 97), - ArmConstr.Update.w_gpr 0x05#5 (ArmConstr.GPRVal.var 96), - ArmConstr.Update.w_gpr 0x06#5 (ArmConstr.GPRVal.var 89), - ArmConstr.Update.w_gpr 0x07#5 (ArmConstr.GPRVal.var 110), - ArmConstr.Update.w_gpr 0x08#5 (ArmConstr.GPRVal.var 95), - ArmConstr.Update.w_gpr 0x09#5 (ArmConstr.GPRVal.var 94), - ArmConstr.Update.w_gpr 0x0a#5 (ArmConstr.GPRVal.var 92), - ArmConstr.Update.w_gpr 0x0b#5 (ArmConstr.GPRVal.var 91), - ArmConstr.Update.w_gpr 0x0c#5 (ArmConstr.GPRVal.var 75), - ArmConstr.Update.w_gpr 0x0d#5 (ArmConstr.GPRVal.var 81), - ArmConstr.Update.w_gpr 0x0e#5 (ArmConstr.GPRVal.var 48), - ArmConstr.Update.w_gpr 0x0f#5 (ArmConstr.GPRVal.var 47), - ArmConstr.Update.w_gpr 0x10#5 (ArmConstr.GPRVal.var 35), - ArmConstr.Update.w_gpr 0x11#5 (ArmConstr.GPRVal.var 104), - ArmConstr.Update.w_gpr 0x12#5 (ArmConstr.GPRVal.var 103), - ArmConstr.Update.w_gpr 0x13#5 (ArmConstr.GPRVal.var 109), - ArmConstr.Update.w_gpr 0x14#5 (ArmConstr.GPRVal.var 108), - ArmConstr.Update.w_gpr 0x15#5 (ArmConstr.GPRVal.var 107), - ArmConstr.Update.w_gpr 0x16#5 (ArmConstr.GPRVal.var 106), - ArmConstr.Update.w_gpr 0x17#5 (ArmConstr.GPRVal.var 105), - ArmConstr.Update.w_gpr 0x18#5 (ArmConstr.GPRVal.var 56), - ArmConstr.Update.w_gpr 0x19#5 (ArmConstr.GPRVal.var 82), - ArmConstr.Update.w_gpr 0x1a#5 (ArmConstr.GPRVal.var 80), - ArmConstr.Update.w_gpr 0x1b#5 (ArmConstr.GPRVal.var 79), - ArmConstr.Update.w_gpr 0x1c#5 (ArmConstr.GPRVal.var 101), - ArmConstr.Update.w_gpr 0x1d#5 (ArmConstr.GPRVal.var 100), - ArmConstr.Update.w_gpr 0x1e#5 (ArmConstr.GPRVal.var 99), - ArmConstr.Update.w_gpr 0x1f#5 (ArmConstr.GPRVal.var 98)] } - -- updates - [ { curr_state := 1, prev_state := 0, writes := [w_gpr 4#5 (.var 3), w_gpr 5#5 (.var 2), w_gpr 6#5 (.var 1), w_gpr 7#5 (.var 0), ] }, - { curr_state := 2, prev_state := 1, writes := [w_gpr 6#5 (.var 7), w_gpr 7#5 (.var 6), w_gpr 8#5 (.var 5), w_gpr 9#5 (.var 4), ] }, - { curr_state := 3, prev_state := 2, writes := [w_gpr 6#5 (.var 8), ] }, - { curr_state := 4, prev_state := 3, writes := [w_gpr 23#5 (.var 11), w_gpr 24#5 (.var 10), w_gpr 25#5 (.var 9), ] }, - { curr_state := 5, prev_state := 4, writes := [w_gpr 2#5 (.var 12), ] }, - { curr_state := 6, prev_state := 5, writes := [w_gpr 22#5 (.var 17), w_gpr 23#5 (.var 16), w_gpr 24#5 (.var 15), w_gpr 25#5 (.var 14), w_gpr 26#5 (.var 13), ] }, - { curr_state := 7, prev_state := 6, writes := [w_gpr 5#5 (.var 19), w_gpr 6#5 (.var 18), ] }, - { curr_state := 8, prev_state := 7, writes := [w_gpr 23#5 (.var 21), w_gpr 24#5 (.var 20), ] }, - { curr_state := 9, prev_state := 8, writes := [w_gpr 13#5 (.var 22), ] }, - { curr_state := 10, prev_state := 9, writes := [w_gpr 1#5 (.var 25), w_gpr 2#5 (.var 24), w_gpr 3#5 (.var 23), ] }, - { curr_state := 11, prev_state := 10, writes := [w_gpr 14#5 (.var 26), ] }, - { curr_state := 12, prev_state := 11, writes := [w_gpr 28#5 (.var 27), ] }, - { curr_state := 13, prev_state := 12, writes := [w_gpr 15#5 (.var 28), ] }, - { curr_state := 14, prev_state := 13, writes := [w_gpr 24#5 (.var 29), ] }, - { curr_state := 15, prev_state := 14, writes := [w_gpr 4#5 (.var 34), w_gpr 5#5 (.var 33), w_gpr 6#5 (.var 32), w_gpr 7#5 (.var 31), w_gpr 8#5 (.var 30), ] }, - { curr_state := 16, prev_state := 15, writes := [w_gpr 13#5 (.var 38), w_gpr 14#5 (.var 37), w_gpr 15#5 (.var 36), w_gpr 16#5 (.var 35), ] }, - { curr_state := 17, prev_state := 16, writes := [w_gpr 13#5 (.var 40), w_gpr 14#5 (.var 39), ] }, - { curr_state := 18, prev_state := 17, writes := [w_gpr 20#5 (.var 45), w_gpr 21#5 (.var 44), w_gpr 22#5 (.var 43), w_gpr 23#5 (.var 42), w_gpr 24#5 (.var 41), ] }, - { curr_state := 19, prev_state := 18, writes := [w_gpr 2#5 (.var 46), ] }, - { curr_state := 20, prev_state := 19, writes := [w_gpr 11#5 (.var 51), w_gpr 12#5 (.var 50), w_gpr 13#5 (.var 49), w_gpr 14#5 (.var 48), w_gpr 15#5 (.var 47), ] }, - { curr_state := 21, prev_state := 20, writes := [w_gpr 17#5 (.var 55), w_gpr 18#5 (.var 54), w_gpr 19#5 (.var 53), w_gpr 20#5 (.var 52), ] }, - { curr_state := 22, prev_state := 21, writes := [w_gpr 20#5 (.var 60), w_gpr 21#5 (.var 59), w_gpr 22#5 (.var 58), w_gpr 23#5 (.var 57), w_gpr 24#5 (.var 56), ] }, - { curr_state := 23, prev_state := 22, writes := [w_gpr 9#5 (.var 65), w_gpr 10#5 (.var 64), w_gpr 11#5 (.var 63), w_gpr 12#5 (.var 62), w_gpr 13#5 (.var 61), ] }, - { curr_state := 24, prev_state := 23, writes := [w_gpr 27#5 (.var 67), w_gpr 28#5 (.var 66), ] }, - { curr_state := 25, prev_state := 24, writes := [w_gpr 2#5 (.var 68), ] }, - { curr_state := 26, prev_state := 25, writes := [w_gpr 11#5 (.var 69), ] }, - { curr_state := 27, prev_state := 26, writes := [w_gpr 1#5 (.var 73), w_gpr 2#5 (.var 72), w_gpr 3#5 (.var 71), w_gpr 4#5 (.var 70), ] }, - { curr_state := 28, prev_state := 27, writes := [w_gpr 11#5 (.var 76), w_gpr 12#5 (.var 75), w_gpr 13#5 (.var 74), ] }, - { curr_state := 29, prev_state := 28, writes := [w_gpr 26#5 (.var 80), w_gpr 27#5 (.var 79), w_gpr 28#5 (.var 78), w_gpr 29#5 (.var 77), ] }, - { curr_state := 30, prev_state := 29, writes := [w_gpr 13#5 (.var 81), ] }, - { curr_state := 31, prev_state := 30, writes := [w_gpr 25#5 (.var 82), ] }, - { curr_state := 32, prev_state := 31, writes := [w_gpr 7#5 (.var 86), w_gpr 8#5 (.var 85), w_gpr 9#5 (.var 84), w_gpr 10#5 (.var 83), ] }, - { curr_state := 33, prev_state := 32, writes := [w_gpr 5#5 (.var 90), w_gpr 6#5 (.var 89), w_gpr 7#5 (.var 88), w_gpr 8#5 (.var 87), ] }, - { curr_state := 34, prev_state := 33, writes := [w_gpr 9#5 (.var 93), w_gpr 10#5 (.var 92), w_gpr 11#5 (.var 91), ] }, - { curr_state := 35, prev_state := 34, writes := [w_gpr 8#5 (.var 95), w_gpr 9#5 (.var 94), ] }, - { curr_state := 36, prev_state := 35, writes := [w_gpr 4#5 (.var 97), w_gpr 5#5 (.var 96), ] }, - { curr_state := 37, prev_state := 36, writes := [w_gpr 28#5 (.var 101), w_gpr 29#5 (.var 100), w_gpr 30#5 (.var 99), w_gpr 31#5 (.var 98), ] }, - { curr_state := 38, prev_state := 37, writes := [w_gpr 17#5 (.var 104), w_gpr 18#5 (.var 103), w_gpr 19#5 (.var 102), ] }, - { curr_state := 39, prev_state := 38, writes := [w_gpr 19#5 (.var 109), w_gpr 20#5 (.var 108), w_gpr 21#5 (.var 107), w_gpr 22#5 (.var 106), w_gpr 23#5 (.var 105), ] }, - { curr_state := 40, prev_state := 39, writes := [w_gpr 7#5 (.var 110), ] }] - (by native_decide)) - simp only [Exprs.denote, and_true, and_imp] at this - exact this (Eq.refl s0) h_step_1 h_step_2 h_step_3 h_step_4 h_step_5 h_step_6 h_step_7 h_step_8 h_step_9 h_step_10 h_step_11 h_step_12 h_step_13 h_step_14 h_step_15 h_step_16 h_step_17 h_step_18 h_step_19 h_step_20 h_step_21 h_step_22 h_step_23 h_step_24 h_step_25 h_step_26 h_step_27 h_step_28 h_step_29 h_step_30 h_step_31 h_step_32 h_step_33 h_step_34 h_step_35 h_step_36 h_step_37 h_step_38 h_step_39 h_step_40 - done +theorem example1 + (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 0#5) x1 s0))) : + s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s0) := by + exact + ((Expr.eq_true_of_denote { state := [s0, s1], + gpr := [x0, x1] } + -- e1 + { prev_state := 0, curr_state := 1, + writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1), w_gpr 0#5 (.var 1)] } + -- e2 + { prev_state := 0, curr_state := 1, + writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] } + (by native_decide))) + h_s1 + +-- #print example1 end ArmConstr diff --git a/Tactics/ArmConstrToExpr.lean b/Tactics/ArmConstrToExpr.lean new file mode 100644 index 00000000..8bed4c58 --- /dev/null +++ b/Tactics/ArmConstrToExpr.lean @@ -0,0 +1,347 @@ +/- +Copyright (c) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. +Released under Apache 2.0 license as described in the file LICENSE. +Author(s): Shilpi Goel +-/ + +import Tactics.ArmConstr +import Lean + +namespace ArmConstr + +open Lean Elab Tactic Expr Meta + +abbrev ArmExpr := ArmConstr.Expr +abbrev ArmStateVar := ArmConstr.StateVar +abbrev ArmUpdate := ArmConstr.Update +abbrev ArmUpdates := ArmConstr.Updates + +/-! ## Mapping Arm State Update Expressions to Lean Expressions -/ + +def ArmStateVar.toExpr (s : ArmStateVar) : Lean.Expr := + mkNatLit s + +instance : ToExpr ArmStateVar where + toExpr a := a.toExpr + toTypeExpr := mkConst ``ArmConstr.StateVar + +def ArmUpdate.toExpr (u : ArmUpdate) : Lean.Expr := + open ArmConstr.Update in + match u with + | .w_gpr i (.var v) => mkAppN (mkConst ``w_gpr) + #[(Lean.toExpr i), + (mkApp (mkConst ``GPRVal.var) (mkNatLit v))] + +instance : ToExpr ArmUpdate where + toExpr a := a.toExpr + toTypeExpr := mkConst ``ArmConstr.Update + +def ArmUpdates.toExpr (us : ArmUpdates) : Lean.Expr := + match us with + | [] => Lean.toExpr ([] : Updates) + | u :: rest => + mkAppN (mkConst ``List.cons [levelZero]) + #[mkConst ``Update, (Lean.toExpr u), (ArmUpdates.toExpr rest)] + +instance : ToExpr ArmUpdates where + toExpr a := a.toExpr + toTypeExpr := mkConst ``ArmConstr.Updates + +def ArmExpr.toExpr (e : ArmExpr) : Lean.Expr := + mkApp3 (mkConst ``ArmConstr.Expr.mk) + (ArmStateVar.toExpr e.curr_state) + (ArmStateVar.toExpr e.prev_state) + (ArmUpdates.toExpr e.writes) + +instance : ToExpr ArmExpr where + toExpr a := a.toExpr + toTypeExpr := mkConst ``ArmConstr.Expr + + +/- +def foo : Lean.Expr := + open ArmExpr in + ArmExpr.toExpr { curr_state := 1, prev_state := 0, writes := [.w_gpr 1#5 (.var 0)] } + +#eval foo + +elab "foo" : term => return foo + +#eval foo +-/ + +/-! ## Mapping Lean Expressions to Arm State Update Expressions -/ + +namespace ToArmExpr + +/- Borrowed from: Lean/Meta/Tactic/LinearArith/Nat/Basic.lean -/ +structure State where + -- It should be fine to use `KExprMap` here because the mapping should be + -- small and few HeadIndex collisions. + stateVarMap : KExprMap ArmStateVar := {} + stateVars : Array Lean.Expr := #[] + fldVarMap : KExprMap GPRVal := {} + fldVars : Array Lean.Expr := #[] + +abbrev M := StateRefT State MetaM + +def addAsStateVar (e : Lean.Expr) : M ArmStateVar := do + if let some x ← (← get).stateVarMap.find? e then + return x + else + let x := (← get).stateVars.size + let s ← get + set { s with stateVarMap := (← s.stateVarMap.insert e x), + stateVars := s.stateVars.push e : State } + return x + +def addAsGPRVar (e : Lean.Expr) : M GPRVal := do + if let some x ← (← get).fldVarMap.find? e then + return x + else + -- TODO: Make GPRVal also be a Nat, for convenience? + -- logInfo m!"[addAsGPRVar] e.type: {e_typ}" + -- if (←isDefEq (← inferType e) (mkApp (mkConst ``BitVec) (mkNatLit 64))) then + -- throwError "state_value IS defeq to bitvec" + let x := GPRVal.var (← get).fldVars.size + let s ← get + set { s with fldVarMap := (← s.fldVarMap.insert e x), + fldVars := s.fldVars.push e : State } + return x + +-- partial def toArmUpdates (writes : Lean.Expr) (acc : ArmUpdates) : +-- M (ArmUpdates × Lean.Expr) := do +-- match_expr writes with +-- | w fld val rest => +-- let (update : ArmUpdate) ← +-- match_expr fld with +-- | StateField.GPR i => +-- let some ⟨n, i'⟩ ← getBitVecValue? i | failure +-- let var ← addAsGPRVar val +-- logInfo m!"toArmUpdatesAndStateVar 1: FldVars: {(← get).fldVars}" +-- if h : n = 5 then +-- pure (Update.w_gpr (i'.cast h) var) +-- else failure +-- | _ => failure +-- toArmUpdates rest (update :: acc) +-- | _ => +-- -- writes is just a state var at this point. +-- return (acc, writes) +-- +-- partial def toArmStateVars (curr_state prev_state : Lean.Expr) : +-- M (ArmStateVar × ArmStateVar) := do +-- let (prev_state_var : ArmStateVar) ← addAsStateVar prev_state +-- let (curr_state_var : ArmStateVar) ← addAsStateVar curr_state +-- return (curr_state_var, prev_state_var) + +instance : ToMessageData GPRVal where + toMessageData x := + match x with + | .var i => m!"(var {i})" + +instance : ToMessageData Update where + toMessageData x := match x with + | .w_gpr i v => m!"(w_gpr {i} {v})" + +instance : ToMessageData ArmExpr where + toMessageData x := m!"