Comparison of the LLVM IR generated by three binary-to-llvm translators

17th september 2019

David Korczynski,

Security Research & Security Engineering

Introduction

In recent years there has been a significant increase in the interest into the LLVM project from security practitioners in both industry and academia. The reason for this is largely that the LLVM project offers a convenient way to develop novel program analysis tools and techniques allowing researchers to rapidly prototype new systems. This has resulted in a a significant amount of work being contributed to the project and attracted more and more engineers, resulting in a compound-like growth. There are many popular security-oriented projects that rely heavily on LLVM with some of the popular ones being KLEE, AddressSanitizer, LibFuzzer, S2E and PANDA. In addition to this, LLVM has a large body of analysis capabilities integrated into the compiler framework itself, which can perform a broad series of optimisations, security analyses and so on.

The analysis capabilities that comes with the LLVM framework has also attracted practitioners from the binary analysis domain. Although LLVM is a compiler framework and thus largley focused on forward-engineering, the project and its surrounding tools offer such a rich set of analysis capabilities that it is attractive to use them in a reverse engineering context. To this end, several tools are being developed that translate binary code into the LLVM intermediate representation (IR), sometimes called binary lifters or binary raisers. However, despite these tools offering the same overall goal, namely translation of binary executables to LLVM modules, they each have very different properties and maturity-levels. As such, it can be difficult to assess which tool is most likely the best solution to a given problem. In this blogpost we share some brief insights into the code produced by some of these lifters through an empirical comparison between the LLVM code created by three different translators when matched with the same binary code samples.

We have picked three popular binary-to-llvm translators, namely mcsema by Trail of Bits, mctoll (acronym for machine code to LLVM I believe) by Microsoft and retdec by Avast. The goal of this blogpost is to focus purely on the generated LLVM IR, rather than creating an overall assessment of each project on their strengths and weaknesses. Perhaps most importantly, we are not going to investigate their overall maturity and how each of them work against a large and diverse sample database as this deserves a study on its own.

The procedure we will use to assess the projects are simply to translate a given binary with each of the three projects, and then inspect the LLVM code produced by each of them. Specifically, the steps we deploy when assessing the code are the following:

Create source code in C
Compile C code to: (1) binary; (2) non-optimised LLVM code and (3) optimised LLVM code
Translate binary to LLVM IR with each of McSema, mctoll, retdec
Perform a qualitative comparison between the LLVM IR obtained

In total we have created six small C code samples that we will use for our study. We will go into details with two of these samples and then leave the results from the other samples as a reference point for those who are interested.

Setup

All of the source that we have used in this study is open source. Specifically, we use the latest version of mctoll which can be retrieved from here. For Retdec we used the released binary for version 3.3 retrieved from here. The McSema version that we will be using is the one from Lukas Korencik's Master's thesis found here which relies on the DynInst framework for disassembling a given binary. As such, all of the software that we use is completely open source and, in particular, no proprietary disassembler is needed to repeat our experiments.

Result overview

LLVM IR size

The following two tables display the lines of code of the LLVM IR from compiling the source code directly and lifting the binary with mctoll, retdec and mcsema, respectively, as well as the size in bytes of the compiled bitcode file (the binary version of the LLVM IR). There are two tables, one for the the non-optimised LLVM code and one where we have applied LLVM optimisations on the given LLVM code using opt -O3.

Non-optimised LLVM

Test	LoC LLVM	LoC mctoll	LoC retdec	LoC mcsema	.bc size LLVM	.bc size mctoll	.bc size retdec	.bc size mcsema
1	41	35	206	1212	2264	1140	3424	39140
2	49	49	202	1199	2316	1204	3348	39108
3	52	49	216	1265	2388	1276	3480	39812
4	77	87	253	1320	3428	1544	4088	41260
5	116	149	291	1466	3344	1764	4276	41868
6	253	386	413	1778	4612	3144	5908	43924

Optimised LLVM

Test	LoC LLVM	LoC mctoll	LoC retdec	LoC mcsema	.bc size LLVM	.bc size mctoll	.bc size retdec	.bc size mcsema
1	27	19	137	1179	2116	1052	3444	40892
2	28	20	139	1160	2160	1100	3348	40808
3	31	22	142	1230	2256	1112	3480	41584
4	62	78	203	1280	3292	1600	4088	43172
5	115	94	220	1398	3864	1668	4488	43716
6	178	164	314	1728	4716	2364	6056	46428

Function count in produced LLVM The following table lists the number of functions defined in the LLVM modules of the non-optimizes version:

Test	func count LLVM	func count mctoll	func count retdec	func count mcsema
1	2	2	12	25
2	2	2	12	25
3	3	3	13	27
4	2	2	14	27
5	2	2	13	26
6	2	2	14	27

Qualitative discussion

In order to give a better intuition behind the code we will discuss two test samples in more depth.

Test1

First, we will go through test1 where the primary function we lift is the following function:

This code is compiled into the following LLVM code by clang and no optimisations:

define dso_local i32 @add(i32 %arg1, i32 %arg2) #0 {
entry:
  %arg1.addr = alloca i32, align 4
  %arg2.addr = alloca i32, align 4
  store i32 %arg1, i32* %arg1.addr, align 4
  store i32 %arg2, i32* %arg2.addr, align 4
  %0 = load i32, i32* %arg1.addr, align 4
  %1 = load i32, i32* %arg2.addr, align 4
  %add = add nsw i32 %0, %1
  ret i32 %add
}

and is compiled to the following code with clang and heavy optimisations (O3):

define dso_local i32 @add(i32 %arg1, i32 %arg2) local_unnamed_addr #0 {
entry:
  %add = add nsw i32 %arg2, %arg1
  ret i32 %add
}

The function when compiled with GCC looks as follows:

(gdb) disass add
Dump of assembler code for function add:
   0x00000000000005fa <+0>:     push   rbp
   0x00000000000005fb <+1>:     mov    rbp,rsp
   0x00000000000005fe <+4>:     mov    DWORD PTR [rbp-0x4],edi
   0x0000000000000601 <+7>:     mov    DWORD PTR [rbp-0x8],esi
   0x0000000000000604 <+10>:    mov    edx,DWORD PTR [rbp-0x4]
   0x0000000000000607 <+13>:    mov    eax,DWORD PTR [rbp-0x8]
   0x000000000000060a <+16>:    add    eax,edx
   0x000000000000060c <+18>:    pop    rbp
   0x000000000000060d <+19>:    ret    
End of assembler dump.

As such, the non-optimised version of the LLVM is incredibly similar to the compiled code.

The following boxes show the non-optimised code when lifted by the three lifters:
mctoll:

define dso_local i32 @add(i32 %arg1, i32 %arg2) {
entry:
  %0 = alloca i64, align 8
  %1 = alloca i32, align 4
  %2 = alloca i32, align 4
  %3 = ptrtoint i64* %0 to i64
  store i32 %arg1, i32* %1, align 4
  store i32 %arg2, i32* %2, align 4
  %4 = load i32, i32* %1, align 4
  %5 = load i32, i32* %2, align 4
  %6 = add nsw i32 %5, %4
  %7 = shl i32 1, 31
  %8 = and i32 %7, %6
  %SF = icmp eq i32 %8, %7
  %ZF = icmp eq i32 %6, 0
  ret i32 %6
}

retdec:

define i64 @add(i64 %arg1, i64 %arg2) local_unnamed_addr {
dec_label_pc_5fa:
  %rdi.global-to-local = alloca i64, align 8
  %rsi.global-to-local = alloca i64, align 8
  store i64 %arg2, i64* %rsi.global-to-local, align 8
  store i64 %arg1, i64* %rdi.global-to-local, align 8
  %v0_5fe = load i64, i64* %rdi.global-to-local, align 8
  %v0_601 = load i64, i64* %rsi.global-to-local, align 8
  %v4_60a = add i64 %v0_601, %v0_5fe
  %v20_60a = and i64 %v4_60a, 4294967295
  ret i64 %v20_60a
}

and mcsema:

define %struct.Memory* @sub_5fa_add(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 {
block_5fa:
  %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0
  %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0
  %5 = bitcast %union.anon* %4 to i32*
  %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0
  %7 = bitcast %union.anon* %6 to i32*
  %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0
  %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0
  %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0
  %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0
  %12 = load i64, i64* %11, align 8
  %13 = load i64, i64* %10, align 8, !tbaa !1261
  %14 = add i64 %13, -8
  %15 = inttoptr i64 %14 to i64*
  store i64 %12, i64* %15
  %16 = add i64 %13, -12
  %17 = load i32, i32* %7, align 4
  %18 = inttoptr i64 %16 to i32*
  store i32 %17, i32* %18
  %19 = add i64 %13, -16
  %20 = load i32, i32* %5, align 4
  %21 = inttoptr i64 %19 to i32*
  store i32 %20, i32* %21
  %22 = add i64 %13, -12
  %23 = inttoptr i64 %22 to i32*
  %24 = load i32, i32* %23
  %25 = zext i32 %24 to i64
  store i64 %25, i64* %9, align 8, !tbaa !1261
  %26 = add i64 %13, -16
  %27 = inttoptr i64 %26 to i32*
  %28 = load i32, i32* %27
  %29 = add i32 %24, %28
  %30 = zext i32 %29 to i64
  store i64 %30, i64* %8, align 8, !tbaa !1261
  %31 = icmp ult i32 %29, %28
  %32 = icmp ult i32 %29, %24
  %33 = or i1 %31, %32
  %34 = zext i1 %33 to i8
  %35 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1
  store i8 %34, i8* %35, align 1, !tbaa !1265
  %36 = and i32 %29, 255
  %37 = tail call i32 @llvm.ctpop.i32(i32 %36) #5
  %38 = trunc i32 %37 to i8
  %39 = and i8 %38, 1
  %40 = xor i8 %39, 1
  %41 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3
  store i8 %40, i8* %41, align 1, !tbaa !1279
  %42 = xor i32 %24, %28
  %43 = xor i32 %42, %29
  %44 = lshr i32 %43, 4
  %45 = trunc i32 %44 to i8
  %46 = and i8 %45, 1
  %47 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5
  store i8 %46, i8* %47, align 1, !tbaa !1283
  %48 = icmp eq i32 %29, 0
  %49 = zext i1 %48 to i8
  %50 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7
  store i8 %49, i8* %50, align 1, !tbaa !1280
  %51 = lshr i32 %29, 31
  %52 = trunc i32 %51 to i8
  %53 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9
  store i8 %52, i8* %53, align 1, !tbaa !1281
  %54 = lshr i32 %28, 31
  %55 = lshr i32 %24, 31
  %56 = xor i32 %51, %54
  %57 = xor i32 %51, %55
  %58 = add nuw nsw i32 %56, %57
  %59 = icmp eq i32 %58, 2
  %60 = zext i1 %59 to i8
  %61 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13
  store i8 %60, i8* %61, align 1, !tbaa !1282
  %62 = inttoptr i64 %14 to i64*
  %63 = load i64, i64* %62
  store i64 %63, i64* %11, align 8, !tbaa !1261
  %64 = inttoptr i64 %13 to i64*
  %65 = load i64, i64* %64
  store i64 %65, i64* %3, align 8, !tbaa !1261
  %66 = add i64 %13, 8
  store i64 %66, i64* %10, align 8, !tbaa !1261
  ret %struct.Memory* %2
}

and the optimised versions:
mctoll:

define dso_local i32 @add(i32 %arg1, i32 %arg2) local_unnamed_addr #0 {
entry:
  %0 = add nsw i32 %arg2, %arg1
  ret i32 %0
}

retdec:

define i64 @add(i64 %arg1, i64 %arg2) local_unnamed_addr #1 {
dec_label_pc_5fa:
  %v4_60a = add i64 %arg2, %arg1
  %v20_60a = and i64 %v4_60a, 4294967295
  ret i64 %v20_60a
}

and mcsema:

define %struct.Memory* @sub_5fa_add(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 {
block_5fa:
  %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0
  %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0
  %5 = bitcast %union.anon* %4 to i32*
  %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0
  %7 = bitcast %union.anon* %6 to i32*
  %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0
  %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0
  %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0
  %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0
  %12 = load i64, i64* %11, align 8
  %13 = load i64, i64* %10, align 8, !tbaa !1261
  %14 = add i64 %13, -8
  %15 = inttoptr i64 %14 to i64*
  store i64 %12, i64* %15, align 8
  %16 = add i64 %13, -12
  %17 = load i32, i32* %7, align 4
  %18 = inttoptr i64 %16 to i32*
  store i32 %17, i32* %18, align 4
  %19 = add i64 %13, -16
  %20 = load i32, i32* %5, align 4
  %21 = inttoptr i64 %19 to i32*
  store i32 %20, i32* %21, align 4
  %22 = load i32, i32* %18, align 4
  %23 = zext i32 %22 to i64
  store i64 %23, i64* %9, align 8, !tbaa !1261
  %24 = load i32, i32* %21, align 4
  %25 = add i32 %24, %22
  %26 = zext i32 %25 to i64
  store i64 %26, i64* %8, align 8, !tbaa !1261
  %27 = icmp ult i32 %25, %24
  %28 = icmp ult i32 %25, %22
  %29 = or i1 %27, %28
  %30 = zext i1 %29 to i8
  %31 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1
  store i8 %30, i8* %31, align 1, !tbaa !1265
  %32 = and i32 %25, 255
  %33 = tail call i32 @llvm.ctpop.i32(i32 %32) #8
  %34 = trunc i32 %33 to i8
  %35 = and i8 %34, 1
  %36 = xor i8 %35, 1
  %37 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3
  store i8 %36, i8* %37, align 1, !tbaa !1279
  %38 = xor i32 %24, %22
  %39 = xor i32 %38, %25
  %40 = lshr i32 %39, 4
  %41 = trunc i32 %40 to i8
  %42 = and i8 %41, 1
  %43 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5
  store i8 %42, i8* %43, align 1, !tbaa !1283
  %44 = icmp eq i32 %25, 0
  %45 = zext i1 %44 to i8
  %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7
  store i8 %45, i8* %46, align 1, !tbaa !1280
  %47 = lshr i32 %25, 31
  %48 = trunc i32 %47 to i8
  %49 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9
  store i8 %48, i8* %49, align 1, !tbaa !1281
  %50 = lshr i32 %24, 31
  %51 = lshr i32 %22, 31
  %52 = xor i32 %47, %50
  %53 = xor i32 %47, %51
  %54 = add nuw nsw i32 %52, %53
  %55 = icmp eq i32 %54, 2
  %56 = zext i1 %55 to i8
  %57 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13
  store i8 %56, i8* %57, align 1, !tbaa !1282
  %58 = load i64, i64* %15, align 8
  store i64 %58, i64* %11, align 8, !tbaa !1261
  %59 = inttoptr i64 %13 to i64*
  %60 = load i64, i64* %59, align 8
  store i64 %60, i64* %3, align 8, !tbaa !1261
  %61 = add i64 %13, 8
  store i64 %61, i64* %10, align 8, !tbaa !1261
  ret %struct.Memory* %2
}

The code produced for the add function by mctoll and retdec is quite similar in both non-optimised and optimised versions. Furthermore, mctoll produces equivalent code to the compiled LLVM function when aggressive optimisations are applied. Both mctoll and retdec retain the original number of parameters but retdec changes the return value to be an i64 instead of the original i32. Mcsema's code is quite different to the two other lifters and one of the key aspects that separate mcsema from the two others is its use of the %struct.State struct. This is a struct that contains the various artefacts of the architecture of the lifted binary, e.g. the registers (RSP, RBP, RAX, ... for amd64) and the computations perfomed by the instructions raised by mcsema are then based on this struct. In some sense, the lifted code can be considered a form of "virtual machine" since there is a level of indirection through the %struct.State struct. This is also why several getelementptr instructions occur at the beginning of the function since these grab pointers to various "registers" that will be used in the code. However, it makes the code quite difficult to read in comparison to the LLVM produced by the other two lifters and also significantly larger in terms of instructions. Finally, the function signature of the functions lifted by Mcsema are all the same which makes it hard to interpret the signature of a given function since it must be interpreted from the code itself.

Test3

Second, we will go through a few details from test3. One of the reasons we select this test case is because it shows the difficulty of raising to LLVM since we find a minor issue in one of the lifters (mctoll).
The C code for the main function in test3 is the following:

which compiles to the following non-optimised LLVM:

define dso_local i32 @main(i32 %argc, i8** %argv) #0 {
entry:
  %retval = alloca i32, align 4
  %argc.addr = alloca i32, align 4
  %argv.addr = alloca i8**, align 8
  store i32 0, i32* %retval, align 4
  store i32 %argc, i32* %argc.addr, align 4
  store i8** %argv, i8*** %argv.addr, align 8
  %0 = load i32, i32* %argc.addr, align 4
  %cmp = icmp slt i32 %0, 5
  br i1 %cmp, label %if.then, label %if.end

if.then:                                          ; preds = %entry
  %call = call i32 @return_9s()
  store i32 %call, i32* %retval, align 4
  br label %return

if.end:                                           ; preds = %entry
  %call1 = call i32 @return_8s()
  store i32 %call1, i32* %retval, align 4
  br label %return

return:                                           ; preds = %if.end, %if.then
  %1 = load i32, i32* %retval, align 4
  ret i32 %1
}

The non-optimised LLVM code produced by the lifters look as follows:
mctoll:

define dso_local void @main(i32 %arg1, i64 %arg2) {
entry:
  %0 = alloca i64, align 8
  %StackAdj = alloca i64, align 8
  %1 = alloca i32, align 4
  %2 = ptrtoint i64* %0 to i64
  store i32 %arg1, i32* %1, align 4
  store i64 %arg2, i64* %StackAdj, align 8
  %3 = load i32, i32* %1, align 4
  %4 = zext i32 %3 to i64
  %5 = zext i32 4 to i64
  %6 = sub i64 %4, %5
  %ZF = icmp eq i64 %6, 0
  %7 = shl i64 1, 63
  %8 = and i64 %7, %6
  %SF = icmp eq i64 %8, %7
  %ZFCmp_JG = icmp eq i1 %ZF, false
  %SFOFCmp_JG = icmp eq i1 %SF, false
  %ZFAndSFOF_JG = and i1 %ZFCmp_JG, %SFOFCmp_JG
  br i1 %ZFAndSFOF_JG, label %bb.2, label %bb.1

bb.1:                                             ; preds = %entry
  %9 = call i32 @return_9s()
  br label %bb.3

bb.2:                                             ; preds = %entry
  %10 = call i32 @return_8s()
  br label %bb.3

bb.3:                                             ; preds = %bb.2, %bb.1
  ret void
}

retdec:

define i64 @main(i64 %argc, i8** %argv) local_unnamed_addr {
dec_label_pc_610:
  %rdi.global-to-local = alloca i64, align 8
  store i64 %argc, i64* %rdi.global-to-local, align 8
  %v0_618 = load i64, i64* %rdi.global-to-local, align 8
  %v4_61f = trunc i64 %v0_618 to i32
  %v9_623 = icmp sgt i32 %v4_61f, 4
  br i1 %v9_623, label %dec_label_pc_631, label %dec_label_pc_625

dec_label_pc_625:                                 ; preds = %dec_label_pc_610
  %v0_62a = call i64 @return_9s()
  br label %dec_label_pc_63b

dec_label_pc_631:                                 ; preds = %dec_label_pc_610
  %v0_636 = call i64 @return_8s()
  br label %dec_label_pc_63b

dec_label_pc_63b:                                 ; preds = %dec_label_pc_631, %dec_label_pc_625
  %storemerge = phi i64 [ %v0_636, %dec_label_pc_631 ], [ %v0_62a, %dec_label_pc_625 ]
  ret i64 %storemerge
}

and mcsema:

define %struct.Memory* @sub_610_main(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 {
block_610:
  %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0
  %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0
  %5 = bitcast %union.anon* %4 to i32*
  %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0
  %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0
  %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0
  %9 = load i64, i64* %8, align 8
  %10 = load i64, i64* %7, align 8, !tbaa !1261
  %11 = add i64 %10, -8
  %12 = inttoptr i64 %11 to i64*
  store i64 %9, i64* %12
  store i64 %11, i64* %8, align 8, !tbaa !1261
  %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1
  %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3
  %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5
  %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7
  %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9
  %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13
  %19 = add i64 %10, -12
  %20 = load i32, i32* %5, align 4
  %21 = inttoptr i64 %19 to i32*
  store i32 %20, i32* %21
  %22 = add i64 %10, -24
  %23 = load i64, i64* %6, align 8
  %24 = inttoptr i64 %22 to i64*
  store i64 %23, i64* %24
  %25 = inttoptr i64 %19 to i32*
  %26 = load i32, i32* %25
  %27 = add i32 %26, -4
  %28 = icmp ult i32 %26, 4
  %29 = zext i1 %28 to i8
  store i8 %29, i8* %13, align 1, !tbaa !1265
  %30 = and i32 %27, 255
  %31 = tail call i32 @llvm.ctpop.i32(i32 %30) #5
  %32 = trunc i32 %31 to i8
  %33 = and i8 %32, 1
  %34 = xor i8 %33, 1
  store i8 %34, i8* %14, align 1, !tbaa !1279
  %35 = xor i32 %27, %26
  %36 = lshr i32 %35, 4
  %37 = trunc i32 %36 to i8
  %38 = and i8 %37, 1
  store i8 %38, i8* %15, align 1, !tbaa !1280
  %39 = icmp eq i32 %27, 0
  %40 = zext i1 %39 to i8
  store i8 %40, i8* %16, align 1, !tbaa !1281
  %41 = lshr i32 %27, 31
  %42 = trunc i32 %41 to i8
  store i8 %42, i8* %17, align 1, !tbaa !1282
  %43 = lshr i32 %26, 31
  %44 = xor i32 %41, %43
  %45 = add nuw nsw i32 %44, %43
  %46 = icmp eq i32 %45, 2
  %47 = zext i1 %46 to i8
  store i8 %47, i8* %18, align 1, !tbaa !1283
  %48 = icmp ne i8 %42, 0
  %49 = xor i1 %48, %46
  %50 = or i1 %39, %49
  %51 = select i1 %50, i64 21, i64 33
  %52 = add i64 %51, %1
  br i1 %50, label %block_625, label %block_631

block_63b:                                        ; preds = %block_625, %block_631
  %53 = phi %struct.Memory* [ %65, %block_631 ], [ %70, %block_625 ]
  %54 = load i64, i64* %8, align 8, !tbaa !1261
  %55 = inttoptr i64 %54 to i64*
  %56 = load i64, i64* %55
  store i64 %56, i64* %8, align 8, !tbaa !1261
  %57 = add i64 %54, 8
  %58 = inttoptr i64 %57 to i64*
  %59 = load i64, i64* %58
  store i64 %59, i64* %3, align 8, !tbaa !1261
  %60 = add i64 %54, 16
  store i64 %60, i64* %7, align 8, !tbaa !1261
  ret %struct.Memory* %53

block_631:                                        ; preds = %block_610
  %61 = add i64 %52, -44
  %62 = add i64 %52, 10
  %63 = add i64 %10, -32
  %64 = inttoptr i64 %63 to i64*
  store i64 %62, i64* %64
  store i64 %63, i64* %7, align 8, !tbaa !1261
  %65 = tail call %struct.Memory* @sub_605_return_8s(%struct.State* nonnull %0, i64 %61, %struct.Memory* %2)
  br label %block_63b

block_625:                                        ; preds = %block_610
  %66 = add i64 %52, -43
  %67 = add i64 %52, 10
  %68 = add i64 %10, -32
  %69 = inttoptr i64 %68 to i64*
  store i64 %67, i64* %69
  store i64 %68, i64* %7, align 8, !tbaa !1261
  %70 = tail call %struct.Memory* @sub_5fa_return_9s(%struct.State* nonnull %0, i64 %66, %struct.Memory* %2)
  br label %block_63b
}

All three lifters produce the same basic block composition and, again, the code by mctoll and retdec look more similar to each other compared to mcsema. The code produced by retdec is more condensed and is quite nice to read in terms of understanding the code.
The code generated by mctoll contains the following sequence at the end of the main function: bb.1: ; preds = %entry %9 = call i32 @return_9s() br label %bb.3 bb.2: ; preds = %entry %10 = call i32 @return_8s() br label %bb.3 bb.3: ; preds = %bb.2, %bb.1 ret void }

Specifically, the main function returns void and the return values from each of the functions are not used. As such, when we apply optimisations to the code we get the following:

define dso_local void @main(i32 %arg1, i64 %arg2) local_unnamed_addr #0 {
entry:
  ret void
}

which is naturally wrong.
The section All results below lists all of the results from the samples that we used in our study. We will not go into the details of all these samples but rather leave the code for inspection to those who are interested. In the section below we will give a few remarks on our overall impression of the generated LLVM IR.

Some conclusive remarks

Translating binary code to LLVM will surely become more attractive as LLVM continues to grow and the analysis capabilities become more powerful. We have given a brief look into the LLVM code produced by three different binary-to-llvm translators in order to give a better intuition for the expected output. The output of mctoll seems to be closer to the LLVM produced from forward compilation, in particular based on the number of functions in each LLVM module. Both retdec and mcsema seem closer to specific reverse engineering tools in that each of them tries to lift everything from the binary, e.g. compiler-generated functions too. This is the reason each of these lifters produce many more functions in the lifted output in comparison to mctoll. However, despite the similarity in terms of goal between retdec and mcsema, the specific code created by mctoll and retdec seems more comparable, whereas the code produced by mcsema performs a kind of indirect execution by way of a struct that holds the architecture-specific data of the given binary, e.g. the general purpose registers.
In this blogpost our focus was purely on the LLVM IR produced by the lifters and this on rather small samples of code. There are naturally many more aspects to each the lifters where they will differ, e.g. how well they work with real-world applications, accuracy and correctness of the lifted code, support for various targets, ability to recompile the lifted code and so on. These are interesting questions and we leave this for future work.

All results

In the following section we list each of the six test samples we exercised with and the code produced by each of the three lifters. The only thing we have removed is some metadata produced by mcsema from each of the files, but other than that files remain exact.

Test1

Source code:
#include <stdio.h> #include <stdlib.h> int add(int arg1, int arg2) { return arg1 + arg2; } int main(int argc, char **argv) { return add(argc, argc+2); }

Compiled LLVM:
Non-optimised:
; ModuleID = 'test.bc' source_filename = "test.c" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-unknown-linux-gnu" ; Function Attrs: noinline nounwind optnone uwtable define dso_local i32 @add(i32 %arg1, i32 %arg2) #0 { entry: %arg1.addr = alloca i32, align 4 %arg2.addr = alloca i32, align 4 store i32 %arg1, i32* %arg1.addr, align 4 store i32 %arg2, i32* %arg2.addr, align 4 %0 = load i32, i32* %arg1.addr, align 4 %1 = load i32, i32* %arg2.addr, align 4 %add = add nsw i32 %0, %1 ret i32 %add } ; Function Attrs: noinline nounwind optnone uwtable define dso_local i32 @main(i32 %argc, i8** %argv) #0 { entry: %retval = alloca i32, align 4 %argc.addr = alloca i32, align 4 %argv.addr = alloca i8**, align 8 store i32 0, i32* %retval, align 4 store i32 %argc, i32* %argc.addr, align 4 store i8** %argv, i8*** %argv.addr, align 8 %0 = load i32, i32* %argc.addr, align 4 %1 = load i32, i32* %argc.addr, align 4 %add = add nsw i32 %1, 2 %call = call i32 @add(i32 %0, i32 %add) ret i32 %call } attributes #0 = { noinline nounwind optnone uwtable "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "min-legal-vector-width"="0" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } !llvm.module.flags = !{!0} !llvm.ident = !{!1} !0 = !{i32 1, !"wchar_size", i32 4} !1 = !{!"clang version 8.0.0 (tags/RELEASE_800/final)"}

Optimised:
; ModuleID = 'opt_test.bc' source_filename = "test.c" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-unknown-linux-gnu" ; Function Attrs: norecurse nounwind readnone uwtable define dso_local i32 @add(i32 %arg1, i32 %arg2) local_unnamed_addr #0 { entry: %add = add nsw i32 %arg2, %arg1 ret i32 %add } ; Function Attrs: norecurse nounwind readnone uwtable define dso_local i32 @main(i32 %argc, i8** nocapture readnone %argv) local_unnamed_addr #0 { entry: %factor = shl i32 %argc, 1 %add.i = add i32 %factor, 2 ret i32 %add.i } attributes #0 = { norecurse nounwind readnone uwtable "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "min-legal-vector-width"="0" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } !llvm.module.flags = !{!0} !llvm.ident = !{!1} !0 = !{i32 1, !"wchar_size", i32 4} !1 = !{!"clang version 8.0.0 (tags/RELEASE_800/final)"}

Raised by mctoll
Non-optimised:
; ModuleID = '../a.out' source_filename = "../a.out" define dso_local i32 @add(i32 %arg1, i32 %arg2) { entry: %0 = alloca i64, align 8 %1 = alloca i32, align 4 %2 = alloca i32, align 4 %3 = ptrtoint i64* %0 to i64 store i32 %arg1, i32* %1, align 4 store i32 %arg2, i32* %2, align 4 %4 = load i32, i32* %1, align 4 %5 = load i32, i32* %2, align 4 %6 = add nsw i32 %5, %4 %7 = shl i32 1, 31 %8 = and i32 %7, %6 %SF = icmp eq i32 %8, %7 %ZF = icmp eq i32 %6, 0 ret i32 %6 } define dso_local i32 @main(i32 %arg1, i64 %arg2) { entry: %0 = alloca i64, align 8 %StackAdj = alloca i64, align 8 %1 = alloca i32, align 4 %2 = ptrtoint i64* %0 to i64 store i32 %arg1, i32* %1, align 4 store i64 %arg2, i64* %StackAdj, align 8 %3 = load i32, i32* %1, align 4 %4 = add i32 %3, 2 %5 = load i32, i32* %1, align 4 %6 = call i32 @add(i32 %5, i32 %4) ret i32 %6 }

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "../a.out" ; Function Attrs: norecurse nounwind readnone define dso_local i32 @add(i32 %arg1, i32 %arg2) local_unnamed_addr #0 { entry: %0 = add nsw i32 %arg2, %arg1 ret i32 %0 } ; Function Attrs: norecurse nounwind readnone define dso_local i32 @main(i32 %arg1, i64 %arg2) local_unnamed_addr #0 { entry: %factor = shl i32 %arg1, 1 %0 = add i32 %factor, 2 ret i32 %0 } attributes #0 = { norecurse nounwind readnone }

Raised by retdec
Non-optimised:
source_filename = "test" target datalayout = "e-m:e-p:64:64-i64:64-f80:128-n8:16:32:64-S128" @global_var_201010.1 = global i64 0 @global_var_200df0.2 = global i64 1520 @global_var_200df8.3 = global i64 1456 @0 = external global i32 define i64 @_init() local_unnamed_addr { dec_label_pc_4b8: %v0_4bc = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_4c3 = icmp eq i64 %v0_4bc, 0 br i1 %v1_4c3, label %dec_label_pc_4ca, label %dec_label_pc_4c8 dec_label_pc_4c8: ; preds = %dec_label_pc_4b8 call void @__gmon_start__() br label %dec_label_pc_4ca dec_label_pc_4ca: ; preds = %dec_label_pc_4c8, %dec_label_pc_4b8 %v0_4ce = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_4c8 ], [ 0, %dec_label_pc_4b8 ] ret i64 %v0_4ce } define void @function_4e0(i64* %d) local_unnamed_addr { dec_label_pc_4e0: call void @__cxa_finalize(i64* %d) ret void } define i64 @_start(i64 %arg1, i64 %arg2, i64 %arg3, i64 %arg4) local_unnamed_addr { dec_label_pc_4f0: %rdx.global-to-local = alloca i64, align 8 store i64 %arg3, i64* %rdx.global-to-local, align 8 %stack_var_8 = alloca i64, align 8 %v0_4f2 = load i64, i64* %rdx.global-to-local, align 8 %v4_4f5 = ptrtoint i64* %stack_var_8 to i64 %tmp248 = bitcast i64* %stack_var_8 to i8** store i64 %v4_4f5, i64* %rdx.global-to-local, align 8 %v2_514 = trunc i64 %arg4 to i32 %v13_514 = inttoptr i64 %v0_4f2 to void ()* %v14_514 = call i32 @__libc_start_main(i64 1550, i32 %v2_514, i8** %tmp248, void ()* inttoptr (i64 1600 to void ()*), void ()* inttoptr (i64 1712 to void ()*), void ()* %v13_514) %v0_51a = call i64 @__asm_hlt() unreachable } define i64 @deregister_tm_clones() local_unnamed_addr { dec_label_pc_520: ret i64 ptrtoint (i64* @global_var_201010.1 to i64) } define i64 @register_tm_clones() local_unnamed_addr { dec_label_pc_560: ret i64 0 } define i64 @__do_global_dtors_aux() local_unnamed_addr { dec_label_pc_5b0: %rax.global-to-local = alloca i64, align 8 %rbp.global-to-local = alloca i64, align 8 %stack_var_-8 = alloca i64, align 8 %v0_5b0 = load i8, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v7_5b0 = icmp eq i8 %v0_5b0, 0 %v1_5b7 = icmp eq i1 %v7_5b0, false br i1 %v1_5b7, label %dec_label_pc_5e8, label %dec_label_pc_5b9 dec_label_pc_5b9: ; preds = %dec_label_pc_5b0 %v0_5b9 = load i64, i64* inttoptr (i64 2101240 to i64*), align 8 %v7_5b9 = icmp eq i64 %v0_5b9, 0 %v0_5c1 = load i64, i64* %rbp.global-to-local, align 8 store i64 %v0_5c1, i64* %stack_var_-8, align 8 %v4_5c1 = ptrtoint i64* %stack_var_-8 to i64 store i64 %v4_5c1, i64* %rbp.global-to-local, align 8 br i1 %v7_5b9, label %dec_label_pc_5d3, label %dec_label_pc_5c7 dec_label_pc_5c7: ; preds = %dec_label_pc_5b9 %v0_5c7 = load i64, i64* inttoptr (i64 2101256 to i64*), align 8 %v1_5ce = inttoptr i64 %v0_5c7 to i64* call void @__cxa_finalize(i64* %v1_5ce) store i64 ptrtoint (i32* @0 to i64), i64* %rax.global-to-local, align 8 br label %dec_label_pc_5d3 dec_label_pc_5d3: ; preds = %dec_label_pc_5c7, %dec_label_pc_5b9 %v0_5d3 = call i64 @deregister_tm_clones() store i64 %v0_5d3, i64* %rax.global-to-local, align 8 store i8 1, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v2_5df = load i64, i64* %stack_var_-8, align 8 store i64 %v2_5df, i64* %rbp.global-to-local, align 8 ret i64 %v0_5d3 dec_label_pc_5e8: ; preds = %dec_label_pc_5b0 %v0_5e8 = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_5e8 } define i64 @frame_dummy() local_unnamed_addr { dec_label_pc_5f0: %v0_5f5 = call i64 @register_tm_clones() ret i64 %v0_5f5 } define i64 @add(i64 %arg1, i64 %arg2) local_unnamed_addr { dec_label_pc_5fa: %rdi.global-to-local = alloca i64, align 8 %rsi.global-to-local = alloca i64, align 8 store i64 %arg2, i64* %rsi.global-to-local, align 8 store i64 %arg1, i64* %rdi.global-to-local, align 8 %v0_5fe = load i64, i64* %rdi.global-to-local, align 8 %v0_601 = load i64, i64* %rsi.global-to-local, align 8 %v4_60a = add i64 %v0_601, %v0_5fe %v20_60a = and i64 %v4_60a, 4294967295 ret i64 %v20_60a } define i64 @main(i64 %argc, i8** %argv) local_unnamed_addr { dec_label_pc_60e: %rdi.global-to-local = alloca i64, align 8 store i64 %argc, i64* %rdi.global-to-local, align 8 %v0_616 = load i64, i64* %rdi.global-to-local, align 8 %v1_620 = add i64 %v0_616, 2 %v2_62a = call i64 @add(i64 %v0_616, i64 %v1_620) ret i64 %v2_62a } define i64 @__libc_csu_init(i64 %arg1, i64 %arg2, i64 %arg3) local_unnamed_addr { dec_label_pc_640: %r12.global-to-local = alloca i64, align 8 %r13.global-to-local = alloca i64, align 8 %r14.global-to-local = alloca i64, align 8 %r15.global-to-local = alloca i64, align 8 %rbp.global-to-local = alloca i64, align 8 %rbx.global-to-local = alloca i64, align 8 %rdi.global-to-local = alloca i64, align 8 %rdx.global-to-local = alloca i64, align 8 %rsi.global-to-local = alloca i64, align 8 store i64 %arg3, i64* %rdx.global-to-local, align 8 store i64 %arg2, i64* %rsi.global-to-local, align 8 store i64 %arg1, i64* %rdi.global-to-local, align 8 %v0_640 = load i64, i64* %r15.global-to-local, align 8 %v0_642 = load i64, i64* %r14.global-to-local, align 8 %v0_644 = load i64, i64* %rdx.global-to-local, align 8 store i64 %v0_644, i64* %r15.global-to-local, align 8 %v0_647 = load i64, i64* %r13.global-to-local, align 8 %v0_649 = load i64, i64* %r12.global-to-local, align 8 store i64 ptrtoint (i64* @global_var_200df0.2 to i64), i64* %r12.global-to-local, align 8 %v0_652 = load i64, i64* %rbp.global-to-local, align 8 %v0_65a = load i64, i64* %rbx.global-to-local, align 8 %v0_65b = load i64, i64* %rdi.global-to-local, align 8 store i64 %v0_65b, i64* %r13.global-to-local, align 8 %v0_65e = load i64, i64* %rsi.global-to-local, align 8 store i64 %v0_65e, i64* %r14.global-to-local, align 8 store i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200df8.3 to i64), i64 ptrtoint (i64* @global_var_200df0.2 to i64)), i64 3), i64* %rbp.global-to-local, align 8 %v0_66c = call i64 @_init() br i1 icmp eq (i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200df8.3 to i64), i64 ptrtoint (i64* @global_var_200df0.2 to i64)), i64 3), i64 0), label %dec_label_pc_696, label %dec_label_pc_676 dec_label_pc_676: ; preds = %dec_label_pc_640 store i64 0, i64* %rbx.global-to-local, align 8 %v0_680 = load i64, i64* %r15.global-to-local, align 8 %v0_683 = load i64, i64* %r14.global-to-local, align 8 %v0_686 = load i64, i64* %r13.global-to-local, align 8 br label %dec_label_pc_680 dec_label_pc_680: ; preds = %dec_label_pc_680, %dec_label_pc_676 %v1_68d2 = phi i64 [ %v1_68d, %dec_label_pc_680 ], [ 0, %dec_label_pc_676 ] %v1_68d = add i64 %v1_68d2, 1 %v12_691 = icmp eq i64 %v1_68d2, sub (i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200df8.3 to i64), i64 ptrtoint (i64* @global_var_200df0.2 to i64)), i64 3), i64 1) %v1_694 = icmp eq i1 %v12_691, false br i1 %v1_694, label %dec_label_pc_680, label %dec_label_pc_696.loopexit dec_label_pc_696.loopexit: ; preds = %dec_label_pc_680 store i64 %v0_680, i64* %rdx.global-to-local, align 8 store i64 %v0_683, i64* %rsi.global-to-local, align 8 store i64 %v0_686, i64* %rdi.global-to-local, align 8 store i64 %v1_68d, i64* %rbx.global-to-local, align 8 br label %dec_label_pc_696 dec_label_pc_696: ; preds = %dec_label_pc_696.loopexit, %dec_label_pc_640 store i64 %v0_65a, i64* %rbx.global-to-local, align 8 store i64 %v0_652, i64* %rbp.global-to-local, align 8 store i64 %v0_649, i64* %r12.global-to-local, align 8 store i64 %v0_647, i64* %r13.global-to-local, align 8 store i64 %v0_642, i64* %r14.global-to-local, align 8 store i64 %v0_640, i64* %r15.global-to-local, align 8 ret i64 %v0_66c } define i64 @__libc_csu_fini() local_unnamed_addr { dec_label_pc_6b0: %rax.global-to-local = alloca i64, align 8 %v0_6b0 = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_6b0 } define i64 @_fini() local_unnamed_addr { dec_label_pc_6b4: %rax.global-to-local = alloca i64, align 8 %v0_6bc = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_6bc } declare i32 @__libc_start_main(i64, i32, i8**, void ()*, void ()*, void ()*) local_unnamed_addr declare void @__gmon_start__() local_unnamed_addr declare void @__cxa_finalize(i64*) local_unnamed_addr declare i64 @__asm_hlt() local_unnamed_addr

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "test" target datalayout = "e-m:e-p:64:64-i64:64-f80:128-n8:16:32:64-S128" @global_var_201010.1 = global i64 0 @global_var_200df0.2 = local_unnamed_addr global i64 1520 @global_var_200df8.3 = local_unnamed_addr global i64 1456 @0 = external global i32 define i64 @_init() local_unnamed_addr { dec_label_pc_4b8: %v0_4bc = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_4c3 = icmp eq i64 %v0_4bc, 0 br i1 %v1_4c3, label %dec_label_pc_4ca, label %dec_label_pc_4c8 dec_label_pc_4c8: ; preds = %dec_label_pc_4b8 tail call void @__gmon_start__() br label %dec_label_pc_4ca dec_label_pc_4ca: ; preds = %dec_label_pc_4c8, %dec_label_pc_4b8 %v0_4ce = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_4c8 ], [ 0, %dec_label_pc_4b8 ] ret i64 %v0_4ce } define void @function_4e0(i64* %d) local_unnamed_addr { dec_label_pc_4e0: tail call void @__cxa_finalize(i64* %d) ret void } ; Function Attrs: noreturn define i64 @_start(i64 %arg1, i64 %arg2, i64 %arg3, i64 %arg4) local_unnamed_addr #0 { dec_label_pc_4f0: %stack_var_8 = alloca i8*, align 8 %v2_514 = trunc i64 %arg4 to i32 %v13_514 = inttoptr i64 %arg3 to void ()* %v14_514 = call i32 @__libc_start_main(i64 1550, i32 %v2_514, i8** nonnull %stack_var_8, void ()* inttoptr (i64 1600 to void ()*), void ()* inttoptr (i64 1712 to void ()*), void ()* %v13_514) %v0_51a = call i64 @__asm_hlt() unreachable } ; Function Attrs: norecurse nounwind readnone define i64 @deregister_tm_clones() local_unnamed_addr #1 { dec_label_pc_520: ret i64 ptrtoint (i64* @global_var_201010.1 to i64) } ; Function Attrs: norecurse nounwind readnone define i64 @register_tm_clones() local_unnamed_addr #1 { dec_label_pc_560: ret i64 0 } define i64 @__do_global_dtors_aux() local_unnamed_addr { dec_label_pc_5b0: %v0_5b0 = load i8, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v7_5b0 = icmp eq i8 %v0_5b0, 0 br i1 %v7_5b0, label %dec_label_pc_5b9, label %dec_label_pc_5e8 dec_label_pc_5b9: ; preds = %dec_label_pc_5b0 %v0_5b9 = load i64, i64* inttoptr (i64 2101240 to i64*), align 8 %v7_5b9 = icmp eq i64 %v0_5b9, 0 br i1 %v7_5b9, label %dec_label_pc_5d3, label %dec_label_pc_5c7 dec_label_pc_5c7: ; preds = %dec_label_pc_5b9 %v0_5c71 = load i64*, i64** inttoptr (i64 2101256 to i64**), align 8 tail call void @__cxa_finalize(i64* %v0_5c71) br label %dec_label_pc_5d3 dec_label_pc_5d3: ; preds = %dec_label_pc_5c7, %dec_label_pc_5b9 store i8 1, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 ret i64 ptrtoint (i64* @global_var_201010.1 to i64) dec_label_pc_5e8: ; preds = %dec_label_pc_5b0 ret i64 undef } ; Function Attrs: norecurse nounwind readnone define i64 @frame_dummy() local_unnamed_addr #1 { dec_label_pc_5f0: ret i64 0 } ; Function Attrs: norecurse nounwind readnone define i64 @add(i64 %arg1, i64 %arg2) local_unnamed_addr #1 { dec_label_pc_5fa: %v4_60a = add i64 %arg2, %arg1 %v20_60a = and i64 %v4_60a, 4294967295 ret i64 %v20_60a } ; Function Attrs: norecurse nounwind readnone define i64 @main(i64 %argc, i8** nocapture readnone %argv) local_unnamed_addr #1 { dec_label_pc_60e: %factor = shl i64 %argc, 1 %v4_60a.i = add i64 %factor, 2 %v20_60a.i = and i64 %v4_60a.i, 4294967294 ret i64 %v20_60a.i } define i64 @__libc_csu_init(i64 %arg1, i64 %arg2, i64 %arg3) local_unnamed_addr { dec_label_pc_640: %v0_4bc.i = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_4c3.i = icmp eq i64 %v0_4bc.i, 0 br i1 %v1_4c3.i, label %dec_label_pc_696, label %dec_label_pc_4c8.i dec_label_pc_4c8.i: ; preds = %dec_label_pc_640 tail call void @__gmon_start__() br label %dec_label_pc_696 dec_label_pc_696: ; preds = %dec_label_pc_4c8.i, %dec_label_pc_640 %v0_4ce.i = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_4c8.i ], [ 0, %dec_label_pc_640 ] ret i64 %v0_4ce.i } ; Function Attrs: norecurse nounwind readnone define i64 @__libc_csu_fini() local_unnamed_addr #1 { dec_label_pc_6b0: ret i64 undef } ; Function Attrs: norecurse nounwind readnone define i64 @_fini() local_unnamed_addr #1 { dec_label_pc_6b4: ret i64 undef } declare i32 @__libc_start_main(i64, i32, i8**, void ()*, void ()*, void ()*) local_unnamed_addr declare void @__gmon_start__() local_unnamed_addr declare void @__cxa_finalize(i64*) local_unnamed_addr declare i64 @__asm_hlt() local_unnamed_addr attributes #0 = { noreturn } attributes #1 = { norecurse nounwind readnone }

