From 1330aa74c4a66a7a2052c5a908416ae5286ec2b8 Mon Sep 17 00:00:00 2001 From: billow Date: Sun, 22 Dec 2024 17:20:57 +0800 Subject: [PATCH 1/8] rz-test: add `-y` option to accept all (#4772) * Add rz-test '-y' option to accept all * Add '-y' into the help text --- binrz/rz-test/rz-test.c | 46 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/binrz/rz-test/rz-test.c b/binrz/rz-test/rz-test.c index 25402a043f3..719a25e614e 100644 --- a/binrz/rz-test/rz-test.c +++ b/binrz/rz-test/rz-test.c @@ -59,6 +59,7 @@ static void interact(RzTestState *state); static bool interact_fix(RzTestResultInfo *result, RzPVector /**/ *fixup_results); static void interact_break(RzTestResultInfo *result, RzPVector /**/ *fixup_results); static void interact_commands(RzTestResultInfo *result, RzPVector /**/ *fixup_results); +static void accept_all(RzTestState *state); static int help(bool verbose) { printf("%s%s%s", Color_CYAN, "Usage: ", Color_RESET); @@ -71,6 +72,7 @@ static int help(bool verbose) { "-q", "", "Quiet mode", "-V", "", "Be verbose", "-i", "", "Interactive mode", + "-y", "", "Accept all interactive changes", "-n", "", "Do nothing (don't run any test, just load/parse them)", "-L", "", "Log mode (better printing for CI, logfiles, etc.)", "-F", "[dir]", "Run fuzz tests (open and default analysis) on all files in the given dir", @@ -176,6 +178,7 @@ int rz_test_main(int argc, const char **argv) { bool nothing = false; bool quiet = false; bool interactive = false; + bool accept = false; char *rizin_cmd = NULL; char *rz_asm_cmd = NULL; char *json_test_file = NULL; @@ -209,7 +212,7 @@ int rz_test_main(int argc, const char **argv) { #endif RzGetopt opt; - rz_getopt_init(&opt, argc, (const char **)argv, "hqvj:r:m:f:C:LnVt:F:io:e:s:x:"); + rz_getopt_init(&opt, argc, (const char **)argv, "hqvj:r:m:f:C:LnVt:F:io:e:s:x:y"); int c; while ((c = rz_getopt_next(&opt)) != -1) { @@ -236,6 +239,9 @@ int rz_test_main(int argc, const char **argv) { case 'i': interactive = true; break; + case 'y': + accept = true; + break; case 'L': log_mode = true; break; @@ -561,6 +567,10 @@ int rz_test_main(int argc, const char **argv) { interact(&state); } + if (accept) { + accept_all(&state); + } + if (expect_succ > 0 && expect_succ != state.ok_count) { ret = 1; } @@ -1050,6 +1060,40 @@ static void interact(RzTestState *state) { rz_pvector_clear(&failed_results); } +static void accept_all(RzTestState *state) { + void **it; + RzPVector failed_results; + rz_pvector_init(&failed_results, NULL); + rz_pvector_foreach (&state->results, it) { + RzTestResultInfo *result = *it; + if (result->result == RZ_TEST_RESULT_FAILED) { + rz_pvector_push(&failed_results, result); + } + } + if (rz_pvector_empty(&failed_results)) { + goto beach; + } + +#if __WINDOWS__ + (void)SetConsoleOutputCP(65001); // UTF-8 +#endif + + rz_pvector_foreach (&failed_results, it) { + RzTestResultInfo *result = *it; + if (result->test->type != RZ_TEST_TYPE_CMD && result->test->type != RZ_TEST_TYPE_ASM) { + continue; + } + if (!interact_fix(result, &failed_results)) { + char *name = rz_test_test_name(result->test); + printf("This test %s has failed too hard to be fixed.\n", name ? name : ""); + free(name); + } + } + +beach: + rz_pvector_clear(&failed_results); +} + static char *format_cmd_kv(const char *key, const char *val) { RzStrBuf buf; rz_strbuf_init(&buf); From de594ca1305d4d792b1bcd28918ce6b74f8c1649 Mon Sep 17 00:00:00 2001 From: Khairul Azhar Kasmiran Date: Mon, 23 Dec 2024 20:18:45 +0800 Subject: [PATCH 2/8] dbtj: Add space between flags in `desc` property (#4790) --- librz/core/cdebug.c | 2 +- test/db/archos/linux-x64/dbg_trace | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/librz/core/cdebug.c b/librz/core/cdebug.c index 5be1af5778b..b8eb6defa58 100644 --- a/librz/core/cdebug.c +++ b/librz/core/cdebug.c @@ -995,7 +995,7 @@ RZ_API RZ_OWN RzList /**/ *rz_core_debug_backtraces(RzCore *core) get_backtrace_info(core, frame, UT64_MAX, &bt->flagdesc, &bt->flagdesc2, &bt->pcstr, &bt->spstr); bt->fcn = rz_analysis_get_fcn_in(core->analysis, frame->addr, 0); bt->frame = RZ_NEWCOPY(RzDebugFrame, frame); - bt->desc = rz_str_newf("%s%s", rz_str_get_null(bt->flagdesc), rz_str_get_null(bt->flagdesc2)); + bt->desc = rz_str_newf("%s %s", rz_str_get_null(bt->flagdesc), rz_str_get_null(bt->flagdesc2)); } rz_list_free(list); return bts; diff --git a/test/db/archos/linux-x64/dbg_trace b/test/db/archos/linux-x64/dbg_trace index b1c23516cb1..d3d3385e397 100644 --- a/test/db/archos/linux-x64/dbg_trace +++ b/test/db/archos/linux-x64/dbg_trace @@ -58,16 +58,21 @@ CMDS=< Date: Mon, 23 Dec 2024 22:03:15 +0800 Subject: [PATCH 3/8] subprojects: update rz-libdemangle (#4791) --- subprojects/libdemangle.wrap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/subprojects/libdemangle.wrap b/subprojects/libdemangle.wrap index 95b5a13a90b..2a765cecd1b 100644 --- a/subprojects/libdemangle.wrap +++ b/subprojects/libdemangle.wrap @@ -1,4 +1,4 @@ [wrap-git] url = https://github.com/rizinorg/rz-libdemangle.git -revision = e1bbcb889e704c36d42d33cbac132f3c5f5fe91d +revision = d3083c18befed11069b65c57c2ad79fa5d9afba4 depth = 1 From 313ce7661dd11cee410ada55c19bf858249d11f5 Mon Sep 17 00:00:00 2001 From: Khairul Azhar Kasmiran Date: Tue, 24 Dec 2024 20:10:07 +0800 Subject: [PATCH 4/8] Remove trailing space in dbg_trace test (#4792) --- test/db/archos/linux-x64/dbg_trace | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/db/archos/linux-x64/dbg_trace b/test/db/archos/linux-x64/dbg_trace index d3d3385e397..c49c840c90d 100644 --- a/test/db/archos/linux-x64/dbg_trace +++ b/test/db/archos/linux-x64/dbg_trace @@ -56,20 +56,20 @@ FILE=bins/elf/analysis/calls_x64 ARGS=-d CMDS=< Date: Tue, 24 Dec 2024 23:35:42 +0800 Subject: [PATCH 5/8] rzil: add VM event memory (read|write) index (#4789) This is because the memory of the RzIL VM has an index, but the index is ignored when an event is generated. --- librz/il/il_events.c | 8 ++++++-- librz/il/il_export_string.c | 12 ++++++++++-- librz/il/il_vm_eval.c | 9 +++++---- librz/include/rz_il/rz_il_events.h | 6 ++++-- 4 files changed, 25 insertions(+), 10 deletions(-) diff --git a/librz/il/il_events.c b/librz/il/il_events.c index 336763dd6ef..67a03827c1e 100644 --- a/librz/il/il_events.c +++ b/librz/il/il_events.c @@ -94,10 +94,11 @@ RZ_API RZ_OWN RzILEvent *rz_il_event_pc_write_new(RZ_NONNULL const RzBitVector * /** * Creates an RzILEvent of type RZ_IL_EVENT_MEM_READ + * \param index, RzILMemIndex, index of the memory to read * \param addr, RzBitVector, address of the memory where the read op has occurred * \param value, RzBitVector, value read from the variable */ -RZ_API RZ_OWN RzILEvent *rz_il_event_mem_read_new(RZ_NONNULL const RzBitVector *address, RZ_NULLABLE const RzBitVector *value) { +RZ_API RZ_OWN RzILEvent *rz_il_event_mem_read_new(RzILMemIndex index, RZ_NONNULL const RzBitVector *address, RZ_NULLABLE const RzBitVector *value) { rz_return_val_if_fail(address && value, NULL); RzILEvent *evt = RZ_NEW(RzILEvent); @@ -106,6 +107,7 @@ RZ_API RZ_OWN RzILEvent *rz_il_event_mem_read_new(RZ_NONNULL const RzBitVector * } evt->type = RZ_IL_EVENT_MEM_READ; + evt->data.mem_read.index = index; evt->data.mem_read.address = rz_bv_dup(address); evt->data.mem_read.value = rz_bv_dup(value); if (!evt->data.mem_read.address || !evt->data.mem_read.value) { @@ -118,11 +120,12 @@ RZ_API RZ_OWN RzILEvent *rz_il_event_mem_read_new(RZ_NONNULL const RzBitVector * /** * Creates an RzILEvent of type RZ_IL_EVENT_MEM_WRITE + * \param index, RzILMemIndex, index of the memory to store data * \param addr, RzBitVector, address of the memory that has changed * \param old_v, RzBitVector, old value before the change * \param new_v, RzBitVector, new value after the change */ -RZ_API RZ_OWN RzILEvent *rz_il_event_mem_write_new(RZ_NONNULL const RzBitVector *addr, RZ_NONNULL const RzBitVector *old_v, RZ_NONNULL const RzBitVector *new_v) { +RZ_API RZ_OWN RzILEvent *rz_il_event_mem_write_new(RzILMemIndex index, RZ_NONNULL const RzBitVector *addr, RZ_NONNULL const RzBitVector *old_v, RZ_NONNULL const RzBitVector *new_v) { rz_return_val_if_fail(addr && old_v && new_v, NULL); RzILEvent *evt = RZ_NEW(RzILEvent); @@ -131,6 +134,7 @@ RZ_API RZ_OWN RzILEvent *rz_il_event_mem_write_new(RZ_NONNULL const RzBitVector } evt->type = RZ_IL_EVENT_MEM_WRITE; + evt->data.mem_write.index = index; evt->data.mem_write.address = rz_bv_dup(addr); evt->data.mem_write.old_value = rz_bv_dup(old_v); evt->data.mem_write.new_value = rz_bv_dup(new_v); diff --git a/librz/il/il_export_string.c b/librz/il/il_export_string.c index 748cc13a3fb..4705df3c332 100644 --- a/librz/il/il_export_string.c +++ b/librz/il/il_export_string.c @@ -1079,7 +1079,11 @@ RZ_API void rz_il_event_stringify(RZ_NONNULL const RzILEvent *evt, RZ_NONNULL Rz case RZ_IL_EVENT_MEM_READ: tmp0 = rz_bv_as_hex_string(evt->data.mem_read.address, false); tmp1 = evt->data.mem_read.value ? rz_bv_as_hex_string(evt->data.mem_read.value, false) : NULL; - rz_strbuf_appendf(sb, "mem_read(addr: %s, value: %s)", tmp0, tmp1 ? tmp1 : "uninitialized memory"); + if (evt->data.mem_read.index == 0) { + rz_strbuf_appendf(sb, "mem_read(addr: %s, value: %s)", tmp0, tmp1 ? tmp1 : "uninitialized memory"); + } else { + rz_strbuf_appendf(sb, "mem_read(index: %u, addr: %s, value: %s)", evt->data.mem_read.index, tmp0, tmp1 ? tmp1 : "uninitialized memory"); + } break; case RZ_IL_EVENT_VAR_READ: tmp1 = rz_il_value_stringify(evt->data.var_read.value); @@ -1089,7 +1093,11 @@ RZ_API void rz_il_event_stringify(RZ_NONNULL const RzILEvent *evt, RZ_NONNULL Rz tmp0 = rz_bv_as_hex_string(evt->data.mem_write.address, false); tmp1 = evt->data.mem_write.old_value ? rz_bv_as_hex_string(evt->data.mem_write.old_value, false) : NULL; tmp2 = rz_bv_as_hex_string(evt->data.mem_write.new_value, false); - rz_strbuf_appendf(sb, "mem_write(addr: %s, old: %s, new: %s)", tmp0, tmp1 ? tmp1 : "uninitialized memory", tmp2); + if (evt->data.mem_write.index == 0) { + rz_strbuf_appendf(sb, "mem_write(addr: %s, old: %s, new: %s)", tmp0, tmp1 ? tmp1 : "uninitialized memory", tmp2); + } else { + rz_strbuf_appendf(sb, "mem_write(index: %u, addr: %s, old: %s, new: %s)", evt->data.mem_write.index, tmp0, tmp1 ? tmp1 : "uninitialized memory", tmp2); + } break; case RZ_IL_EVENT_VAR_WRITE: tmp1 = rz_il_value_stringify(evt->data.var_write.old_value); diff --git a/librz/il/il_vm_eval.c b/librz/il/il_vm_eval.c index 9e1ffeaee11..afa0bc10c1c 100644 --- a/librz/il/il_vm_eval.c +++ b/librz/il/il_vm_eval.c @@ -204,7 +204,7 @@ RZ_API RzBitVector *rz_il_vm_mem_load(RzILVM *vm, RzILMemIndex index, RzBitVecto return NULL; } RzBitVector *value = rz_il_mem_load(mem, key); - rz_il_vm_event_add(vm, rz_il_event_mem_read_new(key, value)); + rz_il_vm_event_add(vm, rz_il_event_mem_read_new(index, key, value)); return value; } @@ -225,7 +225,7 @@ RZ_API void rz_il_vm_mem_store(RzILVM *vm, RzILMemIndex index, RzBitVector *key, } RzBitVector *old_value = rz_il_mem_load(mem, key); rz_il_mem_store(mem, key, value); - rz_il_vm_event_add(vm, rz_il_event_mem_write_new(key, old_value, value)); + rz_il_vm_event_add(vm, rz_il_event_mem_write_new(index, key, old_value, value)); rz_bv_free(old_value); } @@ -243,7 +243,7 @@ RZ_API RzBitVector *rz_il_vm_mem_loadw(RzILVM *vm, RzILMemIndex index, RzBitVect return NULL; } RzBitVector *value = rz_il_mem_loadw(mem, key, n_bits, vm->big_endian); - rz_il_vm_event_add(vm, rz_il_event_mem_read_new(key, value)); + rz_il_vm_event_add(vm, rz_il_event_mem_read_new(index, key, value)); return value; } @@ -251,6 +251,7 @@ RZ_API RzBitVector *rz_il_vm_mem_loadw(RzILVM *vm, RzILMemIndex index, RzBitVect * Store data to memory by key, will create a key-value pair * or update the key-value pair if key existed; also generates * an RZ_IL_EVENT_MEM_WRITE event + * \param index RzILMemIndex, index of the memory to store data * \param vm RzILVM* pointer to VM * \param key RzBitVector, aka address, a key to store data from memory * \param value RzBitVector, aka value to store in memory @@ -267,7 +268,7 @@ RZ_API void rz_il_vm_mem_storew(RzILVM *vm, RzILMemIndex index, RzBitVector *key RZ_LOG_ERROR("StoreW mem %u 0x%llx failed\n", (unsigned int)index, rz_bv_to_ut64(key)); goto end; } - rz_il_vm_event_add(vm, rz_il_event_mem_write_new(key, old_value, value)); + rz_il_vm_event_add(vm, rz_il_event_mem_write_new(index, key, old_value, value)); end: rz_bv_free(old_value); } diff --git a/librz/include/rz_il/rz_il_events.h b/librz/include/rz_il/rz_il_events.h index 72607d0ed32..9d86f30eeb9 100644 --- a/librz/include/rz_il/rz_il_events.h +++ b/librz/include/rz_il/rz_il_events.h @@ -28,6 +28,7 @@ typedef enum rz_il_event_id_t { } RzILEventId; typedef struct rz_il_vm_event_mem_read_t { + RzILMemIndex index; RZ_NONNULL RzBitVector *address; RZ_NONNULL RzBitVector *value; } RzILEventMemRead; @@ -43,6 +44,7 @@ typedef struct rz_il_vm_event_pc_write_t { } RzILEventPCWrite; typedef struct rz_il_vm_event_mem_write_t { + RzILMemIndex index; RZ_NONNULL RzBitVector *address; RZ_NONNULL RzBitVector *old_value; RZ_NONNULL RzBitVector *new_value; @@ -68,9 +70,9 @@ typedef struct rz_il_vm_event_t { RZ_API RZ_OWN RzILEvent *rz_il_event_exception_new(RZ_NONNULL const char *exception); RZ_API RZ_OWN RzILEvent *rz_il_event_pc_write_new(RZ_NONNULL const RzBitVector *old_pc, RZ_NONNULL const RzBitVector *new_pc); -RZ_API RZ_OWN RzILEvent *rz_il_event_mem_read_new(RZ_NONNULL const RzBitVector *addr, RZ_NULLABLE const RzBitVector *value); +RZ_API RZ_OWN RzILEvent *rz_il_event_mem_read_new(RzILMemIndex index, RZ_NONNULL const RzBitVector *addr, RZ_NULLABLE const RzBitVector *value); RZ_API RZ_OWN RzILEvent *rz_il_event_var_read_new(RZ_NONNULL const char *name, RZ_NULLABLE const RzILVal *value); -RZ_API RZ_OWN RzILEvent *rz_il_event_mem_write_new(RZ_NONNULL const RzBitVector *addr, RZ_NONNULL const RzBitVector *old_v, RZ_NONNULL const RzBitVector *new_v); +RZ_API RZ_OWN RzILEvent *rz_il_event_mem_write_new(RzILMemIndex index, RZ_NONNULL const RzBitVector *addr, RZ_NONNULL const RzBitVector *old_v, RZ_NONNULL const RzBitVector *new_v); RZ_API RZ_OWN RzILEvent *rz_il_event_var_write_new(RZ_NONNULL const char *name, RZ_NULLABLE const RzILVal *old_v, RZ_NONNULL const RzILVal *new_v); RZ_API void rz_il_event_free(RZ_NULLABLE RzILEvent *evt); From 56f834d2efa2f01f262e4ce0dd59fb35ced660f4 Mon Sep 17 00:00:00 2001 From: Khairul Azhar Kasmiran Date: Wed, 25 Dec 2024 19:15:18 +0800 Subject: [PATCH 6/8] Fix `:?` (#4793) --- librz/core/cmd_descs/cmd_descs.c | 4 ++-- librz/core/cmd_descs/cmd_descs.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/librz/core/cmd_descs/cmd_descs.c b/librz/core/cmd_descs/cmd_descs.c index 744bd5f4570..a235723ce46 100644 --- a/librz/core/cmd_descs/cmd_descs.c +++ b/librz/core/cmd_descs/cmd_descs.c @@ -19195,7 +19195,7 @@ static const RzCmdDescHelp grep_help = { static const RzCmdDescDetailEntry specifiers_Table_space_format_space_specifiers_space__oparen__minor_table_spec_greater__cparen__detail_entries[] = { { .text = "/sort/", .arg_str = NULL, .comment = "Sort table by column in increasing or decreasing order." }, { .text = "/sortlen/", .arg_str = NULL, .comment = "Sort table length of column in increasing or decreasing order." }, - { .text = "/cols[/[/...]", .arg_str = NULL, .comment = "Show only specified columns in the table." }, + { .text = "/cols[/[/...]]", .arg_str = NULL, .comment = "Show only specified columns in the table." }, { .text = "", .arg_str = NULL, .comment = "Show only column (it must not have the same name as an output format specifier)." }, { .text = "/gt/", .arg_str = NULL, .comment = "Grep rows where column is greater than ." }, { .text = "/ge/", .arg_str = NULL, .comment = "Grep rows where column is greater than or equal to ." }, @@ -19236,7 +19236,7 @@ static const RzCmdDescDetail specifiers_details[] = { }; static const RzCmdDescHelp specifiers_help = { .summary = "Command specifiers (table-output only for now)", - .usage = "[:[::...]:]", + .usage = "[:[:...]][:]", .options = "[?]", .details = specifiers_details, }; diff --git a/librz/core/cmd_descs/cmd_descs.yaml b/librz/core/cmd_descs/cmd_descs.yaml index 5a0c71bc2d2..33ff3cfb56d 100644 --- a/librz/core/cmd_descs/cmd_descs.yaml +++ b/librz/core/cmd_descs/cmd_descs.yaml @@ -564,7 +564,7 @@ commands: options: "[?]" summary: Command specifiers (table-output only for now) type: RZ_CMD_DESC_TYPE_FAKE - usage: "[:[::...]:]" + usage: "[:[:...]][:]" details: - name: Table format specifiers () entries: @@ -572,7 +572,7 @@ commands: comment: Sort table by column in increasing or decreasing order. - text: "/sortlen/" comment: Sort table length of column in increasing or decreasing order. - - text: "/cols[/[/...]" + - text: "/cols[/[/...]]" comment: Show only specified columns in the table. - text: "" comment: Show only column (it must not have the same name as an output format specifier). From 4c055aaffa9474ad45260de58b553c2adc196b8e Mon Sep 17 00:00:00 2001 From: billow Date: Thu, 26 Dec 2024 01:32:02 +0800 Subject: [PATCH 7/8] test: add DWARF with Unicode names test (#4794) --- test/db/cmd/dwarf | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/test/db/cmd/dwarf b/test/db/cmd/dwarf index be766cbf7a1..a0a63cd4233 100644 --- a/test/db/cmd/dwarf +++ b/test/db/cmd/dwarf @@ -1,3 +1,39 @@ +NAME="DWARF with unicode" +FILE=bins/dwarf/demo_utf8 +CMDS=< Date: Thu, 26 Dec 2024 01:55:38 +0800 Subject: [PATCH 8/8] librz/arch: add Xtensa RzIL support (#4712) - **Add support for rzIL**: Implement various Xtensa instructions and functionalities. - **Instruction Set Additions**: - **Arithmetic and Logical Operations**: sub*, add*, and*, or*, xor*, mul*, div*, rem*, neg*, abs, addi*, addmi, addexp*, addexpm*, addx2|4|8 - **Bitwise Operations**: srl*, sra*, sll*, andb, andbc, nsau, nsa - **Branching and Jumps**: b*, beq*, bne*, ball, bany, bnall, bnone, j, jx, loop*, loopgez, loopnez - **Data Transfer**: st*, ld*, l32*, l16*, l8ui, ssi*, ssa*, src - **Floating Point**: sqrt0.s, float.s, floor.s, trunc*, ueq*, ule*, ult*, ufloat*, neg.s, oeq.s, ole.s, olt.s, min, max, clamps, nex - **System Calls and Synchronization**: syscall, simcall, entry, isync, dsync, esync, rsync, memw - **Miscellaneous**: const_s, extui, extw, excw, sext, witlb, wur, rur.*, mksadj.ss, mkdadj.s, const_s - **Testing and Patches**: - Implement asm tests for all - **Miscellaneous Improvements**: - Update Capstone and fix ARM architecture support for building. --- librz/arch/il/analysis_il.c | 3 + librz/arch/isa/xtensa/xtensa.h | 17 +- librz/arch/isa/xtensa/xtensa_il.c | 2169 ++++++++++++++++++++ librz/arch/meson.build | 1 + librz/arch/p/analysis/analysis_xtensa_cs.c | 177 +- librz/include/rz_analysis.h | 5 +- test/db/asm/xtensa | 323 +++ test/db/cmd/cmd_list | 2 +- test/db/esil/xtensa_32 | 28 +- test/db/rzil/xtensa | 32 + 10 files changed, 2730 insertions(+), 27 deletions(-) create mode 100644 librz/arch/isa/xtensa/xtensa_il.c create mode 100644 test/db/asm/xtensa create mode 100644 test/db/rzil/xtensa diff --git a/librz/arch/il/analysis_il.c b/librz/arch/il/analysis_il.c index dc6d5495584..e81da3891ef 100644 --- a/librz/arch/il/analysis_il.c +++ b/librz/arch/il/analysis_il.c @@ -201,6 +201,9 @@ static void setup_vm_init_state(RzAnalysisILVM *vm, RZ_NULLABLE RzAnalysisILInit rz_vector_foreach (&is->vars, v) { rz_il_vm_set_global_var(vm->vm, v->name, rz_il_value_dup(v->val)); } + if (is->cb) { + is->cb(vm, reg); + } } } diff --git a/librz/arch/isa/xtensa/xtensa.h b/librz/arch/isa/xtensa/xtensa.h index bac49bba876..1ac178cc22f 100644 --- a/librz/arch/isa/xtensa/xtensa.h +++ b/librz/arch/isa/xtensa/xtensa.h @@ -31,6 +31,8 @@ bool xtensa_open(XtensaContext *ctx, const char *cpu, bool big_endian); bool xtensa_disassemble(XtensaContext *self, const ut8 *buf, int len, ut64 addr); void xtensa_disassemble_fini(XtensaContext *self); void xtensa_analyze_op_esil(XtensaContext *ctx, RzAnalysisOp *op); +void xtensa_analyze_op_rzil(XtensaContext *ctx, RzAnalysisOp *op); +RzAnalysisILConfig *xtensa_il_config(RzAnalysis *a); static inline cs_xtensa_op_mem *xtensa_op_mem(cs_insn *insn, unsigned int index) { cs_xtensa_op *op = &insn->detail->xtensa.operands[index]; @@ -56,12 +58,13 @@ static inline int32_t xtensa_op_l32r(cs_insn *insn, unsigned int index) { return op->imm; } -#define XOP(I) (ctx->insn->detail->xtensa.operands + I) -#define MEM(I) xtensa_op_mem(ctx->insn, I) -#define REGI(I) xtensa_op_reg(ctx->insn, I) -#define REGN(I) cs_reg_name(ctx->handle, (xtensa_op_reg(ctx->insn, I))) -#define IMM(I) xtensa_op_imm(ctx->insn, I) -#define L32R(I) xtensa_op_l32r(ctx->insn, I) -#define INSN_SIZE (ctx->insn->size) +#define XOP(I) (ctx->insn->detail->xtensa.operands + I) +#define MEM(I) xtensa_op_mem(ctx->insn, I) +#define REGI(I) xtensa_op_reg(ctx->insn, I) +#define REGNAME(I) cs_reg_name(ctx->handle, (I)) +#define REGN(I) REGNAME(REGI((I))) +#define IMM(I) xtensa_op_imm(ctx->insn, I) +#define L32R(I) xtensa_op_l32r(ctx->insn, I) +#define INSN_SIZE (ctx->insn->size) #endif // RZ_XTENSA_H diff --git a/librz/arch/isa/xtensa/xtensa_il.c b/librz/arch/isa/xtensa/xtensa_il.c new file mode 100644 index 00000000000..9862f91836a --- /dev/null +++ b/librz/arch/isa/xtensa/xtensa_il.c @@ -0,0 +1,2169 @@ +// SPDX-FileCopyrightText: 2024 billow +// SPDX-License-Identifier: LGPL-3.0-only + +#include "xtensa.h" + +static const char *epc_tbl[] = { + NULL, "epc1", "epc2", "epc3", "epc4", "epc5", "epc6", "epc7" +}; +static const char *eps_tbl[] = { + NULL, "eps1", "eps2", "eps3", "eps4", "eps5", "eps6", "eps7" +}; + +#include + +static const char *xAR[] = { + "a0", + "a1", + "a2", + "a3", + "a4", + "a5", + "a6", + "a7", + "a8", + "a9", + "a10", + "a11", + "a12", + "a13", + "a14", + "a15", +}; + +static RzILOpPure *x_ARindex(ut8 i) { + return MUL(U32(4), LOGOR(U32(i & 0x3), SHIFTL0(ADD(VARG("windowbase"), U32((i & 0xc) >> 2)), U32(2)))); +} + +/** + * We need to hook VARG and SETG to replace a0-a15 with the actual address according to windowbase and