\{curr: {x.curr_state}; writes: {x.writes} prev: {x.prev_state}}" + +def unifyTypes (varExpr : Lean.Expr) (mvarExpr : Lean.Expr) : MetaM Unit := do + let varType ← (whnf (← inferType varExpr)) + let mvarType ← inferType mvarExpr + try + let _ := isDefEq varType mvarType + catch _ => + throwError "Types could not be unified" + +partial def toArmUpdatesAndStateVar (curr_state writes : Lean.Expr) (us : ArmUpdates) : + M (ArmStateVar × ArmUpdates × ArmStateVar) := do + match_expr writes with + | w fld val rest => + let (update : ArmUpdate) ← + match_expr fld with + | StateField.GPR i => + let some ⟨n, i'⟩ ← getBitVecValue? i | failure + -- let orig_val_type ← inferType val + -- let val_type ← (whnf (← inferType val)) + -- let mvar ← mkFreshExprMVar none + -- mvar.mvarId!.assign val_type + -- -- unifyTypes val mvar + -- logInfo m!"mvar: {mvar}" + -- -- have h_proof : ∀ i, state_value (.GPR i) = BitVec 64 := by + -- -- simp only [implies_true] + -- -- let val ← mkAppM ``cast #[h_proof, mvar] + -- -- let val ← mkAppM ``cast #[← mkEqRefl orig_val_type, mvar] + -- let val := mkApp4 (.const ``cast [1]) orig_val_type val_type (← mkEqRefl val_type) val + -- logInfo m!"val: {val}" + let var ← addAsGPRVar val + logInfo m!"toArmUpdatesAndStateVar 1: var: {var} val: {val}" + logInfo m!"toArmUpdatesAndStateVar 1: FldVars: {(← get).fldVars}" + if h : n = 5 then + pure (Update.w_gpr (i'.cast h) var) + else failure + | _ => failure + logInfo m!"toArmUpdatesAndStateVar: Update: {update}" + toArmUpdatesAndStateVar curr_state rest (us ++ [update]) + | _ => + -- writes is just a state var at this point. + let (prev_state_var : ArmStateVar) ← addAsStateVar writes + let (curr_state_var : ArmStateVar) ← addAsStateVar curr_state + -- logInfo m!"toArmUpdatesAndStateVar: Curr_State_Var: {curr_state_var}" + -- logInfo m!"toArmUpdatesAndStateVar: Prev_State_var: {prev_state_var}" + -- logInfo m!"toArmUpdatesAndStateVar: FldVars: {(← get).fldVars}" + logInfo m!"toArmUpdatesAndStateVar: Writes: {us}" + return (curr_state_var, us, prev_state_var) + +partial def toArmExpr? (e : Lean.Expr) : M (Option ArmExpr) := do + match_expr e with + | Eq α s writes => + let_expr ArmState ← α | failure + let (curr_state, writes, prev_state) ← toArmUpdatesAndStateVar s writes [] + -- let (writes, prev_state_expr) ← toArmUpdates writes [] + -- logInfo m!"toArmExpr?: FldVars: {(← get).fldVars}" + -- let (curr_state, prev_state) ← toArmStateVars s prev_state_expr + logInfo m!"toArmExpr?: Current State ArmStateVar: {curr_state}" + logInfo m!"toArmExpr?: Previous State ArmStateVar: {prev_state}" + logInfo m!"toArmExpr?: StateVars: {(← get).stateVars}" + logInfo m!"toArmExpr?: FldVars: {(← get).fldVars}" + return some { curr_state, writes, prev_state } + | _ => failure + +def run (x : M α) : MetaM (α × Array Lean.Expr × Array Lean.Expr) := do + let (a, s) ← x.run {} + return (a, s.stateVars, s.fldVars) + +end ToArmExpr + +def toContextExpr (state_ctx : Array Lean.Expr) (gpr_ctx : Array Lean.Expr) : + MetaM Lean.Expr := do + let state_ctx ← mkListLit (mkConst ``ArmState) state_ctx.toList + let gpr_ctx ← (mkListLit (← mkAppM ``BitVec #[mkNatLit 64]) gpr_ctx.toList) + let ans := (mkApp2 (mkConst ``ArmConstr.Context.mk) state_ctx gpr_ctx) + logInfo m!"toContextExpr: {ans}" + return ans + +abbrev mkAuxDecl := Lean.Elab.Tactic.BVDecide.Frontend.mkAuxDecl + +def ArmExprPruned? (refl_proof_name : Name) (e : Lean.Expr) : MetaM (Option (Lean.Expr × Lean.Expr)) := do + let (some arm_expr, state_ctx, gpr_ctx) ← + ToArmExpr.run (ToArmExpr.toArmExpr? e) | return none + logInfo m!"arm_expr: {arm_expr}" + logInfo m!"state_ctx: {state_ctx}" + logInfo m!"gpr_ctx: {gpr_ctx}" + let arm_expr_pruned := arm_expr.prune + + let auxValue := mkApp2 (mkConst ``ArmConstr.Expr.isPruned) + (toExpr arm_expr) (toExpr arm_expr_pruned) + logInfo m!"auxValue: {auxValue}" + -- TODO: Use Lean.Elab.Term.mkAuxName for refl_name. + -- let refl_name := `_armexpr_reflection_def + mkAuxDecl refl_proof_name auxValue (mkConst ``Bool) + + let refl_proof := + mkApp3 + (mkConst ``Lean.ofReduceBool) + (mkConst refl_proof_name) + (toExpr true) + (← mkEqRefl (toExpr true)) + + logInfo m!"poised to check refl_proof" + check refl_proof + logInfo m!"checked refl_proof" + -- logInfo m!"poised to check native_decide proof" + -- let native_decide_proof := (mkApp (mkConst ``of_decide_eq_true) refl_proof) + -- logInfo m!"checked native_decide proof" + + let ctx_expr ← toContextExpr state_ctx gpr_ctx + logInfo m!"poised to check ctx_expr {ctx_expr}" + check ctx_expr + logInfo m!"checked ctx_expr" + + let p := mkAppN (mkConst ``ArmConstr.Expr.eq_true_of_denote) + #[ctx_expr, + (toExpr arm_expr), + (toExpr arm_expr_pruned), + -- mkApp2 (mkConst ``Eq.refl [levelOne]) (mkConst ``Bool) (mkConst ``Bool.true) + refl_proof] + logInfo m!"Proof: {p}" + check p + logInfo m!"checked proof {p}" + return some (mkConst ``True, p) + +def ReflectionProofName : Lean.Elab.TermElabM Name := do + Lean.Elab.Term.mkAuxName `_armexpr_reflection_def + +open Lean.Elab.Tactic + +elab "prune_updates" h_state_eq:term : tactic => withMainContext do + logInfo m!"This is h_state_eq: {h_state_eq}" + let h_state_eq_expr ← elabTerm h_state_eq none + let hStateEq ← inferType h_state_eq_expr + logInfo m!"This is hStateEq {hStateEq}" + let refl_proof_name ← ReflectionProofName + let some (_, e) ← ArmExprPruned? refl_proof_name hStateEq | return + -- logInfo m!"This is after pruning e: {e}" + logInfo m!"This is after pruning proof:\n {e}" + let goal ← Lean.Elab.Tactic.getMainGoal + let target ← goal.getType + let type ← inferType e + logInfo m!"Target {target}" + logInfo m!"E {e}" + logInfo m!"About to check E" + check e + logInfo m!"Checked E" + let e_ctor := e.ctorName + logInfo m!"e_ctor: {e_ctor}" + -- If `type` has the form `∀ (x₁ : T₁) ... (xₙ : Tₙ), U`, introduce new + -- metavariables for the `xᵢ` and obtain the conclusion `U`. (If `proof_type` does + -- not have this form, `args` is empty and `conclusion = type`.) + let (args, _, conclusion) ← forallMetaTelescopeReducing type + logInfo m!"args: {args} conclusion: {conclusion}" + if ← isDefEq target conclusion then + -- Assign the goal to `e x₁ ... xₙ`, where the `xᵢ` are the fresh + -- metavariables in `args`. + logInfo m!"goal_type and conclusion are defEq!" + if ← isDefEq args[0]! h_state_eq_expr then + logInfo m!"args[0] and h_state_eq_expr are defEq!" + let new_goal_term := mkAppN e args + -- let new_goal_term := goal_type + logInfo m!"new_goal_term: {new_goal_term}" + -- logInfo m!"new_goal_term.mvarId!.isAssigned: {← new_goal_term.mvarId!.isAssigned}" + -- logInfo m!"args[0]!.mvarId!.isAssigned: {← args[0]!.mvarId!.isAssigned}" + goal.assign new_goal_term + -- `isDefEq` may have assigned some of the `args`. Report the rest as new + -- goals. + let newGoals ← args.filterMapM λ mvar => do + let mvarId := mvar.mvarId! + if ! (← mvarId.isAssigned) && ! (← mvarId.isDelayedAssigned) then + return some mvarId + else + return none + logInfo m!"newGoals: {newGoals.toList}" + setGoals newGoals.toList + -- If the conclusion does not unify with the target, throw an error. + else + throwTacticEx `prune_updates goal m!"{e} is not applicable to goal with target {target}" + +namespace ArmConstr + +#time +open Expr Update in +theorem example2 + (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 0#5) x1 s0))) : + s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s0) := by + prune_updates h_s1 + done +-- +#print example2 + +#time +open Expr Update in +theorem example4 + (h_s1 : s1 = w (.GPR 1#5) (x100 + x100') (w (.GPR 0#5) x500 (w (.GPR 8#5) x1 s0))) : + s1 = w (.GPR 0#5) x500 (w (.GPR 1#5) (x100 + x100') (w (.GPR 8#5) x1 s0)) := by + prune_updates h_s1 + done + +#print example4 From 156c71277de6feb5acef6978e78f32a2d41d062f Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Thu, 7 Nov 2024 22:22:49 -0600 Subject: [PATCH 16/20] Finished reference implementation of prune_updates --- Proofs/AES-GCM/GCMGmultV8Sym.lean | 149 +++--- Proofs/Bit_twiddling.lean | 2 +- Proofs/Experiments/MemoryAliasing.lean | 4 +- Proofs/Experiments/SHA512MemoryAliasing.lean | 2 +- Proofs/SHA512/SHA512.lean | 2 +- Proofs/SHA512/SHA512BlockSym.lean | 106 ++++- Proofs/SHA512/SHA512LoopBlocks.lean | 69 +++ Proofs/SHA512/SHA512_block_armv8_rules.lean | 64 +++ Tactics/ArmConstrToExpr.lean | 347 -------------- Tactics/Attr.lean | 16 + Tactics/BvOmegaBench.lean | 4 +- Tactics/PruneUpdates.lean | 449 ++++++++++++++++++ ...{ArmConstr.lean => PruneUpdatesLogic.lean} | 317 ++++++++++--- Tactics/Sym.lean | 5 + Tests/SHA2/SHA512ProgramTest.lean | 7 + 15 files changed, 1064 insertions(+), 479 deletions(-) delete mode 100644 Tactics/ArmConstrToExpr.lean create mode 100644 Tactics/PruneUpdates.lean rename Tactics/{ArmConstr.lean => PruneUpdatesLogic.lean} (55%) diff --git a/Proofs/AES-GCM/GCMGmultV8Sym.lean b/Proofs/AES-GCM/GCMGmultV8Sym.lean index a6f5dcf5..3ffab0d7 100644 --- a/Proofs/AES-GCM/GCMGmultV8Sym.lean +++ b/Proofs/AES-GCM/GCMGmultV8Sym.lean @@ -134,31 +134,80 @@ multiplication into four constituent ones, for normalization. example : let p := 0b11#2 let q := 0b10#2 - let w := 0b01#2 - let z := 0b01#2 + let x := 0b01#2 + let y := 0b01#2 (DPSFP.polynomial_mult (p ++ q) - (w ++ z)) + (x ++ y)) = - ((DPSFP.polynomial_mult p w) ++ 0#4) ^^^ - (0#4 ++ (DPSFP.polynomial_mult q z)) ^^^ - (0#2 ++ (DPSFP.polynomial_mult p z) ++ 0#2) ^^^ - (0#2 ++ (DPSFP.polynomial_mult q w) ++ 0#2) := by native_decide + ((DPSFP.polynomial_mult p x) ++ 0#4) ^^^ + (0#4 ++ (DPSFP.polynomial_mult q y)) ^^^ + (0#2 ++ (DPSFP.polynomial_mult p y) ++ 0#2) ^^^ + (0#2 ++ (DPSFP.polynomial_mult q x) ++ 0#2) := by native_decide +def pmult_test_1 : IO Bool := do + let p ← BitVec.rand 64 + let q ← BitVec.rand 64 + let x ← BitVec.rand 64 + let y ← BitVec.rand 64 + pure + (DPSFP.polynomial_mult (p ++ q) (x ++ y) == + ((DPSFP.polynomial_mult p x) ++ 0#128) ^^^ + (0#128 ++ (DPSFP.polynomial_mult q y)) ^^^ + (0#64 ++ (DPSFP.polynomial_mult p y) ++ 0#64) ^^^ + (0#64 ++ (DPSFP.polynomial_mult q x) ++ 0#64)) +/-- +info: true +-/ +#guard_msgs in +#eval pmult_test_1 + +theorem DPSFP.polynomial_mult_append {p q x y : BitVec 64} : + DPSFP.polynomial_mult (p ++ q) (x ++ y) = + ((DPSFP.polynomial_mult p x) ++ 0#128) ^^^ + (0#128 ++ (DPSFP.polynomial_mult q y)) ^^^ + (0#64 ++ (DPSFP.polynomial_mult p y) ++ 0#64) ^^^ + (0#64 ++ (DPSFP.polynomial_mult q x) ++ 0#64) := by + sorry + +/- +Source: Function `GCMInitV8` in `Specs/GCMV8.lean`: +Note that `H0` is the 128-bit HTable input to `gcm_gmult_v8`. + +let H2 := GCMV8.gcm_polyval H0 H0 +let H1 := ((hi H2) ^^^ (lo H2)) ++ ((hi H0) ^^^ (lo H0)) +-/ + +set_option maxRecDepth 8000 in +set_option maxHeartbeats 500000 in set_option pp.deepTerms false in set_option pp.deepTerms.threshold 50 in -- set_option trace.simp_mem.info true in #time theorem gcm_gmult_v8_program_run_27 (s0 sf : ArmState) + {H1_hi H1_lo H0_hi H0_lo : BitVec 64} (h_s0_program : s0.program = gcm_gmult_v8_program) (h_s0_err : read_err s0 = .None) (h_s0_pc : read_pc s0 = gcm_gmult_v8_program.min) (h_s0_sp_aligned : CheckSPAlignment s0) (h_Xi : Xi = s0[read_gpr 64 0#5 s0, 16]) - (h_HTable : HTable = s0[read_gpr 64 1#5 s0, 32]) + (h_HTable_lo : H0_hi ++ H0_lo = s0[read_gpr 64 1#5 s0, 16]) + (h_HTable_hi : H1_hi ++ H1_lo = s0[read_gpr 64 1#5 s0 + 16#64, 16]) + -- (h_HTable : HTable = s0[read_gpr 64 1#5 s0, 32]) + -- (h_HTable_alt : HTable = H1_hi ++ H1_lo ++ H0_hi ++ H0_lo) + (h_H1_low_64 : H1_lo = H0_hi ^^^ H0_lo) + -- (h_H1 : HTable.extractLsb' 128 128 = + -- let H0 := HTable.extractLsb' 0 128 + -- let H2 := GCMV8.gcm_polyval H0 H0 + -- let H0_hi := H0.extractLsb' 64 64 + -- let H0_lo := H0.extractLsb' 0 64 + -- let H2_hi := H2.extractLsb' 64 64 + -- let H2_lo := H2.extractLsb' 0 64 + -- ((H2_hi) ^^^ (H2_lo)) ++ ((H0_hi) ^^^ (H0_lo))) (h_mem_sep : Memory.Region.pairwiseSeparate [(read_gpr 64 0#5 s0, 16), - (read_gpr 64 1#5 s0, 32)]) + (read_gpr 64 1#5 s0, 16), + (read_gpr 64 1#5 s0 + 16#64, 16)]) (h_run : sf = run gcm_gmult_v8_program.length s0) : -- The final state is error-free. read_err sf = .None ∧ @@ -168,11 +217,6 @@ set_option pp.deepTerms.threshold 50 in CheckSPAlignment sf ∧ -- The final state returns to the address in register `x30` in `s0`. read_pc sf = r (StateField.GPR 30#5) s0 ∧ - -- (TODO) Delete the following conjunct because it is covered by the - -- MEM_UNCHANGED_EXCEPT frame condition. We keep it around because it - -- exposes the issue with `simp_mem` that @bollu will fix. - -- HTable is unmodified. - sf[read_gpr 64 1#5 s0, 32] = HTable ∧ -- Frame conditions. -- Note that the following also covers that the Xi address in .GPR 0 -- is unmodified. @@ -185,24 +229,24 @@ set_option pp.deepTerms.threshold 50 in sf[r (.GPR 0) s0, 16] = rev_elems 128 8 (GCMV8.GCMGmultV8_alt - (HTable.extractLsb' 0 128) + (H0_hi ++ H0_lo) (rev_elems 128 8 Xi (by decide) (by decide))) (by decide) (by decide) := by -- Prelude simp_all only [state_simp_rules, -h_run] - simp only [Nat.reduceMul] at Xi HTable + -- simp only [Nat.reduceMul] at Xi HTable + simp only [Nat.reduceMul] at Xi simp (config := {ground := true}) only at h_s0_pc -- ^^ Still needed, because `gcm_gmult_v8_program.min` is somehow -- unable to be reflected - sym_n 27 -- Epilogue - simp only [←Memory.mem_eq_iff_read_mem_bytes_eq] at * + -- simp only [←Memory.mem_eq_iff_read_mem_bytes_eq] at * simp only [memory_rules] at * sym_aggregate -- Split conjunction repeat' apply And.intro - · simp_mem; rfl + -- · simp_mem; rfl · simp only [List.mem_cons, List.mem_singleton, not_or, and_imp] at * sym_aggregate · intro n addr h_separate @@ -211,27 +255,9 @@ set_option pp.deepTerms.threshold 50 in simp_mem sep with [h_separate] · clear_named [h_s, stepi_] clear s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 s12 s13 s14 s15 s16 s17 s18 s19 s20 s21 s22 s23 s24 s25 s26 + -- Simplifying the LHS - have h_HTable_low : - Memory.read_bytes 16 (r (StateField.GPR 1#5) s0) s0.mem = HTable.extractLsb' 0 128 := by - -- (FIXME @bollu) use `simp_mem` instead of the rw below. - -- conv => - -- lhs - -- simp_mem sub r - rw [@Memory.read_bytes_eq_extractLsBytes_sub_of_mem_subset' - 32 (r (StateField.GPR 1#5) s0) HTable (r (StateField.GPR 1#5) s0) 16 _ h_HTable.symm] - · simp only [Nat.reduceMul, BitVec.extractLsBytes, Nat.sub_self, Nat.zero_mul] - · mem_omega! - have h_HTable_high : - (Memory.read_bytes 16 (r (StateField.GPR 1#5) s0 + 16#64) s0.mem) = HTable.extractLsb' 128 128 := by - -- (FIXME @bollu) use `simp_mem` instead of the rw below. - -- conv => - -- lhs - -- simp_mem sub r - rw [@Memory.read_bytes_eq_extractLsBytes_sub_of_mem_subset' - 32 (r (StateField.GPR 1#5) s0) HTable (r (StateField.GPR 1#5) s0 + 16#64) 16 _ h_HTable.symm] - repeat sorry - simp only [h_HTable_high, h_HTable_low, ←h_Xi] + simp only [←h_Xi] clear h_mem_sep h_run /- simp/ground below to reduce @@ -251,11 +277,12 @@ set_option pp.deepTerms.threshold 50 in rw [@vrev128_64_8_in_terms_of_rev_elems (by decide) (by decide) (by decide) (by decide)] at h_Xi_rev generalize h_Xi_upper_rev : rev_elems 64 8 (BitVec.extractLsb' 64 64 Xi) (by decide) (by decide) = Xi_upper_rev generalize h_Xi_lower_rev : rev_elems 64 8 (BitVec.extractLsb' 0 64 Xi) (by decide) (by decide) = Xi_lower_rev - -- Simplifying the RHS + simp only [GCMV8.GCMGmultV8_alt, GCMV8.lo, GCMV8.hi, GCMV8.gcm_polyval, - ←h_HTable, ←h_Xi_rev, h_Xi_lower_rev, h_Xi_upper_rev] + ←h_HTable_lo, ←h_HTable_hi, + ←h_Xi_rev, h_Xi_lower_rev, h_Xi_upper_rev] simp only [pmull_op_e_0_eize_64_elements_1_size_128_eq, gcm_polyval_mul_eq_polynomial_mult] simp only [zeroExtend_allOnes_lsh_64, zeroExtend_allOnes_lsh_0] rw [BitVec.extractLsb'_64_128_of_appends] @@ -265,20 +292,7 @@ set_option pp.deepTerms.threshold 50 in repeat rw [BitVec.extractLsb'_zero_extractLsb'_of_le (by decide)] repeat rw [BitVec.extractLsb'_extractLsb'_zero_of_le (by decide)] rw [BitVec.and_high_to_extractLsb'_concat] - generalize h_HTable_upper : (BitVec.extractLsb' 64 64 HTable) = HTable_upper - generalize h_HTable_lower : (BitVec.extractLsb' 0 64 HTable) = HTable_lower - generalize h_term_u0u1 : (DPSFP.polynomial_mult HTable_upper Xi_upper_rev) = u0u1 at * - generalize h_term_l0l1 : (DPSFP.polynomial_mult HTable_lower Xi_lower_rev) = l0l1 at * - generalize h_term_1 : (DPSFP.polynomial_mult (BitVec.extractLsb' 128 64 HTable) (Xi_lower_rev ^^^ Xi_upper_rev) ^^^ - BitVec.extractLsb' 64 128 (l0l1 ++ u0u1) ^^^ - (u0u1 ^^^ l0l1)) = term_1 - generalize h_term_2 : ((term_1 &&& 0xffffffffffffffff#128 ||| BitVec.zeroExtend 128 (BitVec.setWidth 64 u0u1) <<< 64) ^^^ - DPSFP.polynomial_mult (BitVec.extractLsb' 0 64 u0u1) 0xc200000000000000#64) - = term_2 - generalize h_term_3 : (BitVec.extractLsb' 64 128 (term_2 ++ term_2) ^^^ - (BitVec.extractLsb' 64 64 l0l1 ++ 0x0#64 ||| - BitVec.zeroExtend 128 (BitVec.extractLsb' 64 64 term_1) <<< 0)) - = term_3 + rw [@vrev128_64_8_in_terms_of_rev_elems (by decide) (by decide) (by decide) (by decide)] rw [BitVec.extractLsb'_64_128_of_appends] rw [@rev_elems_64_8_append_eq_rev_elems_128_8 _ _ (by decide) (by decide) (by decide) (by decide)] @@ -286,11 +300,28 @@ set_option pp.deepTerms.threshold 50 in rw [@rev_elems_128_8_eq_rev_elems_64_8_extractLsb' _ (by decide) (by decide) (by decide) (by decide) (by decide)] rw [h_Xi_upper_rev, h_Xi_lower_rev] rw [BitVec.extractLsb'_append_eq] - simp [GCMV8.gcm_polyval_red] - -- have h_reduce : (GCMV8.reduce 0x100000000000000000000000000000087#129 0x1#129) = 1#129 := by native_decide - -- simp [GCMV8.gcm_polyval_red, GCMV8.irrepoly, GCMV8.pmod, h_reduce] - -- repeat (unfold GCMV8.pmod.pmodTR; simp) + simp only [BitVec.truncate_eq_setWidth, Nat.reduceAdd, BitVec.shiftLeft_zero_eq] + simp [DPSFP.polynomial_mult_append] + simp [GCMV8.gcm_polyval_red, GCMV8.irrepoly] + + generalize h_term_1 : DPSFP.polynomial_mult H0_lo Xi_lower_rev = term1 + generalize h_term_2 : DPSFP.polynomial_mult H0_hi Xi_upper_rev = term2 + + -- (TODO) Can we remove `reverse` from `pmod` in the RHS? + + -- have h_reduce : (GCMV8.reduce 0x100000000000000000000000000000087#129 0x1#129) = 1#129 := by native_decide + -- + -- simp only [GCMV8.gcm_polyval_red, GCMV8.irrepoly, + -- GCMV8.pmod, GCMV8.pmod.pmodTR, + -- GCMV8.reduce, GCMV8.degree, GCMV8.degree.degreeTR] + -- simp only [Nat.reduceAdd, BitVec.ushiftRight_eq, BitVec.reduceExtracLsb', + -- BitVec.reduceHShiftLeft, BitVec.reduceAppend, BitVec.reduceHShiftRight, BitVec.ofNat_eq_ofNat, + -- BitVec.reduceEq, ↓reduceIte, Nat.sub_self, BitVec.ushiftRight_zero_eq, BitVec.reduceAnd, + -- BitVec.toNat_ofNat, Nat.pow_one, Nat.reduceMod, Nat.mul_zero, Nat.add_zero, Nat.zero_mod, + -- Nat.zero_add, Nat.sub_zero, Nat.mul_one, Nat.zero_mul, Nat.one_mul, Nat.reduceSub, + -- BitVec.and_self, BitVec.zero_and, BitVec.reduceMul, BitVec.xor_zero, BitVec.mul_one, + -- BitVec.zero_xor, Nat.add_one_sub_one, BitVec.one_mul, BitVec.reduceXOr] sorry done diff --git a/Proofs/Bit_twiddling.lean b/Proofs/Bit_twiddling.lean index 9cd0d829..3aa0bc8d 100644 --- a/Proofs/Bit_twiddling.lean +++ b/Proofs/Bit_twiddling.lean @@ -149,6 +149,7 @@ theorem power_of_two (x : BitVec 32) (i : BitVec 5) -- ============================================================ +set_option sat.solver "cadical" in /-- 6. Conditionally set or clear bits without branching (https://graphics.stanford.edu/~seander/bithacks.html#ConditionalSetOrClearBitsWithoutBranching) @@ -159,7 +160,6 @@ unsigned int w; // the word to modify: if (f) w |= m; else w &= ~m; w ^= (-f ^ w) & m; -/ - theorem set_clear_no_branch (x : BitVec 32) (f : Bool) (mask : BitVec 32) : (if f then (x ||| mask) else (x &&& ~~~mask)) = (x ^^^ (((-(BitVec.zeroExtend 32 (BitVec.ofBool f))) ^^^ x) &&& mask)) := by diff --git a/Proofs/Experiments/MemoryAliasing.lean b/Proofs/Experiments/MemoryAliasing.lean index 002dde0d..c3fb9c48 100644 --- a/Proofs/Experiments/MemoryAliasing.lean +++ b/Proofs/Experiments/MemoryAliasing.lean @@ -10,6 +10,8 @@ import Arm.Memory.MemoryProofs import Arm.BitVec import Arm.Memory.SeparateAutomation + + -- set_option trace.simp_mem true -- set_option trace.simp_mem.info true -- set_option trace.Meta.Tactic.simp true @@ -170,7 +172,7 @@ set_option linter.all false in mem_omega set_option linter.all false in -set_option trace.simp_mem.info true in +-- set_option trace.simp_mem.info true in #time theorem mem_separate_11 (h : mem_separate' a 100 b 100) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) (h' : a < b + 1) diff --git a/Proofs/Experiments/SHA512MemoryAliasing.lean b/Proofs/Experiments/SHA512MemoryAliasing.lean index 12841f3a..7d6e6998 100644 --- a/Proofs/Experiments/SHA512MemoryAliasing.lean +++ b/Proofs/Experiments/SHA512MemoryAliasing.lean @@ -125,7 +125,7 @@ work for `16#64 + ktbl_addr`? #time theorem sha512_block_armv8_loop_sym_ktbl_access (s1 : ArmState) (_h_s1_err : read_err s1 = StateError.None) (_h_s1_sp_aligned : CheckSPAlignment s1) - (h_s1_pc : read_pc s1 = 0x126500#64) + (_h_s1_pc : read_pc s1 = 0x126500#64) (_h_s1_program : s1.program = sha512_program) (h_s1_num_blocks : num_blocks s1 = 1) (_h_s1_x3 : r (StateField.GPR 3#5) s1 = ktbl_addr) diff --git a/Proofs/SHA512/SHA512.lean b/Proofs/SHA512/SHA512.lean index 699bc9b9..202f9d24 100644 --- a/Proofs/SHA512/SHA512.lean +++ b/Proofs/SHA512/SHA512.lean @@ -5,4 +5,4 @@ Author(s): Shilpi Goel -/ import Proofs.SHA512.SHA512_block_armv8_rules import Proofs.SHA512.SHA512Sym -import Proofs.SHA512.SHA512BlockSym +-- import Proofs.SHA512.SHA512BlockSym diff --git a/Proofs/SHA512/SHA512BlockSym.lean b/Proofs/SHA512/SHA512BlockSym.lean index 90c190e5..f92347c5 100644 --- a/Proofs/SHA512/SHA512BlockSym.lean +++ b/Proofs/SHA512/SHA512BlockSym.lean @@ -4,22 +4,118 @@ Released under Apache 2.0 license as described in the file LICENSE. Author(s): Shilpi Goel -/ import Proofs.SHA512.SHA512LoopBlocks +-- import Proofs.SHA512.SHA512LoopBlocks2 import Tactics.SymBlock +import Tactics.ClearNamed open BitVec namespace SHA512 +#eval SHA2.k_512.length #time --- set_option trace.Tactic.sym.info true in --- set_option trace.Tactic.sym true in +set_option trace.Tactic.sym.info true in +set_option trace.Tactic.sym true in set_option pp.maxSteps 100 in theorem sha512_loop_sym {s0 sf : ArmState} + { a b c d e f g h + i0 i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 + k0 k1 + : BitVec 64 } (h_program : s0.program = program) (h_pc : r StateField.PC s0 = 0x126500#64) (h_err : r StateField.ERR s0 = StateError.None) + (h_N : N = 1#64) + (h_precondition : SHA512.prelude 0x126500#64 N SP CtxBase InputBase s0) + (h_q0 : r (.SFP 0#5) s0 = b ++ a) + (h_q1 : r (.SFP 1#5) s0 = d ++ c) + (h_q2 : r (.SFP 2#5) s0 = f ++ e) + (h_q3 : r (.SFP 3#5) s0 = h ++ g) + (h_q16 : r (.SFP 16#5) s0 = i1 ++ i0) + (h_q17 : r (.SFP 17#5) s0 = i3 ++ i2) + (h_q18 : r (.SFP 18#5) s0 = i5 ++ i4) + (h_q19 : r (.SFP 19#5) s0 = i7 ++ i6) + (h_q20 : r (.SFP 20#5) s0 = i9 ++ i8) + (h_q21 : r (.SFP 21#5) s0 = i11 ++ i10) + (h_q22 : r (.SFP 22#5) s0 = i13 ++ i12) + (h_q23 : r (.SFP 23#5) s0 = i15 ++ i14) + +-- (h_ktbl0 : s0[r (.GPR 3#5) s0, 16] = k1 ++ k0) +-- (h_ktbl1 : s0[r (.GPR 3#5) s0 + 16, 16] = k3 ++ k2) +-- (h_ktbl2 : s0[r (.GPR 3#5) s0 + 16*2, 16] = k5 ++ k4) +-- (h_ktbl3 : s0[r (.GPR 3#5) s0 + 16*3, 16] = k7 ++ k6) +-- +-- (h_ktbl4 : s0[r (.GPR 3#5) s0 + 16*4, 16] = k9 ++ k8) +-- (h_ktbl5 : s0[r (.GPR 3#5) s0 + 16*5, 16] = k11 ++ k10) +-- (h_ktbl6 : s0[r (.GPR 3#5) s0 + 16*6, 16] = k13 ++ k12) +-- (h_ktbl7 : s0[r (.GPR 3#5) s0 + 16*7, 16] = k15 ++ k14) +-- +-- (h_ktbl8 : s0[r (.GPR 3#5) s0 + 16*8, 16] = k17 ++ k16) +-- (h_ktbl9 : s0[r (.GPR 3#5) s0 + 16*9, 16] = k19 ++ k18) +-- (h_ktbl10 : s0[r (.GPR 3#5) s0 + 16*10, 16] = k21 ++ k20) +-- (h_ktbl11 : s0[r (.GPR 3#5) s0 + 16*11, 16] = k23 ++ k22) +-- +-- (h_ktbl12 : s0[r (.GPR 3#5) s0 + 16*12, 16] = k25 ++ k24) +-- (h_ktbl13 : s0[r (.GPR 3#5) s0 + 16*13, 16] = k27 ++ k26) +-- (h_ktbl14 : s0[r (.GPR 3#5) s0 + 16*14, 16] = k29 ++ k28) +-- (h_ktbl15 : s0[r (.GPR 3#5) s0 + 16*15, 16] = k31 ++ k30) +-- +-- (h_ktbl16 : s0[r (.GPR 3#5) s0 + 16*16, 16] = k33 ++ k32) +-- (h_ktbl17 : s0[r (.GPR 3#5) s0 + 16*17, 16] = k35 ++ k34) +-- (h_ktbl18 : s0[r (.GPR 3#5) s0 + 16*18, 16] = k37 ++ k36) +-- (h_ktbl19 : s0[r (.GPR 3#5) s0 + 16*19, 16] = k39 ++ k38) +-- +-- (h_ktbl20 : s0[r (.GPR 3#5) s0 + 16*20, 16] = k41 ++ k40) +-- (h_ktbl21 : s0[r (.GPR 3#5) s0 + 16*21, 16] = k43 ++ k42) +-- (h_ktbl22 : s0[r (.GPR 3#5) s0 + 16*22, 16] = k45 ++ k44) +-- (h_ktbl23 : s0[r (.GPR 3#5) s0 + 16*23, 16] = k47 ++ k46) +-- +-- (h_ktbl24 : s0[r (.GPR 3#5) s0 + 16*24, 16] = k49 ++ k48) +-- (h_ktbl25 : s0[r (.GPR 3#5) s0 + 16*25, 16] = k51 ++ k50) +-- (h_ktbl26 : s0[r (.GPR 3#5) s0 + 16*26, 16] = k53 ++ k52) +-- (h_ktbl27 : s0[r (.GPR 3#5) s0 + 16*27, 16] = k55 ++ k54) +-- +-- (h_ktbl28 : s0[r (.GPR 3#5) s0 + 16*28, 16] = k57 ++ k56) +-- (h_ktbl29 : s0[r (.GPR 3#5) s0 + 16*29, 16] = k59 ++ k58) +-- (h_ktbl30 : s0[r (.GPR 3#5) s0 + 16*30, 16] = k61 ++ k60) +-- (h_ktbl31 : s0[r (.GPR 3#5) s0 + 16*31, 16] = k63 ++ k62) +-- +-- (h_ktbl32 : s0[r (.GPR 3#5) s0 + 16*32, 16] = k65 ++ k64) +-- (h_ktbl33 : s0[r (.GPR 3#5) s0 + 16*33, 16] = k67 ++ k66) +-- (h_ktbl34 : s0[r (.GPR 3#5) s0 + 16*34, 16] = k69 ++ k68) +-- (h_ktbl35 : s0[r (.GPR 3#5) s0 + 16*35, 16] = k71 ++ k70) +-- +-- (h_ktbl36 : s0[r (.GPR 3#5) s0 + 16*36, 16] = k73 ++ k72) +-- (h_ktbl37 : s0[r (.GPR 3#5) s0 + 16*37, 16] = k75 ++ k74) +-- (h_ktbl38 : s0[r (.GPR 3#5) s0 + 16*38, 16] = k77 ++ k76) +-- (h_ktbl39 : s0[r (.GPR 3#5) s0 + 16*39, 16] = k79 ++ k78) + (h_run : sf = run 485 s0) : - r .ERR sf = .None ∧ - r .PC sf = (if ¬r (StateField.GPR 0x2#5) s0 - 0x1#64 = 0x0#64 then 0x126500#64 else 0x126c94#64) := by + r .ERR sf = .None + /- + More generally: + r .PC sf = (if ¬r (StateField.GPR 0x2#5) s0 - 0x1#64 = 0x0#64 + then 0x126500#64 + else 0x126c94#64) + -/ + -- ∧ r .PC sf = 0x126c94#64 +-- ∧ r (.SFP 1) sf = q1 + -- ∧ (r (.SFP 3) sf ++ r (.SFP 2) sf ++ r (.SFP 1) sf ++ r (.SFP 0) sf) = final_hash + := by + -- Symbolic Simulation sym_block 485 (block_size := 20) -- ceiling|485/20| blocks - done + -- clear_named [h_s, blocki_] + -- Reasoning + -- subst h_N + -- obtain ⟨_h_si_program, _h_si_pc, _h_si_err, _h_si_sp_aligned, + -- _h_si_sp, h_si_num_blocks, _h_si_ctx_base, + -- _h_si_input_base, _h_si_ktbl_base, + -- _h_si_ctx, _h_si_ktbl, _h_si_separate, + -- _h_si_q0, _h_si_q1, _h_si_q2, _h_si_q3, + -- _h_si_16, _h_si_17, _h_si_18, _h_si_19, + -- _h_si_20, _h_si_21, _h_si_22, _h_si_23⟩ := h_precondition + -- simp only [num_blocks] at h_si_num_blocks + -- simp [h_s485_err] + -- -- simp (config := { ground := true }) only [h_si_num_blocks, minimal_theory] + -- -- done + -- done diff --git a/Proofs/SHA512/SHA512LoopBlocks.lean b/Proofs/SHA512/SHA512LoopBlocks.lean index 2f3fcc32..5d99da84 100644 --- a/Proofs/SHA512/SHA512LoopBlocks.lean +++ b/Proofs/SHA512/SHA512LoopBlocks.lean @@ -6,12 +6,78 @@ Author(s): Shilpi Goel import Proofs.SHA512.SHA512Prelude import Proofs.SHA512.SHA512_block_armv8_rules import Arm.Cfg.Cfg +import Tactics.PruneUpdates open BitVec namespace SHA512 -- Prove block lemmas for the Loop. +-- set_option pp.maxSteps 50000 in +-- theorem program.blocki_eq_0x126550 {s : ArmState} + -- (h_program : s.program = program) + -- (h_pc : r StateField.PC s = 0x126550#64) + -- (h_err : r StateField.ERR s = StateError.None) : + -- run 24 s = + -- xxxx + -- := by + -- generalize h_run : run 24 s = sf + -- replace h_run := h_run.symm + -- sym_n 24 + -- simp (config := {decide := true}) only + -- [h_step_23, h_step_22, h_step_21, h_step_20, + -- h_step_19, h_step_18, h_step_17, h_step_16, h_step_15, + -- h_step_14, h_step_13, h_step_12, h_step_11, h_step_10, + -- h_step_9, h_step_8, h_step_7, h_step_6, h_step_5, + -- h_step_4, h_step_3, h_step_2, h_step_1, + -- state_simp_rules, bitvec_rules, minimal_theory, + -- sha512_message_schedule_rule, sha512h2_rule, + -- sha512h_rule_1, sha512h_rule_2] + -- at h_step_24 + -- exact h_step_24 + -- done + -- sorry + +set_option trace.Tactic.prune_updates