Raised by mcsema
Non-optimised:
; ModuleID = 'lifted.bc' source_filename = "llvm-link" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-pc-linux-gnu-elf" %union.anon = type { i64 } %seg_200df0__init_array_type = type <{ i64, i64 }> %seg_200fc0__got_type = type <{ [64 x i8] }> %seg_201000__data_type = type <{ [8 x i8], i64 }> %seg_201010__bss_type = type <{ [8 x i8] }> %struct.State = type { %struct.ArchState, [32 x %union.VectorReg], %struct.ArithFlags, %union.anon, %struct.Segments, %struct.AddressSpace, %struct.GPR, %struct.X87Stack, %struct.MMX, %struct.FPUStatusFlags, %union.anon, %union.FPU, %struct.SegmentCaches } %struct.ArchState = type { i32, i32, %union.anon } %union.VectorReg = type { %union.vec512_t } %union.vec512_t = type { %struct.uint64v8_t } %struct.uint64v8_t = type { [8 x i64] } %struct.ArithFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8 } %struct.Segments = type { i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector } %union.SegmentSelector = type { i16 } %struct.AddressSpace = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.Reg = type { %union.anon } %struct.GPR = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.X87Stack = type { [8 x %struct.anon.3] } %struct.anon.3 = type { i64, double } %struct.MMX = type { [8 x %struct.anon.4] } %struct.anon.4 = type { i64, %union.vec64_t } %union.vec64_t = type { %struct.uint64v1_t } %struct.uint64v1_t = type { [1 x i64] } %struct.FPUStatusFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, [4 x i8] } %union.FPU = type { %struct.anon.13 } %struct.anon.13 = type { %struct.FpuFXSAVE, [96 x i8] } %struct.FpuFXSAVE = type { %union.SegmentSelector, %union.SegmentSelector, %union.FPUAbridgedTagWord, i8, i16, i32, %union.SegmentSelector, i16, i32, %union.SegmentSelector, i16, %union.FPUControlStatus, %union.FPUControlStatus, [8 x %struct.FPUStackElem], [16 x %union.vec128_t] } %union.FPUAbridgedTagWord = type { i8 } %union.FPUControlStatus = type { i32 } %struct.FPUStackElem = type { %union.anon.11, [6 x i8] } %union.anon.11 = type { %struct.float80_t } %struct.float80_t = type { [10 x i8] } %union.vec128_t = type { %struct.uint128v1_t } %struct.uint128v1_t = type { [1 x i128] } %struct.SegmentCaches = type { %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow } %struct.SegmentShadow = type { %union.anon, i32, i32 } %struct.Memory = type opaque @DR0 = external global i64, align 8 @DR1 = external global i64, align 8 @DR2 = external global i64, align 8 @DR3 = external global i64, align 8 @DR4 = external global i64, align 8 @DR5 = external global i64, align 8 @DR6 = external global i64, align 8 @DR7 = external global i64, align 8 @gCR0 = external global %union.anon, align 1 @gCR1 = external global %union.anon, align 1 @gCR2 = external global %union.anon, align 1 @gCR3 = external global %union.anon, align 1 @gCR4 = external global %union.anon, align 1 @gCR8 = external global %union.anon, align 1 @seg_200df0__init_array = internal global %seg_200df0__init_array_type <{ i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_5f0_frame_dummy to i64), i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_5b0___do_global_dtors_aux to i64) }> @seg_200fc0__got = internal global %seg_200fc0__got_type <{ [64 x i8] c"\00\0E \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\008\14 \00\00\00\00\00@\14 \00\00\00\00\00H\14 \00\00\00\00\00P\14 \00\00\00\00\00X\14 \00\00\00\00\00" }> @seg_201000__data = internal global %seg_201000__data_type <{ [8 x i8] zeroinitializer, i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) }> @seg_201010__bss = internal global %seg_201010__bss_type zeroinitializer @__mcsema_reg_state = internal thread_local global %struct.State zeroinitializer @__mcsema_stack = internal thread_local global [131072 x i64] zeroinitializer @__mcsema_tls = internal thread_local global [512 x i64] zeroinitializer @0 = internal global i1 false @llvm.global_dtors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_destructor, i8* null }] @llvm.global_ctors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_constructor, i8* null }] ; Function Attrs: nounwind readnone declare i32 @llvm.ctpop.i32(i32) #0 ; Function Attrs: noduplicate noinline nounwind optnone define %struct.Memory* @__remill_error(%struct.State* dereferenceable(3376), i64, %struct.Memory*) local_unnamed_addr #1 { call void @llvm.trap() unreachable } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4b8__init(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_4b8: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, -8 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %14 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 40) to i64*) store i64 %14, i64* %4, align 8, !tbaa !1261 store i8 0, i8* %8, align 1, !tbaa !1265 %15 = trunc i64 %14 to i32 %16 = and i32 %15, 255 %17 = tail call i32 @llvm.ctpop.i32(i32 %16) #5 %18 = trunc i32 %17 to i8 %19 = and i8 %18, 1 %20 = xor i8 %19, 1 store i8 %20, i8* %9, align 1, !tbaa !1279 %21 = icmp eq i64 %14, 0 %22 = zext i1 %21 to i8 store i8 %22, i8* %11, align 1, !tbaa !1280 %23 = lshr i64 %14, 63 %24 = trunc i64 %23 to i8 store i8 %24, i8* %12, align 1, !tbaa !1281 store i8 0, i8* %13, align 1, !tbaa !1282 store i8 0, i8* %10, align 1, !tbaa !1283 %25 = select i1 %21, i64 18, i64 16 %26 = add i64 %25, %1 br i1 %21, label %block_4ca, label %block_4c8 block_4ca: ; preds = %block_4c8, %block_4b8 %27 = phi i64 [ %7, %block_4b8 ], [ %58, %block_4c8 ] %28 = phi %struct.Memory* [ %2, %block_4b8 ], [ %57, %block_4c8 ] %29 = add i64 %27, 8 %30 = icmp ugt i64 %27, -9 %31 = zext i1 %30 to i8 store i8 %31, i8* %8, align 1, !tbaa !1265 %32 = trunc i64 %29 to i32 %33 = and i32 %32, 255 %34 = tail call i32 @llvm.ctpop.i32(i32 %33) #5 %35 = trunc i32 %34 to i8 %36 = and i8 %35, 1 %37 = xor i8 %36, 1 store i8 %37, i8* %9, align 1, !tbaa !1279 %38 = xor i64 %29, %27 %39 = lshr i64 %38, 4 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 store i8 %41, i8* %10, align 1, !tbaa !1283 %42 = icmp eq i64 %29, 0 %43 = zext i1 %42 to i8 store i8 %43, i8* %11, align 1, !tbaa !1280 %44 = lshr i64 %29, 63 %45 = trunc i64 %44 to i8 store i8 %45, i8* %12, align 1, !tbaa !1281 %46 = lshr i64 %27, 63 %47 = xor i64 %44, %46 %48 = add nuw nsw i64 %47, %44 %49 = icmp eq i64 %48, 2 %50 = zext i1 %49 to i8 store i8 %50, i8* %13, align 1, !tbaa !1282 %51 = inttoptr i64 %29 to i64* %52 = load i64, i64* %51 store i64 %52, i64* %3, align 8, !tbaa !1261 %53 = add i64 %27, 16 store i64 %53, i64* %5, align 8, !tbaa !1261 ret %struct.Memory* %28 block_4c8: ; preds = %block_4b8 %54 = add i64 %26, 2 %55 = add i64 %6, -16 %56 = inttoptr i64 %55 to i64* store i64 %54, i64* %56 store i64 %55, i64* %5, align 8, !tbaa !1261 store i64 %14, i64* %3, align 8, !tbaa !1261 %57 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %14, %struct.Memory* %2) %58 = load i64, i64* %5, align 8 br label %block_4ca } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5f0_frame_dummy(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_5f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = load i64, i64* %3, align 8, !tbaa !1261 %7 = add i64 %6, -8 %8 = inttoptr i64 %7 to i64* store i64 %5, i64* %8 %9 = inttoptr i64 %7 to i64* %10 = load i64, i64* %9 store i64 %10, i64* %4, align 8, !tbaa !1261 store i64 %6, i64* %3, align 8, !tbaa !1261 %11 = add i64 %1, -144 %12 = tail call %struct.Memory* @sub_560_register_tm_clones(%struct.State* nonnull %0, i64 %11, %struct.Memory* %2) ret %struct.Memory* %12 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4e0_targ4e0(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_4e0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 56) to i64*) store i64 %4, i64* %3, align 8, !tbaa !1261 %5 = icmp eq i64 %4, 1254 br i1 %5, label %block_4e6, label %7 block_4e6: ; preds = %block_4e0 %6 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull %0, i64 1254, %struct.Memory* %2) ret %struct.Memory* %6 ; <label>:7: ; preds = %block_4e0 %8 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %4, %struct.Memory* %2) ret %struct.Memory* %8 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5b0___do_global_dtors_aux(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_5b0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %6 = load i8, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i32 0, i32 0, i32 0) %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %7, align 1, !tbaa !1265 %8 = zext i8 %6 to i32 %9 = tail call i32 @llvm.ctpop.i32(i32 %8) #5 %10 = trunc i32 %9 to i8 %11 = and i8 %10, 1 %12 = xor i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %12, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 0, i8* %14, align 1, !tbaa !1283 %15 = icmp eq i8 %6, 0 %16 = zext i1 %15 to i8 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %16, i8* %17, align 1, !tbaa !1280 %18 = lshr i8 %6, 7 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %18, i8* %19, align 1, !tbaa !1281 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 0, i8* %20, align 1, !tbaa !1282 %21 = select i1 %15, i64 9, i64 56 %22 = add i64 %21, %1 %23 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 br i1 %15, label %block_5b9, label %block_5e8 block_5c7: ; preds = %block_5b9 %24 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) to i64*) store i64 %24, i64* %4, align 8, !tbaa !1261 %25 = add i64 %48, -231 %26 = add i64 %48, 12 %27 = add i64 %44, -16 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28 store i64 %27, i64* %23, align 8, !tbaa !1261 %29 = tail call %struct.Memory* @sub_4e0_targ4e0(%struct.State* nonnull %0, i64 %25, %struct.Memory* %2) %30 = load i64, i64* %3, align 8 %31 = load i64, i64* %23, align 8, !tbaa !1261 br label %block_5d3 block_5b9: ; preds = %block_5b0 %32 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 56) to i64*) store i8 0, i8* %7, align 1, !tbaa !1265 %33 = trunc i64 %32 to i32 %34 = and i32 %33, 255 %35 = tail call i32 @llvm.ctpop.i32(i32 %34) #5 %36 = trunc i32 %35 to i8 %37 = and i8 %36, 1 %38 = xor i8 %37, 1 store i8 %38, i8* %13, align 1, !tbaa !1279 store i8 0, i8* %14, align 1, !tbaa !1283 %39 = icmp eq i64 %32, 0 %40 = zext i1 %39 to i8 store i8 %40, i8* %17, align 1, !tbaa !1280 %41 = lshr i64 %32, 63 %42 = trunc i64 %41 to i8 store i8 %42, i8* %19, align 1, !tbaa !1281 store i8 0, i8* %20, align 1, !tbaa !1282 %43 = load i64, i64* %5, align 8 %44 = load i64, i64* %23, align 8, !tbaa !1261 %45 = add i64 %44, -8 %46 = inttoptr i64 %45 to i64* store i64 %43, i64* %46 store i64 %45, i64* %5, align 8, !tbaa !1261 %47 = select i1 %39, i64 26, i64 14 %48 = add i64 %22, %47 br i1 %39, label %block_5d3, label %block_5c7 block_5e8: ; preds = %block_5b0 %49 = load i64, i64* %23, align 8, !tbaa !1261 %50 = inttoptr i64 %49 to i64* %51 = load i64, i64* %50 store i64 %51, i64* %3, align 8, !tbaa !1261 %52 = add i64 %49, 8 store i64 %52, i64* %23, align 8, !tbaa !1261 ret %struct.Memory* %2 block_5d3: ; preds = %block_5b9, %block_5c7 %53 = phi i64 [ %45, %block_5b9 ], [ %31, %block_5c7 ] %54 = phi i64 [ %48, %block_5b9 ], [ %30, %block_5c7 ] %55 = phi %struct.Memory* [ %2, %block_5b9 ], [ %29, %block_5c7 ] %56 = add i64 %54, -179 %57 = add i64 %54, 5 %58 = add i64 %53, -8 %59 = inttoptr i64 %58 to i64* store i64 %57, i64* %59 store i64 %58, i64* %23, align 8, !tbaa !1261 %60 = tail call %struct.Memory* @sub_520_deregister_tm_clones(%struct.State* nonnull %0, i64 %56, %struct.Memory* %55) store i8 1, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i32 0, i32 0, i32 0) %61 = load i64, i64* %23, align 8, !tbaa !1261 %62 = add i64 %61, 8 %63 = inttoptr i64 %61 to i64* %64 = load i64, i64* %63 store i64 %64, i64* %5, align 8, !tbaa !1261 %65 = inttoptr i64 %62 to i64* %66 = load i64, i64* %65 store i64 %66, i64* %3, align 8, !tbaa !1261 %67 = add i64 %61, 16 store i64 %67, i64* %23, align 8, !tbaa !1261 ret %struct.Memory* %60 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4f0__start(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_4f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 store i64 0, i64* %10, align 8, !tbaa !1261 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %19 = load i64, i64* %6, align 8 store i64 %19, i64* %12, align 8, !tbaa !1261 %20 = load i64, i64* %9, align 8, !tbaa !1261 %21 = add i64 %20, 8 %22 = inttoptr i64 %20 to i64* %23 = load i64, i64* %22 store i64 %23, i64* %7, align 8, !tbaa !1261 store i64 %21, i64* %6, align 8, !tbaa !1261 %24 = and i64 %21, -16 store i8 0, i8* %13, align 1, !tbaa !1265 %25 = trunc i64 %21 to i32 %26 = and i32 %25, 240 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #5 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %14, align 1, !tbaa !1279 %31 = icmp eq i64 %24, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %15, align 1, !tbaa !1280 %33 = lshr i64 %21, 63 %34 = trunc i64 %33 to i8 store i8 %34, i8* %16, align 1, !tbaa !1281 store i8 0, i8* %17, align 1, !tbaa !1282 store i8 0, i8* %18, align 1, !tbaa !1283 %35 = load i64, i64* %4, align 8 %36 = add i64 %24, -8 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37 %38 = add i64 %24, -16 %39 = inttoptr i64 %38 to i64* store i64 %36, i64* %39 store i64 ptrtoint (i64 ()* @callback_sub_6b0___libc_csu_fini to i64), i64* %11, align 8, !tbaa !1261 store i64 ptrtoint (i64 ()* @callback_sub_640___libc_csu_init to i64), i64* %5, align 8, !tbaa !1261 store i64 ptrtoint (i64 (i64, i64, i64)* @main to i64), i64* %8, align 8, !tbaa !1261 %40 = add i64 %1, 42 %41 = add i64 %24, -24 %42 = inttoptr i64 %41 to i64* store i64 %40, i64* %42 store i64 %41, i64* %9, align 8, !tbaa !1261 %43 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 32) to i64*) store i64 %43, i64* %3, align 8, !tbaa !1261 %44 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %43, %struct.Memory* %2) %45 = load i64, i64* %3, align 8 %46 = add i64 %45, 1 store i64 %46, i64* %3, align 8 %47 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull %0, i64 %46, %struct.Memory* %44) ret %struct.Memory* %47 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_520_deregister_tm_clones(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_550: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %5, align 8, !tbaa !1261 %8 = load i64, i64* %7, align 8 %9 = load i64, i64* %6, align 8, !tbaa !1261 %10 = add i64 %9, -8 %11 = inttoptr i64 %10 to i64* store i64 %8, i64* %11 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %4, align 8, !tbaa !1261 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %12, align 1, !tbaa !1265 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 1, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 and (i8 trunc (i64 lshr (i64 xor (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64)), i64 4) to i8), i8 1), i8* %14, align 1, !tbaa !1283 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 1, i8* %15, align 1, !tbaa !1280 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 0, i8* %16, align 1, !tbaa !1281 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 zext (i1 icmp eq (i64 add (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 xor (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63))), i64 2) to i8), i8* %17, align 1, !tbaa !1282 %18 = inttoptr i64 %10 to i64* %19 = load i64, i64* %18 store i64 %19, i64* %7, align 8, !tbaa !1261 %20 = inttoptr i64 %9 to i64* %21 = load i64, i64* %20 store i64 %21, i64* %3, align 8, !tbaa !1261 %22 = add i64 %9, 8 store i64 %22, i64* %6, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_60e_main(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_60e: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %7 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %10 = load i64, i64* %9, align 8 %11 = load i64, i64* %8, align 8, !tbaa !1261 %12 = add i64 %11, -8 %13 = inttoptr i64 %12 to i64* store i64 %10, i64* %13 store i64 %12, i64* %9, align 8, !tbaa !1261 %14 = add i64 %11, -12 %15 = load i32, i32* %5, align 4 %16 = inttoptr i64 %14 to i32* store i32 %15, i32* %16 %17 = add i64 %11, -24 %18 = load i64, i64* %6, align 8 %19 = inttoptr i64 %17 to i64* store i64 %18, i64* %19 %20 = inttoptr i64 %14 to i32* %21 = load i32, i32* %20 %22 = zext i32 %21 to i64 %23 = add nuw nsw i64 %22, 2 %24 = and i64 %23, 4294967295 store i64 %24, i64* %6, align 8, !tbaa !1261 store i64 %22, i64* %7, align 8, !tbaa !1261 %25 = add i64 %1, -20 %26 = add i64 %1, 33 %27 = add i64 %11, -32 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28 store i64 %27, i64* %8, align 8, !tbaa !1261 %29 = tail call %struct.Memory* @sub_5fa_add(%struct.State* nonnull %0, i64 %25, %struct.Memory* %2) %30 = load i64, i64* %9, align 8, !tbaa !1261 %31 = inttoptr i64 %30 to i64* %32 = load i64, i64* %31 store i64 %32, i64* %9, align 8, !tbaa !1261 %33 = add i64 %30, 8 %34 = inttoptr i64 %33 to i64* %35 = load i64, i64* %34 store i64 %35, i64* %3, align 8, !tbaa !1261 %36 = add i64 %30, 16 store i64 %36, i64* %8, align 8, !tbaa !1261 ret %struct.Memory* %29 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_6b4__fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #2 { block_6b4: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, -8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %9 = xor i64 %6, %5 %10 = lshr i64 %9, 4 %11 = trunc i64 %10 to i8 %12 = and i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %15 = lshr i64 %6, 63 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = lshr i64 %5, 63 %18 = xor i64 %15, %17 %19 = add nuw nsw i64 %18, %17 %20 = icmp eq i64 %19, 2 %21 = zext i1 %20 to i8 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %23 = icmp ult i64 %5, 8 %24 = zext i1 %23 to i8 store i8 %24, i8* %7, align 1, !tbaa !1265 %25 = trunc i64 %5 to i32 %26 = and i32 %25, 255 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #5 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %8, align 1, !tbaa !1279 store i8 %12, i8* %13, align 1, !tbaa !1283 %31 = icmp eq i64 %5, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %14, align 1, !tbaa !1280 %33 = trunc i64 %17 to i8 store i8 %33, i8* %16, align 1, !tbaa !1281 store i8 %21, i8* %22, align 1, !tbaa !1282 %34 = inttoptr i64 %5 to i64* %35 = load i64, i64* %34 store i64 %35, i64* %3, align 8, !tbaa !1261 %36 = add i64 %5, 8 store i64 %36, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_560_register_tm_clones(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_5a0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %6, align 8, !tbaa !1261 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1261 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 0, i64* %4, align 8, !tbaa !1261 store i64 0, i64* %5, align 8, !tbaa !1261 store i8 0, i8* %13, align 1, !tbaa !1284 store i8 1, i8* %14, align 1, !tbaa !1284 store i8 0, i8* %15, align 1, !tbaa !1284 store i8 1, i8* %16, align 1, !tbaa !1284 store i8 0, i8* %17, align 1, !tbaa !1284 store i8 0, i8* %18, align 1, !tbaa !1284 %19 = inttoptr i64 %11 to i64* %20 = load i64, i64* %19 store i64 %20, i64* %8, align 8, !tbaa !1261 %21 = inttoptr i64 %10 to i64* %22 = load i64, i64* %21 store i64 %22, i64* %3, align 8, !tbaa !1261 %23 = add i64 %10, 8 store i64 %23, i64* %7, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5fa_add(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_5fa: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = load i64, i64* %10, align 8, !tbaa !1261 %14 = add i64 %13, -8 %15 = inttoptr i64 %14 to i64* store i64 %12, i64* %15 %16 = add i64 %13, -12 %17 = load i32, i32* %7, align 4 %18 = inttoptr i64 %16 to i32* store i32 %17, i32* %18 %19 = add i64 %13, -16 %20 = load i32, i32* %5, align 4 %21 = inttoptr i64 %19 to i32* store i32 %20, i32* %21 %22 = add i64 %13, -12 %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23 %25 = zext i32 %24 to i64 store i64 %25, i64* %9, align 8, !tbaa !1261 %26 = add i64 %13, -16 %27 = inttoptr i64 %26 to i32* %28 = load i32, i32* %27 %29 = add i32 %24, %28 %30 = zext i32 %29 to i64 store i64 %30, i64* %8, align 8, !tbaa !1261 %31 = icmp ult i32 %29, %28 %32 = icmp ult i32 %29, %24 %33 = or i1 %31, %32 %34 = zext i1 %33 to i8 %35 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 %34, i8* %35, align 1, !tbaa !1265 %36 = and i32 %29, 255 %37 = tail call i32 @llvm.ctpop.i32(i32 %36) #5 %38 = trunc i32 %37 to i8 %39 = and i8 %38, 1 %40 = xor i8 %39, 1 %41 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %40, i8* %41, align 1, !tbaa !1279 %42 = xor i32 %24, %28 %43 = xor i32 %42, %29 %44 = lshr i32 %43, 4 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 %46, i8* %47, align 1, !tbaa !1283 %48 = icmp eq i32 %29, 0 %49 = zext i1 %48 to i8 %50 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %49, i8* %50, align 1, !tbaa !1280 %51 = lshr i32 %29, 31 %52 = trunc i32 %51 to i8 %53 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %52, i8* %53, align 1, !tbaa !1281 %54 = lshr i32 %28, 31 %55 = lshr i32 %24, 31 %56 = xor i32 %51, %54 %57 = xor i32 %51, %55 %58 = add nuw nsw i32 %56, %57 %59 = icmp eq i32 %58, 2 %60 = zext i1 %59 to i8 %61 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 %60, i8* %61, align 1, !tbaa !1282 %62 = inttoptr i64 %14 to i64* %63 = load i64, i64* %62 store i64 %63, i64* %11, align 8, !tbaa !1261 %64 = inttoptr i64 %13 to i64* %65 = load i64, i64* %64 store i64 %65, i64* %3, align 8, !tbaa !1261 %66 = add i64 %13, 8 store i64 %66, i64* %10, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_6b0___libc_csu_fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #2 { block_6b0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8, !tbaa !1261 %6 = inttoptr i64 %5 to i64* %7 = load i64, i64* %6 store i64 %7, i64* %3, align 8, !tbaa !1261 %8 = add i64 %5, 8 store i64 %8, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_640___libc_csu_init(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_640: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 27, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 3, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %11 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 25, i32 0, i32 0 %15 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 29, i32 0, i32 0 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 31, i32 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = load i64, i64* %12, align 8, !tbaa !1261 %20 = add i64 %19, -8 %21 = inttoptr i64 %20 to i64* store i64 %18, i64* %21 %22 = load i64, i64* %16, align 8 %23 = add i64 %19, -16 %24 = inttoptr i64 %23 to i64* store i64 %22, i64* %24 %25 = load i64, i64* %9, align 8 store i64 %25, i64* %17, align 8, !tbaa !1261 %26 = load i64, i64* %15, align 8 %27 = add i64 %19, -24 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28 %29 = load i64, i64* %14, align 8 %30 = add i64 %19, -32 %31 = inttoptr i64 %30 to i64* store i64 %29, i64* %31 store i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64), i64* %14, align 8, !tbaa !1261 %32 = load i64, i64* %13, align 8 %33 = add i64 %19, -40 %34 = inttoptr i64 %33 to i64* store i64 %32, i64* %34 %35 = load i64, i64* %8, align 8 %36 = add i64 %19, -48 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37 %38 = load i32, i32* %5, align 4 %39 = zext i32 %38 to i64 store i64 %39, i64* %15, align 8, !tbaa !1261 %40 = load i64, i64* %10, align 8 store i64 %40, i64* %16, align 8, !tbaa !1261 %41 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %42 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %43 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %44 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %45 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 ashr (i64 sub (i64 add (i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64), i64 8), i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64)), i64 3), i64* %13, align 8, !tbaa !1261 %47 = add i64 %1, -392 %48 = add i64 %1, 49 %49 = add i64 %19, -64 %50 = inttoptr i64 %49 to i64* store i64 %48, i64* %50 store i64 %49, i64* %12, align 8, !tbaa !1261 %51 = tail call %struct.Memory* @sub_4b8__init(%struct.State* nonnull %0, i64 %47, %struct.Memory* %2) %52 = load i64, i64* %13, align 8 %53 = load i64, i64* %3, align 8 %54 = icmp eq i64 %52, 0 %55 = select i1 %54, i64 37, i64 5 %56 = add i64 %53, %55 br i1 %54, label %block_696, label %block_676 block_696.loopexit: ; preds = %block_680 br label %block_696 block_696: ; preds = %block_696.loopexit, %block_640 %57 = phi %struct.Memory* [ %51, %block_640 ], [ %118, %block_696.loopexit ] %58 = load i64, i64* %12, align 8 %59 = add i64 %58, 8 %60 = icmp ugt i64 %58, -9 %61 = zext i1 %60 to i8 store i8 %61, i8* %41, align 1, !tbaa !1265 %62 = trunc i64 %59 to i32 %63 = and i32 %62, 255 %64 = tail call i32 @llvm.ctpop.i32(i32 %63) #5 %65 = trunc i32 %64 to i8 %66 = and i8 %65, 1 %67 = xor i8 %66, 1 store i8 %67, i8* %42, align 1, !tbaa !1279 %68 = xor i64 %59, %58 %69 = lshr i64 %68, 4 %70 = trunc i64 %69 to i8 %71 = and i8 %70, 1 store i8 %71, i8* %43, align 1, !tbaa !1283 %72 = icmp eq i64 %59, 0 %73 = zext i1 %72 to i8 store i8 %73, i8* %44, align 1, !tbaa !1280 %74 = lshr i64 %59, 63 %75 = trunc i64 %74 to i8 store i8 %75, i8* %45, align 1, !tbaa !1281 %76 = lshr i64 %58, 63 %77 = xor i64 %74, %76 %78 = add nuw nsw i64 %77, %74 %79 = icmp eq i64 %78, 2 %80 = zext i1 %79 to i8 store i8 %80, i8* %46, align 1, !tbaa !1282 %81 = add i64 %58, 16 %82 = inttoptr i64 %59 to i64* %83 = load i64, i64* %82 store i64 %83, i64* %8, align 8, !tbaa !1261 %84 = add i64 %58, 24 %85 = inttoptr i64 %81 to i64* %86 = load i64, i64* %85 store i64 %86, i64* %13, align 8, !tbaa !1261 %87 = add i64 %58, 32 %88 = inttoptr i64 %84 to i64* %89 = load i64, i64* %88 store i64 %89, i64* %14, align 8, !tbaa !1261 %90 = add i64 %58, 40 %91 = inttoptr i64 %87 to i64* %92 = load i64, i64* %91 store i64 %92, i64* %15, align 8, !tbaa !1261 %93 = add i64 %58, 48 %94 = inttoptr i64 %90 to i64* %95 = load i64, i64* %94 store i64 %95, i64* %16, align 8, !tbaa !1261 %96 = add i64 %58, 56 %97 = inttoptr i64 %93 to i64* %98 = load i64, i64* %97 store i64 %98, i64* %17, align 8, !tbaa !1261 %99 = inttoptr i64 %96 to i64* %100 = load i64, i64* %99 store i64 %100, i64* %3, align 8, !tbaa !1261 %101 = add i64 %58, 64 store i64 %101, i64* %12, align 8, !tbaa !1261 ret %struct.Memory* %57 block_680: ; preds = %block_676, %block_680 %102 = phi i64 [ 0, %block_676 ], [ %121, %block_680 ] %103 = phi i64 [ %150, %block_676 ], [ %149, %block_680 ] %104 = phi %struct.Memory* [ %51, %block_676 ], [ %118, %block_680 ] %105 = load i64, i64* %17, align 8 store i64 %105, i64* %9, align 8, !tbaa !1261 %106 = load i64, i64* %16, align 8 store i64 %106, i64* %10, align 8, !tbaa !1261 %107 = load i32, i32* %7, align 4 %108 = zext i32 %107 to i64 store i64 %108, i64* %11, align 8, !tbaa !1261 %109 = load i64, i64* %14, align 8 %110 = shl i64 %102, 3 %111 = add i64 %110, %109 %112 = add i64 %103, 13 %113 = load i64, i64* %12, align 8, !tbaa !1261 %114 = add i64 %113, -8 %115 = inttoptr i64 %114 to i64* store i64 %112, i64* %115 store i64 %114, i64* %12, align 8, !tbaa !1261 %116 = inttoptr i64 %111 to i64* %117 = load i64, i64* %116 store i64 %117, i64* %3, align 8, !tbaa !1261 %118 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %117, %struct.Memory* %104) %119 = load i64, i64* %8, align 8 %120 = load i64, i64* %3, align 8 %121 = add i64 %119, 1 store i64 %121, i64* %8, align 8, !tbaa !1261 %122 = lshr i64 %121, 63 %123 = load i64, i64* %13, align 8 %124 = sub i64 %123, %121 %125 = icmp ult i64 %123, %121 %126 = zext i1 %125 to i8 store i8 %126, i8* %41, align 1, !tbaa !1265 %127 = trunc i64 %124 to i32 %128 = and i32 %127, 255 %129 = tail call i32 @llvm.ctpop.i32(i32 %128) #5 %130 = trunc i32 %129 to i8 %131 = and i8 %130, 1 %132 = xor i8 %131, 1 store i8 %132, i8* %42, align 1, !tbaa !1279 %133 = xor i64 %121, %123 %134 = xor i64 %133, %124 %135 = lshr i64 %134, 4 %136 = trunc i64 %135 to i8 %137 = and i8 %136, 1 store i8 %137, i8* %43, align 1, !tbaa !1283 %138 = icmp eq i64 %124, 0 %139 = zext i1 %138 to i8 store i8 %139, i8* %44, align 1, !tbaa !1280 %140 = lshr i64 %124, 63 %141 = trunc i64 %140 to i8 store i8 %141, i8* %45, align 1, !tbaa !1281 %142 = lshr i64 %123, 63 %143 = xor i64 %122, %142 %144 = xor i64 %140, %142 %145 = add nuw nsw i64 %144, %143 %146 = icmp eq i64 %145, 2 %147 = zext i1 %146 to i8 store i8 %147, i8* %46, align 1, !tbaa !1282 %148 = select i1 %138, i64 9, i64 -13 %149 = add i64 %120, %148 br i1 %138, label %block_696.loopexit, label %block_680 block_676: ; preds = %block_640 store i64 0, i64* %8, align 8, !tbaa !1261 store i8 0, i8* %41, align 1, !tbaa !1265 store i8 1, i8* %42, align 1, !tbaa !1279 store i8 1, i8* %44, align 1, !tbaa !1280 store i8 0, i8* %45, align 1, !tbaa !1281 store i8 0, i8* %46, align 1, !tbaa !1282 store i8 0, i8* %43, align 1, !tbaa !1283 %150 = add i64 %56, 10 br label %block_680 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_5f0_frame_dummy(i64, i64, i64, i64, i64, i64, i64, i64) #3 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1520, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5f0_frame_dummy(%struct.State* nonnull @__mcsema_reg_state, i64 1520, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define void @__mcsema_verify_reg_state() local_unnamed_addr #4 { entry: %0 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %1 = icmp eq i64 %0, 0 br i1 %1, label %is_null, label %end is_null: ; preds = %entry store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %end end: ; preds = %is_null, %entry ret void } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_5b0___do_global_dtors_aux(i64, i64, i64, i64, i64, i64, i64, i64) #3 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1456, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5b0___do_global_dtors_aux(%struct.State* nonnull @__mcsema_reg_state, i64 1456, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: noinline nounwind define %struct.Memory* @__mcsema_detach_call_value(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #2 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 %13 = load i64, i64* %9, align 8 %14 = load i64, i64* %8, align 8 %15 = load i64, i64* %7, align 8 %16 = load i64, i64* %6, align 8 %17 = load i64, i64* %11, align 8 %18 = load i64, i64* %12, align 8 %19 = load i64, i64* %10, align 8 %20 = add i64 %19, 8 %21 = inttoptr i64 %20 to i64* %22 = load i64, i64* %21 %23 = add i64 %19, 16 %24 = inttoptr i64 %23 to i64* %25 = load i64, i64* %24 %26 = inttoptr i64 %1 to i64 (i64, i64, i64, i64, i64, i64, i64, i64)* %27 = tail call i64 %26(i64 %13, i64 %14, i64 %15, i64 %16, i64 %17, i64 %18, i64 %22, i64 %25) #5 store i64 %27, i64* %5, align 8 %28 = inttoptr i64 %19 to i64* %29 = load i64, i64* %28 store i64 %29, i64* %4, align 8 store i64 %20, i64* %10, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_6b0___libc_csu_fini() #3 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1712, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_6b0___libc_csu_fini(%struct.State* nonnull @__mcsema_reg_state, i64 1712, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_640___libc_csu_init() #3 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1600, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_640___libc_csu_init(%struct.State* nonnull @__mcsema_reg_state, i64 1600, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @main(i64, i64, i64) #3 { %4 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %3 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %3 %6 = phi i64 [ %4, %3 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1550, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %7 = load volatile i1, i1* @0, align 1 br i1 %7, label %__mcsema_early_init.exit, label %8 ; <label>:8: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %8, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 %9 = add i64 %6, -8 store i64 %9, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = tail call %struct.Memory* @sub_60e_main(%struct.State* nonnull @__mcsema_reg_state, i64 1550, %struct.Memory* null) store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %11 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %11 } ; Function Attrs: nobuiltin noinline nounwind define i64 @targ4e0(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #3 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1248, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_4e0_targ4e0(%struct.State* nonnull @__mcsema_reg_state, i64 1248, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nobuiltin noinline nounwind define i64 @add(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #3 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1530, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5fa_add(%struct.State* nonnull @__mcsema_reg_state, i64 1530, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nounwind define internal void @__mcsema_destructor() #5 { %1 = tail call i64 @callback_sub_6b0___libc_csu_fini() ret void } ; Function Attrs: nounwind define internal void @__mcsema_constructor() #5 { %1 = load volatile i1, i1* @0, align 1 br i1 %1, label %__mcsema_early_init.exit, label %2 ; <label>:2: ; preds = %0 store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %2, %0 %3 = tail call i64 @callback_sub_640___libc_csu_init() ret void } ; Function Attrs: noinline optnone define %struct.State* @__mcsema_debug_get_reg_state() #6 { ret %struct.State* @__mcsema_reg_state } ; Function Attrs: noreturn nounwind declare void @llvm.trap() #7 attributes #0 = { nounwind readnone } attributes #1 = { noduplicate noinline nounwind optnone "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #2 = { noinline nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #3 = { nobuiltin noinline nounwind } attributes #4 = { norecurse nounwind } attributes #5 = { nounwind } attributes #6 = { noinline optnone } attributes #7 = { noreturn nounwind } !llvm.ident = !{!0, !0} !llvm.dbg.cu = !{!1} !llvm.module.flags = !{!1259, !1260}

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "llvm-link" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-pc-linux-gnu-elf" %seg_200df0__init_array_type = type <{ i64, i64 }> %seg_200fc0__got_type = type <{ [64 x i8] }> %seg_201000__data_type = type <{ [8 x i8], i64 }> %seg_201010__bss_type = type <{ [8 x i8] }> %struct.State = type { %struct.ArchState, [32 x %union.VectorReg], %struct.ArithFlags, %union.anon, %struct.Segments, %struct.AddressSpace, %struct.GPR, %struct.X87Stack, %struct.MMX, %struct.FPUStatusFlags, %union.anon, %union.FPU, %struct.SegmentCaches } %struct.ArchState = type { i32, i32, %union.anon } %union.VectorReg = type { %union.vec512_t } %union.vec512_t = type { %struct.uint64v8_t } %struct.uint64v8_t = type { [8 x i64] } %struct.ArithFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8 } %struct.Segments = type { i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector } %union.SegmentSelector = type { i16 } %struct.AddressSpace = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.Reg = type { %union.anon } %struct.GPR = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.X87Stack = type { [8 x %struct.anon.3] } %struct.anon.3 = type { i64, double } %struct.MMX = type { [8 x %struct.anon.4] } %struct.anon.4 = type { i64, %union.vec64_t } %union.vec64_t = type { %struct.uint64v1_t } %struct.uint64v1_t = type { [1 x i64] } %struct.FPUStatusFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, [4 x i8] } %union.anon = type { i64 } %union.FPU = type { %struct.anon.13 } %struct.anon.13 = type { %struct.FpuFXSAVE, [96 x i8] } %struct.FpuFXSAVE = type { %union.SegmentSelector, %union.SegmentSelector, %union.FPUAbridgedTagWord, i8, i16, i32, %union.SegmentSelector, i16, i32, %union.SegmentSelector, i16, %union.FPUControlStatus, %union.FPUControlStatus, [8 x %struct.FPUStackElem], [16 x %union.vec128_t] } %union.FPUAbridgedTagWord = type { i8 } %union.FPUControlStatus = type { i32 } %struct.FPUStackElem = type { %union.anon.11, [6 x i8] } %union.anon.11 = type { %struct.float80_t } %struct.float80_t = type { [10 x i8] } %union.vec128_t = type { %struct.uint128v1_t } %struct.uint128v1_t = type { [1 x i128] } %struct.SegmentCaches = type { %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow } %struct.SegmentShadow = type { %union.anon, i32, i32 } %struct.Memory = type opaque @seg_200df0__init_array = internal global %seg_200df0__init_array_type <{ i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_5f0_frame_dummy to i64), i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_5b0___do_global_dtors_aux to i64) }> @seg_200fc0__got = internal global %seg_200fc0__got_type <{ [64 x i8] c"\00\0E \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\008\14 \00\00\00\00\00@\14 \00\00\00\00\00H\14 \00\00\00\00\00P\14 \00\00\00\00\00X\14 \00\00\00\00\00" }> @seg_201000__data = internal global %seg_201000__data_type <{ [8 x i8] zeroinitializer, i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) }> @seg_201010__bss = internal global %seg_201010__bss_type zeroinitializer @__mcsema_reg_state = internal thread_local global %struct.State zeroinitializer @__mcsema_stack = internal thread_local global [131072 x i64] zeroinitializer @__mcsema_tls = internal thread_local global [512 x i64] zeroinitializer @0 = internal global i1 false @llvm.global_dtors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_destructor, i8* null }] @llvm.global_ctors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_constructor, i8* null }] ; Function Attrs: nounwind readnone declare i32 @llvm.ctpop.i32(i32) #0 ; Function Attrs: noduplicate noinline noreturn nounwind optnone define %struct.Memory* @__remill_error(%struct.State* dereferenceable(3376), i64, %struct.Memory*) local_unnamed_addr #1 { call void @llvm.trap() unreachable } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4b8__init(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #2 { block_4b8: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, -8 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %14 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 40) to i64*), align 8 store i64 %14, i64* %4, align 8, !tbaa !1261 store i8 0, i8* %8, align 1, !tbaa !1265 %15 = trunc i64 %14 to i32 %16 = and i32 %15, 255 %17 = tail call i32 @llvm.ctpop.i32(i32 %16) #8 %18 = trunc i32 %17 to i8 %19 = and i8 %18, 1 %20 = xor i8 %19, 1 store i8 %20, i8* %9, align 1, !tbaa !1279 %21 = icmp eq i64 %14, 0 %22 = zext i1 %21 to i8 store i8 %22, i8* %11, align 1, !tbaa !1280 %23 = lshr i64 %14, 63 %24 = trunc i64 %23 to i8 store i8 %24, i8* %12, align 1, !tbaa !1281 store i8 0, i8* %13, align 1, !tbaa !1282 store i8 0, i8* %10, align 1, !tbaa !1283 br i1 %21, label %block_4ca, label %block_4c8 block_4ca: ; preds = %block_4c8, %block_4b8 %25 = phi i64 [ %7, %block_4b8 ], [ %56, %block_4c8 ] %26 = phi %struct.Memory* [ %2, %block_4b8 ], [ %55, %block_4c8 ] %27 = add i64 %25, 8 %28 = icmp ugt i64 %25, -9 %29 = zext i1 %28 to i8 store i8 %29, i8* %8, align 1, !tbaa !1265 %30 = trunc i64 %27 to i32 %31 = and i32 %30, 255 %32 = tail call i32 @llvm.ctpop.i32(i32 %31) #8 %33 = trunc i32 %32 to i8 %34 = and i8 %33, 1 %35 = xor i8 %34, 1 store i8 %35, i8* %9, align 1, !tbaa !1279 %36 = xor i64 %27, %25 %37 = lshr i64 %36, 4 %38 = trunc i64 %37 to i8 %39 = and i8 %38, 1 store i8 %39, i8* %10, align 1, !tbaa !1283 %40 = icmp eq i64 %27, 0 %41 = zext i1 %40 to i8 store i8 %41, i8* %11, align 1, !tbaa !1280 %42 = lshr i64 %27, 63 %43 = trunc i64 %42 to i8 store i8 %43, i8* %12, align 1, !tbaa !1281 %44 = lshr i64 %25, 63 %45 = xor i64 %42, %44 %46 = add nuw nsw i64 %45, %42 %47 = icmp eq i64 %46, 2 %48 = zext i1 %47 to i8 store i8 %48, i8* %13, align 1, !tbaa !1282 %49 = inttoptr i64 %27 to i64* %50 = load i64, i64* %49, align 8 store i64 %50, i64* %3, align 8, !tbaa !1261 %51 = add i64 %25, 16 store i64 %51, i64* %5, align 8, !tbaa !1261 ret %struct.Memory* %26 block_4c8: ; preds = %block_4b8 %52 = add i64 %1, 18 %53 = add i64 %6, -16 %54 = inttoptr i64 %53 to i64* store i64 %52, i64* %54, align 8 store i64 %53, i64* %5, align 8, !tbaa !1261 store i64 %14, i64* %3, align 8, !tbaa !1261 %55 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %14, %struct.Memory* %2) %56 = load i64, i64* %5, align 8 br label %block_4ca } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_5f0_frame_dummy(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_5f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = load i64, i64* %3, align 8, !tbaa !1261 %7 = add i64 %6, -8 %8 = inttoptr i64 %7 to i64* store i64 %5, i64* %8, align 8 store i64 %5, i64* %4, align 8, !tbaa !1261 store i64 %6, i64* %3, align 8, !tbaa !1261 %9 = tail call %struct.Memory* @sub_560_register_tm_clones(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) ret %struct.Memory* %9 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4e0_targ4e0(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { block_4e0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 56) to i64*), align 8 store i64 %4, i64* %3, align 8, !tbaa !1261 %5 = icmp eq i64 %4, 1254 br i1 %5, label %block_4e6, label %7 block_4e6: ; preds = %block_4e0 %6 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull undef, i64 undef, %struct.Memory* undef) unreachable ; <label>:7: ; preds = %block_4e0 %8 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %4, %struct.Memory* %2) ret %struct.Memory* %8 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5b0___do_global_dtors_aux(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #2 { block_5b0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %6 = load i8, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i64 0, i32 0, i64 0), align 8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %7, align 1, !tbaa !1265 %8 = zext i8 %6 to i32 %9 = tail call i32 @llvm.ctpop.i32(i32 %8) #8 %10 = trunc i32 %9 to i8 %11 = and i8 %10, 1 %12 = xor i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %12, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 0, i8* %14, align 1, !tbaa !1283 %15 = icmp eq i8 %6, 0 %16 = zext i1 %15 to i8 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %16, i8* %17, align 1, !tbaa !1280 %18 = lshr i8 %6, 7 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %18, i8* %19, align 1, !tbaa !1281 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 0, i8* %20, align 1, !tbaa !1282 %21 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 br i1 %15, label %block_5b9, label %block_5e8 block_5c7: ; preds = %block_5b9 %22 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) to i64*), align 8 store i64 %22, i64* %4, align 8, !tbaa !1261 %23 = add i64 %46, 12 %24 = add i64 %42, -16 %25 = inttoptr i64 %24 to i64* store i64 %23, i64* %25, align 8 store i64 %24, i64* %21, align 8, !tbaa !1261 %26 = tail call %struct.Memory* @sub_4e0_targ4e0(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) %27 = load i64, i64* %3, align 8 %28 = load i64, i64* %21, align 8, !tbaa !1261 br label %block_5d3 block_5b9: ; preds = %block_5b0 %29 = add i64 %1, 9 %30 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 56) to i64*), align 8 store i8 0, i8* %7, align 1, !tbaa !1265 %31 = trunc i64 %30 to i32 %32 = and i32 %31, 255 %33 = tail call i32 @llvm.ctpop.i32(i32 %32) #8 %34 = trunc i32 %33 to i8 %35 = and i8 %34, 1 %36 = xor i8 %35, 1 store i8 %36, i8* %13, align 1, !tbaa !1279 store i8 0, i8* %14, align 1, !tbaa !1283 %37 = icmp eq i64 %30, 0 %38 = zext i1 %37 to i8 store i8 %38, i8* %17, align 1, !tbaa !1280 %39 = lshr i64 %30, 63 %40 = trunc i64 %39 to i8 store i8 %40, i8* %19, align 1, !tbaa !1281 store i8 0, i8* %20, align 1, !tbaa !1282 %41 = load i64, i64* %5, align 8 %42 = load i64, i64* %21, align 8, !tbaa !1261 %43 = add i64 %42, -8 %44 = inttoptr i64 %43 to i64* store i64 %41, i64* %44, align 8 store i64 %43, i64* %5, align 8, !tbaa !1261 %45 = select i1 %37, i64 26, i64 14 %46 = add i64 %29, %45 br i1 %37, label %block_5d3, label %block_5c7 block_5e8: ; preds = %block_5b0 %47 = load i64, i64* %21, align 8, !tbaa !1261 %48 = inttoptr i64 %47 to i64* %49 = load i64, i64* %48, align 8 store i64 %49, i64* %3, align 8, !tbaa !1261 %50 = add i64 %47, 8 store i64 %50, i64* %21, align 8, !tbaa !1261 ret %struct.Memory* %2 block_5d3: ; preds = %block_5b9, %block_5c7 %51 = phi i64 [ %43, %block_5b9 ], [ %28, %block_5c7 ] %52 = phi i64 [ %46, %block_5b9 ], [ %27, %block_5c7 ] %53 = phi %struct.Memory* [ %2, %block_5b9 ], [ %26, %block_5c7 ] %54 = add i64 %52, 5 %55 = add i64 %51, -8 %56 = inttoptr i64 %55 to i64* store i64 %54, i64* %56, align 8 store i64 %55, i64* %21, align 8, !tbaa !1261 %57 = tail call %struct.Memory* @sub_520_deregister_tm_clones(%struct.State* nonnull %0, i64 undef, %struct.Memory* %53) store i8 1, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i64 0, i32 0, i64 0), align 8 %58 = load i64, i64* %21, align 8, !tbaa !1261 %59 = add i64 %58, 8 %60 = inttoptr i64 %58 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %5, align 8, !tbaa !1261 %62 = inttoptr i64 %59 to i64* %63 = load i64, i64* %62, align 8 store i64 %63, i64* %3, align 8, !tbaa !1261 %64 = add i64 %58, 16 store i64 %64, i64* %21, align 8, !tbaa !1261 ret %struct.Memory* %57 } ; Function Attrs: noinline noreturn nounwind define noalias nonnull %struct.Memory* @sub_4f0__start(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #4 { block_4f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 store i64 0, i64* %10, align 8, !tbaa !1261 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %19 = load i64, i64* %6, align 8 store i64 %19, i64* %12, align 8, !tbaa !1261 %20 = load i64, i64* %9, align 8, !tbaa !1261 %21 = add i64 %20, 8 %22 = inttoptr i64 %20 to i64* %23 = load i64, i64* %22, align 8 store i64 %23, i64* %7, align 8, !tbaa !1261 store i64 %21, i64* %6, align 8, !tbaa !1261 %24 = and i64 %21, -16 store i8 0, i8* %13, align 1, !tbaa !1265 %25 = trunc i64 %21 to i32 %26 = and i32 %25, 240 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #8 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %14, align 1, !tbaa !1279 %31 = icmp eq i64 %24, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %15, align 1, !tbaa !1280 %33 = lshr i64 %21, 63 %34 = trunc i64 %33 to i8 store i8 %34, i8* %16, align 1, !tbaa !1281 store i8 0, i8* %17, align 1, !tbaa !1282 store i8 0, i8* %18, align 1, !tbaa !1283 %35 = load i64, i64* %4, align 8 %36 = add i64 %24, -8 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37, align 8 %38 = add i64 %24, -16 %39 = inttoptr i64 %38 to i64* store i64 %36, i64* %39, align 16 store i64 ptrtoint (i64 ()* @callback_sub_6b0___libc_csu_fini to i64), i64* %11, align 8, !tbaa !1261 store i64 ptrtoint (i64 ()* @callback_sub_640___libc_csu_init to i64), i64* %5, align 8, !tbaa !1261 store i64 ptrtoint (i64 (i64, i64, i64)* @main to i64), i64* %8, align 8, !tbaa !1261 %40 = add i64 %1, 42 %41 = add i64 %24, -24 %42 = inttoptr i64 %41 to i64* store i64 %40, i64* %42, align 8 store i64 %41, i64* %9, align 8, !tbaa !1261 %43 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 32) to i64*), align 16 store i64 %43, i64* %3, align 8, !tbaa !1261 %44 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %43, %struct.Memory* %2) %45 = load i64, i64* %3, align 8 %46 = add i64 %45, 1 store i64 %46, i64* %3, align 8 %47 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull undef, i64 undef, %struct.Memory* undef) unreachable } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_520_deregister_tm_clones(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_550: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %5, align 8, !tbaa !1261 %8 = load i64, i64* %7, align 8 %9 = load i64, i64* %6, align 8, !tbaa !1261 %10 = add i64 %9, -8 %11 = inttoptr i64 %10 to i64* store i64 %8, i64* %11, align 8 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %4, align 8, !tbaa !1261 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %12, align 1, !tbaa !1265 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 1, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 and (i8 trunc (i64 lshr (i64 xor (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64)), i64 4) to i8), i8 1), i8* %14, align 1, !tbaa !1283 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 1, i8* %15, align 1, !tbaa !1280 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 0, i8* %16, align 1, !tbaa !1281 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 zext (i1 icmp eq (i64 add (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 xor (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63))), i64 2) to i8), i8* %17, align 1, !tbaa !1282 %18 = load i64, i64* %11, align 8 store i64 %18, i64* %7, align 8, !tbaa !1261 %19 = inttoptr i64 %9 to i64* %20 = load i64, i64* %19, align 8 store i64 %20, i64* %3, align 8, !tbaa !1261 %21 = add i64 %9, 8 store i64 %21, i64* %6, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_60e_main(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { block_60e: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %7 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %10 = load i64, i64* %9, align 8 %11 = load i64, i64* %8, align 8, !tbaa !1261 %12 = add i64 %11, -8 %13 = inttoptr i64 %12 to i64* store i64 %10, i64* %13, align 8 store i64 %12, i64* %9, align 8, !tbaa !1261 %14 = add i64 %11, -12 %15 = load i32, i32* %5, align 4 %16 = inttoptr i64 %14 to i32* store i32 %15, i32* %16, align 4 %17 = add i64 %11, -24 %18 = load i64, i64* %6, align 8 %19 = inttoptr i64 %17 to i64* store i64 %18, i64* %19, align 8 %20 = load i32, i32* %16, align 4 %21 = zext i32 %20 to i64 %22 = add nuw nsw i64 %21, 2 %23 = and i64 %22, 4294967295 store i64 %23, i64* %6, align 8, !tbaa !1261 store i64 %21, i64* %7, align 8, !tbaa !1261 %24 = add i64 %1, 33 %25 = add i64 %11, -32 %26 = inttoptr i64 %25 to i64* store i64 %24, i64* %26, align 8 store i64 %25, i64* %8, align 8, !tbaa !1261 %27 = tail call %struct.Memory* @sub_5fa_add(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) %28 = load i64, i64* %9, align 8, !tbaa !1261 %29 = inttoptr i64 %28 to i64* %30 = load i64, i64* %29, align 8 store i64 %30, i64* %9, align 8, !tbaa !1261 %31 = add i64 %28, 8 %32 = inttoptr i64 %31 to i64* %33 = load i64, i64* %32, align 8 store i64 %33, i64* %3, align 8, !tbaa !1261 %34 = add i64 %28, 16 store i64 %34, i64* %8, align 8, !tbaa !1261 ret %struct.Memory* %27 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_6b4__fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { block_6b4: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, -8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %9 = xor i64 %6, %5 %10 = lshr i64 %9, 4 %11 = trunc i64 %10 to i8 %12 = and i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %15 = lshr i64 %6, 63 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = lshr i64 %5, 63 %18 = xor i64 %15, %17 %19 = add nuw nsw i64 %18, %17 %20 = icmp eq i64 %19, 2 %21 = zext i1 %20 to i8 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %23 = icmp ult i64 %5, 8 %24 = zext i1 %23 to i8 store i8 %24, i8* %7, align 1, !tbaa !1265 %25 = trunc i64 %5 to i32 %26 = and i32 %25, 255 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #8 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %8, align 1, !tbaa !1279 store i8 %12, i8* %13, align 1, !tbaa !1283 %31 = icmp eq i64 %5, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %14, align 1, !tbaa !1280 %33 = trunc i64 %17 to i8 store i8 %33, i8* %16, align 1, !tbaa !1281 store i8 %21, i8* %22, align 1, !tbaa !1282 %34 = inttoptr i64 %5 to i64* %35 = load i64, i64* %34, align 8 store i64 %35, i64* %3, align 8, !tbaa !1261 %36 = add i64 %5, 8 store i64 %36, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_560_register_tm_clones(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_5a0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %6, align 8, !tbaa !1261 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1261 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12, align 8 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 0, i64* %4, align 8, !tbaa !1261 store i64 0, i64* %5, align 8, !tbaa !1261 store i8 0, i8* %13, align 1, !tbaa !1284 store i8 1, i8* %14, align 1, !tbaa !1284 store i8 0, i8* %15, align 1, !tbaa !1284 store i8 1, i8* %16, align 1, !tbaa !1284 store i8 0, i8* %17, align 1, !tbaa !1284 store i8 0, i8* %18, align 1, !tbaa !1284 %19 = load i64, i64* %12, align 8 store i64 %19, i64* %8, align 8, !tbaa !1261 %20 = inttoptr i64 %10 to i64* %21 = load i64, i64* %20, align 8 store i64 %21, i64* %3, align 8, !tbaa !1261 %22 = add i64 %10, 8 store i64 %22, i64* %7, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5fa_add(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { block_5fa: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = load i64, i64* %10, align 8, !tbaa !1261 %14 = add i64 %13, -8 %15 = inttoptr i64 %14 to i64* store i64 %12, i64* %15, align 8 %16 = add i64 %13, -12 %17 = load i32, i32* %7, align 4 %18 = inttoptr i64 %16 to i32* store i32 %17, i32* %18, align 4 %19 = add i64 %13, -16 %20 = load i32, i32* %5, align 4 %21 = inttoptr i64 %19 to i32* store i32 %20, i32* %21, align 4 %22 = load i32, i32* %18, align 4 %23 = zext i32 %22 to i64 store i64 %23, i64* %9, align 8, !tbaa !1261 %24 = load i32, i32* %21, align 4 %25 = add i32 %24, %22 %26 = zext i32 %25 to i64 store i64 %26, i64* %8, align 8, !tbaa !1261 %27 = icmp ult i32 %25, %24 %28 = icmp ult i32 %25, %22 %29 = or i1 %27, %28 %30 = zext i1 %29 to i8 %31 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 %30, i8* %31, align 1, !tbaa !1265 %32 = and i32 %25, 255 %33 = tail call i32 @llvm.ctpop.i32(i32 %32) #8 %34 = trunc i32 %33 to i8 %35 = and i8 %34, 1 %36 = xor i8 %35, 1 %37 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %36, i8* %37, align 1, !tbaa !1279 %38 = xor i32 %24, %22 %39 = xor i32 %38, %25 %40 = lshr i32 %39, 4 %41 = trunc i32 %40 to i8 %42 = and i8 %41, 1 %43 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 %42, i8* %43, align 1, !tbaa !1283 %44 = icmp eq i32 %25, 0 %45 = zext i1 %44 to i8 %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %45, i8* %46, align 1, !tbaa !1280 %47 = lshr i32 %25, 31 %48 = trunc i32 %47 to i8 %49 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %48, i8* %49, align 1, !tbaa !1281 %50 = lshr i32 %24, 31 %51 = lshr i32 %22, 31 %52 = xor i32 %47, %50 %53 = xor i32 %47, %51 %54 = add nuw nsw i32 %52, %53 %55 = icmp eq i32 %54, 2 %56 = zext i1 %55 to i8 %57 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 %56, i8* %57, align 1, !tbaa !1282 %58 = load i64, i64* %15, align 8 store i64 %58, i64* %11, align 8, !tbaa !1261 %59 = inttoptr i64 %13 to i64* %60 = load i64, i64* %59, align 8 store i64 %60, i64* %3, align 8, !tbaa !1261 %61 = add i64 %13, 8 store i64 %61, i64* %10, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_6b0___libc_csu_fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_6b0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8, !tbaa !1261 %6 = inttoptr i64 %5 to i64* %7 = load i64, i64* %6, align 8 store i64 %7, i64* %3, align 8, !tbaa !1261 %8 = add i64 %5, 8 store i64 %8, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_640___libc_csu_init(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #2 { block_640: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 27, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 3, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %11 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 25, i32 0, i32 0 %15 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 29, i32 0, i32 0 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 31, i32 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = load i64, i64* %12, align 8, !tbaa !1261 %20 = add i64 %19, -8 %21 = inttoptr i64 %20 to i64* store i64 %18, i64* %21, align 8 %22 = load i64, i64* %16, align 8 %23 = add i64 %19, -16 %24 = inttoptr i64 %23 to i64* store i64 %22, i64* %24, align 8 %25 = load i64, i64* %9, align 8 store i64 %25, i64* %17, align 8, !tbaa !1261 %26 = load i64, i64* %15, align 8 %27 = add i64 %19, -24 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28, align 8 %29 = load i64, i64* %14, align 8 %30 = add i64 %19, -32 %31 = inttoptr i64 %30 to i64* store i64 %29, i64* %31, align 8 store i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64), i64* %14, align 8, !tbaa !1261 %32 = load i64, i64* %13, align 8 %33 = add i64 %19, -40 %34 = inttoptr i64 %33 to i64* store i64 %32, i64* %34, align 8 %35 = load i64, i64* %8, align 8 %36 = add i64 %19, -48 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37, align 8 %38 = load i32, i32* %5, align 4 %39 = zext i32 %38 to i64 store i64 %39, i64* %15, align 8, !tbaa !1261 %40 = load i64, i64* %10, align 8 store i64 %40, i64* %16, align 8, !tbaa !1261 %41 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %42 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %43 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %44 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %45 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 ashr (i64 sub (i64 add (i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64), i64 8), i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64)), i64 3), i64* %13, align 8, !tbaa !1261 %47 = add i64 %1, -392 %48 = add i64 %1, 49 %49 = add i64 %19, -64 %50 = inttoptr i64 %49 to i64* store i64 %48, i64* %50, align 8 store i64 %49, i64* %12, align 8, !tbaa !1261 %51 = tail call %struct.Memory* @sub_4b8__init(%struct.State* nonnull %0, i64 %47, %struct.Memory* %2) %52 = load i64, i64* %13, align 8 %53 = icmp eq i64 %52, 0 br i1 %53, label %block_696, label %block_676 block_696.loopexit: ; preds = %block_680 br label %block_696 block_696: ; preds = %block_696.loopexit, %block_640 %54 = load i64, i64* %12, align 8 %55 = add i64 %54, 8 %56 = icmp ugt i64 %54, -9 %57 = zext i1 %56 to i8 store i8 %57, i8* %41, align 1, !tbaa !1265 %58 = trunc i64 %55 to i32 %59 = and i32 %58, 255 %60 = tail call i32 @llvm.ctpop.i32(i32 %59) #8 %61 = trunc i32 %60 to i8 %62 = and i8 %61, 1 %63 = xor i8 %62, 1 store i8 %63, i8* %42, align 1, !tbaa !1279 %64 = xor i64 %55, %54 %65 = lshr i64 %64, 4 %66 = trunc i64 %65 to i8 %67 = and i8 %66, 1 store i8 %67, i8* %43, align 1, !tbaa !1283 %68 = icmp eq i64 %55, 0 %69 = zext i1 %68 to i8 store i8 %69, i8* %44, align 1, !tbaa !1280 %70 = lshr i64 %55, 63 %71 = trunc i64 %70 to i8 store i8 %71, i8* %45, align 1, !tbaa !1281 %72 = lshr i64 %54, 63 %73 = xor i64 %70, %72 %74 = add nuw nsw i64 %73, %70 %75 = icmp eq i64 %74, 2 %76 = zext i1 %75 to i8 store i8 %76, i8* %46, align 1, !tbaa !1282 %77 = add i64 %54, 16 %78 = inttoptr i64 %55 to i64* %79 = load i64, i64* %78, align 8 store i64 %79, i64* %8, align 8, !tbaa !1261 %80 = add i64 %54, 24 %81 = inttoptr i64 %77 to i64* %82 = load i64, i64* %81, align 8 store i64 %82, i64* %13, align 8, !tbaa !1261 %83 = add i64 %54, 32 %84 = inttoptr i64 %80 to i64* %85 = load i64, i64* %84, align 8 store i64 %85, i64* %14, align 8, !tbaa !1261 %86 = add i64 %54, 40 %87 = inttoptr i64 %83 to i64* %88 = load i64, i64* %87, align 8 store i64 %88, i64* %15, align 8, !tbaa !1261 %89 = add i64 %54, 48 %90 = inttoptr i64 %86 to i64* %91 = load i64, i64* %90, align 8 store i64 %91, i64* %16, align 8, !tbaa !1261 %92 = add i64 %54, 56 %93 = inttoptr i64 %89 to i64* %94 = load i64, i64* %93, align 8 store i64 %94, i64* %17, align 8, !tbaa !1261 %95 = inttoptr i64 %92 to i64* %96 = load i64, i64* %95, align 8 store i64 %96, i64* %3, align 8, !tbaa !1261 %97 = add i64 %54, 64 store i64 %97, i64* %12, align 8, !tbaa !1261 ret %struct.Memory* %51 block_680: ; preds = %block_676, %block_680 %98 = phi i64 [ 0, %block_676 ], [ %116, %block_680 ] %99 = phi i64 [ %146, %block_676 ], [ %144, %block_680 ] %100 = load i64, i64* %17, align 8 store i64 %100, i64* %9, align 8, !tbaa !1261 %101 = load i64, i64* %16, align 8 store i64 %101, i64* %10, align 8, !tbaa !1261 %102 = load i32, i32* %7, align 4 %103 = zext i32 %102 to i64 store i64 %103, i64* %11, align 8, !tbaa !1261 %104 = load i64, i64* %14, align 8 %105 = shl i64 %98, 3 %106 = add i64 %104, %105 %107 = add i64 %99, 13 %108 = load i64, i64* %12, align 8, !tbaa !1261 %109 = add i64 %108, -8 %110 = inttoptr i64 %109 to i64* store i64 %107, i64* %110, align 8 store i64 %109, i64* %12, align 8, !tbaa !1261 %111 = inttoptr i64 %106 to i64* %112 = load i64, i64* %111, align 8 store i64 %112, i64* %3, align 8, !tbaa !1261 %113 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %112, %struct.Memory* %51) %114 = load i64, i64* %8, align 8 %115 = load i64, i64* %3, align 8 %116 = add i64 %114, 1 store i64 %116, i64* %8, align 8, !tbaa !1261 %117 = lshr i64 %116, 63 %118 = load i64, i64* %13, align 8 %119 = sub i64 %118, %116 %120 = icmp ult i64 %118, %116 %121 = zext i1 %120 to i8 store i8 %121, i8* %41, align 1, !tbaa !1265 %122 = trunc i64 %119 to i32 %123 = and i32 %122, 255 %124 = tail call i32 @llvm.ctpop.i32(i32 %123) #8 %125 = trunc i32 %124 to i8 %126 = and i8 %125, 1 %127 = xor i8 %126, 1 store i8 %127, i8* %42, align 1, !tbaa !1279 %128 = xor i64 %118, %116 %129 = xor i64 %128, %119 %130 = lshr i64 %129, 4 %131 = trunc i64 %130 to i8 %132 = and i8 %131, 1 store i8 %132, i8* %43, align 1, !tbaa !1283 %133 = icmp eq i64 %119, 0 %134 = zext i1 %133 to i8 store i8 %134, i8* %44, align 1, !tbaa !1280 %135 = lshr i64 %119, 63 %136 = trunc i64 %135 to i8 store i8 %136, i8* %45, align 1, !tbaa !1281 %137 = lshr i64 %118, 63 %138 = xor i64 %137, %117 %139 = xor i64 %135, %137 %140 = add nuw nsw i64 %139, %138 %141 = icmp eq i64 %140, 2 %142 = zext i1 %141 to i8 store i8 %142, i8* %46, align 1, !tbaa !1282 %143 = select i1 %133, i64 9, i64 -13 %144 = add i64 %143, %115 br i1 %133, label %block_696.loopexit, label %block_680 block_676: ; preds = %block_640 %145 = load i64, i64* %3, align 8 store i64 0, i64* %8, align 8, !tbaa !1261 store i8 0, i8* %41, align 1, !tbaa !1265 store i8 1, i8* %42, align 1, !tbaa !1279 store i8 1, i8* %44, align 1, !tbaa !1280 store i8 0, i8* %45, align 1, !tbaa !1281 store i8 0, i8* %46, align 1, !tbaa !1282 store i8 0, i8* %43, align 1, !tbaa !1283 %146 = add i64 %145, 15 br label %block_680 } ; Function Attrs: nobuiltin noinline norecurse nounwind define i64 @callback_sub_5f0_frame_dummy(i64, i64, i64, i64, i64, i64, i64, i64) #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1520, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5f0_frame_dummy(%struct.State* nonnull @__mcsema_reg_state, i64 1520, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define void @__mcsema_verify_reg_state() local_unnamed_addr #6 { entry: %0 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %1 = icmp eq i64 %0, 0 br i1 %1, label %is_null, label %end is_null: ; preds = %entry store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %end end: ; preds = %is_null, %entry ret void } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_5b0___do_global_dtors_aux(i64, i64, i64, i64, i64, i64, i64, i64) #7 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1456, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5b0___do_global_dtors_aux(%struct.State* nonnull @__mcsema_reg_state, i64 1456, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: noinline nounwind define %struct.Memory* @__mcsema_detach_call_value(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 %13 = load i64, i64* %9, align 8 %14 = load i64, i64* %8, align 8 %15 = load i64, i64* %7, align 8 %16 = load i64, i64* %6, align 8 %17 = load i64, i64* %11, align 8 %18 = load i64, i64* %12, align 8 %19 = load i64, i64* %10, align 8 %20 = add i64 %19, 8 %21 = inttoptr i64 %20 to i64* %22 = load i64, i64* %21, align 8 %23 = add i64 %19, 16 %24 = inttoptr i64 %23 to i64* %25 = load i64, i64* %24, align 8 %26 = inttoptr i64 %1 to i64 (i64, i64, i64, i64, i64, i64, i64, i64)* %27 = tail call i64 %26(i64 %13, i64 %14, i64 %15, i64 %16, i64 %17, i64 %18, i64 %22, i64 %25) #8 store i64 %27, i64* %5, align 8 %28 = inttoptr i64 %19 to i64* %29 = load i64, i64* %28, align 8 store i64 %29, i64* %4, align 8 store i64 %20, i64* %10, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline norecurse nounwind define i64 @callback_sub_6b0___libc_csu_fini() #5 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1712, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_6b0___libc_csu_fini(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_640___libc_csu_init() #7 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1600, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_640___libc_csu_init(%struct.State* nonnull @__mcsema_reg_state, i64 1600, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @main(i64, i64, i64) #7 { %4 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %3 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %3 %6 = phi i64 [ %4, %3 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1550, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %7 = load volatile i1, i1* @0, align 1 br i1 %7, label %__mcsema_early_init.exit, label %8 ; <label>:8: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %8, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 %9 = add i64 %6, -8 store i64 %9, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = tail call %struct.Memory* @sub_60e_main(%struct.State* nonnull @__mcsema_reg_state, i64 1550, %struct.Memory* null) store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %11 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %11 } ; Function Attrs: nobuiltin noinline nounwind define i64 @targ4e0(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #7 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1248, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_4e0_targ4e0(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nobuiltin noinline nounwind define i64 @add(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #7 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1530, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5fa_add(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define internal void @__mcsema_destructor() #6 { %1 = tail call i64 @callback_sub_6b0___libc_csu_fini() ret void } ; Function Attrs: nounwind define internal void @__mcsema_constructor() #8 { %1 = load volatile i1, i1* @0, align 1 br i1 %1, label %__mcsema_early_init.exit, label %2 ; <label>:2: ; preds = %0 store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %2, %0 %3 = tail call i64 @callback_sub_640___libc_csu_init() ret void } ; Function Attrs: noinline nounwind optnone define %struct.State* @__mcsema_debug_get_reg_state() local_unnamed_addr #9 { ret %struct.State* @__mcsema_reg_state } ; Function Attrs: noreturn nounwind declare void @llvm.trap() #10 attributes #0 = { nounwind readnone } attributes #1 = { noduplicate noinline noreturn nounwind optnone "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #2 = { noinline nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #3 = { noinline norecurse nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #4 = { noinline noreturn nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #5 = { nobuiltin noinline norecurse nounwind } attributes #6 = { norecurse nounwind } attributes #7 = { nobuiltin noinline nounwind } attributes #8 = { nounwind } attributes #9 = { noinline nounwind optnone } attributes #10 = { noreturn nounwind } !llvm.ident = !{!0, !0} !llvm.dbg.cu = !{!1} !llvm.module.flags = !{!1259, !1260}