windowstart. + */ +static RzILOpPure *x_varg(const char *name) { + for (size_t i = 0; i < RZ_ARRAY_SIZE(xAR); ++i) { + if (RZ_STR_EQ(name, xAR[i])) { + return rz_il_op_new_loadw(1, x_ARindex(i), 32); + } + } + return VARG(name); +} + +static RzILOpEffect *x_setg(const char *name, RzILOpPure *x) { + for (size_t i = 0; i < RZ_ARRAY_SIZE(xAR); ++i) { + if (RZ_STR_EQ(name, xAR[i])) { + return rz_il_op_new_storew(1, x_ARindex(i), x); + } + } + return SETG(name, x); +} + +#undef VARG +#undef SETG +#define VARG x_varg +#define SETG x_setg + +#define FORMAT (ctx->insn->detail->xtensa.format) +#define PC (ctx->insn->address) +#define nextPC (ctx->insn->address + ctx->insn->size) + +#define IREG(I) VARG(REGN(I)) +#define IREGi(I, i) VARG(cs_reg_name(ctx->handle, (REGI(I) + i))) +#define IMEM(I) ADD(VARG(REGNAME(MEM((I))->base)), S32(MEM((I))->disp)) +#define IEPC(I) VARG(epc_tbl[I]) +#define IEPS(I) VARG(eps_tbl[I]) + +#define ABS(X) ITE(SGT(X, S32(0)), X, NEG(X)) +#define V32(X) UNSIGNED(32, (X)) +#define V64(X) UNSIGNED(64, (X)) + +#define B2U32(X) BOOL_TO_BV(X, 32) + +typedef RzAnalysisLiftedILOp (*fn_analyze_op_il)(XtensaContext *ctx); +typedef RzILOpPure *(fn_op2)(RzILOpBool *x, RzILOpBool *y); + +enum { + PS_INTLEVEL, /// Interrupt level mask + PS_EXCM, /// Exception mask + PS_UM, + PS_RING, + PS_OWB, /// Old window base + PS_CALLINC, /// Call increment + PS_WOE, /// Window overflow enable +}; + +enum { + FCR_RM, + FCR_EV, + FCR_EZ, + FCR_EO, + FCR_EU, + FCR_EI, + FCR_MBZ, + FCR_IGNORE, +}; + +enum { + FSR_I = 1, + FSR_U = 1 << 1, + FSR_O = 1 << 2, + FSR_Z = 1 << 3, + FSR_V = 1 << 4, + FSR_MBZ = 1 << 5, + FSR_IGNORE = 1 << 6, +}; + +typedef struct { + ut32 field; + ut8 offset; + ut8 width; +} RegField; + +typedef struct { + RegField tbl[64]; + size_t size; + ut8 width; +} RegFieldTbl; + +static const RegFieldTbl ps_field_tbl = { + .tbl = { + { PS_INTLEVEL, 0, 4 }, + { PS_EXCM, 4, 1 }, + { PS_UM, 5, 1 }, + { PS_RING, 6, 2 }, + { PS_OWB, 8, 4 }, + { PS_CALLINC, 16, 2 }, + { PS_WOE, 18, 1 }, + }, + .size = 7, + .width = 32, +}; + +static const RegFieldTbl fsr_field_tbl = { + .tbl = { + { FSR_IGNORE, 0, 7 }, + { FSR_I, 7, 1 }, + { FSR_U, 8, 1 }, + { FSR_O, 9, 1 }, + { FSR_Z, 10, 1 }, + { FSR_V, 11, 1 }, + { FSR_MBZ, 12, 20 }, + }, + .size = 7, + .width = 32, +}; + +static RzILOpPure *reg_field_set(const RegFieldTbl *tbl, ut32 field, RzILOpPure *orig, RzILOpPure *v) { + for (size_t i = 0; i < tbl->size; ++i) { + const RegField *f = tbl->tbl + i; + if (field == f->field) { + return tbl->width == 32 + ? DEPOSIT32(orig, U32(f->offset), U32(f->width), v) + : DEPOSIT64(orig, U32(f->offset), U32(f->width), v); + } + } + rz_warn_if_reached(); + return NULL; +} + +static RzILOpPure *reg_field_get(const RegFieldTbl *tbl, ut32 field, RzILOpPure *orig) { + for (size_t i = 0; i < tbl->size; ++i) { + const RegField *f = tbl->tbl + i; + if (field == f->field) { + return tbl->width == 32 + ? EXTRACT32(orig, U32(f->offset), U32(f->width)) + : EXTRACT64(orig, U32(f->offset), U32(f->width)); + } + } + rz_warn_if_reached(); + return NULL; +} + +#define PS_field_set(F, V) SETG("ps", reg_field_set(&ps_field_tbl, (F), VARG("ps"), (V))) +#define PS_field_get(F) reg_field_get(&ps_field_tbl, (F), VARG("ps")) +#define PS_EXCM_CLEAR PS_field_set(PS_EXCM, U32(0)) + +#define FCR_field_set(F, V) SETG("fcr", reg_field_set(&fcr_field_tbl, (F), VARG("fcr"), (V))) +#define FCR_field_get(F) reg_field_get(&fcr_field_tbl, (F), VARG("fcr")) + +#define FSR_field_set(F, V) SETG("fsr", reg_field_set(&fsr_field_tbl, (F), VARG("fsr"), (V))) +#define FSR_field_get(F) reg_field_get(&fsr_field_tbl, (F), VARG("fsr")) + +static RzAnalysisLiftedILOp f_cons_(RzILOpEffect *x, RzILOpEffect *y) { + if (!(x && x->code == RZ_IL_OP_SEQ)) { + goto err; + } + RzILOpEffect *last = x; + while (last->op.seq.y && last->op.seq.y->code == RZ_IL_OP_SEQ) { + last = last->op.seq.y; + } + if (last->op.seq.y) { + RzILOpEffect *seq = RZ_NEW0(RzILOpEffect); + if (!seq) { + goto err; + } + seq->code = RZ_IL_OP_SEQ; + seq->op.seq.x = last->op.seq.y; + seq->op.seq.y = y; + last->op.seq.y = seq; + } else { + last->op.seq.y = y; + } + return x; +err: + rz_warn_if_reached(); + rz_il_op_effect_free(x); + rz_il_op_effect_free(y); + return NULL; +} + +static RzILOpEffect *FSR_set(ut16 fs, RzILOpPure *v) { + RzILOpEffect *eff = SEQ2( + SETL("fsr_v", v), + NOP()); + if (fs & FSR_V) { + eff = f_cons_(eff, FSR_field_set(FSR_V, B2U32(FEXCEPT(RZ_FLOAT_E_INVALID_OP, VARL("fsr_v"))))); + } + if (fs & FSR_I) { + eff = f_cons_(eff, FSR_field_set(FSR_I, B2U32(FEXCEPT(RZ_FLOAT_E_INEXACT, VARL("fsr_v"))))); + } + if (fs & FSR_O) { + eff = f_cons_(eff, FSR_field_set(FSR_O, B2U32(FEXCEPT(RZ_FLOAT_E_OVERFLOW, VARL("fsr_v"))))); + } + if (fs & FSR_U) { + eff = f_cons_(eff, FSR_field_set(FSR_U, B2U32(FEXCEPT(RZ_FLOAT_E_UNDERFLOW, VARL("fsr_v"))))); + } + if (fs & FSR_Z) { + eff = f_cons_(eff, FSR_field_set(FSR_Z, B2U32(FEXCEPT(RZ_FLOAT_E_DIV_ZERO, VARL("fsr_v"))))); + } + rz_warn_if_fail(eff); + return eff; +} + +static RzILOpEffect *ARi_set(RzILOpPure *i, RzILOpPure *v) { + RzILOpEffect *eff03 = + BRANCH(EQ(DUP(i), U32(3)), SETG("a3", DUP(v)), + BRANCH(EQ(DUP(i), U32(2)), SETG("a2", DUP(v)), + BRANCH(EQ(DUP(i), U32(1)), SETG("a1", DUP(v)), + BRANCH(EQ(DUP(i), U32(0)), SETG("a0", DUP(v)), + NOP() // Error: Invalid register index + )))); + RzILOpEffect *eff07 = BRANCH(EQ(DUP(i), U32(7)), SETG("a7", DUP(v)), + BRANCH(EQ(DUP(i), U32(6)), SETG("a6", DUP(v)), + BRANCH(EQ(DUP(i), U32(5)), SETG("a5", DUP(v)), + BRANCH(EQ(DUP(i), U32(4)), SETG("a4", DUP(v)), eff03)))); + RzILOpEffect *eff011 = BRANCH(EQ(DUP(i), U32(11)), SETG("a11", DUP(v)), + BRANCH(EQ(DUP(i), U32(10)), SETG("a10", DUP(v)), + BRANCH(EQ(DUP(i), U32(9)), SETG("a9", DUP(v)), + BRANCH(EQ(DUP(i), U32(8)), SETG("a8", DUP(v)), eff07)))); + return BRANCH(ULT(i, U32(16)), + BRANCH(EQ(DUP(i), U32(15)), SETG("a15", v), + BRANCH(EQ(DUP(i), U32(14)), SETG("a14", DUP(v)), + BRANCH(EQ(DUP(i), U32(13)), SETG("a13", DUP(v)), + BRANCH(EQ(DUP(i), U32(12)), SETG("a12", DUP(v)), + eff011)))), + NOP() // Error: Register index out of range + ); +} + +static RzAnalysisLiftedILOp op_abs(XtensaContext *ctx) { + return SETG(REGN(0), ABS(IREG(1))); +} + +static RzAnalysisLiftedILOp op_abs_s(XtensaContext *ctx) { + return SETG(REGN(0), UNSIGNED(64, F2BV(FABS(FLOATV32(IREG(1)))))); +} + +static RzAnalysisLiftedILOp op_add(XtensaContext *ctx) { + return SETG(REGN(0), ADD(IREG(1), IREG(2))); +} + +static RzAnalysisLiftedILOp op_addi(XtensaContext *ctx) { + return SETG(REGN(0), ADD(IREG(1), S32(IMM(2)))); +} + +static RzAnalysisLiftedILOp op_add_s(XtensaContext *ctx) { + return SEQ3( + SETL("fres", FADD(RZ_FLOAT_RMODE_RNA, FLOATV32(IREG(1)), FLOATV32(IREG(2)))), + SETG(REGN(0), UNSIGNED(64, F2BV(VARL("fres")))), + FSR_set(FSR_V | FSR_O | FSR_I, VARL("fres"))); +} + +static RzILOpPure *apply2_range2(RzILOpPure *self, fn_op2 fn, RzILOpPure *x, RzILOpPure *y, + unsigned begin1, unsigned begin2, unsigned length) { + return DEPOSIT64( + self, + U64(begin1), U32(length), + fn(EXTRACT64(x, U64(begin1), U32(length)), EXTRACT64(y, U64(begin2), U32(length)))); +} + +static RzILOpPure *f_add_sub127(RzILOpPure *x, RzILOpPure *y) { + return SUB(ADD(x, y), U64(127)); +} + +static RzAnalysisLiftedILOp op_addexp_s(XtensaContext *ctx) { + return SEQ3( + SETL("FRr", apply2_range2(IREG(0), rz_il_op_new_log_xor, IREG(0), IREG(1), 31, 31, 1)), + SETL("FRr", apply2_range2(VARL("FRr"), f_add_sub127, IREG(0), IREG(1), 23, 23, 8)), + SETG(REGN(0), VARL("FRr"))); +} + +static RzAnalysisLiftedILOp op_addexpm_s(XtensaContext *ctx) { + return SEQ3( + SETL("FRr", apply2_range2(IREG(0), rz_il_op_new_log_xor, IREG(0), IREG(1), 31, 22, 1)), + SETL("FRr", apply2_range2(VARL("FRr"), f_add_sub127, IREG(0), IREG(1), 23, 14, 8)), + SETG(REGN(0), VARL("FRr"))); +} + +static RzAnalysisLiftedILOp op_addx2(XtensaContext *ctx) { + return SETG(REGN(0), ADD(SHIFTL0(IREG(1), U32(1)), IREG(2))); +} + +static RzAnalysisLiftedILOp op_addx4(XtensaContext *ctx) { + return SETG(REGN(0), ADD(SHIFTL0(IREG(1), U32(2)), IREG(2))); +} + +static RzAnalysisLiftedILOp op_addx8(XtensaContext *ctx) { + return SETG(REGN(0), ADD(SHIFTL0(IREG(1), U32(3)), IREG(2))); +} + +static uint8_t RRR_s(XtensaContext *ctx) { + return ctx->insn->bytes[1] & 0xf; +} + +static RzAnalysisLiftedILOp op_binary4(XtensaContext *ctx, fn_op2 f) { + rz_return_val_if_fail(FORMAT == XTENSA_INSN_FORM_RRR && RRR_s(ctx) % 4 == 0, NULL); + return SETG(REGN(0), f(f(f(IREGi(1, 0), IREGi(1, 1)), IREGi(1, 2)), IREGi(1, 3))); +} + +static RzAnalysisLiftedILOp op_binary8(XtensaContext *ctx, fn_op2 f) { + rz_return_val_if_fail(FORMAT == XTENSA_INSN_FORM_RRR && RRR_s(ctx) % 8 == 0, NULL); + RzILOpPure *res03 = f(f(f(IREGi(1, 0), IREGi(1, 1)), IREGi(1, 2)), IREGi(1, 3)); + RzILOpPure *res47 = f(f(f(IREGi(1, 4), IREGi(1, 5)), IREGi(1, 6)), IREGi(1, 7)); + return SETG(REGN(0), f(res03, res47)); +} + +static RzAnalysisLiftedILOp op_all4(XtensaContext *ctx) { + return op_binary4(ctx, rz_il_op_new_bool_and); +} + +static RzAnalysisLiftedILOp op_all8(XtensaContext *ctx) { + return op_binary8(ctx, rz_il_op_new_bool_and); +} + +static RzAnalysisLiftedILOp op_any4(XtensaContext *ctx) { + return op_binary4(ctx, rz_il_op_new_bool_or); +} + +static RzAnalysisLiftedILOp op_any8(XtensaContext *ctx) { + return op_binary8(ctx, rz_il_op_new_bool_or); +} + +static RzAnalysisLiftedILOp op_and(XtensaContext *ctx) { + return SETG(REGN(0), LOGAND(IREG(1), IREG(2))); +} + +static RzAnalysisLiftedILOp op_andb(XtensaContext *ctx) { + return SETG(REGN(0), AND(IREG(1), IREG(2))); +} + +static RzAnalysisLiftedILOp op_andbc(XtensaContext *ctx) { + return SETG(REGN(0), AND(IREG(1), INV(IREG(2)))); +} + +static RzAnalysisLiftedILOp op_ball(XtensaContext *ctx) { + return BRANCH( + IS_ZERO(LOGAND(LOGNOT(IREG(0)), IREG(1))), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bnall(XtensaContext *ctx) { + return BRANCH( + NON_ZERO(LOGAND(LOGNOT(IREG(0)), IREG(1))), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bany(XtensaContext *ctx) { + return BRANCH( + NON_ZERO(LOGAND(IREG(0), IREG(1))), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bnone(XtensaContext *ctx) { + return BRANCH( + IS_ZERO(LOGAND(IREG(0), IREG(1))), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzILOpPure *msbFirst_n(XtensaContext *ctx, unsigned n) { + bool big_endian = (ctx->mode & CS_MODE_BIG_ENDIAN) == CS_MODE_BIG_ENDIAN; + return big_endian ? U32((1 << n) - 1) : U32(0); +} + +#define msbFirst(n) msbFirst_n(ctx, n) + +static RzAnalysisLiftedILOp op_bbc(XtensaContext *ctx) { + return SEQ2( + SETL("b", LOGXOR(EXTRACT32(IREG(1), U32(0), U32(5)), msbFirst(5))), + BRANCH( + IS_ZERO(EXTRACT32(IREG(0), VARL("b"), U32(1))), + JMP(U32(PC + IMM(2))), + NOP())); +} + +static RzAnalysisLiftedILOp op_bbs(XtensaContext *ctx) { + return SEQ2( + SETL("b", LOGXOR(EXTRACT32(IREG(1), U32(0), U32(5)), msbFirst(5))), + BRANCH( + NON_ZERO(EXTRACT32(IREG(0), VARL("b"), U32(1))), + JMP(U32(PC + IMM(2))), + NOP())); +} + +static RzAnalysisLiftedILOp op_bbci(XtensaContext *ctx) { + return SEQ2( + SETL("b", LOGXOR(U32(IMM(1)), msbFirst(5))), + BRANCH( + IS_ZERO(EXTRACT32(IREG(0), VARL("b"), U32(1))), + JMP(U32(PC + IMM(2))), + NOP())); +} + +static RzAnalysisLiftedILOp op_bbsi(XtensaContext *ctx) { + return SEQ2( + SETL("b", LOGXOR(U32(IMM(1)), msbFirst(5))), + BRANCH( + NON_ZERO(EXTRACT32(IREG(0), VARL("b"), U32(1))), + JMP(U32(PC + IMM(2))), + NOP())); +} + +static RzAnalysisLiftedILOp op_beq(XtensaContext *ctx) { + return BRANCH( + EQ(IREG(0), IREG(1)), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bne(XtensaContext *ctx) { + return BRANCH( + NE(IREG(0), IREG(1)), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_beqi(XtensaContext *ctx) { + return BRANCH( + EQ(IREG(0), U32(IMM(1))), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bnei(XtensaContext *ctx) { + return BRANCH( + NE(IREG(0), U32(IMM(1))), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_beqz(XtensaContext *ctx) { + return BRANCH( + EQ(IREG(0), U32(0)), + JMP(U32(PC + IMM(1))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bnez(XtensaContext *ctx) { + return BRANCH( + NE(IREG(0), U32(0)), + JMP(U32(PC + IMM(1))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bf(XtensaContext *ctx) { + return BRANCH( + IREG(0), + JMP(U32(PC + IMM(1))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bt(XtensaContext *ctx) { + return BRANCH( + INV(IREG(0)), + JMP(U32(PC + IMM(1))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bge(XtensaContext *ctx) { + return BRANCH( + SGE(IREG(0), IREG(1)), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_blt(XtensaContext *ctx) { + return BRANCH( + SLT(IREG(0), IREG(1)), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bgei(XtensaContext *ctx) { + return BRANCH( + SGE(IREG(0), S32(IMM(1))), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_blti(XtensaContext *ctx) { + return BRANCH( + SLT(IREG(0), S32(IMM(1))), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bgeu(XtensaContext *ctx) { + return BRANCH( + UGE(IREG(0), IREG(1)), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bltu(XtensaContext *ctx) { + return BRANCH( + ULT(IREG(0), IREG(1)), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bgeui(XtensaContext *ctx) { + return BRANCH( + UGE(IREG(0), S32(IMM(1))), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bltui(XtensaContext *ctx) { + return BRANCH( + ULT(IREG(0), S32(IMM(1))), + JMP(U32(PC + IMM(2))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bgez(XtensaContext *ctx) { + return BRANCH( + SGE(IREG(0), S32(0)), + JMP(U32(PC + IMM(1))), + NOP()); +} + +static RzAnalysisLiftedILOp op_bltz(XtensaContext *ctx) { + return BRANCH( + SLT(IREG(0), S32(0)), + JMP(U32(PC + IMM(1))), + NOP()); +} + +/** + * + * procedure WindowCheck (wr, ws, wt) + * n ← if (wr β‰  2'b00 or ws β‰  2'b00 or wt β‰  2'b00) + * and WindowStartWindowBase+1 then 2’b01 + * else if (wr1 or ws1 or wt1) + * and WindowStartWindowBase+2 then 2’b10 + * else if (wr = 2'b11 or ws = 2'b11 or wt = 2'b11) + * and WindowStartWindowBase+3 then 2’b11 + * else 2’b00 + * if CWOE = 1 and n β‰  2’b00 then + * PS.OWB ← WindowBase + * m ← WindowBase + (2'b00ǁn) + * PS.EXCM ← 1 + * EPC[1] ← PC + * nextPC ← if WindowStartm+1 then WindowOverflow4 + * else if WindowStartm+2 then WindowOverflow8 + * else WindowOverflow12 + * WindowBase ← m + * endif + * endprocedure WindowCheck + */ +static RzILOpEffect *WindowCheck(XtensaContext *ctx, RzILOpPure *wr, RzILOpPure *ws, RzILOpPure *wt) { + return SEQ3( + SETL("cwoe", ITE(NON_ZERO(PS_field_get(PS_EXCM)), U32(0), PS_field_get(PS_WOE))), + SETL("n", + ITE(AND(OR(NON_ZERO(wr), OR(NON_ZERO(ws), NON_ZERO(wt))), + NON_ZERO(EXTRACT32(VARG("windowstart"), ADD(VARG("windowbase"), U32(1)), U32(1)))), + U32(1), + ITE(AND(OR(NON_ZERO(DUP(wr)), OR(NON_ZERO(DUP(ws)), NON_ZERO(DUP(wt)))), + NON_ZERO(EXTRACT32(VARG("windowstart"), ADD(VARG("windowbase"), U32(2)), U32(1)))), + U32(2), + ITE(AND(OR(EQ(DUP(wr), U32(3)), OR(EQ(DUP(ws), U32(3)), EQ(DUP(wt), U32(3)))), + NON_ZERO(EXTRACT32(VARG("windowstart"), ADD(VARG("windowbase"), U32(3)), U32(1)))), + U32(3), + U32(0))))), + BRANCH( + AND(EQ(VARL("cwoe"), U32(1)), NE(VARL("n"), U32(0))), + SEQ6( + PS_field_set(PS_OWB, VARG("windowbase")), + SETL("m", ADD(VARG("windowbase"), VARL("n"))), + PS_field_set(PS_EXCM, U32(1)), + SETG("epc1", U32(PC)), + SETG("windowbase", VARL("m")), + SETL("nextPC", ITE(EQ(VARG("windowstart"), U32(0)), U32(1), ITE(EQ(VARG("windowstart"), U32(1)), U32(2), U32(3))))), + NOP())); +} + +static RzAnalysisLiftedILOp op_break(XtensaContext *ctx) { + return NOP(); +} + +static RzAnalysisLiftedILOp op_call0(XtensaContext *ctx) { + return SEQ2( + SETG("a0", U32(nextPC)), + JMP(U32((PC + IMM(0)) & ~0x3))); +} + +static RzAnalysisLiftedILOp op_call4(XtensaContext *ctx) { + return SEQ4( + WindowCheck(ctx, U32(0), U32(0), U32(1)), + PS_field_set(PS_CALLINC, U32(1)), + SETG("a4", U32(0x40000000 | (nextPC & 0x3fffffff))), + JMP(U32((PC + IMM(0)) & ~0x3))); +} + +static RzAnalysisLiftedILOp op_call8(XtensaContext *ctx) { + return SEQ4( + WindowCheck(ctx, U32(0), U32(0), U32(2)), + PS_field_set(PS_CALLINC, U32(2)), + SETG("a8", U32(0x80000000 | (nextPC & 0x3fffffff))), + JMP(U32((PC + IMM(0)) & ~0x3))); +} + +static RzAnalysisLiftedILOp op_call12(XtensaContext *ctx) { + return SEQ4( + WindowCheck(ctx, U32(0), U32(0), U32(3)), + PS_field_set(PS_CALLINC, U32(3)), + SETG("a12", U32(0xc0000000 | (nextPC & 0x3fffffff))), + JMP(U32((PC + IMM(0)) & ~0x3))); +} + +static RzAnalysisLiftedILOp op_callx0(XtensaContext *ctx) { + return SEQ3( + SETL("next", IREG(0)), + SETG("a0", U32(nextPC)), + JMP(VARL("next"))); +} + +static RzAnalysisLiftedILOp op_callx4(XtensaContext *ctx) { + return SEQ5( + WindowCheck(ctx, U32(0), U32(0), U32(1)), + PS_field_set(PS_CALLINC, U32(1)), + SETL("next", IREG(0)), + SETG("a4", U32(0x1 << 29 | (nextPC & 0x3fffffff))), + JMP(VARL("next"))); +} + +static RzAnalysisLiftedILOp op_callx8(XtensaContext *ctx) { + return SEQ5( + WindowCheck(ctx, U32(0), U32(0), U32(2)), + PS_field_set(PS_CALLINC, U32(2)), + SETL("next", IREG(0)), + SETG("a8", U32(0x2 << 29 | (nextPC & 0x3fffffff))), + JMP(VARL("next"))); +} + +static RzAnalysisLiftedILOp op_callx12(XtensaContext *ctx) { + return SEQ5( + WindowCheck(ctx, U32(0), U32(0), U32(3)), + PS_field_set(PS_CALLINC, U32(3)), + SETL("next", IREG(0)), + SETG("a12", U32(0x3 << 29 | (nextPC & 0x3fffffff))), + JMP(VARL("next"))); +} + +static RzAnalysisLiftedILOp op_ceil_s(XtensaContext *ctx) { + return SEQ3( + SETL("fres", FMUL(RZ_FLOAT_RMODE_RNA, FLOATV32(IREG(1)), F32(powf(2, IMM(2))))), + SETG(REGN(0), F2INT(32, RZ_FLOAT_RMODE_RNA, VARL("fres"))), + FSR_set(FSR_V | FSR_I, VARL("fres"))); +} + +static RzAnalysisLiftedILOp op_clamps(XtensaContext *ctx) { + unsigned t = IMM(2); + return SEQ4( + SETL("low", F32(pow(-2, t))), + SETL("high", F32(pow(2, t) - 1)), + SETL("x", FLOATV32(IREG(1))), + SETG(REGN(0), F2BV(ITE(FGT(VARL("x"), VARL("high")), VARL("high"), ITE(FLT(VARL("x"), VARL("low")), VARL("low"), VARL("x")))))); +} + +static const double const_s_tbl[16] = { + .0, + 1., + 2., + .5, + 0, +}; + +static RzAnalysisLiftedILOp op_const_s(XtensaContext *ctx) { + return SETG(REGN(0), UNSIGNED(64, F2BV(F32(const_s_tbl[IMM(1)])))); +} + +/** + * /see p114 https://www.cadence.com/content/dam/cadence-www/global/en_US/documents/tools/silicon-solutions/compute-ip/isa-summary.pdf + * /brief All single-precision and double-precision divide and reciprocal sequences start with the + * following table lookup approximation: + * + * The row in the table is determined by the first three mantissa bits after the hidden bit in the + * divisor. If the divisor is a denormal, then it is normalized and the row in the table is + * determined by the first three mantissa bits after the ’1’ at the beginning. Which entry in the + * row is determined by the next four mantissa bits. The decimal number in the table is + * converted to an 8-bit value, which determines the first eight bits of the first reciprocal + * approximation, including the hidden bit. This process results in a worst case relative error of + * 2**-7.485. The values in the table cover the range for a single exponent starting at just over a + * power of two and going up to just under the next power of two. + */ +// static const ut8 divide_seq[] = { +// 255, 253, 251, 249, 247, 245, 244, 242, 240, 238, 237, 235, 233, 232, 230, 228, +// 227, 225, 224, 222, 221, 219, 218, 216, 215, 213, 212, 211, 209, 208, 207, 205, +// 204, 203, 202, 200, 199, 198, 197, 196, 194, 193, 192, 191, 190, 189, 188, 187, +// 186, 185, 184, 183, 182, 181, 180, 179, 178, 177, 176, 175, 174, 173, 172, 171, +// 170, 169, 168, 168, 167, 166, 165, 164, 163, 163, 162, 161, 160, 159, 159, 158, +// 157, 156, 156, 155, 154, 153, 153, 152, 151, 151, 150, 149, 149, 148, 147, 147, +// 146, 145, 145, 144, 143, 143, 142, 142, 141, 140, 140, 139, 139, 138, 137, 137, +// 136, 136, 135, 135, 134, 133, 133, 132, 132, 131, 131, 130, 130, 129, 129, 129 +// }; +// FIXME: maybe wrong +static RzAnalysisLiftedILOp op_div0_s(XtensaContext *ctx) { + return SETG(REGN(0), UNSIGNED(64, F2BV(FDIV(RZ_FLOAT_RMODE_RNA, FLOATV32(IREG(0)), FLOATV32(IREG(1)))))); +} + +// statusflags: OUI +static RzAnalysisLiftedILOp op_divn_s(XtensaContext *ctx) { + return SEQ6( + SETL("fr", FLOATV32(IREG(0))), + SETL("fs", FLOATV32(IREG(1))), + SETL("ft", FLOATV32(IREG(2))), + SETL("fres", FADD(RZ_FLOAT_RMODE_RNA, VARL("fr"), FMUL(RZ_FLOAT_RMODE_RNA, VARL("fs"), FNEG(VARL("ft"))))), + SETG(REGN(0), UNSIGNED(64, F2BV(VARL("fres")))), + FSR_set(FSR_O | FSR_U | FSR_I, VARL("fres"))); +} + +static RzAnalysisLiftedILOp op_dsync(XtensaContext *ctx) { + return NOP(); +} + +static RzAnalysisLiftedILOp op_entry(XtensaContext *ctx) { + return SEQ2( + WindowCheck(ctx, U32(0), PS_field_get(PS_CALLINC), U32(0)), + BRANCH(OR(UGT(IREG(0), U32(3)), OR(IS_ZERO(PS_field_get(PS_WOE)), EQ(PS_field_get(PS_EXCM), U32(1)))), + NOP(), + SEQ3(ARi_set(PS_field_get(PS_CALLINC), SUB(IREG(0), U32(IMM(1)))), + SETG("windowbase", ADD(VARG("windowbase"), PS_field_get(PS_CALLINC))), + SETG("windowstart", U32(1))))); +} + +static RzAnalysisLiftedILOp op_esync(XtensaContext *ctx) { + return NOP(); +} + +static RzAnalysisLiftedILOp op_excw(XtensaContext *ctx) { + return NOP(); +} + +static RzAnalysisLiftedILOp op_extui(XtensaContext *ctx) { + rz_return_val_if_fail(IMM(3) <= 0xf, NULL); + ut32 mask = (1 << (IMM(3) + 1)) - 1; + ut32 sa = IMM(2); + return SETG(REGN(0), + LET("at", IREG(1), + LOGAND(U32(mask), LET("at1", DEPOSIT32(VARLP("at"), U32(31), U32(1), U32(0)), SHIFTR0(VARLP("at1"), U32(sa)))))); +} + +static RzAnalysisLiftedILOp op_extw(XtensaContext *ctx) { + return NOP(); +} + +// statusflags: I +static RzAnalysisLiftedILOp op_float_s(XtensaContext *ctx) { + return SEQ3(SETL("fres", INT2F(RZ_FLOAT_IEEE754_BIN_32, RZ_FLOAT_RMODE_RNA, DIV(IREG(1), U32(pow(2, -IMM(2)))))), + SETG(REGN(0), UNSIGNED(64, F2BV(VARL("fres")))), + FSR_set(FSR_I, VARL("fres"))); +} + +// statusflags: VI +static RzAnalysisLiftedILOp op_floor_s(XtensaContext *ctx) { + return SEQ3( + SETL("fres", FMUL(RZ_FLOAT_RMODE_RNA, FLOATV32(IREG(1)), F32(pow(2, IMM(2))))), + SETG(REGN(0), F2SINT(32, RZ_FLOAT_RMODE_RNA, VARL("fres"))), + FSR_set(FSR_V | FSR_I, VARL("fres"))); +} + +static RzAnalysisLiftedILOp op_isync(XtensaContext *ctx) { + return NOP(); +} + +static RzAnalysisLiftedILOp op_j(XtensaContext *ctx) { + return JMP(U32(PC + IMM(0))); +} + +static RzAnalysisLiftedILOp op_jx(XtensaContext *ctx) { + return JMP(IREG(0)); +} + +static RzAnalysisLiftedILOp op_l8ui(XtensaContext *ctx) { + return SETG(REGN(0), UNSIGNED(32, LOAD(IMEM(1)))); +} + +static RzAnalysisLiftedILOp op_l16si(XtensaContext *ctx) { + return SETG(REGN(0), + LET("mem16", LOADW(16, IMEM(1)), + SEXTRACT32(UNSIGNED(32, VARLP("mem16")), U32(0), U32(16)))); +} + +static RzAnalysisLiftedILOp op_l16ui(XtensaContext *ctx) { + return SETG(REGN(0), + LET("mem16", LOADW(16, IMEM(1)), + UNSIGNED(32, VARLP("mem16")))); +} + +// FIXME: ring? +static RzAnalysisLiftedILOp op_l32e(XtensaContext *ctx) { + return SETG(REGN(0), LOADW(32, ADD(IREG(1), U32(IMM(2))))); +} + +static RzAnalysisLiftedILOp op_l32i(XtensaContext *ctx) { + return SETG(REGN(0), LOADW(32, IMEM(1))); +} + +static RzAnalysisLiftedILOp op_l32r(XtensaContext *ctx) { + return SETG(REGN(0), LOADW(32, U32(L32R(1)))); +} + +static RzAnalysisLiftedILOp op_lddec(XtensaContext *ctx) { + return SEQ3( + SETL("vAddr", SUB(IREG(1), U32(4))), + SETG(REGN(0), LOADW(32, VARL("vAddr"))), + SETG(REGN(1), VARL("vAddr"))); +} + +static RzAnalysisLiftedILOp op_ldinc(XtensaContext *ctx) { + return SEQ3( + SETL("vAddr", ADD(IREG(1), U32(4))), + SETG(REGN(0), LOADW(32, VARL("vAddr"))), + SETG(REGN(1), VARL("vAddr"))); +} + +static RzAnalysisLiftedILOp op_loop(XtensaContext *ctx) { + return SEQ3( + SETG("lcount", SUB(IREG(0), U32(1))), + SETG("lbeg", U32(nextPC)), + SETG("lend", U32(PC + IMM(1)))); +} + +static RzAnalysisLiftedILOp op_loopgtz(XtensaContext *ctx) { + return SEQ2( + op_loop(ctx), + BRANCH(SLE(IREG(0), S32(0)), + JMP(U32(PC + IMM(1))), NOP())); +} + +static RzAnalysisLiftedILOp op_loopnez(XtensaContext *ctx) { + return SEQ2( + op_loop(ctx), + BRANCH(EQ(IREG(0), S32(0)), + JMP(U32(PC + IMM(1))), NOP())); +} + +static RzAnalysisLiftedILOp op_lsi(XtensaContext *ctx) { + return SEQ3( + SETL("vAddr", IMEM(1)), + SETL("memVal", LOADW(32, VARL("vAddr"))), + SETG(REGN(0), UNSIGNED(64, VARL("memVal")))); +} + +static RzAnalysisLiftedILOp op_lsip(XtensaContext *ctx) { + return SEQ4( + SETL("vAddr", IREG(1)), + SETL("memVal", LOADW(32, VARL("vAddr"))), + SETG(REGN(0), UNSIGNED(64, VARL("memVal"))), + SETG(REGN(1), ADD(VARL("vAddr"), U32(IMM(2))))); +} + +static RzAnalysisLiftedILOp op_lsx(XtensaContext *ctx) { + return SEQ3( + SETL("vAddr", ADD(IREG(1), IREG(2))), + SETL("memVal", LOADW(32, VARL("vAddr"))), + SETG(REGN(0), UNSIGNED(64, VARL("memVal")))); +} + +static RzAnalysisLiftedILOp op_lsxp(XtensaContext *ctx) { + return SEQ4( + SETL("vAddr", IREG(1)), + SETL("memVal", LOADW(32, VARL("vAddr"))), + SETG(REGN(0), UNSIGNED(64, VARL("memVal"))), + SETG(REGN(1), ADD(VARL("vAddr"), IREG(2)))); +} + +// statusflags: VOUI +static RzAnalysisLiftedILOp op_madd_s(XtensaContext *ctx) { + return SEQ6( + SETL("fr", FLOATV32(IREG(0))), + SETL("fs", FLOATV32(IREG(1))), + SETL("ft", FLOATV32(IREG(2))), + SETL("fres", FADD(RZ_FLOAT_RMODE_RNA, VARL("fr"), FMUL(RZ_FLOAT_RMODE_RNA, VARL("fs"), VARL("ft")))), + FSR_set(FSR_V | FSR_O | FSR_U | FSR_I, VARL("fres")), + SETG(REGN(0), UNSIGNED(64, F2BV(VARL("fres"))))); +} + +// statusflags: VOUI +static RzAnalysisLiftedILOp op_msub_s(XtensaContext *ctx) { + return SEQ6( + SETL("fr", FLOATV32(IREG(0))), + SETL("fs", FLOATV32(IREG(1))), + SETL("ft", FLOATV32(IREG(2))), + SETL("fres", FSUB(RZ_FLOAT_RMODE_RNA, VARL("fr"), FMUL(RZ_FLOAT_RMODE_RNA, VARL("fs"), VARL("ft")))), + FSR_set(FSR_V | FSR_O | FSR_U | FSR_I, VARL("fres")), + SETG(REGN(0), UNSIGNED(64, F2BV(VARL("fres"))))); +} + +static RzAnalysisLiftedILOp op_max(XtensaContext *ctx) { + return SETG(REGN(0), ITE(SLT(IREG(1), IREG(2)), IREG(2), IREG(1))); +} + +static RzAnalysisLiftedILOp op_maxu(XtensaContext *ctx) { + return SETG(REGN(0), ITE(ULT(IREG(1), IREG(2)), IREG(2), IREG(1))); +} + +static RzAnalysisLiftedILOp op_min(XtensaContext *ctx) { + return SETG(REGN(0), ITE(SGT(IREG(1), IREG(2)), IREG(2), IREG(1))); +} + +static RzAnalysisLiftedILOp op_minu(XtensaContext *ctx) { + return SETG(REGN(0), ITE(UGT(IREG(1), IREG(2)), IREG(2), IREG(1))); +} + +static RzAnalysisLiftedILOp op_memw(XtensaContext *ctx) { + return NOP(); +} + +// TODO: float +static RzAnalysisLiftedILOp op_mkdadj_s(XtensaContext *ctx) { + return NOP(); +} + +// TODO: float +static RzAnalysisLiftedILOp op_mksadj_s(XtensaContext *ctx) { + return NOP(); +} + +static RzAnalysisLiftedILOp op_moveqz(XtensaContext *ctx) { + return BRANCH( + EQ(IREG(2), U32(0)), + SETG(REGN(0), IREG(1)), + NOP()); +} + +static RzAnalysisLiftedILOp op_movnez(XtensaContext *ctx) { + return BRANCH( + NE(IREG(2), U32(0)), + SETG(REGN(0), IREG(1)), + NOP()); +} + +/* +if Windowed Register Option & WindowStartWindowBase-0011..WindowBase-0001 = 03 then + Exception (AllocaCause) +else + AR[t] ← AR[s] +endif +*/ +static RzAnalysisLiftedILOp op_movsp(XtensaContext *ctx) { + return BRANCH( + EQ(EXTRACT32(VARG("windowstart"), SUB(VARG("windowbase"), U32(1)), U32(3)), + U32(0x03)), + NOP(), + SETG(REGN(0), IREG(1))); +} + +static RzAnalysisLiftedILOp op_movt(XtensaContext *ctx) { + return BRANCH( + IREG(2), + SETG(REGN(0), IREG(1)), + NOP()); +} + +static RzAnalysisLiftedILOp op_movf(XtensaContext *ctx) { + return BRANCH( + INV(IREG(2)), + SETG(REGN(0), IREG(1)), + NOP()); +} + +static RzAnalysisLiftedILOp op_movgez(XtensaContext *ctx) { + return BRANCH( + SGE(IREG(2), S32(0)), + SETG(REGN(0), IREG(1)), + NOP()); +} + +static RzAnalysisLiftedILOp op_mov(XtensaContext *ctx) { + return SETG(REGN(0), IREG(1)); +} + +static RzAnalysisLiftedILOp op_movi(XtensaContext *ctx) { + return SETG(REGN(0), U32(IMM(1))); +} + +static RzAnalysisLiftedILOp op_movltz(XtensaContext *ctx) { + return BRANCH( + SLT(IREG(2), S32(0)), + SETG(REGN(0), IREG(1)), + NOP()); +} + +#define LO4(x) EXTRACT32(x, U32(0), U32(4)) +#define HI4(x) EXTRACT32(x, U32(4), U32(4)) +#define LO8(x) EXTRACT32(x, U32(0), U32(8)) +#define HI8(x) EXTRACT32(x, U32(8), U32(8)) +#define LO16(x) EXTRACT32(x, U32(0), U32(16)) +#define HI16(x) EXTRACT32(x, U32(16), U32(16)) +#define LO32(x) EXTRACT64(x, U32(0), U32(32)) +#define HI32(x) EXTRACT64(x, U32(32), U32(32)) + +static ut8 RRR_half(XtensaContext *ctx) { + rz_warn_if_fail(FORMAT == XTENSA_INSN_FORM_RRR); + return ctx->insn->bytes[2] & 0x3; +} + +static RzAnalysisLiftedILOp ACC_set(RzILOpPure *v) { + return SEQ3( + SETL("acc", v), + SETG("acclo", UNSIGNED(32, LO32(VARL("acc")))), + SETG("acchi", UNSIGNED(32, HI32(VARL("acc"))))); +} + +static RzILOpPure *ACC_val() { + return APPEND(VARG("acchi"), VARG("acclo")); +} + +static RzAnalysisLiftedILOp op_mul_aa(XtensaContext *ctx) { + ut8 half = RRR_half(ctx); + return SEQ3( + SETG("m1", half & 0x1 ? HI16(IREG(0)) : LO16(IREG(0))), + SETG("m2", half & 0x2 ? HI16(IREG(1)) : LO16(IREG(1))), + ACC_set(LET("sm1", SEXTRACT64(VARG("m1"), U32(0), U32(16)), + LET("sm2", SEXTRACT64(VARG("m2"), U32(0), U32(16)), + MUL(VARLP("sm1"), VARLP("sm2")))))); +} + +static RzAnalysisLiftedILOp f_mula__(XtensaContext *ctx, RzILOpPure *r0, RzILOpPure *r1) { + ut8 half = RRR_half(ctx); + return SEQ4( + SETG("m1", half & 0x1 ? HI16(r0) : LO16(DUP(r0))), + SETG("m2", half & 0x2 ? HI16(r1) : LO16(DUP(r1))), + SETL("acc", ACC_val()), + ACC_set(LET("sm1", SEXTRACT64(VARG("m1"), U32(0), U32(16)), + LET("sm2", SEXTRACT64(VARG("m2"), U32(0), U32(16)), + ADD(VARL("acc"), MUL(VARLP("sm1"), VARLP("sm2"))))))); +} + +static RzAnalysisLiftedILOp op_mula_aa(XtensaContext *ctx) { + return f_mula__(ctx, IREG(0), IREG(1)); +} + +static RzAnalysisLiftedILOp op_mula_da_lddec(XtensaContext *ctx) { + return SEQ2(f_mula__(ctx, IREG(2), IREG(3)), + op_lddec(ctx)); +} + +static RzAnalysisLiftedILOp op_mula_da_ldinc(XtensaContext *ctx) { + return SEQ2(f_mula__(ctx, IREG(2), IREG(3)), + op_ldinc(ctx)); +} + +// statusflags: VOUI +static RzAnalysisLiftedILOp op_mul_s(XtensaContext *ctx) { + return SEQ5( + SETL("frs", FLOATV32(IREG(1))), + SETL("frt", FLOATV32(IREG(2))), + SETL("fres", FMUL(RZ_FLOAT_RMODE_RNA, VARL("frs"), VARL("frt"))), + FSR_set(FSR_V | FSR_O | FSR_U | FSR_I, VARL("fres")), + SETG(REGN(0), UNSIGNED(64, F2BV(VARL("fres"))))); +} + +static RzAnalysisLiftedILOp op_mul16s(XtensaContext *ctx) { + return SEQ3( + SETL("ars", SEXTRACT32(IREG(1), U32(0), U32(16))), + SETL("art", SEXTRACT32(IREG(2), U32(0), U32(16))), + SETG(REGN(0), MUL(VARL("ars"), VARL("art")))); +} + +static RzAnalysisLiftedILOp op_mul16u(XtensaContext *ctx) { + return SEQ3( + SETL("ars", LO16(IREG(1))), + SETL("art", LO16(IREG(2))), + SETG(REGN(0), MUL(VARL("ars"), VARL("art")))); +} + +static RzAnalysisLiftedILOp op_mull(XtensaContext *ctx) { + return SEQ3( + SETL("ars", UNSIGNED(64, IREG(1))), + SETL("art", UNSIGNED(64, IREG(2))), + SETG(REGN(0), UNSIGNED(32, MUL(VARL("ars"), VARL("art"))))); +} + +static RzAnalysisLiftedILOp f_muls__(XtensaContext *ctx, RzILOpPure *r0, RzILOpPure *r1) { + ut8 half = RRR_half(ctx); + return SEQ4( + SETG("m1", half & 0x1 ? HI16(r0) : LO16(DUP(r0))), + SETG("m2", half & 0x2 ? HI16(r1) : LO16(DUP(r1))), + SETL("acc", ACC_val()), + ACC_set(LET("sm1", SEXTRACT64(VARG("m1"), U32(0), U32(16)), + LET("sm2", SEXTRACT64(VARG("m2"), U32(0), U32(16)), + SUB(VARL("acc"), MUL(VARLP("sm1"), VARLP("sm2"))))))); +} + +static RzAnalysisLiftedILOp op_muls_aa(XtensaContext *ctx) { + return f_muls__(ctx, IREG(0), IREG(1)); +} + +static RzAnalysisLiftedILOp op_mulsh(XtensaContext *ctx) { + return SEQ4( + SETL("ars", SEXTRACT64(IREG(1), U32(0), U32(32))), + SETL("art", SEXTRACT64(IREG(2), U32(0), U32(32))), + SETL("tp", MUL(VARL("ars"), VARL("art"))), + SETG(REGN(0), UNSIGNED(32, SHIFTR0(VARL("tp"), U32(32))))); +} + +static RzAnalysisLiftedILOp op_muluh(XtensaContext *ctx) { + return SEQ4( + SETL("ars", UNSIGNED(64, IREG(1))), + SETL("art", UNSIGNED(64, IREG(2))), + SETL("tp", MUL(VARL("ars"), VARL("art"))), + SETG(REGN(0), UNSIGNED(32, SHIFTR0(VARL("tp"), U32(32))))); +} + +static RzAnalysisLiftedILOp op_neg(XtensaContext *ctx) { + return SETG(REGN(0), NEG(IREG(1))); +} + +static RzAnalysisLiftedILOp op_neg_s(XtensaContext *ctx) { + return SETG(REGN(0), UNSIGNED(64, F2BV(FNEG(FLOATV32(IREG(1)))))); +} + +#define BV2BOOL(N, BV) (ITE(EQ(BV, UN(N, 0)), IL_FALSE, IL_TRUE)) + +static RzAnalysisLiftedILOp op_nexp01_s(XtensaContext *ctx) { + return SEQ5( + SETL("rs", IREG(1)), + SETL("frs", FLOATV32(VARL("rs"))), + SETL("frs64", FCONVERT(RZ_FLOAT_IEEE754_BIN_64, RZ_FLOAT_RMODE_RNA, VARL("frs"))), + SETL("rs31", SHIFTL0(BOOL_TO_BV(INV(BV2BOOL(64, EXTRACT64(VARL("rs"), U32(31), U32(1)))), 64), U32(31))), + SETG(REGN(0), + ITE(EQ(EXTRACT64(VARL("rs"), U32(23), U32(8)), U64(0xff)), + LOGOR(EXTRACT64(VARL("rs"), U32(0), U32(23)), + LOGOR(U64(0x7f << 23), + VARL("rs31"))), + ITE(EQ(EXTRACT64(VARL("rs"), U32(0), U32(31)), U64(0)), + LOGOR(U64(1 << 30), VARL("rs31")), + // FIXME: LOG2? + LET("N", FDIV(RZ_FLOAT_RMODE_RNA, FABS(VARL("frs64")), F64(2.)), + F2BV(FNEG(FDIV(RZ_FLOAT_RMODE_RNA, VARL("frs64"), FPOW(RZ_FLOAT_RMODE_RNA, F64(4.), VARLP("N")))))))))); +} + +static RzAnalysisLiftedILOp op_nop(XtensaContext *ctx) { + return NOP(); +} + +static RzAnalysisLiftedILOp op_nsa(XtensaContext *ctx) { + RzILOpPure *res01 = + LET("t1", ITE(VARLP("b2"), LO4(VARLP("t2")), HI4(VARLP("t2"))), + LET("b1", EQ(VARL("sign"), EXTRACT32(VARLP("t1"), U32(2), U32(2))), + LET("b0", ITE(VARLP("b1"), EQ(EXTRACT32(VARLP("t1"), U32(0), U32(1)), VARL("sign")), EQ(EXTRACT32(VARLP("t1"), U32(3), U32(1)), VARL("sign"))), + SUB(LOGOR( + SHIFTL0(BOOL_TO_BV(VARLP("b4"), 32), U32(4)), + LOGOR(SHIFTL0(BOOL_TO_BV(VARLP("b3"), 32), U32(3)), + LOGOR(SHIFTL0(BOOL_TO_BV(VARLP("b2"), 32), U32(2)), + LOGOR(SHIFTL0(BOOL_TO_BV(VARLP("b1"), 32), U32(1)), + BOOL_TO_BV(VARLP("b0"), 32))))), + U32(1))))); + RzILOpPure *res03 = + ITE(EQ(VARL("sign"), EXTRACT32(VARL("ars"), U32(0), U32(31))), U32(31), + LET("b4", EQ(VARL("sign"), EXTRACT32(VARL("ars"), U32(16), U32(15))), + LET("t3", ITE(VARLP("b4"), LO16(VARL("ars")), HI16(VARL("ars"))), + LET("b3", EQ(VARL("sign"), EXTRACT32(VARLP("t3"), U32(8), U32(8))), + LET("t2", ITE(VARLP("b3"), LO8(VARLP("t3")), HI8(VARLP("t3"))), + LET("b2", EQ(VARL("sign"), EXTRACT32(VARLP("t2"), U32(4), U32(4))), res01)))))); + return SEQ3( + SETL("ars", IREG(1)), + SETL("sign", EXTRACT32(VARL("ars"), U32(31), U32(1))), + SETG(REGN(0), res03)); +} + +static RzAnalysisLiftedILOp op_nsau(XtensaContext *ctx) { + RzILOpPure *res01 = + LET("t1", ITE(VARLP("b2"), LO4(VARLP("t2")), HI4(VARLP("t2"))), + LET("b1", EQ(VARL("sign"), EXTRACT32(VARLP("t1"), U32(2), U32(2))), + LET("b0", ITE(VARLP("b1"), EQ(EXTRACT32(VARLP("t1"), U32(0), U32(1)), VARL("sign")), EQ(EXTRACT32(VARLP("t1"), U32(3), U32(1)), VARL("sign"))), + LOGOR(SHIFTL0(BOOL_TO_BV(VARLP("b4"), 32), U32(4)), + LOGOR(SHIFTL0(BOOL_TO_BV(VARLP("b3"), 32), U32(3)), + LOGOR(SHIFTL0(BOOL_TO_BV(VARLP("b2"), 32), U32(2)), + LOGOR(SHIFTL0(BOOL_TO_BV(VARLP("b1"), 32), U32(1)), + BOOL_TO_BV(VARLP("b0"), 32)))))))); + RzILOpPure *res03 = ITE(EQ(VARL("sign"), VARL("ars")), U32(32), + LET("b4", EQ(VARL("sign"), EXTRACT32(VARL("ars"), U32(16), U32(16))), + LET("t3", ITE(VARLP("b4"), LO16(VARL("ars")), HI16(VARL("ars"))), + LET("b3", EQ(VARL("sign"), EXTRACT32(VARLP("t3"), U32(8), U32(8))), + LET("t2", ITE(VARLP("b3"), LO8(VARLP("t3")), HI8(VARLP("t3"))), + LET("b2", EQ(VARL("sign"), EXTRACT32(VARLP("t2"), U32(4), U32(4))), + res01)))))); + return SEQ3( + SETL("ars", IREG(1)), + SETL("sign", U32(0)), + SETG(REGN(0), res03)); +} + +static RzAnalysisLiftedILOp f_bool_op2(XtensaContext *ctx, fn_op2 f) { + return SEQ2( + SETG(REGN(0), f(FLOATV32(IREG(1)), FLOATV32(IREG(2)))), + FSR_field_set(FSR_V, B2U32(OR(IS_FNAN(FLOATV32(IREG(1))), IS_FNAN(FLOATV32(IREG(2))))))); +} + +// statusflags: V +static RzAnalysisLiftedILOp op_oeq_s(XtensaContext *ctx) { + return f_bool_op2(ctx, rz_il_op_new_feq); +} + +// statusflags: V +static RzAnalysisLiftedILOp op_ole_s(XtensaContext *ctx) { + return f_bool_op2(ctx, rz_il_op_new_fle); +} + +// statusflags: V +static RzAnalysisLiftedILOp op_olt_s(XtensaContext *ctx) { + return f_bool_op2(ctx, rz_il_op_new_flt); +} + +static RzAnalysisLiftedILOp op_or(XtensaContext *ctx) { + return SETG(REGN(0), LOGOR(IREG(1), IREG(2))); +} + +static RzAnalysisLiftedILOp op_orb(XtensaContext *ctx) { + return SETG(REGN(0), OR(IREG(1), IREG(2))); +} + +static RzAnalysisLiftedILOp op_orbc(XtensaContext *ctx) { + return SETG(REGN(0), OR(IREG(1), INV(IREG(2)))); +} + +static RzAnalysisLiftedILOp op_quos(XtensaContext *ctx) { + return SETG(REGN(0), SDIV(IREG(1), IREG(2))); +} + +static RzAnalysisLiftedILOp op_quou(XtensaContext *ctx) { + return SETG(REGN(0), DIV(IREG(1), IREG(2))); +} + +// TODO: see Divide and Square Root Sequences +static RzAnalysisLiftedILOp op_recip0_s(XtensaContext *ctx) { + return NOP(); +} + +static RzAnalysisLiftedILOp op_rems(XtensaContext *ctx) { + return SETG(REGN(0), SMOD(IREG(1), IREG(2))); +} + +static RzAnalysisLiftedILOp op_remu(XtensaContext *ctx) { + return SETG(REGN(0), MOD(IREG(1), IREG(2))); +} + +static RzAnalysisLiftedILOp op_ret(XtensaContext *ctx) { + return JMP(VARG("a0")); +} + +/* +n ← AR[0]31..30 +nextPC ← PC31..30ǁAR[0]29..0 +owb ← WindowBase +m ← if WindowStartWindowBase-4’b0001 then 2’b01 + elsif WindowStartWindowBase-4’b0010 then 2’b10 + elsif WindowStartWindowBase-4’b0011 then 2’b11 + else 2’b00 +if n=2’b00 | (mβ‰ 2’b00 & mβ‰ n) | PS.WOE=0 | PS.EXCM=1 then + -- undefined operation + -- may raise illegal instruction exception +else + if WindowStartWindowBase βˆ’ (02ǁn) β‰  0 then + WindowStartowb ← 0 + else + -- Underflow exception + PS.EXCM ← 1 + EPC[1] ← PC + PS.OWB ← owb + nextPC ← if n = 2'b01 then WindowUnderflow4 + else if n = 2'b10 then WindowUnderflow8 + else WindowUnderflow12 + endif + WindowBase ← WindowBase βˆ’ (02ǁn) + PS.CALLINC ← n -- in some implementations + endif +*/ +static RzAnalysisLiftedILOp op_retw(XtensaContext *ctx) { + return SEQ5( + SETL("n", EXTRACT32(VARG("a0"), U32(30), U32(2))), + SETL("nextPC", LOGOR(U32(PC & (0x3U << 30)), LOGAND(VARG("a0"), U32(0x3fffffff)))), + SETL("owb", VARG("windowbase")), + SETL("m", + ITE(EQ( + EXTRACT32(VARG("windowstart"), SUB(VARG("windowbase"), U32(1)), U32(1)), + U32(1)), + U32(1), + ITE(EQ(EXTRACT32(VARG("windowstart"), SUB(VARG("windowbase"), U32(2)), U32(1)), + U32(1)), + U32(2), + ITE(EQ(EXTRACT32(VARG("windowstart"), SUB(VARG("windowbase"), U32(3)), U32(1)), + U32(1)), + U32(3), + U32(0))))), + BRANCH(OR(AND(NE(VARL("m"), U32(0)), NE(VARL("m"), VARL("n"))), + OR(EQ(PS_field_get(PS_WOE), U32(0)), + EQ(PS_field_get(PS_EXCM), U32(1)))), + // Undefined operation, may raise illegal instruction exception + NOP(), + SEQ4( + BRANCH(NE(SUB(VARG("windowstart"), LOGOR(U32(2), VARL("n"))), U32(0)), + SETG("windowstart", U32(0)), + SEQ4( + PS_field_set(PS_EXCM, U32(1)), + SETG("epc1", U32(PC)), + PS_field_set(PS_OWB, VARL("owb")), + SETL("nextPC", + ITE(EQ(VARL("n"), U32(1)), VARG("windowunderflow4"), + ITE(EQ(VARL("n"), U32(2)), VARG("windowunderflow8"), + VARG("windowunderflow12")))))), + SETG("windowbase", SUB(VARG("windowbase"), LOGOR(U32(2), VARL("n")))), + PS_field_set(PS_CALLINC, VARL("n")), + JMP(VARL("nextPC"))))); +} + +static RzAnalysisLiftedILOp op_rfde(XtensaContext *ctx) { + return JMP(ITE(VARG("ndepc"), VARG("depc"), IEPC(1))); +} + +static RzAnalysisLiftedILOp op_rfe(XtensaContext *ctx) { + return SEQ2( + PS_EXCM_CLEAR, + JMP(IEPC(1))); +} + +static RzAnalysisLiftedILOp op_rfi(XtensaContext *ctx) { + return SEQ2( + SETG("ps", IEPS(IMM(0))), + JMP(IEPC(IMM(0)))); +} + +static RzAnalysisLiftedILOp op_rfr(XtensaContext *ctx) { + return SETG(REGN(0), UNSIGNED(32, IREG(1))); +} + +static RzAnalysisLiftedILOp op_rfwo(XtensaContext *ctx) { + return SEQ4( + PS_EXCM_CLEAR, + SETG("windowstart", + DEPOSIT32(VARG("windowstart"), VARG("windowbase"), U32(1), + U32(0))), + SETG("windowbase", PS_field_get(PS_OWB)), + JMP(IEPC(1))); +} + +static RzAnalysisLiftedILOp op_rfwu(XtensaContext *ctx) { + return SEQ4( + PS_EXCM_CLEAR, + SETG("windowstart", + DEPOSIT32(VARG("windowstart"), VARG("windowbase"), U32(1), + U32(1))), + SETG("windowbase", PS_field_get(PS_OWB)), + JMP(IEPC(1))); +} + +/** + * Under the Windowed Register Option, ROTW adds a constant to WindowBase, thereby moving + * the current window into the register file. ROTW is intended for use in exception handlers and + * context switch code. + * ROTW is a privileged instruction. + */ +static RzAnalysisLiftedILOp op_rotw(XtensaContext *ctx) { + // WindowBase Β¬ WindowBase + imm4 + return SEQ2( + SETL("wb", ADD(VARG("windowbase"), U32(IMM(0)))), + SETG("windowbase", VARL("wb"))); +} + +// statusflags: VI +static RzAnalysisLiftedILOp op_round_s(XtensaContext *ctx) { + return SEQ3(SETL("fres", FROUND(RZ_FLOAT_RMODE_RNA, FMUL(RZ_FLOAT_RMODE_RNA, FLOATV32(IREG(1)), F32(pow(2, IMM(2)))))), + SETG(REGN(0), F2BV(VARL("fres"))), + FSR_set(FSR_V | FSR_V, VARL("fres"))); +} + +static RzAnalysisLiftedILOp op_rsil(XtensaContext *ctx) { + return SEQ2(SETG(REGN(0), VARG("ps")), + PS_field_set(PS_INTLEVEL, U32(IMM(1)))); +} + +// FIXME: statusflags: VZI + reciprocal_square_root_approximation +static RzAnalysisLiftedILOp op_rsqrt0_s(XtensaContext *ctx) { + return NOP(); +} + +static RzAnalysisLiftedILOp op_rsr(XtensaContext *ctx) { + return SETG(REGN(0), IREG(1)); +} + +static RzAnalysisLiftedILOp op_rsync(XtensaContext *ctx) { + return NOP(); +} + +#define RUR_IMPL(S) \ + static RzAnalysisLiftedILOp op_rur_##S(XtensaContext *ctx) { \ + return SETG(REGN(0), VARG(#S)); \ + } +#define RUR_AE_IMPL(S) \ + static RzAnalysisLiftedILOp op_rur_ae_##S(XtensaContext *ctx) { \ + return SETG(REGN(0), VARG(#S)); \ + } + +RUR_IMPL(accx_0); +RUR_IMPL(accx_1); +RUR_AE_IMPL(bithead); +RUR_AE_IMPL(bitptr); +RUR_AE_IMPL(bitsused); +RUR_AE_IMPL(cbegin0); +RUR_AE_IMPL(cend0); +RUR_AE_IMPL(cwrap); +RUR_AE_IMPL(cw_sd_no); +RUR_AE_IMPL(first_ts); +RUR_AE_IMPL(nextoffset); +RUR_AE_IMPL(overflow); +RUR_AE_IMPL(ovf_sar); +RUR_AE_IMPL(sar); +RUR_AE_IMPL(searchdone); +RUR_AE_IMPL(tablesize); +RUR_AE_IMPL(ts_fts_bu_bp); +RUR_IMPL(fft_bit_width); +RUR_IMPL(gpio_out); +RUR_IMPL(qacc_h_0); +RUR_IMPL(qacc_h_1); +RUR_IMPL(qacc_h_2); +RUR_IMPL(qacc_h_3); +RUR_IMPL(qacc_h_4); +RUR_IMPL(qacc_l_0); +RUR_IMPL(qacc_l_1); +RUR_IMPL(qacc_l_2); +RUR_IMPL(qacc_l_3); +RUR_IMPL(qacc_l_4); +RUR_IMPL(sar_byte); +RUR_IMPL(ua_state_0); +RUR_IMPL(ua_state_1); +RUR_IMPL(ua_state_2); +RUR_IMPL(ua_state_3); + +static RzAnalysisLiftedILOp op_s16i(XtensaContext *ctx) { + return SEQ2( + SETL("vAddr", IMEM(1)), + STOREW(VARL("vAddr"), UNSIGNED(16, IREG(0)))); +} + +static RzAnalysisLiftedILOp op_s32c1i(XtensaContext *ctx) { + return SEQ4( + SETL("vAddr", IMEM(1)), + SETL("mem", LOADW(32, VARL("vAddr"))), + BRANCH(EQ(VARL("mem"), VARG("scompare1")), + STOREW(VARL("vAddr"), IREG(0)), + NOP()), + SETG(REGN(0), VARL("mem"))); +} + +// FIXME: ring +static RzAnalysisLiftedILOp op_s32e(XtensaContext *ctx) { + return SEQ2( + SETL("vAddr", ADD(IREG(1), S32(IMM(2)))), + STOREW(VARL("vAddr"), IREG(0))); +} + +static RzAnalysisLiftedILOp op_s32i(XtensaContext *ctx) { + return SEQ2( + SETL("vAddr", IMEM(1)), + STOREW(VARL("vAddr"), IREG(0))); +} + +static RzAnalysisLiftedILOp op_s8i(XtensaContext *ctx) { + return SEQ2( + SETL("vAddr", IMEM(1)), + STORE(VARL("vAddr"), UNSIGNED(8, IREG(0)))); +} + +static RzAnalysisLiftedILOp op_sext(XtensaContext *ctx) { + return SETG(REGN(0), SEXTRACT32(IREG(1), U32(0), U32(IMM(2)))); +} + +static RzAnalysisLiftedILOp op_simcall(XtensaContext *ctx) { + return