true in +theorem program.blocki_eq_0x126500_1 {s : ArmState} + (h_program : s.program = program) + (h_pc : r StateField.PC s = 0x126500#64) + (h_err : r StateField.ERR s = StateError.None) : + run 8 s = (w .PC (0x126520#64) (w (.GPR 0x01#5) (if + ¬(AddWithCarry (r (StateField.GPR 0x2#5) s) 0xfffffffffffffffe#64 0x1#1).snd.z = 0x1#1 then + r (StateField.GPR 0x1#5) s + else + r (StateField.GPR 0x1#5) s - + 0x80#64) (w (.GPR 0x02#5) (r (StateField.GPR 0x2#5) s - + 0x1#64) (w (.GPR 0x03#5) (r (StateField.GPR 0x3#5) s + + 0x10#64) (w (.GPR 0x04#5) (r (StateField.GPR 0x1#5) s - + 0x80#64) (w (.SFP 0x18#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) + s) (w (.SFP 0x1a#5) (r (StateField.SFP 0x0#5) + s) (w (.SFP 0x1b#5) (r (StateField.SFP 0x1#5) + s) (w (.SFP 0x1c#5) (r (StateField.SFP 0x2#5) + s) (w (.SFP 0x1d#5) (r (StateField.SFP 0x3#5) + s) (w (.FLAG N) ((AddWithCarry (r (StateField.GPR 0x2#5) s) 0xfffffffffffffffe#64 + 0x1#1).snd.n) (w (.FLAG Z) ((AddWithCarry (r (StateField.GPR 0x2#5) s) 0xfffffffffffffffe#64 + 0x1#1).snd.z) (w (.FLAG C) ((AddWithCarry (r (StateField.GPR 0x2#5) s) 0xfffffffffffffffe#64 + 0x1#1).snd.c) (w (.FLAG V) ((AddWithCarry (r (StateField.GPR 0x2#5) s) 0xfffffffffffffffe#64 + 0x1#1).snd.v) s)))))))))))))) + := by + generalize h_run : run 8 s = sf + replace h_run := h_run.symm + sym_n 8 + simp (config := {decide := true}) only + [h_step_7, h_step_6, h_step_5, + h_step_4, h_step_3, h_step_2, h_step_1, + state_simp_rules, bitvec_rules, minimal_theory, + sha512_message_schedule_rule, sha512h2_rule, + sha512h_rule_1, sha512h_rule_2] + at h_step_8 + -- prune_updates h_step_8 + -- exact h_step_20 + -- done + sorry + +/- -- #eval ((Cfg.create' (0x126500#64) (0x126500#64 + 20*4) SHA512.program).toOption.get!).maybe_modified_regs #time theorem program.blocki_eq_0x126500 {s : ArmState} @@ -242,6 +308,7 @@ theorem program.blocki_eq_0x126500 {s : ArmState} sha512_message_schedule_rule, sha512h2_rule, sha512h_rule_1, sha512h_rule_2] at h_step_20 + -- prune_updates h_step_20 exact h_step_20 done @@ -15596,5 +15663,7 @@ theorem program.blocki_eq_0x126c80 {s : ArmState} sha512_message_schedule_rule, sha512h2_rule, sha512h_rule_1, sha512h_rule_2] at h_step_5 + -- explode_step h_step_5 at s5 exact h_step_5 done +-/ diff --git a/Proofs/SHA512/SHA512_block_armv8_rules.lean b/Proofs/SHA512/SHA512_block_armv8_rules.lean index 377ff6a8..88e05150 100644 --- a/Proofs/SHA512/SHA512_block_armv8_rules.lean +++ b/Proofs/SHA512/SHA512_block_armv8_rules.lean @@ -45,6 +45,7 @@ theorem sha512h2_rule (a b c : BitVec 128) : simp only [sha512h2, Nat.reduceAdd, maj, sigma_big_0, ror, compression_update_t2] bv_check "lrat_files/SHA512_block_armv8_rules.lean-sha512h2_rule-43-2.lrat" + private theorem and_nop_lemma (x : BitVec 64) : (setWidth 128 x) &&& 0xffffffffffffffff#128 = (setWidth 128 x) := by bv_decide @@ -109,6 +110,69 @@ theorem sha512h_rule_1 (a b c d e : BitVec 128) : generalize (b_hi &&& a_lo ^^^ ~~~b_hi &&& a_hi) = aux1 ac_rfl +theorem binary_vector_op_aux_add_128_simp (x y result : BitVec 128) : + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add x y result = + (BitVec.extractLsb' 64 64 x + BitVec.extractLsb' 64 64 y) ++ + (BitVec.extractLsb' 0 64 x + BitVec.extractLsb' 0 64 y) := by + repeat simp [DPSFP.binary_vector_op_aux, state_simp_rules, bitvec_rules, partInstall] + bv_decide + done + +/- +DPSFP.sha512h2 (r (StateField.SFP 0x1#5) s) (r (StateField.SFP 0x0#5) s) + (DPSFP.sha512h (extractLsb' 64 128 (r (StateField.SFP 0x3#5) s ++ r (StateField.SFP 0x2#5) s)) + (extractLsb' 64 128 (r (StateField.SFP 0x2#5) s ++ r (StateField.SFP 0x1#5) s)) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) + (extractLsb' 64 128 + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (Memory.read_bytes 16 (r (StateField.GPR 0x3#5) s) s.mem) + (r (StateField.SFP 0x10#5) s) 0x0#128 ++ + DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (Memory.read_bytes 16 (r (StateField.GPR 0x3#5) s) s.mem) + (r (StateField.SFP 0x10#5) s) 0x0#128)) + 0x0#128)) +-/ + +theorem sha512h_and_sha512h2_rule_1 : + let elements := 2 + let esize := 64 + let inner_sum := (binary_vector_op_aux 0 elements esize BitVec.add c d 0#128) + let outer_sum := (binary_vector_op_aux 0 elements esize BitVec.add inner_sum e 0#128) + let a0 := extractLsb' 0 64 a + let a1 := extractLsb' 64 64 a + let b0 := extractLsb' 0 64 b + let b1 := extractLsb' 64 64 b + let c0 := extractLsb' 0 64 c + let c1 := extractLsb' 64 64 c + let d0 := extractLsb' 0 64 d + let d1 := extractLsb' 64 64 d + let e0 := extractLsb' 0 64 e + let e1 := extractLsb' 64 64 e + let x0 := extractLsb' 0 64 x + let y0 := extractLsb' 0 64 y + let y1 := extractLsb' 64 64 y + let hi64_spec_1 := compression_update_t1 b1 a0 a1 c1 d1 e1 + let hi64_spec_2 := compression_update_t2 y0 x0 y1 + let lo64_spec_1 := compression_update_t1 (b0 + hi64_spec_1) b1 a0 c0 d0 e0 + let lo64_spec_2 := compression_update_t2 (hi64_spec_2 + hi64_spec_1) y0 y1 + DPSFP.sha512h2 x y (DPSFP.sha512h a b outer_sum) = + (hi64_spec_1 + hi64_spec_2) ++ (lo64_spec_1 + lo64_spec_2) := by + simp [sha512h2_rule, sha512h_rule_1] + generalize extractLsb' 0 64 a = a0 + generalize extractLsb' 64 64 a = a1 + generalize extractLsb' 0 64 b = b0 + generalize extractLsb' 64 64 b = b1i + generalize extractLsb' 0 64 c = c0 + generalize extractLsb' 64 64 c = c1 + generalize extractLsb' 0 64 d = d0 + generalize extractLsb' 64 64 d = d1 + generalize extractLsb' 0 64 e = e0 + generalize extractLsb' 64 64 e = e1 + generalize extractLsb' 0 64 x = x0 + -- generalize extractLsb' 64 64 x = x1 + generalize extractLsb' 0 64 y = y0 + generalize extractLsb' 64 64 y = y1 + rw [BitVec.extractLsb'_append_left, BitVec.extractLsb'_append_right] + ac_rfl + -- set_option maxHeartbeats 0 in -- This lemma takes 2min with bv_decide and the generated LRAT -- file is ~120MB. As with sha512h_rule_1 above, we prefer to just simplify and diff --git a/Tactics/ArmConstrToExpr.lean b/Tactics/ArmConstrToExpr.lean deleted file mode 100644 index 8bed4c58..00000000 --- a/Tactics/ArmConstrToExpr.lean +++ /dev/null @@ -1,347 +0,0 @@ -/- -Copyright (c) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. -Released under Apache 2.0 license as described in the file LICENSE. -Author(s): Shilpi Goel --/ - -import Tactics.ArmConstr -import Lean - -namespace ArmConstr - -open Lean Elab Tactic Expr Meta - -abbrev ArmExpr := ArmConstr.Expr -abbrev ArmStateVar := ArmConstr.StateVar -abbrev ArmUpdate := ArmConstr.Update -abbrev ArmUpdates := ArmConstr.Updates - -/-! ## Mapping Arm State Update Expressions to Lean Expressions -/ - -def ArmStateVar.toExpr (s : ArmStateVar) : Lean.Expr := - mkNatLit s - -instance : ToExpr ArmStateVar where - toExpr a := a.toExpr - toTypeExpr := mkConst ``ArmConstr.StateVar - -def ArmUpdate.toExpr (u : ArmUpdate) : Lean.Expr := - open ArmConstr.Update in - match u with - | .w_gpr i (.var v) => mkAppN (mkConst ``w_gpr) - #[(Lean.toExpr i), - (mkApp (mkConst ``GPRVal.var) (mkNatLit v))] - -instance : ToExpr ArmUpdate where - toExpr a := a.toExpr - toTypeExpr := mkConst ``ArmConstr.Update - -def ArmUpdates.toExpr (us : ArmUpdates) : Lean.Expr := - match us with - | [] => Lean.toExpr ([] : Updates) - | u :: rest => - mkAppN (mkConst ``List.cons [levelZero]) - #[mkConst ``Update, (Lean.toExpr u), (ArmUpdates.toExpr rest)] - -instance : ToExpr ArmUpdates where - toExpr a := a.toExpr - toTypeExpr := mkConst ``ArmConstr.Updates - -def ArmExpr.toExpr (e : ArmExpr) : Lean.Expr := - mkApp3 (mkConst ``ArmConstr.Expr.mk) - (ArmStateVar.toExpr e.curr_state) - (ArmStateVar.toExpr e.prev_state) - (ArmUpdates.toExpr e.writes) - -instance : ToExpr ArmExpr where - toExpr a := a.toExpr - toTypeExpr := mkConst ``ArmConstr.Expr - - -/- -def foo : Lean.Expr := - open ArmExpr in - ArmExpr.toExpr { curr_state := 1, prev_state := 0, writes := [.w_gpr 1#5 (.var 0)] } - -#eval foo - -elab "foo" : term => return foo - -#eval foo --/ - -/-! ## Mapping Lean Expressions to Arm State Update Expressions -/ - -namespace ToArmExpr - -/- Borrowed from: Lean/Meta/Tactic/LinearArith/Nat/Basic.lean -/ -structure State where - -- It should be fine to use `KExprMap` here because the mapping should be - -- small and few HeadIndex collisions. - stateVarMap : KExprMap ArmStateVar := {} - stateVars : Array Lean.Expr := #[] - fldVarMap : KExprMap GPRVal := {} - fldVars : Array Lean.Expr := #[] - -abbrev M := StateRefT State MetaM - -def addAsStateVar (e : Lean.Expr) : M ArmStateVar := do - if let some x ← (← get).stateVarMap.find? e then - return x - else - let x := (← get).stateVars.size - let s ← get - set { s with stateVarMap := (← s.stateVarMap.insert e x), - stateVars := s.stateVars.push e : State } - return x - -def addAsGPRVar (e : Lean.Expr) : M GPRVal := do - if let some x ← (← get).fldVarMap.find? e then - return x - else - -- TODO: Make GPRVal also be a Nat, for convenience? - -- logInfo m!"[addAsGPRVar] e.type: {e_typ}" - -- if (←isDefEq (← inferType e) (mkApp (mkConst ``BitVec) (mkNatLit 64))) then - -- throwError "state_value IS defeq to bitvec" - let x := GPRVal.var (← get).fldVars.size - let s ← get - set { s with fldVarMap := (← s.fldVarMap.insert e x), - fldVars := s.fldVars.push e : State } - return x - --- partial def toArmUpdates (writes : Lean.Expr) (acc : ArmUpdates) : --- M (ArmUpdates × Lean.Expr) := do --- match_expr writes with --- | w fld val rest => --- let (update : ArmUpdate) ← --- match_expr fld with --- | StateField.GPR i => --- let some ⟨n, i'⟩ ← getBitVecValue? i | failure --- let var ← addAsGPRVar val --- logInfo m!"toArmUpdatesAndStateVar 1: FldVars: {(← get).fldVars}" --- if h : n = 5 then --- pure (Update.w_gpr (i'.cast h) var) --- else failure --- | _ => failure --- toArmUpdates rest (update :: acc) --- | _ => --- -- writes is just a state var at this point. --- return (acc, writes) --- --- partial def toArmStateVars (curr_state prev_state : Lean.Expr) : --- M (ArmStateVar × ArmStateVar) := do --- let (prev_state_var : ArmStateVar) ← addAsStateVar prev_state --- let (curr_state_var : ArmStateVar) ← addAsStateVar curr_state --- return (curr_state_var, prev_state_var) - -instance : ToMessageData GPRVal where - toMessageData x := - match x with - | .var i => m!"(var {i})" - -instance : ToMessageData Update where - toMessageData x := match x with - | .w_gpr i v => m!"(w_gpr {i} {v})" - -instance : ToMessageData ArmExpr where - toMessageData x := m!"\{curr: {x.curr_state}; writes: {x.writes} prev: {x.prev_state}}" - -def unifyTypes (varExpr : Lean.Expr) (mvarExpr : Lean.Expr) : MetaM Unit := do - let varType ← (whnf (← inferType varExpr)) - let mvarType ← inferType mvarExpr - try - let _ := isDefEq varType mvarType - catch _ => - throwError "Types could not be unified" - -partial def toArmUpdatesAndStateVar (curr_state writes : Lean.Expr) (us : ArmUpdates) : - M (ArmStateVar × ArmUpdates × ArmStateVar) := do - match_expr writes with - | w fld val rest => - let (update : ArmUpdate) ← - match_expr fld with - | StateField.GPR i => - let some ⟨n, i'⟩ ← getBitVecValue? i | failure - -- let orig_val_type ← inferType val - -- let val_type ← (whnf (← inferType val)) - -- let mvar ← mkFreshExprMVar none - -- mvar.mvarId!.assign val_type - -- -- unifyTypes val mvar - -- logInfo m!"mvar: {mvar}" - -- -- have h_proof : ∀ i, state_value (.GPR i) = BitVec 64 := by - -- -- simp only [implies_true] - -- -- let val ← mkAppM ``cast #[h_proof, mvar] - -- -- let val ← mkAppM ``cast #[← mkEqRefl orig_val_type, mvar] - -- let val := mkApp4 (.const ``cast [1]) orig_val_type val_type (← mkEqRefl val_type) val - -- logInfo m!"val: {val}" - let var ← addAsGPRVar val - logInfo m!"toArmUpdatesAndStateVar 1: var: {var} val: {val}" - logInfo m!"toArmUpdatesAndStateVar 1: FldVars: {(← get).fldVars}" - if h : n = 5 then - pure (Update.w_gpr (i'.cast h) var) - else failure - | _ => failure - logInfo m!"toArmUpdatesAndStateVar: Update: {update}" - toArmUpdatesAndStateVar curr_state rest (us ++ [update]) - | _ => - -- writes is just a state var at this point. - let (prev_state_var : ArmStateVar) ← addAsStateVar writes - let (curr_state_var : ArmStateVar) ← addAsStateVar curr_state - -- logInfo m!"toArmUpdatesAndStateVar: Curr_State_Var: {curr_state_var}" - -- logInfo m!"toArmUpdatesAndStateVar: Prev_State_var: {prev_state_var}" - -- logInfo m!"toArmUpdatesAndStateVar: FldVars: {(← get).fldVars}" - logInfo m!"toArmUpdatesAndStateVar: Writes: {us}" - return (curr_state_var, us, prev_state_var) - -partial def toArmExpr? (e : Lean.Expr) : M (Option ArmExpr) := do - match_expr e with - | Eq α s writes => - let_expr ArmState ← α | failure - let (curr_state, writes, prev_state) ← toArmUpdatesAndStateVar s writes [] - -- let (writes, prev_state_expr) ← toArmUpdates writes [] - -- logInfo m!"toArmExpr?: FldVars: {(← get).fldVars}" - -- let (curr_state, prev_state) ← toArmStateVars s prev_state_expr - logInfo m!"toArmExpr?: Current State ArmStateVar: {curr_state}" - logInfo m!"toArmExpr?: Previous State ArmStateVar: {prev_state}" - logInfo m!"toArmExpr?: StateVars: {(← get).stateVars}" - logInfo m!"toArmExpr?: FldVars: {(← get).fldVars}" - return some { curr_state, writes, prev_state } - | _ => failure - -def run (x : M α) : MetaM (α × Array Lean.Expr × Array