Test2

Source code:
#include <stdio.h> #include <stdlib.h> int return_val(int arg1) { if (arg1 == 5) return 999999; return 888888; } int main(int argc, char **argv) { return return_val(argc); }

Compiled LLVM:
Non-optimised:
; ModuleID = 'test.bc' source_filename = "test.c" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-unknown-linux-gnu" ; Function Attrs: noinline nounwind optnone uwtable define dso_local i32 @return_val(i32 %arg1) #0 { entry: %retval = alloca i32, align 4 %arg1.addr = alloca i32, align 4 store i32 %arg1, i32* %arg1.addr, align 4 %0 = load i32, i32* %arg1.addr, align 4 %cmp = icmp eq i32 %0, 5 br i1 %cmp, label %if.then, label %if.end if.then: ; preds = %entry store i32 999999, i32* %retval, align 4 br label %return if.end: ; preds = %entry store i32 888888, i32* %retval, align 4 br label %return return: ; preds = %if.end, %if.then %1 = load i32, i32* %retval, align 4 ret i32 %1 } ; Function Attrs: noinline nounwind optnone uwtable define dso_local i32 @main(i32 %argc, i8** %argv) #0 { entry: %retval = alloca i32, align 4 %argc.addr = alloca i32, align 4 %argv.addr = alloca i8**, align 8 store i32 0, i32* %retval, align 4 store i32 %argc, i32* %argc.addr, align 4 store i8** %argv, i8*** %argv.addr, align 8 %0 = load i32, i32* %argc.addr, align 4 %call = call i32 @return_val(i32 %0) ret i32 %call } attributes #0 = { noinline nounwind optnone uwtable "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "min-legal-vector-width"="0" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } !llvm.module.flags = !{!0} !llvm.ident = !{!1} !0 = !{i32 1, !"wchar_size", i32 4} !1 = !{!"clang version 8.0.0 (tags/RELEASE_800/final)"}

Optimised:
; ModuleID = 'opt_test.bc' source_filename = "test.c" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-unknown-linux-gnu" ; Function Attrs: norecurse nounwind readnone uwtable define dso_local i32 @return_val(i32 %arg1) local_unnamed_addr #0 { entry: %cmp = icmp eq i32 %arg1, 5 %. = select i1 %cmp, i32 999999, i32 888888 ret i32 %. } ; Function Attrs: norecurse nounwind readnone uwtable define dso_local i32 @main(i32 %argc, i8** nocapture readnone %argv) local_unnamed_addr #0 { entry: %cmp.i = icmp eq i32 %argc, 5 %..i = select i1 %cmp.i, i32 999999, i32 888888 ret i32 %..i } attributes #0 = { norecurse nounwind readnone uwtable "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "min-legal-vector-width"="0" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } !llvm.module.flags = !{!0} !llvm.ident = !{!1} !0 = !{i32 1, !"wchar_size", i32 4} !1 = !{!"clang version 8.0.0 (tags/RELEASE_800/final)"}

Raised by mctoll
Non-optimised:
; ModuleID = '../a.out' source_filename = "../a.out" define dso_local i32 @return_val(i32 %arg1) { entry: %0 = alloca i64, align 8 %1 = alloca i32, align 4 %2 = alloca i64, align 8 %3 = ptrtoint i64* %0 to i64 store i32 %arg1, i32* %1, align 4 %4 = load i32, i32* %1, align 4 %5 = zext i32 %4 to i64 %6 = zext i32 5 to i64 %7 = sub i64 %5, %6 %ZF = icmp eq i64 %7, 0 %8 = shl i64 1, 63 %9 = and i64 %8, %7 %SF = icmp eq i64 %9, %8 %CmpZF_JNE = icmp eq i1 %ZF, false br i1 %CmpZF_JNE, label %bb.2, label %bb.1 bb.1: ; preds = %entry %10 = zext i32 999999 to i64 store i64 %10, i64* %2 br label %bb.3 bb.2: ; preds = %entry %11 = zext i32 888888 to i64 store i64 %11, i64* %2 br label %bb.3 bb.3: ; preds = %bb.2, %bb.1 %12 = load i64, i64* %2 %13 = trunc i64 %12 to i32 ret i32 %13 } define dso_local i32 @main(i32 %arg1, i64 %arg2) { entry: %0 = alloca i64, align 8 %StackAdj = alloca i64, align 8 %1 = alloca i32, align 4 %2 = ptrtoint i64* %0 to i64 store i32 %arg1, i32* %1, align 4 store i64 %arg2, i64* %StackAdj, align 8 %3 = load i32, i32* %1, align 4 %4 = call i32 @return_val(i32 %3) ret i32 %4 }

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "../a.out" ; Function Attrs: norecurse nounwind readnone define dso_local i32 @return_val(i32 %arg1) local_unnamed_addr #0 { entry: %ZF = icmp eq i32 %arg1, 5 %. = select i1 %ZF, i32 999999, i32 888888 ret i32 %. } ; Function Attrs: norecurse nounwind readnone define dso_local i32 @main(i32 %arg1, i64 %arg2) local_unnamed_addr #0 { entry: %ZF.i = icmp eq i32 %arg1, 5 %..i = select i1 %ZF.i, i32 999999, i32 888888 ret i32 %..i } attributes #0 = { norecurse nounwind readnone }

Raised by retdec
Non-optimised:
source_filename = "test" target datalayout = "e-m:e-p:64:64-i64:64-f80:128-n8:16:32:64-S128" @global_var_201010.1 = global i64 0 @global_var_200df0.2 = global i64 1520 @global_var_200df8.3 = global i64 1456 @0 = external global i32 define i64 @_init() local_unnamed_addr { dec_label_pc_4b8: %v0_4bc = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_4c3 = icmp eq i64 %v0_4bc, 0 br i1 %v1_4c3, label %dec_label_pc_4ca, label %dec_label_pc_4c8 dec_label_pc_4c8: ; preds = %dec_label_pc_4b8 call void @__gmon_start__() br label %dec_label_pc_4ca dec_label_pc_4ca: ; preds = %dec_label_pc_4c8, %dec_label_pc_4b8 %v0_4ce = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_4c8 ], [ 0, %dec_label_pc_4b8 ] ret i64 %v0_4ce }a define void @function_4e0(i64* %d) local_unnamed_addr { dec_label_pc_4e0: call void @__cxa_finalize(i64* %d) ret void } define i64 @_start(i64 %arg1, i64 %arg2, i64 %arg3, i64 %arg4) local_unnamed_addr { dec_label_pc_4f0: %rdx.global-to-local = alloca i64, align 8 store i64 %arg3, i64* %rdx.global-to-local, align 8 %stack_var_8 = alloca i64, align 8 %v0_4f2 = load i64, i64* %rdx.global-to-local, align 8 %v4_4f5 = ptrtoint i64* %stack_var_8 to i64 %tmp248 = bitcast i64* %stack_var_8 to i8** store i64 %v4_4f5, i64* %rdx.global-to-local, align 8 %v2_514 = trunc i64 %arg4 to i32 %v13_514 = inttoptr i64 %v0_4f2 to void ()* %v14_514 = call i32 @__libc_start_main(i64 1557, i32 %v2_514, i8** %tmp248, void ()* inttoptr (i64 1584 to void ()*), void ()* inttoptr (i64 1696 to void ()*), void ()* %v13_514) %v0_51a = call i64 @__asm_hlt() unreachable } define i64 @deregister_tm_clones() local_unnamed_addr { dec_label_pc_520: ret i64 ptrtoint (i64* @global_var_201010.1 to i64) } define i64 @register_tm_clones() local_unnamed_addr { dec_label_pc_560: ret i64 0 } define i64 @__do_global_dtors_aux() local_unnamed_addr { dec_label_pc_5b0: %rax.global-to-local = alloca i64, align 8 %rbp.global-to-local = alloca i64, align 8 %stack_var_-8 = alloca i64, align 8 %v0_5b0 = load i8, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v7_5b0 = icmp eq i8 %v0_5b0, 0 %v1_5b7 = icmp eq i1 %v7_5b0, false br i1 %v1_5b7, label %dec_label_pc_5e8, label %dec_label_pc_5b9 dec_label_pc_5b9: ; preds = %dec_label_pc_5b0 %v0_5b9 = load i64, i64* inttoptr (i64 2101240 to i64*), align 8 %v7_5b9 = icmp eq i64 %v0_5b9, 0 %v0_5c1 = load i64, i64* %rbp.global-to-local, align 8 store i64 %v0_5c1, i64* %stack_var_-8, align 8 %v4_5c1 = ptrtoint i64* %stack_var_-8 to i64 store i64 %v4_5c1, i64* %rbp.global-to-local, align 8 br i1 %v7_5b9, label %dec_label_pc_5d3, label %dec_label_pc_5c7 dec_label_pc_5c7: ; preds = %dec_label_pc_5b9 %v0_5c7 = load i64, i64* inttoptr (i64 2101256 to i64*), align 8 %v1_5ce = inttoptr i64 %v0_5c7 to i64* call void @__cxa_finalize(i64* %v1_5ce) store i64 ptrtoint (i32* @0 to i64), i64* %rax.global-to-local, align 8 br label %dec_label_pc_5d3 dec_label_pc_5d3: ; preds = %dec_label_pc_5c7, %dec_label_pc_5b9 %v0_5d3 = call i64 @deregister_tm_clones() store i64 %v0_5d3, i64* %rax.global-to-local, align 8 store i8 1, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v2_5df = load i64, i64* %stack_var_-8, align 8 store i64 %v2_5df, i64* %rbp.global-to-local, align 8 ret i64 %v0_5d3 dec_label_pc_5e8: ; preds = %dec_label_pc_5b0 %v0_5e8 = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_5e8 } define i64 @frame_dummy() local_unnamed_addr { dec_label_pc_5f0: %v0_5f5 = call i64 @register_tm_clones() ret i64 %v0_5f5 } define i64 @return_val(i64 %arg1) local_unnamed_addr { dec_label_pc_5fa: %v4_601 = trunc i64 %arg1 to i32 %v14_601 = icmp eq i32 %v4_601, 5 %v1_605 = icmp eq i1 %v14_601, false %. = select i1 %v1_605, i64 888888, i64 999999 ret i64 %. } define i64 @main(i64 %argc, i8** %argv) local_unnamed_addr { dec_label_pc_615: %rdi.global-to-local = alloca i64, align 8 store i64 %argc, i64* %rdi.global-to-local, align 8 %v0_61d = load i64, i64* %rdi.global-to-local, align 8 %v1_629 = call i64 @return_val(i64 %v0_61d) ret i64 %v1_629 } define i64 @__libc_csu_init(i64 %arg1, i64 %arg2, i64 %arg3) local_unnamed_addr { dec_label_pc_630: %r12.global-to-local = alloca i64, align 8 %r13.global-to-local = alloca i64, align 8 %r14.global-to-local = alloca i64, align 8 %r15.global-to-local = alloca i64, align 8 %rbp.global-to-local = alloca i64, align 8 %rbx.global-to-local = alloca i64, align 8 %rdi.global-to-local = alloca i64, align 8 %rdx.global-to-local = alloca i64, align 8 %rsi.global-to-local = alloca i64, align 8 store i64 %arg3, i64* %rdx.global-to-local, align 8 store i64 %arg2, i64* %rsi.global-to-local, align 8 store i64 %arg1, i64* %rdi.global-to-local, align 8 %v0_630 = load i64, i64* %r15.global-to-local, align 8 %v0_632 = load i64, i64* %r14.global-to-local, align 8 %v0_634 = load i64, i64* %rdx.global-to-local, align 8 store i64 %v0_634, i64* %r15.global-to-local, align 8 %v0_637 = load i64, i64* %r13.global-to-local, align 8 %v0_639 = load i64, i64* %r12.global-to-local, align 8 store i64 ptrtoint (i64* @global_var_200df0.2 to i64), i64* %r12.global-to-local, align 8 %v0_642 = load i64, i64* %rbp.global-to-local, align 8 %v0_64a = load i64, i64* %rbx.global-to-local, align 8 %v0_64b = load i64, i64* %rdi.global-to-local, align 8 store i64 %v0_64b, i64* %r13.global-to-local, align 8 %v0_64e = load i64, i64* %rsi.global-to-local, align 8 store i64 %v0_64e, i64* %r14.global-to-local, align 8 store i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200df8.3 to i64), i64 ptrtoint (i64* @global_var_200df0.2 to i64)), i64 3), i64* %rbp.global-to-local, align 8 %v0_65c = call i64 @_init() br i1 icmp eq (i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200df8.3 to i64), i64 ptrtoint (i64* @global_var_200df0.2 to i64)), i64 3), i64 0), label %dec_label_pc_686, label %dec_label_pc_666 dec_label_pc_666: ; preds = %dec_label_pc_630 store i64 0, i64* %rbx.global-to-local, align 8 %v0_670 = load i64, i64* %r15.global-to-local, align 8 %v0_673 = load i64, i64* %r14.global-to-local, align 8 %v0_676 = load i64, i64* %r13.global-to-local, align 8 br label %dec_label_pc_670 dec_label_pc_670: ; preds = %dec_label_pc_670, %dec_label_pc_666 %v1_67d2 = phi i64 [ %v1_67d, %dec_label_pc_670 ], [ 0, %dec_label_pc_666 ] %v1_67d = add i64 %v1_67d2, 1 %v12_681 = icmp eq i64 %v1_67d2, sub (i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200df8.3 to i64), i64 ptrtoint (i64* @global_var_200df0.2 to i64)), i64 3), i64 1) %v1_684 = icmp eq i1 %v12_681, false br i1 %v1_684, label %dec_label_pc_670, label %dec_label_pc_686.loopexit dec_label_pc_686.loopexit: ; preds = %dec_label_pc_670 store i64 %v0_670, i64* %rdx.global-to-local, align 8 store i64 %v0_673, i64* %rsi.global-to-local, align 8 store i64 %v0_676, i64* %rdi.global-to-local, align 8 store i64 %v1_67d, i64* %rbx.global-to-local, align 8 br label %dec_label_pc_686 dec_label_pc_686: ; preds = %dec_label_pc_686.loopexit, %dec_label_pc_630 store i64 %v0_64a, i64* %rbx.global-to-local, align 8 store i64 %v0_642, i64* %rbp.global-to-local, align 8 store i64 %v0_639, i64* %r12.global-to-local, align 8 store i64 %v0_637, i64* %r13.global-to-local, align 8 store i64 %v0_632, i64* %r14.global-to-local, align 8 store i64 %v0_630, i64* %r15.global-to-local, align 8 ret i64 %v0_65c } define i64 @__libc_csu_fini() local_unnamed_addr { dec_label_pc_6a0: %rax.global-to-local = alloca i64, align 8 %v0_6a0 = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_6a0 } define i64 @_fini() local_unnamed_addr { dec_label_pc_6a4: %rax.global-to-local = alloca i64, align 8 %v0_6ac = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_6ac } declare i32 @__libc_start_main(i64, i32, i8**, void ()*, void ()*, void ()*) local_unnamed_addr declare void @__gmon_start__() local_unnamed_addr declare void @__cxa_finalize(i64*) local_unnamed_addr declare i64 @__asm_hlt() local_unnamed_addr

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "test" target datalayout = "e-m:e-p:64:64-i64:64-f80:128-n8:16:32:64-S128" @global_var_201010.1 = global i64 0 @global_var_200df0.2 = local_unnamed_addr global i64 1520 @global_var_200df8.3 = local_unnamed_addr global i64 1456 @0 = external global i32 define i64 @_init() local_unnamed_addr { dec_label_pc_4b8: %v0_4bc = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_4c3 = icmp eq i64 %v0_4bc, 0 br i1 %v1_4c3, label %dec_label_pc_4ca, label %dec_label_pc_4c8 dec_label_pc_4c8: ; preds = %dec_label_pc_4b8 tail call void @__gmon_start__() br label %dec_label_pc_4ca dec_label_pc_4ca: ; preds = %dec_label_pc_4c8, %dec_label_pc_4b8 %v0_4ce = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_4c8 ], [ 0, %dec_label_pc_4b8 ] ret i64 %v0_4ce } define void @function_4e0(i64* %d) local_unnamed_addr { dec_label_pc_4e0: tail call void @__cxa_finalize(i64* %d) ret void } ; Function Attrs: noreturn define i64 @_start(i64 %arg1, i64 %arg2, i64 %arg3, i64 %arg4) local_unnamed_addr #0 { dec_label_pc_4f0: %stack_var_8 = alloca i8*, align 8 %v2_514 = trunc i64 %arg4 to i32 %v13_514 = inttoptr i64 %arg3 to void ()* %v14_514 = call i32 @__libc_start_main(i64 1557, i32 %v2_514, i8** nonnull %stack_var_8, void ()* inttoptr (i64 1584 to void ()*), void ()* inttoptr (i64 1696 to void ()*), void ()* %v13_514) %v0_51a = call i64 @__asm_hlt() unreachable } ; Function Attrs: norecurse nounwind readnone define i64 @deregister_tm_clones() local_unnamed_addr #1 { dec_label_pc_520: ret i64 ptrtoint (i64* @global_var_201010.1 to i64) } ; Function Attrs: norecurse nounwind readnone define i64 @register_tm_clones() local_unnamed_addr #1 { dec_label_pc_560: ret i64 0 } define i64 @__do_global_dtors_aux() local_unnamed_addr { dec_label_pc_5b0: %v0_5b0 = load i8, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v7_5b0 = icmp eq i8 %v0_5b0, 0 br i1 %v7_5b0, label %dec_label_pc_5b9, label %dec_label_pc_5e8 dec_label_pc_5b9: ; preds = %dec_label_pc_5b0 %v0_5b9 = load i64, i64* inttoptr (i64 2101240 to i64*), align 8 %v7_5b9 = icmp eq i64 %v0_5b9, 0 br i1 %v7_5b9, label %dec_label_pc_5d3, label %dec_label_pc_5c7 dec_label_pc_5c7: ; preds = %dec_label_pc_5b9 %v0_5c71 = load i64*, i64** inttoptr (i64 2101256 to i64**), align 8 tail call void @__cxa_finalize(i64* %v0_5c71) br label %dec_label_pc_5d3 dec_label_pc_5d3: ; preds = %dec_label_pc_5c7, %dec_label_pc_5b9 store i8 1, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 ret i64 ptrtoint (i64* @global_var_201010.1 to i64) dec_label_pc_5e8: ; preds = %dec_label_pc_5b0 ret i64 undef } ; Function Attrs: norecurse nounwind readnone define i64 @frame_dummy() local_unnamed_addr #1 { dec_label_pc_5f0: ret i64 0 } ; Function Attrs: norecurse nounwind readnone define i64 @return_val(i64 %arg1) local_unnamed_addr #1 { dec_label_pc_5fa: %v4_601 = trunc i64 %arg1 to i32 %v14_601 = icmp eq i32 %v4_601, 5 %. = select i1 %v14_601, i64 999999, i64 888888 ret i64 %. } ; Function Attrs: norecurse nounwind readnone define i64 @main(i64 %argc, i8** nocapture readnone %argv) local_unnamed_addr #1 { dec_label_pc_615: %v4_601.i = trunc i64 %argc to i32 %v14_601.i = icmp eq i32 %v4_601.i, 5 %..i = select i1 %v14_601.i, i64 999999, i64 888888 ret i64 %..i } define i64 @__libc_csu_init(i64 %arg1, i64 %arg2, i64 %arg3) local_unnamed_addr { dec_label_pc_630: %v0_4bc.i = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_4c3.i = icmp eq i64 %v0_4bc.i, 0 br i1 %v1_4c3.i, label %dec_label_pc_686, label %dec_label_pc_4c8.i dec_label_pc_4c8.i: ; preds = %dec_label_pc_630 tail call void @__gmon_start__() br label %dec_label_pc_686 dec_label_pc_686: ; preds = %dec_label_pc_4c8.i, %dec_label_pc_630 %v0_4ce.i = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_4c8.i ], [ 0, %dec_label_pc_630 ] ret i64 %v0_4ce.i } ; Function Attrs: norecurse nounwind readnone define i64 @__libc_csu_fini() local_unnamed_addr #1 { dec_label_pc_6a0: ret i64 undef } ; Function Attrs: norecurse nounwind readnone define i64 @_fini() local_unnamed_addr #1 { dec_label_pc_6a4: ret i64 undef } declare i32 @__libc_start_main(i64, i32, i8**, void ()*, void ()*, void ()*) local_unnamed_addr declare void @__gmon_start__() local_unnamed_addr declare void @__cxa_finalize(i64*) local_unnamed_addr declare i64 @__asm_hlt() local_unnamed_addr attributes #0 = { noreturn } attributes #1 = { norecurse nounwind readnone }

Raised by mcsema
Non-optimised:
; ModuleID = 'lifted.bc' source_filename = "llvm-link" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-pc-linux-gnu-elf" %union.anon = type { i64 } %seg_200df0__init_array_type = type <{ i64, i64 }> %seg_200fc0__got_type = type <{ [64 x i8] }> %seg_201000__data_type = type <{ [8 x i8], i64 }> %seg_201010__bss_type = type <{ [8 x i8] }> %struct.State = type { %struct.ArchState, [32 x %union.VectorReg], %struct.ArithFlags, %union.anon, %struct.Segments, %struct.AddressSpace, %struct.GPR, %struct.X87Stack, %struct.MMX, %struct.FPUStatusFlags, %union.anon, %union.FPU, %struct.SegmentCaches } %struct.ArchState = type { i32, i32, %union.anon } %union.VectorReg = type { %union.vec512_t } %union.vec512_t = type { %struct.uint64v8_t } %struct.uint64v8_t = type { [8 x i64] } %struct.ArithFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8 } %struct.Segments = type { i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector } %union.SegmentSelector = type { i16 } %struct.AddressSpace = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.Reg = type { %union.anon } %struct.GPR = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.X87Stack = type { [8 x %struct.anon.3] } %struct.anon.3 = type { i64, double } %struct.MMX = type { [8 x %struct.anon.4] } %struct.anon.4 = type { i64, %union.vec64_t } %union.vec64_t = type { %struct.uint64v1_t } %struct.uint64v1_t = type { [1 x i64] } %struct.FPUStatusFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, [4 x i8] } %union.FPU = type { %struct.anon.13 } %struct.anon.13 = type { %struct.FpuFXSAVE, [96 x i8] } %struct.FpuFXSAVE = type { %union.SegmentSelector, %union.SegmentSelector, %union.FPUAbridgedTagWord, i8, i16, i32, %union.SegmentSelector, i16, i32, %union.SegmentSelector, i16, %union.FPUControlStatus, %union.FPUControlStatus, [8 x %struct.FPUStackElem], [16 x %union.vec128_t] } %union.FPUAbridgedTagWord = type { i8 } %union.FPUControlStatus = type { i32 } %struct.FPUStackElem = type { %union.anon.11, [6 x i8] } %union.anon.11 = type { %struct.float80_t } %struct.float80_t = type { [10 x i8] } %union.vec128_t = type { %struct.uint128v1_t } %struct.uint128v1_t = type { [1 x i128] } %struct.SegmentCaches = type { %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow } %struct.SegmentShadow = type { %union.anon, i32, i32 } %struct.Memory = type opaque @DR0 = external global i64, align 8 @DR1 = external global i64, align 8 @DR2 = external global i64, align 8 @DR3 = external global i64, align 8 @DR4 = external global i64, align 8 @DR5 = external global i64, align 8 @DR6 = external global i64, align 8 @DR7 = external global i64, align 8 @gCR0 = external global %union.anon, align 1 @gCR1 = external global %union.anon, align 1 @gCR2 = external global %union.anon, align 1 @gCR3 = external global %union.anon, align 1 @gCR4 = external global %union.anon, align 1 @gCR8 = external global %union.anon, align 1 @seg_200df0__init_array = internal global %seg_200df0__init_array_type <{ i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_5f0_frame_dummy to i64), i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_5b0___do_global_dtors_aux to i64) }> @seg_200fc0__got = internal global %seg_200fc0__got_type <{ [64 x i8] c"\00\0E \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\008\14 \00\00\00\00\00@\14 \00\00\00\00\00H\14 \00\00\00\00\00P\14 \00\00\00\00\00X\14 \00\00\00\00\00" }> @seg_201000__data = internal global %seg_201000__data_type <{ [8 x i8] zeroinitializer, i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) }> @seg_201010__bss = internal global %seg_201010__bss_type zeroinitializer @__mcsema_reg_state = internal thread_local global %struct.State zeroinitializer @__mcsema_stack = internal thread_local global [131072 x i64] zeroinitializer @__mcsema_tls = internal thread_local global [512 x i64] zeroinitializer @0 = internal global i1 false @llvm.global_ctors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_constructor, i8* null }] @llvm.global_dtors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_destructor, i8* null }] ; Function Attrs: nounwind readnone declare i32 @llvm.ctpop.i32(i32) #0 ; Function Attrs: noduplicate noinline nounwind optnone define %struct.Memory* @__remill_error(%struct.State* dereferenceable(3376), i64, %struct.Memory*) local_unnamed_addr #1 { call void @llvm.trap() unreachable } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4b8__init(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_4b8: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, -8 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %14 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 40) to i64*) store i64 %14, i64* %4, align 8, !tbaa !1261 store i8 0, i8* %8, align 1, !tbaa !1265 %15 = trunc i64 %14 to i32 %16 = and i32 %15, 255 %17 = tail call i32 @llvm.ctpop.i32(i32 %16) #5 %18 = trunc i32 %17 to i8 %19 = and i8 %18, 1 %20 = xor i8 %19, 1 store i8 %20, i8* %9, align 1, !tbaa !1279 %21 = icmp eq i64 %14, 0 %22 = zext i1 %21 to i8 store i8 %22, i8* %11, align 1, !tbaa !1280 %23 = lshr i64 %14, 63 %24 = trunc i64 %23 to i8 store i8 %24, i8* %12, align 1, !tbaa !1281 store i8 0, i8* %13, align 1, !tbaa !1282 store i8 0, i8* %10, align 1, !tbaa !1283 %25 = select i1 %21, i64 18, i64 16 %26 = add i64 %25, %1 br i1 %21, label %block_4ca, label %block_4c8 block_4ca: ; preds = %block_4c8, %block_4b8 %27 = phi i64 [ %7, %block_4b8 ], [ %58, %block_4c8 ] %28 = phi %struct.Memory* [ %2, %block_4b8 ], [ %57, %block_4c8 ] %29 = add i64 %27, 8 %30 = icmp ugt i64 %27, -9 %31 = zext i1 %30 to i8 store i8 %31, i8* %8, align 1, !tbaa !1265 %32 = trunc i64 %29 to i32 %33 = and i32 %32, 255 %34 = tail call i32 @llvm.ctpop.i32(i32 %33) #5 %35 = trunc i32 %34 to i8 %36 = and i8 %35, 1 %37 = xor i8 %36, 1 store i8 %37, i8* %9, align 1, !tbaa !1279 %38 = xor i64 %29, %27 %39 = lshr i64 %38, 4 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 store i8 %41, i8* %10, align 1, !tbaa !1283 %42 = icmp eq i64 %29, 0 %43 = zext i1 %42 to i8 store i8 %43, i8* %11, align 1, !tbaa !1280 %44 = lshr i64 %29, 63 %45 = trunc i64 %44 to i8 store i8 %45, i8* %12, align 1, !tbaa !1281 %46 = lshr i64 %27, 63 %47 = xor i64 %44, %46 %48 = add nuw nsw i64 %47, %44 %49 = icmp eq i64 %48, 2 %50 = zext i1 %49 to i8 store i8 %50, i8* %13, align 1, !tbaa !1282 %51 = inttoptr i64 %29 to i64* %52 = load i64, i64* %51 store i64 %52, i64* %3, align 8, !tbaa !1261 %53 = add i64 %27, 16 store i64 %53, i64* %5, align 8, !tbaa !1261 ret %struct.Memory* %28 block_4c8: ; preds = %block_4b8 %54 = add i64 %26, 2 %55 = add i64 %6, -16 %56 = inttoptr i64 %55 to i64* store i64 %54, i64* %56 store i64 %55, i64* %5, align 8, !tbaa !1261 store i64 %14, i64* %3, align 8, !tbaa !1261 %57 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %14, %struct.Memory* %2) %58 = load i64, i64* %5, align 8 br label %block_4ca } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5f0_frame_dummy(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_5f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = load i64, i64* %3, align 8, !tbaa !1261 %7 = add i64 %6, -8 %8 = inttoptr i64 %7 to i64* store i64 %5, i64* %8 %9 = inttoptr i64 %7 to i64* %10 = load i64, i64* %9 store i64 %10, i64* %4, align 8, !tbaa !1261 store i64 %6, i64* %3, align 8, !tbaa !1261 %11 = add i64 %1, -144 %12 = tail call %struct.Memory* @sub_560_register_tm_clones(%struct.State* nonnull %0, i64 %11, %struct.Memory* %2) ret %struct.Memory* %12 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4e0_targ4e0(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_4e0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 56) to i64*) store i64 %4, i64* %3, align 8, !tbaa !1261 %5 = icmp eq i64 %4, 1254 br i1 %5, label %block_4e6, label %7 block_4e6: ; preds = %block_4e0 %6 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull %0, i64 1254, %struct.Memory* %2) ret %struct.Memory* %6 ; <label>:7: ; preds = %block_4e0 %8 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %4, %struct.Memory* %2) ret %struct.Memory* %8 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5b0___do_global_dtors_aux(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_5b0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %6 = load i8, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i32 0, i32 0, i32 0) %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %7, align 1, !tbaa !1265 %8 = zext i8 %6 to i32 %9 = tail call i32 @llvm.ctpop.i32(i32 %8) #5 %10 = trunc i32 %9 to i8 %11 = and i8 %10, 1 %12 = xor i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %12, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 0, i8* %14, align 1, !tbaa !1283 %15 = icmp eq i8 %6, 0 %16 = zext i1 %15 to i8 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %16, i8* %17, align 1, !tbaa !1280 %18 = lshr i8 %6, 7 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %18, i8* %19, align 1, !tbaa !1281 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 0, i8* %20, align 1, !tbaa !1282 %21 = select i1 %15, i64 9, i64 56 %22 = add i64 %21, %1 %23 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 br i1 %15, label %block_5b9, label %block_5e8 block_5c7: ; preds = %block_5b9 %24 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) to i64*) store i64 %24, i64* %4, align 8, !tbaa !1261 %25 = add i64 %48, -231 %26 = add i64 %48, 12 %27 = add i64 %44, -16 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28 store i64 %27, i64* %23, align 8, !tbaa !1261 %29 = tail call %struct.Memory* @sub_4e0_targ4e0(%struct.State* nonnull %0, i64 %25, %struct.Memory* %2) %30 = load i64, i64* %3, align 8 %31 = load i64, i64* %23, align 8, !tbaa !1261 br label %block_5d3 block_5b9: ; preds = %block_5b0 %32 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 56) to i64*) store i8 0, i8* %7, align 1, !tbaa !1265 %33 = trunc i64 %32 to i32 %34 = and i32 %33, 255 %35 = tail call i32 @llvm.ctpop.i32(i32 %34) #5 %36 = trunc i32 %35 to i8 %37 = and i8 %36, 1 %38 = xor i8 %37, 1 store i8 %38, i8* %13, align 1, !tbaa !1279 store i8 0, i8* %14, align 1, !tbaa !1283 %39 = icmp eq i64 %32, 0 %40 = zext i1 %39 to i8 store i8 %40, i8* %17, align 1, !tbaa !1280 %41 = lshr i64 %32, 63 %42 = trunc i64 %41 to i8 store i8 %42, i8* %19, align 1, !tbaa !1281 store i8 0, i8* %20, align 1, !tbaa !1282 %43 = load i64, i64* %5, align 8 %44 = load i64, i64* %23, align 8, !tbaa !1261 %45 = add i64 %44, -8 %46 = inttoptr i64 %45 to i64* store i64 %43, i64* %46 store i64 %45, i64* %5, align 8, !tbaa !1261 %47 = select i1 %39, i64 26, i64 14 %48 = add i64 %22, %47 br i1 %39, label %block_5d3, label %block_5c7 block_5e8: ; preds = %block_5b0 %49 = load i64, i64* %23, align 8, !tbaa !1261 %50 = inttoptr i64 %49 to i64* %51 = load i64, i64* %50 store i64 %51, i64* %3, align 8, !tbaa !1261 %52 = add i64 %49, 8 store i64 %52, i64* %23, align 8, !tbaa !1261 ret %struct.Memory* %2 block_5d3: ; preds = %block_5b9, %block_5c7 %53 = phi i64 [ %45, %block_5b9 ], [ %31, %block_5c7 ] %54 = phi i64 [ %48, %block_5b9 ], [ %30, %block_5c7 ] %55 = phi %struct.Memory* [ %2, %block_5b9 ], [ %29, %block_5c7 ] %56 = add i64 %54, -179 %57 = add i64 %54, 5 %58 = add i64 %53, -8 %59 = inttoptr i64 %58 to i64* store i64 %57, i64* %59 store i64 %58, i64* %23, align 8, !tbaa !1261 %60 = tail call %struct.Memory* @sub_520_deregister_tm_clones(%struct.State* nonnull %0, i64 %56, %struct.Memory* %55) store i8 1, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i32 0, i32 0, i32 0) %61 = load i64, i64* %23, align 8, !tbaa !1261 %62 = add i64 %61, 8 %63 = inttoptr i64 %61 to i64* %64 = load i64, i64* %63 store i64 %64, i64* %5, align 8, !tbaa !1261 %65 = inttoptr i64 %62 to i64* %66 = load i64, i64* %65 store i64 %66, i64* %3, align 8, !tbaa !1261 %67 = add i64 %61, 16 store i64 %67, i64* %23, align 8, !tbaa !1261 ret %struct.Memory* %60 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4f0__start(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_4f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 store i64 0, i64* %10, align 8, !tbaa !1261 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %19 = load i64, i64* %6, align 8 store i64 %19, i64* %12, align 8, !tbaa !1261 %20 = load i64, i64* %9, align 8, !tbaa !1261 %21 = add i64 %20, 8 %22 = inttoptr i64 %20 to i64* %23 = load i64, i64* %22 store i64 %23, i64* %7, align 8, !tbaa !1261 store i64 %21, i64* %6, align 8, !tbaa !1261 %24 = and i64 %21, -16 store i8 0, i8* %13, align 1, !tbaa !1265 %25 = trunc i64 %21 to i32 %26 = and i32 %25, 240 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #5 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %14, align 1, !tbaa !1279 %31 = icmp eq i64 %24, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %15, align 1, !tbaa !1280 %33 = lshr i64 %21, 63 %34 = trunc i64 %33 to i8 store i8 %34, i8* %16, align 1, !tbaa !1281 store i8 0, i8* %17, align 1, !tbaa !1282 store i8 0, i8* %18, align 1, !tbaa !1283 %35 = load i64, i64* %4, align 8 %36 = add i64 %24, -8 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37 %38 = add i64 %24, -16 %39 = inttoptr i64 %38 to i64* store i64 %36, i64* %39 store i64 ptrtoint (i64 ()* @callback_sub_6a0___libc_csu_fini to i64), i64* %11, align 8, !tbaa !1261 store i64 ptrtoint (i64 ()* @callback_sub_630___libc_csu_init to i64), i64* %5, align 8, !tbaa !1261 store i64 ptrtoint (i64 (i64, i64, i64)* @main to i64), i64* %8, align 8, !tbaa !1261 %40 = add i64 %1, 42 %41 = add i64 %24, -24 %42 = inttoptr i64 %41 to i64* store i64 %40, i64* %42 store i64 %41, i64* %9, align 8, !tbaa !1261 %43 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 32) to i64*) store i64 %43, i64* %3, align 8, !tbaa !1261 %44 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %43, %struct.Memory* %2) %45 = load i64, i64* %3, align 8 %46 = add i64 %45, 1 store i64 %46, i64* %3, align 8 %47 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull %0, i64 %46, %struct.Memory* %44) ret %struct.Memory* %47 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_560_register_tm_clones(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_5a0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %6, align 8, !tbaa !1261 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1261 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 0, i64* %4, align 8, !tbaa !1261 store i64 0, i64* %5, align 8, !tbaa !1261 store i8 0, i8* %13, align 1, !tbaa !1284 store i8 1, i8* %14, align 1, !tbaa !1284 store i8 0, i8* %15, align 1, !tbaa !1284 store i8 1, i8* %16, align 1, !tbaa !1284 store i8 0, i8* %17, align 1, !tbaa !1284 store i8 0, i8* %18, align 1, !tbaa !1284 %19 = inttoptr i64 %11 to i64* %20 = load i64, i64* %19 store i64 %20, i64* %8, align 8, !tbaa !1261 %21 = inttoptr i64 %10 to i64* %22 = load i64, i64* %21 store i64 %22, i64* %3, align 8, !tbaa !1261 %23 = add i64 %10, 8 store i64 %23, i64* %7, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_520_deregister_tm_clones(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_550: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %5, align 8, !tbaa !1261 %8 = load i64, i64* %7, align 8 %9 = load i64, i64* %6, align 8, !tbaa !1261 %10 = add i64 %9, -8 %11 = inttoptr i64 %10 to i64* store i64 %8, i64* %11 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %4, align 8, !tbaa !1261 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %12, align 1, !tbaa !1265 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 1, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 and (i8 trunc (i64 lshr (i64 xor (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64)), i64 4) to i8), i8 1), i8* %14, align 1, !tbaa !1283 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 1, i8* %15, align 1, !tbaa !1280 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 0, i8* %16, align 1, !tbaa !1281 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 zext (i1 icmp eq (i64 add (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 xor (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63))), i64 2) to i8), i8* %17, align 1, !tbaa !1282 %18 = inttoptr i64 %10 to i64* %19 = load i64, i64* %18 store i64 %19, i64* %7, align 8, !tbaa !1261 %20 = inttoptr i64 %9 to i64* %21 = load i64, i64* %20 store i64 %21, i64* %3, align 8, !tbaa !1261 %22 = add i64 %9, 8 store i64 %22, i64* %6, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_630___libc_csu_init(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_630: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 27, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 3, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %11 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 25, i32 0, i32 0 %15 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 29, i32 0, i32 0 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 31, i32 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = load i64, i64* %12, align 8, !tbaa !1261 %20 = add i64 %19, -8 %21 = inttoptr i64 %20 to i64* store i64 %18, i64* %21 %22 = load i64, i64* %16, align 8 %23 = add i64 %19, -16 %24 = inttoptr i64 %23 to i64* store i64 %22, i64* %24 %25 = load i64, i64* %9, align 8 store i64 %25, i64* %17, align 8, !tbaa !1261 %26 = load i64, i64* %15, align 8 %27 = add i64 %19, -24 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28 %29 = load i64, i64* %14, align 8 %30 = add i64 %19, -32 %31 = inttoptr i64 %30 to i64* store i64 %29, i64* %31 store i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64), i64* %14, align 8, !tbaa !1261 %32 = load i64, i64* %13, align 8 %33 = add i64 %19, -40 %34 = inttoptr i64 %33 to i64* store i64 %32, i64* %34 %35 = load i64, i64* %8, align 8 %36 = add i64 %19, -48 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37 %38 = load i32, i32* %5, align 4 %39 = zext i32 %38 to i64 store i64 %39, i64* %15, align 8, !tbaa !1261 %40 = load i64, i64* %10, align 8 store i64 %40, i64* %16, align 8, !tbaa !1261 %41 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %42 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %43 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %44 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %45 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 ashr (i64 sub (i64 add (i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64), i64 8), i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64)), i64 3), i64* %13, align 8, !tbaa !1261 %47 = add i64 %1, -376 %48 = add i64 %1, 49 %49 = add i64 %19, -64 %50 = inttoptr i64 %49 to i64* store i64 %48, i64* %50 store i64 %49, i64* %12, align 8, !tbaa !1261 %51 = tail call %struct.Memory* @sub_4b8__init(%struct.State* nonnull %0, i64 %47, %struct.Memory* %2) %52 = load i64, i64* %13, align 8 %53 = load i64, i64* %3, align 8 %54 = icmp eq i64 %52, 0 %55 = select i1 %54, i64 37, i64 5 %56 = add i64 %53, %55 br i1 %54, label %block_686, label %block_666 block_686.loopexit: ; preds = %block_670 br label %block_686 block_686: ; preds = %block_686.loopexit, %block_630 %57 = phi %struct.Memory* [ %51, %block_630 ], [ %118, %block_686.loopexit ] %58 = load i64, i64* %12, align 8 %59 = add i64 %58, 8 %60 = icmp ugt i64 %58, -9 %61 = zext i1 %60 to i8 store i8 %61, i8* %41, align 1, !tbaa !1265 %62 = trunc i64 %59 to i32 %63 = and i32 %62, 255 %64 = tail call i32 @llvm.ctpop.i32(i32 %63) #5 %65 = trunc i32 %64 to i8 %66 = and i8 %65, 1 %67 = xor i8 %66, 1 store i8 %67, i8* %42, align 1, !tbaa !1279 %68 = xor i64 %59, %58 %69 = lshr i64 %68, 4 %70 = trunc i64 %69 to i8 %71 = and i8 %70, 1 store i8 %71, i8* %43, align 1, !tbaa !1283 %72 = icmp eq i64 %59, 0 %73 = zext i1 %72 to i8 store i8 %73, i8* %44, align 1, !tbaa !1280 %74 = lshr i64 %59, 63 %75 = trunc i64 %74 to i8 store i8 %75, i8* %45, align 1, !tbaa !1281 %76 = lshr i64 %58, 63 %77 = xor i64 %74, %76 %78 = add nuw nsw i64 %77, %74 %79 = icmp eq i64 %78, 2 %80 = zext i1 %79 to i8 store i8 %80, i8* %46, align 1, !tbaa !1282 %81 = add i64 %58, 16 %82 = inttoptr i64 %59 to i64* %83 = load i64, i64* %82 store i64 %83, i64* %8, align 8, !tbaa !1261 %84 = add i64 %58, 24 %85 = inttoptr i64 %81 to i64* %86 = load i64, i64* %85 store i64 %86, i64* %13, align 8, !tbaa !1261 %87 = add i64 %58, 32 %88 = inttoptr i64 %84 to i64* %89 = load i64, i64* %88 store i64 %89, i64* %14, align 8, !tbaa !1261 %90 = add i64 %58, 40 %91 = inttoptr i64 %87 to i64* %92 = load i64, i64* %91 store i64 %92, i64* %15, align 8, !tbaa !1261 %93 = add i64 %58, 48 %94 = inttoptr i64 %90 to i64* %95 = load i64, i64* %94 store i64 %95, i64* %16, align 8, !tbaa !1261 %96 = add i64 %58, 56 %97 = inttoptr i64 %93 to i64* %98 = load i64, i64* %97 store i64 %98, i64* %17, align 8, !tbaa !1261 %99 = inttoptr i64 %96 to i64* %100 = load i64, i64* %99 store i64 %100, i64* %3, align 8, !tbaa !1261 %101 = add i64 %58, 64 store i64 %101, i64* %12, align 8, !tbaa !1261 ret %struct.Memory* %57 block_670: ; preds = %block_666, %block_670 %102 = phi i64 [ 0, %block_666 ], [ %121, %block_670 ] %103 = phi i64 [ %150, %block_666 ], [ %149, %block_670 ] %104 = phi %struct.Memory* [ %51, %block_666 ], [ %118, %block_670 ] %105 = load i64, i64* %17, align 8 store i64 %105, i64* %9, align 8, !tbaa !1261 %106 = load i64, i64* %16, align 8 store i64 %106, i64* %10, align 8, !tbaa !1261 %107 = load i32, i32* %7, align 4 %108 = zext i32 %107 to i64 store i64 %108, i64* %11, align 8, !tbaa !1261 %109 = load i64, i64* %14, align 8 %110 = shl i64 %102, 3 %111 = add i64 %110, %109 %112 = add i64 %103, 13 %113 = load i64, i64* %12, align 8, !tbaa !1261 %114 = add i64 %113, -8 %115 = inttoptr i64 %114 to i64* store i64 %112, i64* %115 store i64 %114, i64* %12, align 8, !tbaa !1261 %116 = inttoptr i64 %111 to i64* %117 = load i64, i64* %116 store i64 %117, i64* %3, align 8, !tbaa !1261 %118 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %117, %struct.Memory* %104) %119 = load i64, i64* %8, align 8 %120 = load i64, i64* %3, align 8 %121 = add i64 %119, 1 store i64 %121, i64* %8, align 8, !tbaa !1261 %122 = lshr i64 %121, 63 %123 = load i64, i64* %13, align 8 %124 = sub i64 %123, %121 %125 = icmp ult i64 %123, %121 %126 = zext i1 %125 to i8 store i8 %126, i8* %41, align 1, !tbaa !1265 %127 = trunc i64 %124 to i32 %128 = and i32 %127, 255 %129 = tail call i32 @llvm.ctpop.i32(i32 %128) #5 %130 = trunc i32 %129 to i8 %131 = and i8 %130, 1 %132 = xor i8 %131, 1 store i8 %132, i8* %42, align 1, !tbaa !1279 %133 = xor i64 %121, %123 %134 = xor i64 %133, %124 %135 = lshr i64 %134, 4 %136 = trunc i64 %135 to i8 %137 = and i8 %136, 1 store i8 %137, i8* %43, align 1, !tbaa !1283 %138 = icmp eq i64 %124, 0 %139 = zext i1 %138 to i8 store i8 %139, i8* %44, align 1, !tbaa !1280 %140 = lshr i64 %124, 63 %141 = trunc i64 %140 to i8 store i8 %141, i8* %45, align 1, !tbaa !1281 %142 = lshr i64 %123, 63 %143 = xor i64 %122, %142 %144 = xor i64 %140, %142 %145 = add nuw nsw i64 %144, %143 %146 = icmp eq i64 %145, 2 %147 = zext i1 %146 to i8 store i8 %147, i8* %46, align 1, !tbaa !1282 %148 = select i1 %138, i64 9, i64 -13 %149 = add i64 %120, %148 br i1 %138, label %block_686.loopexit, label %block_670 block_666: ; preds = %block_630 store i64 0, i64* %8, align 8, !tbaa !1261 store i8 0, i8* %41, align 1, !tbaa !1265 store i8 1, i8* %42, align 1, !tbaa !1279 store i8 1, i8* %44, align 1, !tbaa !1280 store i8 0, i8* %45, align 1, !tbaa !1281 store i8 0, i8* %46, align 1, !tbaa !1282 store i8 0, i8* %43, align 1, !tbaa !1283 %150 = add i64 %56, 10 br label %block_670 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_615_main(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_615: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %7 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %10 = load i64, i64* %9, align 8 %11 = load i64, i64* %8, align 8, !tbaa !1261 %12 = add i64 %11, -8 %13 = inttoptr i64 %12 to i64* store i64 %10, i64* %13 store i64 %12, i64* %9, align 8, !tbaa !1261 %14 = add i64 %11, -12 %15 = load i32, i32* %5, align 4 %16 = inttoptr i64 %14 to i32* store i32 %15, i32* %16 %17 = add i64 %11, -24 %18 = load i64, i64* %6, align 8 %19 = inttoptr i64 %17 to i64* store i64 %18, i64* %19 %20 = inttoptr i64 %14 to i32* %21 = load i32, i32* %20 %22 = zext i32 %21 to i64 store i64 %22, i64* %7, align 8, !tbaa !1261 %23 = add i64 %1, -27 %24 = add i64 %1, 25 %25 = add i64 %11, -32 %26 = inttoptr i64 %25 to i64* store i64 %24, i64* %26 store i64 %25, i64* %8, align 8, !tbaa !1261 %27 = tail call %struct.Memory* @sub_5fa_return_val(%struct.State* nonnull %0, i64 %23, %struct.Memory* %2) %28 = load i64, i64* %9, align 8, !tbaa !1261 %29 = inttoptr i64 %28 to i64* %30 = load i64, i64* %29 store i64 %30, i64* %9, align 8, !tbaa !1261 %31 = add i64 %28, 8 %32 = inttoptr i64 %31 to i64* %33 = load i64, i64* %32 store i64 %33, i64* %3, align 8, !tbaa !1261 %34 = add i64 %28, 16 store i64 %34, i64* %8, align 8, !tbaa !1261 ret %struct.Memory* %27 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5fa_return_val(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_5fa: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1261 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12 %13 = add i64 %10, -12 %14 = load i32, i32* %5, align 4 %15 = inttoptr i64 %13 to i32* store i32 %14, i32* %15 %16 = inttoptr i64 %13 to i32* %17 = load i32, i32* %16 %18 = add i32 %17, -5 %19 = icmp ult i32 %17, 5 %20 = zext i1 %19 to i8 %21 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 %20, i8* %21, align 1, !tbaa !1265 %22 = and i32 %18, 255 %23 = tail call i32 @llvm.ctpop.i32(i32 %22) #5 %24 = trunc i32 %23 to i8 %25 = and i8 %24, 1 %26 = xor i8 %25, 1 %27 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %26, i8* %27, align 1, !tbaa !1279 %28 = xor i32 %18, %17 %29 = lshr i32 %28, 4 %30 = trunc i32 %29 to i8 %31 = and i8 %30, 1 %32 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 %31, i8* %32, align 1, !tbaa !1283 %33 = icmp eq i32 %18, 0 %34 = zext i1 %33 to i8 %35 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %34, i8* %35, align 1, !tbaa !1280 %36 = lshr i32 %18, 31 %37 = trunc i32 %36 to i8 %38 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %37, i8* %38, align 1, !tbaa !1281 %39 = lshr i32 %17, 31 %40 = xor i32 %36, %39 %41 = add nuw nsw i32 %40, %39 %42 = icmp eq i32 %41, 2 %43 = zext i1 %42 to i8 %44 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 %43, i8* %44, align 1, !tbaa !1282 br i1 %33, label %block_607, label %block_60e block_607: ; preds = %block_5fa store i64 999999, i64* %6, align 8, !tbaa !1261 br label %block_613 block_613: ; preds = %block_60e, %block_607 %45 = inttoptr i64 %11 to i64* %46 = load i64, i64* %45 store i64 %46, i64* %8, align 8, !tbaa !1261 %47 = inttoptr i64 %10 to i64* %48 = load i64, i64* %47 store i64 %48, i64* %3, align 8, !tbaa !1261 %49 = add i64 %10, 8 store i64 %49, i64* %7, align 8, !tbaa !1261 ret %struct.Memory* %2 block_60e: ; preds = %block_5fa store i64 888888, i64* %6, align 8, !tbaa !1261 br label %block_613 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_6a4__fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #2 { block_6a4: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, -8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %9 = xor i64 %6, %5 %10 = lshr i64 %9, 4 %11 = trunc i64 %10 to i8 %12 = and i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %15 = lshr i64 %6, 63 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = lshr i64 %5, 63 %18 = xor i64 %15, %17 %19 = add nuw nsw i64 %18, %17 %20 = icmp eq i64 %19, 2 %21 = zext i1 %20 to i8 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %23 = icmp ult i64 %5, 8 %24 = zext i1 %23 to i8 store i8 %24, i8* %7, align 1, !tbaa !1265 %25 = trunc i64 %5 to i32 %26 = and i32 %25, 255 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #5 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %8, align 1, !tbaa !1279 store i8 %12, i8* %13, align 1, !tbaa !1283 %31 = icmp eq i64 %5, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %14, align 1, !tbaa !1280 %33 = trunc i64 %17 to i8 store i8 %33, i8* %16, align 1, !tbaa !1281 store i8 %21, i8* %22, align 1, !tbaa !1282 %34 = inttoptr i64 %5 to i64* %35 = load i64, i64* %34 store i64 %35, i64* %3, align 8, !tbaa !1261 %36 = add i64 %5, 8 store i64 %36, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_6a0___libc_csu_fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #2 { block_6a0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8, !tbaa !1261 %6 = inttoptr i64 %5 to i64* %7 = load i64, i64* %6 store i64 %7, i64* %3, align 8, !tbaa !1261 %8 = add i64 %5, 8 store i64 %8, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_5f0_frame_dummy(i64, i64, i64, i64, i64, i64, i64, i64) #3 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1520, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5f0_frame_dummy(%struct.State* nonnull @__mcsema_reg_state, i64 1520, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define void @__mcsema_verify_reg_state() local_unnamed_addr #4 { entry: %0 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %1 = icmp eq i64 %0, 0 br i1 %1, label %is_null, label %end is_null: ; preds = %entry store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %end end: ; preds = %is_null, %entry ret void } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_5b0___do_global_dtors_aux(i64, i64, i64, i64, i64, i64, i64, i64) #3 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1456, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5b0___do_global_dtors_aux(%struct.State* nonnull @__mcsema_reg_state, i64 1456, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: noinline nounwind define %struct.Memory* @__mcsema_detach_call_value(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #2 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 %13 = load i64, i64* %9, align 8 %14 = load i64, i64* %8, align 8 %15 = load i64, i64* %7, align 8 %16 = load i64, i64* %6, align 8 %17 = load i64, i64* %11, align 8 %18 = load i64, i64* %12, align 8 %19 = load i64, i64* %10, align 8 %20 = add i64 %19, 8 %21 = inttoptr i64 %20 to i64* %22 = load i64, i64* %21 %23 = add i64 %19, 16 %24 = inttoptr i64 %23 to i64* %25 = load i64, i64* %24 %26 = inttoptr i64 %1 to i64 (i64, i64, i64, i64, i64, i64, i64, i64)* %27 = tail call i64 %26(i64 %13, i64 %14, i64 %15, i64 %16, i64 %17, i64 %18, i64 %22, i64 %25) #5 store i64 %27, i64* %5, align 8 %28 = inttoptr i64 %19 to i64* %29 = load i64, i64* %28 store i64 %29, i64* %4, align 8 store i64 %20, i64* %10, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_6a0___libc_csu_fini() #3 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1696, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_6a0___libc_csu_fini(%struct.State* nonnull @__mcsema_reg_state, i64 1696, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_630___libc_csu_init() #3 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1584, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_630___libc_csu_init(%struct.State* nonnull @__mcsema_reg_state, i64 1584, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @main(i64, i64, i64) #3 { %4 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %3 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %3 %6 = phi i64 [ %4, %3 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1557, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %7 = load volatile i1, i1* @0, align 1 br i1 %7, label %__mcsema_early_init.exit, label %8 ; <label>:8: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %8, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 %9 = add i64 %6, -8 store i64 %9, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = tail call %struct.Memory* @sub_615_main(%struct.State* nonnull @__mcsema_reg_state, i64 1557, %struct.Memory* null) store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %11 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %11 } ; Function Attrs: nobuiltin noinline nounwind define i64 @targ4e0(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #3 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1248, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_4e0_targ4e0(%struct.State* nonnull @__mcsema_reg_state, i64 1248, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nobuiltin noinline nounwind define i64 @return_val(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #3 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1530, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5fa_return_val(%struct.State* nonnull @__mcsema_reg_state, i64 1530, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nounwind define internal void @__mcsema_constructor() #5 { %1 = load volatile i1, i1* @0, align 1 br i1 %1, label %__mcsema_early_init.exit, label %2 ; <label>:2: ; preds = %0 store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %2, %0 %3 = tail call i64 @callback_sub_630___libc_csu_init() ret void } ; Function Attrs: nounwind define internal void @__mcsema_destructor() #5 { %1 = tail call i64 @callback_sub_6a0___libc_csu_fini() ret void } ; Function Attrs: noinline optnone define %struct.State* @__mcsema_debug_get_reg_state() #6 { ret %struct.State* @__mcsema_reg_state } ; Function Attrs: noreturn nounwind declare void @llvm.trap() #7 attributes #0 = { nounwind readnone } attributes #1 = { noduplicate noinline nounwind optnone "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #2 = { noinline nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #3 = { nobuiltin noinline nounwind } attributes #4 = { norecurse nounwind } attributes #5 = { nounwind } attributes #6 = { noinline optnone } attributes #7 = { noreturn nounwind } !llvm.ident = !{!0, !0} !llvm.dbg.cu = !{!1} !llvm.module.flags = !{!1259, !1260}