NOP(); +} + +static RzAnalysisLiftedILOp op_sll(XtensaContext *ctx) { + return SEQ2( + SETL("sa", EXTRACT32(VARG("sar"), U32(0), U32(5))), + SETG(REGN(0), SHIFTL0(IREG(1), VARL("sa")))); +} + +static RzAnalysisLiftedILOp op_slli(XtensaContext *ctx) { + return SEQ2( + SETL("sa", U32(IMM(2))), + SETG(REGN(0), SHIFTL0(IREG(1), VARL("sa")))); +} + +// TODO: see Divide and Square Root Sequences on page 110. +static RzAnalysisLiftedILOp op_sqrt0_s(XtensaContext *ctx) { + return NOP(); +} + +static RzAnalysisLiftedILOp op_sra(XtensaContext *ctx) { + return SEQ2( + SETL("sa", EXTRACT32(VARG("sar"), U32(0), U32(5))), + SETG(REGN(0), SHIFTRA(IREG(1), VARL("sa")))); +} + +static RzAnalysisLiftedILOp op_srai(XtensaContext *ctx) { + return SEQ2( + SETL("sa", U32(IMM(2))), + SETG(REGN(0), SHIFTRA(IREG(1), VARL("sa")))); +} + +static RzAnalysisLiftedILOp op_src(XtensaContext *ctx) { + return SEQ2( + SETL("sa", EXTRACT32(VARG("sar"), U32(0), U32(5))), + SETG(REGN(0), UNSIGNED(32, SHIFTR0(APPEND(IREG(1), IREG(2)), VARL("sa"))))); +} + +static RzAnalysisLiftedILOp op_srl(XtensaContext *ctx) { + return SEQ2( + SETL("sa", EXTRACT32(VARG("sar"), U32(0), U32(5))), + SETG(REGN(0), SHIFTR0(IREG(1), VARL("sa")))); +} + +static RzAnalysisLiftedILOp op_srli(XtensaContext *ctx) { + return SEQ2( + SETL("sa", U32(IMM(2))), + SETG(REGN(0), SHIFTR0(IREG(1), VARL("sa")))); +} + +static RzAnalysisLiftedILOp op_ssa8l(XtensaContext *ctx) { + return SETG("sar", SHIFTL0(EXTRACT32(IREG(0), U32(0), U32(2)), U32(3))); +} + +static RzAnalysisLiftedILOp op_ssai(XtensaContext *ctx) { + return SETG("sar", U32(IMM(0))); +} + +static RzAnalysisLiftedILOp op_ssi(XtensaContext *ctx) { + return SEQ2( + SETL("vAddr", IMEM(1)), + STOREW(VARL("vAddr"), UNSIGNED(32, IREG(0)))); +} + +static RzAnalysisLiftedILOp op_ssip(XtensaContext *ctx) { + return SEQ3( + SETL("vAddr", IREG(1)), + STOREW(VARL("vAddr"), IREG(0)), + SETG(REGN(1), U32(IMM(2)))); +} + +static RzAnalysisLiftedILOp op_ssl(XtensaContext *ctx) { + return SEQ2( + SETL("sa", UNSIGNED(5, IREG(0))), + SETG("sar", SUB(U32(32), V32(VARL("sa"))))); +} + +static RzAnalysisLiftedILOp op_ssr(XtensaContext *ctx) { + return SEQ2( + SETL("sa", UNSIGNED(5, IREG(0))), + SETG("sar", V32(VARL("sa")))); +} + +static RzAnalysisLiftedILOp op_ssx(XtensaContext *ctx) { + return SEQ2( + SETL("vAddr", ADD(IREG(1), IREG(2))), + STOREW(VARL("vAddr"), V32(IREG(0)))); +} + +static RzAnalysisLiftedILOp op_ssxp(XtensaContext *ctx) { + return SEQ3( + SETL("vAddr", IREG(1)), + STOREW(VARL("vAddr"), V32(IREG(0))), + SETG(REGN(1), ADD(VARL("vAddr"), IREG(2)))); +} + +static RzAnalysisLiftedILOp op_sub(XtensaContext *ctx) { + return SETG(REGN(0), SUB(IREG(1), IREG(2))); +} + +static RzAnalysisLiftedILOp op_subx2(XtensaContext *ctx) { + return SETG(REGN(0), SUB(SHIFTL0(IREG(1), U32(1)), IREG(2))); +} + +static RzAnalysisLiftedILOp op_subx4(XtensaContext *ctx) { + return SETG(REGN(0), SUB(SHIFTL0(IREG(1), U32(2)), IREG(2))); +} + +static RzAnalysisLiftedILOp op_subx8(XtensaContext *ctx) { + return SETG(REGN(0), SUB(SHIFTL0(IREG(1), U32(3)), IREG(2))); +} + +// statusflags: VOI +static RzAnalysisLiftedILOp op_sub_s(XtensaContext *ctx) { + return SEQ3(SETL("fres", FSUB(RZ_FLOAT_RMODE_RNA, FLOATV32(IREG(1)), FLOATV32(IREG(2)))), + SETG(REGN(0), UNSIGNED(64, F2BV(VARL("fres")))), + FSR_set(FSR_V | FSR_O | FSR_I, VARL("fres"))); +} + +static RzAnalysisLiftedILOp op_syscall(XtensaContext *ctx) { + return NOP(); +} + +// statusflags: VI +static RzAnalysisLiftedILOp op_trunc_s(XtensaContext *ctx) { + return SEQ3(SETL("fres", FMUL(RZ_FLOAT_RMODE_RNA, FLOATV32(IREG(1)), F32(pow(2, IMM(2))))), + SETG(REGN(0), F2SINT(32, RZ_FLOAT_RMODE_RNA, VARL("fres"))), + FSR_set(FSR_V | FSR_I, VARL("fres"))); +} + +// statusflags: V +static RzAnalysisLiftedILOp op_ueq_s(XtensaContext *ctx) { + return f_bool_op2(ctx, rz_il_op_new_feq); +} + +// statusflags: I +static RzAnalysisLiftedILOp op_ufloat_s(XtensaContext *ctx) { + return SEQ3( + SETL("fs", FMUL(RZ_FLOAT_RMODE_RNA, INT2F(RZ_FLOAT_IEEE754_BIN_32, RZ_FLOAT_RMODE_RNA, IREG(1)), F32(pow(2, -IMM(IMM(2)))))), + SETG(REGN(0), UNSIGNED(64, F2BV(VARL("fs")))), + FSR_set(FSR_I, VARL("fs"))); +} + +// statusflags: V +static RzAnalysisLiftedILOp op_ule_s(XtensaContext *ctx) { + return f_bool_op2(ctx, rz_il_op_new_fle); +} + +// statusflags: V +static RzAnalysisLiftedILOp op_ult_s(XtensaContext *ctx) { + return f_bool_op2(ctx, rz_il_op_new_flt); +} + +static RzAnalysisLiftedILOp op_umul_aa(XtensaContext *ctx) { + ut8 half = RRR_half(ctx); + return SEQ3( + SETG("m1", half & 0x1 ? HI16(IREG(0)) : LO16(IREG(0))), + SETG("m2", half & 0x2 ? HI16(IREG(1)) : LO16(IREG(1))), + ACC_set(MUL(V64(VARG("m1")), V64(VARG("m2"))))); +} + +// statusflags: V +static RzAnalysisLiftedILOp op_un_s(XtensaContext *ctx) { + return SEQ2(SETG(REGN(0), OR(IS_FNAN(FLOATV32(IREG(1))), IS_FNAN(FLOATV32(IREG(2))))), + FSR_field_set(FSR_V, B2U32(OR(IS_FNAN(FLOATV32(IREG(1))), IS_FNAN(FLOATV32(IREG(2))))))); +} + +// statusflags: VI +static RzAnalysisLiftedILOp op_utrunc_s(XtensaContext *ctx) { + return SEQ3(SETL("fres", FMUL(RZ_FLOAT_RMODE_RNA, FLOATV32(IREG(1)), F32(pow(2, IMM(2))))), + SETG(REGN(0), F2INT(32, RZ_FLOAT_RMODE_RNA, VARL("fres"))), + FSR_set(FSR_V | FSR_I, VARL("fres"))); +} + +// TODO: interrupt +static RzAnalysisLiftedILOp op_waiti(XtensaContext *ctx) { + return NOP(); +} + +// TODO: datatlb +static RzAnalysisLiftedILOp op_wdtlb(XtensaContext *ctx) { + return NOP(); +} + +static RzAnalysisLiftedILOp op_wer(XtensaContext *ctx) { + return NOP(); +} + +static RzAnalysisLiftedILOp op_wfr(XtensaContext *ctx) { + return SETG(REGN(0), V64(IREG(1))); +} + +// TODO: datatlb +static RzAnalysisLiftedILOp op_witlb(XtensaContext *ctx) { + return NOP(); +} + +static RzAnalysisLiftedILOp op_wsr(XtensaContext *ctx) { + return SETG(REGN(0), IREG(1)); +} + +#define WUR_IMPL(S) \ + static RzAnalysisLiftedILOp op_wur_##S(XtensaContext *ctx) { \ + return SETG(#S, IREG(0)); \ + } +#define WUR_AE_IMPL(S) \ + static RzAnalysisLiftedILOp op_wur_ae_##S(XtensaContext *ctx) { \ + return SETG(#S, IREG(0)); \ + } + +WUR_IMPL(accx_0); +WUR_IMPL(accx_1); +WUR_AE_IMPL(bithead); +WUR_AE_IMPL(bitptr); +WUR_AE_IMPL(bitsused); +WUR_AE_IMPL(cbegin0); +WUR_AE_IMPL(cend0); +WUR_AE_IMPL(cwrap); +WUR_AE_IMPL(cw_sd_no); +WUR_AE_IMPL(first_ts); +WUR_AE_IMPL(nextoffset); +WUR_AE_IMPL(overflow); +WUR_AE_IMPL(ovf_sar); +WUR_AE_IMPL(sar); +WUR_AE_IMPL(searchdone); +WUR_AE_IMPL(tablesize); +WUR_AE_IMPL(ts_fts_bu_bp); +WUR_IMPL(fcr); +WUR_IMPL(fft_bit_width); +WUR_IMPL(fsr); +WUR_IMPL(gpio_out); +WUR_IMPL(qacc_h_0); +WUR_IMPL(qacc_h_1); +WUR_IMPL(qacc_h_2); +WUR_IMPL(qacc_h_3); +WUR_IMPL(qacc_h_4); +WUR_IMPL(qacc_l_0); +WUR_IMPL(qacc_l_1); +WUR_IMPL(qacc_l_2); +WUR_IMPL(qacc_l_3); +WUR_IMPL(qacc_l_4); +WUR_IMPL(sar_byte); +WUR_IMPL(ua_state_0); +WUR_IMPL(ua_state_1); +WUR_IMPL(ua_state_2); +WUR_IMPL(ua_state_3); + +static RzAnalysisLiftedILOp op_xor(XtensaContext *ctx) { + return SETG(REGN(0), LOGXOR(IREG(1), IREG(2))); +} + +static RzAnalysisLiftedILOp op_xorb(XtensaContext *ctx) { + return SETG(REGN(0), XOR(IREG(1), IREG(2))); +} + +static RzAnalysisLiftedILOp op_xsr(XtensaContext *ctx) { + return SEQ3( + SETL("t0", IREG(0)), + SETG(REGN(0), IREG(1)), + SETG(REGN(1), VARL("t0"))); +} + +#include + +static const fn_analyze_op_il fn_tbl[] = { + [XTENSA_INS_ABS] = op_abs, + [XTENSA_INS_ABS_S] = op_abs_s, + [XTENSA_INS_ADD] = op_add, + [XTENSA_INS_ADD_N] = op_add, + [XTENSA_INS_ADD_S] = op_add_s, + [XTENSA_INS_ADDEXP_S] = op_addexp_s, + [XTENSA_INS_ADDEXPM_S] = op_addexpm_s, + [XTENSA_INS_ADDI] = op_addi, + [XTENSA_INS_ADDI_N] = op_addi, + [XTENSA_INS_ADDMI] = op_addi, + [XTENSA_INS_ADDX2] = op_addx2, + [XTENSA_INS_ADDX4] = op_addx4, + [XTENSA_INS_ADDX8] = op_addx8, + [XTENSA_INS_ALL4] = op_all4, + [XTENSA_INS_ALL8] = op_all8, + [XTENSA_INS_AND] = op_and, + [XTENSA_INS_ANDB] = op_andb, + [XTENSA_INS_ANDBC] = op_andbc, + [XTENSA_INS_ANY4] = op_any4, + [XTENSA_INS_ANY8] = op_any8, + [XTENSA_INS_BALL] = op_ball, + [XTENSA_INS_BNALL] = op_bnall, + [XTENSA_INS_BANY] = op_bany, + [XTENSA_INS_BNONE] = op_bnone, + [XTENSA_INS_BBC] = op_bbc, + [XTENSA_INS_BBS] = op_bbs, + [XTENSA_INS_BBCI] = op_bbci, + [XTENSA_INS_BBSI] = op_bbsi, + [XTENSA_INS_BEQ] = op_beq, + [XTENSA_INS_BNE] = op_bne, + [XTENSA_INS_BEQI] = op_beqi, + [XTENSA_INS_BNEI] = op_bnei, + [XTENSA_INS_BEQZ] = op_beqz, + [XTENSA_INS_BNEZ] = op_bnez, + [XTENSA_INS_BF] = op_bf, + [XTENSA_INS_BT] = op_bt, + [XTENSA_INS_BGE] = op_bge, + [XTENSA_INS_BLT] = op_blt, + [XTENSA_INS_BGEI] = op_bgei, + [XTENSA_INS_BLTI] = op_blti, + [XTENSA_INS_BGEU] = op_bgeu, + [XTENSA_INS_BLTU] = op_bltu, + [XTENSA_INS_BGEUI] = op_bgeui, + [XTENSA_INS_BLTUI] = op_bltui, + [XTENSA_INS_BGEZ] = op_bgez, + [XTENSA_INS_BLTZ] = op_bltz, + [XTENSA_INS_BREAK] = op_break, + [XTENSA_INS_BREAK_N] = op_break, + [XTENSA_INS_CALL0] = op_call0, + [XTENSA_INS_CALL4] = op_call4, + [XTENSA_INS_CALL8] = op_call8, + [XTENSA_INS_CALL12] = op_call12, + [XTENSA_INS_CALLX0] = op_callx0, + [XTENSA_INS_CALLX4] = op_callx4, + [XTENSA_INS_CALLX8] = op_callx8, + [XTENSA_INS_CALLX12] = op_callx12, + [XTENSA_INS_CEIL_S] = op_ceil_s, + [XTENSA_INS_CLAMPS] = op_clamps, + [XTENSA_INS_CONST_S] = op_const_s, + [XTENSA_INS_DIV0_S] = op_div0_s, + [XTENSA_INS_DIVN_S] = op_divn_s, + [XTENSA_INS_DSYNC] = op_dsync, + [XTENSA_INS_ENTRY] = op_entry, + [XTENSA_INS_ESYNC] = op_esync, + [XTENSA_INS_EXCW] = op_excw, + [XTENSA_INS_EXTUI] = op_extui, + [XTENSA_INS_EXTW] = op_extw, + [XTENSA_INS_FLOAT_S] = op_float_s, + [XTENSA_INS_FLOOR_S] = op_floor_s, + [XTENSA_INS_ISYNC] = op_isync, + [XTENSA_INS_J] = op_j, + [XTENSA_INS_JX] = op_jx, + [XTENSA_INS_L8UI] = op_l8ui, + [XTENSA_INS_L16SI] = op_l16si, + [XTENSA_INS_L16UI] = op_l16ui, + [XTENSA_INS_L32E] = op_l32e, + [XTENSA_INS_L32I] = op_l32i, + [XTENSA_INS_L32I_N] = op_l32i, + [XTENSA_INS_L32R] = op_l32r, + [XTENSA_INS_LDDEC] = op_lddec, + [XTENSA_INS_LDINC] = op_ldinc, + [XTENSA_INS_LOOP] = op_loop, + [XTENSA_INS_LOOPGTZ] = op_loopgtz, + [XTENSA_INS_LOOPNEZ] = op_loopnez, + [XTENSA_INS_LSI] = op_lsi, + [XTENSA_INS_LSIP] = op_lsip, + [XTENSA_INS_LSX] = op_lsx, + [XTENSA_INS_LSXP] = op_lsxp, + [XTENSA_INS_MADD_S] = op_madd_s, + [XTENSA_INS_MADDN_S] = op_madd_s, + [XTENSA_INS_MAX] = op_max, + [XTENSA_INS_MAXU] = op_maxu, + [XTENSA_INS_MEMW] = op_memw, + [XTENSA_INS_MIN] = op_min, + [XTENSA_INS_MINU] = op_minu, + [XTENSA_INS_MKDADJ_S] = op_mkdadj_s, + [XTENSA_INS_MKSADJ_S] = op_mksadj_s, + [XTENSA_INS_MOV_N] = op_mov, + [XTENSA_INS_MOVEQZ] = op_moveqz, + [XTENSA_INS_MOVEQZ_S] = op_moveqz, + [XTENSA_INS_MOVF] = op_movf, + [XTENSA_INS_MOVF_S] = op_movf, + [XTENSA_INS_MOVGEZ] = op_movgez, + [XTENSA_INS_MOVGEZ_S] = op_movgez, + [XTENSA_INS_MOVI] = op_movi, + [XTENSA_INS_MOVI_N] = op_movi, + [XTENSA_INS_MOVLTZ] = op_movltz, + [XTENSA_INS_MOVLTZ_S] = op_movltz, + [XTENSA_INS_MOVNEZ] = op_movnez, + [XTENSA_INS_MOVNEZ_S] = op_movnez, + [XTENSA_INS_MOVSP] = op_movsp, + [XTENSA_INS_MOVT] = op_movt, + [XTENSA_INS_MOVT_S] = op_movt, + [XTENSA_INS_MSUB_S] = op_msub_s, + [XTENSA_INS_MUL_AA_LL] = op_mul_aa, + [XTENSA_INS_MUL_AA_LH] = op_mul_aa, + [XTENSA_INS_MUL_AA_HL] = op_mul_aa, + [XTENSA_INS_MUL_AA_HH] = op_mul_aa, + [XTENSA_INS_MUL_AD_LL] = op_mul_aa, + [XTENSA_INS_MUL_AD_LH] = op_mul_aa, + [XTENSA_INS_MUL_AD_HL] = op_mul_aa, + [XTENSA_INS_MUL_AD_HH] = op_mul_aa, + [XTENSA_INS_MUL_DD_LL] = op_mul_aa, + [XTENSA_INS_MUL_DD_LH] = op_mul_aa, + [XTENSA_INS_MUL_DD_HL] = op_mul_aa, + [XTENSA_INS_MUL_DD_HH] = op_mul_aa, + [XTENSA_INS_MUL_S] = op_mul_s, + [XTENSA_INS_MUL16S] = op_mul16s, + [XTENSA_INS_MUL16U] = op_mul16u, + [XTENSA_INS_MULA_AA_LL] = op_mula_aa, + [XTENSA_INS_MULA_AA_LH] = op_mula_aa, + [XTENSA_INS_MULA_AA_HL] = op_mula_aa, + [XTENSA_INS_MULA_AA_HH] = op_mula_aa, + [XTENSA_INS_MULA_AD_LL] = op_mula_aa, + [XTENSA_INS_MULA_AD_LH] = op_mula_aa, + [XTENSA_INS_MULA_AD_HL] = op_mula_aa, + [XTENSA_INS_MULA_AD_HH] = op_mula_aa, + [XTENSA_INS_MULA_DA_LL] = op_mula_aa, + [XTENSA_INS_MULA_DA_LH] = op_mula_aa, + [XTENSA_INS_MULA_DA_HL] = op_mula_aa, + [XTENSA_INS_MULA_DA_HH] = op_mula_aa, + [XTENSA_INS_MULA_DD_LL] = op_mula_aa, + [XTENSA_INS_MULA_DD_LH] = op_mula_aa, + [XTENSA_INS_MULA_DD_HL] = op_mula_aa, + [XTENSA_INS_MULA_DD_HH] = op_mula_aa, + [XTENSA_INS_MULA_DA_LL_LDDEC] = op_mula_da_lddec, + [XTENSA_INS_MULA_DA_LH_LDDEC] = op_mula_da_lddec, + [XTENSA_INS_MULA_DA_HL_LDDEC] = op_mula_da_lddec, + [XTENSA_INS_MULA_DA_HH_LDDEC] = op_mula_da_lddec, + [XTENSA_INS_MULA_DA_LL_LDINC] = op_mula_da_ldinc, + [XTENSA_INS_MULA_DA_LH_LDINC] = op_mula_da_ldinc, + [XTENSA_INS_MULA_DA_HL_LDINC] = op_mula_da_ldinc, + [XTENSA_INS_MULA_DA_HH_LDINC] = op_mula_da_ldinc, + [XTENSA_INS_MULA_DD_LL_LDDEC] = op_mula_da_lddec, + [XTENSA_INS_MULA_DD_LH_LDDEC] = op_mula_da_lddec, + [XTENSA_INS_MULA_DD_HL_LDDEC] = op_mula_da_lddec, + [XTENSA_INS_MULA_DD_HH_LDDEC] = op_mula_da_lddec, + [XTENSA_INS_MULA_DD_LL_LDINC] = op_mula_da_ldinc, + [XTENSA_INS_MULA_DD_LH_LDINC] = op_mula_da_ldinc, + [XTENSA_INS_MULA_DD_HL_LDINC] = op_mula_da_ldinc, + [XTENSA_INS_MULA_DD_HH_LDINC] = op_mula_da_ldinc, + [XTENSA_INS_MULL] = op_mull, + [XTENSA_INS_MULS_AA_LL] = op_muls_aa, + [XTENSA_INS_MULS_AA_LH] = op_muls_aa, + [XTENSA_INS_MULS_AA_HL] = op_muls_aa, + [XTENSA_INS_MULS_AA_HH] = op_muls_aa, + [XTENSA_INS_MULS_AD_LL] = op_muls_aa, + [XTENSA_INS_MULS_AD_LH] = op_muls_aa, + [XTENSA_INS_MULS_AD_HL] = op_muls_aa, + [XTENSA_INS_MULS_AD_HH] = op_muls_aa, + [XTENSA_INS_MULS_DA_LL] = op_muls_aa, + [XTENSA_INS_MULS_DA_LH] = op_muls_aa, + [XTENSA_INS_MULS_DA_HL] = op_muls_aa, + [XTENSA_INS_MULS_DA_HH] = op_muls_aa, + [XTENSA_INS_MULS_DD_LL] = op_muls_aa, + [XTENSA_INS_MULS_DD_LH] = op_muls_aa, + [XTENSA_INS_MULS_DD_HL] = op_muls_aa, + [XTENSA_INS_MULS_DD_HH] = op_muls_aa, + [XTENSA_INS_MULSH] = op_mulsh, + [XTENSA_INS_MULUH] = op_muluh, + [XTENSA_INS_NEG] = op_neg, + [XTENSA_INS_NEG_S] = op_neg_s, + [XTENSA_INS_NEXP01_S] = op_nexp01_s, + [XTENSA_INS_NOP] = op_nop, + [XTENSA_INS_NSA] = op_nsa, + [XTENSA_INS_NSAU] = op_nsau, + [XTENSA_INS_OEQ_S] = op_oeq_s, + [XTENSA_INS_OLE_S] = op_ole_s, + [XTENSA_INS_OLT_S] = op_olt_s, + [XTENSA_INS_OR] = op_or, + [XTENSA_INS_ORB] = op_orb, + [XTENSA_INS_ORBC] = op_orbc, + [XTENSA_INS_QUOS] = op_quos, + [XTENSA_INS_QUOU] = op_quou, + [XTENSA_INS_RECIP0_S] = op_recip0_s, + [XTENSA_INS_REMS] = op_rems, + [XTENSA_INS_REMU] = op_remu, + [XTENSA_INS_RER] = op_nop, + [XTENSA_INS_RET] = op_ret, + [XTENSA_INS_RETW] = op_retw, + [XTENSA_INS_RETW_N] = op_retw, + [XTENSA_INS_RET_N] = op_ret, + [XTENSA_INS_RFDE] = op_rfde, + [XTENSA_INS_RFE] = op_rfe, + [XTENSA_INS_RFI] = op_rfi, + [XTENSA_INS_RFR] = op_rfr, + [XTENSA_INS_RFWO] = op_rfwo, + [XTENSA_INS_RFWU] = op_rfwu, + [XTENSA_INS_ROTW] = op_rotw, + [XTENSA_INS_ROUND_S] = op_round_s, + [XTENSA_INS_RSIL] = op_rsil, + [XTENSA_INS_RSQRT0_S] = op_rsqrt0_s, + [XTENSA_INS_RSR] = op_rsr, + [XTENSA_INS_RSYNC] = op_rsync, + [XTENSA_INS_RUR_ACCX_0] = op_rur_accx_0, + [XTENSA_INS_RUR_ACCX_1] = op_rur_accx_1, + [XTENSA_INS_RUR_AE_BITHEAD] = op_rur_ae_bithead, + [XTENSA_INS_RUR_AE_BITPTR] = op_rur_ae_bitptr, + [XTENSA_INS_RUR_AE_BITSUSED] = op_rur_ae_bitsused, + [XTENSA_INS_RUR_AE_CBEGIN0] = op_rur_ae_cbegin0, + [XTENSA_INS_RUR_AE_CEND0] = op_rur_ae_cend0, + [XTENSA_INS_RUR_AE_CWRAP] = op_rur_ae_cwrap, + [XTENSA_INS_RUR_AE_CW_SD_NO] = op_rur_ae_cw_sd_no, + [XTENSA_INS_RUR_AE_FIRST_TS] = op_rur_ae_first_ts, + [XTENSA_INS_RUR_AE_NEXTOFFSET] = op_rur_ae_nextoffset, + [XTENSA_INS_RUR_AE_OVERFLOW] = op_rur_ae_overflow, + [XTENSA_INS_RUR_AE_OVF_SAR] = op_rur_ae_ovf_sar, + [XTENSA_INS_RUR_AE_SAR] = op_rur_ae_sar, + [XTENSA_INS_RUR_AE_SEARCHDONE] = op_rur_ae_searchdone, + [XTENSA_INS_RUR_AE_TABLESIZE] = op_rur_ae_tablesize, + [XTENSA_INS_RUR_AE_TS_FTS_BU_BP] = op_rur_ae_ts_fts_bu_bp, + [XTENSA_INS_RUR_FFT_BIT_WIDTH] = op_rur_fft_bit_width, + [XTENSA_INS_RUR_GPIO_OUT] = op_rur_gpio_out, + [XTENSA_INS_RUR_QACC_H_0] = op_rur_qacc_h_0, + [XTENSA_INS_RUR_QACC_H_1] = op_rur_qacc_h_1, + [XTENSA_INS_RUR_QACC_H_2] = op_rur_qacc_h_2, + [XTENSA_INS_RUR_QACC_H_3] = op_rur_qacc_h_3, + [XTENSA_INS_RUR_QACC_H_4] = op_rur_qacc_h_4, + [XTENSA_INS_RUR_QACC_L_0] = op_rur_qacc_l_0, + [XTENSA_INS_RUR_QACC_L_1] = op_rur_qacc_l_1, + [XTENSA_INS_RUR_QACC_L_2] = op_rur_qacc_l_2, + [XTENSA_INS_RUR_QACC_L_3] = op_rur_qacc_l_3, + [XTENSA_INS_RUR_QACC_L_4] = op_rur_qacc_l_4, + [XTENSA_INS_RUR_SAR_BYTE] = op_rur_sar_byte, + [XTENSA_INS_RUR_UA_STATE_0] = op_rur_ua_state_0, + [XTENSA_INS_RUR_UA_STATE_1] = op_rur_ua_state_1, + [XTENSA_INS_RUR_UA_STATE_2] = op_rur_ua_state_2, + [XTENSA_INS_RUR_UA_STATE_3] = op_rur_ua_state_3, + [XTENSA_INS_S16I] = op_s16i, + [XTENSA_INS_S32C1I] = op_s32c1i, + [XTENSA_INS_S32E] = op_s32e, + [XTENSA_INS_S32I] = op_s32i, + [XTENSA_INS_S32I_N] = op_s32i, + [XTENSA_INS_S8I] = op_s8i, + [XTENSA_INS_SEXT] = op_sext, + [XTENSA_INS_SIMCALL] = op_simcall, + [XTENSA_INS_SLL] = op_sll, + [XTENSA_INS_SLLI] = op_slli, + [XTENSA_INS_SQRT0_S] = op_sqrt0_s, + [XTENSA_INS_SRA] = op_sra, + [XTENSA_INS_SRAI] = op_srai, + [XTENSA_INS_SRC] = op_src, + [XTENSA_INS_SRL] = op_srl, + [XTENSA_INS_SRLI] = op_srli, + [XTENSA_INS_SSA8L] = op_ssa8l, + [XTENSA_INS_SSAI] = op_ssai, + [XTENSA_INS_SSI] = op_ssi, + [XTENSA_INS_SSIP] = op_ssip, + [XTENSA_INS_SSL] = op_ssl, + [XTENSA_INS_SSR] = op_ssr, + [XTENSA_INS_SSX] = op_ssx, + [XTENSA_INS_SSXP] = op_ssxp, + [XTENSA_INS_SUB] = op_sub, + [XTENSA_INS_SUBX2] = op_subx2, + [XTENSA_INS_SUBX4] = op_subx4, + [XTENSA_INS_SUBX8] = op_subx8, + [XTENSA_INS_SUB_S] = op_sub_s, + [XTENSA_INS_SYSCALL] = op_syscall, + [XTENSA_INS_TRUNC_S] = op_trunc_s, + [XTENSA_INS_UEQ_S] = op_ueq_s, + [XTENSA_INS_UFLOAT_S] = op_ufloat_s, + [XTENSA_INS_ULE_S] = op_ule_s, + [XTENSA_INS_ULT_S] = op_ult_s, + [XTENSA_INS_UMUL_AA_HH] = op_umul_aa, + [XTENSA_INS_UMUL_AA_HL] = op_umul_aa, + [XTENSA_INS_UMUL_AA_LH] = op_umul_aa, + [XTENSA_INS_UMUL_AA_LL] = op_umul_aa, + [XTENSA_INS_UN_S] = op_un_s, + [XTENSA_INS_UTRUNC_S] = op_utrunc_s, + [XTENSA_INS_WAITI] = op_waiti, + [XTENSA_INS_WDTLB] = op_wdtlb, + [XTENSA_INS_WER] = op_wer, + [XTENSA_INS_WFR] = op_wfr, + [XTENSA_INS_WITLB] = op_witlb, + [XTENSA_INS_WSR] = op_wsr, + [XTENSA_INS_WUR_ACCX_0] = op_wur_accx_0, + [XTENSA_INS_WUR_ACCX_1] = op_wur_accx_1, + [XTENSA_INS_WUR_AE_BITHEAD] = op_wur_ae_bithead, + [XTENSA_INS_WUR_AE_BITPTR] = op_wur_ae_bitptr, + [XTENSA_INS_WUR_AE_BITSUSED] = op_wur_ae_bitsused, + [XTENSA_INS_WUR_AE_CBEGIN0] = op_wur_ae_cbegin0, + [XTENSA_INS_WUR_AE_CEND0] = op_wur_ae_cend0, + [XTENSA_INS_WUR_AE_CWRAP] = op_wur_ae_cwrap, + [XTENSA_INS_WUR_AE_CW_SD_NO] = op_wur_ae_cw_sd_no, + [XTENSA_INS_WUR_AE_FIRST_TS] = op_wur_ae_first_ts, + [XTENSA_INS_WUR_AE_NEXTOFFSET] = op_wur_ae_nextoffset, + [XTENSA_INS_WUR_AE_OVERFLOW] = op_wur_ae_overflow, + [XTENSA_INS_WUR_AE_OVF_SAR] = op_wur_ae_ovf_sar, + [XTENSA_INS_WUR_AE_SAR] = op_wur_ae_sar, + [XTENSA_INS_WUR_AE_SEARCHDONE] = op_wur_ae_searchdone, + [XTENSA_INS_WUR_AE_TABLESIZE] = op_wur_ae_tablesize, + [XTENSA_INS_WUR_AE_TS_FTS_BU_BP] = op_wur_ae_ts_fts_bu_bp, + [XTENSA_INS_WUR_FCR] = op_wur_fcr, + [XTENSA_INS_WUR_FFT_BIT_WIDTH] = op_wur_fft_bit_width, + [XTENSA_INS_WUR_FSR] = op_wur_fsr, + [XTENSA_INS_WUR_GPIO_OUT] = op_wur_gpio_out, + [XTENSA_INS_WUR_QACC_H_0] = op_wur_qacc_h_0, + [XTENSA_INS_WUR_QACC_H_1] = op_wur_qacc_h_1, + [XTENSA_INS_WUR_QACC_H_2] = op_wur_qacc_h_2, + [XTENSA_INS_WUR_QACC_H_3] = op_wur_qacc_h_3, + [XTENSA_INS_WUR_QACC_H_4] = op_wur_qacc_h_4, + [XTENSA_INS_WUR_QACC_L_0] = op_wur_qacc_l_0, + [XTENSA_INS_WUR_QACC_L_1] = op_wur_qacc_l_1, + [XTENSA_INS_WUR_QACC_L_2] = op_wur_qacc_l_2, + [XTENSA_INS_WUR_QACC_L_3] = op_wur_qacc_l_3, + [XTENSA_INS_WUR_QACC_L_4] = op_wur_qacc_l_4, + [XTENSA_INS_WUR_SAR_BYTE] = op_wur_sar_byte, + [XTENSA_INS_WUR_UA_STATE_0] = op_wur_ua_state_0, + [XTENSA_INS_WUR_UA_STATE_1] = op_wur_ua_state_1, + [XTENSA_INS_WUR_UA_STATE_2] = op_wur_ua_state_2, + [XTENSA_INS_WUR_UA_STATE_3] = op_wur_ua_state_3, + [XTENSA_INS_XOR] = op_xor, + [XTENSA_INS_XORB] = op_xorb, + [XTENSA_INS_XSR] = op_xsr, + + [XTENSA_INS__L32I] = op_l32i, + [XTENSA_INS__L32I_N] = op_l32i, + [XTENSA_INS__MOVI] = op_movi, + [XTENSA_INS__S32I] = op_s32i, + [XTENSA_INS__S32I_N] = op_s32i, + [XTENSA_INS__SLLI] = op_slli, + [XTENSA_INS__SRLI] = op_srli, + [XTENSA_INS_MV_QR] = op_nop, +}; + +void xtensa_il_init_cb(RzAnalysisILVM *vm, RzReg *reg) { + RzBuffer *buf = rz_buf_new_sparse(0); + if (!buf) { + return; + } + RzILMem *mem = rz_il_mem_new(buf, 32); + if (!mem) { + rz_buf_free(buf); + return; + } + rz_il_vm_add_mem(vm->vm, 1, mem); +} + +RzAnalysisILConfig *xtensa_il_config(RzAnalysis *a) { + rz_return_val_if_fail(a, NULL); + + RzAnalysisILConfig *cfg = rz_analysis_il_config_new(32, a->big_endian, 32); + if (!cfg) { + return NULL; + } + cfg->init_state = rz_analysis_il_init_state_new(); + if (!cfg->init_state) { + rz_analysis_il_config_free(cfg); + return NULL; + } + cfg->init_state->cb = xtensa_il_init_cb; + RzAnalysisILInitStateVar var = { + .name = "ps", + // WOE=1 + .val = rz_il_value_new_bitv(rz_bv_new_from_ut64(32, 1 << 18)) + }; + rz_vector_push(&cfg->init_state->vars, &var); + return cfg; +} + +void xtensa_analyze_op_rzil(XtensaContext *ctx, RzAnalysisOp *op) { + unsigned id = ctx->insn->id; + if (id >= RZ_ARRAY_SIZE(fn_tbl)) { + return; + } + + fn_analyze_op_il fn = fn_tbl[id]; + if (!fn) { + return; + } + op->il_op = fn(ctx); +} diff --git a/librz/arch/meson.build b/librz/arch/meson.build index ad531c23411..d03a269324c 100644 --- a/librz/arch/meson.build +++ b/librz/arch/meson.build @@ -338,6 +338,7 @@ if capstone_dep.version() == 'next' arch_isa_sources += [ 'isa/xtensa/xtensa.c', 'isa/xtensa/xtensa_esil.c', + 'isa/xtensa/xtensa_il.c', ] endif diff --git a/librz/arch/p/analysis/analysis_xtensa_cs.c b/librz/arch/p/analysis/analysis_xtensa_cs.c index e3ef2f40eb5..f055bc4518d 100644 --- a/librz/arch/p/analysis/analysis_xtensa_cs.c +++ b/librz/arch/p/analysis/analysis_xtensa_cs.c @@ -58,6 +58,166 @@ static char *xtensa_get_reg_profile(RzAnalysis *analysis) { "gpr a14 .32 60 0\n" "gpr a15 .32 64 0\n" + "gpr f0 .64 76 0\n" + "gpr f1 .64 84 0\n" + "gpr f2 .64 92 0\n" + "gpr f3 .64 100 0\n" + "gpr f4 .64 108 0\n" + "gpr f5 .64 116 0\n" + "gpr f6 .64 124 0\n" + "gpr f7 .64 132 0\n" + "gpr f8 .64 140 0\n" + "gpr f9 .64 148 0\n" + "gpr f10 .64 156 0\n" + "gpr f11 .64 164 0\n" + "gpr f12 .64 172 0\n" + "gpr f13 .64 180 0\n" + "gpr f14 .64 188 0\n" + "gpr f15 .64 196 0\n" + + "gpr b0 .1 210 0\n" + "gpr b1 .1 211 0\n" + "gpr b2 .1 212 0\n" + "gpr b3 .1 213 0\n" + "gpr b4 .1 214 0\n" + "gpr b5 .1 215 0\n" + "gpr b6 .1 216 0\n" + "gpr b7 .1 217 0\n" + "gpr b8 .1 218 0\n" + "gpr b9 .1 219 0\n" + "gpr b10 .1 220 0\n" + "gpr b11 .1 221 0\n" + "gpr b12 .1 222 0\n" + "gpr b13 .1 223 0\n" + "gpr b14 .1 224 0\n" + "gpr b15 .1 225 0\n" + + /*Special Registers*/ + /*0*/ "gpr lbeg .32 226 0\n" + /*1*/ "gpr lend .32 230 0\n" + /*2*/ "gpr lcount .32 234 0\n" + /*3*/ "gpr sar .32 238 0\n" + /*4*/ "gpr br .32 242 0\n" + /*5*/ "gpr litbase .32 246 0\n" + /*12*/ "gpr scompare1 .32 274 0\n" + /*16*/ "gpr acclo .32 290 0\n" + /*17*/ "gpr acchi .32 294 0\n" + /*32*/ "gpr m0 .32 354 0\n" + /*33*/ "gpr m1 .32 358 0\n" + /*34*/ "gpr m2 .32 362 0\n" + /*35*/ "gpr m3 .32 366 0\n" + /*72*/ "gpr windowbase .32 514 0\n" + /*73*/ "gpr windowstart .32 518 0\n" + /*83*/ "gpr ptevaddr .32 546 0\n" + /*90*/ "gpr rasid .32 570 0\n" + /*91*/ "gpr itlbcfg .32 574 0\n" + /*92*/ "gpr dtlbcfg .32 578 0\n" + /*95*/ "gpr eracess .32 586 0\n" + /*96*/ "gpr ibreakenable .32 590 0\n" + /*97*/ "gpr memctl .32 594 0\n" + /*99*/ "gpr atomctl .32 602 0\n" + /*104*/ "gpr ddr .32 618 0\n" + /*106*/ "gpr mepc .32 626 0\n" + /*107*/ "gpr meps .32 630 0\n" + /*108*/ "gpr mesave .32 634 0\n" + /*109*/ "gpr mesr .32 638 0\n" + /*110*/ "gpr mecr .32 642 0\n" + /*111*/ "gpr mevaddr .32 646 0\n" + /*128*/ "gpr ibreaka0 .32 690 0\n" + /*129*/ "gpr ibreaka1 .32 694 0\n" + /*144*/ "gpr dbreaka0 .32 738 0\n" + /*145*/ "gpr dbreaka1 .32 742 0\n" + /*160*/ "gpr dbreakc0 .32 786 0\n" + /*161*/ "gpr dbreakc1 .32 790 0\n" + /*177*/ "gpr epc1 .32 934 0\n" + /*178*/ "gpr epc2 .32 938 0\n" + /*179*/ "gpr epc3 .32 942 0\n" + /*180*/ "gpr epc4 .32 946 0\n" + /*181*/ "gpr epc5 .32 950 0\n" + /*182*/ "gpr epc6 .32 954 0\n" + /*183*/ "gpr epc7 .32 958 0\n" + /*192*/ "gpr depc .32 994 0\n" + /*193*/ "gpr eps1 .32 998 0\n" + /*194*/ "gpr eps2 .32 1002 0\n" + /*195*/ "gpr eps3 .32 1006 0\n" + /*196*/ "gpr eps4 .32 1010 0\n" + /*197*/ "gpr eps5 .32 1014 0\n" + /*198*/ "gpr eps6 .32 1018 0\n" + /*199*/ "gpr eps7 .32 1022 0\n" + /*209*/ "gpr excsave1 .32 1062 0\n" + /*210*/ "gpr excsave2 .32 1066 0\n" + /*211*/ "gpr excsave3 .32 1070 0\n" + /*212*/ "gpr excsave4 .32 1074 0\n" + /*213*/ "gpr excsave5 .32 1078 0\n" + /*214*/ "gpr excsave6 .32 1082 0\n" + /*215*/ "gpr excsave7 .32 1086 0\n" + /*224*/ "gpr cpenable .32 1122 0\n" + /*226*/ "gpr interrupt .32 1126 0\n" + /*227*/ "gpr intclear .32 1130 0\n" + /*228*/ "gpr intenable .32 1134 0\n" + /*230*/ "gpr ps .32 1138 0\n" + /*231*/ "gpr vecbase .32 1142 0\n" + /*232*/ "gpr exccause .32 1146 0\n" + /*233*/ "gpr debugcause .32 1150 0\n" + /*234*/ "gpr ccount .32 1154 0\n" + /*235*/ "gpr prid .32 1158 0\n" + /*236*/ "gpr icount .32 1162 0\n" + /*237*/ "gpr icountlevel .32 1166 0\n" + /*238*/ "gpr excvaddr .32 1170 0\n" + /*240*/ "gpr ccompare0 .32 1178 0\n" + /*241*/ "gpr ccompare1 .32 1182 0\n" + /*242*/ "gpr ccompare2 .32 1186 0\n" + /*244*/ "gpr misc0 .32 1190 0\n" + /*245*/ "gpr misc1 .32 1194 0\n" + /*246*/ "gpr misc2 .32 1198 0\n" + /*247*/ "gpr misc3 .32 1202 0\n" + + "gpr ndepc .1 2000 0\n" + "gpr ResetVector .32 2004 0\n" + "gpr UserExceptionVector .32 2008 0\n" + "gpr KernelExceptionVector .32 2012 0\n" + "gpr DoubleExceptionVector .32 2016 0\n" + "gpr accx_0 .32 3000 0\n" + "gpr accx_1 .32 3004 0\n" + "gpr bithead .32 3008 0\n" + "gpr bitptr .32 3012 0\n" + "gpr bitsused .32 3016 0\n" + "gpr cbegin0 .32 3020 0\n" + "gpr cend0 .32 3024 0\n" + "gpr cwrap .32 3028 0\n" + "gpr cw_sd_no .32 3032 0\n" + "gpr first_ts .32 3036 0\n" + "gpr nextoffset .32 3040 0\n" + "gpr overflow .32 3044 0\n" + "gpr ovf_sar .32 3048 0\n" + "gpr sar .32 3052 0\n" + "gpr searchdone .32 3056 0\n" + "gpr tablesize .32 3060 0\n" + "gpr ts_fts_bu_bp .32 3064 0\n" + "gpr fft_bit_width .32 3068 0\n" + "gpr gpio_out .32 3072 0\n" + "gpr qacc_h_0 .32 3076 0\n" + "gpr qacc_h_1 .32 3080 0\n" + "gpr qacc_h_2 .32 3084 0\n" + "gpr qacc_h_3 .32 3088 0\n" + "gpr qacc_h_4 .32 3092 0\n" + "gpr qacc_l_0 .32 3096 0\n" + "gpr qacc_l_1 .32 3100 0\n" + "gpr qacc_l_2 .32 3104 0\n" + "gpr qacc_l_3 .32 3108 0\n" + "gpr qacc_l_4 .32 3112 0\n" + "gpr sar_byte .32 3116 0\n" + "gpr ua_state_0 .32 3120 0\n" + "gpr ua_state_1 .32 3124 0\n" + "gpr ua_state_2 .32 3128 0\n" + "gpr ua_state_3 .32 3132 0\n" + "gpr windowunderflow4 .32 3136 0\n" + "gpr windowunderflow8 .32 3140 0\n" + "gpr windowunderflow12 .32 3144 0\n" + + "gpr fcr .32 4000 0\n" + "gpr fsr .32 4004 0\n" + // pc "gpr pc .32 68 0\n" @@ -140,6 +300,11 @@ static void xop_to_rval(RzAnalysis *a, XtensaContext *ctx, cs_xtensa_op *xop, Rz static void xtensa_analyze_op(RzAnalysis *a, RzAnalysisOp *op, XtensaContext *ctx) { int src_count = 0; for (int i = 0; i < ctx->insn->detail->xtensa.op_count; ++i) { + if (src_count >= RZ_ARRAY_SIZE(op->src)) { + rz_warn_if_reached(); + break; + } + cs_xtensa_op *xop = XOP(i); if (xop->access & CS_AC_WRITE) { xop_to_rval(a, ctx, xop, &op->dst); @@ -276,7 +441,7 @@ static void xtensa_analyze_op(RzAnalysis *a, RzAnalysisOp *op, XtensaContext *ct case XTENSA_INS_CALL8: case XTENSA_INS_CALL12: op->type = RZ_ANALYSIS_OP_TYPE_CALL; - op->jump = ctx->insn->address + IMM(0); + op->jump = (ctx->insn->address + IMM(0)) & ~3; op->fail = ctx->insn->address + ctx->insn->size; break; case XTENSA_INS_MOVEQZ: /* moveqz */ @@ -325,6 +490,9 @@ static int xtensa_op(RzAnalysis *analysis, RzAnalysisOp *op, ut64 addr, const ut goto beach; } + op->size = ctx->insn->size; + op->id = ctx->insn->id; + op->addr = addr; xtensa_analyze_op(analysis, op, ctx); if (mask & RZ_ANALYSIS_OP_MASK_DISASM) { @@ -339,9 +507,9 @@ static int xtensa_op(RzAnalysis *analysis, RzAnalysisOp *op, ut64 addr, const ut xtensa_analyze_op_esil(ctx, op); } - op->size = ctx->insn->size; - op->id = ctx->insn->id; - op->addr = addr; + if (mask & RZ_ANALYSIS_OP_MASK_IL) { + xtensa_analyze_op_rzil(ctx, op); + } xtensa_disassemble_fini(ctx); return op->size; @@ -359,6 +527,7 @@ RzAnalysisPlugin rz_analysis_plugin_xtensa_cs = { .bits = 8, .op = xtensa_op, .esil = true, + .il_config = xtensa_il_config, .archinfo = xtensa_archinfo, .get_reg_profile = xtensa_get_reg_profile, .init = xtensa_init, diff --git a/librz/include/rz_analysis.h b/librz/include/rz_analysis.h index 5b1600f1372..5e922d86183 100644 --- a/librz/include/rz_analysis.h +++ b/librz/include/rz_analysis.h @@ -928,7 +928,7 @@ typedef struct rz_analysis_op_t { st64 stackptr; /* stack pointer */ int refptr; /* if (0) ptr = "reference" else ptr = "load memory of refptr bytes" */ ut64 mmio_address; // mmio address - RzAnalysisValue *src[6]; + RzAnalysisValue *src[8]; RzAnalysisValue *dst; RzList /**/ *access; /* RzAnalysisValue access information */ RzStrBuf esil; @@ -1230,6 +1230,8 @@ typedef struct rz_analysis_il_init_state_var_t { RZ_NONNULL RzILVal *val; } RzAnalysisILInitStateVar; +typedef void (*RzAnalysisILInitCallback)(RzAnalysisILVM *vm, RzReg *reg); + /** * \brief Description of an initial state of an RzAnalysisILVM * @@ -1240,6 +1242,7 @@ typedef struct rz_analysis_il_init_state_var_t { */ typedef struct rz_analysis_il_init_state_t { RzVector /**/ vars; ///< Contents of global variables + RzAnalysisILInitCallback cb; ///< Callback to run after the initial state has been set up } RzAnalysisILInitState; /** diff --git a/test/db/asm/xtensa b/test/db/asm/xtensa new file mode 100644 index 00000000000..ca784549f7b --- /dev/null +++ b/test/db/asm/xtensa @@ -0,0 +1,323 @@ +d "abs a1, a0" 001160 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (ite (! (sle (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (~- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))))) +d "abs.s f1, f2" 1012fa 0x0 (set f1 (cast 64 false (fbits (fpos (float 0 (var f2) ))))) +d "add a0, a0, a0" 000080 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "add.s f0, f0, f0" 00000a 0x0 (seq (set fres (+. rna (float 0 (var f0) ) (float 0 (var f0) ))) (set f0 (cast 64 false (fbits (var fres)))) (set fsr_v (var fres)) nop (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (fexcept e_invalid_op (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))) (& (<< (ite (fexcept e_inexact (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x7) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x9) false))) (& (<< (ite (fexcept e_overflow (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x9) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x9) false))))) +d "add.n a0, a0, a0" 0a00 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "addexp.s f0, f1" e001fa 0x0 (seq (set FRr (| (& (var f0) (~ (<< (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x1)) false) (bv 64 0x1f) false))) (& (<< (^ (& (>> (var f0) (bv 64 0x1f) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x1)) false)) (& (>> (var f1) (bv 64 0x1f) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x1)) false))) (bv 64 0x1f) false) (<< (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x1)) false) (bv 64 0x1f) false)))) (set FRr (| (& (var FRr) (~ (<< (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x8)) false) (bv 64 0x17) false))) (& (<< (- (+ (& (>> (var f0) (bv 64 0x17) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x8)) false)) (& (>> (var f1) (bv 64 0x17) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x8)) false))) (bv 64 0x7f)) (bv 64 0x17) false) (<< (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x8)) false) (bv 64 0x17) false)))) (set f0 (var FRr))) +d "addexpm.s f1, f2" f012fa 0x0 (seq (set FRr (| (& (var f1) (~ (<< (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x1)) false) (bv 64 0x1f) false))) (& (<< (^ (& (>> (var f1) (bv 64 0x1f) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x1)) false)) (& (>> (var f2) (bv 64 0x16) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x1)) false))) (bv 64 0x1f) false) (<< (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x1)) false) (bv 64 0x1f) false)))) (set FRr (| (& (var FRr) (~ (<< (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x8)) false) (bv 64 0x17) false))) (& (<< (- (+ (& (>> (var f1) (bv 64 0x17) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x8)) false)) (& (>> (var f2) (bv 64 0xe) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x8)) false))) (bv 64 0x7f)) (bv 64 0x17) false) (<< (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x8)) false) (bv 64 0x17) false)))) (set f1 (var FRr))) +d "addi a3, a4, -1" 32c4ff 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x1)) (bv 32 0x2) false)))) (bv 32 0xffffffff))) +d "addi.n a2, a3, 1" 1b23 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1))) +d "addmi a3, a4, -0x100" 32d4ff 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x1)) (bv 32 0x2) false)))) (bv 32 0xffffff00))) +d "addx2 a2, a3, a1" 102390 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (+ (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1) false) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "addx4 a2, a3, a1" 1023a0 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (+ (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x2) false) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "addx8 a2, a3, a1" 1023b0 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (+ (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x3) false) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "all4 b1, b4" 109400 0x0 (set b1 (&& (&& (&& (var b4) (var b5)) (var b6)) (var b7))) +d "all8 b1, b8" 10b800 0x0 (set b1 (&& (&& (&& (&& (var b8) (var b9)) (var b10)) (var b11)) (&& (&& (&& (var b12) (var b13)) (var b14)) (var b15)))) +d "and a2, a3, a1" 102310 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (& (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "andb b2, b3, b1" 102302 0x0 (set b2 (&& (var b3) (var b1))) +d "andbc b2, b3, b1" 102312 0x0 (set b2 (&& (var b3) (! (var b1)))) +d "any4 b2, b4" 208400 0x0 (set b2 (|| (|| (|| (var b4) (var b5)) (var b6)) (var b7))) +d "any8 b2, b8" 20a800 0x0 (set b2 (|| (|| (|| (|| (var b8) (var b9)) (var b10)) (var b11)) (|| (|| (|| (var b12) (var b13)) (var b14)) (var b15)))) +d "ball a2, a1, . +3" 1742ff 0x0 (branch (is_zero (& (~ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (jmp (bv 32 0x3)) nop) +d "bany a2, a1, . +3" 1782ff 0x0 (branch (! (is_zero (& (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))))) (jmp (bv 32 0x3)) nop) +d "ball a2, a1, . +3" 1742ff 0x40000 (branch (is_zero (& (~ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (jmp (bv 32 0x40003)) nop) +d "bany a2, a1, . +3" 1782ff 0x40000 (branch (! (is_zero (& (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))))) (jmp (bv 32 0x40003)) nop) +d "bbc a2, a1, . +3" 1752ff 0x0 (seq (set b (^ (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x5)) false)) (bv 32 0x0))) (branch (is_zero (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (var b) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))) (jmp (bv 32 0x3)) nop)) +d "bbc a2, a1, . +3" 1752ff 0x40000 (seq (set b (^ (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x5)) false)) (bv 32 0x0))) (branch (is_zero (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (var b) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))) (jmp (bv 32 0x40003)) nop)) +d "bbci a2, 1, . +3" 1762ff 0x0 (seq (set b (^ (bv 32 0x1) (bv 32 0x0))) (branch (is_zero (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (var b) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))) (jmp (bv 32 0x3)) nop)) +d "bbci a2, 1, . +3" 1762ff 0x40000 (seq (set b (^ (bv 32 0x1) (bv 32 0x0))) (branch (is_zero (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (var b) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))) (jmp (bv 32 0x40003)) nop)) +d "beq a3, a2, . +3" 2713ff 0x0 (branch (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (jmp (bv 32 0x3)) nop) +d "beq a3, a2, . +3" 2713ff 0x40000 (branch (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (jmp (bv 32 0x40003)) nop) +d "beqi a4, 3, . +3" 2634ff 0x0 (branch (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x1)) (bv 32 0x2) false)))) (bv 32 0x3)) (jmp (bv 32 0x3)) nop) +d "beqi a4, 3, . +3" 2634ff 0x40000 (branch (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x1)) (bv 32 0x2) false)))) (bv 32 0x3)) (jmp (bv 32 0x40003)) nop) +d "beqz a2, . +3" 16f2ff 0x0 (branch (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0)) (jmp (bv 32 0x3)) nop) +d "beqz a2, . +3" 16f2ff 0x40000 (branch (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0)) (jmp (bv 32 0x40003)) nop) +d "bf b1, . +3" 7601ff 0x0 (branch (var b1) (jmp (bv 32 0x3)) nop) +d "bf b1, . +3" 7601ff 0x40000 (branch (var b1) (jmp (bv 32 0x40003)) nop) +d "bge a2, a1, . +3" 17a2ff 0x0 (branch (|| (! (sle (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (jmp (bv 32 0x3)) nop) +d "bge a2, a1, . +3" 17a2ff 0x40000 (branch (|| (! (sle (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (jmp (bv 32 0x40003)) nop) +d "bgei a2, 1, . +3" e612ff 0x0 (branch (|| (! (sle (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1))) (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1))) (jmp (bv 32 0x3)) nop) +d "bgei a2, 1, . +3" e612ff 0x40000 (branch (|| (! (sle (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1))) (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1))) (jmp (bv 32 0x40003)) nop) +d "bgeu a2, a1, . +3" 17b2ff 0x0 (branch (|| (! (ule (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (jmp (bv 32 0x3)) nop) +d "bgeu a2, a1, . +3" 17b2ff 0x40000 (branch (|| (! (ule (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (jmp (bv 32 0x40003)) nop) +d "bgeui a2, 0x10000, . +3" f612ff 0x0 (branch (|| (! (ule (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10000))) (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10000))) (jmp (bv 32 0x3)) nop) +d "bgeui a2, 0x10000, . +3" f612ff 0x40000 (branch (|| (! (ule (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10000))) (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10000))) (jmp (bv 32 0x40003)) nop) +d "bgez a1, . +3" d6f1ff 0x0 (branch (|| (! (sle (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0))) (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0))) (jmp (bv 32 0x3)) nop) +d "bgez a1, . +3" d6f1ff 0x40000 (branch (|| (! (sle (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0))) (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0))) (jmp (bv 32 0x40003)) nop) +d "bnall a2, a1, . +3" 17c2ff 0x0 (branch (! (is_zero (& (~ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))))) (jmp (bv 32 0x3)) nop) +d "bnall a2, a1, . +3" 17c2ff 0x40000 (branch (! (is_zero (& (~ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))))) (jmp (bv 32 0x40003)) nop) +d "bnone a2, a1, . +3" 1702ff 0x0 (branch (is_zero (& (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (jmp (bv 32 0x3)) nop) +d "bnone a2, a1, . +3" 1702ff 0x40000 (branch (is_zero (& (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (jmp (bv 32 0x40003)) nop) +d "call0 . 0" c5ffff 0x0 (seq (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (bv 32 0x3)) (jmp (bv 32 0x0))) +d "call4 . 0" d5ffff 0x0 (seq (set cwoe (ite (! (is_zero (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (bv 32 0x0) (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (set n (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x1))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x1) (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x1))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x2) (ite (&& (|| (== (bv 32 0x0) (bv 32 0x3)) (|| (== (bv 32 0x0) (bv 32 0x3)) (== (bv 32 0x1) (bv 32 0x3)))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x3) (bv 32 0x0))))) (branch (&& (== (var cwoe) (bv 32 0x1)) (! (== (var n) (bv 32 0x0)))) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var windowbase) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set m (+ (var windowbase) (var n))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x0)) (set windowbase (var m)) (set nextPC (ite (== (var windowstart) (bv 32 0x0)) (bv 32 0x1) (ite (== (var windowstart) (bv 32 0x1)) (bv 32 0x2) (bv 32 0x3))))) nop) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false))) (& (<< (bv 32 0x1) (bv 32 0x10) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false)))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x1)) (bv 32 0x2) false))) (bv 32 0x40000003)) (jmp (bv 32 0x0))) +d "call8 . 0" e5ffff 0x0 (seq (set cwoe (ite (! (is_zero (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (bv 32 0x0) (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (set n (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x2))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x1) (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x2))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x2) (ite (&& (|| (== (bv 32 0x0) (bv 32 0x3)) (|| (== (bv 32 0x0) (bv 32 0x3)) (== (bv 32 0x2) (bv 32 0x3)))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x3) (bv 32 0x0))))) (branch (&& (== (var cwoe) (bv 32 0x1)) (! (== (var n) (bv 32 0x0)))) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var windowbase) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set m (+ (var windowbase) (var n))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x0)) (set windowbase (var m)) (set nextPC (ite (== (var windowstart) (bv 32 0x0)) (bv 32 0x1) (ite (== (var windowstart) (bv 32 0x1)) (bv 32 0x2) (bv 32 0x3))))) nop) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false))) (& (<< (bv 32 0x2) (bv 32 0x10) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false)))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x2)) (bv 32 0x2) false))) (bv 32 0x80000003)) (jmp (bv 32 0x0))) +d "call12 . 0" f5ffff 0x0 (seq (set cwoe (ite (! (is_zero (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (bv 32 0x0) (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (set n (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x3))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x1) (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x3))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x2) (ite (&& (|| (== (bv 32 0x0) (bv 32 0x3)) (|| (== (bv 32 0x0) (bv 32 0x3)) (== (bv 32 0x3) (bv 32 0x3)))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x3) (bv 32 0x0))))) (branch (&& (== (var cwoe) (bv 32 0x1)) (! (== (var n) (bv 32 0x0)))) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var windowbase) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set m (+ (var windowbase) (var n))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x0)) (set windowbase (var m)) (set nextPC (ite (== (var windowstart) (bv 32 0x0)) (bv 32 0x1) (ite (== (var windowstart) (bv 32 0x1)) (bv 32 0x2) (bv 32 0x3))))) nop) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false))) (& (<< (bv 32 0x3) (bv 32 0x10) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false)))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x3)) (bv 32 0x2) false))) (bv 32 0xc0000003)) (jmp (bv 32 0x0))) +d "call0 . 0" c5ffff 0x40000 (seq (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (bv 32 0x40003)) (jmp (bv 32 0x40000))) +d "call4 . 