Lean.Expr) := do - let (a, s) ← x.run {} - return (a, s.stateVars, s.fldVars) - -end ToArmExpr - -def toContextExpr (state_ctx : Array Lean.Expr) (gpr_ctx : Array Lean.Expr) : - MetaM Lean.Expr := do - let state_ctx ← mkListLit (mkConst ``ArmState) state_ctx.toList - let gpr_ctx ← (mkListLit (← mkAppM ``BitVec #[mkNatLit 64]) gpr_ctx.toList) - let ans := (mkApp2 (mkConst ``ArmConstr.Context.mk) state_ctx gpr_ctx) - logInfo m!"toContextExpr: {ans}" - return ans - -abbrev mkAuxDecl := Lean.Elab.Tactic.BVDecide.Frontend.mkAuxDecl - -def ArmExprPruned? (refl_proof_name : Name) (e : Lean.Expr) : MetaM (Option (Lean.Expr × Lean.Expr)) := do - let (some arm_expr, state_ctx, gpr_ctx) ← - ToArmExpr.run (ToArmExpr.toArmExpr? e) | return none - logInfo m!"arm_expr: {arm_expr}" - logInfo m!"state_ctx: {state_ctx}" - logInfo m!"gpr_ctx: {gpr_ctx}" - let arm_expr_pruned := arm_expr.prune - - let auxValue := mkApp2 (mkConst ``ArmConstr.Expr.isPruned) - (toExpr arm_expr) (toExpr arm_expr_pruned) - logInfo m!"auxValue: {auxValue}" - -- TODO: Use Lean.Elab.Term.mkAuxName for refl_name. - -- let refl_name := `_armexpr_reflection_def - mkAuxDecl refl_proof_name auxValue (mkConst ``Bool) - - let refl_proof := - mkApp3 - (mkConst ``Lean.ofReduceBool) - (mkConst refl_proof_name) - (toExpr true) - (← mkEqRefl (toExpr true)) - - logInfo m!"poised to check refl_proof" - check refl_proof - logInfo m!"checked refl_proof" - -- logInfo m!"poised to check native_decide proof" - -- let native_decide_proof := (mkApp (mkConst ``of_decide_eq_true) refl_proof) - -- logInfo m!"checked native_decide proof" - - let ctx_expr ← toContextExpr state_ctx gpr_ctx - logInfo m!"poised to check ctx_expr {ctx_expr}" - check ctx_expr - logInfo m!"checked ctx_expr" - - let p := mkAppN (mkConst ``ArmConstr.Expr.eq_true_of_denote) - #[ctx_expr, - (toExpr arm_expr), - (toExpr arm_expr_pruned), - -- mkApp2 (mkConst ``Eq.refl [levelOne]) (mkConst ``Bool) (mkConst ``Bool.true) - refl_proof] - logInfo m!"Proof: {p}" - check p - logInfo m!"checked proof {p}" - return some (mkConst ``True, p) - -def ReflectionProofName : Lean.Elab.TermElabM Name := do - Lean.Elab.Term.mkAuxName `_armexpr_reflection_def - -open Lean.Elab.Tactic - -elab "prune_updates" h_state_eq:term : tactic => withMainContext do - logInfo m!"This is h_state_eq: {h_state_eq}" - let h_state_eq_expr ← elabTerm h_state_eq none - let hStateEq ← inferType h_state_eq_expr - logInfo m!"This is hStateEq {hStateEq}" - let refl_proof_name ← ReflectionProofName - let some (_, e) ← ArmExprPruned? refl_proof_name hStateEq | return - -- logInfo m!"This is after pruning e: {e}" - logInfo m!"This is after pruning proof:\n {e}" - let goal ← Lean.Elab.Tactic.getMainGoal - let target ← goal.getType - let type ← inferType e - logInfo m!"Target {target}" - logInfo m!"E {e}" - logInfo m!"About to check E" - check e - logInfo m!"Checked E" - let e_ctor := e.ctorName - logInfo m!"e_ctor: {e_ctor}" - -- If `type` has the form `∀ (x₁ : T₁) ... (xₙ : Tₙ), U`, introduce new - -- metavariables for the `xᵢ` and obtain the conclusion `U`. (If `proof_type` does - -- not have this form, `args` is empty and `conclusion = type`.) - let (args, _, conclusion) ← forallMetaTelescopeReducing type - logInfo m!"args: {args} conclusion: {conclusion}" - if ← isDefEq target conclusion then - -- Assign the goal to `e x₁ ... xₙ`, where the `xᵢ` are the fresh - -- metavariables in `args`. - logInfo m!"goal_type and conclusion are defEq!" - if ← isDefEq args[0]! h_state_eq_expr then - logInfo m!"args[0] and h_state_eq_expr are defEq!" - let new_goal_term := mkAppN e args - -- let new_goal_term := goal_type - logInfo m!"new_goal_term: {new_goal_term}" - -- logInfo m!"new_goal_term.mvarId!.isAssigned: {← new_goal_term.mvarId!.isAssigned}" - -- logInfo m!"args[0]!.mvarId!.isAssigned: {← args[0]!.mvarId!.isAssigned}" - goal.assign new_goal_term - -- `isDefEq` may have assigned some of the `args`. Report the rest as new - -- goals. - let newGoals ← args.filterMapM λ mvar => do - let mvarId := mvar.mvarId! - if ! (← mvarId.isAssigned) && ! (← mvarId.isDelayedAssigned) then - return some mvarId - else - return none - logInfo m!"newGoals: {newGoals.toList}" - setGoals newGoals.toList - -- If the conclusion does not unify with the target, throw an error. - else - throwTacticEx `prune_updates goal m!"{e} is not applicable to goal with target {target}" - -namespace ArmConstr - -#time -open Expr Update in -theorem example2 - (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 0#5) x1 s0))) : - s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s0) := by - prune_updates h_s1 - done --- -#print example2 - -#time -open Expr Update in -theorem example4 - (h_s1 : s1 = w (.GPR 1#5) (x100 + x100') (w (.GPR 0#5) x500 (w (.GPR 8#5) x1 s0))) : - s1 = w (.GPR 0#5) x500 (w (.GPR 1#5) (x100 + x100') (w (.GPR 8#5) x1 s0)) := by - prune_updates h_s1 - done - -#print example4 diff --git a/Tactics/Attr.lean b/Tactics/Attr.lean index 2c11c8fb..7ac0f035 100644 --- a/Tactics/Attr.lean +++ b/Tactics/Attr.lean @@ -10,6 +10,22 @@ initialize -- CSE tactic's non-verbose summary logging. registerTraceClass `Tactic.cse.summary + -- enable tracing for `prune_updates` tactic + registerTraceClass `Tactic.prune_updates + -- show the pruned updates in a form that the user can copy/paste into the + -- theorem's conclusion + registerTraceClass `Tactic.prune_updates.answer + + registerOption `Tactic.prune_updates.validate { + defValue := false + descr := "enable/disable type-checking of internal state during execution \ + of the `prune_updates` tactic. + + This is an internal option for debugging purposes, end users should \ + generally not set this option, unless they are reporting a bug with \ + `prune_updates`" + } + -- enable tracing for `sym_n` tactic and related components registerTraceClass `Tactic.sym -- enable verbose tracing diff --git a/Tactics/BvOmegaBench.lean b/Tactics/BvOmegaBench.lean index c197c13b..5ea38a4a 100644 --- a/Tactics/BvOmegaBench.lean +++ b/Tactics/BvOmegaBench.lean @@ -60,10 +60,10 @@ def run (g : MVarId) (hyps : Array Expr) (bvToNatSimpCtx : Simp.Context) (bvToNa /- Wow, this is gross. I need to filter out the fvars, and keep track of which ones I use for simplification. -/ try let (result?, _stats) ← g.withContext <| simpGoal g bvToNatSimpCtx bvToNatSimprocs (simplifyTarget := true) (discharge? := .none) hypFVars - let .some (hypFVars', g') := result? | return () + let .some (_hypFVars', g') := result? | return () g := g' let hypsOldRetained ← g.withContext <| pure (← getLCtx).getFVarIds - let hypsOldRetained := hypsOldRetained.filter (fun fvar => hypFVars.contains fvar) + let _hypsOldRetained := hypsOldRetained.filter (fun fvar => hypFVars.contains fvar) -- hypFVars := hypFVars' catch e => trace[simp_mem.info] "in BvOmega, ran `simp only [bv_toNat]` and got error: {indentD e.toMessageData}" diff --git a/Tactics/PruneUpdates.lean b/Tactics/PruneUpdates.lean new file mode 100644 index 00000000..fe76829d --- /dev/null +++ b/Tactics/PruneUpdates.lean @@ -0,0 +1,449 @@ +/- +Copyright (c) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. +Released under Apache 2.0 license as described in the file LICENSE. +Author(s): Shilpi Goel +-/ + +import Tactics.PruneUpdatesLogic +import Tactics.Attr + +import Lean + +namespace ArmConstr + +open Lean Elab Tactic Expr Meta + +abbrev ArmExpr := ArmConstr.Expr +abbrev ArmStateVar := ArmConstr.StateVar +abbrev ArmUpdate := ArmConstr.Update +abbrev ArmUpdates := ArmConstr.Updates + +section Tracing +-- (FIXME): Move to Sym/Common.lean? + +variable {α : Type} {m : Type → Type} [Monad m] [MonadTrace m] [MonadLiftT IO m] + [MonadRef m] [AddMessageContext m] [MonadOptions m] {ε : Type} + [MonadAlwaysExcept ε m] [MonadLiftT BaseIO m] + +/-- Add a trace node with the `Tactic.prune_updates` trace class -/ +def withTraceNode (msg : MessageData) (k : m α) + (collapsed : Bool := true) + (tag : String := "") + : m α := do + Lean.withTraceNode `Tactic.prune_updates (fun _ => pure msg) k collapsed tag + +end Tracing + +/-! ## Mapping Arm State Update Expressions to Lean Expressions -/ + +def ArmStateVar.toExpr (s : ArmStateVar) : Lean.Expr := + mkNatLit s + +instance : ToExpr ArmStateVar where + toExpr a := a.toExpr + toTypeExpr := mkConst ``ArmConstr.StateVar + +def ArmUpdate.toExpr (u : ArmUpdate) : Lean.Expr := + open ArmConstr.Update in + match u with + | .err v => mkAppN (mkConst ``err) #[(mkNatLit v)] + | .pc v => mkAppN (mkConst ``pc) #[(mkNatLit v)] + | .gpr i v => mkAppN (mkConst ``gpr) + #[(Lean.toExpr i), (mkNatLit v)] + | .sfp i v => mkAppN (mkConst ``sfp) + #[(Lean.toExpr i), (mkNatLit v)] + | .flag i v => mkAppN (mkConst ``flag) + #[(Lean.toExpr i), (mkNatLit v)] + +instance : ToExpr ArmUpdate where + toExpr a := a.toExpr + toTypeExpr := mkConst ``ArmConstr.Update + +def ArmUpdates.toExpr (us : ArmUpdates) : Lean.Expr := + match us with + | [] => Lean.toExpr ([] : Updates) + | u :: rest => + mkAppN (mkConst ``List.cons [levelZero]) + #[mkConst ``Update, (Lean.toExpr u), (ArmUpdates.toExpr rest)] + +instance : ToExpr ArmUpdates where + toExpr a := a.toExpr + toTypeExpr := mkConst ``ArmConstr.Updates + +def ArmExpr.toExpr (e : ArmExpr) : Lean.Expr := + mkApp3 (mkConst ``ArmConstr.Expr.mk) + (ArmStateVar.toExpr e.curr_state) + (ArmStateVar.toExpr e.prev_state) + (ArmUpdates.toExpr e.writes) + +instance : ToExpr ArmExpr where + toExpr a := a.toExpr + toTypeExpr := mkConst ``ArmConstr.Expr + +/- +def foo : Lean.Expr := + open ArmExpr in + ArmExpr.toExpr { curr_state := 1, prev_state := 0, writes := [.gpr 1#5 (0), .err (0)] } + +#eval foo + +elab "foo" : term => return foo + +#eval foo +-/ + +/-! ## Mapping Lean Expressions to Arm State Update Expressions -/ + +namespace ToArmExpr + +/- Borrowed from: Lean/Meta/Tactic/LinearArith/Nat/Basic.lean -/ +structure State where + -- It should be fine to use `KExprMap` here because the mapping should be + -- small and few HeadIndex collisions. + stateVarMap : KExprMap ArmStateVar := {} + stateVars : Array Lean.Expr := #[] + gprVarMap : KExprMap GPRVar := {} + gprVars : Array Lean.Expr := #[] + sfpVarMap : KExprMap SFPVar := {} + sfpVars : Array Lean.Expr := #[] + flagVarMap : KExprMap FlagVar := {} + flagVars : Array Lean.Expr := #[] + errVarMap : KExprMap ErrVar := {} + errVars : Array Lean.Expr := #[] + pcVarMap : KExprMap PCVar := {} + pcVars : Array Lean.Expr := #[] + +abbrev M := StateRefT State MetaM + +def addAsStateVar (e : Lean.Expr) : M ArmStateVar := do + if let some x ← (← get).stateVarMap.find? e then + return x + else + let x := (← get).stateVars.size + let s ← get + set { s with stateVarMap := (← s.stateVarMap.insert e x), + stateVars := s.stateVars.push e : State } + return x + +def addAsPCVar (e : Lean.Expr) : M Nat := do + if let some x ← (← get).pcVarMap.find? e then + return x + else + let x := (← get).pcVars.size + let s ← get + set { s with pcVarMap := (← s.pcVarMap.insert e x), + pcVars := s.pcVars.push e : State } + return x + +def addAsErrVar (e : Lean.Expr) : M Nat := do + if let some x ← (← get).errVarMap.find? e then + return x + else + let x := (← get).errVars.size + let s ← get + set { s with errVarMap := (← s.errVarMap.insert e x), + errVars := s.errVars.push e : State } + return x + +def addAsGPRVar (e : Lean.Expr) : M Nat := do + if let some x ← (← get).gprVarMap.find? e then + return x + else + let x := (← get).gprVars.size + let s ← get + set { s with gprVarMap := (← s.gprVarMap.insert e x), + gprVars := s.gprVars.push e : State } + return x + +def addAsSFPVar (e : Lean.Expr) : M Nat := do + if let some x ← (← get).sfpVarMap.find? e then + return x + else + let x := (← get).sfpVars.size + let s ← get + set { s with sfpVarMap := (← s.sfpVarMap.insert e x), + sfpVars := s.sfpVars.push e : State } + return x + +def addAsFlagVar (e : Lean.Expr) : M Nat := do + if let some x ← (← get).flagVarMap.find? e then + return x + else + let x := (← get).flagVars.size + let s ← get + set { s with flagVarMap := (← s.flagVarMap.insert e x), + flagVars := s.flagVars.push e : State } + return x + +instance : ToMessageData ArmExpr where + toMessageData x := m!"