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "llvm-link" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-pc-linux-gnu-elf" %seg_200df0__init_array_type = type <{ i64, i64 }> %seg_200fc0__got_type = type <{ [64 x i8] }> %seg_201000__data_type = type <{ [8 x i8], i64 }> %seg_201010__bss_type = type <{ [8 x i8] }> %struct.State = type { %struct.ArchState, [32 x %union.VectorReg], %struct.ArithFlags, %union.anon, %struct.Segments, %struct.AddressSpace, %struct.GPR, %struct.X87Stack, %struct.MMX, %struct.FPUStatusFlags, %union.anon, %union.FPU, %struct.SegmentCaches } %struct.ArchState = type { i32, i32, %union.anon } %union.VectorReg = type { %union.vec512_t } %union.vec512_t = type { %struct.uint64v8_t } %struct.uint64v8_t = type { [8 x i64] } %struct.ArithFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8 } %struct.Segments = type { i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector } %union.SegmentSelector = type { i16 } %struct.AddressSpace = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.Reg = type { %union.anon } %struct.GPR = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.X87Stack = type { [8 x %struct.anon.3] } %struct.anon.3 = type { i64, double } %struct.MMX = type { [8 x %struct.anon.4] } %struct.anon.4 = type { i64, %union.vec64_t } %union.vec64_t = type { %struct.uint64v1_t } %struct.uint64v1_t = type { [1 x i64] } %struct.FPUStatusFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, [4 x i8] } %union.anon = type { i64 } %union.FPU = type { %struct.anon.13 } %struct.anon.13 = type { %struct.FpuFXSAVE, [96 x i8] } %struct.FpuFXSAVE = type { %union.SegmentSelector, %union.SegmentSelector, %union.FPUAbridgedTagWord, i8, i16, i32, %union.SegmentSelector, i16, i32, %union.SegmentSelector, i16, %union.FPUControlStatus, %union.FPUControlStatus, [8 x %struct.FPUStackElem], [16 x %union.vec128_t] } %union.FPUAbridgedTagWord = type { i8 } %union.FPUControlStatus = type { i32 } %struct.FPUStackElem = type { %union.anon.11, [6 x i8] } %union.anon.11 = type { %struct.float80_t } %struct.float80_t = type { [10 x i8] } %union.vec128_t = type { %struct.uint128v1_t } %struct.uint128v1_t = type { [1 x i128] } %struct.SegmentCaches = type { %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow } %struct.SegmentShadow = type { %union.anon, i32, i32 } %struct.Memory = type opaque @seg_200df0__init_array = internal global %seg_200df0__init_array_type <{ i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_5f0_frame_dummy to i64), i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_5b0___do_global_dtors_aux to i64) }> @seg_200fc0__got = internal global %seg_200fc0__got_type <{ [64 x i8] c"\00\0E \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\008\14 \00\00\00\00\00@\14 \00\00\00\00\00H\14 \00\00\00\00\00P\14 \00\00\00\00\00X\14 \00\00\00\00\00" }> @seg_201000__data = internal global %seg_201000__data_type <{ [8 x i8] zeroinitializer, i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) }> @seg_201010__bss = internal global %seg_201010__bss_type zeroinitializer @__mcsema_reg_state = internal thread_local global %struct.State zeroinitializer @__mcsema_stack = internal thread_local global [131072 x i64] zeroinitializer @__mcsema_tls = internal thread_local global [512 x i64] zeroinitializer @0 = internal global i1 false @llvm.global_ctors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_constructor, i8* null }] @llvm.global_dtors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_destructor, i8* null }] ; Function Attrs: nounwind readnone declare i32 @llvm.ctpop.i32(i32) #0 ; Function Attrs: noduplicate noinline noreturn nounwind optnone define %struct.Memory* @__remill_error(%struct.State* dereferenceable(3376), i64, %struct.Memory*) local_unnamed_addr #1 { call void @llvm.trap() unreachable } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4b8__init(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #2 { block_4b8: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, -8 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %14 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 40) to i64*), align 8 store i64 %14, i64* %4, align 8, !tbaa !1261 store i8 0, i8* %8, align 1, !tbaa !1265 %15 = trunc i64 %14 to i32 %16 = and i32 %15, 255 %17 = tail call i32 @llvm.ctpop.i32(i32 %16) #8 %18 = trunc i32 %17 to i8 %19 = and i8 %18, 1 %20 = xor i8 %19, 1 store i8 %20, i8* %9, align 1, !tbaa !1279 %21 = icmp eq i64 %14, 0 %22 = zext i1 %21 to i8 store i8 %22, i8* %11, align 1, !tbaa !1280 %23 = lshr i64 %14, 63 %24 = trunc i64 %23 to i8 store i8 %24, i8* %12, align 1, !tbaa !1281 store i8 0, i8* %13, align 1, !tbaa !1282 store i8 0, i8* %10, align 1, !tbaa !1283 br i1 %21, label %block_4ca, label %block_4c8 block_4ca: ; preds = %block_4c8, %block_4b8 %25 = phi i64 [ %7, %block_4b8 ], [ %56, %block_4c8 ] %26 = phi %struct.Memory* [ %2, %block_4b8 ], [ %55, %block_4c8 ] %27 = add i64 %25, 8 %28 = icmp ugt i64 %25, -9 %29 = zext i1 %28 to i8 store i8 %29, i8* %8, align 1, !tbaa !1265 %30 = trunc i64 %27 to i32 %31 = and i32 %30, 255 %32 = tail call i32 @llvm.ctpop.i32(i32 %31) #8 %33 = trunc i32 %32 to i8 %34 = and i8 %33, 1 %35 = xor i8 %34, 1 store i8 %35, i8* %9, align 1, !tbaa !1279 %36 = xor i64 %27, %25 %37 = lshr i64 %36, 4 %38 = trunc i64 %37 to i8 %39 = and i8 %38, 1 store i8 %39, i8* %10, align 1, !tbaa !1283 %40 = icmp eq i64 %27, 0 %41 = zext i1 %40 to i8 store i8 %41, i8* %11, align 1, !tbaa !1280 %42 = lshr i64 %27, 63 %43 = trunc i64 %42 to i8 store i8 %43, i8* %12, align 1, !tbaa !1281 %44 = lshr i64 %25, 63 %45 = xor i64 %42, %44 %46 = add nuw nsw i64 %45, %42 %47 = icmp eq i64 %46, 2 %48 = zext i1 %47 to i8 store i8 %48, i8* %13, align 1, !tbaa !1282 %49 = inttoptr i64 %27 to i64* %50 = load i64, i64* %49, align 8 store i64 %50, i64* %3, align 8, !tbaa !1261 %51 = add i64 %25, 16 store i64 %51, i64* %5, align 8, !tbaa !1261 ret %struct.Memory* %26 block_4c8: ; preds = %block_4b8 %52 = add i64 %1, 18 %53 = add i64 %6, -16 %54 = inttoptr i64 %53 to i64* store i64 %52, i64* %54, align 8 store i64 %53, i64* %5, align 8, !tbaa !1261 store i64 %14, i64* %3, align 8, !tbaa !1261 %55 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %14, %struct.Memory* %2) %56 = load i64, i64* %5, align 8 br label %block_4ca } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_5f0_frame_dummy(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_5f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = load i64, i64* %3, align 8, !tbaa !1261 %7 = add i64 %6, -8 %8 = inttoptr i64 %7 to i64* store i64 %5, i64* %8, align 8 store i64 %5, i64* %4, align 8, !tbaa !1261 store i64 %6, i64* %3, align 8, !tbaa !1261 %9 = tail call %struct.Memory* @sub_560_register_tm_clones(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) ret %struct.Memory* %9 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4e0_targ4e0(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { block_4e0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 56) to i64*), align 8 store i64 %4, i64* %3, align 8, !tbaa !1261 %5 = icmp eq i64 %4, 1254 br i1 %5, label %block_4e6, label %7 block_4e6: ; preds = %block_4e0 %6 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull undef, i64 undef, %struct.Memory* undef) unreachable ; <label>:7: ; preds = %block_4e0 %8 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %4, %struct.Memory* %2) ret %struct.Memory* %8 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5b0___do_global_dtors_aux(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #2 { block_5b0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %6 = load i8, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i64 0, i32 0, i64 0), align 8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %7, align 1, !tbaa !1265 %8 = zext i8 %6 to i32 %9 = tail call i32 @llvm.ctpop.i32(i32 %8) #8 %10 = trunc i32 %9 to i8 %11 = and i8 %10, 1 %12 = xor i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %12, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 0, i8* %14, align 1, !tbaa !1283 %15 = icmp eq i8 %6, 0 %16 = zext i1 %15 to i8 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %16, i8* %17, align 1, !tbaa !1280 %18 = lshr i8 %6, 7 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %18, i8* %19, align 1, !tbaa !1281 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 0, i8* %20, align 1, !tbaa !1282 %21 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 br i1 %15, label %block_5b9, label %block_5e8 block_5c7: ; preds = %block_5b9 %22 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) to i64*), align 8 store i64 %22, i64* %4, align 8, !tbaa !1261 %23 = add i64 %46, 12 %24 = add i64 %42, -16 %25 = inttoptr i64 %24 to i64* store i64 %23, i64* %25, align 8 store i64 %24, i64* %21, align 8, !tbaa !1261 %26 = tail call %struct.Memory* @sub_4e0_targ4e0(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) %27 = load i64, i64* %3, align 8 %28 = load i64, i64* %21, align 8, !tbaa !1261 br label %block_5d3 block_5b9: ; preds = %block_5b0 %29 = add i64 %1, 9 %30 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 56) to i64*), align 8 store i8 0, i8* %7, align 1, !tbaa !1265 %31 = trunc i64 %30 to i32 %32 = and i32 %31, 255 %33 = tail call i32 @llvm.ctpop.i32(i32 %32) #8 %34 = trunc i32 %33 to i8 %35 = and i8 %34, 1 %36 = xor i8 %35, 1 store i8 %36, i8* %13, align 1, !tbaa !1279 store i8 0, i8* %14, align 1, !tbaa !1283 %37 = icmp eq i64 %30, 0 %38 = zext i1 %37 to i8 store i8 %38, i8* %17, align 1, !tbaa !1280 %39 = lshr i64 %30, 63 %40 = trunc i64 %39 to i8 store i8 %40, i8* %19, align 1, !tbaa !1281 store i8 0, i8* %20, align 1, !tbaa !1282 %41 = load i64, i64* %5, align 8 %42 = load i64, i64* %21, align 8, !tbaa !1261 %43 = add i64 %42, -8 %44 = inttoptr i64 %43 to i64* store i64 %41, i64* %44, align 8 store i64 %43, i64* %5, align 8, !tbaa !1261 %45 = select i1 %37, i64 26, i64 14 %46 = add i64 %29, %45 br i1 %37, label %block_5d3, label %block_5c7 block_5e8: ; preds = %block_5b0 %47 = load i64, i64* %21, align 8, !tbaa !1261 %48 = inttoptr i64 %47 to i64* %49 = load i64, i64* %48, align 8 store i64 %49, i64* %3, align 8, !tbaa !1261 %50 = add i64 %47, 8 store i64 %50, i64* %21, align 8, !tbaa !1261 ret %struct.Memory* %2 block_5d3: ; preds = %block_5b9, %block_5c7 %51 = phi i64 [ %43, %block_5b9 ], [ %28, %block_5c7 ] %52 = phi i64 [ %46, %block_5b9 ], [ %27, %block_5c7 ] %53 = phi %struct.Memory* [ %2, %block_5b9 ], [ %26, %block_5c7 ] %54 = add i64 %52, 5 %55 = add i64 %51, -8 %56 = inttoptr i64 %55 to i64* store i64 %54, i64* %56, align 8 store i64 %55, i64* %21, align 8, !tbaa !1261 %57 = tail call %struct.Memory* @sub_520_deregister_tm_clones(%struct.State* nonnull %0, i64 undef, %struct.Memory* %53) store i8 1, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i64 0, i32 0, i64 0), align 8 %58 = load i64, i64* %21, align 8, !tbaa !1261 %59 = add i64 %58, 8 %60 = inttoptr i64 %58 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %5, align 8, !tbaa !1261 %62 = inttoptr i64 %59 to i64* %63 = load i64, i64* %62, align 8 store i64 %63, i64* %3, align 8, !tbaa !1261 %64 = add i64 %58, 16 store i64 %64, i64* %21, align 8, !tbaa !1261 ret %struct.Memory* %57 } ; Function Attrs: noinline noreturn nounwind define noalias nonnull %struct.Memory* @sub_4f0__start(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #4 { block_4f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 store i64 0, i64* %10, align 8, !tbaa !1261 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %19 = load i64, i64* %6, align 8 store i64 %19, i64* %12, align 8, !tbaa !1261 %20 = load i64, i64* %9, align 8, !tbaa !1261 %21 = add i64 %20, 8 %22 = inttoptr i64 %20 to i64* %23 = load i64, i64* %22, align 8 store i64 %23, i64* %7, align 8, !tbaa !1261 store i64 %21, i64* %6, align 8, !tbaa !1261 %24 = and i64 %21, -16 store i8 0, i8* %13, align 1, !tbaa !1265 %25 = trunc i64 %21 to i32 %26 = and i32 %25, 240 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #8 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %14, align 1, !tbaa !1279 %31 = icmp eq i64 %24, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %15, align 1, !tbaa !1280 %33 = lshr i64 %21, 63 %34 = trunc i64 %33 to i8 store i8 %34, i8* %16, align 1, !tbaa !1281 store i8 0, i8* %17, align 1, !tbaa !1282 store i8 0, i8* %18, align 1, !tbaa !1283 %35 = load i64, i64* %4, align 8 %36 = add i64 %24, -8 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37, align 8 %38 = add i64 %24, -16 %39 = inttoptr i64 %38 to i64* store i64 %36, i64* %39, align 16 store i64 ptrtoint (i64 ()* @callback_sub_6a0___libc_csu_fini to i64), i64* %11, align 8, !tbaa !1261 store i64 ptrtoint (i64 ()* @callback_sub_630___libc_csu_init to i64), i64* %5, align 8, !tbaa !1261 store i64 ptrtoint (i64 (i64, i64, i64)* @main to i64), i64* %8, align 8, !tbaa !1261 %40 = add i64 %1, 42 %41 = add i64 %24, -24 %42 = inttoptr i64 %41 to i64* store i64 %40, i64* %42, align 8 store i64 %41, i64* %9, align 8, !tbaa !1261 %43 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 32) to i64*), align 16 store i64 %43, i64* %3, align 8, !tbaa !1261 %44 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %43, %struct.Memory* %2) %45 = load i64, i64* %3, align 8 %46 = add i64 %45, 1 store i64 %46, i64* %3, align 8 %47 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull undef, i64 undef, %struct.Memory* undef) unreachable } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_560_register_tm_clones(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_5a0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %6, align 8, !tbaa !1261 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1261 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12, align 8 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 0, i64* %4, align 8, !tbaa !1261 store i64 0, i64* %5, align 8, !tbaa !1261 store i8 0, i8* %13, align 1, !tbaa !1284 store i8 1, i8* %14, align 1, !tbaa !1284 store i8 0, i8* %15, align 1, !tbaa !1284 store i8 1, i8* %16, align 1, !tbaa !1284 store i8 0, i8* %17, align 1, !tbaa !1284 store i8 0, i8* %18, align 1, !tbaa !1284 %19 = load i64, i64* %12, align 8 store i64 %19, i64* %8, align 8, !tbaa !1261 %20 = inttoptr i64 %10 to i64* %21 = load i64, i64* %20, align 8 store i64 %21, i64* %3, align 8, !tbaa !1261 %22 = add i64 %10, 8 store i64 %22, i64* %7, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_520_deregister_tm_clones(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_550: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %5, align 8, !tbaa !1261 %8 = load i64, i64* %7, align 8 %9 = load i64, i64* %6, align 8, !tbaa !1261 %10 = add i64 %9, -8 %11 = inttoptr i64 %10 to i64* store i64 %8, i64* %11, align 8 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %4, align 8, !tbaa !1261 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %12, align 1, !tbaa !1265 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 1, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 and (i8 trunc (i64 lshr (i64 xor (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64)), i64 4) to i8), i8 1), i8* %14, align 1, !tbaa !1283 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 1, i8* %15, align 1, !tbaa !1280 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 0, i8* %16, align 1, !tbaa !1281 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 zext (i1 icmp eq (i64 add (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 xor (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63))), i64 2) to i8), i8* %17, align 1, !tbaa !1282 %18 = load i64, i64* %11, align 8 store i64 %18, i64* %7, align 8, !tbaa !1261 %19 = inttoptr i64 %9 to i64* %20 = load i64, i64* %19, align 8 store i64 %20, i64* %3, align 8, !tbaa !1261 %21 = add i64 %9, 8 store i64 %21, i64* %6, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_630___libc_csu_init(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #2 { block_630: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 27, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 3, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %11 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 25, i32 0, i32 0 %15 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 29, i32 0, i32 0 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 31, i32 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = load i64, i64* %12, align 8, !tbaa !1261 %20 = add i64 %19, -8 %21 = inttoptr i64 %20 to i64* store i64 %18, i64* %21, align 8 %22 = load i64, i64* %16, align 8 %23 = add i64 %19, -16 %24 = inttoptr i64 %23 to i64* store i64 %22, i64* %24, align 8 %25 = load i64, i64* %9, align 8 store i64 %25, i64* %17, align 8, !tbaa !1261 %26 = load i64, i64* %15, align 8 %27 = add i64 %19, -24 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28, align 8 %29 = load i64, i64* %14, align 8 %30 = add i64 %19, -32 %31 = inttoptr i64 %30 to i64* store i64 %29, i64* %31, align 8 store i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64), i64* %14, align 8, !tbaa !1261 %32 = load i64, i64* %13, align 8 %33 = add i64 %19, -40 %34 = inttoptr i64 %33 to i64* store i64 %32, i64* %34, align 8 %35 = load i64, i64* %8, align 8 %36 = add i64 %19, -48 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37, align 8 %38 = load i32, i32* %5, align 4 %39 = zext i32 %38 to i64 store i64 %39, i64* %15, align 8, !tbaa !1261 %40 = load i64, i64* %10, align 8 store i64 %40, i64* %16, align 8, !tbaa !1261 %41 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %42 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %43 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %44 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %45 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 ashr (i64 sub (i64 add (i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64), i64 8), i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64)), i64 3), i64* %13, align 8, !tbaa !1261 %47 = add i64 %1, -376 %48 = add i64 %1, 49 %49 = add i64 %19, -64 %50 = inttoptr i64 %49 to i64* store i64 %48, i64* %50, align 8 store i64 %49, i64* %12, align 8, !tbaa !1261 %51 = tail call %struct.Memory* @sub_4b8__init(%struct.State* nonnull %0, i64 %47, %struct.Memory* %2) %52 = load i64, i64* %13, align 8 %53 = icmp eq i64 %52, 0 br i1 %53, label %block_686, label %block_666 block_686.loopexit: ; preds = %block_670 br label %block_686 block_686: ; preds = %block_686.loopexit, %block_630 %54 = load i64, i64* %12, align 8 %55 = add i64 %54, 8 %56 = icmp ugt i64 %54, -9 %57 = zext i1 %56 to i8 store i8 %57, i8* %41, align 1, !tbaa !1265 %58 = trunc i64 %55 to i32 %59 = and i32 %58, 255 %60 = tail call i32 @llvm.ctpop.i32(i32 %59) #8 %61 = trunc i32 %60 to i8 %62 = and i8 %61, 1 %63 = xor i8 %62, 1 store i8 %63, i8* %42, align 1, !tbaa !1279 %64 = xor i64 %55, %54 %65 = lshr i64 %64, 4 %66 = trunc i64 %65 to i8 %67 = and i8 %66, 1 store i8 %67, i8* %43, align 1, !tbaa !1283 %68 = icmp eq i64 %55, 0 %69 = zext i1 %68 to i8 store i8 %69, i8* %44, align 1, !tbaa !1280 %70 = lshr i64 %55, 63 %71 = trunc i64 %70 to i8 store i8 %71, i8* %45, align 1, !tbaa !1281 %72 = lshr i64 %54, 63 %73 = xor i64 %70, %72 %74 = add nuw nsw i64 %73, %70 %75 = icmp eq i64 %74, 2 %76 = zext i1 %75 to i8 store i8 %76, i8* %46, align 1, !tbaa !1282 %77 = add i64 %54, 16 %78 = inttoptr i64 %55 to i64* %79 = load i64, i64* %78, align 8 store i64 %79, i64* %8, align 8, !tbaa !1261 %80 = add i64 %54, 24 %81 = inttoptr i64 %77 to i64* %82 = load i64, i64* %81, align 8 store i64 %82, i64* %13, align 8, !tbaa !1261 %83 = add i64 %54, 32 %84 = inttoptr i64 %80 to i64* %85 = load i64, i64* %84, align 8 store i64 %85, i64* %14, align 8, !tbaa !1261 %86 = add i64 %54, 40 %87 = inttoptr i64 %83 to i64* %88 = load i64, i64* %87, align 8 store i64 %88, i64* %15, align 8, !tbaa !1261 %89 = add i64 %54, 48 %90 = inttoptr i64 %86 to i64* %91 = load i64, i64* %90, align 8 store i64 %91, i64* %16, align 8, !tbaa !1261 %92 = add i64 %54, 56 %93 = inttoptr i64 %89 to i64* %94 = load i64, i64* %93, align 8 store i64 %94, i64* %17, align 8, !tbaa !1261 %95 = inttoptr i64 %92 to i64* %96 = load i64, i64* %95, align 8 store i64 %96, i64* %3, align 8, !tbaa !1261 %97 = add i64 %54, 64 store i64 %97, i64* %12, align 8, !tbaa !1261 ret %struct.Memory* %51 block_670: ; preds = %block_666, %block_670 %98 = phi i64 [ 0, %block_666 ], [ %116, %block_670 ] %99 = phi i64 [ %146, %block_666 ], [ %144, %block_670 ] %100 = load i64, i64* %17, align 8 store i64 %100, i64* %9, align 8, !tbaa !1261 %101 = load i64, i64* %16, align 8 store i64 %101, i64* %10, align 8, !tbaa !1261 %102 = load i32, i32* %7, align 4 %103 = zext i32 %102 to i64 store i64 %103, i64* %11, align 8, !tbaa !1261 %104 = load i64, i64* %14, align 8 %105 = shl i64 %98, 3 %106 = add i64 %104, %105 %107 = add i64 %99, 13 %108 = load i64, i64* %12, align 8, !tbaa !1261 %109 = add i64 %108, -8 %110 = inttoptr i64 %109 to i64* store i64 %107, i64* %110, align 8 store i64 %109, i64* %12, align 8, !tbaa !1261 %111 = inttoptr i64 %106 to i64* %112 = load i64, i64* %111, align 8 store i64 %112, i64* %3, align 8, !tbaa !1261 %113 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %112, %struct.Memory* %51) %114 = load i64, i64* %8, align 8 %115 = load i64, i64* %3, align 8 %116 = add i64 %114, 1 store i64 %116, i64* %8, align 8, !tbaa !1261 %117 = lshr i64 %116, 63 %118 = load i64, i64* %13, align 8 %119 = sub i64 %118, %116 %120 = icmp ult i64 %118, %116 %121 = zext i1 %120 to i8 store i8 %121, i8* %41, align 1, !tbaa !1265 %122 = trunc i64 %119 to i32 %123 = and i32 %122, 255 %124 = tail call i32 @llvm.ctpop.i32(i32 %123) #8 %125 = trunc i32 %124 to i8 %126 = and i8 %125, 1 %127 = xor i8 %126, 1 store i8 %127, i8* %42, align 1, !tbaa !1279 %128 = xor i64 %118, %116 %129 = xor i64 %128, %119 %130 = lshr i64 %129, 4 %131 = trunc i64 %130 to i8 %132 = and i8 %131, 1 store i8 %132, i8* %43, align 1, !tbaa !1283 %133 = icmp eq i64 %119, 0 %134 = zext i1 %133 to i8 store i8 %134, i8* %44, align 1, !tbaa !1280 %135 = lshr i64 %119, 63 %136 = trunc i64 %135 to i8 store i8 %136, i8* %45, align 1, !tbaa !1281 %137 = lshr i64 %118, 63 %138 = xor i64 %137, %117 %139 = xor i64 %135, %137 %140 = add nuw nsw i64 %139, %138 %141 = icmp eq i64 %140, 2 %142 = zext i1 %141 to i8 store i8 %142, i8* %46, align 1, !tbaa !1282 %143 = select i1 %133, i64 9, i64 -13 %144 = add i64 %143, %115 br i1 %133, label %block_686.loopexit, label %block_670 block_666: ; preds = %block_630 %145 = load i64, i64* %3, align 8 store i64 0, i64* %8, align 8, !tbaa !1261 store i8 0, i8* %41, align 1, !tbaa !1265 store i8 1, i8* %42, align 1, !tbaa !1279 store i8 1, i8* %44, align 1, !tbaa !1280 store i8 0, i8* %45, align 1, !tbaa !1281 store i8 0, i8* %46, align 1, !tbaa !1282 store i8 0, i8* %43, align 1, !tbaa !1283 %146 = add i64 %145, 15 br label %block_670 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_615_main(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { block_615: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %7 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %10 = load i64, i64* %9, align 8 %11 = load i64, i64* %8, align 8, !tbaa !1261 %12 = add i64 %11, -8 %13 = inttoptr i64 %12 to i64* store i64 %10, i64* %13, align 8 store i64 %12, i64* %9, align 8, !tbaa !1261 %14 = add i64 %11, -12 %15 = load i32, i32* %5, align 4 %16 = inttoptr i64 %14 to i32* store i32 %15, i32* %16, align 4 %17 = add i64 %11, -24 %18 = load i64, i64* %6, align 8 %19 = inttoptr i64 %17 to i64* store i64 %18, i64* %19, align 8 %20 = load i32, i32* %16, align 4 %21 = zext i32 %20 to i64 store i64 %21, i64* %7, align 8, !tbaa !1261 %22 = add i64 %1, 25 %23 = add i64 %11, -32 %24 = inttoptr i64 %23 to i64* store i64 %22, i64* %24, align 8 store i64 %23, i64* %8, align 8, !tbaa !1261 %25 = tail call %struct.Memory* @sub_5fa_return_val(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) %26 = load i64, i64* %9, align 8, !tbaa !1261 %27 = inttoptr i64 %26 to i64* %28 = load i64, i64* %27, align 8 store i64 %28, i64* %9, align 8, !tbaa !1261 %29 = add i64 %26, 8 %30 = inttoptr i64 %29 to i64* %31 = load i64, i64* %30, align 8 store i64 %31, i64* %3, align 8, !tbaa !1261 %32 = add i64 %26, 16 store i64 %32, i64* %8, align 8, !tbaa !1261 ret %struct.Memory* %25 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5fa_return_val(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { block_5fa: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1261 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12, align 8 %13 = add i64 %10, -12 %14 = load i32, i32* %5, align 4 %15 = inttoptr i64 %13 to i32* store i32 %14, i32* %15, align 4 %16 = add i32 %14, -5 %17 = icmp ult i32 %14, 5 %18 = zext i1 %17 to i8 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 %18, i8* %19, align 1, !tbaa !1265 %20 = and i32 %16, 255 %21 = tail call i32 @llvm.ctpop.i32(i32 %20) #8 %22 = trunc i32 %21 to i8 %23 = and i8 %22, 1 %24 = xor i8 %23, 1 %25 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %24, i8* %25, align 1, !tbaa !1279 %26 = xor i32 %16, %14 %27 = lshr i32 %26, 4 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 %29, i8* %30, align 1, !tbaa !1283 %31 = icmp eq i32 %16, 0 %32 = zext i1 %31 to i8 %33 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %32, i8* %33, align 1, !tbaa !1280 %34 = lshr i32 %16, 31 %35 = trunc i32 %34 to i8 %36 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %35, i8* %36, align 1, !tbaa !1281 %37 = lshr i32 %14, 31 %38 = xor i32 %34, %37 %39 = add nuw nsw i32 %38, %37 %40 = icmp eq i32 %39, 2 %41 = zext i1 %40 to i8 %42 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 %41, i8* %42, align 1, !tbaa !1282 %.sink = select i1 %31, i64 999999, i64 888888 store i64 %.sink, i64* %6, align 8, !tbaa !1261 %43 = load i64, i64* %12, align 8 store i64 %43, i64* %8, align 8, !tbaa !1261 %44 = inttoptr i64 %10 to i64* %45 = load i64, i64* %44, align 8 store i64 %45, i64* %3, align 8, !tbaa !1261 %46 = add i64 %10, 8 store i64 %46, i64* %7, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_6a4__fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { block_6a4: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, -8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %9 = xor i64 %6, %5 %10 = lshr i64 %9, 4 %11 = trunc i64 %10 to i8 %12 = and i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %15 = lshr i64 %6, 63 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = lshr i64 %5, 63 %18 = xor i64 %15, %17 %19 = add nuw nsw i64 %18, %17 %20 = icmp eq i64 %19, 2 %21 = zext i1 %20 to i8 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %23 = icmp ult i64 %5, 8 %24 = zext i1 %23 to i8 store i8 %24, i8* %7, align 1, !tbaa !1265 %25 = trunc i64 %5 to i32 %26 = and i32 %25, 255 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #8 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %8, align 1, !tbaa !1279 store i8 %12, i8* %13, align 1, !tbaa !1283 %31 = icmp eq i64 %5, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %14, align 1, !tbaa !1280 %33 = trunc i64 %17 to i8 store i8 %33, i8* %16, align 1, !tbaa !1281 store i8 %21, i8* %22, align 1, !tbaa !1282 %34 = inttoptr i64 %5 to i64* %35 = load i64, i64* %34, align 8 store i64 %35, i64* %3, align 8, !tbaa !1261 %36 = add i64 %5, 8 store i64 %36, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_6a0___libc_csu_fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_6a0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8, !tbaa !1261 %6 = inttoptr i64 %5 to i64* %7 = load i64, i64* %6, align 8 store i64 %7, i64* %3, align 8, !tbaa !1261 %8 = add i64 %5, 8 store i64 %8, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline norecurse nounwind define i64 @callback_sub_5f0_frame_dummy(i64, i64, i64, i64, i64, i64, i64, i64) #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1520, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5f0_frame_dummy(%struct.State* nonnull @__mcsema_reg_state, i64 1520, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define void @__mcsema_verify_reg_state() local_unnamed_addr #6 { entry: %0 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %1 = icmp eq i64 %0, 0 br i1 %1, label %is_null, label %end is_null: ; preds = %entry store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %end end: ; preds = %is_null, %entry ret void } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_5b0___do_global_dtors_aux(i64, i64, i64, i64, i64, i64, i64, i64) #7 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1456, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5b0___do_global_dtors_aux(%struct.State* nonnull @__mcsema_reg_state, i64 1456, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: noinline nounwind define %struct.Memory* @__mcsema_detach_call_value(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 %13 = load i64, i64* %9, align 8 %14 = load i64, i64* %8, align 8 %15 = load i64, i64* %7, align 8 %16 = load i64, i64* %6, align 8 %17 = load i64, i64* %11, align 8 %18 = load i64, i64* %12, align 8 %19 = load i64, i64* %10, align 8 %20 = add i64 %19, 8 %21 = inttoptr i64 %20 to i64* %22 = load i64, i64* %21, align 8 %23 = add i64 %19, 16 %24 = inttoptr i64 %23 to i64* %25 = load i64, i64* %24, align 8 %26 = inttoptr i64 %1 to i64 (i64, i64, i64, i64, i64, i64, i64, i64)* %27 = tail call i64 %26(i64 %13, i64 %14, i64 %15, i64 %16, i64 %17, i64 %18, i64 %22, i64 %25) #8 store i64 %27, i64* %5, align 8 %28 = inttoptr i64 %19 to i64* %29 = load i64, i64* %28, align 8 store i64 %29, i64* %4, align 8 store i64 %20, i64* %10, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline norecurse nounwind define i64 @callback_sub_6a0___libc_csu_fini() #5 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1696, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_6a0___libc_csu_fini(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_630___libc_csu_init() #7 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1584, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_630___libc_csu_init(%struct.State* nonnull @__mcsema_reg_state, i64 1584, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @main(i64, i64, i64) #7 { %4 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %3 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %3 %6 = phi i64 [ %4, %3 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1557, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %7 = load volatile i1, i1* @0, align 1 br i1 %7, label %__mcsema_early_init.exit, label %8 ; <label>:8: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %8, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 %9 = add i64 %6, -8 store i64 %9, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = tail call %struct.Memory* @sub_615_main(%struct.State* nonnull @__mcsema_reg_state, i64 1557, %struct.Memory* null) store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %11 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %11 } ; Function Attrs: nobuiltin noinline nounwind define i64 @targ4e0(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #7 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1248, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_4e0_targ4e0(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nobuiltin noinline nounwind define i64 @return_val(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #7 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1530, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5fa_return_val(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nounwind define internal void @__mcsema_constructor() #8 { %1 = load volatile i1, i1* @0, align 1 br i1 %1, label %__mcsema_early_init.exit, label %2 ; <label>:2: ; preds = %0 store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %2, %0 %3 = tail call i64 @callback_sub_630___libc_csu_init() ret void } ; Function Attrs: norecurse nounwind define internal void @__mcsema_destructor() #6 { %1 = tail call i64 @callback_sub_6a0___libc_csu_fini() ret void } ; Function Attrs: noinline nounwind optnone define %struct.State* @__mcsema_debug_get_reg_state() local_unnamed_addr #9 { ret %struct.State* @__mcsema_reg_state } ; Function Attrs: noreturn nounwind declare void @llvm.trap() #10 attributes #0 = { nounwind readnone } attributes #1 = { noduplicate noinline noreturn nounwind optnone "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #2 = { noinline nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #3 = { noinline norecurse nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #4 = { noinline noreturn nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #5 = { nobuiltin noinline norecurse nounwind } attributes #6 = { norecurse nounwind } attributes #7 = { nobuiltin noinline nounwind } attributes #8 = { nounwind } attributes #9 = { noinline nounwind optnone } attributes #10 = { noreturn nounwind } !llvm.ident = !{!0, !0} !llvm.dbg.cu = !{!1} !llvm.module.flags = !{!1259, !1260}

Test3

Source code:
#include <stdio.h> #include <stdlib.h> int return_9s() { return 99999999; } int return_8s() { return 88888888; } int main(int argc, char **argv) { if (argc < 5) return return_9s(); return return_8s(); }

Compiled LLVM:
Non-optimised:
; ModuleID = 'test.bc' source_filename = "test.c" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-unknown-linux-gnu" ; Function Attrs: noinline nounwind optnone uwtable define dso_local i32 @return_9s() #0 { entry: ret i32 99999999 } ; Function Attrs: noinline nounwind optnone uwtable define dso_local i32 @return_8s() #0 { entry: ret i32 88888888 } ; Function Attrs: noinline nounwind optnone uwtable define dso_local i32 @main(i32 %argc, i8** %argv) #0 { entry: %retval = alloca i32, align 4 %argc.addr = alloca i32, align 4 %argv.addr = alloca i8**, align 8 store i32 0, i32* %retval, align 4 store i32 %argc, i32* %argc.addr, align 4 store i8** %argv, i8*** %argv.addr, align 8 %0 = load i32, i32* %argc.addr, align 4 %cmp = icmp slt i32 %0, 5 br i1 %cmp, label %if.then, label %if.end if.then: ; preds = %entry %call = call i32 @return_9s() store i32 %call, i32* %retval, align 4 br label %return if.end: ; preds = %entry %call1 = call i32 @return_8s() store i32 %call1, i32* %retval, align 4 br label %return return: ; preds = %if.end, %if.then %1 = load i32, i32* %retval, align 4 ret i32 %1 } attributes #0 = { noinline nounwind optnone uwtable "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "min-legal-vector-width"="0" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } !llvm.module.flags = !{!0} !llvm.ident = !{!1} !0 = !{i32 1, !"wchar_size", i32 4} !1 = !{!"clang version 8.0.0 (tags/RELEASE_800/final)"}