0" d5ffff 0x40000 (seq (set cwoe (ite (! (is_zero (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (bv 32 0x0) (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (set n (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x1))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x1) (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x1))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x2) (ite (&& (|| (== (bv 32 0x0) (bv 32 0x3)) (|| (== (bv 32 0x0) (bv 32 0x3)) (== (bv 32 0x1) (bv 32 0x3)))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x3) (bv 32 0x0))))) (branch (&& (== (var cwoe) (bv 32 0x1)) (! (== (var n) (bv 32 0x0)))) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var windowbase) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set m (+ (var windowbase) (var n))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x40000)) (set windowbase (var m)) (set nextPC (ite (== (var windowstart) (bv 32 0x0)) (bv 32 0x1) (ite (== (var windowstart) (bv 32 0x1)) (bv 32 0x2) (bv 32 0x3))))) nop) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false))) (& (<< (bv 32 0x1) (bv 32 0x10) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false)))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x1)) (bv 32 0x2) false))) (bv 32 0x40040003)) (jmp (bv 32 0x40000))) +d "call8 . 0" e5ffff 0x40000 (seq (set cwoe (ite (! (is_zero (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (bv 32 0x0) (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (set n (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x2))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x1) (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x2))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x2) (ite (&& (|| (== (bv 32 0x0) (bv 32 0x3)) (|| (== (bv 32 0x0) (bv 32 0x3)) (== (bv 32 0x2) (bv 32 0x3)))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x3) (bv 32 0x0))))) (branch (&& (== (var cwoe) (bv 32 0x1)) (! (== (var n) (bv 32 0x0)))) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var windowbase) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set m (+ (var windowbase) (var n))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x40000)) (set windowbase (var m)) (set nextPC (ite (== (var windowstart) (bv 32 0x0)) (bv 32 0x1) (ite (== (var windowstart) (bv 32 0x1)) (bv 32 0x2) (bv 32 0x3))))) nop) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false))) (& (<< (bv 32 0x2) (bv 32 0x10) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false)))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x2)) (bv 32 0x2) false))) (bv 32 0x80040003)) (jmp (bv 32 0x40000))) +d "call12 . 0" f5ffff 0x40000 (seq (set cwoe (ite (! (is_zero (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (bv 32 0x0) (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (set n (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x3))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x1) (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x3))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x2) (ite (&& (|| (== (bv 32 0x0) (bv 32 0x3)) (|| (== (bv 32 0x0) (bv 32 0x3)) (== (bv 32 0x3) (bv 32 0x3)))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x3) (bv 32 0x0))))) (branch (&& (== (var cwoe) (bv 32 0x1)) (! (== (var n) (bv 32 0x0)))) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var windowbase) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set m (+ (var windowbase) (var n))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x40000)) (set windowbase (var m)) (set nextPC (ite (== (var windowstart) (bv 32 0x0)) (bv 32 0x1) (ite (== (var windowstart) (bv 32 0x1)) (bv 32 0x2) (bv 32 0x3))))) nop) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false))) (& (<< (bv 32 0x3) (bv 32 0x10) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false)))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x3)) (bv 32 0x2) false))) (bv 32 0xc0040003)) (jmp (bv 32 0x40000))) +d "callx12 a1" f00100 0x0 (seq (set cwoe (ite (! (is_zero (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (bv 32 0x0) (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (set n (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x3))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x1) (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x3))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x2) (ite (&& (|| (== (bv 32 0x0) (bv 32 0x3)) (|| (== (bv 32 0x0) (bv 32 0x3)) (== (bv 32 0x3) (bv 32 0x3)))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x3) (bv 32 0x0))))) (branch (&& (== (var cwoe) (bv 32 0x1)) (! (== (var n) (bv 32 0x0)))) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var windowbase) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set m (+ (var windowbase) (var n))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x0)) (set windowbase (var m)) (set nextPC (ite (== (var windowstart) (bv 32 0x0)) (bv 32 0x1) (ite (== (var windowstart) (bv 32 0x1)) (bv 32 0x2) (bv 32 0x3))))) nop) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false))) (& (<< (bv 32 0x3) (bv 32 0x10) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false)))) (set next (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x3)) (bv 32 0x2) false))) (bv 32 0x60000003)) (jmp (var next))) +d "callx8 a1" e00100 0x0 (seq (set cwoe (ite (! (is_zero (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (bv 32 0x0) (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (set n (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x2))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x1) (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x2))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x2) (ite (&& (|| (== (bv 32 0x0) (bv 32 0x3)) (|| (== (bv 32 0x0) (bv 32 0x3)) (== (bv 32 0x2) (bv 32 0x3)))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x3) (bv 32 0x0))))) (branch (&& (== (var cwoe) (bv 32 0x1)) (! (== (var n) (bv 32 0x0)))) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var windowbase) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set m (+ (var windowbase) (var n))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x0)) (set windowbase (var m)) (set nextPC (ite (== (var windowstart) (bv 32 0x0)) (bv 32 0x1) (ite (== (var windowstart) (bv 32 0x1)) (bv 32 0x2) (bv 32 0x3))))) nop) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false))) (& (<< (bv 32 0x2) (bv 32 0x10) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false)))) (set next (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x2)) (bv 32 0x2) false))) (bv 32 0x40000003)) (jmp (var next))) +d "callx4 a1" d00100 0x0 (seq (set cwoe (ite (! (is_zero (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (bv 32 0x0) (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (set n (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x1))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x1) (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x1))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x2) (ite (&& (|| (== (bv 32 0x0) (bv 32 0x3)) (|| (== (bv 32 0x0) (bv 32 0x3)) (== (bv 32 0x1) (bv 32 0x3)))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x3) (bv 32 0x0))))) (branch (&& (== (var cwoe) (bv 32 0x1)) (! (== (var n) (bv 32 0x0)))) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var windowbase) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set m (+ (var windowbase) (var n))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x0)) (set windowbase (var m)) (set nextPC (ite (== (var windowstart) (bv 32 0x0)) (bv 32 0x1) (ite (== (var windowstart) (bv 32 0x1)) (bv 32 0x2) (bv 32 0x3))))) nop) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false))) (& (<< (bv 32 0x1) (bv 32 0x10) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false)))) (set next (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x1)) (bv 32 0x2) false))) (bv 32 0x20000003)) (jmp (var next))) +d "callx0 a1" c00100 0x0 (seq (set next (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (bv 32 0x3)) (jmp (var next))) +d "callx12 a1" f00100 0x40000 (seq (set cwoe (ite (! (is_zero (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (bv 32 0x0) (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (set n (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x3))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x1) (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x3))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x2) (ite (&& (|| (== (bv 32 0x0) (bv 32 0x3)) (|| (== (bv 32 0x0) (bv 32 0x3)) (== (bv 32 0x3) (bv 32 0x3)))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x3) (bv 32 0x0))))) (branch (&& (== (var cwoe) (bv 32 0x1)) (! (== (var n) (bv 32 0x0)))) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var windowbase) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set m (+ (var windowbase) (var n))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x40000)) (set windowbase (var m)) (set nextPC (ite (== (var windowstart) (bv 32 0x0)) (bv 32 0x1) (ite (== (var windowstart) (bv 32 0x1)) (bv 32 0x2) (bv 32 0x3))))) nop) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false))) (& (<< (bv 32 0x3) (bv 32 0x10) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false)))) (set next (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x3)) (bv 32 0x2) false))) (bv 32 0x60040003)) (jmp (var next))) +d "callx8 a1" e00100 0x40000 (seq (set cwoe (ite (! (is_zero (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (bv 32 0x0) (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (set n (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x2))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x1) (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x2))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x2) (ite (&& (|| (== (bv 32 0x0) (bv 32 0x3)) (|| (== (bv 32 0x0) (bv 32 0x3)) (== (bv 32 0x2) (bv 32 0x3)))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x3) (bv 32 0x0))))) (branch (&& (== (var cwoe) (bv 32 0x1)) (! (== (var n) (bv 32 0x0)))) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var windowbase) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set m (+ (var windowbase) (var n))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x40000)) (set windowbase (var m)) (set nextPC (ite (== (var windowstart) (bv 32 0x0)) (bv 32 0x1) (ite (== (var windowstart) (bv 32 0x1)) (bv 32 0x2) (bv 32 0x3))))) nop) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false))) (& (<< (bv 32 0x2) (bv 32 0x10) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false)))) (set next (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x2)) (bv 32 0x2) false))) (bv 32 0x40040003)) (jmp (var next))) +d "callx4 a1" d00100 0x40000 (seq (set cwoe (ite (! (is_zero (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (bv 32 0x0) (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (set n (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x1))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x1) (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (bv 32 0x0))) (! (is_zero (bv 32 0x1))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x2) (ite (&& (|| (== (bv 32 0x0) (bv 32 0x3)) (|| (== (bv 32 0x0) (bv 32 0x3)) (== (bv 32 0x1) (bv 32 0x3)))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x3) (bv 32 0x0))))) (branch (&& (== (var cwoe) (bv 32 0x1)) (! (== (var n) (bv 32 0x0)))) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var windowbase) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set m (+ (var windowbase) (var n))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x40000)) (set windowbase (var m)) (set nextPC (ite (== (var windowstart) (bv 32 0x0)) (bv 32 0x1) (ite (== (var windowstart) (bv 32 0x1)) (bv 32 0x2) (bv 32 0x3))))) nop) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false))) (& (<< (bv 32 0x1) (bv 32 0x10) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false)))) (set next (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x1)) (bv 32 0x2) false))) (bv 32 0x20040003)) (jmp (var next))) +d "callx0 a1" c00100 0x40000 (seq (set next (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (bv 32 0x40003)) (jmp (var next))) +d "ceil.s a1, f2, 0xf" f012ba 0x0 (seq (set fres (*. rna (float 0 (var f2) ) (float 0 (bv 32 0x47000000) ))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (fcast_int 32 rna (var fres))) (set fsr_v (var fres)) nop (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (fexcept e_invalid_op (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))) (& (<< (ite (fexcept e_inexact (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x7) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))))) +d "clamps a2, a3, 8" 102333 0x0 (seq (set low (float 0 (bv 32 0x43800000) )) (set high (float 0 (bv 32 0x437f0000) )) (set x (float 0 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) )) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (fbits (ite (&& (! (|| (is_nan (var x)) (is_nan (var high)))) (<. (var high) (var x))) (var high) (ite (&& (! (|| (is_nan (var x)) (is_nan (var low)))) (<. (var x) (var low))) (var low) (var x)))))) +d "const.s f4, 3" 3043fa 0x0 (set f4 (cast 64 false (fbits (float 0 (bv 32 0x3f000000) )))) +d "div0.s f1, f2" 7012fa 0x0 (set f1 (cast 64 false (fbits (/. rna (float 0 (var f1) ) (float 0 (var f2) ))))) +d "divn.s f2, f3, f1" 10237a 0x0 (seq (set fr (float 0 (var f2) )) (set fs (float 0 (var f3) )) (set ft (float 0 (var f1) )) (set fres (+. rna (var fr) (*. rna (var fs) (fneg (var ft))))) (set f2 (cast 64 false (fbits (var fres)))) (set fsr_v (var fres)) nop (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))) (& (<< (ite (fexcept e_inexact (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x7) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x9) false))) (& (<< (ite (fexcept e_overflow (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x9) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x9) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x8) false))) (& (<< (ite (fexcept e_underflow (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x8) false))))) +d "dsync" 302000 0x0 nop +d "entry a1, 0x7ff8" 36f1ff 0x0 (seq (set cwoe (ite (! (is_zero (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (bv 32 0x0) (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)))) (set n (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)))) (! (is_zero (bv 32 0x0))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x1) (ite (&& (|| (! (is_zero (bv 32 0x0))) (|| (! (is_zero (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)))) (! (is_zero (bv 32 0x0))))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x2) (ite (&& (|| (== (bv 32 0x0) (bv 32 0x3)) (|| (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0x3)) (== (bv 32 0x0) (bv 32 0x3)))) (! (is_zero (& (>> (var windowstart) (+ (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))))) (bv 32 0x3) (bv 32 0x0))))) (branch (&& (== (var cwoe) (bv 32 0x1)) (! (== (var n) (bv 32 0x0)))) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var windowbase) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set m (+ (var windowbase) (var n))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x0)) (set windowbase (var m)) (set nextPC (ite (== (var windowstart) (bv 32 0x0)) (bv 32 0x1) (ite (== (var windowstart) (bv 32 0x1)) (bv 32 0x2) (bv 32 0x3))))) nop) (branch (|| (! (ule (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x3))) (|| (is_zero (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))) (== (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (bv 32 0x1)))) nop (seq (branch (&& (ule (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0x10)) (! (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0x10)))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0xf)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x3)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0xe)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x3)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0xd)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x3)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0xc)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x3)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0xb)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x2)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0xa)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x2)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0x9)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x2)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0x8)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x2)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0x7)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x1)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0x6)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x1)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0x5)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x1)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0x4)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x1)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0x3)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0x2)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0x1)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) (branch (== (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0x0)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x7ff8))) nop)))))))))))))))) nop) (set windowbase (+ (var windowbase) (& (>> (var ps) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)))) (set windowstart (bv 32 0x1))))) +d "esync" 202000 0x0 nop +d "excw" 802000 0x0 nop +d "extui a2, a1, 0x13, 5" 102345 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (let at (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (& (bv 32 0x3f) (let at1 (| (& (var at) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x1f) false))) (& (<< (bv 32 0x0) (bv 32 0x1f) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x1f) false))) (>> (var at1) (bv 32 0x13) false))))) +d "extw" d02000 0x0 nop +d "float.s f2, a3, 1" 1023ca 0x0 (seq (set fres (fcast_float ieee754-bin32 rna (div (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0)))) (set f2 (cast 64 false (fbits (var fres)))) (set fsr_v (var fres)) nop (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))) (& (<< (ite (fexcept e_inexact (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x7) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))))) +d "floor.s a2, f3, 1" 1023aa 0x0 (seq (set fres (*. rna (float 0 (var f3) ) (float 0 (bv 32 0x40000000) ))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (fcast_sint 32 rna (var fres))) (set fsr_v (var fres)) nop (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (fexcept e_invalid_op (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))) (& (<< (ite (fexcept e_inexact (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x7) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))))) +d "isync" 002000 0x0 nop +d "jx a1" a00100 0x0 (jmp (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "j . +3" c6ffff 0x0 (jmp (bv 32 0x3)) +d "j . +3" c6ffff 0x40000 (jmp (bv 32 0x40003)) +d "l8ui a1, a3, 0xff" 1203ff 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (cast 32 false (load 0 (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0xff))))) +d "l16si a1, a3, 0x1fe" 1293ff 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (let mem16 (loadw 0 16 (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1fe))) (>> (cast 32 false (<< (cast 32 false (var mem16)) (- (- (bv 32 0x20) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x20) (bv 32 0x10)) (msb (cast 32 false (<< (cast 32 false (var mem16)) (- (- (bv 32 0x20) (bv 32 0x10)) (bv 32 0x0)) false)))))) +d "l16ui a1, a3, 0x1fe" 1213ff 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (let mem16 (loadw 0 16 (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1fe))) (cast 32 false (var mem16)))) +d "l32r a2, . -4" 21ffff 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (loadw 0 32 (bv 32 0xfffffffc))) +d "l32i.n a2, a2, 0x3c" 28f2 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (loadw 0 32 (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x3c)))) +d "l32i a1, a3, 0x3fc" 1223ff 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (loadw 0 32 (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x3fc)))) +d "l32e a1, a3, -0x38" 102309 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (loadw 0 32 (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0xffffffc8)))) +d "lddec m3, a2" 043290 0x0 (seq (set vAddr (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m3 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "ldinc m2, a1" 042180 0x0 (seq (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m2 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "loop a1, . +0x103" 7681ff 0x0 (seq (set lcount (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1))) (set lbeg (bv 32 0x3)) (set lend (bv 32 0x103))) +d "loopgtz a1, . +0x103" 76a1ff 0x0 (seq (set lcount (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1))) (set lbeg (bv 32 0x3)) (set lend (bv 32 0x103)) (branch (sle (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0)) (jmp (bv 32 0x103)) nop)) +d "loopnez a1, . +0x103" 7691ff 0x0 (seq (set lcount (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1))) (set lbeg (bv 32 0x3)) (set lend (bv 32 0x103)) (branch (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0)) (jmp (bv 32 0x103)) nop)) +d "lsi f1, a2, 0x3fc" 1302ff 0x0 (seq (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x3fc))) (set memVal (loadw 0 32 (var vAddr))) (set f1 (cast 64 false (var memVal)))) +d "lsip f1, a2, 0x3fc" 1382ff 0x0 (seq (set vAddr (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (set memVal (loadw 0 32 (var vAddr))) (set f1 (cast 64 false (var memVal))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (+ (var vAddr) (bv 32 0x3fc)))) +d "lsx f2, a3, a1" 102308 0x0 (seq (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (set memVal (loadw 0 32 (var vAddr))) (set f2 (cast 64 false (var memVal)))) +d "lsxp f2, a3, a1" 102318 0x0 (seq (set vAddr (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (set memVal (loadw 0 32 (var vAddr))) (set f2 (cast 64 false (var memVal))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (+ (var vAddr) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))))) +d "maddn.s f2, f3, f1" 10236a 0x0 (seq (set fr (float 0 (var f2) )) (set fs (float 0 (var f3) )) (set ft (float 0 (var f1) )) (set fres (+. rna (var fr) (*. rna (var fs) (var ft)))) (set fsr_v (var fres)) nop (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (fexcept e_invalid_op (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))) (& (<< (ite (fexcept e_inexact (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x7) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x9) false))) (& (<< (ite (fexcept e_overflow (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x9) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x9) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x8) false))) (& (<< (ite (fexcept e_underflow (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x8) false)))) (set f2 (cast 64 false (fbits (var fres))))) +d "madd.s f2, f3, f1" 10234a 0x0 (seq (set fr (float 0 (var f2) )) (set fs (float 0 (var f3) )) (set ft (float 0 (var f1) )) (set fres (+. rna (var fr) (*. rna (var fs) (var ft)))) (set fsr_v (var fres)) nop (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (fexcept e_invalid_op (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))) (& (<< (ite (fexcept e_inexact (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x7) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x9) false))) (& (<< (ite (fexcept e_overflow (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x9) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x9) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x8) false))) (& (<< (ite (fexcept e_underflow (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x8) false)))) (set f2 (cast 64 false (fbits (var fres))))) +d "max a2, a3, a1" 102353 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (ite (&& (sle (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (! (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "maxu a2, a3, a1" 102373 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (ite (&& (ule (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (! (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "min a2, a3, a1" 102343 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (ite (! (sle (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "minu a2, a3, a1" 102363 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (ite (! (ule (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "memw" c02000 0x0 nop +d "moveqz a2, a3, a1" 102383 0x0 (branch (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) nop) +d "moveqz.s f2, f3, a1" 10238b 0x0 (branch (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0)) (set f2 (var f3)) nop) +d "movf a2, a3, b1" 1023c3 0x0 (branch (! (var b1)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) nop) +d "movf.s f2, f3, b1" 1023cb 0x0 (branch (! (var b1)) (set f2 (var f3)) nop) +d "movgez a2, a3, a1" 1023b3 0x0 (branch (|| (! (sle (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0))) (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) nop) +d "movgez.s f2, f3, a1" 1023bb 0x0 (branch (|| (! (sle (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0))) (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0))) (set f2 (var f3)) nop) +d "movi a1, -1" 12afff 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (bv 32 0xffffffff)) +d "movi.n a1, 0x3f" 3cf1 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (bv 32 0x3f)) +d "movltz a2, a3, a1" 1023a3 0x0 (branch (&& (sle (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0)) (! (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0)))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) nop) +d "movltz.s f2, f3, a1" 1023ab 0x0 (branch (&& (sle (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0)) (! (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0)))) (set f2 (var f3)) nop) +d "movnez a2, a3, a1" 102393 0x0 (branch (! (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) nop) +d "movnez.s f2, f3, a1" 10239b 0x0 (branch (! (== (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0))) (set f2 (var f3)) nop) +d "movsp a1, a2" 101200 0x0 (branch (== (& (>> (var windowstart) (- (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x3)) false)) (bv 32 0x3)) nop (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "movt a2, a3, b1" 1023d3 0x0 (branch (var b1) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) nop) +d "movt.s f2, f3, b1" 1023db 0x0 (branch (var b1) (set f2 (var f3)) nop) +d "msub.s f2, f3, f1" 10235a 0x0 (seq (set fr (float 0 (var f2) )) (set fs (float 0 (var f3) )) (set ft (float 0 (var f1) )) (set fres (-. rna (var fr) (*. rna (var fs) (var ft)))) (set fsr_v (var fres)) nop (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (fexcept e_invalid_op (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))) (& (<< (ite (fexcept e_inexact (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x7) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x9) false))) (& (<< (ite (fexcept e_overflow (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x9) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x9) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x8) false))) (& (<< (ite (fexcept e_underflow (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x8) false)))) (set f2 (cast 64 false (fbits (var fres))))) +d "mul.aa.ll a2, a1" 140274 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.aa.hl a2, a1" 140275 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.aa.lh a2, a1" 140276 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.aa.hh a2, a1" 140277 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.ad.ll a2, m3" 440234 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m3) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.ad.hl a2, m3" 440235 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m3) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.ad.lh a2, m3" 440236 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m3) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.ad.hh a2, m3" 440237 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m3) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.ad.ll a2, m2" 040234 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.ad.hl a2, m2" 040235 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.ad.lh a2, m2" 040236 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.ad.hh a2, m2" 040237 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.dd.ll m0, m2" 040024 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.dd.hl m0, m2" 040025 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.dd.lh m0, m2" 040026 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.dd.hh m0, m2" 040027 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.dd.ll m1, m3" 444024 0x0 (seq (set m1 (& (>> (var m1) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m3) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.dd.hl m1, m3" 444025 0x0 (seq (set m1 (& (>> (var m1) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m3) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.dd.lh m1, m3" 444026 0x0 (seq (set m1 (& (>> (var m1) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m3) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.dd.hh m1, m3" 444027 0x0 (seq (set m1 (& (>> (var m1) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m3) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (* (var sm1) (var sm2))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mul.s f2, f3, f1" 10232a 0x0 (seq (set frs (float 0 (var f3) )) (set frt (float 0 (var f1) )) (set fres (*. rna (var frs) (var frt))) (set fsr_v (var fres)) nop (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (fexcept e_invalid_op (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))) (& (<< (ite (fexcept e_inexact (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x7) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x9) false))) (& (<< (ite (fexcept e_overflow (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x9) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x9) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x8) false))) (& (<< (ite (fexcept e_underflow (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x8) false)))) (set f2 (cast 64 false (fbits (var fres))))) +d "mul16u a2, a3, a1" 1023c1 0x0 (seq (set ars (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set art (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (* (var ars) (var art)))) +d "mul16s a2, a3, a1" 1023d1 0x0 (seq (set ars (>> (cast 32 false (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (- (- (bv 32 0x20) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x20) (bv 32 0x10)) (msb (cast 32 false (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (- (- (bv 32 0x20) (bv 32 0x10)) (bv 32 0x0)) false))))) (set art (>> (cast 32 false (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (- (- (bv 32 0x20) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x20) (bv 32 0x10)) (msb (cast 32 false (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (- (- (bv 32 0x20) (bv 32 0x10)) (bv 32 0x0)) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (* (var ars) (var art)))) +d "mula.aa.ll a2, a1" 140278 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.aa.hl a2, a1" 140279 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.aa.lh a2, a1" 14027a 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.aa.hh a2, a1" 14027b 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.ad.ll a0, m2" 040038 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.ad.hl a0, m2" 040039 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.ad.lh a0, m2" 04003a 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.ad.hh a0, m2" 04003b 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.da.ll m0, a1" 140068 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.da.hl m0, a1" 140069 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.da.lh m0, a1" 14006a 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.da.hh m0, a1" 14006b 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.dd.ll m0, m2" 040028 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.dd.hl m0, m2" 040029 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.dd.lh m0, m2" 04002a 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.dd.hh m0, m2" 04002b 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mula.da.ll.lddec m0, a2, m0, a1" 140258 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.da.hl.lddec m0, a2, m0, a1" 140259 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.da.lh.lddec m0, a2, m0, a1" 14025a 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.da.hh.lddec m0, a2, m0, a1" 14025b 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.da.ll.ldinc m0, a2, m0, a1" 140248 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.da.hl.ldinc m0, a2, m0, a1" 140249 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.da.lh.ldinc m0, a2, m0, a1" 14024a 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.da.hh.ldinc m0, a2, m0, a1" 14024b 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.dd.ll.lddec m0, a1, m0, m2" 040118 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.dd.hl.lddec m0, a1, m0, m2" 040119 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.dd.lh.lddec m0, a1, m0, m2" 04011a 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.dd.hh.lddec m0, a1, m0, m2" 04011b 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.dd.ll.ldinc m0, a1, m0, m2" 040108 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.dd.hl.ldinc m0, a1, m0, m2" 040109 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.dd.lh.ldinc m0, a1, m0, m2" 04010a 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mula.dd.hh.ldinc m0, a1, m0, m2" 04010b 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (+ (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x4))) (set m0 (loadw 0 32 (var vAddr))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var vAddr))) +d "mull a2, a3, a1" 102382 0x0 (seq (set ars (cast 64 false (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (set art (cast 64 false (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (cast 32 false (* (var ars) (var art))))) +d "muls.aa.ll a2, a1" 14027c 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.aa.hl a2, a1" 14027d 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.aa.lh a2, a1" 14027e 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.aa.hh a2, a1" 14027f 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.ad.ll a2, m2" 04023c 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.ad.hl a2, m2" 04023d 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.ad.lh a2, m2" 04023e 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.ad.hh a2, m2" 04023f 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.da.ll m0, a1" 14006c 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.da.hl m0, a1" 14006d 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.da.lh m0, a1" 14006e 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.da.hh m0, a1" 14006f 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.dd.ll m0, m2" 04002c 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.dd.hl m0, m2" 04002d 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.dd.lh m0, m2" 04002e 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "muls.dd.hh m0, m2" 04002f 0x0 (seq (set m1 (& (>> (var m0) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (var m2) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (append (var acchi) (var acclo))) (set acc (let sm1 (>> (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m1) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (let sm2 (>> (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x10)) (msb (cast 64 false (<< (var m2) (- (- (bv 32 0x40) (bv 32 0x10)) (bv 32 0x0)) false)))) (- (var acc) (* (var sm1) (var sm2)))))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "mulsh a2, a3, a1" 1023b2 0x0 (seq (set ars (>> (cast 64 false (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (- (- (bv 32 0x40) (bv 32 0x20)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x20)) (msb (cast 64 false (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (- (- (bv 32 0x40) (bv 32 0x20)) (bv 32 0x0)) false))))) (set art (>> (cast 64 false (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (- (- (bv 32 0x40) (bv 32 0x20)) (bv 32 0x0)) false)) (- (bv 32 0x40) (bv 32 0x20)) (msb (cast 64 false (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (- (- (bv 32 0x40) (bv 32 0x20)) (bv 32 0x0)) false))))) (set tp (* (var ars) (var art))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (cast 32 false (>> (var tp) (bv 32 0x20) false)))) +d "muluh a2, a3, a1" 1023a2 0x0 (seq (set ars (cast 64 false (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (set art (cast 64 false (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (set tp (* (var ars) (var art))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (cast 32 false (>> (var tp) (bv 32 0x20) false)))) +d "neg a2, a1" 102060 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (~- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "neg.s f1, f2" 6012fa 0x0 (set f1 (cast 64 false (fbits (fneg (float 0 (var f2) ))))) +d "nexp01.s f1, f2" b012fa 0x0 (seq (set rs (var f2)) (set frs (float 0 (var rs) )) (set frs64 (fconvert ieee754-bin64 rna (var frs))) (set rs31 (<< (ite (! (ite (== (& (>> (var rs) (bv 32 0x1f) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x1)) false)) (bv 64 0x0)) false true)) (bv 64 0x1) (bv 64 0x0)) (bv 32 0x1f) false)) (set f1 (ite (== (& (>> (var rs) (bv 32 0x17) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x8)) false)) (bv 64 0xff)) (| (& (>> (var rs) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x17)) false)) (| (bv 64 0x3f800000) (var rs31))) (ite (== (& (>> (var rs) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x1f)) false)) (bv 64 0x0)) (| (bv 64 0x40000000) (var rs31)) (let N (/. rna (fpos (var frs64)) (float 1 (bv 64 0x4000000000000000) )) (fbits (fneg (/. rna (var frs64) (pow rna (float 1 (bv 64 0x4010000000000000) ) (var N)))))))))) +d "nop" f02000 0x0 nop +d "nsa a1, a2" 10e240 0x0 (seq (set ars (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (set sign (& (>> (var ars) (bv 32 0x1f) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (ite (== (var sign) (& (>> (var ars) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1f)) false))) (bv 32 0x1f) (let b4 (== (var sign) (& (>> (var ars) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0xf)) false))) (let t3 (ite (var b4) (& (>> (var ars) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false)) (& (>> (var ars) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (let b3 (== (var sign) (& (>> (var t3) (bv 32 0x8) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x8)) false))) (let t2 (ite (var b3) (& (>> (var t3) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x8)) false)) (& (>> (var t3) (bv 32 0x8) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x8)) false))) (let b2 (== (var sign) (& (>> (var t2) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false))) (let t1 (ite (var b2) (& (>> (var t2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false)) (& (>> (var t2) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false))) (let b1 (== (var sign) (& (>> (var t1) (bv 32 0x2) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false))) (let b0 (ite (var b1) (== (& (>> (var t1) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (var sign)) (== (& (>> (var t1) (bv 32 0x3) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (var sign))) (- (| (<< (ite (var b4) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x4) false) (| (<< (ite (var b3) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x3) false) (| (<< (ite (var b2) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x2) false) (| (<< (ite (var b1) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x1) false) (ite (var b0) (bv 32 0x1) (bv 32 0x0)))))) (bv 32 0x1))))))))))))) +d "nsau a1, a2" 10f240 0x0 (seq (set ars (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (set sign (bv 32 0x0)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (ite (== (var sign) (var ars)) (bv 32 0x20) (let b4 (== (var sign) (& (>> (var ars) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (let t3 (ite (var b4) (& (>> (var ars) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false)) (& (>> (var ars) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (let b3 (== (var sign) (& (>> (var t3) (bv 32 0x8) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x8)) false))) (let t2 (ite (var b3) (& (>> (var t3) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x8)) false)) (& (>> (var t3) (bv 32 0x8) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x8)) false))) (let b2 (== (var sign) (& (>> (var t2) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false))) (let t1 (ite (var b2) (& (>> (var t2) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false)) (& (>> (var t2) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false))) (let b1 (== (var sign) (& (>> (var t1) (bv 32 0x2) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false))) (let b0 (ite (var b1) (== (& (>> (var t1) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (var sign)) (== (& (>> (var t1) (bv 32 0x3) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (var sign))) (| (<< (ite (var b4) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x4) false) (| (<< (ite (var b3) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x3) false) (| (<< (ite (var b2) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x2) false) (| (<< (ite (var b1) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x1) false) (ite (var b0) (bv 32 0x1) (bv 32 0x0))))))))))))))))) +d "oeq.s b2, f3, f1" 10232b 0x0 (seq (set b2 (! (|| (|| (is_nan (float 0 (var f3) )) (is_nan (float 0 (var f1) ))) (|| (<. (float 0 (var f3) ) (float 0 (var f1) )) (<. (float 0 (var f1) ) (float 0 (var f3) )))))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (|| (is_nan (float 0 (var f3) )) (is_nan (float 0 (var f1) ))) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))))) +d "ole.s b2, f3, f1" 10236b 0x0 (seq (set b2 (&& (! (|| (is_nan (float 0 (var f3) )) (is_nan (float 0 (var f1) )))) (! (<. (float 0 (var f1) ) (float 0 (var f3) ))))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (|| (is_nan (float 0 (var f3) )) (is_nan (float 0 (var f1) ))) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))))) +d "olt.s b2, f3, f1" 10234b 0x0 (seq (set b2 (&& (! (|| (is_nan (float 0 (var f3) )) (is_nan (float 0 (var f1) )))) (<. (float 0 (var f3) ) (float 0 (var f1) )))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (|| (is_nan (float 0 (var f3) )) (is_nan (float 0 (var f1) ))) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))))) +d "or a2, a3, a1" 102320 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (| (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "orb b2, b3, b1" 102322 0x0 (set b2 (|| (var b3) (var b1))) +d "orbc b2, b3, b1" 102332 0x0 (set b2 (|| (var b3) (! (var b1)))) +d "quos a2, a3, a1" 1023d2 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (sdiv (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "quou a2, a3, a1" 1023c2 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (div (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "rems a2, a3, a1" 1023f2 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (smod (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "remu a2, a3, a1" 1023e2 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (mod (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "rer a1, a2" 106240 0x0 nop +d "ret" 800000 0x0 (jmp (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "ret.n" 0df0 0x0 (jmp (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "retw" 900000 0x0 (seq (set n (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1e) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false))) (set nextPC (| (bv 32 0x0) (& (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x3fffffff)))) (set owb (var windowbase)) (set m (ite (== (& (>> (var windowstart) (- (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (bv 32 0x1)) (bv 32 0x1) (ite (== (& (>> (var windowstart) (- (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (bv 32 0x1)) (bv 32 0x2) (ite (== (& (>> (var windowstart) (- (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (bv 32 0x1)) (bv 32 0x3) (bv 32 0x0))))) (branch (|| (&& (! (== (var m) (bv 32 0x0))) (! (== (var m) (var n)))) (|| (== (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (bv 32 0x0)) (== (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (bv 32 0x1)))) nop (seq (branch (! (== (- (var windowstart) (| (bv 32 0x2) (var n))) (bv 32 0x0))) (set windowstart (bv 32 0x0)) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x0)) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var owb) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set nextPC (ite (== (var n) (bv 32 0x1)) (var windowunderflow4) (ite (== (var n) (bv 32 0x2)) (var windowunderflow8) (var windowunderflow12)))))) (set windowbase (- (var windowbase) (| (bv 32 0x2) (var n)))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false))) (& (<< (var n) (bv 32 0x10) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false)))) (jmp (var nextPC))))) +d "retw.n" 1df0 0x0 (seq (set n (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1e) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false))) (set nextPC (| (bv 32 0x0) (& (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x3fffffff)))) (set owb (var windowbase)) (set m (ite (== (& (>> (var windowstart) (- (var windowbase) (bv 32 0x1)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (bv 32 0x1)) (bv 32 0x1) (ite (== (& (>> (var windowstart) (- (var windowbase) (bv 32 0x2)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (bv 32 0x1)) (bv 32 0x2) (ite (== (& (>> (var windowstart) (- (var windowbase) (bv 32 0x3)) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (bv 32 0x1)) (bv 32 0x3) (bv 32 0x0))))) (branch (|| (&& (! (== (var m) (bv 32 0x0))) (! (== (var m) (var n)))) (|| (== (& (>> (var ps) (bv 32 0x12) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (bv 32 0x0)) (== (& (>> (var ps) (bv 32 0x4) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false)) (bv 32 0x1)))) nop (seq (branch (! (== (- (var windowstart) (| (bv 32 0x2) (var n))) (bv 32 0x0))) (set windowstart (bv 32 0x0)) (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x1) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set epc1 (bv 32 0x0)) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false))) (& (<< (var owb) (bv 32 0x8) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x8) false)))) (set nextPC (ite (== (var n) (bv 32 0x1)) (var windowunderflow4) (ite (== (var n) (bv 32 0x2)) (var windowunderflow8) (var windowunderflow12)))))) (set windowbase (- (var windowbase) (| (bv 32 0x2) (var n)))) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false))) (& (<< (var n) (bv 32 0x10) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false) (bv 32 0x10) false)))) (jmp (var nextPC))))) +d "rfde" 003200 0x0 (jmp (ite (var ndepc) (var depc) (var epc1))) +d "rfe" 003000 0x0 (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x0) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (jmp (var epc1))) +d "rfi 2" 103200 0x0 (seq (set ps (var eps2)) (jmp (var epc2))) +d "rfr a1, f2" 4012fa 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (cast 32 false (var f2))) +d "rfwo" 003400 0x0 (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x0) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set windowstart (| (& (var windowstart) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (var windowbase) false))) (& (<< (bv 32 0x0) (var windowbase) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (var windowbase) false)))) (set windowbase (& (>> (var ps) (bv 32 0x8) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false))) (jmp (var epc1))) +d "rfwu" 003500 0x0 (seq (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false))) (& (<< (bv 32 0x0) (bv 32 0x4) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x4) false)))) (set windowstart (| (& (var windowstart) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (var windowbase) false))) (& (<< (bv 32 0x1) (var windowbase) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (var windowbase) false)))) (set windowbase (& (>> (var ps) (bv 32 0x8) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false))) (jmp (var epc1))) +d "rotw -1" f08040 0x0 (seq (set wb (+ (var windowbase) (bv 32 0xffffffff))) (set windowbase (var wb))) +d "round.s a2, f3, 1" 10238a 0x0 (seq (set fres (fround rna (*. rna (float 0 (var f3) ) (float 0 (bv 32 0x40000000) )))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (fbits (var fres))) (set fsr_v (var fres)) nop (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (fexcept e_invalid_op (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))))) +d "rsil a1, 0xf" 106f00 0x0 (seq (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var ps)) (set ps (| (& (var ps) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x0) false))) (& (<< (bv 32 0xf) (bv 32 0x0) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x4)) false) (bv 32 0x0) false))))) +d "rsqrt0.s f1, f2" a012fa 0x0 nop +d "rsr a1, litbase" 100503 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var litbase)) +d "rsync" 102000 0x0 nop +d "rur.accx_0 a0" 0000e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x0) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var accx_0)) +d "rur.accx_0 a1" 0010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var accx_0)) +d "rur.accx_1 a1" 1010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var accx_1)) +d "rur.qacc_h_0 a1" 2010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var qacc_h_0)) +d "rur.qacc_h_1 a1" 3010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var qacc_h_1)) +d "rur.qacc_h_2 a1" 4010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var qacc_h_2)) +d "rur.qacc_h_3 a1" 5010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var qacc_h_3)) +d "rur.qacc_h_4 a1" 6010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var qacc_h_4)) +d "rur.qacc_l_0 a1" 7010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var qacc_l_0)) +d "rur.qacc_l_1 a1" 8010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var qacc_l_1)) +d "rur.qacc_l_2 a1" 9010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var qacc_l_2)) +d "rur.qacc_l_3 a1" a010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var qacc_l_3)) +d "rur.qacc_l_4 a1" b010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var qacc_l_4)) +d "rur.gpio_out a1" c010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var gpio_out)) +d "rur.sar_byte a1" d010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var sar_byte)) +d "rur.fft_bit_width a1" e010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var fft_bit_width)) +d "rur.ua_state_0 a1" f010e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var ua_state_0)) +d "rur.ua_state_1 a1" 0011e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var ua_state_1)) +d "rur.ua_state_2 a1" 1011e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var ua_state_2)) +d "rur.ua_state_3 a1" 2011e3 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var ua_state_3)) +d "s8i a1, a2, 0xff" 1242ff 0x0 (seq (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0xff))) (store 0 (var vAddr) (cast 8 false (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))))) +d "s16i a1, a2, 0x1fe" 1252ff 0x0 (seq (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1fe))) (storew 0 (var vAddr) (cast 16 false (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))))) +d "s32c1i a1, a2, 0x3fc" 12e2ff 0x0 (seq (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x3fc))) (set mem (loadw 0 32 (var vAddr))) (branch (== (var mem) (var scompare1)) (storew 0 (var vAddr) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) nop) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var mem))) +d "s32e a1, a3, -0x38" 102349 0x0 (seq (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0xffffffc8))) (storew 0 (var vAddr) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "s32i a1, a2, 0x3fc" 1262ff 0x0 (seq (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x3fc))) (storew 0 (var vAddr) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "sext a2, a3, 8" 102323 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (>> (cast 32 false (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (- (- (bv 32 0x20) (bv 32 0x8)) (bv 32 0x0)) false)) (- (bv 32 0x20) (bv 32 0x8)) (msb (cast 32 false (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (- (- (bv 32 0x20) (bv 32 0x8)) (bv 32 0x0)) false))))) +d "simcall" 005100 0x0 nop +d "slli a2, a3, 0x1f" 102301 0x0 (seq (set sa (bv 32 0x1f)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (var sa) false))) +d "sll a1, a2" 0012a1 0x0 (seq (set sa (& (>> (var sar) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x5)) false))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (var sa) false))) +d "sqrt0.s f1, f2" 9012fa 0x0 nop +d "srai a2, a1, 1" 102121 0x0 (seq (set sa (bv 32 0x1)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (var sa) (msb (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))))) +d "sra a2, a1" 1020b1 0x0 (seq (set sa (& (>> (var sar) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x5)) false))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (var sa) (msb (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))))) +d "src a2, a3, a1" 102381 0x0 (seq (set sa (& (>> (var sar) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x5)) false))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (cast 32 false (>> (append (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (var sa) false)))) +d "srl a2, a1" 102091 0x0 (seq (set sa (& (>> (var sar) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x5)) false))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (var sa) false))) +d "srli a2, a1, 1" 102141 0x0 (seq (set sa (bv 32 0x1)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (var sa) false))) +d "ssai 1" 004140 0x0 (set sar (bv 32 0x1)) +d "ssa8l a1" 002140 0x0 (set sar (<< (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x2)) false)) (bv 32 0x3) false)) +d "ssip f1, a2, 0x3fc" 13c2ff 0x0 (seq (set vAddr (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 0 (var vAddr) (var f1)) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (bv 32 0x3fc))) +d "ssi f1, a2, 0x3fc" 1342ff 0x0 (seq (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x3fc))) (storew 0 (var vAddr) (cast 32 false (var f1)))) +d "ssxp f2, a3, a1" 102358 0x0 (seq (set vAddr (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 0 (var vAddr) (cast 32 false (var f2))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (+ (var vAddr) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))))) +d "ssx f2, a3, a1" 102348 0x0 (seq (set vAddr (+ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (storew 0 (var vAddr) (cast 32 false (var f2)))) +d "ssr a1" 000140 0x0 (seq (set sa (cast 5 false (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (set sar (cast 32 false (var sa)))) +d "ssl a1" 001140 0x0 (seq (set sa (cast 5 false (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) (set sar (- (bv 32 0x20) (cast 32 false (var sa))))) +d "sub a2, a3, a1" 1023c0 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (- (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "sub.s f2, f3, f1" 10231a 0x0 (seq (set fres (-. rna (float 0 (var f3) ) (float 0 (var f1) ))) (set f2 (cast 64 false (fbits (var fres)))) (set fsr_v (var fres)) nop (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (fexcept e_invalid_op (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))) (& (<< (ite (fexcept e_inexact (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x7) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x9) false))) (& (<< (ite (fexcept e_overflow (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x9) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x9) false))))) +d "subx2 a2, a3, a1" 1023d0 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (- (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x1) false) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "subx4 a2, a3, a1" 1023e0 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (- (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x2) false) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "subx8 a2, a3, a1" 1023f0 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (- (<< (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x3) false) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "syscall" 005000 0x0 nop +d "trunc.s a2, f3, 1" 10239a 0x0 (seq (set fres (*. rna (float 0 (var f3) ) (float 0 (bv 32 0x40000000) ))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (fcast_sint 32 rna (var fres))) (set fsr_v (var fres)) nop (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (fexcept e_invalid_op (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))) (& (<< (ite (fexcept e_inexact (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x7) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))))) +d "ueq.s b2, f3, f1" 10233b 0x0 (seq (set b2 (! (|| (|| (is_nan (float 0 (var f3) )) (is_nan (float 0 (var f1) ))) (|| (<. (float 0 (var f3) ) (float 0 (var f1) )) (<. (float 0 (var f1) ) (float 0 (var f3) )))))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (|| (is_nan (float 0 (var f3) )) (is_nan (float 0 (var f1) ))) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))))) +d "float.s f2, a3, 1" 1023ca 0x0 (seq (set fres (fcast_float ieee754-bin32 rna (div (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0)))) (set f2 (cast 64 false (fbits (var fres)))) (set fsr_v (var fres)) nop (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))) (& (<< (ite (fexcept e_inexact (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x7) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))))) +d "ule.s b2, f3, f1" 10237b 0x0 (seq (set b2 (&& (! (|| (is_nan (float 0 (var f3) )) (is_nan (float 0 (var f1) )))) (! (<. (float 0 (var f1) ) (float 0 (var f3) ))))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (|| (is_nan (float 0 (var f3) )) (is_nan (float 0 (var f1) ))) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))))) +d "ult.s b2, f3, f1" 10235b 0x0 (seq (set b2 (&& (! (|| (is_nan (float 0 (var f3) )) (is_nan (float 0 (var f1) )))) (<. (float 0 (var f3) ) (float 0 (var f1) )))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (|| (is_nan (float 0 (var f3) )) (is_nan (float 0 (var f1) ))) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))))) +d "umul.aa.ll a2, a1" 140270 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (* (cast 64 false (var m1)) (cast 64 false (var m2)))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "umul.aa.hl a2, a1" 140271 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (* (cast 64 false (var m1)) (cast 64 false (var m2)))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "umul.aa.lh a2, a1" 140272 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x0) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (* (cast 64 false (var m1)) (cast 64 false (var m2)))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "umul.aa.hh a2, a1" 140273 0x0 (seq (set m1 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set m2 (& (>> (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (bv 32 0x10) false) (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x10)) false))) (set acc (* (cast 64 false (var m1)) (cast 64 false (var m2)))) (set acclo (cast 32 false (& (>> (var acc) (bv 32 0x0) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false)))) (set acchi (cast 32 false (& (>> (var acc) (bv 32 0x20) false) (>> (bv 64 0xffffffffffffffff) (- (bv 32 0x40) (bv 32 0x20)) false))))) +d "utrunc.s a2, f3, 1" 1023ea 0x0 (seq (set fres (*. rna (float 0 (var f3) ) (float 0 (bv 32 0x40000000) ))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (fcast_int 32 rna (var fres))) (set fsr_v (var fres)) nop (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (fexcept e_invalid_op (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false)))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))) (& (<< (ite (fexcept e_inexact (var fsr_v)) (bv 32 0x1) (bv 32 0x0)) (bv 32 0x7) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0x7) false))))) +d "un.s b2, f3, f1" 10231b 0x0 (seq (set b2 (|| (is_nan (float 0 (var f3) )) (is_nan (float 0 (var f1) )))) (set fsr (| (& (var fsr) (~ (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))) (& (<< (ite (|| (is_nan (float 0 (var f3) )) (is_nan (float 0 (var f1) ))) (bv 32 0x1) (bv 32 0x0)) (bv 32 0xb) false) (<< (>> (bv 32 0xffffffff) (- (bv 32 0x20) (bv 32 0x1)) false) (bv 32 0xb) false))))) +d "waiti 0xf" 007f00 0x0 nop +d "wdtlb a1, a2" 10e250 0x0 nop +d "wer a1, a2" 107240 0x0 nop +d "wfr f1, a2" 5012fa 0x0 (set f1 (cast 64 false (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "wsr a1, lend" 100113 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var lend)) +d "wsr a1, lcount" 100213 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var lcount)) +d "wsr a1, sar" 100313 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var sar)) +d "wsr a1, br" 100413 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var br)) +d "wsr a1, litbase" 100513 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var litbase)) +d "wsr a1, scompare1" 100c13 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var scompare1)) +d "witlb a1, a2" 106250 0x0 nop +d "wur.accx_1 a1" 1001f3 0x0 (set accx_1 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "wur.qacc_h_0 a1" 1002f3 0x0 (set qacc_h_0 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "wur.qacc_h_1 a1" 1003f3 0x0 (set qacc_h_1 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "wur.qacc_h_2 a1" 1004f3 0x0 (set qacc_h_2 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "wur.qacc_h_3 a1" 1005f3 0x0 (set qacc_h_3 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "wur.qacc_h_4 a1" 1006f3 0x0 (set qacc_h_4 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "wur.qacc_l_0 a1" 1007f3 0x0 (set qacc_l_0 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "wur.qacc_l_1 a1" 1008f3 0x0 (set qacc_l_1 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "wur.qacc_l_2 a1" 1009f3 0x0 (set qacc_l_2 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "wur.qacc_l_3 a1" 100af3 0x0 (set qacc_l_3 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "wur.qacc_l_4 a1" 100bf3 0x0 (set qacc_l_4 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "wur.gpio_out a1" 100cf3 0x0 (set gpio_out (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "wur.sar_byte a1" 100df3 0x0 (set sar_byte (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "wur.fft_bit_width a1" 100ef3 0x0 (set fft_bit_width (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "wur.ua_state_0 a1" 100ff3 0x0 (set ua_state_0 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) +d "xsr a1, lend" 100161 0x0 (seq (set t0 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var lend)) (set lend (var t0))) +d "xsr a1, lcount" 100261 0x0 (seq (set t0 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var lcount)) (set lcount (var t0))) +d "xsr a1, sar" 100361 0x0 (seq (set t0 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var sar)) (set sar (var t0))) +d "xsr a1, br" 100461 0x0 (seq (set t0 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var br)) (set br (var t0))) +d "xsr a1, litbase" 100561 0x0 (seq (set t0 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var litbase)) (set litbase (var t0))) +d "xsr a1, scompare1" 100c61 0x0 (seq (set t0 (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))))) (storew 1 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (var scompare1)) (set scompare1 (var t0))) +d "xor a2, a3, a1" 102330 0x0 (storew 1 (* (bv 32 0x4) (| (bv 32 0x2) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false))) (^ (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x3) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))) (loadw 1 32 (* (bv 32 0x4) (| (bv 32 0x1) (<< (+ (var windowbase) (bv 32 0x0)) (bv 32 0x2) false)))))) +d "xorb b2, b3, b1" 102342 0x0 (set b2 (^^ (var b3) (var b1))) diff --git a/test/db/cmd/cmd_list b/test/db/cmd/cmd_list index 024eead4c12..d264a8fc67d 100644 --- a/test/db/cmd/cmd_list +++ b/test/db/cmd/cmd_list @@ -445,7 +445,7 @@ a____ 16 32 64 x86.nasm LGPL3 X86 nasm assembler a____ 16 32 64 x86.nz LGPL3 x86 handmade assembler _dA__ 16 xap PD XAP4 RISC (CSR) _dA__ 32 xcore BSD Capstone XCore disassembler (by pancake) -_dAe_ 32 xtensa LGPL3 Capstone Xtensa disassembly plugin (by billow) +_dAeI 32 xtensa LGPL3 Capstone Xtensa disassembly plugin (by billow) adA__ 8 z80 GPL3 Zilog Z80 (by condret) EOF RUN diff --git a/test/db/esil/xtensa_32 b/test/db/esil/xtensa_32 index c5caf8fa18d..7d3c8f8e82b 100644 --- a/test/db/esil/xtensa_32 +++ b/test/db/esil/xtensa_32 @@ -67,18 +67,18 @@ e asm.arch=xtensa e asm.bits=32 wx c5000022a020c00200000000000000008000000000000000000000000000000002a030c00000 aes -ar~pc -ar~a0 +ar~^pc +ar~^a0 aes aes ar~a2 aes -ar~pc -ar~a0 +ar~^pc +ar~^a0 aes aes -ar~pc -ar~a0 +ar~^pc +ar~^a0 EOF EXPECT=<