\{curr: {x.curr_state}; writes: {x.writes} prev: {x.prev_state}}" + +def getPFlagValue? (e : Lean.Expr) : MetaM (Option PFlag) := OptionT.run do + match_expr e with + | PFlag.N => return PFlag.N + | PFlag.Z => return PFlag.Z + | PFlag.C => return PFlag.C + | PFlag.V => return PFlag.V + | _ => failure + +partial def toArmUpdatesAndStateVar (curr_state writes : Lean.Expr) (us : ArmUpdates) : + M (ArmStateVar × ArmUpdates × ArmStateVar) := + withTraceNode m!"toArmUpdatesAndStateVar" (tag := "toArmUpdatesAndStateVar") <| do + match_expr writes with + | w fld val rest => + let (update : ArmUpdate) ← + match_expr fld with + | StateField.ERR => + let var ← addAsErrVar val + trace[Tactic.prune_updates] "Adding ERR value {val} as {var}" + trace[Tactic.prune_updates] "All variables in the Err map: {(← get).errVars}" + pure (Update.err var) + | StateField.PC => + let var ← addAsPCVar val + trace[Tactic.prune_updates] "Adding PC value {val} as {var}" + trace[Tactic.prune_updates] "All variables in the PC map: {(← get).pcVars}" + pure (Update.pc var) + | StateField.GPR i => + let some ⟨n, i'⟩ ← getBitVecValue? i | failure + let var ← addAsGPRVar val + trace[Tactic.prune_updates] "Adding GPR value {val} as {var}" + trace[Tactic.prune_updates] "All variables in the GPR map: {(← get).gprVars}" + if h : n = 5 then + pure (Update.gpr (i'.cast h) var) + else failure + | StateField.SFP i => + let some ⟨n, i'⟩ ← getBitVecValue? i | failure + let var ← addAsSFPVar val + trace[Tactic.prune_updates] "Adding SFP value {val} as {var}" + trace[Tactic.prune_updates] "All variables in the SFP map: {(← get).sfpVars}" + if h : n = 5 then + pure (Update.sfp (i'.cast h) var) + else failure + | StateField.FLAG i => + let some i' ← getPFlagValue? i | failure + let var ← addAsFlagVar val + trace[Tactic.prune_updates] "Adding FLAG value {val} as {var}" + trace[Tactic.prune_updates] "All variables in the Flag map: {(← get).flagVars}" + pure (Update.flag i' var) + | _ => failure + toArmUpdatesAndStateVar curr_state rest (us ++ [update]) + | _ => + -- writes is just a state var at this point. + let (prev_state_var : ArmStateVar) ← addAsStateVar writes + let (curr_state_var : ArmStateVar) ← addAsStateVar curr_state + trace[Tactic.prune_updates] "Current State: {curr_state} var: {curr_state_var}" + trace[Tactic.prune_updates] "Previous State: {writes} var: {prev_state_var}" + trace[Tactic.prune_updates] "All Updates: {us}" + return (curr_state_var, us, prev_state_var) + +partial def toArmExpr? (e : Lean.Expr) : M (Option ArmExpr) := + withTraceNode m!"toArmExpr?" (tag := "toArmExpr?") <| do + match_expr e with + | Eq α s writes => + let_expr ArmState ← α | failure + let (curr_state, writes, prev_state) ← toArmUpdatesAndStateVar s writes [] + return some { curr_state, writes, prev_state } + | _ => failure + +def run (x : M α) : MetaM (α × State) := do + let (a, s) ← x.run {} + return (a, s) + +end ToArmExpr + +def toContextExpr (s : ToArmExpr.State) : MetaM Lean.Expr := + withTraceNode m!"toContextExpr" (tag := "toContextExpr") <| do + let state_ctx ← mkListLit (mkConst ``ArmState) s.stateVars.toList + let err_ctx ← (mkListLit (mkConst ``StateError) s.errVars.toList) + let pc_ctx ← (mkListLit (← mkAppM ``BitVec #[mkNatLit 64]) s.pcVars.toList) + let gpr_ctx ← (mkListLit (← mkAppM ``BitVec #[mkNatLit 64]) s.gprVars.toList) + let sfp_ctx ← (mkListLit (← mkAppM ``BitVec #[mkNatLit 128]) s.sfpVars.toList) + let flag_ctx ← (mkListLit (← mkAppM ``BitVec #[mkNatLit 1]) s.flagVars.toList) + let ans := (mkAppN (mkConst ``ArmConstr.Context.mk) + #[state_ctx, err_ctx, pc_ctx, gpr_ctx, sfp_ctx, flag_ctx]) + trace[Tactic.prune_updates] m!"ArmConstr.Context: {ans}" + return ans + +abbrev mkAuxDecl := Lean.Elab.Tactic.BVDecide.Frontend.mkAuxDecl + +-- (FIXME) Better formatting; change into code action, etc.! +def toArmMessageData (e : Expr) (s : ToArmExpr.State) : MessageData := + let curr_state := s.stateVars[e.curr_state]! + let prev_state := s.stateVars[e.prev_state]! + let writes := go e.writes prev_state s 0 + m!"{curr_state} = {writes}" + where go (us : Updates) (prev_state : Lean.Expr) + (s : ToArmExpr.State) (paren_count : Nat) := + match us with + | [] => + let closing_parens := List.asString (List.replicate paren_count ')') + m!"{prev_state}{closing_parens}" + | u :: rest => + let m := + match u with + | .err v => m!"(w .ERR ({s.errVars[v]!}) " + | .pc v => m!"(w .PC ({s.pcVars[v]!}) " + | .gpr i v => m!"(w (.GPR {i}) ({s.gprVars[v]!}) " + | .sfp i v => m!"(w (.SFP {i}) ({s.sfpVars[v]!}) " + | .flag i v => m!"(w (.FLAG {i}) ({s.flagVars[v]!}) " + m!"{m} {go rest prev_state s (1 + paren_count)}" + +def ArmExprPruned? (refl_proof_name : Name) (e : Lean.Expr) : + MetaM (Option (Lean.Expr × Lean.Expr)) := + withTraceNode m!"ArmExprPruned?" (tag := "ArmExprPruned?") <| do + let validate ←(getBoolOption `Tactic.prune_updates.validate) + let (some arm_expr, state) ← + ToArmExpr.run (ToArmExpr.toArmExpr? e) | return none + trace[Tactic.prune_updates] "Arm Expr: {arm_expr}" + trace[Tactic.prune_updates] "State Context: {state.stateVars}" + trace[Tactic.prune_updates] "ERR Context: {state.errVars}" + trace[Tactic.prune_updates] "PC Context: {state.pcVars}" + trace[Tactic.prune_updates] "GPR Context: {state.gprVars}" + trace[Tactic.prune_updates] "SFP Context: {state.sfpVars}" + trace[Tactic.prune_updates] "Flag Context: {state.flagVars}" + let arm_expr_pruned := arm_expr.prune + trace[Tactic.prune_updates] "Pruned Arm Expr: {arm_expr_pruned}" + + let ctx_expr ← toContextExpr state + if validate then + check ctx_expr + trace[Tactic.prune_updates] "Checked context expressions: {ctx_expr}" + + let answer := toArmMessageData arm_expr_pruned state + trace[Tactic.prune_updates.answer] "Pruned Answer: {answer}" + + let auxValue := mkApp2 (mkConst ``ArmConstr.Expr.isPruned) + (toExpr arm_expr) (toExpr arm_expr_pruned) + trace[Tactic.prune_updates] "Aux Value: {auxValue}" + mkAuxDecl refl_proof_name auxValue (mkConst ``Bool) + + let refl_proof := + mkApp3 + (mkConst ``Lean.ofReduceBool) + (mkConst refl_proof_name) + (toExpr true) + (← mkEqRefl (toExpr true)) + + if validate then + check refl_proof + trace[Tactic.prune_updates] "Checked reflection proof: {refl_proof}" + + let p := mkAppN (mkConst ``ArmConstr.Expr.eq_true_of_denote) + #[ctx_expr, + (toExpr arm_expr), + (toExpr arm_expr_pruned), + refl_proof] + if validate then + check p + trace[Tactic.prune_updates] "Checked proof: {p}" + return some (mkConst ``True, p) + +def ReflectionProofName : Lean.Elab.TermElabM Name := do + Lean.Elab.Term.mkAuxName `_armexpr_reflection_def + +open Lean.Elab.Tactic in +elab "prune_updates" h_state_eq:term : tactic => + withTraceNode m!"prune_updates" (tag := "prune_updates") <| withMainContext do + trace[Tactic.prune_updates] "h_state_eq: {h_state_eq}" + let h_state_eq_expr ← elabTerm h_state_eq none + let hStateEq ← inferType h_state_eq_expr + trace[Tactic.prune_updates] "hStateEq: {hStateEq}" + let refl_proof_name ← ReflectionProofName + let some (_, e) ← ArmExprPruned? refl_proof_name hStateEq | return + trace[Tactic.prune_updates] "Ctor of Proof after ArmExprPruned?: {e.ctorName}" + trace[Tactic.prune_updates] "Proof after ArmExprPruned?: {e}" + /- + The rest of this code is heavily borrowed from `myApply` in Metaprogramming in + Lean 4 + (https://leanprover-community.github.io/lean4-metaprogramming-book/main/04_metam.html) + -/ + let goal ← Lean.Elab.Tactic.getMainGoal + let target ← goal.getType + let type ← inferType e + trace[Tactic.prune_updates] "Target: {target}" + trace[Tactic.prune_updates] "Proof, after `inferType`: {type}" + -- If `type` has the form `∀ (x₁ : T₁) ... (xₙ : Tₙ), U`, introduce new + -- metavariables for the `xᵢ` and obtain the conclusion `U`. (If `proof_type` does + -- not have this form, `args` is empty and `conclusion = type`.) + let (args, _, conclusion) ← forallMetaTelescopeReducing type + trace[Tactic.prune_updates] "Args: {args}" + trace[Tactic.prune_updates] "Conclusion: {conclusion}" + if ← isDefEq target conclusion then + trace[Tactic.prune_updates] "Target and conclusion are DefEq!" + -- Assign the goal to `e x₁ ... xₙ`, where the `xᵢ` are the fresh + -- metavariables in `args`. + if ← isDefEq args[0]! h_state_eq_expr then + trace[Tactic.prune_updates] "Args[0]! and h_state_eq_expr are DefEq!" + let new_goal_term := mkAppN e args + trace[Tactic.prune_updates] "New Goal: {new_goal_term}" + goal.assign new_goal_term + -- `isDefEq` may have assigned some of the `args`. Report the rest as new + -- goals. + let newGoals ← args.filterMapM λ mvar => do + let mvarId := mvar.mvarId! + if ! (← mvarId.isAssigned) && ! (← mvarId.isDelayedAssigned) then + return some mvarId + else + return none + trace[Tactic.prune_updates] "newGoals: {newGoals.toList}" + setGoals newGoals.toList + else + -- If the conclusion does not unify with the target, throw an error. + throwTacticEx `prune_updates goal m!"{e} is not applicable to goal with target {target}" + +namespace ArmConstr + +section Tests + +#time +-- set_option trace.Tactic.prune_updates.answer true in +private theorem example1 + (h_s1 : s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 (w (.GPR 0#5) x1 s0))) : + s1 = (w (.GPR 0x00#5) x0 (w (.GPR 0x01#5) x1 s0)) := by + prune_updates h_s1 + done + +-- #print example1 + +#time +private theorem example2 + (h_s1 : s1 = w (.GPR 1#5) (x100 + x100') (w (.GPR 0#5) x500 (w (.GPR 8#5) x1 s0))) : + s1 = w (.GPR 0#5) x500 (w (.GPR 1#5) (x100 + x100') (w (.GPR 8#5) x1 s0)) := by + prune_updates h_s1 + done + +#time +-- set_option trace.Tactic.prune_updates.answer true in +private theorem example3 + (h_s1 : s1 = + (w StateField.PC (if ¬r (StateField.GPR 0x2#5) s = 0x0#64 then 0x126500#64 else 0x126c94#64) + (w (StateField.SFP 0x3#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x3#5) s) (r (StateField.SFP 0x1d#5) s) 0x0#128) + (w StateField.PC 0x126c8c#64 + (w (StateField.SFP 0x2#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x2#5) s) (r (StateField.SFP 0x1c#5) s) + 0x0#128) + (w StateField.PC 0x126c88#64 + (w (StateField.SFP 0x1#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x1#5) s) (r (StateField.SFP 0x1b#5) s) + 0x0#128) + (w StateField.PC 0x126c84#64 + (w (StateField.SFP 0x0#5) + (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0x0#5) s) + (r (StateField.SFP 0x1a#5) s) 0x0#128) + s))))))))) : + s1 = (w .PC (if ¬r (StateField.GPR 2#5) s = 0#64 then 1205504#64 + else + 1207444#64) (w (.SFP 0x00#5) (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 0#5) s) + (r (StateField.SFP 26#5) s) + 0#128) (w (.SFP 0x01#5) (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 1#5) s) + (r (StateField.SFP 27#5) s) + 0#128) (w (.SFP 0x02#5) (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 2#5) s) + (r (StateField.SFP 28#5) s) + 0#128) (w (.SFP 0x03#5) (DPSFP.binary_vector_op_aux 0 2 64 BitVec.add (r (StateField.SFP 3#5) s) + (r (StateField.SFP 29#5) s) 0#128) s))))) + := by + prune_updates h_s1 + done + +end Tests diff --git a/Tactics/ArmConstr.lean b/Tactics/PruneUpdatesLogic.lean similarity index 55% rename from Tactics/ArmConstr.lean rename to Tactics/PruneUpdatesLogic.lean index e2766a28..a12c9fad 100644 --- a/Tactics/ArmConstr.lean +++ b/Tactics/PruneUpdatesLogic.lean @@ -8,10 +8,9 @@ Author(s): Shilpi Goel Experimental method to aggregate state effects using reflection. In LNSym, we already have a language that describes writes to the `ArmState` -using functions `w` and `Memory.write_bytes`. However, these writes can shadow -others, which causes the nest of writes to grow large. We reflect `w` and -`Memory.write_bytes` to get a pruned nest of writes. As a simple example, -consider the following nest of writes: +using functions `w`. However, these writes can shadow others, which causes the +nest of writes to grow large. We reflect `w` and to get a pruned nest of writes. +As a simple example, consider the following nest of writes: ``` s1 = w .PC pc (w (.GPR 0) x0 (w .PC pc' (w (.GPR 0) x0' s0))) ``` @@ -20,6 +19,8 @@ We would like to prune this to the equivalent term below: s1 = w .PC pc (w (.GPR 0) x0 s0) ``` +Note that we do not reflect memory updates at this point. + This is inspired by `simp_arith`, especially the following files: `[lean] Init/Data/Nat/Linear.lean` @@ -32,17 +33,29 @@ import Arm.FromMathlib namespace ArmConstr -/- We use `Nat`s to refer to all the state variables in our context. -/ -abbrev StateVar := Nat - -/-- A `GPRVal` is simply a variable. -/ -inductive GPRVal where - -- A variable in the context. - | var (i : Nat) - deriving DecidableEq, Repr, Inhabited +/- We use `Nat`s to refer to all the variables in our context. -/ +abbrev StateVar := Nat +abbrev GPRVar := Nat +abbrev SFPVar := Nat +abbrev PCVar := Nat +abbrev ErrVar := Nat +abbrev FlagVar := Nat + +inductive Var where + | state (var : StateVar) + | gpr (var : GPRVar) + | sfp (var : SFPVar) + | pc (var : PCVar) + | err (var : ErrVar) + | flag (var : FlagVar) + deriving Repr, DecidableEq, Inhabited abbrev StateContext := List ArmState -abbrev GPRValContext := List (BitVec 64) +abbrev GPRContext := List (BitVec 64) +abbrev SFPContext := List (BitVec 128) +abbrev PCContext := List (BitVec 64) +abbrev FlagContext := List (BitVec 1) +abbrev ErrContext := List (StateError) /-- Context containing all the variables encountered in the problem. The @@ -51,9 +64,22 @@ position of a variable in the context becomes variable name (see, e.g., -/ structure Context where state : StateContext - gpr : GPRValContext + err : ErrContext + pc : PCContext + gpr : GPRContext + sfp : SFPContext + flag : FlagContext deriving Repr, Inhabited +def Val (var : Var) : Type := + match var with + | .state _ => ArmState + | .gpr _ => BitVec 64 + | .sfp _ => BitVec 128 + | .pc _ => BitVec 64 + | .flag _ => BitVec 1 + | .err _ => StateError + /-- Look up variable `v` in the `StateContext`. -/ @@ -61,64 +87,160 @@ def StateVar.denote (ctx : StateContext) (v : StateVar) : ArmState := ctx.getD v ArmState.default /-- -Denote `GPRVal v` over `ArmState prev_s`. That is, if `v` is a variable then -look it up in the `GPRValContext`. +Look up variable `v` in the `GPRContext`. -/ -def GPRVal.denote (ctx : GPRValContext) (v : GPRVal) : BitVec 64 := - match v with - | var i => ctx.getD i 0 +def GPRVar.denote (ctx : GPRContext) (v : GPRVar) : BitVec 64 := + ctx.getD v 0 @[local simp] -theorem GPRVal.denote_of_var : - GPRVal.denote ctx (GPRVal.var v) = ctx.getD v 0 := by - simp [GPRVal.denote] +theorem GPRVar.denote_of_var : + GPRVar.denote ctx v = ctx.getD v 0 := by + simp [GPRVar.denote] + +/-- +Look up variable `v` in the `SFPContext`. +-/ +def SFPVar.denote (ctx : SFPContext) (v : SFPVar) : BitVec 128 := + ctx.getD v 0 + +/-- +Look up variable `v` in the `PCContext`. +-/ +def PCVar.denote (ctx : PCContext) (v : PCVar) : BitVec 64 := + ctx.getD v 0 + +/-- +Look up variable `v` in the `ErrContext`. +-/ +def ErrVar.denote (ctx : ErrContext) (v : ErrVar) : StateError := + ctx.getD v StateError.None + +/-- +Look up variable `v` in the `FlagContext`. +-/ +def FlagVar.denote (ctx : FlagContext) (v : FlagVar) : BitVec 1 := + ctx.getD v 0 + +/-- +Look up `var` in the appropriate field of `ctx`, indicated by `fld`. +-/ +def Var.denote (ctx : Context) (fld : StateField) (var : Nat) : state_value fld := + match fld with + | .GPR _ => GPRVar.denote ctx.gpr var + | .SFP _ => SFPVar.denote ctx.sfp var + | .PC => PCVar.denote ctx.pc var + | .FLAG _ => FlagVar.denote ctx.flag var + | .ERR => ErrVar.denote ctx.err var /-- Datastructure that characterizes all the updates that can be made to an `ArmState`. -/ inductive Update where - -- `i` is a constant. - | w_gpr (i : BitVec 5) (v : GPRVal) - -- TODO: Other state components. - deriving DecidableEq, Repr, Inhabited + | err (v : ErrVar) + | pc (v : PCVar) + | gpr (i : BitVec 5) (v : GPRVar) + | sfp (i : BitVec 5) (v : SFPVar) + | flag (i : PFlag) (v : FlagVar) + deriving DecidableEq, Repr, Inhabited + +instance : ToString Update where toString a := toString (repr a) + +instance : Lean.ToMessageData Update where + toMessageData x := match x with + | .err v => m!"