Optimised:
; ModuleID = 'opt_test.bc' source_filename = "test.c" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-unknown-linux-gnu" ; Function Attrs: norecurse nounwind readnone uwtable define dso_local i32 @return_9s() local_unnamed_addr #0 { entry: ret i32 99999999 } ; Function Attrs: norecurse nounwind readnone uwtable define dso_local i32 @return_8s() local_unnamed_addr #0 { entry: ret i32 88888888 } ; Function Attrs: norecurse nounwind readnone uwtable define dso_local i32 @main(i32 %argc, i8** nocapture readnone %argv) local_unnamed_addr #0 { entry: %cmp = icmp slt i32 %argc, 5 %spec.select = select i1 %cmp, i32 99999999, i32 88888888 ret i32 %spec.select } attributes #0 = { norecurse nounwind readnone uwtable "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "min-legal-vector-width"="0" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } !llvm.module.flags = !{!0} !llvm.ident = !{!1} !0 = !{i32 1, !"wchar_size", i32 4} !1 = !{!"clang version 8.0.0 (tags/RELEASE_800/final)"}

Raised by mctoll
Non-optimised:
; ModuleID = '../a.out' source_filename = "../a.out" define dso_local i32 @return_9s() { entry: %0 = alloca i64, align 8 %1 = ptrtoint i64* %0 to i64 ret i32 99999999 } define dso_local i32 @return_8s() { entry: %0 = alloca i64, align 8 %1 = ptrtoint i64* %0 to i64 ret i32 88888888 } define dso_local void @main(i32 %arg1, i64 %arg2) { entry: %0 = alloca i64, align 8 %StackAdj = alloca i64, align 8 %1 = alloca i32, align 4 %2 = ptrtoint i64* %0 to i64 store i32 %arg1, i32* %1, align 4 store i64 %arg2, i64* %StackAdj, align 8 %3 = load i32, i32* %1, align 4 %4 = zext i32 %3 to i64 %5 = zext i32 4 to i64 %6 = sub i64 %4, %5 %ZF = icmp eq i64 %6, 0 %7 = shl i64 1, 63 %8 = and i64 %7, %6 %SF = icmp eq i64 %8, %7 %ZFCmp_JG = icmp eq i1 %ZF, false %SFOFCmp_JG = icmp eq i1 %SF, false %ZFAndSFOF_JG = and i1 %ZFCmp_JG, %SFOFCmp_JG br i1 %ZFAndSFOF_JG, label %bb.2, label %bb.1 bb.1: ; preds = %entry %9 = call i32 @return_9s() br label %bb.3 bb.2: ; preds = %entry %10 = call i32 @return_8s() br label %bb.3 bb.3: ; preds = %bb.2, %bb.1 ret void }

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "../a.out" ; Function Attrs: norecurse nounwind readnone define dso_local i32 @return_9s() local_unnamed_addr #0 { entry: ret i32 99999999 } ; Function Attrs: norecurse nounwind readnone define dso_local i32 @return_8s() local_unnamed_addr #0 { entry: ret i32 88888888 } ; Function Attrs: norecurse nounwind readnone define dso_local void @main(i32 %arg1, i64 %arg2) local_unnamed_addr #0 { entry: ret void } attributes #0 = { norecurse nounwind readnone }

Raised by retdec
Non-optimised:
source_filename = "test" target datalayout = "e-m:e-p:64:64-i64:64-f80:128-n8:16:32:64-S128" @global_var_201010.1 = global i64 0 @global_var_200df0.2 = global i64 1520 @global_var_200df8.3 = global i64 1456 @0 = external global i32 define i64 @_init() local_unnamed_addr { dec_label_pc_4b8: %v0_4bc = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_4c3 = icmp eq i64 %v0_4bc, 0 br i1 %v1_4c3, label %dec_label_pc_4ca, label %dec_label_pc_4c8 dec_label_pc_4c8: ; preds = %dec_label_pc_4b8 call void @__gmon_start__() br label %dec_label_pc_4ca dec_label_pc_4ca: ; preds = %dec_label_pc_4c8, %dec_label_pc_4b8 %v0_4ce = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_4c8 ], [ 0, %dec_label_pc_4b8 ] ret i64 %v0_4ce } define void @function_4e0(i64* %d) local_unnamed_addr { dec_label_pc_4e0: call void @__cxa_finalize(i64* %d) ret void } define i64 @_start(i64 %arg1, i64 %arg2, i64 %arg3, i64 %arg4) local_unnamed_addr { dec_label_pc_4f0: %rdx.global-to-local = alloca i64, align 8 store i64 %arg3, i64* %rdx.global-to-local, align 8 %stack_var_8 = alloca i64, align 8 %v0_4f2 = load i64, i64* %rdx.global-to-local, align 8 %v4_4f5 = ptrtoint i64* %stack_var_8 to i64 %tmp248 = bitcast i64* %stack_var_8 to i8** store i64 %v4_4f5, i64* %rdx.global-to-local, align 8 %v2_514 = trunc i64 %arg4 to i32 %v13_514 = inttoptr i64 %v0_4f2 to void ()* %v14_514 = call i32 @__libc_start_main(i64 1552, i32 %v2_514, i8** %tmp248, void ()* inttoptr (i64 1600 to void ()*), void ()* inttoptr (i64 1712 to void ()*), void ()* %v13_514) %v0_51a = call i64 @__asm_hlt() unreachable } define i64 @deregister_tm_clones() local_unnamed_addr { dec_label_pc_520: ret i64 ptrtoint (i64* @global_var_201010.1 to i64) } define i64 @register_tm_clones() local_unnamed_addr { dec_label_pc_560: ret i64 0 } define i64 @__do_global_dtors_aux() local_unnamed_addr { dec_label_pc_5b0: %rax.global-to-local = alloca i64, align 8 %rbp.global-to-local = alloca i64, align 8 %stack_var_-8 = alloca i64, align 8 %v0_5b0 = load i8, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v7_5b0 = icmp eq i8 %v0_5b0, 0 %v1_5b7 = icmp eq i1 %v7_5b0, false br i1 %v1_5b7, label %dec_label_pc_5e8, label %dec_label_pc_5b9 dec_label_pc_5b9: ; preds = %dec_label_pc_5b0 %v0_5b9 = load i64, i64* inttoptr (i64 2101240 to i64*), align 8 %v7_5b9 = icmp eq i64 %v0_5b9, 0 %v0_5c1 = load i64, i64* %rbp.global-to-local, align 8 store i64 %v0_5c1, i64* %stack_var_-8, align 8 %v4_5c1 = ptrtoint i64* %stack_var_-8 to i64 store i64 %v4_5c1, i64* %rbp.global-to-local, align 8 br i1 %v7_5b9, label %dec_label_pc_5d3, label %dec_label_pc_5c7 dec_label_pc_5c7: ; preds = %dec_label_pc_5b9 %v0_5c7 = load i64, i64* inttoptr (i64 2101256 to i64*), align 8 %v1_5ce = inttoptr i64 %v0_5c7 to i64* call void @__cxa_finalize(i64* %v1_5ce) store i64 ptrtoint (i32* @0 to i64), i64* %rax.global-to-local, align 8 br label %dec_label_pc_5d3 dec_label_pc_5d3: ; preds = %dec_label_pc_5c7, %dec_label_pc_5b9 %v0_5d3 = call i64 @deregister_tm_clones() store i64 %v0_5d3, i64* %rax.global-to-local, align 8 store i8 1, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v2_5df = load i64, i64* %stack_var_-8, align 8 store i64 %v2_5df, i64* %rbp.global-to-local, align 8 ret i64 %v0_5d3 dec_label_pc_5e8: ; preds = %dec_label_pc_5b0 %v0_5e8 = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_5e8 } define i64 @frame_dummy() local_unnamed_addr { dec_label_pc_5f0: %v0_5f5 = call i64 @register_tm_clones() ret i64 %v0_5f5 } define i64 @return_9s() local_unnamed_addr { dec_label_pc_5fa: ret i64 99999999 } define i64 @return_8s() local_unnamed_addr { dec_label_pc_605: ret i64 88888888 } define i64 @main(i64 %argc, i8** %argv) local_unnamed_addr { dec_label_pc_610: %rdi.global-to-local = alloca i64, align 8 store i64 %argc, i64* %rdi.global-to-local, align 8 %v0_618 = load i64, i64* %rdi.global-to-local, align 8 %v4_61f = trunc i64 %v0_618 to i32 %v9_623 = icmp sgt i32 %v4_61f, 4 br i1 %v9_623, label %dec_label_pc_631, label %dec_label_pc_625 dec_label_pc_625: ; preds = %dec_label_pc_610 %v0_62a = call i64 @return_9s() br label %dec_label_pc_63b dec_label_pc_631: ; preds = %dec_label_pc_610 %v0_636 = call i64 @return_8s() br label %dec_label_pc_63b dec_label_pc_63b: ; preds = %dec_label_pc_631, %dec_label_pc_625 %storemerge = phi i64 [ %v0_636, %dec_label_pc_631 ], [ %v0_62a, %dec_label_pc_625 ] ret i64 %storemerge } define i64 @__libc_csu_init(i64 %arg1, i64 %arg2, i64 %arg3) local_unnamed_addr { dec_label_pc_640: %r12.global-to-local = alloca i64, align 8 %r13.global-to-local = alloca i64, align 8 %r14.global-to-local = alloca i64, align 8 %r15.global-to-local = alloca i64, align 8 %rbp.global-to-local = alloca i64, align 8 %rbx.global-to-local = alloca i64, align 8 %rdi.global-to-local = alloca i64, align 8 %rdx.global-to-local = alloca i64, align 8 %rsi.global-to-local = alloca i64, align 8 store i64 %arg3, i64* %rdx.global-to-local, align 8 store i64 %arg2, i64* %rsi.global-to-local, align 8 store i64 %arg1, i64* %rdi.global-to-local, align 8 %v0_640 = load i64, i64* %r15.global-to-local, align 8 %v0_642 = load i64, i64* %r14.global-to-local, align 8 %v0_644 = load i64, i64* %rdx.global-to-local, align 8 store i64 %v0_644, i64* %r15.global-to-local, align 8 %v0_647 = load i64, i64* %r13.global-to-local, align 8 %v0_649 = load i64, i64* %r12.global-to-local, align 8 store i64 ptrtoint (i64* @global_var_200df0.2 to i64), i64* %r12.global-to-local, align 8 %v0_652 = load i64, i64* %rbp.global-to-local, align 8 %v0_65a = load i64, i64* %rbx.global-to-local, align 8 %v0_65b = load i64, i64* %rdi.global-to-local, align 8 store i64 %v0_65b, i64* %r13.global-to-local, align 8 %v0_65e = load i64, i64* %rsi.global-to-local, align 8 store i64 %v0_65e, i64* %r14.global-to-local, align 8 store i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200df8.3 to i64), i64 ptrtoint (i64* @global_var_200df0.2 to i64)), i64 3), i64* %rbp.global-to-local, align 8 %v0_66c = call i64 @_init() br i1 icmp eq (i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200df8.3 to i64), i64 ptrtoint (i64* @global_var_200df0.2 to i64)), i64 3), i64 0), label %dec_label_pc_696, label %dec_label_pc_676 dec_label_pc_676: ; preds = %dec_label_pc_640 store i64 0, i64* %rbx.global-to-local, align 8 %v0_680 = load i64, i64* %r15.global-to-local, align 8 %v0_683 = load i64, i64* %r14.global-to-local, align 8 %v0_686 = load i64, i64* %r13.global-to-local, align 8 br label %dec_label_pc_680 dec_label_pc_680: ; preds = %dec_label_pc_680, %dec_label_pc_676 %v1_68d2 = phi i64 [ %v1_68d, %dec_label_pc_680 ], [ 0, %dec_label_pc_676 ] %v1_68d = add i64 %v1_68d2, 1 %v12_691 = icmp eq i64 %v1_68d2, sub (i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200df8.3 to i64), i64 ptrtoint (i64* @global_var_200df0.2 to i64)), i64 3), i64 1) %v1_694 = icmp eq i1 %v12_691, false br i1 %v1_694, label %dec_label_pc_680, label %dec_label_pc_696.loopexit dec_label_pc_696.loopexit: ; preds = %dec_label_pc_680 store i64 %v0_680, i64* %rdx.global-to-local, align 8 store i64 %v0_683, i64* %rsi.global-to-local, align 8 store i64 %v0_686, i64* %rdi.global-to-local, align 8 store i64 %v1_68d, i64* %rbx.global-to-local, align 8 br label %dec_label_pc_696 dec_label_pc_696: ; preds = %dec_label_pc_696.loopexit, %dec_label_pc_640 store i64 %v0_65a, i64* %rbx.global-to-local, align 8 store i64 %v0_652, i64* %rbp.global-to-local, align 8 store i64 %v0_649, i64* %r12.global-to-local, align 8 store i64 %v0_647, i64* %r13.global-to-local, align 8 store i64 %v0_642, i64* %r14.global-to-local, align 8 store i64 %v0_640, i64* %r15.global-to-local, align 8 ret i64 %v0_66c } define i64 @__libc_csu_fini() local_unnamed_addr { dec_label_pc_6b0: %rax.global-to-local = alloca i64, align 8 %v0_6b0 = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_6b0 } define i64 @_fini() local_unnamed_addr { dec_label_pc_6b4: %rax.global-to-local = alloca i64, align 8 %v0_6bc = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_6bc } declare i32 @__libc_start_main(i64, i32, i8**, void ()*, void ()*, void ()*) local_unnamed_addr declare void @__gmon_start__() local_unnamed_addr declare void @__cxa_finalize(i64*) local_unnamed_addr declare i64 @__asm_hlt() local_unnamed_addr

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "test" target datalayout = "e-m:e-p:64:64-i64:64-f80:128-n8:16:32:64-S128" @global_var_201010.1 = global i64 0 @global_var_200df0.2 = local_unnamed_addr global i64 1520 @global_var_200df8.3 = local_unnamed_addr global i64 1456 @0 = external global i32 define i64 @_init() local_unnamed_addr { dec_label_pc_4b8: %v0_4bc = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_4c3 = icmp eq i64 %v0_4bc, 0 br i1 %v1_4c3, label %dec_label_pc_4ca, label %dec_label_pc_4c8 dec_label_pc_4c8: ; preds = %dec_label_pc_4b8 tail call void @__gmon_start__() br label %dec_label_pc_4ca dec_label_pc_4ca: ; preds = %dec_label_pc_4c8, %dec_label_pc_4b8 %v0_4ce = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_4c8 ], [ 0, %dec_label_pc_4b8 ] ret i64 %v0_4ce } define void @function_4e0(i64* %d) local_unnamed_addr { dec_label_pc_4e0: tail call void @__cxa_finalize(i64* %d) ret void } ; Function Attrs: noreturn define i64 @_start(i64 %arg1, i64 %arg2, i64 %arg3, i64 %arg4) local_unnamed_addr #0 { dec_label_pc_4f0: %stack_var_8 = alloca i8*, align 8 %v2_514 = trunc i64 %arg4 to i32 %v13_514 = inttoptr i64 %arg3 to void ()* %v14_514 = call i32 @__libc_start_main(i64 1552, i32 %v2_514, i8** nonnull %stack_var_8, void ()* inttoptr (i64 1600 to void ()*), void ()* inttoptr (i64 1712 to void ()*), void ()* %v13_514) %v0_51a = call i64 @__asm_hlt() unreachable } ; Function Attrs: norecurse nounwind readnone define i64 @deregister_tm_clones() local_unnamed_addr #1 { dec_label_pc_520: ret i64 ptrtoint (i64* @global_var_201010.1 to i64) } ; Function Attrs: norecurse nounwind readnone define i64 @register_tm_clones() local_unnamed_addr #1 { dec_label_pc_560: ret i64 0 } define i64 @__do_global_dtors_aux() local_unnamed_addr { dec_label_pc_5b0: %v0_5b0 = load i8, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v7_5b0 = icmp eq i8 %v0_5b0, 0 br i1 %v7_5b0, label %dec_label_pc_5b9, label %dec_label_pc_5e8 dec_label_pc_5b9: ; preds = %dec_label_pc_5b0 %v0_5b9 = load i64, i64* inttoptr (i64 2101240 to i64*), align 8 %v7_5b9 = icmp eq i64 %v0_5b9, 0 br i1 %v7_5b9, label %dec_label_pc_5d3, label %dec_label_pc_5c7 dec_label_pc_5c7: ; preds = %dec_label_pc_5b9 %v0_5c71 = load i64*, i64** inttoptr (i64 2101256 to i64**), align 8 tail call void @__cxa_finalize(i64* %v0_5c71) br label %dec_label_pc_5d3 dec_label_pc_5d3: ; preds = %dec_label_pc_5c7, %dec_label_pc_5b9 store i8 1, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 ret i64 ptrtoint (i64* @global_var_201010.1 to i64) dec_label_pc_5e8: ; preds = %dec_label_pc_5b0 ret i64 undef } ; Function Attrs: norecurse nounwind readnone define i64 @frame_dummy() local_unnamed_addr #1 { dec_label_pc_5f0: ret i64 0 } ; Function Attrs: norecurse nounwind readnone define i64 @return_9s() local_unnamed_addr #1 { dec_label_pc_5fa: ret i64 99999999 } ; Function Attrs: norecurse nounwind readnone define i64 @return_8s() local_unnamed_addr #1 { dec_label_pc_605: ret i64 88888888 } ; Function Attrs: norecurse nounwind readnone define i64 @main(i64 %argc, i8** nocapture readnone %argv) local_unnamed_addr #1 { dec_label_pc_610: %v4_61f = trunc i64 %argc to i32 %v9_623 = icmp sgt i32 %v4_61f, 4 %spec.select = select i1 %v9_623, i64 88888888, i64 99999999 ret i64 %spec.select } define i64 @__libc_csu_init(i64 %arg1, i64 %arg2, i64 %arg3) local_unnamed_addr { dec_label_pc_640: %v0_4bc.i = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_4c3.i = icmp eq i64 %v0_4bc.i, 0 br i1 %v1_4c3.i, label %dec_label_pc_696, label %dec_label_pc_4c8.i dec_label_pc_4c8.i: ; preds = %dec_label_pc_640 tail call void @__gmon_start__() br label %dec_label_pc_696 dec_label_pc_696: ; preds = %dec_label_pc_4c8.i, %dec_label_pc_640 %v0_4ce.i = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_4c8.i ], [ 0, %dec_label_pc_640 ] ret i64 %v0_4ce.i } ; Function Attrs: norecurse nounwind readnone define i64 @__libc_csu_fini() local_unnamed_addr #1 { dec_label_pc_6b0: ret i64 undef } ; Function Attrs: norecurse nounwind readnone define i64 @_fini() local_unnamed_addr #1 { dec_label_pc_6b4: ret i64 undef } declare i32 @__libc_start_main(i64, i32, i8**, void ()*, void ()*, void ()*) local_unnamed_addr declare void @__gmon_start__() local_unnamed_addr declare void @__cxa_finalize(i64*) local_unnamed_addr declare i64 @__asm_hlt() local_unnamed_addr attributes #0 = { noreturn } attributes #1 = { norecurse nounwind readnone }

Raised by mcsema
Non-optimised:
; ModuleID = 'lifted.bc' source_filename = "llvm-link" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-pc-linux-gnu-elf" %union.anon = type { i64 } %seg_200df0__init_array_type = type <{ i64, i64 }> %seg_200fc0__got_type = type <{ [64 x i8] }> %seg_201000__data_type = type <{ [8 x i8], i64 }> %seg_201010__bss_type = type <{ [8 x i8] }> %struct.State = type { %struct.ArchState, [32 x %union.VectorReg], %struct.ArithFlags, %union.anon, %struct.Segments, %struct.AddressSpace, %struct.GPR, %struct.X87Stack, %struct.MMX, %struct.FPUStatusFlags, %union.anon, %union.FPU, %struct.SegmentCaches } %struct.ArchState = type { i32, i32, %union.anon } %union.VectorReg = type { %union.vec512_t } %union.vec512_t = type { %struct.uint64v8_t } %struct.uint64v8_t = type { [8 x i64] } %struct.ArithFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8 } %struct.Segments = type { i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector } %union.SegmentSelector = type { i16 } %struct.AddressSpace = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.Reg = type { %union.anon } %struct.GPR = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.X87Stack = type { [8 x %struct.anon.3] } %struct.anon.3 = type { i64, double } %struct.MMX = type { [8 x %struct.anon.4] } %struct.anon.4 = type { i64, %union.vec64_t } %union.vec64_t = type { %struct.uint64v1_t } %struct.uint64v1_t = type { [1 x i64] } %struct.FPUStatusFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, [4 x i8] } %union.FPU = type { %struct.anon.13 } %struct.anon.13 = type { %struct.FpuFXSAVE, [96 x i8] } %struct.FpuFXSAVE = type { %union.SegmentSelector, %union.SegmentSelector, %union.FPUAbridgedTagWord, i8, i16, i32, %union.SegmentSelector, i16, i32, %union.SegmentSelector, i16, %union.FPUControlStatus, %union.FPUControlStatus, [8 x %struct.FPUStackElem], [16 x %union.vec128_t] } %union.FPUAbridgedTagWord = type { i8 } %union.FPUControlStatus = type { i32 } %struct.FPUStackElem = type { %union.anon.11, [6 x i8] } %union.anon.11 = type { %struct.float80_t } %struct.float80_t = type { [10 x i8] } %union.vec128_t = type { %struct.uint128v1_t } %struct.uint128v1_t = type { [1 x i128] } %struct.SegmentCaches = type { %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow } %struct.SegmentShadow = type { %union.anon, i32, i32 } %struct.Memory = type opaque @DR0 = external global i64, align 8 @DR1 = external global i64, align 8 @DR2 = external global i64, align 8 @DR3 = external global i64, align 8 @DR4 = external global i64, align 8 @DR5 = external global i64, align 8 @DR6 = external global i64, align 8 @DR7 = external global i64, align 8 @gCR0 = external global %union.anon, align 1 @gCR1 = external global %union.anon, align 1 @gCR2 = external global %union.anon, align 1 @gCR3 = external global %union.anon, align 1 @gCR4 = external global %union.anon, align 1 @gCR8 = external global %union.anon, align 1 @seg_200df0__init_array = internal global %seg_200df0__init_array_type <{ i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_5f0_frame_dummy to i64), i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_5b0___do_global_dtors_aux to i64) }> @seg_200fc0__got = internal global %seg_200fc0__got_type <{ [64 x i8] c"\00\0E \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\008\14 \00\00\00\00\00@\14 \00\00\00\00\00H\14 \00\00\00\00\00P\14 \00\00\00\00\00X\14 \00\00\00\00\00" }> @seg_201000__data = internal global %seg_201000__data_type <{ [8 x i8] zeroinitializer, i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) }> @seg_201010__bss = internal global %seg_201010__bss_type zeroinitializer @__mcsema_reg_state = internal thread_local global %struct.State zeroinitializer @__mcsema_stack = internal thread_local global [131072 x i64] zeroinitializer @__mcsema_tls = internal thread_local global [512 x i64] zeroinitializer @0 = internal global i1 false @llvm.global_dtors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_destructor, i8* null }] @llvm.global_ctors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_constructor, i8* null }] ; Function Attrs: nounwind readnone declare i32 @llvm.ctpop.i32(i32) #0 ; Function Attrs: noduplicate noinline nounwind optnone define %struct.Memory* @__remill_error(%struct.State* dereferenceable(3376), i64, %struct.Memory*) local_unnamed_addr #1 { call void @llvm.trap() unreachable } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_6b0___libc_csu_fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #2 { block_6b0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8, !tbaa !1261 %6 = inttoptr i64 %5 to i64* %7 = load i64, i64* %6 store i64 %7, i64* %3, align 8, !tbaa !1261 %8 = add i64 %5, 8 store i64 %8, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_640___libc_csu_init(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_640: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 27, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 3, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %11 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 25, i32 0, i32 0 %15 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 29, i32 0, i32 0 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 31, i32 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = load i64, i64* %12, align 8, !tbaa !1261 %20 = add i64 %19, -8 %21 = inttoptr i64 %20 to i64* store i64 %18, i64* %21 %22 = load i64, i64* %16, align 8 %23 = add i64 %19, -16 %24 = inttoptr i64 %23 to i64* store i64 %22, i64* %24 %25 = load i64, i64* %9, align 8 store i64 %25, i64* %17, align 8, !tbaa !1261 %26 = load i64, i64* %15, align 8 %27 = add i64 %19, -24 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28 %29 = load i64, i64* %14, align 8 %30 = add i64 %19, -32 %31 = inttoptr i64 %30 to i64* store i64 %29, i64* %31 store i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64), i64* %14, align 8, !tbaa !1261 %32 = load i64, i64* %13, align 8 %33 = add i64 %19, -40 %34 = inttoptr i64 %33 to i64* store i64 %32, i64* %34 %35 = load i64, i64* %8, align 8 %36 = add i64 %19, -48 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37 %38 = load i32, i32* %5, align 4 %39 = zext i32 %38 to i64 store i64 %39, i64* %15, align 8, !tbaa !1261 %40 = load i64, i64* %10, align 8 store i64 %40, i64* %16, align 8, !tbaa !1261 %41 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %42 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %43 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %44 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %45 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 ashr (i64 sub (i64 add (i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64), i64 8), i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64)), i64 3), i64* %13, align 8, !tbaa !1261 %47 = add i64 %1, -392 %48 = add i64 %1, 49 %49 = add i64 %19, -64 %50 = inttoptr i64 %49 to i64* store i64 %48, i64* %50 store i64 %49, i64* %12, align 8, !tbaa !1261 %51 = tail call %struct.Memory* @sub_4b8__init(%struct.State* nonnull %0, i64 %47, %struct.Memory* %2) %52 = load i64, i64* %13, align 8 %53 = load i64, i64* %3, align 8 %54 = icmp eq i64 %52, 0 %55 = select i1 %54, i64 37, i64 5 %56 = add i64 %53, %55 br i1 %54, label %block_696, label %block_676 block_696.loopexit: ; preds = %block_680 br label %block_696 block_696: ; preds = %block_696.loopexit, %block_640 %57 = phi %struct.Memory* [ %51, %block_640 ], [ %118, %block_696.loopexit ] %58 = load i64, i64* %12, align 8 %59 = add i64 %58, 8 %60 = icmp ugt i64 %58, -9 %61 = zext i1 %60 to i8 store i8 %61, i8* %41, align 1, !tbaa !1265 %62 = trunc i64 %59 to i32 %63 = and i32 %62, 255 %64 = tail call i32 @llvm.ctpop.i32(i32 %63) #5 %65 = trunc i32 %64 to i8 %66 = and i8 %65, 1 %67 = xor i8 %66, 1 store i8 %67, i8* %42, align 1, !tbaa !1279 %68 = xor i64 %59, %58 %69 = lshr i64 %68, 4 %70 = trunc i64 %69 to i8 %71 = and i8 %70, 1 store i8 %71, i8* %43, align 1, !tbaa !1280 %72 = icmp eq i64 %59, 0 %73 = zext i1 %72 to i8 store i8 %73, i8* %44, align 1, !tbaa !1281 %74 = lshr i64 %59, 63 %75 = trunc i64 %74 to i8 store i8 %75, i8* %45, align 1, !tbaa !1282 %76 = lshr i64 %58, 63 %77 = xor i64 %74, %76 %78 = add nuw nsw i64 %77, %74 %79 = icmp eq i64 %78, 2 %80 = zext i1 %79 to i8 store i8 %80, i8* %46, align 1, !tbaa !1283 %81 = add i64 %58, 16 %82 = inttoptr i64 %59 to i64* %83 = load i64, i64* %82 store i64 %83, i64* %8, align 8, !tbaa !1261 %84 = add i64 %58, 24 %85 = inttoptr i64 %81 to i64* %86 = load i64, i64* %85 store i64 %86, i64* %13, align 8, !tbaa !1261 %87 = add i64 %58, 32 %88 = inttoptr i64 %84 to i64* %89 = load i64, i64* %88 store i64 %89, i64* %14, align 8, !tbaa !1261 %90 = add i64 %58, 40 %91 = inttoptr i64 %87 to i64* %92 = load i64, i64* %91 store i64 %92, i64* %15, align 8, !tbaa !1261 %93 = add i64 %58, 48 %94 = inttoptr i64 %90 to i64* %95 = load i64, i64* %94 store i64 %95, i64* %16, align 8, !tbaa !1261 %96 = add i64 %58, 56 %97 = inttoptr i64 %93 to i64* %98 = load i64, i64* %97 store i64 %98, i64* %17, align 8, !tbaa !1261 %99 = inttoptr i64 %96 to i64* %100 = load i64, i64* %99 store i64 %100, i64* %3, align 8, !tbaa !1261 %101 = add i64 %58, 64 store i64 %101, i64* %12, align 8, !tbaa !1261 ret %struct.Memory* %57 block_680: ; preds = %block_676, %block_680 %102 = phi i64 [ 0, %block_676 ], [ %121, %block_680 ] %103 = phi i64 [ %150, %block_676 ], [ %149, %block_680 ] %104 = phi %struct.Memory* [ %51, %block_676 ], [ %118, %block_680 ] %105 = load i64, i64* %17, align 8 store i64 %105, i64* %9, align 8, !tbaa !1261 %106 = load i64, i64* %16, align 8 store i64 %106, i64* %10, align 8, !tbaa !1261 %107 = load i32, i32* %7, align 4 %108 = zext i32 %107 to i64 store i64 %108, i64* %11, align 8, !tbaa !1261 %109 = load i64, i64* %14, align 8 %110 = shl i64 %102, 3 %111 = add i64 %110, %109 %112 = add i64 %103, 13 %113 = load i64, i64* %12, align 8, !tbaa !1261 %114 = add i64 %113, -8 %115 = inttoptr i64 %114 to i64* store i64 %112, i64* %115 store i64 %114, i64* %12, align 8, !tbaa !1261 %116 = inttoptr i64 %111 to i64* %117 = load i64, i64* %116 store i64 %117, i64* %3, align 8, !tbaa !1261 %118 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %117, %struct.Memory* %104) %119 = load i64, i64* %8, align 8 %120 = load i64, i64* %3, align 8 %121 = add i64 %119, 1 store i64 %121, i64* %8, align 8, !tbaa !1261 %122 = lshr i64 %121, 63 %123 = load i64, i64* %13, align 8 %124 = sub i64 %123, %121 %125 = icmp ult i64 %123, %121 %126 = zext i1 %125 to i8 store i8 %126, i8* %41, align 1, !tbaa !1265 %127 = trunc i64 %124 to i32 %128 = and i32 %127, 255 %129 = tail call i32 @llvm.ctpop.i32(i32 %128) #5 %130 = trunc i32 %129 to i8 %131 = and i8 %130, 1 %132 = xor i8 %131, 1 store i8 %132, i8* %42, align 1, !tbaa !1279 %133 = xor i64 %121, %123 %134 = xor i64 %133, %124 %135 = lshr i64 %134, 4 %136 = trunc i64 %135 to i8 %137 = and i8 %136, 1 store i8 %137, i8* %43, align 1, !tbaa !1280 %138 = icmp eq i64 %124, 0 %139 = zext i1 %138 to i8 store i8 %139, i8* %44, align 1, !tbaa !1281 %140 = lshr i64 %124, 63 %141 = trunc i64 %140 to i8 store i8 %141, i8* %45, align 1, !tbaa !1282 %142 = lshr i64 %123, 63 %143 = xor i64 %122, %142 %144 = xor i64 %140, %142 %145 = add nuw nsw i64 %144, %143 %146 = icmp eq i64 %145, 2 %147 = zext i1 %146 to i8 store i8 %147, i8* %46, align 1, !tbaa !1283 %148 = select i1 %138, i64 9, i64 -13 %149 = add i64 %120, %148 br i1 %138, label %block_696.loopexit, label %block_680 block_676: ; preds = %block_640 store i64 0, i64* %8, align 8, !tbaa !1261 store i8 0, i8* %41, align 1, !tbaa !1265 store i8 1, i8* %42, align 1, !tbaa !1279 store i8 1, i8* %44, align 1, !tbaa !1281 store i8 0, i8* %45, align 1, !tbaa !1282 store i8 0, i8* %46, align 1, !tbaa !1283 store i8 0, i8* %43, align 1, !tbaa !1280 %150 = add i64 %56, 10 br label %block_680 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_610_main(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_610: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1261 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12 store i64 %11, i64* %8, align 8, !tbaa !1261 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %19 = add i64 %10, -12 %20 = load i32, i32* %5, align 4 %21 = inttoptr i64 %19 to i32* store i32 %20, i32* %21 %22 = add i64 %10, -24 %23 = load i64, i64* %6, align 8 %24 = inttoptr i64 %22 to i64* store i64 %23, i64* %24 %25 = inttoptr i64 %19 to i32* %26 = load i32, i32* %25 %27 = add i32 %26, -4 %28 = icmp ult i32 %26, 4 %29 = zext i1 %28 to i8 store i8 %29, i8* %13, align 1, !tbaa !1265 %30 = and i32 %27, 255 %31 = tail call i32 @llvm.ctpop.i32(i32 %30) #5 %32 = trunc i32 %31 to i8 %33 = and i8 %32, 1 %34 = xor i8 %33, 1 store i8 %34, i8* %14, align 1, !tbaa !1279 %35 = xor i32 %27, %26 %36 = lshr i32 %35, 4 %37 = trunc i32 %36 to i8 %38 = and i8 %37, 1 store i8 %38, i8* %15, align 1, !tbaa !1280 %39 = icmp eq i32 %27, 0 %40 = zext i1 %39 to i8 store i8 %40, i8* %16, align 1, !tbaa !1281 %41 = lshr i32 %27, 31 %42 = trunc i32 %41 to i8 store i8 %42, i8* %17, align 1, !tbaa !1282 %43 = lshr i32 %26, 31 %44 = xor i32 %41, %43 %45 = add nuw nsw i32 %44, %43 %46 = icmp eq i32 %45, 2 %47 = zext i1 %46 to i8 store i8 %47, i8* %18, align 1, !tbaa !1283 %48 = icmp ne i8 %42, 0 %49 = xor i1 %48, %46 %50 = or i1 %39, %49 %51 = select i1 %50, i64 21, i64 33 %52 = add i64 %51, %1 br i1 %50, label %block_625, label %block_631 block_63b: ; preds = %block_625, %block_631 %53 = phi %struct.Memory* [ %65, %block_631 ], [ %70, %block_625 ] %54 = load i64, i64* %8, align 8, !tbaa !1261 %55 = inttoptr i64 %54 to i64* %56 = load i64, i64* %55 store i64 %56, i64* %8, align 8, !tbaa !1261 %57 = add i64 %54, 8 %58 = inttoptr i64 %57 to i64* %59 = load i64, i64* %58 store i64 %59, i64* %3, align 8, !tbaa !1261 %60 = add i64 %54, 16 store i64 %60, i64* %7, align 8, !tbaa !1261 ret %struct.Memory* %53 block_631: ; preds = %block_610 %61 = add i64 %52, -44 %62 = add i64 %52, 10 %63 = add i64 %10, -32 %64 = inttoptr i64 %63 to i64* store i64 %62, i64* %64 store i64 %63, i64* %7, align 8, !tbaa !1261 %65 = tail call %struct.Memory* @sub_605_return_8s(%struct.State* nonnull %0, i64 %61, %struct.Memory* %2) br label %block_63b block_625: ; preds = %block_610 %66 = add i64 %52, -43 %67 = add i64 %52, 10 %68 = add i64 %10, -32 %69 = inttoptr i64 %68 to i64* store i64 %67, i64* %69 store i64 %68, i64* %7, align 8, !tbaa !1261 %70 = tail call %struct.Memory* @sub_5fa_return_9s(%struct.State* nonnull %0, i64 %66, %struct.Memory* %2) br label %block_63b } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5fa_return_9s(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_5fa: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* %5, align 8, !tbaa !1261 %9 = add i64 %8, -8 %10 = inttoptr i64 %9 to i64* store i64 %7, i64* %10 store i64 99999999, i64* %4, align 8, !tbaa !1261 %11 = inttoptr i64 %9 to i64* %12 = load i64, i64* %11 store i64 %12, i64* %6, align 8, !tbaa !1261 %13 = inttoptr i64 %8 to i64* %14 = load i64, i64* %13 store i64 %14, i64* %3, align 8, !tbaa !1261 %15 = add i64 %8, 8 store i64 %15, i64* %5, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_605_return_8s(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_605: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* %5, align 8, !tbaa !1261 %9 = add i64 %8, -8 %10 = inttoptr i64 %9 to i64* store i64 %7, i64* %10 store i64 88888888, i64* %4, align 8, !tbaa !1261 %11 = inttoptr i64 %9 to i64* %12 = load i64, i64* %11 store i64 %12, i64* %6, align 8, !tbaa !1261 %13 = inttoptr i64 %8 to i64* %14 = load i64, i64* %13 store i64 %14, i64* %3, align 8, !tbaa !1261 %15 = add i64 %8, 8 store i64 %15, i64* %5, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5b0___do_global_dtors_aux(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_5b0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %6 = load i8, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i32 0, i32 0, i32 0) %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %7, align 1, !tbaa !1265 %8 = zext i8 %6 to i32 %9 = tail call i32 @llvm.ctpop.i32(i32 %8) #5 %10 = trunc i32 %9 to i8 %11 = and i8 %10, 1 %12 = xor i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %12, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 0, i8* %14, align 1, !tbaa !1280 %15 = icmp eq i8 %6, 0 %16 = zext i1 %15 to i8 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %16, i8* %17, align 1, !tbaa !1281 %18 = lshr i8 %6, 7 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %18, i8* %19, align 1, !tbaa !1282 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 0, i8* %20, align 1, !tbaa !1283 %21 = select i1 %15, i64 9, i64 56 %22 = add i64 %21, %1 %23 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 br i1 %15, label %block_5b9, label %block_5e8 block_5c7: ; preds = %block_5b9 %24 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) to i64*) store i64 %24, i64* %4, align 8, !tbaa !1261 %25 = add i64 %48, -231 %26 = add i64 %48, 12 %27 = add i64 %44, -16 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28 store i64 %27, i64* %23, align 8, !tbaa !1261 %29 = tail call %struct.Memory* @sub_4e0_targ4e0(%struct.State* nonnull %0, i64 %25, %struct.Memory* %2) %30 = load i64, i64* %3, align 8 %31 = load i64, i64* %23, align 8, !tbaa !1261 br label %block_5d3 block_5b9: ; preds = %block_5b0 %32 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 56) to i64*) store i8 0, i8* %7, align 1, !tbaa !1265 %33 = trunc i64 %32 to i32 %34 = and i32 %33, 255 %35 = tail call i32 @llvm.ctpop.i32(i32 %34) #5 %36 = trunc i32 %35 to i8 %37 = and i8 %36, 1 %38 = xor i8 %37, 1 store i8 %38, i8* %13, align 1, !tbaa !1279 store i8 0, i8* %14, align 1, !tbaa !1280 %39 = icmp eq i64 %32, 0 %40 = zext i1 %39 to i8 store i8 %40, i8* %17, align 1, !tbaa !1281 %41 = lshr i64 %32, 63 %42 = trunc i64 %41 to i8 store i8 %42, i8* %19, align 1, !tbaa !1282 store i8 0, i8* %20, align 1, !tbaa !1283 %43 = load i64, i64* %5, align 8 %44 = load i64, i64* %23, align 8, !tbaa !1261 %45 = add i64 %44, -8 %46 = inttoptr i64 %45 to i64* store i64 %43, i64* %46 store i64 %45, i64* %5, align 8, !tbaa !1261 %47 = select i1 %39, i64 26, i64 14 %48 = add i64 %22, %47 br i1 %39, label %block_5d3, label %block_5c7 block_5e8: ; preds = %block_5b0 %49 = load i64, i64* %23, align 8, !tbaa !1261 %50 = inttoptr i64 %49 to i64* %51 = load i64, i64* %50 store i64 %51, i64* %3, align 8, !tbaa !1261 %52 = add i64 %49, 8 store i64 %52, i64* %23, align 8, !tbaa !1261 ret %struct.Memory* %2 block_5d3: ; preds = %block_5b9, %block_5c7 %53 = phi i64 [ %45, %block_5b9 ], [ %31, %block_5c7 ] %54 = phi i64 [ %48, %block_5b9 ], [ %30, %block_5c7 ] %55 = phi %struct.Memory* [ %2, %block_5b9 ], [ %29, %block_5c7 ] %56 = add i64 %54, -179 %57 = add i64 %54, 5 %58 = add i64 %53, -8 %59 = inttoptr i64 %58 to i64* store i64 %57, i64* %59 store i64 %58, i64* %23, align 8, !tbaa !1261 %60 = tail call %struct.Memory* @sub_520_deregister_tm_clones(%struct.State* nonnull %0, i64 %56, %struct.Memory* %55) store i8 1, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i32 0, i32 0, i32 0) %61 = load i64, i64* %23, align 8, !tbaa !1261 %62 = add i64 %61, 8 %63 = inttoptr i64 %61 to i64* %64 = load i64, i64* %63 store i64 %64, i64* %5, align 8, !tbaa !1261 %65 = inttoptr i64 %62 to i64* %66 = load i64, i64* %65 store i64 %66, i64* %3, align 8, !tbaa !1261 %67 = add i64 %61, 16 store i64 %67, i64* %23, align 8, !tbaa !1261 ret %struct.Memory* %60 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_6b4__fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #2 { block_6b4: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, -8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %9 = xor i64 %6, %5 %10 = lshr i64 %9, 4 %11 = trunc i64 %10 to i8 %12 = and i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %15 = lshr i64 %6, 63 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = lshr i64 %5, 63 %18 = xor i64 %15, %17 %19 = add nuw nsw i64 %18, %17 %20 = icmp eq i64 %19, 2 %21 = zext i1 %20 to i8 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %23 = icmp ult i64 %5, 8 %24 = zext i1 %23 to i8 store i8 %24, i8* %7, align 1, !tbaa !1265 %25 = trunc i64 %5 to i32 %26 = and i32 %25, 255 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #5 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %8, align 1, !tbaa !1279 store i8 %12, i8* %13, align 1, !tbaa !1280 %31 = icmp eq i64 %5, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %14, align 1, !tbaa !1281 %33 = trunc i64 %17 to i8 store i8 %33, i8* %16, align 1, !tbaa !1282 store i8 %21, i8* %22, align 1, !tbaa !1283 %34 = inttoptr i64 %5 to i64* %35 = load i64, i64* %34 store i64 %35, i64* %3, align 8, !tbaa !1261 %36 = add i64 %5, 8 store i64 %36, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_560_register_tm_clones(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_5a0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %6, align 8, !tbaa !1261 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1261 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 0, i64* %4, align 8, !tbaa !1261 store i64 0, i64* %5, align 8, !tbaa !1261 store i8 0, i8* %13, align 1, !tbaa !1284 store i8 1, i8* %14, align 1, !tbaa !1284 store i8 0, i8* %15, align 1, !tbaa !1284 store i8 1, i8* %16, align 1, !tbaa !1284 store i8 0, i8* %17, align 1, !tbaa !1284 store i8 0, i8* %18, align 1, !tbaa !1284 %19 = inttoptr i64 %11 to i64* %20 = load i64, i64* %19 store i64 %20, i64* %8, align 8, !tbaa !1261 %21 = inttoptr i64 %10 to i64* %22 = load i64, i64* %21 store i64 %22, i64* %3, align 8, !tbaa !1261 %23 = add i64 %10, 8 store i64 %23, i64* %7, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_520_deregister_tm_clones(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_550: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %5, align 8, !tbaa !1261 %8 = load i64, i64* %7, align 8 %9 = load i64, i64* %6, align 8, !tbaa !1261 %10 = add i64 %9, -8 %11 = inttoptr i64 %10 to i64* store i64 %8, i64* %11 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %4, align 8, !tbaa !1261 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %12, align 1, !tbaa !1265 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 1, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 and (i8 trunc (i64 lshr (i64 xor (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64)), i64 4) to i8), i8 1), i8* %14, align 1, !tbaa !1280 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 1, i8* %15, align 1, !tbaa !1281 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 0, i8* %16, align 1, !tbaa !1282 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 zext (i1 icmp eq (i64 add (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 xor (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63))), i64 2) to i8), i8* %17, align 1, !tbaa !1283 %18 = inttoptr i64 %10 to i64* %19 = load i64, i64* %18 store i64 %19, i64* %7, align 8, !tbaa !1261 %20 = inttoptr i64 %9 to i64* %21 = load i64, i64* %20 store i64 %21, i64* %3, align 8, !tbaa !1261 %22 = add i64 %9, 8 store i64 %22, i64* %6, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4f0__start(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_4f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 store i64 0, i64* %10, align 8, !tbaa !1261 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %19 = load i64, i64* %6, align 8 store i64 %19, i64* %12, align 8, !tbaa !1261 %20 = load i64, i64* %9, align 8, !tbaa !1261 %21 = add i64 %20, 8 %22 = inttoptr i64 %20 to i64* %23 = load i64, i64* %22 store i64 %23, i64* %7, align 8, !tbaa !1261 store i64 %21, i64* %6, align 8, !tbaa !1261 %24 = and i64 %21, -16 store i8 0, i8* %13, align 1, !tbaa !1265 %25 = trunc i64 %21 to i32 %26 = and i32 %25, 240 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #5 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %14, align 1, !tbaa !1279 %31 = icmp eq i64 %24, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %15, align 1, !tbaa !1281 %33 = lshr i64 %21, 63 %34 = trunc i64 %33 to i8 store i8 %34, i8* %16, align 1, !tbaa !1282 store i8 0, i8* %17, align 1, !tbaa !1283 store i8 0, i8* %18, align 1, !tbaa !1280 %35 = load i64, i64* %4, align 8 %36 = add i64 %24, -8 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37 %38 = add i64 %24, -16 %39 = inttoptr i64 %38 to i64* store i64 %36, i64* %39 store i64 ptrtoint (i64 ()* @callback_sub_6b0___libc_csu_fini to i64), i64* %11, align 8, !tbaa !1261 store i64 ptrtoint (i64 ()* @callback_sub_640___libc_csu_init to i64), i64* %5, align 8, !tbaa !1261 store i64 ptrtoint (i64 (i64, i64, i64)* @main to i64), i64* %8, align 8, !tbaa !1261 %40 = add i64 %1, 42 %41 = add i64 %24, -24 %42 = inttoptr i64 %41 to i64* store i64 %40, i64* %42 store i64 %41, i64* %9, align 8, !tbaa !1261 %43 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 32) to i64*) store i64 %43, i64* %3, align 8, !tbaa !1261 %44 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %43, %struct.Memory* %2) %45 = load i64, i64* %3, align 8 %46 = add i64 %45, 1 store i64 %46, i64* %3, align 8 %47 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull %0, i64 %46, %struct.Memory* %44) ret %struct.Memory* %47 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5f0_frame_dummy(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_5f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = load i64, i64* %3, align 8, !tbaa !1261 %7 = add i64 %6, -8 %8 = inttoptr i64 %7 to i64* store i64 %5, i64* %8 %9 = inttoptr i64 %7 to i64* %10 = load i64, i64* %9 store i64 %10, i64* %4, align 8, !tbaa !1261 store i64 %6, i64* %3, align 8, !tbaa !1261 %11 = add i64 %1, -144 %12 = tail call %struct.Memory* @sub_560_register_tm_clones(%struct.State* nonnull %0, i64 %11, %struct.Memory* %2) ret %struct.Memory* %12 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4e0_targ4e0(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_4e0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 56) to i64*) store i64 %4, i64* %3, align 8, !tbaa !1261 %5 = icmp eq i64 %4, 1254 br i1 %5, label %block_4e6, label %7 block_4e6: ; preds = %block_4e0 %6 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull %0, i64 1254, %struct.Memory* %2) ret %struct.Memory* %6 ; <label>:7: ; preds = %block_4e0 %8 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %4, %struct.Memory* %2) ret %struct.Memory* %8 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4b8__init(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #2 { block_4b8: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, -8 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %14 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 40) to i64*) store i64 %14, i64* %4, align 8, !tbaa !1261 store i8 0, i8* %8, align 1, !tbaa !1265 %15 = trunc i64 %14 to i32 %16 = and i32 %15, 255 %17 = tail call i32 @llvm.ctpop.i32(i32 %16) #5 %18 = trunc i32 %17 to i8 %19 = and i8 %18, 1 %20 = xor i8 %19, 1 store i8 %20, i8* %9, align 1, !tbaa !1279 %21 = icmp eq i64 %14, 0 %22 = zext i1 %21 to i8 store i8 %22, i8* %11, align 1, !tbaa !1281 %23 = lshr i64 %14, 63 %24 = trunc i64 %23 to i8 store i8 %24, i8* %12, align 1, !tbaa !1282 store i8 0, i8* %13, align 1, !tbaa !1283 store i8 0, i8* %10, align 1, !tbaa !1280 %25 = select i1 %21, i64 18, i64 16 %26 = add i64 %25, %1 br i1 %21, label %block_4ca, label %block_4c8 block_4ca: ; preds = %block_4c8, %block_4b8 %27 = phi i64 [ %7, %block_4b8 ], [ %58, %block_4c8 ] %28 = phi %struct.Memory* [ %2, %block_4b8 ], [ %57, %block_4c8 ] %29 = add i64 %27, 8 %30 = icmp ugt i64 %27, -9 %31 = zext i1 %30 to i8 store i8 %31, i8* %8, align 1, !tbaa !1265 %32 = trunc i64 %29 to i32 %33 = and i32 %32, 255 %34 = tail call i32 @llvm.ctpop.i32(i32 %33) #5 %35 = trunc i32 %34 to i8 %36 = and i8 %35, 1 %37 = xor i8 %36, 1 store i8 %37, i8* %9, align 1, !tbaa !1279 %38 = xor i64 %29, %27 %39 = lshr i64 %38, 4 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 store i8 %41, i8* %10, align 1, !tbaa !1280 %42 = icmp eq i64 %29, 0 %43 = zext i1 %42 to i8 store i8 %43, i8* %11, align 1, !tbaa !1281 %44 = lshr i64 %29, 63 %45 = trunc i64 %44 to i8 store i8 %45, i8* %12, align 1, !tbaa !1282 %46 = lshr i64 %27, 63 %47 = xor i64 %44, %46 %48 = add nuw nsw i64 %47, %44 %49 = icmp eq i64 %48, 2 %50 = zext i1 %49 to i8 store i8 %50, i8* %13, align 1, !tbaa !1283 %51 = inttoptr i64 %29 to i64* %52 = load i64, i64* %51 store i64 %52, i64* %3, align 8, !tbaa !1261 %53 = add i64 %27, 16 store i64 %53, i64* %5, align 8, !tbaa !1261 ret %struct.Memory* %28 block_4c8: ; preds = %block_4b8 %54 = add i64 %26, 2 %55 = add i64 %6, -16 %56 = inttoptr i64 %55 to i64* store i64 %54, i64* %56 store i64 %55, i64* %5, align 8, !tbaa !1261 store i64 %14, i64* %3, align 8, !tbaa !1261 %57 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %14, %struct.Memory* %2) %58 = load i64, i64* %5, align 8 br label %block_4ca } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_5f0_frame_dummy(i64, i64, i64, i64, i64, i64, i64, i64) #3 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1520, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5f0_frame_dummy(%struct.State* nonnull @__mcsema_reg_state, i64 1520, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define void @__mcsema_verify_reg_state() local_unnamed_addr #4 { entry: %0 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %1 = icmp eq i64 %0, 0 br i1 %1, label %is_null, label %end is_null: ; preds = %entry store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %end end: ; preds = %is_null, %entry ret void } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_5b0___do_global_dtors_aux(i64, i64, i64, i64, i64, i64, i64, i64) #3 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1456, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5b0___do_global_dtors_aux(%struct.State* nonnull @__mcsema_reg_state, i64 1456, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: noinline nounwind define %struct.Memory* @__mcsema_detach_call_value(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #2 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 %13 = load i64, i64* %9, align 8 %14 = load i64, i64* %8, align 8 %15 = load i64, i64* %7, align 8 %16 = load i64, i64* %6, align 8 %17 = load i64, i64* %11, align 8 %18 = load i64, i64* %12, align 8 %19 = load i64, i64* %10, align 8 %20 = add i64 %19, 8 %21 = inttoptr i64 %20 to i64* %22 = load i64, i64* %21 %23 = add i64 %19, 16 %24 = inttoptr i64 %23 to i64* %25 = load i64, i64* %24 %26 = inttoptr i64 %1 to i64 (i64, i64, i64, i64, i64, i64, i64, i64)* %27 = tail call i64 %26(i64 %13, i64 %14, i64 %15, i64 %16, i64 %17, i64 %18, i64 %22, i64 %25) #5 store i64 %27, i64* %5, align 8 %28 = inttoptr i64 %19 to i64* %29 = load i64, i64* %28 store i64 %29, i64* %4, align 8 store i64 %20, i64* %10, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_6b0___libc_csu_fini() #3 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1712, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_6b0___libc_csu_fini(%struct.State* nonnull @__mcsema_reg_state, i64 1712, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_640___libc_csu_init() #3 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1600, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_640___libc_csu_init(%struct.State* nonnull @__mcsema_reg_state, i64 1600, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @main(i64, i64, i64) #3 { %4 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %3 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %3 %6 = phi i64 [ %4, %3 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1552, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %7 = load volatile i1, i1* @0, align 1 br i1 %7, label %__mcsema_early_init.exit, label %8 ; <label>:8: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %8, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 %9 = add i64 %6, -8 store i64 %9, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = tail call %struct.Memory* @sub_610_main(%struct.State* nonnull @__mcsema_reg_state, i64 1552, %struct.Memory* null) store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %11 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %11 } ; Function Attrs: nobuiltin noinline nounwind define i64 @return_8s(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #3 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1541, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_605_return_8s(%struct.State* nonnull @__mcsema_reg_state, i64 1541, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nobuiltin noinline nounwind define i64 @targ4e0(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #3 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1248, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_4e0_targ4e0(%struct.State* nonnull @__mcsema_reg_state, i64 1248, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nobuiltin noinline nounwind define i64 @return_9s(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #3 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1530, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5fa_return_9s(%struct.State* nonnull @__mcsema_reg_state, i64 1530, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nounwind define internal void @__mcsema_destructor() #5 { %1 = tail call i64 @callback_sub_6b0___libc_csu_fini() ret void } ; Function Attrs: nounwind define internal void @__mcsema_constructor() #5 { %1 = load volatile i1, i1* @0, align 1 br i1 %1, label %__mcsema_early_init.exit, label %2 ; <label>:2: ; preds = %0 store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %2, %0 %3 = tail call i64 @callback_sub_640___libc_csu_init() ret void } ; Function Attrs: noinline optnone define %struct.State* @__mcsema_debug_get_reg_state() #6 { ret %struct.State* @__mcsema_reg_state } ; Function Attrs: noreturn nounwind declare void @llvm.trap() #7 attributes #0 = { nounwind readnone } attributes #1 = { noduplicate noinline nounwind optnone "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #2 = { noinline nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #3 = { nobuiltin noinline nounwind } attributes #4 = { norecurse nounwind } attributes #5 = { nounwind } attributes #6 = { noinline optnone } attributes #7 = { noreturn nounwind } !llvm.ident = !{!0, !0} !llvm.dbg.cu = !{!1} !llvm.module.flags = !{!1259, !1260}

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "llvm-link" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-pc-linux-gnu-elf" %seg_200df0__init_array_type = type <{ i64, i64 }> %seg_200fc0__got_type = type <{ [64 x i8] }> %seg_201000__data_type = type <{ [8 x i8], i64 }> %seg_201010__bss_type = type <{ [8 x i8] }> %struct.State = type { %struct.ArchState, [32 x %union.VectorReg], %struct.ArithFlags, %union.anon, %struct.Segments, %struct.AddressSpace, %struct.GPR, %struct.X87Stack, %struct.MMX, %struct.FPUStatusFlags, %union.anon, %union.FPU, %struct.SegmentCaches } %struct.ArchState = type { i32, i32, %union.anon } %union.VectorReg = type { %union.vec512_t } %union.vec512_t = type { %struct.uint64v8_t } %struct.uint64v8_t = type { [8 x i64] } %struct.ArithFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8 } %struct.Segments = type { i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector } %union.SegmentSelector = type { i16 } %struct.AddressSpace = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.Reg = type { %union.anon } %struct.GPR = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.X87Stack = type { [8 x %struct.anon.3] } %struct.anon.3 = type { i64, double } %struct.MMX = type { [8 x %struct.anon.4] } %struct.anon.4 = type { i64, %union.vec64_t } %union.vec64_t = type { %struct.uint64v1_t } %struct.uint64v1_t = type { [1 x i64] } %struct.FPUStatusFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, [4 x i8] } %union.anon = type { i64 } %union.FPU = type { %struct.anon.13 } %struct.anon.13 = type { %struct.FpuFXSAVE, [96 x i8] } %struct.FpuFXSAVE = type { %union.SegmentSelector, %union.SegmentSelector, %union.FPUAbridgedTagWord, i8, i16, i32, %union.SegmentSelector, i16, i32, %union.SegmentSelector, i16, %union.FPUControlStatus, %union.FPUControlStatus, [8 x %struct.FPUStackElem], [16 x %union.vec128_t] } %union.FPUAbridgedTagWord = type { i8 } %union.FPUControlStatus = type { i32 } %struct.FPUStackElem = type { %union.anon.11, [6 x i8] } %union.anon.11 = type { %struct.float80_t } %struct.float80_t = type { [10 x i8] } %union.vec128_t = type { %struct.uint128v1_t } %struct.uint128v1_t = type { [1 x i128] } %struct.SegmentCaches = type { %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow } %struct.SegmentShadow = type { %union.anon, i32, i32 } %struct.Memory = type opaque @seg_200df0__init_array = internal global %seg_200df0__init_array_type <{ i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_5f0_frame_dummy to i64), i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_5b0___do_global_dtors_aux to i64) }> @seg_200fc0__got = internal global %seg_200fc0__got_type <{ [64 x i8] c"\00\0E \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\008\14 \00\00\00\00\00@\14 \00\00\00\00\00H\14 \00\00\00\00\00P\14 \00\00\00\00\00X\14 \00\00\00\00\00" }> @seg_201000__data = internal global %seg_201000__data_type <{ [8 x i8] zeroinitializer, i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) }> @seg_201010__bss = internal global %seg_201010__bss_type zeroinitializer @__mcsema_reg_state = internal thread_local global %struct.State zeroinitializer @__mcsema_stack = internal thread_local global [131072 x i64] zeroinitializer @__mcsema_tls = internal thread_local global [512 x i64] zeroinitializer @0 = internal global i1 false @llvm.global_dtors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_destructor, i8* null }] @llvm.global_ctors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_constructor, i8* null }] ; Function Attrs: nounwind readnone declare i32 @llvm.ctpop.i32(i32) #0 ; Function Attrs: noduplicate noinline noreturn nounwind optnone define %struct.Memory* @__remill_error(%struct.State* dereferenceable(3376), i64, %struct.Memory*) local_unnamed_addr #1 { call void @llvm.trap() unreachable } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_6b0___libc_csu_fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { block_6b0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8, !tbaa !1261 %6 = inttoptr i64 %5 to i64* %7 = load i64, i64* %6, align 8 store i64 %7, i64* %3, align 8, !tbaa !1261 %8 = add i64 %5, 8 store i64 %8, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_640___libc_csu_init(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #3 { block_640: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 27, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 3, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %11 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 25, i32 0, i32 0 %15 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 29, i32 0, i32 0 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 31, i32 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = load i64, i64* %12, align 8, !tbaa !1261 %20 = add i64 %19, -8 %21 = inttoptr i64 %20 to i64* store i64 %18, i64* %21, align 8 %22 = load i64, i64* %16, align 8 %23 = add i64 %19, -16 %24 = inttoptr i64 %23 to i64* store i64 %22, i64* %24, align 8 %25 = load i64, i64* %9, align 8 store i64 %25, i64* %17, align 8, !tbaa !1261 %26 = load i64, i64* %15, align 8 %27 = add i64 %19, -24 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28, align 8 %29 = load i64, i64* %14, align 8 %30 = add i64 %19, -32 %31 = inttoptr i64 %30 to i64* store i64 %29, i64* %31, align 8 store i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64), i64* %14, align 8, !tbaa !1261 %32 = load i64, i64* %13, align 8 %33 = add i64 %19, -40 %34 = inttoptr i64 %33 to i64* store i64 %32, i64* %34, align 8 %35 = load i64, i64* %8, align 8 %36 = add i64 %19, -48 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37, align 8 %38 = load i32, i32* %5, align 4 %39 = zext i32 %38 to i64 store i64 %39, i64* %15, align 8, !tbaa !1261 %40 = load i64, i64* %10, align 8 store i64 %40, i64* %16, align 8, !tbaa !1261 %41 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %42 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %43 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %44 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %45 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 ashr (i64 sub (i64 add (i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64), i64 8), i64 ptrtoint (%seg_200df0__init_array_type* @seg_200df0__init_array to i64)), i64 3), i64* %13, align 8, !tbaa !1261 %47 = add i64 %1, -392 %48 = add i64 %1, 49 %49 = add i64 %19, -64 %50 = inttoptr i64 %49 to i64* store i64 %48, i64* %50, align 8 store i64 %49, i64* %12, align 8, !tbaa !1261 %51 = tail call %struct.Memory* @sub_4b8__init(%struct.State* nonnull %0, i64 %47, %struct.Memory* %2) %52 = load i64, i64* %13, align 8 %53 = icmp eq i64 %52, 0 br i1 %53, label %block_696, label %block_676 block_696.loopexit: ; preds = %block_680 br label %block_696 block_696: ; preds = %block_696.loopexit, %block_640 %54 = load i64, i64* %12, align 8 %55 = add i64 %54, 8 %56 = icmp ugt i64 %54, -9 %57 = zext i1 %56 to i8 store i8 %57, i8* %41, align 1, !tbaa !1265 %58 = trunc i64 %55 to i32 %59 = and i32 %58, 255 %60 = tail call i32 @llvm.ctpop.i32(i32 %59) #8 %61 = trunc i32 %60 to i8 %62 = and i8 %61, 1 %63 = xor i8 %62, 1 store i8 %63, i8* %42, align 1, !tbaa !1279 %64 = xor i64 %55, %54 %65 = lshr i64 %64, 4 %66 = trunc i64 %65 to i8 %67 = and i8 %66, 1 store i8 %67, i8* %43, align 1, !tbaa !1280 %68 = icmp eq i64 %55, 0 %69 = zext i1 %68 to i8 store i8 %69, i8* %44, align 1, !tbaa !1281 %70 = lshr i64 %55, 63 %71 = trunc i64 %70 to i8 store i8 %71, i8* %45, align 1, !tbaa !1282 %72 = lshr i64 %54, 63 %73 = xor i64 %70, %72 %74 = add nuw nsw i64 %73, %70 %75 = icmp eq i64 %74, 2 %76 = zext i1 %75 to i8 store i8 %76, i8* %46, align 1, !tbaa !1283 %77 = add i64 %54, 16 %78 = inttoptr i64 %55 to i64* %79 = load i64, i64* %78, align 8 store i64 %79, i64* %8, align 8, !tbaa !1261 %80 = add i64 %54, 24 %81 = inttoptr i64 %77 to i64* %82 = load i64, i64* %81, align 8 store i64 %82, i64* %13, align 8, !tbaa !1261 %83 = add i64 %54, 32 %84 = inttoptr i64 %80 to i64* %85 = load i64, i64* %84, align 8 store i64 %85, i64* %14, align 8, !tbaa !1261 %86 = add i64 %54, 40 %87 = inttoptr i64 %83 to i64* %88 = load i64, i64* %87, align 8 store i64 %88, i64* %15, align 8, !tbaa !1261 %89 = add i64 %54, 48 %90 = inttoptr i64 %86 to i64* %91 = load i64, i64* %90, align 8 store i64 %91, i64* %16, align 8, !tbaa !1261 %92 = add i64 %54, 56 %93 = inttoptr i64 %89 to i64* %94 = load i64, i64* %93, align 8 store i64 %94, i64* %17, align 8, !tbaa !1261 %95 = inttoptr i64 %92 to i64* %96 = load i64, i64* %95, align 8 store i64 %96, i64* %3, align 8, !tbaa !1261 %97 = add i64 %54, 64 store i64 %97, i64* %12, align 8, !tbaa !1261 ret %struct.Memory* %51 block_680: ; preds = %block_676, %block_680 %98 = phi i64 [ 0, %block_676 ], [ %116, %block_680 ] %99 = phi i64 [ %146, %block_676 ], [ %144, %block_680 ] %100 = load i64, i64* %17, align 8 store i64 %100, i64* %9, align 8, !tbaa !1261 %101 = load i64, i64* %16, align 8 store i64 %101, i64* %10, align 8, !tbaa !1261 %102 = load i32, i32* %7, align 4 %103 = zext i32 %102 to i64 store i64 %103, i64* %11, align 8, !tbaa !1261 %104 = load i64, i64* %14, align 8 %105 = shl i64 %98, 3 %106 = add i64 %104, %105 %107 = add i64 %99, 13 %108 = load i64, i64* %12, align 8, !tbaa !1261 %109 = add i64 %108, -8 %110 = inttoptr i64 %109 to i64* store i64 %107, i64* %110, align 8 store i64 %109, i64* %12, align 8, !tbaa !1261 %111 = inttoptr i64 %106 to i64* %112 = load i64, i64* %111, align 8 store i64 %112, i64* %3, align 8, !tbaa !1261 %113 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %112, %struct.Memory* %51) %114 = load i64, i64* %8, align 8 %115 = load i64, i64* %3, align 8 %116 = add i64 %114, 1 store i64 %116, i64* %8, align 8, !tbaa !1261 %117 = lshr i64 %116, 63 %118 = load i64, i64* %13, align 8 %119 = sub i64 %118, %116 %120 = icmp ult i64 %118, %116 %121 = zext i1 %120 to i8 store i8 %121, i8* %41, align 1, !tbaa !1265 %122 = trunc i64 %119 to i32 %123 = and i32 %122, 255 %124 = tail call i32 @llvm.ctpop.i32(i32 %123) #8 %125 = trunc i32 %124 to i8 %126 = and i8 %125, 1 %127 = xor i8 %126, 1 store i8 %127, i8* %42, align 1, !tbaa !1279 %128 = xor i64 %118, %116 %129 = xor i64 %128, %119 %130 = lshr i64 %129, 4 %131 = trunc i64 %130 to i8 %132 = and i8 %131, 1 store i8 %132, i8* %43, align 1, !tbaa !1280 %133 = icmp eq i64 %119, 0 %134 = zext i1 %133 to i8 store i8 %134, i8* %44, align 1, !tbaa !1281 %135 = lshr i64 %119, 63 %136 = trunc i64 %135 to i8 store i8 %136, i8* %45, align 1, !tbaa !1282 %137 = lshr i64 %118, 63 %138 = xor i64 %137, %117 %139 = xor i64 %135, %137 %140 = add nuw nsw i64 %139, %138 %141 = icmp eq i64 %140, 2 %142 = zext i1 %141 to i8 store i8 %142, i8* %46, align 1, !tbaa !1283 %143 = select i1 %133, i64 9, i64 -13 %144 = add i64 %143, %115 br i1 %133, label %block_696.loopexit, label %block_680 block_676: ; preds = %block_640 %145 = load i64, i64* %3, align 8 store i64 0, i64* %8, align 8, !tbaa !1261 store i8 0, i8* %41, align 1, !tbaa !1265 store i8 1, i8* %42, align 1, !tbaa !1279 store i8 1, i8* %44, align 1, !tbaa !1281 store i8 0, i8* %45, align 1, !tbaa !1282 store i8 0, i8* %46, align 1, !tbaa !1283 store i8 0, i8* %43, align 1, !tbaa !1280 %146 = add i64 %145, 15 br label %block_680 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_610_main(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #3 { block_610: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1261 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12, align 8 store i64 %11, i64* %8, align 8, !tbaa !1261 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %19 = add i64 %10, -12 %20 = load i32, i32* %5, align 4 %21 = inttoptr i64 %19 to i32* store i32 %20, i32* %21, align 4 %22 = add i64 %10, -24 %23 = load i64, i64* %6, align 8 %24 = inttoptr i64 %22 to i64* store i64 %23, i64* %24, align 8 %25 = load i32, i32* %21, align 4 %26 = add i32 %25, -4 %27 = icmp ult i32 %25, 4 %28 = zext i1 %27 to i8 store i8 %28, i8* %13, align 1, !tbaa !1265 %29 = and i32 %26, 255 %30 = tail call i32 @llvm.ctpop.i32(i32 %29) #8 %31 = trunc i32 %30 to i8 %32 = and i8 %31, 1 %33 = xor i8 %32, 1 store i8 %33, i8* %14, align 1, !tbaa !1279 %34 = xor i32 %26, %25 %35 = lshr i32 %34, 4 %36 = trunc i32 %35 to i8 %37 = and i8 %36, 1 store i8 %37, i8* %15, align 1, !tbaa !1280 %38 = icmp eq i32 %26, 0 %39 = zext i1 %38 to i8 store i8 %39, i8* %16, align 1, !tbaa !1281 %40 = lshr i32 %26, 31 %41 = trunc i32 %40 to i8 store i8 %41, i8* %17, align 1, !tbaa !1282 %42 = lshr i32 %25, 31 %43 = xor i32 %40, %42 %44 = add nuw nsw i32 %43, %42 %45 = icmp eq i32 %44, 2 %46 = zext i1 %45 to i8 store i8 %46, i8* %18, align 1, !tbaa !1283 %47 = icmp ne i8 %41, 0 %48 = xor i1 %47, %45 %49 = or i1 %38, %48 %50 = select i1 %49, i64 21, i64 33 %51 = add i64 %1, 10 %52 = add i64 %51, %50 %53 = add i64 %10, -32 %54 = inttoptr i64 %53 to i64* store i64 %52, i64* %54, align 8 store i64 %53, i64* %7, align 8, !tbaa !1261 br i1 %49, label %block_625, label %block_631 block_63b: ; preds = %block_625, %block_631 %55 = phi %struct.Memory* [ %63, %block_631 ], [ %64, %block_625 ] %56 = load i64, i64* %8, align 8, !tbaa !1261 %57 = inttoptr i64 %56 to i64* %58 = load i64, i64* %57, align 8 store i64 %58, i64* %8, align 8, !tbaa !1261 %59 = add i64 %56, 8 %60 = inttoptr i64 %59 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %3, align 8, !tbaa !1261 %62 = add i64 %56, 16 store i64 %62, i64* %7, align 8, !tbaa !1261 ret %struct.Memory* %55 block_631: ; preds = %block_610 %63 = tail call %struct.Memory* @sub_605_return_8s(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) br label %block_63b block_625: ; preds = %block_610 %64 = tail call %struct.Memory* @sub_5fa_return_9s(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) br label %block_63b } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_5fa_return_9s(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { block_5fa: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* %5, align 8, !tbaa !1261 %9 = add i64 %8, -8 %10 = inttoptr i64 %9 to i64* store i64 %7, i64* %10, align 8 store i64 99999999, i64* %4, align 8, !tbaa !1261 %11 = load i64, i64* %10, align 8 store i64 %11, i64* %6, align 8, !tbaa !1261 %12 = inttoptr i64 %8 to i64* %13 = load i64, i64* %12, align 8 store i64 %13, i64* %3, align 8, !tbaa !1261 %14 = add i64 %8, 8 store i64 %14, i64* %5, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_605_return_8s(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { block_605: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %7 = load i64, i64* %6, align 8 %8 = load i64, i64* %5, align 8, !tbaa !1261 %9 = add i64 %8, -8 %10 = inttoptr i64 %9 to i64* store i64 %7, i64* %10, align 8 store i64 88888888, i64* %4, align 8, !tbaa !1261 %11 = load i64, i64* %10, align 8 store i64 %11, i64* %6, align 8, !tbaa !1261 %12 = inttoptr i64 %8 to i64* %13 = load i64, i64* %12, align 8 store i64 %13, i64* %3, align 8, !tbaa !1261 %14 = add i64 %8, 8 store i64 %14, i64* %5, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5b0___do_global_dtors_aux(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #3 { block_5b0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %6 = load i8, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i64 0, i32 0, i64 0), align 8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %7, align 1, !tbaa !1265 %8 = zext i8 %6 to i32 %9 = tail call i32 @llvm.ctpop.i32(i32 %8) #8 %10 = trunc i32 %9 to i8 %11 = and i8 %10, 1 %12 = xor i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %12, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 0, i8* %14, align 1, !tbaa !1280 %15 = icmp eq i8 %6, 0 %16 = zext i1 %15 to i8 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %16, i8* %17, align 1, !tbaa !1281 %18 = lshr i8 %6, 7 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %18, i8* %19, align 1, !tbaa !1282 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 0, i8* %20, align 1, !tbaa !1283 %21 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 br i1 %15, label %block_5b9, label %block_5e8 block_5c7: ; preds = %block_5b9 %22 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) to i64*), align 8 store i64 %22, i64* %4, align 8, !tbaa !1261 %23 = add i64 %46, 12 %24 = add i64 %42, -16 %25 = inttoptr i64 %24 to i64* store i64 %23, i64* %25, align 8 store i64 %24, i64* %21, align 8, !tbaa !1261 %26 = tail call %struct.Memory* @sub_4e0_targ4e0(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) %27 = load i64, i64* %3, align 8 %28 = load i64, i64* %21, align 8, !tbaa !1261 br label %block_5d3 block_5b9: ; preds = %block_5b0 %29 = add i64 %1, 9 %30 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 56) to i64*), align 8 store i8 0, i8* %7, align 1, !tbaa !1265 %31 = trunc i64 %30 to i32 %32 = and i32 %31, 255 %33 = tail call i32 @llvm.ctpop.i32(i32 %32) #8 %34 = trunc i32 %33 to i8 %35 = and i8 %34, 1 %36 = xor i8 %35, 1 store i8 %36, i8* %13, align 1, !tbaa !1279 store i8 0, i8* %14, align 1, !tbaa !1280 %37 = icmp eq i64 %30, 0 %38 = zext i1 %37 to i8 store i8 %38, i8* %17, align 1, !tbaa !1281 %39 = lshr i64 %30, 63 %40 = trunc i64 %39 to i8 store i8 %40, i8* %19, align 1, !tbaa !1282 store i8 0, i8* %20, align 1, !tbaa !1283 %41 = load i64, i64* %5, align 8 %42 = load i64, i64* %21, align 8, !tbaa !1261 %43 = add i64 %42, -8 %44 = inttoptr i64 %43 to i64* store i64 %41, i64* %44, align 8 store i64 %43, i64* %5, align 8, !tbaa !1261 %45 = select i1 %37, i64 26, i64 14 %46 = add i64 %29, %45 br i1 %37, label %block_5d3, label %block_5c7 block_5e8: ; preds = %block_5b0 %47 = load i64, i64* %21, align 8, !tbaa !1261 %48 = inttoptr i64 %47 to i64* %49 = load i64, i64* %48, align 8 store i64 %49, i64* %3, align 8, !tbaa !1261 %50 = add i64 %47, 8 store i64 %50, i64* %21, align 8, !tbaa !1261 ret %struct.Memory* %2 block_5d3: ; preds = %block_5b9, %block_5c7 %51 = phi i64 [ %43, %block_5b9 ], [ %28, %block_5c7 ] %52 = phi i64 [ %46, %block_5b9 ], [ %27, %block_5c7 ] %53 = phi %struct.Memory* [ %2, %block_5b9 ], [ %26, %block_5c7 ] %54 = add i64 %52, 5 %55 = add i64 %51, -8 %56 = inttoptr i64 %55 to i64* store i64 %54, i64* %56, align 8 store i64 %55, i64* %21, align 8, !tbaa !1261 %57 = tail call %struct.Memory* @sub_520_deregister_tm_clones(%struct.State* nonnull %0, i64 undef, %struct.Memory* %53) store i8 1, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i64 0, i32 0, i64 0), align 8 %58 = load i64, i64* %21, align 8, !tbaa !1261 %59 = add i64 %58, 8 %60 = inttoptr i64 %58 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %5, align 8, !tbaa !1261 %62 = inttoptr i64 %59 to i64* %63 = load i64, i64* %62, align 8 store i64 %63, i64* %3, align 8, !tbaa !1261 %64 = add i64 %58, 16 store i64 %64, i64* %21, align 8, !tbaa !1261 ret %struct.Memory* %57 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_6b4__fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_6b4: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, -8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %9 = xor i64 %6, %5 %10 = lshr i64 %9, 4 %11 = trunc i64 %10 to i8 %12 = and i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %15 = lshr i64 %6, 63 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = lshr i64 %5, 63 %18 = xor i64 %15, %17 %19 = add nuw nsw i64 %18, %17 %20 = icmp eq i64 %19, 2 %21 = zext i1 %20 to i8 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %23 = icmp ult i64 %5, 8 %24 = zext i1 %23 to i8 store i8 %24, i8* %7, align 1, !tbaa !1265 %25 = trunc i64 %5 to i32 %26 = and i32 %25, 255 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #8 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %8, align 1, !tbaa !1279 store i8 %12, i8* %13, align 1, !tbaa !1280 %31 = icmp eq i64 %5, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %14, align 1, !tbaa !1281 %33 = trunc i64 %17 to i8 store i8 %33, i8* %16, align 1, !tbaa !1282 store i8 %21, i8* %22, align 1, !tbaa !1283 %34 = inttoptr i64 %5 to i64* %35 = load i64, i64* %34, align 8 store i64 %35, i64* %3, align 8, !tbaa !1261 %36 = add i64 %5, 8 store i64 %36, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_560_register_tm_clones(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { block_5a0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %6, align 8, !tbaa !1261 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1261 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12, align 8 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 0, i64* %4, align 8, !tbaa !1261 store i64 0, i64* %5, align 8, !tbaa !1261 store i8 0, i8* %13, align 1, !tbaa !1284 store i8 1, i8* %14, align 1, !tbaa !1284 store i8 0, i8* %15, align 1, !tbaa !1284 store i8 1, i8* %16, align 1, !tbaa !1284 store i8 0, i8* %17, align 1, !tbaa !1284 store i8 0, i8* %18, align 1, !tbaa !1284 %19 = load i64, i64* %12, align 8 store i64 %19, i64* %8, align 8, !tbaa !1261 %20 = inttoptr i64 %10 to i64* %21 = load i64, i64* %20, align 8 store i64 %21, i64* %3, align 8, !tbaa !1261 %22 = add i64 %10, 8 store i64 %22, i64* %7, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_520_deregister_tm_clones(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { block_550: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %5, align 8, !tbaa !1261 %8 = load i64, i64* %7, align 8 %9 = load i64, i64* %6, align 8, !tbaa !1261 %10 = add i64 %9, -8 %11 = inttoptr i64 %10 to i64* store i64 %8, i64* %11, align 8 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %4, align 8, !tbaa !1261 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %12, align 1, !tbaa !1265 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 1, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 and (i8 trunc (i64 lshr (i64 xor (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64)), i64 4) to i8), i8 1), i8* %14, align 1, !tbaa !1280 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 1, i8* %15, align 1, !tbaa !1281 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 0, i8* %16, align 1, !tbaa !1282 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 zext (i1 icmp eq (i64 add (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 xor (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63))), i64 2) to i8), i8* %17, align 1, !tbaa !1283 %18 = load i64, i64* %11, align 8 store i64 %18, i64* %7, align 8, !tbaa !1261 %19 = inttoptr i64 %9 to i64* %20 = load i64, i64* %19, align 8 store i64 %20, i64* %3, align 8, !tbaa !1261 %21 = add i64 %9, 8 store i64 %21, i64* %6, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline noreturn nounwind define noalias nonnull %struct.Memory* @sub_4f0__start(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #4 { block_4f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 store i64 0, i64* %10, align 8, !tbaa !1261 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %19 = load i64, i64* %6, align 8 store i64 %19, i64* %12, align 8, !tbaa !1261 %20 = load i64, i64* %9, align 8, !tbaa !1261 %21 = add i64 %20, 8 %22 = inttoptr i64 %20 to i64* %23 = load i64, i64* %22, align 8 store i64 %23, i64* %7, align 8, !tbaa !1261 store i64 %21, i64* %6, align 8, !tbaa !1261 %24 = and i64 %21, -16 store i8 0, i8* %13, align 1, !tbaa !1265 %25 = trunc i64 %21 to i32 %26 = and i32 %25, 240 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #8 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %14, align 1, !tbaa !1279 %31 = icmp eq i64 %24, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %15, align 1, !tbaa !1281 %33 = lshr i64 %21, 63 %34 = trunc i64 %33 to i8 store i8 %34, i8* %16, align 1, !tbaa !1282 store i8 0, i8* %17, align 1, !tbaa !1283 store i8 0, i8* %18, align 1, !tbaa !1280 %35 = load i64, i64* %4, align 8 %36 = add i64 %24, -8 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37, align 8 %38 = add i64 %24, -16 %39 = inttoptr i64 %38 to i64* store i64 %36, i64* %39, align 16 store i64 ptrtoint (i64 ()* @callback_sub_6b0___libc_csu_fini to i64), i64* %11, align 8, !tbaa !1261 store i64 ptrtoint (i64 ()* @callback_sub_640___libc_csu_init to i64), i64* %5, align 8, !tbaa !1261 store i64 ptrtoint (i64 (i64, i64, i64)* @main to i64), i64* %8, align 8, !tbaa !1261 %40 = add i64 %1, 42 %41 = add i64 %24, -24 %42 = inttoptr i64 %41 to i64* store i64 %40, i64* %42, align 8 store i64 %41, i64* %9, align 8, !tbaa !1261 %43 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 32) to i64*), align 16 store i64 %43, i64* %3, align 8, !tbaa !1261 %44 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %43, %struct.Memory* %2) %45 = load i64, i64* %3, align 8 %46 = add i64 %45, 1 store i64 %46, i64* %3, align 8 %47 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull undef, i64 undef, %struct.Memory* undef) unreachable } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_5f0_frame_dummy(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #2 { block_5f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = load i64, i64* %3, align 8, !tbaa !1261 %7 = add i64 %6, -8 %8 = inttoptr i64 %7 to i64* store i64 %5, i64* %8, align 8 store i64 %5, i64* %4, align 8, !tbaa !1261 store i64 %6, i64* %3, align 8, !tbaa !1261 %9 = tail call %struct.Memory* @sub_560_register_tm_clones(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) ret %struct.Memory* %9 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4e0_targ4e0(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_4e0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 56) to i64*), align 8 store i64 %4, i64* %3, align 8, !tbaa !1261 %5 = icmp eq i64 %4, 1254 br i1 %5, label %block_4e6, label %7 block_4e6: ; preds = %block_4e0 %6 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull undef, i64 undef, %struct.Memory* undef) unreachable ; <label>:7: ; preds = %block_4e0 %8 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %4, %struct.Memory* %2) ret %struct.Memory* %8 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4b8__init(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #3 { block_4b8: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, -8 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %14 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fc0__got_type* @seg_200fc0__got to i64), i64 40) to i64*), align 8 store i64 %14, i64* %4, align 8, !tbaa !1261 store i8 0, i8* %8, align 1, !tbaa !1265 %15 = trunc i64 %14 to i32 %16 = and i32 %15, 255 %17 = tail call i32 @llvm.ctpop.i32(i32 %16) #8 %18 = trunc i32 %17 to i8 %19 = and i8 %18, 1 %20 = xor i8 %19, 1 store i8 %20, i8* %9, align 1, !tbaa !1279 %21 = icmp eq i64 %14, 0 %22 = zext i1 %21 to i8 store i8 %22, i8* %11, align 1, !tbaa !1281 %23 = lshr i64 %14, 63 %24 = trunc i64 %23 to i8 store i8 %24, i8* %12, align 1, !tbaa !1282 store i8 0, i8* %13, align 1, !tbaa !1283 store i8 0, i8* %10, align 1, !tbaa !1280 br i1 %21, label %block_4ca, label %block_4c8 block_4ca: ; preds = %block_4c8, %block_4b8 %25 = phi i64 [ %7, %block_4b8 ], [ %56, %block_4c8 ] %26 = phi %struct.Memory* [ %2, %block_4b8 ], [ %55, %block_4c8 ] %27 = add i64 %25, 8 %28 = icmp ugt i64 %25, -9 %29 = zext i1 %28 to i8 store i8 %29, i8* %8, align 1, !tbaa !1265 %30 = trunc i64 %27 to i32 %31 = and i32 %30, 255 %32 = tail call i32 @llvm.ctpop.i32(i32 %31) #8 %33 = trunc i32 %32 to i8 %34 = and i8 %33, 1 %35 = xor i8 %34, 1 store i8 %35, i8* %9, align 1, !tbaa !1279 %36 = xor i64 %27, %25 %37 = lshr i64 %36, 4 %38 = trunc i64 %37 to i8 %39 = and i8 %38, 1 store i8 %39, i8* %10, align 1, !tbaa !1280 %40 = icmp eq i64 %27, 0 %41 = zext i1 %40 to i8 store i8 %41, i8* %11, align 1, !tbaa !1281 %42 = lshr i64 %27, 63 %43 = trunc i64 %42 to i8 store i8 %43, i8* %12, align 1, !tbaa !1282 %44 = lshr i64 %25, 63 %45 = xor i64 %42, %44 %46 = add nuw nsw i64 %45, %42 %47 = icmp eq i64 %46, 2 %48 = zext i1 %47 to i8 store i8 %48, i8* %13, align 1, !tbaa !1283 %49 = inttoptr i64 %27 to i64* %50 = load i64, i64* %49, align 8 store i64 %50, i64* %3, align 8, !tbaa !1261 %51 = add i64 %25, 16 store i64 %51, i64* %5, align 8, !tbaa !1261 ret %struct.Memory* %26 block_4c8: ; preds = %block_4b8 %52 = add i64 %1, 18 %53 = add i64 %6, -16 %54 = inttoptr i64 %53 to i64* store i64 %52, i64* %54, align 8 store i64 %53, i64* %5, align 8, !tbaa !1261 store i64 %14, i64* %3, align 8, !tbaa !1261 %55 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %14, %struct.Memory* %2) %56 = load i64, i64* %5, align 8 br label %block_4ca } ; Function Attrs: nobuiltin noinline norecurse nounwind define i64 @callback_sub_5f0_frame_dummy(i64, i64, i64, i64, i64, i64, i64, i64) #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1520, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5f0_frame_dummy(%struct.State* nonnull @__mcsema_reg_state, i64 1520, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define void @__mcsema_verify_reg_state() local_unnamed_addr #6 { entry: %0 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %1 = icmp eq i64 %0, 0 br i1 %1, label %is_null, label %end is_null: ; preds = %entry store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %end end: ; preds = %is_null, %entry ret void } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_5b0___do_global_dtors_aux(i64, i64, i64, i64, i64, i64, i64, i64) #7 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1456, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5b0___do_global_dtors_aux(%struct.State* nonnull @__mcsema_reg_state, i64 1456, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: noinline nounwind define %struct.Memory* @__mcsema_detach_call_value(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 %13 = load i64, i64* %9, align 8 %14 = load i64, i64* %8, align 8 %15 = load i64, i64* %7, align 8 %16 = load i64, i64* %6, align 8 %17 = load i64, i64* %11, align 8 %18 = load i64, i64* %12, align 8 %19 = load i64, i64* %10, align 8 %20 = add i64 %19, 8 %21 = inttoptr i64 %20 to i64* %22 = load i64, i64* %21, align 8 %23 = add i64 %19, 16 %24 = inttoptr i64 %23 to i64* %25 = load i64, i64* %24, align 8 %26 = inttoptr i64 %1 to i64 (i64, i64, i64, i64, i64, i64, i64, i64)* %27 = tail call i64 %26(i64 %13, i64 %14, i64 %15, i64 %16, i64 %17, i64 %18, i64 %22, i64 %25) #8 store i64 %27, i64* %5, align 8 %28 = inttoptr i64 %19 to i64* %29 = load i64, i64* %28, align 8 store i64 %29, i64* %4, align 8 store i64 %20, i64* %10, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline norecurse nounwind define i64 @callback_sub_6b0___libc_csu_fini() #5 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1712, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_6b0___libc_csu_fini(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_640___libc_csu_init() #7 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1600, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_640___libc_csu_init(%struct.State* nonnull @__mcsema_reg_state, i64 1600, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @main(i64, i64, i64) #7 { %4 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %3 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %3 %6 = phi i64 [ %4, %3 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1552, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %7 = load volatile i1, i1* @0, align 1 br i1 %7, label %__mcsema_early_init.exit, label %8 ; <label>:8: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %8, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 %9 = add i64 %6, -8 store i64 %9, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = tail call %struct.Memory* @sub_610_main(%struct.State* nonnull @__mcsema_reg_state, i64 1552, %struct.Memory* null) store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %11 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %11 } ; Function Attrs: nobuiltin noinline norecurse nounwind define i64 @return_8s(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1541, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_605_return_8s(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nobuiltin noinline nounwind define i64 @targ4e0(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #7 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1248, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_4e0_targ4e0(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nobuiltin noinline norecurse nounwind define i64 @return_9s(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1530, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_5fa_return_9s(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define internal void @__mcsema_destructor() #6 { %1 = tail call i64 @callback_sub_6b0___libc_csu_fini() ret void } ; Function Attrs: nounwind define internal void @__mcsema_constructor() #8 { %1 = load volatile i1, i1* @0, align 1 br i1 %1, label %__mcsema_early_init.exit, label %2 ; <label>:2: ; preds = %0 store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %2, %0 %3 = tail call i64 @callback_sub_640___libc_csu_init() ret void } ; Function Attrs: noinline nounwind optnone define %struct.State* @__mcsema_debug_get_reg_state() local_unnamed_addr #9 { ret %struct.State* @__mcsema_reg_state } ; Function Attrs: noreturn nounwind declare void @llvm.trap() #10 attributes #0 = { nounwind readnone } attributes #1 = { noduplicate noinline noreturn nounwind optnone "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #2 = { noinline norecurse nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #3 = { noinline nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #4 = { noinline noreturn nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #5 = { nobuiltin noinline norecurse nounwind } attributes #6 = { norecurse nounwind } attributes #7 = { nobuiltin noinline nounwind } attributes #8 = { nounwind } attributes #9 = { noinline nounwind optnone } attributes #10 = { noreturn nounwind } !llvm.ident = !{!0, !0} !llvm.dbg.cu = !{!1} !llvm.module.flags = !{!1259, !1260}

Test4

Source code:
#include <stdio.h> #include <stdlib.h> void printArray(char *arr, int max) { for (int i = 0; i < max; i++) { printf("char: %c\n",(arr[i])); } } int main() { char arr[] = {'D', 'a', 'v', 'i', 'd'}; int n = 5; printf("The array:\n"); printArray((char *)&arr, n); return 0; }

Raised by mctoll
Non-optimised:
; ModuleID = '../a.out' source_filename = "../a.out" @RO-String = private constant [10 x i8] c"char: %c\0A\00", align 1 @RO-String.1 = private constant [11 x i8] c"The array:\00", align 1 declare dso_local i32 @printf(i8*, ...) define dso_local i32 @printArray(i64 %arg1, i32 %arg2) { entry: %0 = alloca i64, align 8 %StackAdj = alloca i64, align 8 %1 = alloca i64, i32 3, align 8 %2 = alloca i32, align 4 %3 = alloca i32, align 4 %4 = ptrtoint i64* %0 to i64 store i64 %arg1, i64* %1, align 8 store i32 %arg2, i32* %2, align 4 store i32 0, i32* %3, align 4 br label %bb.2 bb.2: ; preds = %bb.1, %entry %5 = load i32, i32* %3, align 4 %6 = load i32, i32* %2, align 4 %7 = sub i32 %5, %6 %ZF = icmp eq i32 %7, 0 %8 = shl i32 1, 31 %9 = and i32 %8, %7 %SF = icmp eq i32 %9, %8 %SFAndOF_JL = icmp ne i1 %SF, false br i1 %SFAndOF_JL, label %bb.1, label %bb.3 bb.3: ; preds = %bb.2 ret i32 %5 bb.1: ; preds = %bb.2 %10 = load i32, i32* %3, align 4 %11 = sext i32 %10 to i64 %12 = load i64, i64* %1, align 8 %13 = add nsw i64 %12, %11 %14 = shl i64 1, 63 %15 = and i64 %14, %13 %SF1 = icmp eq i64 %15, %14 %ZF2 = icmp eq i64 %13, 0 %16 = inttoptr i64 %13 to i32* %17 = load i32, i32* %16, align 4 %18 = trunc i32 %17 to i8 %19 = zext i8 %18 to i32 %20 = trunc i32 %19 to i8 %21 = sext i8 %20 to i32 %22 = ptrtoint [10 x i8]* @RO-String to i64 %23 = inttoptr i64 %22 to i8* %24 = call i32 (i8*, ...) @printf(i8* %23, i32 %21, i64 %11) %25 = load i32, i32* %3, align 4 %26 = zext i8 1 to i32 %27 = add i32 %25, %26 store i32 %27, i32* %3, align 4 br label %bb.2 } declare dso_local i32 @puts(i8*) define dso_local i32 @main() { entry: %0 = alloca i64, align 8 %StackAdj = alloca i64, align 8 %1 = alloca i8, align 1 %2 = alloca i8, align 1 %3 = alloca i8, align 1 %4 = alloca i8, align 1 %5 = alloca i8, align 1 %6 = alloca i32, align 4 %7 = ptrtoint i64* %0 to i64 store i8 68, i8* %1, align 1 store i8 97, i8* %2, align 1 store i8 118, i8* %3, align 1 store i8 105, i8* %4, align 1 store i8 100, i8* %5, align 1 store i32 5, i32* %6, align 4 %8 = ptrtoint [11 x i8]* @RO-String.1 to i64 %9 = inttoptr i64 %8 to i8* %10 = call i32 @puts(i8* %9) %11 = load i32, i32* %6, align 4 %12 = ptrtoint i8* %1 to i64 %13 = call i32 @printArray(i64 %12, i32 %11) ret i32 0 }

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "../a.out" @RO-String = private constant [10 x i8] c"char: %c\0A\00", align 1 @RO-String.1 = private constant [11 x i8] c"The array:\00", align 1 ; Function Attrs: nounwind declare dso_local i32 @printf(i8* nocapture readonly, ...) local_unnamed_addr #0 ; Function Attrs: nounwind define dso_local i32 @printArray(i64 %arg1, i32 %arg2) local_unnamed_addr #0 { entry: %0 = sub i32 0, %arg2 %SF4 = icmp slt i32 %0, 0 br i1 %SF4, label %bb.1, label %bb.3 bb.3: ; preds = %bb.1, %entry %.0.lcssa = phi i32 [ 0, %entry ], [ %8, %bb.1 ] ret i32 %.0.lcssa bb.1: ; preds = %entry, %bb.1 %.05 = phi i32 [ %8, %bb.1 ], [ 0, %entry ] %1 = sext i32 %.05 to i64 %2 = add nsw i64 %1, %arg1 %3 = inttoptr i64 %2 to i32* %4 = load i32, i32* %3, align 4 %5 = shl i32 %4, 24 %6 = ashr exact i32 %5, 24 %7 = tail call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @RO-String, i64 0, i64 0), i32 %6, i64 %1) %8 = add nuw i32 %.05, 1 %9 = sub i32 %8, %arg2 %SF = icmp slt i32 %9, 0 br i1 %SF, label %bb.1, label %bb.3 } ; Function Attrs: nounwind declare dso_local i32 @puts(i8* nocapture readonly) local_unnamed_addr #0 ; Function Attrs: nounwind define dso_local i32 @main() local_unnamed_addr #0 { entry: %0 = alloca i8, align 4 store i8 68, i8* %0, align 4 %1 = tail call i32 @puts(i8* getelementptr inbounds ([11 x i8], [11 x i8]* @RO-String.1, i64 0, i64 0)) %2 = ptrtoint i8* %0 to i64 %3 = bitcast i8* %0 to i32* %4 = load i32, i32* %3, align 4 %5 = shl i32 %4, 24 %6 = ashr exact i32 %5, 24 %7 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @RO-String, i64 0, i64 0), i32 %6, i64 0) #0 %8 = or i64 %2, 1 %9 = inttoptr i64 %8 to i32* %10 = load i32, i32* %9, align 4 %11 = shl i32 %10, 24 %12 = ashr exact i32 %11, 24 %13 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @RO-String, i64 0, i64 0), i32 %12, i64 1) #0 %14 = or i64 %2, 2 %15 = inttoptr i64 %14 to i32* %16 = load i32, i32* %15, align 4 %17 = shl i32 %16, 24 %18 = ashr exact i32 %17, 24 %19 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @RO-String, i64 0, i64 0), i32 %18, i64 2) #0 %20 = or i64 %2, 3 %21 = inttoptr i64 %20 to i32* %22 = load i32, i32* %21, align 4 %23 = shl i32 %22, 24 %24 = ashr exact i32 %23, 24 %25 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @RO-String, i64 0, i64 0), i32 %24, i64 3) #0 %26 = add nsw i64 %2, 4 %27 = inttoptr i64 %26 to i32* %28 = load i32, i32* %27, align 4 %29 = shl i32 %28, 24 %30 = ashr exact i32 %29, 24 %31 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @RO-String, i64 0, i64 0), i32 %30, i64 4) #0 ret i32 0 } attributes #0 = { nounwind }

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "test" target datalayout = "e-m:e-p:64:64-i64:64-f80:128-n8:16:32:64-S128" @global_var_201010.1 = global i64 0 @global_var_7a4.3 = constant [10 x i8] c"char: %c\0A\00" @global_var_7ae.4 = constant [11 x i8] c"The array:\00" @global_var_200db0.5 = local_unnamed_addr global i64 1664 @global_var_200db8.6 = local_unnamed_addr global i64 1600 @0 = external global i32 define i64 @_init() local_unnamed_addr { dec_label_pc_528: %v0_52c = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_533 = icmp eq i64 %v0_52c, 0 br i1 %v1_533, label %dec_label_pc_53a, label %dec_label_pc_538 dec_label_pc_538: ; preds = %dec_label_pc_528 tail call void @__gmon_start__() br label %dec_label_pc_53a dec_label_pc_53a: ; preds = %dec_label_pc_538, %dec_label_pc_528 %v0_53e = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_538 ], [ 0, %dec_label_pc_528 ] ret i64 %v0_53e } ; Function Attrs: nounwind define i32 @function_550(i8* nocapture readonly %s) local_unnamed_addr #0 { dec_label_pc_550: %v2_550 = tail call i32 @puts(i8* %s) ret i32 %v2_550 } ; Function Attrs: nounwind define i32 @function_560(i8* nocapture readonly %format, ...) local_unnamed_addr #0 { dec_label_pc_560: %v2_560 = tail call i32 (i8*, ...) @printf(i8* %format) ret i32 %v2_560 } define void @function_570(i64* %d) local_unnamed_addr { dec_label_pc_570: tail call void @__cxa_finalize(i64* %d) ret void } ; Function Attrs: noreturn define i64 @_start(i64 %arg1, i64 %arg2, i64 %arg3, i64 %arg4) local_unnamed_addr #1 { dec_label_pc_580: %stack_var_8 = alloca i8*, align 8 %v2_5a4 = trunc i64 %arg4 to i32 %v13_5a4 = inttoptr i64 %arg3 to void ()* %v14_5a4 = call i32 @__libc_start_main(i64 1751, i32 %v2_5a4, i8** nonnull %stack_var_8, void ()* inttoptr (i64 1824 to void ()*), void ()* inttoptr (i64 1936 to void ()*), void ()* %v13_5a4) %v0_5aa = call i64 @__asm_hlt() unreachable } ; Function Attrs: norecurse nounwind readnone define i64 @deregister_tm_clones() local_unnamed_addr #2 { dec_label_pc_5b0: ret i64 ptrtoint (i64* @global_var_201010.1 to i64) } ; Function Attrs: norecurse nounwind readnone define i64 @register_tm_clones() local_unnamed_addr #2 { dec_label_pc_5f0: ret i64 0 } define i64 @__do_global_dtors_aux() local_unnamed_addr { dec_label_pc_640: %v0_640 = load i8, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v7_640 = icmp eq i8 %v0_640, 0 br i1 %v7_640, label %dec_label_pc_649, label %dec_label_pc_678 dec_label_pc_649: ; preds = %dec_label_pc_640 %v0_649 = load i64, i64* inttoptr (i64 2101240 to i64*), align 8 %v7_649 = icmp eq i64 %v0_649, 0 br i1 %v7_649, label %dec_label_pc_663, label %dec_label_pc_657 dec_label_pc_657: ; preds = %dec_label_pc_649 %v0_6571 = load i64*, i64** inttoptr (i64 2101256 to i64**), align 8 tail call void @__cxa_finalize(i64* %v0_6571) br label %dec_label_pc_663 dec_label_pc_663: ; preds = %dec_label_pc_657, %dec_label_pc_649 store i8 1, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 ret i64 ptrtoint (i64* @global_var_201010.1 to i64) dec_label_pc_678: ; preds = %dec_label_pc_640 ret i64 undef } ; Function Attrs: norecurse nounwind readnone define i64 @frame_dummy() local_unnamed_addr #2 { dec_label_pc_680: ret i64 0 } ; Function Attrs: nounwind define i64 @printArray(i8* %arg1, i64 %arg2) local_unnamed_addr #0 { dec_label_pc_68a: %tmp16 = ptrtoint i8* %arg1 to i64 %v6_6cf = trunc i64 %arg2 to i32 %v8_6d27 = icmp sgt i32 %v6_6cf, 0 br i1 %v8_6d27, label %dec_label_pc_6a2.preheader, label %dec_label_pc_6d4 dec_label_pc_6a2.preheader: ; preds = %dec_label_pc_68a %tmp32 = add i64 %arg2, 4294967295 %zext = and i64 %arg2, 4294967295 br label %dec_label_pc_6a2 dec_label_pc_6a2: ; preds = %dec_label_pc_6a2, %dec_label_pc_6a2.preheader %indvars.iv = phi i64 [ %indvars.iv.next, %dec_label_pc_6a2 ], [ 0, %dec_label_pc_6a2.preheader ] %v2_6ac = add i64 %indvars.iv, %tmp16 %v1_6af = inttoptr i64 %v2_6ac to i8* %v2_6af = load i8, i8* %v1_6af, align 1 %v6_6c3 = tail call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @global_var_7a4.3, i64 0, i64 0), i8 %v2_6af) %indvars.iv.next = add nuw nsw i64 %indvars.iv, 1 %0 = icmp eq i64 %indvars.iv.next, %zext br i1 %0, label %dec_label_pc_6cc.dec_label_pc_6d4_crit_edge, label %dec_label_pc_6a2 dec_label_pc_6cc.dec_label_pc_6d4_crit_edge: ; preds = %dec_label_pc_6a2 %tmp33 = and i64 %tmp32, 4294967295 %tmp34 = add nuw nsw i64 %tmp33, 1 br label %dec_label_pc_6d4 dec_label_pc_6d4: ; preds = %dec_label_pc_6cc.dec_label_pc_6d4_crit_edge, %dec_label_pc_68a %v0_6d6 = phi i64 [ %tmp34, %dec_label_pc_6cc.dec_label_pc_6d4_crit_edge ], [ 0, %dec_label_pc_68a ] ret i64 %v0_6d6 } ; Function Attrs: nounwind define i64 @main(i64 %argc, i8** nocapture readnone %argv) local_unnamed_addr #0 { dec_label_pc_6d7: %stack_var_-17 = alloca i8, align 1 store i8 68, i8* %stack_var_-17, align 1 %v3_701 = tail call i32 @puts(i8* getelementptr inbounds ([11 x i8], [11 x i8]* @global_var_7ae.4, i64 0, i64 0)) %tmp16.i = ptrtoint i8* %stack_var_-17 to i64 %v6_6c3.i = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @global_var_7a4.3, i64 0, i64 0), i8 68) #0 %v2_6ac.i.1 = add i64 %tmp16.i, 1 %v1_6af.i.1 = inttoptr i64 %v2_6ac.i.1 to i8* %v2_6af.i.1 = load i8, i8* %v1_6af.i.1, align 1 %v6_6c3.i.1 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @global_var_7a4.3, i64 0, i64 0), i8 %v2_6af.i.1) #0 %v2_6ac.i.2 = add i64 %tmp16.i, 2 %v1_6af.i.2 = inttoptr i64 %v2_6ac.i.2 to i8* %v2_6af.i.2 = load i8, i8* %v1_6af.i.2, align 1 %v6_6c3.i.2 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @global_var_7a4.3, i64 0, i64 0), i8 %v2_6af.i.2) #0 %v2_6ac.i.3 = add i64 %tmp16.i, 3 %v1_6af.i.3 = inttoptr i64 %v2_6ac.i.3 to i8* %v2_6af.i.3 = load i8, i8* %v1_6af.i.3, align 1 %v6_6c3.i.3 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @global_var_7a4.3, i64 0, i64 0), i8 %v2_6af.i.3) #0 %v2_6ac.i.4 = add i64 %tmp16.i, 4 %v1_6af.i.4 = inttoptr i64 %v2_6ac.i.4 to i8* %v2_6af.i.4 = load i8, i8* %v1_6af.i.4, align 1 %v6_6c3.i.4 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @global_var_7a4.3, i64 0, i64 0), i8 %v2_6af.i.4) #0 ret i64 0 } define i64 @__libc_csu_init(i64 %arg1, i64 %arg2, i64 %arg3) local_unnamed_addr { dec_label_pc_720: %v0_52c.i = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_533.i = icmp eq i64 %v0_52c.i, 0 br i1 %v1_533.i, label %dec_label_pc_776, label %dec_label_pc_538.i dec_label_pc_538.i: ; preds = %dec_label_pc_720 tail call void @__gmon_start__() br label %dec_label_pc_776 dec_label_pc_776: ; preds = %dec_label_pc_538.i, %dec_label_pc_720 %v0_53e.i = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_538.i ], [ 0, %dec_label_pc_720 ] ret i64 %v0_53e.i } ; Function Attrs: norecurse nounwind readnone define i64 @__libc_csu_fini() local_unnamed_addr #2 { dec_label_pc_790: ret i64 undef } ; Function Attrs: norecurse nounwind readnone define i64 @_fini() local_unnamed_addr #2 { dec_label_pc_794: ret i64 undef } ; Function Attrs: nounwind declare i32 @puts(i8* nocapture readonly) local_unnamed_addr #0 ; Function Attrs: nounwind declare i32 @printf(i8* nocapture readonly, ...) local_unnamed_addr #0 declare i32 @__libc_start_main(i64, i32, i8**, void ()*, void ()*, void ()*) local_unnamed_addr declare void @__gmon_start__() local_unnamed_addr declare void @__cxa_finalize(i64*) local_unnamed_addr declare i64 @__asm_hlt() local_unnamed_addr attributes #0 = { nounwind } attributes #1 = { noreturn } attributes #2 = { norecurse nounwind readnone }