(err {v})" + | .pc v => m!"(pc {v})" + | .gpr i v => m!"(gpr {i} {v})" + | .sfp i v => m!"(sfp {i} {v})" + | .flag i v => m!"(flag {i} {v})" -def Update.field (u : Update) : BitVec 5 := +abbrev Updates := List Update + +/-- +`StateField` characterized by the `Update u`. +-/ +def Update.field (u : Update) : StateField := match u with - | w_gpr i _ => i + | .err _ => StateField.ERR + | .pc _ => StateField.PC + | .gpr i _ => StateField.GPR i + | .sfp i _ => StateField.SFP i + | .flag i _ => StateField.FLAG i -abbrev Updates := List Update +/-- +Variable ensconsed in `Update u`. +-/ +def Update.var (u : Update) : Nat := + match u with + | Update.err v => v + | Update.pc v => v + | Update.gpr _ v => v + | Update.sfp _ v => v + | Update.flag _ v => v /-- Do updates `x` and `y` refer to the same state component? -/ def Update.regEq (x y : Update) : Prop := match x, y with - | w_gpr i _, w_gpr j _ => i = j - -instance : Decidable (Update.regEq x y) := - inferInstanceAs (Decidable <| - match x, y with - | .w_gpr i _, .w_gpr j _ => i = j) + | err _, err _ => True + | pc _, pc _ => True + | gpr i _, gpr j _ => i = j + | sfp i _, sfp j _ => i = j + | flag i _, flag j _ => i = j + | _, _ => False + +-- set_option diagnostics true in +-- instance : Decidable (Update.regEq x y) := +-- inferInstanceAs (Decidable <| +-- match x, y with +-- | .pc _, .pc _ => True +-- | .gpr i _, .gpr j _ => i = j +-- | .sfp i _, .sfp j _ => i = j +-- | .flag i _, .flag j _ => i = j +-- | _, _ => False) + +private def PFlag.natIdx (f : PFlag) : Nat := + match f with + | .N => 0 + | .Z => 1 + | .C => 2 + | .V => 3 /-- -Is the register index of update `x` less than or equal to that of `y`? +Is the field of update `x` "less than or equal to" that of `y`? -/ def Update.regIndexLe (x y : Update) : Bool := match x, y with - | w_gpr i _, w_gpr j _ => i <= j + | err _, _ => true + | _, err _ => false + | pc _, _ => true + | _, pc _ => false + | gpr i _, gpr j _ => i <= j + | gpr _ _, _ => true + | _, gpr _ _ => false + | sfp i _, sfp j _ => i <= j + | sfp _ _, _ => true + | _, sfp _ _ => false + | flag i _, flag j _ => PFlag.natIdx i <= PFlag.natIdx j theorem Update.regIndexLe_trans (a b c : Update) (h1 : Update.regIndexLe a b) (h2 : Update.regIndexLe b c) : Update.regIndexLe a c := by simp_all [Update.regIndexLe] - exact BitVec.le_trans h1 h2 + cases a <;> cases b <;> cases c <;> simp_all + repeat (exact BitVec.le_trans h1 h2) + exact Nat.le_trans h1 h2 + done theorem Update.regIndexLe_total (a b : Update) : Update.regIndexLe a b || Update.regIndexLe b a := by - simp_all [Update.regIndexLe] - exact BitVec.le_total a.1 b.1 + simp [Update.regIndexLe] + cases a <;> cases b <;> simp_all + repeat apply BitVec.le_total + apply Nat.le_total + done /-- Datastructure to represent expressions characterizing the following state @@ -140,9 +262,25 @@ def Expr.denote_writes (ctx : Context) (us : Updates) (prev_state : StateVar) : ArmState := match us with | [] => StateVar.denote ctx.state prev_state - | Update.w_gpr i v :: rest => + | Update.gpr i v :: rest => w (.GPR i) - (GPRVal.denote ctx.gpr v) + (GPRVar.denote ctx.gpr v) + (Expr.denote_writes ctx rest prev_state) + | Update.sfp i v :: rest => + w (.SFP i) + (SFPVar.denote ctx.sfp v) + (Expr.denote_writes ctx rest prev_state) + | Update.pc v :: rest => + w .PC + (PCVar.denote ctx.pc v) + (Expr.denote_writes ctx rest prev_state) + | Update.err v :: rest => + w .ERR + (ErrVar.denote ctx.err v) + (Expr.denote_writes ctx rest prev_state) + | Update.flag i v :: rest => + w (.FLAG i) + (FlagVar.denote ctx.flag v) (Expr.denote_writes ctx rest prev_state) @[local simp] @@ -153,9 +291,39 @@ theorem denote_writes_empty : @[local simp] theorem denote_writes_cons : Expr.denote_writes ctx (e :: us) prev_state = - w (StateField.GPR e.1) (GPRVal.denote ctx.gpr e.2) + w (Update.field e) (Var.denote ctx (Update.field e) (Update.var e)) (Expr.denote_writes ctx us prev_state) := by - simp only [Expr.denote_writes] + conv => lhs; unfold Expr.denote_writes + simp_all [Update.field, Update.var, Var.denote] + split + · -- Empty updates + simp_all + · -- GPR update + rename_i heq i' v i h_cons + have h_cons_1 : e = Update.gpr i' v := by simp_all + have h_cons_2 : us = i := by simp_all + rw [h_cons_1]; simp_all + · -- SFP update + rename_i heq i' v i h_cons + have h_cons_1 : e = Update.sfp i' v := by simp_all + have h_cons_2 : us = i := by simp_all + rw [h_cons_1]; simp_all + · -- PC update + rename_i heq i' v i + have h_cons_1 : e = Update.pc i' := by simp_all + have h_cons_2 : us = v := by simp_all + rw [h_cons_1]; simp_all + · -- ERR update + rename_i heq i' v i + have h_cons_1 : e = Update.err i' := by simp_all + have h_cons_2 : us = v := by simp_all + rw [h_cons_1]; simp_all + · -- Flag update + rename_i heq i' v i h_cons + have h_cons_1 : e = Update.flag i' v := by simp_all + have h_cons_2 : us = i := by simp_all + rw [h_cons_1]; simp_all + done theorem denote_statevar_eq_denote_writes_eq (h : StateVar.denote ctx.state v1 = StateVar.denote ctx.state v2) : @@ -185,14 +353,14 @@ private theorem denote_writes_sorted_helper rw [ih] simp only [List.cons_append, denote_writes_cons] · rw [w_of_w_commute] - simp_all [Update.regIndexLe] - apply BitVec.ne_of_lt - simp_all - · simp_all only [List.mem_cons, - or_true, implies_true, - List.cons_append, denote_writes_cons, - true_implies, Bool.not_eq_eq_eq_not, - Bool.not_true, forall_eq_or_imp, Bool.not_false] + simp_all [Update.regIndexLe, Update.field] + obtain ⟨h1, h2⟩ := h + clear h2 + cases head <;> try simp_all <;> cases head' <;> + try simp_all <;> try exact BitVec.ne_of_lt h1 + rename_i i1 _ i2 _ + cases i1 <;> cases i2 <;> try simp_all + · simp_all /-- Sorting `Updates xs` using `Update.regIndexLe` is immaterial to their denotation @@ -258,10 +426,10 @@ open Expr Update in info: true -/ #guard_msgs in -#eval List.mergeSort [.w_gpr 1#5 (.var 1), .w_gpr 1#5 (.var 2)] Update.regIndexLe = +#eval List.mergeSort [.gpr 1#5 1, .gpr 1#5 2] Update.regIndexLe = -- If a write shadows another, then `List.mergeSort` with `Update.regIndexLe` -- will preserve the order of the writes. - [.w_gpr 1#5 (.var 1), .w_gpr 1#5 (.var 2)] + [.gpr 1#5 1, .gpr 1#5 2] /-- Erase repeated adjacent elements. Keeps the first occurrence of each run. @@ -274,7 +442,7 @@ def Expr.eraseReps (us : Updates) : Updates := | [x] => [x] | x :: y :: rest => match x.field == y.field with - | true => x :: eraseReps rest + | true => eraseReps (x :: rest) | false => x :: eraseReps (y :: rest) @[local simp] @@ -291,8 +459,10 @@ theorem denote_writes_eraseReps : rename_i x y rest h_eq ih simp [Expr.eraseReps, h_eq] simp [Update.field] at h_eq + cases x <;> try simp_all <;> cases y <;> + try simp_all [Update.field, Update.var] <;> rw [h_eq, w_of_w_shadow] - simp_all + all_goals (simp_all [Update.field, Update.var]; rw [w_of_w_shadow]) case case4 => rename_i x y rest h_eq ih simp [Expr.eraseReps, h_eq] @@ -307,8 +477,11 @@ match u, us, rs with match a.field == a'.field with | true => loop a as rs | false => loop a' as (a::rs) + /-- Tail-recursive version of `Expr.eraseReps`. + +(FIXME) Prove equivalent to `Expr.eraseReps`. -/ def Expr.eraseAdjReps (us : Updates) : Updates := match us with @@ -372,15 +545,31 @@ theorem Expr.eraseReps_and_eraseAdjReps.loop : -/ def Expr.prune (e : Expr) : Expr := - let e_nodups := eraseReps $ List.mergeSort e.writes Update.regIndexLe + let e_sorted := List.mergeSort e.writes Update.regIndexLe + let e_nodups := eraseReps e_sorted { e with writes := e_nodups } open Expr Update in /-- -info: { curr_state := 1, prev_state := 0, writes := [ArmConstr.Update.w_gpr 0x00#5 (ArmConstr.GPRVal.var 0)] } +info: { curr_state := 1, + prev_state := 0, + writes := [ArmConstr.Update.pc 0, + ArmConstr.Update.sfp 0x00#5 3, + ArmConstr.Update.sfp 0x01#5 2, + ArmConstr.Update.sfp 0x02#5 1, + ArmConstr.Update.sfp 0x03#5 0] } -/ #guard_msgs in -#eval prune { prev_state := 0, curr_state := 1, writes := [w_gpr 0#5 (.var 0), w_gpr 0#5 (.var 1)] } +#eval Expr.prune { curr_state := 1, + prev_state := 0, + writes := [(.pc 0), + (.sfp 0x03#5 0), + (.pc 1), + (.sfp 0x02#5 1), + (.pc 2), + (.sfp 0x01#5 2), + (.pc 3), + (.sfp 0x00#5 3)]} /-- Does removing shadowed writes in `e1` give `e2`? @@ -404,13 +593,17 @@ theorem example1 s1 = w (.GPR 0#5) x0 (w (.GPR 1#5) x1 s0) := by exact ((Expr.eq_true_of_denote { state := [s0, s1], - gpr := [x0, x1] } + gpr := [x0, x1], + sfp := [], + pc := [], + flag := [], + err := [] } -- e1 { prev_state := 0, curr_state := 1, - writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1), w_gpr 0#5 (.var 1)] } + writes := [.gpr 0#5 (0), .gpr 1#5 (1), .gpr 0#5 (1)] } -- e2 { prev_state := 0, curr_state := 1, - writes := [w_gpr 0#5 (.var 0), w_gpr 1#5 (.var 1)] } + writes := [.gpr 0#5 (0), .gpr 1#5 (1)] } (by native_decide))) h_s1 diff --git a/Tactics/Sym.lean b/Tactics/Sym.lean index 5e574124..ca17f2ba 100644 --- a/Tactics/Sym.lean +++ b/Tactics/Sym.lean @@ -228,6 +228,11 @@ elab "explode_step" h_step:term " at " state:term : tactic => withMainContext do let c ← SymContext.fromMainContext (some stateDecl.userName) let _ ← SymM.run c <| explodeStep hStep +-- elab "prune_updates" h_step:term : tactic => withMainContext do +-- let hStep ← elabTerm h_step none +-- let ax ← AxEffects.fromEq hStep +-- let _ ← ax.addHypothesesToLContext + /-- Symbolically simulate a single step, according the the symbolic simulation context `c`, returning the context for the next step in simulation. -/ diff --git a/Tests/SHA2/SHA512ProgramTest.lean b/Tests/SHA2/SHA512ProgramTest.lean index 5bbad78a..fda116ac 100644 --- a/Tests/SHA2/SHA512ProgramTest.lean +++ b/Tests/SHA2/SHA512ProgramTest.lean @@ -112,6 +112,9 @@ def init_sha512_test : ArmState := -- `Tests/SHA512_PC.log`. -- #eval (log_run "Tests/SHA512_PC.log" pc_trace 503 init_sha512_test) +-- #eval r (.SFP 0) (run 5 init_sha512_test) = SHA512_H0.extractLsb' 0 128 +-- #eval r (.SFP 0) (run 5 init_sha512_test) = (SHA2.h0_512.b ++ SHA2.h0_512.a) + def final_sha512_state : ArmState := run 503 init_sha512_test def final_sha512_pc : BitVec 64 := read_pc final_sha512_state @@ -124,6 +127,10 @@ def final_sha512_pc : BitVec 64 := read_pc final_sha512_state -- def final_sha512_hash : BitVec 512 := read_mem_bytes 64 ctx_address final_sha512_state +example : (final_sha512_hash = (r (.SFP 3) final_sha512_state) ++ (r (.SFP 2) final_sha512_state) ++ + (r (.SFP 1) final_sha512_state) ++ (r (.SFP 0) final_sha512_state)):= by + native_decide + -- Proof that we have reached the end of the program. example : final_sha512_pc = -- Get the address (first element of the pair) from the From c59a39375c76b61876d21715303e41f872b21b81 Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Tue, 12 Nov 2024 11:32:57 -0600 Subject: [PATCH 17/20] Add missing copyright header --- Tests/Tactics/SymBlock.lean | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Tests/Tactics/SymBlock.lean b/Tests/Tactics/SymBlock.lean index bbc57eaf..7539062b 100644 --- a/Tests/Tactics/SymBlock.lean +++ b/Tests/Tactics/SymBlock.lean @@ -1,3 +1,8 @@ +/- +Copyright (c) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. +Released under Apache 2.0 license as described in the file LICENSE. +Author(s): Shilpi Goel +-/ import Tactics.SymBlock import Tactics.StepThms From dd971b2faec8768166d1e96b178e0e746a1985ba Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Tue, 12 Nov 2024 17:51:41 -0600 Subject: [PATCH 18/20] Fix a bug