Raised by mcsema
Non-optimised:
; ModuleID = 'lifted.bc' source_filename = "llvm-link" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-pc-linux-gnu-elf" %union.anon = type { i64 } %seg_7a0__rodata_type = type <{ [25 x i8] }> %seg_200db0__init_array_type = type <{ i64, i64 }> %seg_200fb0__got_type = type <{ [80 x i8] }> %seg_201000__data_type = type <{ [8 x i8], i64 }> %seg_201010__bss_type = type <{ [8 x i8] }> %struct.State = type { %struct.ArchState, [32 x %union.VectorReg], %struct.ArithFlags, %union.anon, %struct.Segments, %struct.AddressSpace, %struct.GPR, %struct.X87Stack, %struct.MMX, %struct.FPUStatusFlags, %union.anon, %union.FPU, %struct.SegmentCaches } %struct.ArchState = type { i32, i32, %union.anon } %union.VectorReg = type { %union.vec512_t } %union.vec512_t = type { %struct.uint64v8_t } %struct.uint64v8_t = type { [8 x i64] } %struct.ArithFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8 } %struct.Segments = type { i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector } %union.SegmentSelector = type { i16 } %struct.AddressSpace = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.Reg = type { %union.anon } %struct.GPR = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.X87Stack = type { [8 x %struct.anon.3] } %struct.anon.3 = type { i64, double } %struct.MMX = type { [8 x %struct.anon.4] } %struct.anon.4 = type { i64, %union.vec64_t } %union.vec64_t = type { %struct.uint64v1_t } %struct.uint64v1_t = type { [1 x i64] } %struct.FPUStatusFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, [4 x i8] } %union.FPU = type { %struct.anon.13 } %struct.anon.13 = type { %struct.FpuFXSAVE, [96 x i8] } %struct.FpuFXSAVE = type { %union.SegmentSelector, %union.SegmentSelector, %union.FPUAbridgedTagWord, i8, i16, i32, %union.SegmentSelector, i16, i32, %union.SegmentSelector, i16, %union.FPUControlStatus, %union.FPUControlStatus, [8 x %struct.FPUStackElem], [16 x %union.vec128_t] } %union.FPUAbridgedTagWord = type { i8 } %union.FPUControlStatus = type { i32 } %struct.FPUStackElem = type { %union.anon.11, [6 x i8] } %union.anon.11 = type { %struct.float80_t } %struct.float80_t = type { [10 x i8] } %union.vec128_t = type { %struct.uint128v1_t } %struct.uint128v1_t = type { [1 x i128] } %struct.SegmentCaches = type { %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow } %struct.SegmentShadow = type { %union.anon, i32, i32 } %struct.Memory = type opaque @DR0 = external global i64, align 8 @DR1 = external global i64, align 8 @DR2 = external global i64, align 8 @DR3 = external global i64, align 8 @DR4 = external global i64, align 8 @DR5 = external global i64, align 8 @DR6 = external global i64, align 8 @DR7 = external global i64, align 8 @gCR0 = external global %union.anon, align 1 @gCR1 = external global %union.anon, align 1 @gCR2 = external global %union.anon, align 1 @gCR3 = external global %union.anon, align 1 @gCR4 = external global %union.anon, align 1 @gCR8 = external global %union.anon, align 1 @seg_7a0__rodata = internal constant %seg_7a0__rodata_type <{ [25 x i8] c"\01\00\02\00char: %c\0A\00The array:\00" }> @seg_200db0__init_array = internal global %seg_200db0__init_array_type <{ i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_680_frame_dummy to i64), i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_640___do_global_dtors_aux to i64) }> @seg_200fb0__got = internal global %seg_200fb0__got_type <{ [80 x i8] c"\C0\0D \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00V\05\00\00\00\00\00\00f\05\00\00\00\00\00\00H\14 \00\00\00\00\00P\14 \00\00\00\00\00X\14 \00\00\00\00\00`\14 \00\00\00\00\00h\14 \00\00\00\00\00" }> @seg_201000__data = internal global %seg_201000__data_type <{ [8 x i8] zeroinitializer, i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) }> @seg_201010__bss = internal global %seg_201010__bss_type zeroinitializer @__mcsema_reg_state = internal thread_local global %struct.State zeroinitializer @__mcsema_stack = internal thread_local global [131072 x i64] zeroinitializer @__mcsema_tls = internal thread_local global [512 x i64] zeroinitializer @0 = internal global i1 false @llvm.global_dtors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_destructor, i8* null }] @llvm.global_ctors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_constructor, i8* null }] ; Function Attrs: nounwind readnone declare i32 @llvm.ctpop.i32(i32) #0 ; Function Attrs: noduplicate noinline nounwind optnone define %struct.Memory* @__remill_error(%struct.State* dereferenceable(3376), i64, %struct.Memory*) local_unnamed_addr #1 { call void @llvm.trap() unreachable } ; Function Attrs: noinline declare x86_64_sysvcc i64 @puts() local_unnamed_addr #2 ; Function Attrs: noinline declare x86_64_sysvcc i64 @printf() local_unnamed_addr #2 ; Function Attrs: noinline nounwind define %struct.Memory* @sub_528__init(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_528: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, -8 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %14 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 56) to i64*) store i64 %14, i64* %4, align 8, !tbaa !1261 store i8 0, i8* %8, align 1, !tbaa !1265 %15 = trunc i64 %14 to i32 %16 = and i32 %15, 255 %17 = tail call i32 @llvm.ctpop.i32(i32 %16) #9 %18 = trunc i32 %17 to i8 %19 = and i8 %18, 1 %20 = xor i8 %19, 1 store i8 %20, i8* %9, align 1, !tbaa !1279 %21 = icmp eq i64 %14, 0 %22 = zext i1 %21 to i8 store i8 %22, i8* %11, align 1, !tbaa !1280 %23 = lshr i64 %14, 63 %24 = trunc i64 %23 to i8 store i8 %24, i8* %12, align 1, !tbaa !1281 store i8 0, i8* %13, align 1, !tbaa !1282 store i8 0, i8* %10, align 1, !tbaa !1283 %25 = select i1 %21, i64 18, i64 16 %26 = add i64 %25, %1 br i1 %21, label %block_53a, label %block_538 block_53a: ; preds = %block_538, %block_528 %27 = phi i64 [ %7, %block_528 ], [ %58, %block_538 ] %28 = phi %struct.Memory* [ %2, %block_528 ], [ %57, %block_538 ] %29 = add i64 %27, 8 %30 = icmp ugt i64 %27, -9 %31 = zext i1 %30 to i8 store i8 %31, i8* %8, align 1, !tbaa !1265 %32 = trunc i64 %29 to i32 %33 = and i32 %32, 255 %34 = tail call i32 @llvm.ctpop.i32(i32 %33) #9 %35 = trunc i32 %34 to i8 %36 = and i8 %35, 1 %37 = xor i8 %36, 1 store i8 %37, i8* %9, align 1, !tbaa !1279 %38 = xor i64 %29, %27 %39 = lshr i64 %38, 4 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 store i8 %41, i8* %10, align 1, !tbaa !1283 %42 = icmp eq i64 %29, 0 %43 = zext i1 %42 to i8 store i8 %43, i8* %11, align 1, !tbaa !1280 %44 = lshr i64 %29, 63 %45 = trunc i64 %44 to i8 store i8 %45, i8* %12, align 1, !tbaa !1281 %46 = lshr i64 %27, 63 %47 = xor i64 %44, %46 %48 = add nuw nsw i64 %47, %44 %49 = icmp eq i64 %48, 2 %50 = zext i1 %49 to i8 store i8 %50, i8* %13, align 1, !tbaa !1282 %51 = inttoptr i64 %29 to i64* %52 = load i64, i64* %51 store i64 %52, i64* %3, align 8, !tbaa !1261 %53 = add i64 %27, 16 store i64 %53, i64* %5, align 8, !tbaa !1261 ret %struct.Memory* %28 block_538: ; preds = %block_528 %54 = add i64 %26, 2 %55 = add i64 %6, -16 %56 = inttoptr i64 %55 to i64* store i64 %54, i64* %56 store i64 %55, i64* %5, align 8, !tbaa !1261 store i64 %14, i64* %3, align 8, !tbaa !1261 %57 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %14, %struct.Memory* %2) %58 = load i64, i64* %5, align 8 br label %block_53a } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5b0_deregister_tm_clones(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_5e0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %5, align 8, !tbaa !1261 %8 = load i64, i64* %7, align 8 %9 = load i64, i64* %6, align 8, !tbaa !1261 %10 = add i64 %9, -8 %11 = inttoptr i64 %10 to i64* store i64 %8, i64* %11 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %4, align 8, !tbaa !1261 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %12, align 1, !tbaa !1265 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 1, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 and (i8 trunc (i64 lshr (i64 xor (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64)), i64 4) to i8), i8 1), i8* %14, align 1, !tbaa !1283 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 1, i8* %15, align 1, !tbaa !1280 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 0, i8* %16, align 1, !tbaa !1281 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 zext (i1 icmp eq (i64 add (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 xor (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63))), i64 2) to i8), i8* %17, align 1, !tbaa !1282 %18 = inttoptr i64 %10 to i64* %19 = load i64, i64* %18 store i64 %19, i64* %7, align 8, !tbaa !1261 %20 = inttoptr i64 %9 to i64* %21 = load i64, i64* %20 store i64 %21, i64* %3, align 8, !tbaa !1261 %22 = add i64 %9, 8 store i64 %22, i64* %6, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline define %struct.Memory* @sub_6d7_main(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #4 { block_6d7: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %10 = load i64, i64* %9, align 8 %11 = load i64, i64* %8, align 8, !tbaa !1261 %12 = add i64 %11, -8 %13 = inttoptr i64 %12 to i64* store i64 %10, i64* %13 store i64 %12, i64* %9, align 8, !tbaa !1261 %14 = add i64 %11, -17 %15 = inttoptr i64 %14 to i8* store i8 68, i8* %15 %16 = add i64 %11, -16 %17 = inttoptr i64 %16 to i8* store i8 97, i8* %17 %18 = add i64 %11, -15 %19 = inttoptr i64 %18 to i8* store i8 118, i8* %19 %20 = add i64 %11, -14 %21 = inttoptr i64 %20 to i8* store i8 105, i8* %21 %22 = add i64 %11, -13 %23 = inttoptr i64 %22 to i8* store i8 100, i8* %23 %24 = add i64 %11, -12 %25 = inttoptr i64 %24 to i32* store i32 5, i32* %25 %26 = add i64 %1, 47 %27 = add i64 %11, -32 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28 %29 = inttoptr i64 %27 to i64* %30 = load i64, i64* %29 %31 = tail call i64 @puts(), !noalias !1284 %32 = inttoptr i64 %24 to i32* %33 = load i32, i32* %32 %34 = zext i32 %33 to i64 store i64 %34, i64* %5, align 8, !tbaa !1261 store i64 %34, i64* %6, align 8, !tbaa !1261 store i64 %14, i64* %7, align 8, !tbaa !1261 %35 = add i64 %30, -124 %36 = add i64 %30, 17 %37 = inttoptr i64 %27 to i64* store i64 %36, i64* %37 store i64 %27, i64* %8, align 8, !tbaa !1261 %38 = tail call %struct.Memory* @sub_68a_printArray(%struct.State* nonnull %0, i64 %35, %struct.Memory* %2) store i64 0, i64* %4, align 8, !tbaa !1261 %39 = load i64, i64* %9, align 8, !tbaa !1261 %40 = inttoptr i64 %39 to i64* %41 = load i64, i64* %40 store i64 %41, i64* %9, align 8, !tbaa !1261 %42 = add i64 %39, 8 %43 = inttoptr i64 %42 to i64* %44 = load i64, i64* %43 store i64 %44, i64* %3, align 8, !tbaa !1261 %45 = add i64 %39, 16 store i64 %45, i64* %8, align 8, !tbaa !1261 ret %struct.Memory* %38 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_680_frame_dummy(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_680: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = load i64, i64* %3, align 8, !tbaa !1261 %7 = add i64 %6, -8 %8 = inttoptr i64 %7 to i64* store i64 %5, i64* %8 %9 = inttoptr i64 %7 to i64* %10 = load i64, i64* %9 store i64 %10, i64* %4, align 8, !tbaa !1261 store i64 %6, i64* %3, align 8, !tbaa !1261 %11 = add i64 %1, -144 %12 = tail call %struct.Memory* @sub_5f0_register_tm_clones(%struct.State* nonnull %0, i64 %11, %struct.Memory* %2) ret %struct.Memory* %12 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_790___libc_csu_fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #3 { block_790: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8, !tbaa !1261 %6 = inttoptr i64 %5 to i64* %7 = load i64, i64* %6 store i64 %7, i64* %3, align 8, !tbaa !1261 %8 = add i64 %5, 8 store i64 %8, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_570_targ570(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_570: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 72) to i64*) store i64 %4, i64* %3, align 8, !tbaa !1261 %5 = icmp eq i64 %4, 1398 br i1 %5, label %block_576, label %7 block_576: ; preds = %block_570 %6 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull %0, i64 1398, %struct.Memory* %2) ret %struct.Memory* %6 ; <label>:7: ; preds = %block_570 %8 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %4, %struct.Memory* %2) ret %struct.Memory* %8 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_640___do_global_dtors_aux(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_640: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %6 = load i8, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i32 0, i32 0, i32 0) %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %7, align 1, !tbaa !1265 %8 = zext i8 %6 to i32 %9 = tail call i32 @llvm.ctpop.i32(i32 %8) #9 %10 = trunc i32 %9 to i8 %11 = and i8 %10, 1 %12 = xor i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %12, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 0, i8* %14, align 1, !tbaa !1283 %15 = icmp eq i8 %6, 0 %16 = zext i1 %15 to i8 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %16, i8* %17, align 1, !tbaa !1280 %18 = lshr i8 %6, 7 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %18, i8* %19, align 1, !tbaa !1281 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 0, i8* %20, align 1, !tbaa !1282 %21 = select i1 %15, i64 9, i64 56 %22 = add i64 %21, %1 %23 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 br i1 %15, label %block_649, label %block_678 block_657: ; preds = %block_649 %24 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) to i64*) store i64 %24, i64* %4, align 8, !tbaa !1261 %25 = add i64 %48, -231 %26 = add i64 %48, 12 %27 = add i64 %44, -16 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28 store i64 %27, i64* %23, align 8, !tbaa !1261 %29 = tail call %struct.Memory* @sub_570_targ570(%struct.State* nonnull %0, i64 %25, %struct.Memory* %2) %30 = load i64, i64* %3, align 8 %31 = load i64, i64* %23, align 8, !tbaa !1261 br label %block_663 block_649: ; preds = %block_640 %32 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 72) to i64*) store i8 0, i8* %7, align 1, !tbaa !1265 %33 = trunc i64 %32 to i32 %34 = and i32 %33, 255 %35 = tail call i32 @llvm.ctpop.i32(i32 %34) #9 %36 = trunc i32 %35 to i8 %37 = and i8 %36, 1 %38 = xor i8 %37, 1 store i8 %38, i8* %13, align 1, !tbaa !1279 store i8 0, i8* %14, align 1, !tbaa !1283 %39 = icmp eq i64 %32, 0 %40 = zext i1 %39 to i8 store i8 %40, i8* %17, align 1, !tbaa !1280 %41 = lshr i64 %32, 63 %42 = trunc i64 %41 to i8 store i8 %42, i8* %19, align 1, !tbaa !1281 store i8 0, i8* %20, align 1, !tbaa !1282 %43 = load i64, i64* %5, align 8 %44 = load i64, i64* %23, align 8, !tbaa !1261 %45 = add i64 %44, -8 %46 = inttoptr i64 %45 to i64* store i64 %43, i64* %46 store i64 %45, i64* %5, align 8, !tbaa !1261 %47 = select i1 %39, i64 26, i64 14 %48 = add i64 %22, %47 br i1 %39, label %block_663, label %block_657 block_678: ; preds = %block_640 %49 = load i64, i64* %23, align 8, !tbaa !1261 %50 = inttoptr i64 %49 to i64* %51 = load i64, i64* %50 store i64 %51, i64* %3, align 8, !tbaa !1261 %52 = add i64 %49, 8 store i64 %52, i64* %23, align 8, !tbaa !1261 ret %struct.Memory* %2 block_663: ; preds = %block_649, %block_657 %53 = phi i64 [ %45, %block_649 ], [ %31, %block_657 ] %54 = phi i64 [ %48, %block_649 ], [ %30, %block_657 ] %55 = phi %struct.Memory* [ %2, %block_649 ], [ %29, %block_657 ] %56 = add i64 %54, -179 %57 = add i64 %54, 5 %58 = add i64 %53, -8 %59 = inttoptr i64 %58 to i64* store i64 %57, i64* %59 store i64 %58, i64* %23, align 8, !tbaa !1261 %60 = tail call %struct.Memory* @sub_5b0_deregister_tm_clones(%struct.State* nonnull %0, i64 %56, %struct.Memory* %55) store i8 1, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i32 0, i32 0, i32 0) %61 = load i64, i64* %23, align 8, !tbaa !1261 %62 = add i64 %61, 8 %63 = inttoptr i64 %61 to i64* %64 = load i64, i64* %63 store i64 %64, i64* %5, align 8, !tbaa !1261 %65 = inttoptr i64 %62 to i64* %66 = load i64, i64* %65 store i64 %66, i64* %3, align 8, !tbaa !1261 %67 = add i64 %61, 16 store i64 %67, i64* %23, align 8, !tbaa !1261 ret %struct.Memory* %60 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_580__start(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_580: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 store i64 0, i64* %10, align 8, !tbaa !1261 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %19 = load i64, i64* %6, align 8 store i64 %19, i64* %12, align 8, !tbaa !1261 %20 = load i64, i64* %9, align 8, !tbaa !1261 %21 = add i64 %20, 8 %22 = inttoptr i64 %20 to i64* %23 = load i64, i64* %22 store i64 %23, i64* %7, align 8, !tbaa !1261 store i64 %21, i64* %6, align 8, !tbaa !1261 %24 = and i64 %21, -16 store i8 0, i8* %13, align 1, !tbaa !1265 %25 = trunc i64 %21 to i32 %26 = and i32 %25, 240 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #9 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %14, align 1, !tbaa !1279 %31 = icmp eq i64 %24, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %15, align 1, !tbaa !1280 %33 = lshr i64 %21, 63 %34 = trunc i64 %33 to i8 store i8 %34, i8* %16, align 1, !tbaa !1281 store i8 0, i8* %17, align 1, !tbaa !1282 store i8 0, i8* %18, align 1, !tbaa !1283 %35 = load i64, i64* %4, align 8 %36 = add i64 %24, -8 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37 %38 = add i64 %24, -16 %39 = inttoptr i64 %38 to i64* store i64 %36, i64* %39 store i64 ptrtoint (i64 ()* @callback_sub_790___libc_csu_fini to i64), i64* %11, align 8, !tbaa !1261 store i64 ptrtoint (i64 ()* @callback_sub_720___libc_csu_init to i64), i64* %5, align 8, !tbaa !1261 store i64 ptrtoint (i64 (i64, i64, i64)* @main to i64), i64* %8, align 8, !tbaa !1261 %40 = add i64 %1, 42 %41 = add i64 %24, -24 %42 = inttoptr i64 %41 to i64* store i64 %40, i64* %42 store i64 %41, i64* %9, align 8, !tbaa !1261 %43 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 48) to i64*) store i64 %43, i64* %3, align 8, !tbaa !1261 %44 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %43, %struct.Memory* %2) %45 = load i64, i64* %3, align 8 %46 = add i64 %45, 1 store i64 %46, i64* %3, align 8 %47 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull %0, i64 %46, %struct.Memory* %44) ret %struct.Memory* %47 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_794__fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #3 { block_794: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, -8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %9 = xor i64 %6, %5 %10 = lshr i64 %9, 4 %11 = trunc i64 %10 to i8 %12 = and i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %15 = lshr i64 %6, 63 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = lshr i64 %5, 63 %18 = xor i64 %15, %17 %19 = add nuw nsw i64 %18, %17 %20 = icmp eq i64 %19, 2 %21 = zext i1 %20 to i8 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %23 = icmp ult i64 %5, 8 %24 = zext i1 %23 to i8 store i8 %24, i8* %7, align 1, !tbaa !1265 %25 = trunc i64 %5 to i32 %26 = and i32 %25, 255 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #9 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %8, align 1, !tbaa !1279 store i8 %12, i8* %13, align 1, !tbaa !1283 %31 = icmp eq i64 %5, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %14, align 1, !tbaa !1280 %33 = trunc i64 %17 to i8 store i8 %33, i8* %16, align 1, !tbaa !1281 store i8 %21, i8* %22, align 1, !tbaa !1282 %34 = inttoptr i64 %5 to i64* %35 = load i64, i64* %34 store i64 %35, i64* %3, align 8, !tbaa !1261 %36 = add i64 %5, 8 store i64 %36, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline define %struct.Memory* @sub_68a_printArray(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #4 { block_68a: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %8 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = load i64, i64* %10, align 8, !tbaa !1261 %14 = add i64 %13, -8 %15 = inttoptr i64 %14 to i64* store i64 %12, i64* %15 store i64 %14, i64* %11, align 8, !tbaa !1261 %16 = add i64 %13, -40 store i64 %16, i64* %10, align 8, !tbaa !1261 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %21 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %23 = add i64 %13, -32 %24 = load i64, i64* %9, align 8 %25 = inttoptr i64 %23 to i64* store i64 %24, i64* %25 %26 = add i64 %13, -36 %27 = load i32, i32* %5, align 4 %28 = inttoptr i64 %26 to i32* store i32 %27, i32* %28 %29 = add i64 %13, -12 %30 = inttoptr i64 %29 to i32* store i32 0, i32* %30 %31 = add i64 %1, 66 %32 = load i64, i64* %11, align 8 %33 = add i64 %32, -4 br label %block_6cc block_6d4: ; preds = %block_6cc %34 = inttoptr i64 %41 to i64* %35 = load i64, i64* %34 store i64 %35, i64* %11, align 8, !tbaa !1261 %36 = add i64 %41, 8 %37 = inttoptr i64 %36 to i64* %38 = load i64, i64* %37 store i64 %38, i64* %3, align 8, !tbaa !1261 %39 = add i64 %41, 16 store i64 %39, i64* %10, align 8, !tbaa !1261 ret %struct.Memory* %42 block_6cc: ; preds = %block_6a2, %block_68a %40 = phi i64 [ %31, %block_68a ], [ %94, %block_6a2 ] %41 = phi i64 [ %14, %block_68a ], [ %32, %block_6a2 ] %42 = phi %struct.Memory* [ %2, %block_68a ], [ %42, %block_6a2 ] %43 = add i64 %41, -4 %44 = inttoptr i64 %43 to i32* %45 = load i32, i32* %44 %46 = zext i32 %45 to i64 store i64 %46, i64* %6, align 8, !tbaa !1261 %47 = add i64 %41, -28 %48 = inttoptr i64 %47 to i32* %49 = load i32, i32* %48 %50 = sub i32 %45, %49 %51 = icmp ult i32 %45, %49 %52 = zext i1 %51 to i8 store i8 %52, i8* %17, align 1, !tbaa !1265 %53 = and i32 %50, 255 %54 = tail call i32 @llvm.ctpop.i32(i32 %53) #9 %55 = trunc i32 %54 to i8 %56 = and i8 %55, 1 %57 = xor i8 %56, 1 store i8 %57, i8* %18, align 1, !tbaa !1279 %58 = xor i32 %49, %45 %59 = xor i32 %58, %50 %60 = lshr i32 %59, 4 %61 = trunc i32 %60 to i8 %62 = and i8 %61, 1 store i8 %62, i8* %19, align 1, !tbaa !1283 %63 = icmp eq i32 %50, 0 %64 = zext i1 %63 to i8 store i8 %64, i8* %20, align 1, !tbaa !1280 %65 = lshr i32 %50, 31 %66 = trunc i32 %65 to i8 store i8 %66, i8* %21, align 1, !tbaa !1281 %67 = lshr i32 %45, 31 %68 = lshr i32 %49, 31 %69 = xor i32 %68, %67 %70 = xor i32 %65, %67 %71 = add nuw nsw i32 %70, %69 %72 = icmp eq i32 %71, 2 %73 = zext i1 %72 to i8 store i8 %73, i8* %22, align 1, !tbaa !1282 %74 = icmp ne i8 %66, 0 %75 = xor i1 %74, %72 %76 = select i1 %75, i64 -42, i64 8 %77 = add i64 %40, %76 br i1 %75, label %block_6a2, label %block_6d4 block_6a2: ; preds = %block_6cc %78 = sext i32 %45 to i64 store i64 %78, i64* %7, align 8, !tbaa !1261 %79 = add i64 %41, -24 %80 = inttoptr i64 %79 to i64* %81 = load i64, i64* %80 %82 = add i64 %78, %81 %83 = inttoptr i64 %82 to i8* %84 = load i8, i8* %83 %85 = sext i8 %84 to i64 %86 = and i64 %85, 4294967295 store i64 %86, i64* %8, align 8, !tbaa !1261 store i64 add (i64 ptrtoint (%seg_7a0__rodata_type* @seg_7a0__rodata to i64), i64 4), i64* %9, align 8, !tbaa !1261 %87 = add i64 %77, 38 %88 = load i64, i64* %10, align 8, !tbaa !1261 %89 = add i64 %88, -8 %90 = inttoptr i64 %89 to i64* store i64 %87, i64* %90 %91 = inttoptr i64 %89 to i64* %92 = load i64, i64* %91 store i64 %88, i64* %10, align 8, !alias.scope !1287, !noalias !1290 %93 = tail call i64 @printf(), !noalias !1287 %94 = add i64 %92, 4 %95 = inttoptr i64 %33 to i32* %96 = load i32, i32* %95 %97 = add i32 %96, 1 %98 = inttoptr i64 %33 to i32* store i32 %97, i32* %98 br label %block_6cc } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5f0_register_tm_clones(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_630: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %6, align 8, !tbaa !1261 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1261 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 0, i64* %4, align 8, !tbaa !1261 store i64 0, i64* %5, align 8, !tbaa !1261 store i8 0, i8* %13, align 1, !tbaa !1292 store i8 1, i8* %14, align 1, !tbaa !1292 store i8 0, i8* %15, align 1, !tbaa !1292 store i8 1, i8* %16, align 1, !tbaa !1292 store i8 0, i8* %17, align 1, !tbaa !1292 store i8 0, i8* %18, align 1, !tbaa !1292 %19 = inttoptr i64 %11 to i64* %20 = load i64, i64* %19 store i64 %20, i64* %8, align 8, !tbaa !1261 %21 = inttoptr i64 %10 to i64* %22 = load i64, i64* %21 store i64 %22, i64* %3, align 8, !tbaa !1261 %23 = add i64 %10, 8 store i64 %23, i64* %7, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_720___libc_csu_init(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_720: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 27, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 3, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %11 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 25, i32 0, i32 0 %15 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 29, i32 0, i32 0 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 31, i32 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = load i64, i64* %12, align 8, !tbaa !1261 %20 = add i64 %19, -8 %21 = inttoptr i64 %20 to i64* store i64 %18, i64* %21 %22 = load i64, i64* %16, align 8 %23 = add i64 %19, -16 %24 = inttoptr i64 %23 to i64* store i64 %22, i64* %24 %25 = load i64, i64* %9, align 8 store i64 %25, i64* %17, align 8, !tbaa !1261 %26 = load i64, i64* %15, align 8 %27 = add i64 %19, -24 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28 %29 = load i64, i64* %14, align 8 %30 = add i64 %19, -32 %31 = inttoptr i64 %30 to i64* store i64 %29, i64* %31 store i64 ptrtoint (%seg_200db0__init_array_type* @seg_200db0__init_array to i64), i64* %14, align 8, !tbaa !1261 %32 = load i64, i64* %13, align 8 %33 = add i64 %19, -40 %34 = inttoptr i64 %33 to i64* store i64 %32, i64* %34 %35 = load i64, i64* %8, align 8 %36 = add i64 %19, -48 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37 %38 = load i32, i32* %5, align 4 %39 = zext i32 %38 to i64 store i64 %39, i64* %15, align 8, !tbaa !1261 %40 = load i64, i64* %10, align 8 store i64 %40, i64* %16, align 8, !tbaa !1261 %41 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %42 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %43 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %44 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %45 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 ashr (i64 sub (i64 add (i64 ptrtoint (%seg_200db0__init_array_type* @seg_200db0__init_array to i64), i64 8), i64 ptrtoint (%seg_200db0__init_array_type* @seg_200db0__init_array to i64)), i64 3), i64* %13, align 8, !tbaa !1261 %47 = add i64 %1, -504 %48 = add i64 %1, 49 %49 = add i64 %19, -64 %50 = inttoptr i64 %49 to i64* store i64 %48, i64* %50 store i64 %49, i64* %12, align 8, !tbaa !1261 %51 = tail call %struct.Memory* @sub_528__init(%struct.State* nonnull %0, i64 %47, %struct.Memory* %2) %52 = load i64, i64* %13, align 8 %53 = load i64, i64* %3, align 8 %54 = icmp eq i64 %52, 0 %55 = select i1 %54, i64 37, i64 5 %56 = add i64 %53, %55 br i1 %54, label %block_776, label %block_756 block_776.loopexit: ; preds = %block_760 br label %block_776 block_776: ; preds = %block_776.loopexit, %block_720 %57 = phi %struct.Memory* [ %51, %block_720 ], [ %118, %block_776.loopexit ] %58 = load i64, i64* %12, align 8 %59 = add i64 %58, 8 %60 = icmp ugt i64 %58, -9 %61 = zext i1 %60 to i8 store i8 %61, i8* %41, align 1, !tbaa !1265 %62 = trunc i64 %59 to i32 %63 = and i32 %62, 255 %64 = tail call i32 @llvm.ctpop.i32(i32 %63) #9 %65 = trunc i32 %64 to i8 %66 = and i8 %65, 1 %67 = xor i8 %66, 1 store i8 %67, i8* %42, align 1, !tbaa !1279 %68 = xor i64 %59, %58 %69 = lshr i64 %68, 4 %70 = trunc i64 %69 to i8 %71 = and i8 %70, 1 store i8 %71, i8* %43, align 1, !tbaa !1283 %72 = icmp eq i64 %59, 0 %73 = zext i1 %72 to i8 store i8 %73, i8* %44, align 1, !tbaa !1280 %74 = lshr i64 %59, 63 %75 = trunc i64 %74 to i8 store i8 %75, i8* %45, align 1, !tbaa !1281 %76 = lshr i64 %58, 63 %77 = xor i64 %74, %76 %78 = add nuw nsw i64 %77, %74 %79 = icmp eq i64 %78, 2 %80 = zext i1 %79 to i8 store i8 %80, i8* %46, align 1, !tbaa !1282 %81 = add i64 %58, 16 %82 = inttoptr i64 %59 to i64* %83 = load i64, i64* %82 store i64 %83, i64* %8, align 8, !tbaa !1261 %84 = add i64 %58, 24 %85 = inttoptr i64 %81 to i64* %86 = load i64, i64* %85 store i64 %86, i64* %13, align 8, !tbaa !1261 %87 = add i64 %58, 32 %88 = inttoptr i64 %84 to i64* %89 = load i64, i64* %88 store i64 %89, i64* %14, align 8, !tbaa !1261 %90 = add i64 %58, 40 %91 = inttoptr i64 %87 to i64* %92 = load i64, i64* %91 store i64 %92, i64* %15, align 8, !tbaa !1261 %93 = add i64 %58, 48 %94 = inttoptr i64 %90 to i64* %95 = load i64, i64* %94 store i64 %95, i64* %16, align 8, !tbaa !1261 %96 = add i64 %58, 56 %97 = inttoptr i64 %93 to i64* %98 = load i64, i64* %97 store i64 %98, i64* %17, align 8, !tbaa !1261 %99 = inttoptr i64 %96 to i64* %100 = load i64, i64* %99 store i64 %100, i64* %3, align 8, !tbaa !1261 %101 = add i64 %58, 64 store i64 %101, i64* %12, align 8, !tbaa !1261 ret %struct.Memory* %57 block_760: ; preds = %block_756, %block_760 %102 = phi i64 [ 0, %block_756 ], [ %121, %block_760 ] %103 = phi i64 [ %150, %block_756 ], [ %149, %block_760 ] %104 = phi %struct.Memory* [ %51, %block_756 ], [ %118, %block_760 ] %105 = load i64, i64* %17, align 8 store i64 %105, i64* %9, align 8, !tbaa !1261 %106 = load i64, i64* %16, align 8 store i64 %106, i64* %10, align 8, !tbaa !1261 %107 = load i32, i32* %7, align 4 %108 = zext i32 %107 to i64 store i64 %108, i64* %11, align 8, !tbaa !1261 %109 = load i64, i64* %14, align 8 %110 = shl i64 %102, 3 %111 = add i64 %110, %109 %112 = add i64 %103, 13 %113 = load i64, i64* %12, align 8, !tbaa !1261 %114 = add i64 %113, -8 %115 = inttoptr i64 %114 to i64* store i64 %112, i64* %115 store i64 %114, i64* %12, align 8, !tbaa !1261 %116 = inttoptr i64 %111 to i64* %117 = load i64, i64* %116 store i64 %117, i64* %3, align 8, !tbaa !1261 %118 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %117, %struct.Memory* %104) %119 = load i64, i64* %8, align 8 %120 = load i64, i64* %3, align 8 %121 = add i64 %119, 1 store i64 %121, i64* %8, align 8, !tbaa !1261 %122 = lshr i64 %121, 63 %123 = load i64, i64* %13, align 8 %124 = sub i64 %123, %121 %125 = icmp ult i64 %123, %121 %126 = zext i1 %125 to i8 store i8 %126, i8* %41, align 1, !tbaa !1265 %127 = trunc i64 %124 to i32 %128 = and i32 %127, 255 %129 = tail call i32 @llvm.ctpop.i32(i32 %128) #9 %130 = trunc i32 %129 to i8 %131 = and i8 %130, 1 %132 = xor i8 %131, 1 store i8 %132, i8* %42, align 1, !tbaa !1279 %133 = xor i64 %121, %123 %134 = xor i64 %133, %124 %135 = lshr i64 %134, 4 %136 = trunc i64 %135 to i8 %137 = and i8 %136, 1 store i8 %137, i8* %43, align 1, !tbaa !1283 %138 = icmp eq i64 %124, 0 %139 = zext i1 %138 to i8 store i8 %139, i8* %44, align 1, !tbaa !1280 %140 = lshr i64 %124, 63 %141 = trunc i64 %140 to i8 store i8 %141, i8* %45, align 1, !tbaa !1281 %142 = lshr i64 %123, 63 %143 = xor i64 %122, %142 %144 = xor i64 %140, %142 %145 = add nuw nsw i64 %144, %143 %146 = icmp eq i64 %145, 2 %147 = zext i1 %146 to i8 store i8 %147, i8* %46, align 1, !tbaa !1282 %148 = select i1 %138, i64 9, i64 -13 %149 = add i64 %120, %148 br i1 %138, label %block_776.loopexit, label %block_760 block_756: ; preds = %block_720 store i64 0, i64* %8, align 8, !tbaa !1261 store i8 0, i8* %41, align 1, !tbaa !1265 store i8 1, i8* %42, align 1, !tbaa !1279 store i8 1, i8* %44, align 1, !tbaa !1280 store i8 0, i8* %45, align 1, !tbaa !1281 store i8 0, i8* %46, align 1, !tbaa !1282 store i8 0, i8* %43, align 1, !tbaa !1283 %150 = add i64 %56, 10 br label %block_760 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_680_frame_dummy(i64, i64, i64, i64, i64, i64, i64, i64) #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1664, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_680_frame_dummy(%struct.State* nonnull @__mcsema_reg_state, i64 1664, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define void @__mcsema_verify_reg_state() local_unnamed_addr #6 { entry: %0 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %1 = icmp eq i64 %0, 0 br i1 %1, label %is_null, label %end is_null: ; preds = %entry store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %end end: ; preds = %is_null, %entry ret void } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_640___do_global_dtors_aux(i64, i64, i64, i64, i64, i64, i64, i64) #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1600, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_640___do_global_dtors_aux(%struct.State* nonnull @__mcsema_reg_state, i64 1600, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: noinline nounwind define %struct.Memory* @__mcsema_detach_call_value(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #3 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 %13 = load i64, i64* %9, align 8 %14 = load i64, i64* %8, align 8 %15 = load i64, i64* %7, align 8 %16 = load i64, i64* %6, align 8 %17 = load i64, i64* %11, align 8 %18 = load i64, i64* %12, align 8 %19 = load i64, i64* %10, align 8 %20 = add i64 %19, 8 %21 = inttoptr i64 %20 to i64* %22 = load i64, i64* %21 %23 = add i64 %19, 16 %24 = inttoptr i64 %23 to i64* %25 = load i64, i64* %24 %26 = inttoptr i64 %1 to i64 (i64, i64, i64, i64, i64, i64, i64, i64)* %27 = tail call i64 %26(i64 %13, i64 %14, i64 %15, i64 %16, i64 %17, i64 %18, i64 %22, i64 %25) #9 store i64 %27, i64* %5, align 8 %28 = inttoptr i64 %19 to i64* %29 = load i64, i64* %28 store i64 %29, i64* %4, align 8 store i64 %20, i64* %10, align 8 ret %struct.Memory* %2 } ; Function Attrs: alwaysinline inlinehint define %struct.Memory* @ext_201440_puts(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #7 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i64* %9 = load i64, i64* %8 store i64 %9, i64* %4, align 8 %10 = add i64 %7, 8 store i64 %10, i64* %6, align 8 %11 = tail call i64 @puts() store i64 %11, i64* %5, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_790___libc_csu_fini() #5 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1936, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_790___libc_csu_fini(%struct.State* nonnull @__mcsema_reg_state, i64 1936, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_720___libc_csu_init() #5 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1824, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_720___libc_csu_init(%struct.State* nonnull @__mcsema_reg_state, i64 1824, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline define i64 @main(i64, i64, i64) #8 { %4 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %3 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %3 %6 = phi i64 [ %4, %3 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1751, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %7 = load volatile i1, i1* @0, align 1 br i1 %7, label %__mcsema_early_init.exit, label %8 ; <label>:8: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %8, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 %9 = add i64 %6, -8 store i64 %9, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = tail call %struct.Memory* @sub_6d7_main(%struct.State* nonnull @__mcsema_reg_state, i64 1751, %struct.Memory* null) store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %11 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %11 } ; Function Attrs: alwaysinline inlinehint define %struct.Memory* @ext_201438_printf(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #7 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i64* %9 = load i64, i64* %8 store i64 %9, i64* %4, align 8 %10 = add i64 %7, 8 store i64 %10, i64* %6, align 8 %11 = tail call i64 @printf() store i64 %11, i64* %5, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline nounwind define i64 @targ570(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1392, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_570_targ570(%struct.State* nonnull @__mcsema_reg_state, i64 1392, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nobuiltin noinline define i64 @printArray(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #8 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1674, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_68a_printArray(%struct.State* nonnull @__mcsema_reg_state, i64 1674, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nounwind define internal void @__mcsema_destructor() #9 { %1 = tail call i64 @callback_sub_790___libc_csu_fini() ret void } ; Function Attrs: nounwind define internal void @__mcsema_constructor() #9 { %1 = load volatile i1, i1* @0, align 1 br i1 %1, label %__mcsema_early_init.exit, label %2 ; <label>:2: ; preds = %0 store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %2, %0 %3 = tail call i64 @callback_sub_720___libc_csu_init() ret void } ; Function Attrs: noinline optnone define %struct.State* @__mcsema_debug_get_reg_state() #10 { ret %struct.State* @__mcsema_reg_state } ; Function Attrs: noreturn nounwind declare void @llvm.trap() #11 attributes #0 = { nounwind readnone } attributes #1 = { noduplicate noinline nounwind optnone "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #2 = { noinline } attributes #3 = { noinline nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #4 = { noinline "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #5 = { nobuiltin noinline nounwind } attributes #6 = { norecurse nounwind } attributes #7 = { alwaysinline inlinehint "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #8 = { nobuiltin noinline } attributes #9 = { nounwind } attributes #10 = { noinline optnone } attributes #11 = { noreturn nounwind } !llvm.ident = !{!0, !0} !llvm.dbg.cu = !{!1} !llvm.module.flags = !{!1259, !1260}