in the application of mkNeProofOfNotMemAndMem --- Proofs/SHA512/SHA512.lean | 2 +- Proofs/SHA512/SHA512BlockSym.lean | 15 ++++++--------- Proofs/SHA512/SHA512LoopBlocks.lean | 4 ++-- Tactics/Sym/AxEffects.lean | 2 +- Tests/Tactics/SymBlock.lean | 3 ++- 5 files changed, 12 insertions(+), 14 deletions(-) diff --git a/Proofs/SHA512/SHA512.lean b/Proofs/SHA512/SHA512.lean index 202f9d24..699bc9b9 100644 --- a/Proofs/SHA512/SHA512.lean +++ b/Proofs/SHA512/SHA512.lean @@ -5,4 +5,4 @@ Author(s): Shilpi Goel -/ import Proofs.SHA512.SHA512_block_armv8_rules import Proofs.SHA512.SHA512Sym --- import Proofs.SHA512.SHA512BlockSym +import Proofs.SHA512.SHA512BlockSym diff --git a/Proofs/SHA512/SHA512BlockSym.lean b/Proofs/SHA512/SHA512BlockSym.lean index f92347c5..70929983 100644 --- a/Proofs/SHA512/SHA512BlockSym.lean +++ b/Proofs/SHA512/SHA512BlockSym.lean @@ -11,11 +11,11 @@ import Tactics.ClearNamed open BitVec namespace SHA512 -#eval SHA2.k_512.length #time -set_option trace.Tactic.sym.info true in -set_option trace.Tactic.sym true in +set_option linter.unusedVariables false in +-- set_option trace.Tactic.sym.info true in +-- set_option trace.Tactic.sym true in set_option pp.maxSteps 100 in theorem sha512_loop_sym {s0 sf : ArmState} { a b c d e f g h @@ -92,14 +92,11 @@ theorem sha512_loop_sym {s0 sf : ArmState} (h_run : sf = run 485 s0) : r .ERR sf = .None - /- - More generally: - r .PC sf = (if ¬r (StateField.GPR 0x2#5) s0 - 0x1#64 = 0x0#64 + -- More generally: + ∧ r .PC sf = (if ¬r (StateField.GPR 0x2#5) s0 - 0x1#64 = 0x0#64 then 0x126500#64 else 0x126c94#64) - -/ - -- ∧ r .PC sf = 0x126c94#64 --- ∧ r (.SFP 1) sf = q1 + -- ∧ r (.SFP 1) sf = q1 -- ∧ (r (.SFP 3) sf ++ r (.SFP 2) sf ++ r (.SFP 1) sf ++ r (.SFP 0) sf) = final_hash := by -- Symbolic Simulation diff --git a/Proofs/SHA512/SHA512LoopBlocks.lean b/Proofs/SHA512/SHA512LoopBlocks.lean index 5d99da84..5044ec9e 100644 --- a/Proofs/SHA512/SHA512LoopBlocks.lean +++ b/Proofs/SHA512/SHA512LoopBlocks.lean @@ -38,6 +38,7 @@ namespace SHA512 -- done -- sorry +/- set_option trace.Tactic.prune_updates true in theorem program.blocki_eq_0x126500_1 {s : ArmState} (h_program : s.program = program) @@ -76,8 +77,8 @@ theorem program.blocki_eq_0x126500_1 {s : ArmState} -- exact h_step_20 -- done sorry +-/ -/- -- #eval ((Cfg.create' (0x126500#64) (0x126500#64 + 20*4) SHA512.program).toOption.get!).maybe_modified_regs #time theorem program.blocki_eq_0x126500 {s : ArmState} @@ -15666,4 +15667,3 @@ theorem program.blocki_eq_0x126c80 {s : ArmState} -- explode_step h_step_5 at s5 exact h_step_5 done --/ diff --git a/Tactics/Sym/AxEffects.lean b/Tactics/Sym/AxEffects.lean index e701ca41..fb1a6956 100644 --- a/Tactics/Sym/AxEffects.lean +++ b/Tactics/Sym/AxEffects.lean @@ -377,7 +377,7 @@ private def update_w (eff : AxEffects) (fld val : Expr) : -- `fld` was previously modified let neProof := -- : `` - mkNeProofOfNotMemAndMem 0 (mkConst ``StateField) f fld modifiedFields h nonMemHyp + mkNeProofOfNotMemAndMem 0 (mkConst ``StateField) f fld modifiedFields nonMemHyp h -- Adjust the proof let proof ← newProofOfNe proof neProof -- And abstract `f` and `nonMemHyp` again, without changing their types diff --git a/Tests/Tactics/SymBlock.lean b/Tests/Tactics/SymBlock.lean index 7539062b..627cbb2b 100644 --- a/Tests/Tactics/SymBlock.lean +++ b/Tests/Tactics/SymBlock.lean @@ -57,6 +57,7 @@ theorem ugh_program.blocki_eq_0x12650c_alt {s : ArmState} -- simp (config := {decide := true}) -- [h_step_3, h_step_2, h_step_1, state_simp_rules] at h_step_4 sorry + theorem ugh_program.blocki_eq_0x12651c {s : ArmState} (h_program : s.program = ugh_program) (h_pc : r StateField.PC s = 0x12651c#64) @@ -78,7 +79,7 @@ theorem test_orig {s0 : ArmState} (h_err : r StateField.ERR s0 = StateError.None) (h_run : sf = run 8 s0) : sf.program = ugh_program := by - sym_n 8 (add_hyps := true) + sym_n 8 #time From b477dc5017cff6c83dd7dff119d55516214b5d71 Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Tue, 12 Nov 2024 20:15:04 -0600 Subject: [PATCH 19/20] Add capability to sym_block to specify a list of possibly different block sizes --- Proofs/SHA512/SHA512BlockSym.lean | 6 ++- Tactics/SymBlock.lean | 64 +++++++++++++++++++++++++------ Tests/Tactics/SymBlock.lean | 3 +- 3 files changed, 59 insertions(+), 14 deletions(-) diff --git a/Proofs/SHA512/SHA512BlockSym.lean b/Proofs/SHA512/SHA512BlockSym.lean index 70929983..6e8308b4 100644 --- a/Proofs/SHA512/SHA512BlockSym.lean +++ b/Proofs/SHA512/SHA512BlockSym.lean @@ -100,7 +100,11 @@ theorem sha512_loop_sym {s0 sf : ArmState} -- ∧ (r (.SFP 3) sf ++ r (.SFP 2) sf ++ r (.SFP 1) sf ++ r (.SFP 0) sf) = final_hash := by -- Symbolic Simulation - sym_block 485 (block_size := 20) -- ceiling|485/20| blocks + -- sym_block 485 (block_size := 20) -- ceiling|485/20| blocks + sym_block 485 (block_sizes := [20, 20, 20, 20, 20, 20, 20, + 20, 20, 20, 20, 20, 20, 20, + 20, 20, 20, 20, 20, 20, 20, + 20, 20, 20, 5]) -- clear_named [h_s, blocki_] -- Reasoning -- subst h_N diff --git a/Tactics/SymBlock.lean b/Tactics/SymBlock.lean index 978ac06d..4d627c14 100644 --- a/Tactics/SymBlock.lean +++ b/Tactics/SymBlock.lean @@ -135,28 +135,63 @@ def sym_block1 (blockSize stepsLeft : Nat) : SymM Unit := do traceHeartbeats syntax sym_block_size := "(" "block_size" " := " num ")" +syntax sym_block_sizes := "(" "block_sizes" " := " "[" num,* "]" ")" + +/-- +Get the first `n` elements of the list `xs`, where `acc` is the accumulator. + +(FIXME) Implicit assumption: `xs` has at least one assumption. +-/ +def first_n (n : Nat) (xs acc : List Nat) : List Nat := + match n with + | 0 => acc.reverse + | n' + 1 => first_n n' xs.tail (List.headD xs 0 :: acc) + +/-- info: 5 -/ +#guard_msgs in +#eval (first_n 1 [5, 2, 2, 1] []).foldl Nat.add 0 open Elab.Term (elabTerm) in -elab "sym_block" n:num block_size:(sym_block_size)? s:(sym_at)? : tactic => do +elab "sym_block" n:num + -- block_size:(sym_block_size)? + block_sizes:(sym_block_sizes)? + s:(sym_at)? : tactic => do traceHeartbeats "initial heartbeats" let s ← s.mapM fun | `(sym_at|at $s:ident) => pure s.getId | _ => Lean.Elab.throwUnsupportedSyntax - let block_size ← block_size.mapM (fun - | `(sym_block_size|(block_size := $val)) => pure val.getNat - | _ => -- If no block size is specified, we step one instruction at a time. - pure 1) - let block_size := block_size.get! + let block_sizes ← block_sizes.mapM (fun + | `(sym_block_sizes|(block_sizes := [$elems,*])) => do + let size_exprs ← elems.getElems.mapM (fun elem => do + let size := elem.getNat + return (mkNatLit size)) + let size_terms ← size_exprs.mapM (fun e => do + let some val ← Lean.Meta.getNatValue? e | throwError "" + return val) + dbg_trace s!"size_terms: {size_terms}" + pure size_terms.toList + | _ => + -- (FIXME) + -- If no block size is specified, we step one instruction at a time. + pure [1]) + let block_sizes := block_sizes.get! + trace[Tactic.sym.info] "block_sizes: {block_sizes}" + + -- let block_size ← block_size.mapM (fun + -- | `(sym_block_size|(block_size := $val)) => pure val.getNat + -- | _ => -- If no block size is specified, we step one instruction at a time. + -- pure 1) + -- let block_size := block_size.get! let c ← SymContext.fromMainContext s -- TODO: Is this `get!` safe? - let total_steps := c.runSteps?.get! + -- let total_steps := c.runSteps?.get! -- The number of instructions, not blocks, the user asked to simulate. let sim_steps := n.getNat -- We compute the number of blocks to be simulated using a ceiling divide. -- Note that the last block can be < `block_size`. - let num_blocks := (sim_steps + block_size - 1) / block_size + -- let num_blocks := (sim_steps + block_size - 1) / block_size SymM.run' c <| withMainContext' <| do -- Check pre-conditions @@ -166,10 +201,15 @@ elab "sym_block" n:num block_size:(sym_block_size)? s:(sym_at)? : tactic => do withMainContext' <| do -- The main loop - for i in List.range num_blocks do - let block_size' := min (sim_steps - (i * block_size)) block_size - let steps_left := (total_steps - (i * block_size) - block_size') - sym_block1 block_size' steps_left + -- for i in List.range num_blocks do + -- let block_size' := min (sim_steps - (i * block_size)) block_size + -- let steps_left := (total_steps - (i * block_size) - block_size') + -- sym_block1 block_size' steps_left + let mut ctr := 0 + for bsize in block_sizes do + ctr := ctr + 1 + let steps_left := sim_steps - ((first_n ctr block_sizes []).foldl Nat.add 0) + sym_block1 bsize steps_left traceHeartbeats "symbolic simulation total" withCurrHeartbeats <| diff --git a/Tests/Tactics/SymBlock.lean b/Tests/Tactics/SymBlock.lean index 627cbb2b..da82e4fe 100644 --- a/Tests/Tactics/SymBlock.lean +++ b/Tests/Tactics/SymBlock.lean @@ -90,5 +90,6 @@ theorem test {s0 : ArmState} (h_err : r StateField.ERR s0 = StateError.None) (h_run : sf = run 8 s0) : sf.program = ugh_program := by - sym_block 8 (block_size := 4) -- 2 blocks: size 4 each + -- sym_block 8 (block_size := 4) -- 2 blocks: size 4 each + sym_block 8 (block_sizes := [4, 4]) done From b1378c4ade068d2fae62cc75de1b55f38946f1f0 Mon Sep 17 00:00:00 2001 From: Shilpi Goel Date: Wed, 13 Nov 2024 15:15:16 -0600 Subject: [PATCH 20/20] Add an example where prune_updates times out --- Tactics/PruneUpdates.lean | 64 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/Tactics/PruneUpdates.lean b/Tactics/PruneUpdates.lean index fe76829d..3b60b40c 100644 --- a/Tactics/PruneUpdates.lean +++ b/Tactics/PruneUpdates.lean @@ -412,6 +412,20 @@ private theorem example2 prune_updates h_s1 done +/-- +info: private theorem ArmConstr.ArmConstr.example2 : ∀ {s1 : ArmState} {x100 x100' : state_value (StateField.GPR 1#5)} + {x500 : state_value (StateField.GPR 0#5)} {x1 : state_value (StateField.GPR 8#5)} {s0 : ArmState}, + s1 = w (StateField.GPR 1#5) (x100 + x100') (w (StateField.GPR 0#5) x500 (w (StateField.GPR 8#5) x1 s0)) → + s1 = w (StateField.GPR 0#5) x500 (w (StateField.GPR 1#5) (x100 + x100') (w (StateField.GPR 8#5) x1 s0)) := +fun {s1} {x100 x100'} {x500} {x1} {s0} h_s1 => + eq_true_of_denote { state := [s0, s1], err := [], pc := [], gpr := [x100 + x100', x500, x1], sfp := [], flag := [] } + { curr_state := 1, prev_state := 0, writes := [Update.gpr (1#5) 0, Update.gpr (0#5) 1, Update.gpr (8#5) 2] } + { curr_state := 1, prev_state := 0, writes := [Update.gpr (0#5) 1, Update.gpr (1#5) 0, Update.gpr (8#5) 2] } + (ofReduceBool ArmConstr.ArmConstr.example2._armexpr_reflection_def_1 true (Eq.refl true)) h_s1 +-/ +#guard_msgs in +#print example2 + #time -- set_option trace.Tactic.prune_updates.answer true in private theorem example3 @@ -446,4 +460,54 @@ private theorem example3 prune_updates h_s1 done +/- +set_option trace.Tactic.prune_updates true in +-- set_option trace.Tactic.prune_updates.answer true in +theorem timeout_example + (h_step : s' = w (StateField.GPR 0x1#5) + (if ¬(AddWithCarry (r (StateField.GPR 0x2#5) s) 0xfffffffffffffffe#64 0x1#1).snd.z = 0x1#1 then + r (StateField.GPR 0x1#5) s + else r (StateField.GPR 0x1#5) s - 0x80#64) + (w StateField.PC 0x126520#64 + (w (StateField.SFP 0x1d#5) (r (StateField.SFP 0x3#5) s) + (w StateField.PC 0x126518#64 + (w (StateField.SFP 0x1c#5) (r (StateField.SFP 0x2#5) s) + (w StateField.PC 0x126514#64 + (w (StateField.SFP 0x1b#5) (r (StateField.SFP 0x1#5) s) + (w StateField.PC 0x126510#64 + (w (StateField.SFP 0x1a#5) (r (StateField.SFP 0x0#5) s) + (w (StateField.GPR 0x4#5) (r (StateField.GPR 0x1#5) s - 0x80#64) + (w StateField.PC 0x12650c#64 + (w (StateField.GPR 0x2#5) (r (StateField.GPR 0x2#5) s - 0x1#64) + (w (StateField.FLAG PFlag.V) + (AddWithCarry (r (StateField.GPR 0x2#5) s) 0xfffffffffffffffe#64 0x1#1).snd.v + (w (StateField.FLAG PFlag.C) + (AddWithCarry (r (StateField.GPR 0x2#5) s) 0xfffffffffffffffe#64 0x1#1).snd.c + (w (StateField.FLAG PFlag.Z) + (AddWithCarry (r (StateField.GPR 0x2#5) s) 0xfffffffffffffffe#64 0x1#1).snd.z + (w (StateField.FLAG PFlag.N) + (AddWithCarry (r (StateField.GPR 0x2#5) s) 0xfffffffffffffffe#64 0x1#1).snd.n + (w StateField.PC 0x126508#64 + (w (StateField.GPR 0x3#5) (r (StateField.GPR 0x3#5) s + 0x10#64) + (w (StateField.SFP 0x18#5) (read_mem_bytes 16 (r (StateField.GPR 0x3#5) s) s) + s))))))))))))))))))) : + s' = (w .PC (1205536#64) (w (.GPR 0x01#5) (if + ¬(AddWithCarry (r (StateField.GPR 2#5) s) 18446744073709551614#64 1#1).snd.z = 1#1 then r (StateField.GPR 1#5) s + else + r (StateField.GPR 1#5) s - 128#64) + (w (.GPR 0x02#5) (r (StateField.GPR 2#5) s - 1#64) + (w (.GPR 0x03#5) (r (StateField.GPR 3#5) s + 16#64) + (w (.GPR 0x04#5) (r (StateField.GPR 1#5) s - 128#64) + (w (.SFP 0x18#5) (read_mem_bytes 16 (r (StateField.GPR 3#5) s) s) + (w (.SFP 0x1a#5) (r (StateField.SFP 0#5) s) + (w (.SFP 0x1b#5) (r (StateField.SFP 1#5) s) + (w (.SFP 0x1c#5) (r (StateField.SFP 2#5) s) + (w (.SFP 0x1d#5) (r (StateField.SFP 3#5) s) + (w (.FLAG N) ((AddWithCarry (r (StateField.GPR 2#5) s) 18446744073709551614#64 1#1).snd.n) + (w (.FLAG Z) ((AddWithCarry (r (StateField.GPR 2#5) s) 18446744073709551614#64 1#1).snd.z) + (w (.FLAG C) ((AddWithCarry (r (StateField.GPR 2#5) s) 18446744073709551614#64 1#1).snd.c) + (w (.FLAG V) ((AddWithCarry (r (StateField.GPR 2#5) s) 18446744073709551614#64 1#1).snd.v) s)))))))))))))) := by + prune_updates h_step +-/ + end Tests