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "llvm-link" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-pc-linux-gnu-elf" %seg_7a0__rodata_type = type <{ [25 x i8] }> %seg_200db0__init_array_type = type <{ i64, i64 }> %seg_200fb0__got_type = type <{ [80 x i8] }> %seg_201000__data_type = type <{ [8 x i8], i64 }> %seg_201010__bss_type = type <{ [8 x i8] }> %struct.State = type { %struct.ArchState, [32 x %union.VectorReg], %struct.ArithFlags, %union.anon, %struct.Segments, %struct.AddressSpace, %struct.GPR, %struct.X87Stack, %struct.MMX, %struct.FPUStatusFlags, %union.anon, %union.FPU, %struct.SegmentCaches } %struct.ArchState = type { i32, i32, %union.anon } %union.VectorReg = type { %union.vec512_t } %union.vec512_t = type { %struct.uint64v8_t } %struct.uint64v8_t = type { [8 x i64] } %struct.ArithFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8 } %struct.Segments = type { i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector } %union.SegmentSelector = type { i16 } %struct.AddressSpace = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.Reg = type { %union.anon } %struct.GPR = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.X87Stack = type { [8 x %struct.anon.3] } %struct.anon.3 = type { i64, double } %struct.MMX = type { [8 x %struct.anon.4] } %struct.anon.4 = type { i64, %union.vec64_t } %union.vec64_t = type { %struct.uint64v1_t } %struct.uint64v1_t = type { [1 x i64] } %struct.FPUStatusFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, [4 x i8] } %union.anon = type { i64 } %union.FPU = type { %struct.anon.13 } %struct.anon.13 = type { %struct.FpuFXSAVE, [96 x i8] } %struct.FpuFXSAVE = type { %union.SegmentSelector, %union.SegmentSelector, %union.FPUAbridgedTagWord, i8, i16, i32, %union.SegmentSelector, i16, i32, %union.SegmentSelector, i16, %union.FPUControlStatus, %union.FPUControlStatus, [8 x %struct.FPUStackElem], [16 x %union.vec128_t] } %union.FPUAbridgedTagWord = type { i8 } %union.FPUControlStatus = type { i32 } %struct.FPUStackElem = type { %union.anon.11, [6 x i8] } %union.anon.11 = type { %struct.float80_t } %struct.float80_t = type { [10 x i8] } %union.vec128_t = type { %struct.uint128v1_t } %struct.uint128v1_t = type { [1 x i128] } %struct.SegmentCaches = type { %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow } %struct.SegmentShadow = type { %union.anon, i32, i32 } %struct.Memory = type opaque @seg_7a0__rodata = internal constant %seg_7a0__rodata_type <{ [25 x i8] c"\01\00\02\00char: %c\0A\00The array:\00" }> @seg_200db0__init_array = internal global %seg_200db0__init_array_type <{ i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_680_frame_dummy to i64), i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_640___do_global_dtors_aux to i64) }> @seg_200fb0__got = internal global %seg_200fb0__got_type <{ [80 x i8] c"\C0\0D \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00V\05\00\00\00\00\00\00f\05\00\00\00\00\00\00H\14 \00\00\00\00\00P\14 \00\00\00\00\00X\14 \00\00\00\00\00`\14 \00\00\00\00\00h\14 \00\00\00\00\00" }> @seg_201000__data = internal global %seg_201000__data_type <{ [8 x i8] zeroinitializer, i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) }> @seg_201010__bss = internal global %seg_201010__bss_type zeroinitializer @__mcsema_reg_state = internal thread_local global %struct.State zeroinitializer @__mcsema_stack = internal thread_local global [131072 x i64] zeroinitializer @__mcsema_tls = internal thread_local global [512 x i64] zeroinitializer @0 = internal global i1 false @llvm.global_dtors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_destructor, i8* null }] @llvm.global_ctors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_constructor, i8* null }] ; Function Attrs: nounwind readnone declare i32 @llvm.ctpop.i32(i32) #0 ; Function Attrs: noduplicate noinline noreturn nounwind optnone define %struct.Memory* @__remill_error(%struct.State* dereferenceable(3376), i64, %struct.Memory*) local_unnamed_addr #1 { call void @llvm.trap() unreachable } ; Function Attrs: noinline declare x86_64_sysvcc i64 @puts() local_unnamed_addr #2 ; Function Attrs: noinline declare x86_64_sysvcc i64 @printf() local_unnamed_addr #2 ; Function Attrs: noinline nounwind define %struct.Memory* @sub_528__init(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #3 { block_528: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, -8 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %14 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 56) to i64*), align 8 store i64 %14, i64* %4, align 8, !tbaa !1261 store i8 0, i8* %8, align 1, !tbaa !1265 %15 = trunc i64 %14 to i32 %16 = and i32 %15, 255 %17 = tail call i32 @llvm.ctpop.i32(i32 %16) #12 %18 = trunc i32 %17 to i8 %19 = and i8 %18, 1 %20 = xor i8 %19, 1 store i8 %20, i8* %9, align 1, !tbaa !1279 %21 = icmp eq i64 %14, 0 %22 = zext i1 %21 to i8 store i8 %22, i8* %11, align 1, !tbaa !1280 %23 = lshr i64 %14, 63 %24 = trunc i64 %23 to i8 store i8 %24, i8* %12, align 1, !tbaa !1281 store i8 0, i8* %13, align 1, !tbaa !1282 store i8 0, i8* %10, align 1, !tbaa !1283 br i1 %21, label %block_53a, label %block_538 block_53a: ; preds = %block_538, %block_528 %25 = phi i64 [ %7, %block_528 ], [ %56, %block_538 ] %26 = phi %struct.Memory* [ %2, %block_528 ], [ %55, %block_538 ] %27 = add i64 %25, 8 %28 = icmp ugt i64 %25, -9 %29 = zext i1 %28 to i8 store i8 %29, i8* %8, align 1, !tbaa !1265 %30 = trunc i64 %27 to i32 %31 = and i32 %30, 255 %32 = tail call i32 @llvm.ctpop.i32(i32 %31) #12 %33 = trunc i32 %32 to i8 %34 = and i8 %33, 1 %35 = xor i8 %34, 1 store i8 %35, i8* %9, align 1, !tbaa !1279 %36 = xor i64 %27, %25 %37 = lshr i64 %36, 4 %38 = trunc i64 %37 to i8 %39 = and i8 %38, 1 store i8 %39, i8* %10, align 1, !tbaa !1283 %40 = icmp eq i64 %27, 0 %41 = zext i1 %40 to i8 store i8 %41, i8* %11, align 1, !tbaa !1280 %42 = lshr i64 %27, 63 %43 = trunc i64 %42 to i8 store i8 %43, i8* %12, align 1, !tbaa !1281 %44 = lshr i64 %25, 63 %45 = xor i64 %42, %44 %46 = add nuw nsw i64 %45, %42 %47 = icmp eq i64 %46, 2 %48 = zext i1 %47 to i8 store i8 %48, i8* %13, align 1, !tbaa !1282 %49 = inttoptr i64 %27 to i64* %50 = load i64, i64* %49, align 8 store i64 %50, i64* %3, align 8, !tbaa !1261 %51 = add i64 %25, 16 store i64 %51, i64* %5, align 8, !tbaa !1261 ret %struct.Memory* %26 block_538: ; preds = %block_528 %52 = add i64 %1, 18 %53 = add i64 %6, -16 %54 = inttoptr i64 %53 to i64* store i64 %52, i64* %54, align 8 store i64 %53, i64* %5, align 8, !tbaa !1261 store i64 %14, i64* %3, align 8, !tbaa !1261 %55 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %14, %struct.Memory* %2) %56 = load i64, i64* %5, align 8 br label %block_53a } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_5b0_deregister_tm_clones(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #4 { block_5e0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %5, align 8, !tbaa !1261 %8 = load i64, i64* %7, align 8 %9 = load i64, i64* %6, align 8, !tbaa !1261 %10 = add i64 %9, -8 %11 = inttoptr i64 %10 to i64* store i64 %8, i64* %11, align 8 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %4, align 8, !tbaa !1261 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %12, align 1, !tbaa !1265 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 1, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 and (i8 trunc (i64 lshr (i64 xor (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64)), i64 4) to i8), i8 1), i8* %14, align 1, !tbaa !1283 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 1, i8* %15, align 1, !tbaa !1280 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 0, i8* %16, align 1, !tbaa !1281 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 zext (i1 icmp eq (i64 add (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 xor (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63))), i64 2) to i8), i8* %17, align 1, !tbaa !1282 %18 = load i64, i64* %11, align 8 store i64 %18, i64* %7, align 8, !tbaa !1261 %19 = inttoptr i64 %9 to i64* %20 = load i64, i64* %19, align 8 store i64 %20, i64* %3, align 8, !tbaa !1261 %21 = add i64 %9, 8 store i64 %21, i64* %6, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline define %struct.Memory* @sub_6d7_main(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #5 { block_6d7: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %10 = load i64, i64* %9, align 8 %11 = load i64, i64* %8, align 8, !tbaa !1261 %12 = add i64 %11, -8 %13 = inttoptr i64 %12 to i64* store i64 %10, i64* %13, align 8 store i64 %12, i64* %9, align 8, !tbaa !1261 %14 = add i64 %11, -17 %15 = inttoptr i64 %14 to i8* store i8 68, i8* %15, align 1 %16 = add i64 %11, -16 %17 = inttoptr i64 %16 to i8* store i8 97, i8* %17, align 1 %18 = add i64 %11, -15 %19 = inttoptr i64 %18 to i8* store i8 118, i8* %19, align 1 %20 = add i64 %11, -14 %21 = inttoptr i64 %20 to i8* store i8 105, i8* %21, align 1 %22 = add i64 %11, -13 %23 = inttoptr i64 %22 to i8* store i8 100, i8* %23, align 1 %24 = add i64 %11, -12 %25 = inttoptr i64 %24 to i32* store i32 5, i32* %25, align 4 %26 = add i64 %1, 47 %27 = add i64 %11, -32 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28, align 8 %29 = tail call i64 @puts(), !noalias !1284 %30 = load i32, i32* %25, align 4 %31 = zext i32 %30 to i64 store i64 %31, i64* %5, align 8, !tbaa !1261 store i64 %31, i64* %6, align 8, !tbaa !1261 store i64 %14, i64* %7, align 8, !tbaa !1261 %32 = add i64 %1, -77 %33 = add i64 %1, 64 store i64 %33, i64* %28, align 8 store i64 %27, i64* %8, align 8, !tbaa !1261 %34 = tail call %struct.Memory* @sub_68a_printArray(%struct.State* nonnull %0, i64 %32, %struct.Memory* %2) store i64 0, i64* %4, align 8, !tbaa !1261 %35 = load i64, i64* %9, align 8, !tbaa !1261 %36 = inttoptr i64 %35 to i64* %37 = load i64, i64* %36, align 8 store i64 %37, i64* %9, align 8, !tbaa !1261 %38 = add i64 %35, 8 %39 = inttoptr i64 %38 to i64* %40 = load i64, i64* %39, align 8 store i64 %40, i64* %3, align 8, !tbaa !1261 %41 = add i64 %35, 16 store i64 %41, i64* %8, align 8, !tbaa !1261 ret %struct.Memory* %34 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_680_frame_dummy(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #4 { block_680: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = load i64, i64* %3, align 8, !tbaa !1261 %7 = add i64 %6, -8 %8 = inttoptr i64 %7 to i64* store i64 %5, i64* %8, align 8 store i64 %5, i64* %4, align 8, !tbaa !1261 store i64 %6, i64* %3, align 8, !tbaa !1261 %9 = tail call %struct.Memory* @sub_5f0_register_tm_clones(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) ret %struct.Memory* %9 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_790___libc_csu_fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #4 { block_790: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8, !tbaa !1261 %6 = inttoptr i64 %5 to i64* %7 = load i64, i64* %6, align 8 store i64 %7, i64* %3, align 8, !tbaa !1261 %8 = add i64 %5, 8 store i64 %8, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_570_targ570(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_570: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 72) to i64*), align 8 store i64 %4, i64* %3, align 8, !tbaa !1261 %5 = icmp eq i64 %4, 1398 br i1 %5, label %block_576, label %7 block_576: ; preds = %block_570 %6 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull undef, i64 undef, %struct.Memory* undef) unreachable ; <label>:7: ; preds = %block_570 %8 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %4, %struct.Memory* %2) ret %struct.Memory* %8 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_640___do_global_dtors_aux(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #3 { block_640: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %6 = load i8, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i64 0, i32 0, i64 0), align 8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %7, align 1, !tbaa !1265 %8 = zext i8 %6 to i32 %9 = tail call i32 @llvm.ctpop.i32(i32 %8) #12 %10 = trunc i32 %9 to i8 %11 = and i8 %10, 1 %12 = xor i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %12, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 0, i8* %14, align 1, !tbaa !1283 %15 = icmp eq i8 %6, 0 %16 = zext i1 %15 to i8 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %16, i8* %17, align 1, !tbaa !1280 %18 = lshr i8 %6, 7 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %18, i8* %19, align 1, !tbaa !1281 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 0, i8* %20, align 1, !tbaa !1282 %21 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 br i1 %15, label %block_649, label %block_678 block_657: ; preds = %block_649 %22 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) to i64*), align 8 store i64 %22, i64* %4, align 8, !tbaa !1261 %23 = add i64 %46, 12 %24 = add i64 %42, -16 %25 = inttoptr i64 %24 to i64* store i64 %23, i64* %25, align 8 store i64 %24, i64* %21, align 8, !tbaa !1261 %26 = tail call %struct.Memory* @sub_570_targ570(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) %27 = load i64, i64* %3, align 8 %28 = load i64, i64* %21, align 8, !tbaa !1261 br label %block_663 block_649: ; preds = %block_640 %29 = add i64 %1, 9 %30 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 72) to i64*), align 8 store i8 0, i8* %7, align 1, !tbaa !1265 %31 = trunc i64 %30 to i32 %32 = and i32 %31, 255 %33 = tail call i32 @llvm.ctpop.i32(i32 %32) #12 %34 = trunc i32 %33 to i8 %35 = and i8 %34, 1 %36 = xor i8 %35, 1 store i8 %36, i8* %13, align 1, !tbaa !1279 store i8 0, i8* %14, align 1, !tbaa !1283 %37 = icmp eq i64 %30, 0 %38 = zext i1 %37 to i8 store i8 %38, i8* %17, align 1, !tbaa !1280 %39 = lshr i64 %30, 63 %40 = trunc i64 %39 to i8 store i8 %40, i8* %19, align 1, !tbaa !1281 store i8 0, i8* %20, align 1, !tbaa !1282 %41 = load i64, i64* %5, align 8 %42 = load i64, i64* %21, align 8, !tbaa !1261 %43 = add i64 %42, -8 %44 = inttoptr i64 %43 to i64* store i64 %41, i64* %44, align 8 store i64 %43, i64* %5, align 8, !tbaa !1261 %45 = select i1 %37, i64 26, i64 14 %46 = add i64 %29, %45 br i1 %37, label %block_663, label %block_657 block_678: ; preds = %block_640 %47 = load i64, i64* %21, align 8, !tbaa !1261 %48 = inttoptr i64 %47 to i64* %49 = load i64, i64* %48, align 8 store i64 %49, i64* %3, align 8, !tbaa !1261 %50 = add i64 %47, 8 store i64 %50, i64* %21, align 8, !tbaa !1261 ret %struct.Memory* %2 block_663: ; preds = %block_649, %block_657 %51 = phi i64 [ %43, %block_649 ], [ %28, %block_657 ] %52 = phi i64 [ %46, %block_649 ], [ %27, %block_657 ] %53 = phi %struct.Memory* [ %2, %block_649 ], [ %26, %block_657 ] %54 = add i64 %52, 5 %55 = add i64 %51, -8 %56 = inttoptr i64 %55 to i64* store i64 %54, i64* %56, align 8 store i64 %55, i64* %21, align 8, !tbaa !1261 %57 = tail call %struct.Memory* @sub_5b0_deregister_tm_clones(%struct.State* nonnull %0, i64 undef, %struct.Memory* %53) store i8 1, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i64 0, i32 0, i64 0), align 8 %58 = load i64, i64* %21, align 8, !tbaa !1261 %59 = add i64 %58, 8 %60 = inttoptr i64 %58 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %5, align 8, !tbaa !1261 %62 = inttoptr i64 %59 to i64* %63 = load i64, i64* %62, align 8 store i64 %63, i64* %3, align 8, !tbaa !1261 %64 = add i64 %58, 16 store i64 %64, i64* %21, align 8, !tbaa !1261 ret %struct.Memory* %57 } ; Function Attrs: noinline noreturn nounwind define noalias nonnull %struct.Memory* @sub_580__start(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #6 { block_580: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 store i64 0, i64* %10, align 8, !tbaa !1261 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %19 = load i64, i64* %6, align 8 store i64 %19, i64* %12, align 8, !tbaa !1261 %20 = load i64, i64* %9, align 8, !tbaa !1261 %21 = add i64 %20, 8 %22 = inttoptr i64 %20 to i64* %23 = load i64, i64* %22, align 8 store i64 %23, i64* %7, align 8, !tbaa !1261 store i64 %21, i64* %6, align 8, !tbaa !1261 %24 = and i64 %21, -16 store i8 0, i8* %13, align 1, !tbaa !1265 %25 = trunc i64 %21 to i32 %26 = and i32 %25, 240 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #12 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %14, align 1, !tbaa !1279 %31 = icmp eq i64 %24, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %15, align 1, !tbaa !1280 %33 = lshr i64 %21, 63 %34 = trunc i64 %33 to i8 store i8 %34, i8* %16, align 1, !tbaa !1281 store i8 0, i8* %17, align 1, !tbaa !1282 store i8 0, i8* %18, align 1, !tbaa !1283 %35 = load i64, i64* %4, align 8 %36 = add i64 %24, -8 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37, align 8 %38 = add i64 %24, -16 %39 = inttoptr i64 %38 to i64* store i64 %36, i64* %39, align 16 store i64 ptrtoint (i64 ()* @callback_sub_790___libc_csu_fini to i64), i64* %11, align 8, !tbaa !1261 store i64 ptrtoint (i64 ()* @callback_sub_720___libc_csu_init to i64), i64* %5, align 8, !tbaa !1261 store i64 ptrtoint (i64 (i64, i64, i64)* @main to i64), i64* %8, align 8, !tbaa !1261 %40 = add i64 %1, 42 %41 = add i64 %24, -24 %42 = inttoptr i64 %41 to i64* store i64 %40, i64* %42, align 8 store i64 %41, i64* %9, align 8, !tbaa !1261 %43 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 48) to i64*), align 16 store i64 %43, i64* %3, align 8, !tbaa !1261 %44 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %43, %struct.Memory* %2) %45 = load i64, i64* %3, align 8 %46 = add i64 %45, 1 store i64 %46, i64* %3, align 8 %47 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull undef, i64 undef, %struct.Memory* undef) unreachable } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_794__fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_794: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, -8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %9 = xor i64 %6, %5 %10 = lshr i64 %9, 4 %11 = trunc i64 %10 to i8 %12 = and i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %15 = lshr i64 %6, 63 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = lshr i64 %5, 63 %18 = xor i64 %15, %17 %19 = add nuw nsw i64 %18, %17 %20 = icmp eq i64 %19, 2 %21 = zext i1 %20 to i8 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %23 = icmp ult i64 %5, 8 %24 = zext i1 %23 to i8 store i8 %24, i8* %7, align 1, !tbaa !1265 %25 = trunc i64 %5 to i32 %26 = and i32 %25, 255 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #12 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %8, align 1, !tbaa !1279 store i8 %12, i8* %13, align 1, !tbaa !1283 %31 = icmp eq i64 %5, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %14, align 1, !tbaa !1280 %33 = trunc i64 %17 to i8 store i8 %33, i8* %16, align 1, !tbaa !1281 store i8 %21, i8* %22, align 1, !tbaa !1282 %34 = inttoptr i64 %5 to i64* %35 = load i64, i64* %34, align 8 store i64 %35, i64* %3, align 8, !tbaa !1261 %36 = add i64 %5, 8 store i64 %36, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline define %struct.Memory* @sub_68a_printArray(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #5 { block_68a: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0 %4 = bitcast %union.anon* %3 to i32* %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %7 = getelementptr inbounds %union.anon, %union.anon* %3, i64 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %11 = load i64, i64* %10, align 8 %12 = load i64, i64* %9, align 8, !tbaa !1261 %13 = add i64 %12, -8 %14 = inttoptr i64 %13 to i64* store i64 %11, i64* %14, align 8 store i64 %13, i64* %10, align 8, !tbaa !1261 %15 = add i64 %12, -40 store i64 %15, i64* %9, align 8, !tbaa !1261 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %21 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %22 = add i64 %12, -32 %23 = load i64, i64* %8, align 8 %24 = inttoptr i64 %22 to i64* store i64 %23, i64* %24, align 8 %25 = add i64 %12, -36 %26 = load i32, i32* %4, align 4 %27 = inttoptr i64 %25 to i32* store i32 %26, i32* %27, align 4 %28 = add i64 %12, -12 %29 = inttoptr i64 %28 to i32* store i32 0, i32* %29, align 4 %30 = load i64, i64* %10, align 8 %31 = add i64 %30, -4 %32 = add i64 %1, 62 %33 = inttoptr i64 %31 to i32* br label %block_6cc block_6d4: ; preds = %block_6cc %34 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %35 = inttoptr i64 %42 to i64* %36 = load i64, i64* %35, align 8 store i64 %36, i64* %10, align 8, !tbaa !1261 %37 = add i64 %42, 8 %38 = inttoptr i64 %37 to i64* %39 = load i64, i64* %38, align 8 store i64 %39, i64* %34, align 8, !tbaa !1261 %40 = add i64 %42, 16 store i64 %40, i64* %9, align 8, !tbaa !1261 ret %struct.Memory* %2 block_6cc: ; preds = %block_6a2, %block_68a %41 = phi i32 [ 0, %block_68a ], [ %87, %block_6a2 ] %42 = phi i64 [ %13, %block_68a ], [ %30, %block_6a2 ] %43 = zext i32 %41 to i64 store i64 %43, i64* %5, align 8, !tbaa !1261 %44 = add i64 %42, -28 %45 = inttoptr i64 %44 to i32* %46 = load i32, i32* %45, align 4 %47 = sub i32 %41, %46 %48 = icmp ult i32 %41, %46 %49 = zext i1 %48 to i8 store i8 %49, i8* %16, align 1, !tbaa !1265 %50 = and i32 %47, 255 %51 = tail call i32 @llvm.ctpop.i32(i32 %50) #12 %52 = trunc i32 %51 to i8 %53 = and i8 %52, 1 %54 = xor i8 %53, 1 store i8 %54, i8* %17, align 1, !tbaa !1279 %55 = xor i32 %46, %41 %56 = xor i32 %55, %47 %57 = lshr i32 %56, 4 %58 = trunc i32 %57 to i8 %59 = and i8 %58, 1 store i8 %59, i8* %18, align 1, !tbaa !1283 %60 = icmp eq i32 %47, 0 %61 = zext i1 %60 to i8 store i8 %61, i8* %19, align 1, !tbaa !1280 %62 = lshr i32 %47, 31 %63 = trunc i32 %62 to i8 store i8 %63, i8* %20, align 1, !tbaa !1281 %64 = lshr i32 %41, 31 %65 = lshr i32 %46, 31 %66 = xor i32 %65, %64 %67 = xor i32 %62, %64 %68 = add nuw nsw i32 %67, %66 %69 = icmp eq i32 %68, 2 %70 = zext i1 %69 to i8 store i8 %70, i8* %21, align 1, !tbaa !1282 %71 = icmp ne i8 %63, 0 %72 = xor i1 %71, %69 br i1 %72, label %block_6a2, label %block_6d4 block_6a2: ; preds = %block_6cc %73 = sext i32 %41 to i64 store i64 %73, i64* %6, align 8, !tbaa !1261 %74 = add i64 %42, -24 %75 = inttoptr i64 %74 to i64* %76 = load i64, i64* %75, align 8 %77 = add i64 %76, %73 %78 = inttoptr i64 %77 to i8* %79 = load i8, i8* %78, align 1 %80 = sext i8 %79 to i64 %81 = and i64 %80, 4294967295 store i64 %81, i64* %7, align 8, !tbaa !1261 store i64 add (i64 ptrtoint (%seg_7a0__rodata_type* @seg_7a0__rodata to i64), i64 4), i64* %8, align 8, !tbaa !1261 %82 = load i64, i64* %9, align 8, !tbaa !1261 %83 = add i64 %82, -8 %84 = inttoptr i64 %83 to i64* store i64 %32, i64* %84, align 8 store i64 %82, i64* %9, align 8, !alias.scope !1287, !noalias !1290 %85 = tail call i64 @printf(), !noalias !1287 %86 = load i32, i32* %33, align 4 %87 = add i32 %86, 1 store i32 %87, i32* %33, align 4 br label %block_6cc } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_5f0_register_tm_clones(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #4 { block_630: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %6, align 8, !tbaa !1261 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1261 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12, align 8 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 0, i64* %4, align 8, !tbaa !1261 store i64 0, i64* %5, align 8, !tbaa !1261 store i8 0, i8* %13, align 1, !tbaa !1292 store i8 1, i8* %14, align 1, !tbaa !1292 store i8 0, i8* %15, align 1, !tbaa !1292 store i8 1, i8* %16, align 1, !tbaa !1292 store i8 0, i8* %17, align 1, !tbaa !1292 store i8 0, i8* %18, align 1, !tbaa !1292 %19 = load i64, i64* %12, align 8 store i64 %19, i64* %8, align 8, !tbaa !1261 %20 = inttoptr i64 %10 to i64* %21 = load i64, i64* %20, align 8 store i64 %21, i64* %3, align 8, !tbaa !1261 %22 = add i64 %10, 8 store i64 %22, i64* %7, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_720___libc_csu_init(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #3 { block_720: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 27, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 3, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %11 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 25, i32 0, i32 0 %15 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 29, i32 0, i32 0 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 31, i32 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = load i64, i64* %12, align 8, !tbaa !1261 %20 = add i64 %19, -8 %21 = inttoptr i64 %20 to i64* store i64 %18, i64* %21, align 8 %22 = load i64, i64* %16, align 8 %23 = add i64 %19, -16 %24 = inttoptr i64 %23 to i64* store i64 %22, i64* %24, align 8 %25 = load i64, i64* %9, align 8 store i64 %25, i64* %17, align 8, !tbaa !1261 %26 = load i64, i64* %15, align 8 %27 = add i64 %19, -24 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28, align 8 %29 = load i64, i64* %14, align 8 %30 = add i64 %19, -32 %31 = inttoptr i64 %30 to i64* store i64 %29, i64* %31, align 8 store i64 ptrtoint (%seg_200db0__init_array_type* @seg_200db0__init_array to i64), i64* %14, align 8, !tbaa !1261 %32 = load i64, i64* %13, align 8 %33 = add i64 %19, -40 %34 = inttoptr i64 %33 to i64* store i64 %32, i64* %34, align 8 %35 = load i64, i64* %8, align 8 %36 = add i64 %19, -48 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37, align 8 %38 = load i32, i32* %5, align 4 %39 = zext i32 %38 to i64 store i64 %39, i64* %15, align 8, !tbaa !1261 %40 = load i64, i64* %10, align 8 store i64 %40, i64* %16, align 8, !tbaa !1261 %41 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %42 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %43 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %44 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %45 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 ashr (i64 sub (i64 add (i64 ptrtoint (%seg_200db0__init_array_type* @seg_200db0__init_array to i64), i64 8), i64 ptrtoint (%seg_200db0__init_array_type* @seg_200db0__init_array to i64)), i64 3), i64* %13, align 8, !tbaa !1261 %47 = add i64 %1, -504 %48 = add i64 %1, 49 %49 = add i64 %19, -64 %50 = inttoptr i64 %49 to i64* store i64 %48, i64* %50, align 8 store i64 %49, i64* %12, align 8, !tbaa !1261 %51 = tail call %struct.Memory* @sub_528__init(%struct.State* nonnull %0, i64 %47, %struct.Memory* %2) %52 = load i64, i64* %13, align 8 %53 = icmp eq i64 %52, 0 br i1 %53, label %block_776, label %block_756 block_776.loopexit: ; preds = %block_760 br label %block_776 block_776: ; preds = %block_776.loopexit, %block_720 %54 = load i64, i64* %12, align 8 %55 = add i64 %54, 8 %56 = icmp ugt i64 %54, -9 %57 = zext i1 %56 to i8 store i8 %57, i8* %41, align 1, !tbaa !1265 %58 = trunc i64 %55 to i32 %59 = and i32 %58, 255 %60 = tail call i32 @llvm.ctpop.i32(i32 %59) #12 %61 = trunc i32 %60 to i8 %62 = and i8 %61, 1 %63 = xor i8 %62, 1 store i8 %63, i8* %42, align 1, !tbaa !1279 %64 = xor i64 %55, %54 %65 = lshr i64 %64, 4 %66 = trunc i64 %65 to i8 %67 = and i8 %66, 1 store i8 %67, i8* %43, align 1, !tbaa !1283 %68 = icmp eq i64 %55, 0 %69 = zext i1 %68 to i8 store i8 %69, i8* %44, align 1, !tbaa !1280 %70 = lshr i64 %55, 63 %71 = trunc i64 %70 to i8 store i8 %71, i8* %45, align 1, !tbaa !1281 %72 = lshr i64 %54, 63 %73 = xor i64 %70, %72 %74 = add nuw nsw i64 %73, %70 %75 = icmp eq i64 %74, 2 %76 = zext i1 %75 to i8 store i8 %76, i8* %46, align 1, !tbaa !1282 %77 = add i64 %54, 16 %78 = inttoptr i64 %55 to i64* %79 = load i64, i64* %78, align 8 store i64 %79, i64* %8, align 8, !tbaa !1261 %80 = add i64 %54, 24 %81 = inttoptr i64 %77 to i64* %82 = load i64, i64* %81, align 8 store i64 %82, i64* %13, align 8, !tbaa !1261 %83 = add i64 %54, 32 %84 = inttoptr i64 %80 to i64* %85 = load i64, i64* %84, align 8 store i64 %85, i64* %14, align 8, !tbaa !1261 %86 = add i64 %54, 40 %87 = inttoptr i64 %83 to i64* %88 = load i64, i64* %87, align 8 store i64 %88, i64* %15, align 8, !tbaa !1261 %89 = add i64 %54, 48 %90 = inttoptr i64 %86 to i64* %91 = load i64, i64* %90, align 8 store i64 %91, i64* %16, align 8, !tbaa !1261 %92 = add i64 %54, 56 %93 = inttoptr i64 %89 to i64* %94 = load i64, i64* %93, align 8 store i64 %94, i64* %17, align 8, !tbaa !1261 %95 = inttoptr i64 %92 to i64* %96 = load i64, i64* %95, align 8 store i64 %96, i64* %3, align 8, !tbaa !1261 %97 = add i64 %54, 64 store i64 %97, i64* %12, align 8, !tbaa !1261 ret %struct.Memory* %51 block_760: ; preds = %block_756, %block_760 %98 = phi i64 [ 0, %block_756 ], [ %116, %block_760 ] %99 = phi i64 [ %146, %block_756 ], [ %144, %block_760 ] %100 = load i64, i64* %17, align 8 store i64 %100, i64* %9, align 8, !tbaa !1261 %101 = load i64, i64* %16, align 8 store i64 %101, i64* %10, align 8, !tbaa !1261 %102 = load i32, i32* %7, align 4 %103 = zext i32 %102 to i64 store i64 %103, i64* %11, align 8, !tbaa !1261 %104 = load i64, i64* %14, align 8 %105 = shl i64 %98, 3 %106 = add i64 %104, %105 %107 = add i64 %99, 13 %108 = load i64, i64* %12, align 8, !tbaa !1261 %109 = add i64 %108, -8 %110 = inttoptr i64 %109 to i64* store i64 %107, i64* %110, align 8 store i64 %109, i64* %12, align 8, !tbaa !1261 %111 = inttoptr i64 %106 to i64* %112 = load i64, i64* %111, align 8 store i64 %112, i64* %3, align 8, !tbaa !1261 %113 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %112, %struct.Memory* %51) %114 = load i64, i64* %8, align 8 %115 = load i64, i64* %3, align 8 %116 = add i64 %114, 1 store i64 %116, i64* %8, align 8, !tbaa !1261 %117 = lshr i64 %116, 63 %118 = load i64, i64* %13, align 8 %119 = sub i64 %118, %116 %120 = icmp ult i64 %118, %116 %121 = zext i1 %120 to i8 store i8 %121, i8* %41, align 1, !tbaa !1265 %122 = trunc i64 %119 to i32 %123 = and i32 %122, 255 %124 = tail call i32 @llvm.ctpop.i32(i32 %123) #12 %125 = trunc i32 %124 to i8 %126 = and i8 %125, 1 %127 = xor i8 %126, 1 store i8 %127, i8* %42, align 1, !tbaa !1279 %128 = xor i64 %118, %116 %129 = xor i64 %128, %119 %130 = lshr i64 %129, 4 %131 = trunc i64 %130 to i8 %132 = and i8 %131, 1 store i8 %132, i8* %43, align 1, !tbaa !1283 %133 = icmp eq i64 %119, 0 %134 = zext i1 %133 to i8 store i8 %134, i8* %44, align 1, !tbaa !1280 %135 = lshr i64 %119, 63 %136 = trunc i64 %135 to i8 store i8 %136, i8* %45, align 1, !tbaa !1281 %137 = lshr i64 %118, 63 %138 = xor i64 %137, %117 %139 = xor i64 %135, %137 %140 = add nuw nsw i64 %139, %138 %141 = icmp eq i64 %140, 2 %142 = zext i1 %141 to i8 store i8 %142, i8* %46, align 1, !tbaa !1282 %143 = select i1 %133, i64 9, i64 -13 %144 = add i64 %143, %115 br i1 %133, label %block_776.loopexit, label %block_760 block_756: ; preds = %block_720 %145 = load i64, i64* %3, align 8 store i64 0, i64* %8, align 8, !tbaa !1261 store i8 0, i8* %41, align 1, !tbaa !1265 store i8 1, i8* %42, align 1, !tbaa !1279 store i8 1, i8* %44, align 1, !tbaa !1280 store i8 0, i8* %45, align 1, !tbaa !1281 store i8 0, i8* %46, align 1, !tbaa !1282 store i8 0, i8* %43, align 1, !tbaa !1283 %146 = add i64 %145, 15 br label %block_760 } ; Function Attrs: nobuiltin noinline norecurse nounwind define i64 @callback_sub_680_frame_dummy(i64, i64, i64, i64, i64, i64, i64, i64) #7 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1664, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_680_frame_dummy(%struct.State* nonnull @__mcsema_reg_state, i64 1664, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define void @__mcsema_verify_reg_state() local_unnamed_addr #8 { entry: %0 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %1 = icmp eq i64 %0, 0 br i1 %1, label %is_null, label %end is_null: ; preds = %entry store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %end end: ; preds = %is_null, %entry ret void } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_640___do_global_dtors_aux(i64, i64, i64, i64, i64, i64, i64, i64) #9 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1600, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_640___do_global_dtors_aux(%struct.State* nonnull @__mcsema_reg_state, i64 1600, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: noinline nounwind define %struct.Memory* @__mcsema_detach_call_value(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 %13 = load i64, i64* %9, align 8 %14 = load i64, i64* %8, align 8 %15 = load i64, i64* %7, align 8 %16 = load i64, i64* %6, align 8 %17 = load i64, i64* %11, align 8 %18 = load i64, i64* %12, align 8 %19 = load i64, i64* %10, align 8 %20 = add i64 %19, 8 %21 = inttoptr i64 %20 to i64* %22 = load i64, i64* %21, align 8 %23 = add i64 %19, 16 %24 = inttoptr i64 %23 to i64* %25 = load i64, i64* %24, align 8 %26 = inttoptr i64 %1 to i64 (i64, i64, i64, i64, i64, i64, i64, i64)* %27 = tail call i64 %26(i64 %13, i64 %14, i64 %15, i64 %16, i64 %17, i64 %18, i64 %22, i64 %25) #12 store i64 %27, i64* %5, align 8 %28 = inttoptr i64 %19 to i64* %29 = load i64, i64* %28, align 8 store i64 %29, i64* %4, align 8 store i64 %20, i64* %10, align 8 ret %struct.Memory* %2 } ; Function Attrs: alwaysinline inlinehint define %struct.Memory* @ext_201440_puts(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #10 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i64* %9 = load i64, i64* %8, align 8 store i64 %9, i64* %4, align 8 %10 = add i64 %7, 8 store i64 %10, i64* %6, align 8 %11 = tail call i64 @puts() store i64 %11, i64* %5, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline norecurse nounwind define i64 @callback_sub_790___libc_csu_fini() #7 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1936, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_790___libc_csu_fini(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_720___libc_csu_init() #9 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1824, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_720___libc_csu_init(%struct.State* nonnull @__mcsema_reg_state, i64 1824, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline define i64 @main(i64, i64, i64) #11 { %4 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %3 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %3 %6 = phi i64 [ %4, %3 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1751, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %7 = load volatile i1, i1* @0, align 1 br i1 %7, label %__mcsema_early_init.exit, label %8 ; <label>:8: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %8, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 %9 = add i64 %6, -8 store i64 %9, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = tail call %struct.Memory* @sub_6d7_main(%struct.State* nonnull @__mcsema_reg_state, i64 1751, %struct.Memory* null) store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %11 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %11 } ; Function Attrs: alwaysinline inlinehint define %struct.Memory* @ext_201438_printf(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #10 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i64* %9 = load i64, i64* %8, align 8 store i64 %9, i64* %4, align 8 %10 = add i64 %7, 8 store i64 %10, i64* %6, align 8 %11 = tail call i64 @printf() store i64 %11, i64* %5, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline nounwind define i64 @targ570(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #9 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1392, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_570_targ570(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nobuiltin noinline define i64 @printArray(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #11 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1674, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_68a_printArray(%struct.State* nonnull @__mcsema_reg_state, i64 1674, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define internal void @__mcsema_destructor() #8 { %1 = tail call i64 @callback_sub_790___libc_csu_fini() ret void } ; Function Attrs: nounwind define internal void @__mcsema_constructor() #12 { %1 = load volatile i1, i1* @0, align 1 br i1 %1, label %__mcsema_early_init.exit, label %2 ; <label>:2: ; preds = %0 store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %2, %0 %3 = tail call i64 @callback_sub_720___libc_csu_init() ret void } ; Function Attrs: noinline nounwind optnone define %struct.State* @__mcsema_debug_get_reg_state() local_unnamed_addr #13 { ret %struct.State* @__mcsema_reg_state } ; Function Attrs: noreturn nounwind declare void @llvm.trap() #14 attributes #0 = { nounwind readnone } attributes #1 = { noduplicate noinline noreturn nounwind optnone "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #2 = { noinline } attributes #3 = { noinline nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #4 = { noinline norecurse nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #5 = { noinline "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #6 = { noinline noreturn nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #7 = { nobuiltin noinline norecurse nounwind } attributes #8 = { norecurse nounwind } attributes #9 = { nobuiltin noinline nounwind } attributes #10 = { alwaysinline inlinehint "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #11 = { nobuiltin noinline } attributes #12 = { nounwind } attributes #13 = { noinline nounwind optnone } attributes #14 = { noreturn nounwind } !llvm.ident = !{!0, !0} !llvm.dbg.cu = !{!1} !llvm.module.flags = !{!1259, !1260}

Test5

Source code:
#include <stdio.h> #include <stdlib.h> int isPrime(int n) { if (n <= 1) return 0; for (int i = 2; i < n; i++) if (n % i == 0) return 0; return 1; } int main(int argc, char **argv) { for (int i = 0; i < argc + 10000; i++) { if (isPrime(i)) { printf("%d is a prime\n", i); } } return 0; }

Compiled LLVM:
Non-optimised:
; ModuleID = 'test.bc' source_filename = "test.c" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-unknown-linux-gnu" @.str = private unnamed_addr constant [15 x i8] c"%d is a prime\0A\00", align 1 ; Function Attrs: noinline nounwind optnone uwtable define dso_local i32 @isPrime(i32 %n) #0 { entry: %retval = alloca i32, align 4 %n.addr = alloca i32, align 4 %i = alloca i32, align 4 store i32 %n, i32* %n.addr, align 4 %0 = load i32, i32* %n.addr, align 4 %cmp = icmp sle i32 %0, 1 br i1 %cmp, label %if.then, label %if.end if.then: ; preds = %entry store i32 0, i32* %retval, align 4 br label %return if.end: ; preds = %entry store i32 2, i32* %i, align 4 br label %for.cond for.cond: ; preds = %for.inc, %if.end %1 = load i32, i32* %i, align 4 %2 = load i32, i32* %n.addr, align 4 %cmp1 = icmp slt i32 %1, %2 br i1 %cmp1, label %for.body, label %for.end for.body: ; preds = %for.cond %3 = load i32, i32* %n.addr, align 4 %4 = load i32, i32* %i, align 4 %rem = srem i32 %3, %4 %cmp2 = icmp eq i32 %rem, 0 br i1 %cmp2, label %if.then3, label %if.end4 if.then3: ; preds = %for.body store i32 0, i32* %retval, align 4 br label %return if.end4: ; preds = %for.body br label %for.inc for.inc: ; preds = %if.end4 %5 = load i32, i32* %i, align 4 %inc = add nsw i32 %5, 1 store i32 %inc, i32* %i, align 4 br label %for.cond for.end: ; preds = %for.cond store i32 1, i32* %retval, align 4 br label %return return: ; preds = %for.end, %if.then3, %if.then %6 = load i32, i32* %retval, align 4 ret i32 %6 } ; Function Attrs: noinline nounwind optnone uwtable define dso_local i32 @main(i32 %argc, i8** %argv) #0 { entry: %retval = alloca i32, align 4 %argc.addr = alloca i32, align 4 %argv.addr = alloca i8**, align 8 %i = alloca i32, align 4 store i32 0, i32* %retval, align 4 store i32 %argc, i32* %argc.addr, align 4 store i8** %argv, i8*** %argv.addr, align 8 store i32 0, i32* %i, align 4 br label %for.cond for.cond: ; preds = %for.inc, %entry %0 = load i32, i32* %i, align 4 %1 = load i32, i32* %argc.addr, align 4 %add = add nsw i32 %1, 10000 %cmp = icmp slt i32 %0, %add br i1 %cmp, label %for.body, label %for.end for.body: ; preds = %for.cond %2 = load i32, i32* %i, align 4 %call = call i32 @isPrime(i32 %2) %tobool = icmp ne i32 %call, 0 br i1 %tobool, label %if.then, label %if.end if.then: ; preds = %for.body %3 = load i32, i32* %i, align 4 %call1 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str, i32 0, i32 0), i32 %3) br label %if.end if.end: ; preds = %if.then, %for.body br label %for.inc for.inc: ; preds = %if.end %4 = load i32, i32* %i, align 4 %inc = add nsw i32 %4, 1 store i32 %inc, i32* %i, align 4 br label %for.cond for.end: ; preds = %for.cond ret i32 0 } declare dso_local i32 @printf(i8*, ...) #1 attributes #0 = { noinline nounwind optnone uwtable "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "min-legal-vector-width"="0" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #1 = { "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } !llvm.module.flags = !{!0} !llvm.ident = !{!1} !0 = !{i32 1, !"wchar_size", i32 4} !1 = !{!"clang version 8.0.0 (tags/RELEASE_800/final)"}

Optimised:
; ModuleID = 'opt_test.bc' source_filename = "test.c" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-unknown-linux-gnu" @.str = private unnamed_addr constant [15 x i8] c"%d is a prime\0A\00", align 1 ; Function Attrs: norecurse nounwind readnone uwtable define dso_local i32 @isPrime(i32 %n) local_unnamed_addr #0 { entry: %cmp = icmp slt i32 %n, 2 br i1 %cmp, label %cleanup, label %for.cond.preheader for.cond.preheader: ; preds = %entry %cmp110 = icmp eq i32 %n, 2 br i1 %cmp110, label %cleanup, label %for.body for.cond: ; preds = %for.body %cmp1 = icmp slt i32 %inc, %n br i1 %cmp1, label %for.body, label %cleanup for.body: ; preds = %for.cond.preheader, %for.cond %i.011 = phi i32 [ %inc, %for.cond ], [ 2, %for.cond.preheader ] %rem = srem i32 %n, %i.011 %cmp2 = icmp eq i32 %rem, 0 %inc = add nuw nsw i32 %i.011, 1 br i1 %cmp2, label %cleanup, label %for.cond cleanup: ; preds = %for.body, %for.cond, %for.cond.preheader, %entry %0 = phi i32 [ 0, %entry ], [ 1, %for.cond.preheader ], [ 0, %for.body ], [ 1, %for.cond ] ret i32 %0 } ; Function Attrs: nounwind uwtable define dso_local i32 @main(i32 %argc, i8** nocapture readnone %argv) local_unnamed_addr #1 { entry: %add = add i32 %argc, 10000 %cmp7 = icmp sgt i32 %add, 0 br i1 %cmp7, label %for.body, label %for.cond.cleanup for.cond.cleanup: ; preds = %for.inc, %entry ret i32 0 for.body: ; preds = %entry, %for.inc %i.08 = phi i32 [ %inc, %for.inc ], [ 0, %entry ] %cmp.i = icmp ult i32 %i.08, 2 br i1 %cmp.i, label %for.inc, label %for.cond.preheader.i for.cond.preheader.i: ; preds = %for.body %cmp110.i = icmp eq i32 %i.08, 2 br i1 %cmp110.i, label %if.then, label %for.body.i for.cond.i: ; preds = %for.body.i %cmp1.i = icmp ult i32 %inc.i, %i.08 br i1 %cmp1.i, label %for.body.i, label %if.then for.body.i: ; preds = %for.cond.preheader.i, %for.cond.i %i.011.i = phi i32 [ %inc.i, %for.cond.i ], [ 2, %for.cond.preheader.i ] %rem.i = urem i32 %i.08, %i.011.i %cmp2.i = icmp eq i32 %rem.i, 0 %inc.i = add nuw nsw i32 %i.011.i, 1 br i1 %cmp2.i, label %for.inc, label %for.cond.i if.then: ; preds = %for.cond.i, %for.cond.preheader.i %call1 = tail call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str, i64 0, i64 0), i32 %i.08) br label %for.inc for.inc: ; preds = %for.body.i, %for.body, %if.then %inc = add nuw nsw i32 %i.08, 1 %exitcond = icmp eq i32 %inc, %add br i1 %exitcond, label %for.cond.cleanup, label %for.body } ; Function Attrs: nounwind declare dso_local i32 @printf(i8* nocapture readonly, ...) local_unnamed_addr #2 attributes #0 = { norecurse nounwind readnone uwtable "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "min-legal-vector-width"="0" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #1 = { nounwind uwtable "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "min-legal-vector-width"="0" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #2 = { nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } !llvm.module.flags = !{!0} !llvm.ident = !{!1} !0 = !{i32 1, !"wchar_size", i32 4} !1 = !{!"clang version 8.0.0 (tags/RELEASE_800/final)"}

Raised by mctoll
Non-optimised:
; ModuleID = '../a.out' source_filename = "../a.out" @RO-String = private constant [15 x i8] c"%d is a prime\0A\00", align 1 define dso_local i32 @isPrime(i32 %arg1) { entry: %0 = alloca i64, align 8 %1 = alloca i32, i32 4, align 4 %2 = alloca i32, align 4 %3 = alloca i64, align 8 %4 = ptrtoint i64* %0 to i64 store i32 %arg1, i32* %1, align 4 %5 = load i32, i32* %1, align 4 %6 = zext i32 %5 to i64 %7 = zext i32 1 to i64 %8 = sub i64 %6, %7 %ZF = icmp eq i64 %8, 0 %9 = shl i64 1, 63 %10 = and i64 %9, %8 %SF = icmp eq i64 %10, %9 %ZFCmp_JG = icmp eq i1 %ZF, false %SFOFCmp_JG = icmp eq i1 %SF, false %ZFAndSFOF_JG = and i1 %ZFCmp_JG, %SFOFCmp_JG br i1 %ZFAndSFOF_JG, label %bb.2, label %bb.1 bb.1: ; preds = %entry %11 = zext i32 0 to i64 store i64 %11, i64* %3 br label %bb.8 bb.2: ; preds = %entry store i32 2, i32* %2, align 4 br label %bb.6 bb.6: ; preds = %bb.5, %bb.2 %12 = load i32, i32* %2, align 4 %13 = load i32, i32* %1, align 4 %14 = sub i32 %12, %13 %ZF1 = icmp eq i32 %14, 0 %15 = shl i32 1, 31 %16 = and i32 %15, %14 %SF2 = icmp eq i32 %16, %15 %SFAndOF_JL = icmp ne i1 %SF2, false br i1 %SFAndOF_JL, label %bb.3, label %bb.7 bb.7: ; preds = %bb.6 %17 = zext i32 1 to i64 store i64 %17, i64* %3 br label %bb.8 bb.3: ; preds = %bb.6 %18 = load i32, i32* %1, align 4 %19 = sext i32 %18 to i64 %20 = lshr i64 %19, 32 %21 = trunc i64 %20 to i32 %22 = sext i32 %18 to i64 %23 = sext i32 %21 to i64 %24 = shl nuw i64 %23, 32 %25 = or i64 %24, %22 %26 = load i32, i32* %2, align 4 %27 = sext i32 %26 to i64 %28 = sdiv i64 %25, %27 %29 = trunc i64 %28 to i32 %30 = srem i64 %25, %27 %31 = trunc i64 %30 to i32 %32 = and i32 %31, %31 %33 = shl i32 1, 31 %34 = and i32 %33, %32 %SF3 = icmp eq i32 %34, %33 %ZF4 = icmp eq i32 %32, 0 %CmpZF_JNE = icmp eq i1 %ZF4, false br i1 %CmpZF_JNE, label %bb.5, label %bb.4 bb.4: ; preds = %bb.3 %35 = zext i32 0 to i64 store i64 %35, i64* %3 br label %bb.8 bb.8: ; preds = %bb.7, %bb.4, %bb.1 %36 = load i64, i64* %3 %37 = trunc i64 %36 to i32 ret i32 %37 bb.5: ; preds = %bb.3 %38 = load i32, i32* %2, align 4 %39 = zext i8 1 to i32 %40 = add i32 %38, %39 store i32 %40, i32* %2, align 4 br label %bb.6 } declare dso_local i32 @printf(i8*, ...) define dso_local i32 @main(i32 %arg1, i64 %arg2) { entry: %0 = alloca i64, align 8 %StackAdj = alloca i64, align 8 %1 = alloca i32, i32 4, align 4 %2 = alloca i32, align 4 %3 = ptrtoint i64* %0 to i64 store i32 %arg1, i32* %1, align 4 store i64 %arg2, i64* %StackAdj, align 8 store i32 0, i32* %2, align 4 br label %bb.4 bb.4: ; preds = %bb.3, %entry %4 = load i32, i32* %1, align 4 %5 = add i32 %4, 10000 %CF = icmp ne i32 %5, 0 %6 = load i32, i32* %2, align 4 %7 = zext i32 %6 to i64 %8 = zext i32 %5 to i64 %9 = sub i64 %7, %8 %ZF = icmp eq i64 %9, 0 %10 = shl i64 1, 63 %11 = and i64 %10, %9 %SF = icmp eq i64 %11, %10 %SFAndOF_JL = icmp ne i1 %SF, false br i1 %SFAndOF_JL, label %bb.1, label %bb.5 bb.5: ; preds = %bb.4 ret i32 0 bb.1: ; preds = %bb.4 %12 = load i32, i32* %2, align 4 %13 = call i32 @isPrime(i32 %12) %14 = and i32 %13, %13 %15 = shl i32 1, 31 %16 = and i32 %15, %14 %SF1 = icmp eq i32 %16, %15 %ZF2 = icmp eq i32 %14, 0 %CmpZF_JE = icmp eq i1 %ZF2, true br i1 %CmpZF_JE, label %bb.3, label %bb.2 bb.2: ; preds = %bb.1 %17 = load i32, i32* %2, align 4 %18 = ptrtoint [15 x i8]* @RO-String to i64 %19 = inttoptr i64 %18 to i8* %20 = call i32 (i8*, ...) @printf(i8* %19, i32 %17) br label %bb.3 bb.3: ; preds = %bb.2, %bb.1 %21 = load i32, i32* %2, align 4 %22 = zext i8 1 to i32 %23 = add i32 %21, %22 store i32 %23, i32* %2, align 4 br label %bb.4 }

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "../a.out" @RO-String = private constant [15 x i8] c"%d is a prime\0A\00", align 1 ; Function Attrs: norecurse nounwind readnone define dso_local i32 @isPrime(i32 %arg1) local_unnamed_addr #0 { entry: %0 = icmp ugt i32 %arg1, 1 br i1 %0, label %bb.6.preheader, label %bb.8 bb.6.preheader: ; preds = %entry %1 = sext i32 %arg1 to i64 %2 = ashr i32 %arg1, 31 %3 = sext i32 %2 to i64 %4 = shl nuw nsw i64 %3, 32 %5 = or i64 %4, %1 %6 = sub i32 2, %arg1 %SF25 = icmp slt i32 %6, 0 br i1 %SF25, label %bb.3, label %bb.8 bb.6: ; preds = %bb.3 %7 = sub i32 %11, %arg1 %SF2 = icmp slt i32 %7, 0 br i1 %SF2, label %bb.3, label %bb.8 bb.3: ; preds = %bb.6.preheader, %bb.6 %.046 = phi i32 [ %11, %bb.6 ], [ 2, %bb.6.preheader ] %8 = sext i32 %.046 to i64 %9 = srem i64 %5, %8 %10 = trunc i64 %9 to i32 %ZF4 = icmp eq i32 %10, 0 %11 = add nuw i32 %.046, 1 br i1 %ZF4, label %bb.8, label %bb.6 bb.8: ; preds = %bb.6, %bb.3, %bb.6.preheader, %entry %.0.off0 = phi i32 [ 0, %entry ], [ 1, %bb.6.preheader ], [ 1, %bb.6 ], [ 0, %bb.3 ] ret i32 %.0.off0 } ; Function Attrs: nounwind declare dso_local i32 @printf(i8* nocapture readonly, ...) local_unnamed_addr #1 ; Function Attrs: nounwind define dso_local i32 @main(i32 %arg1, i64 %arg2) local_unnamed_addr #1 { entry: %0 = add i32 %arg1, 10000 %SF5 = icmp eq i32 %0, 0 br i1 %SF5, label %bb.5, label %bb.1 bb.5: ; preds = %bb.3, %entry ret i32 0 bb.1: ; preds = %entry, %bb.3 %.06 = phi i32 [ %14, %bb.3 ], [ 0, %entry ] %1 = icmp ugt i32 %.06, 1 br i1 %1, label %bb.6.preheader.i, label %bb.3 bb.6.preheader.i: ; preds = %bb.1 %2 = sext i32 %.06 to i64 %3 = ashr i32 %.06, 31 %4 = sext i32 %3 to i64 %5 = shl nuw nsw i64 %4, 32 %6 = or i64 %5, %2 %7 = sub i32 2, %.06 %SF25.i = icmp slt i32 %7, 0 br i1 %SF25.i, label %bb.3.i, label %bb.2 bb.6.i: ; preds = %bb.3.i %8 = sub i32 %12, %.06 %SF2.i = icmp slt i32 %8, 0 br i1 %SF2.i, label %bb.3.i, label %bb.2 bb.3.i: ; preds = %bb.6.preheader.i, %bb.6.i %.046.i = phi i32 [ %12, %bb.6.i ], [ 2, %bb.6.preheader.i ] %9 = sext i32 %.046.i to i64 %10 = srem i64 %6, %9 %11 = trunc i64 %10 to i32 %ZF4.i = icmp eq i32 %11, 0 %12 = add nuw i32 %.046.i, 1 br i1 %ZF4.i, label %bb.3, label %bb.6.i bb.2: ; preds = %bb.6.i, %bb.6.preheader.i %13 = tail call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @RO-String, i64 0, i64 0), i32 %.06) br label %bb.3 bb.3: ; preds = %bb.3.i, %bb.1, %bb.2 %14 = add nuw i32 %.06, 1 %SF = icmp ult i32 %14, %0 br i1 %SF, label %bb.1, label %bb.5 } attributes #0 = { norecurse nounwind readnone } attributes #1 = { nounwind }

Raised by retdec
Non-optimised:
source_filename = "test" target datalayout = "e-m:e-p:64:64-i64:64-f80:128-n8:16:32:64-S128" @global_var_201010.1 = global i64 0 @global_var_774.3 = constant [15 x i8] c"%d is a prime\0A\00" @global_var_200db8.4 = global i64 1600 @global_var_200dc0.5 = global i64 1536 @0 = external global i32 define i64 @_init() local_unnamed_addr { dec_label_pc_4f0: %v0_4f4 = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_4fb = icmp eq i64 %v0_4f4, 0 br i1 %v1_4fb, label %dec_label_pc_502, label %dec_label_pc_500 dec_label_pc_500: ; preds = %dec_label_pc_4f0 call void @__gmon_start__() br label %dec_label_pc_502 dec_label_pc_502: ; preds = %dec_label_pc_500, %dec_label_pc_4f0 %v0_506 = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_500 ], [ 0, %dec_label_pc_4f0 ] ret i64 %v0_506 } define i32 @function_520(i8* %format, ...) local_unnamed_addr { dec_label_pc_520: %v2_520 = call i32 (i8*, ...) @printf(i8* %format) ret i32 %v2_520 } define void @function_530(i64* %d) local_unnamed_addr { dec_label_pc_530: call void @__cxa_finalize(i64* %d) ret void } define i64 @_start(i64 %arg1, i64 %arg2, i64 %arg3, i64 %arg4) local_unnamed_addr { dec_label_pc_540: %rdx.global-to-local = alloca i64, align 8 store i64 %arg3, i64* %rdx.global-to-local, align 8 %stack_var_8 = alloca i64, align 8 %v0_542 = load i64, i64* %rdx.global-to-local, align 8 %v4_545 = ptrtoint i64* %stack_var_8 to i64 %tmp248 = bitcast i64* %stack_var_8 to i8** store i64 %v4_545, i64* %rdx.global-to-local, align 8 %v2_564 = trunc i64 %arg4 to i32 %v13_564 = inttoptr i64 %v0_542 to void ()* %v14_564 = call i32 @__libc_start_main(i64 1678, i32 %v2_564, i8** %tmp248, void ()* inttoptr (i64 1776 to void ()*), void ()* inttoptr (i64 1888 to void ()*), void ()* %v13_564) %v0_56a = call i64 @__asm_hlt() unreachable } define i64 @deregister_tm_clones() local_unnamed_addr { dec_label_pc_570: ret i64 ptrtoint (i64* @global_var_201010.1 to i64) } define i64 @register_tm_clones() local_unnamed_addr { dec_label_pc_5b0: ret i64 0 } define i64 @__do_global_dtors_aux() local_unnamed_addr { dec_label_pc_600: %rax.global-to-local = alloca i64, align 8 %rbp.global-to-local = alloca i64, align 8 %stack_var_-8 = alloca i64, align 8 %v0_600 = load i8, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v7_600 = icmp eq i8 %v0_600, 0 %v1_607 = icmp eq i1 %v7_600, false br i1 %v1_607, label %dec_label_pc_638, label %dec_label_pc_609 dec_label_pc_609: ; preds = %dec_label_pc_600 %v0_609 = load i64, i64* inttoptr (i64 2101240 to i64*), align 8 %v7_609 = icmp eq i64 %v0_609, 0 %v0_611 = load i64, i64* %rbp.global-to-local, align 8 store i64 %v0_611, i64* %stack_var_-8, align 8 %v4_611 = ptrtoint i64* %stack_var_-8 to i64 store i64 %v4_611, i64* %rbp.global-to-local, align 8 br i1 %v7_609, label %dec_label_pc_623, label %dec_label_pc_617 dec_label_pc_617: ; preds = %dec_label_pc_609 %v0_617 = load i64, i64* inttoptr (i64 2101256 to i64*), align 8 %v1_61e = inttoptr i64 %v0_617 to i64* call void @__cxa_finalize(i64* %v1_61e) store i64 ptrtoint (i32* @0 to i64), i64* %rax.global-to-local, align 8 br label %dec_label_pc_623 dec_label_pc_623: ; preds = %dec_label_pc_617, %dec_label_pc_609 %v0_623 = call i64 @deregister_tm_clones() store i64 %v0_623, i64* %rax.global-to-local, align 8 store i8 1, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v2_62f = load i64, i64* %stack_var_-8, align 8 store i64 %v2_62f, i64* %rbp.global-to-local, align 8 ret i64 %v0_623 dec_label_pc_638: ; preds = %dec_label_pc_600 %v0_638 = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_638 } define i64 @frame_dummy() local_unnamed_addr { dec_label_pc_640: %v0_645 = call i64 @register_tm_clones() ret i64 %v0_645 } define i64 @isPrime(i64 %arg1) local_unnamed_addr { dec_label_pc_64a: %rdi.global-to-local = alloca i64, align 8 store i64 %arg1, i64* %rdi.global-to-local, align 8 %v0_64e = load i64, i64* %rdi.global-to-local, align 8 %v4_651 = trunc i64 %v0_64e to i32 %v9_655 = icmp sgt i32 %v4_651, 1 br i1 %v9_655, label %dec_label_pc_67f.preheader, label %dec_label_pc_657 dec_label_pc_67f.preheader: ; preds = %dec_label_pc_64a %v8_6859 = icmp eq i32 %v4_651, 2 br i1 %v8_6859, label %dec_label_pc_687, label %dec_label_pc_667.lr.ph dec_label_pc_667.lr.ph: ; preds = %dec_label_pc_67f.preheader %v2_66a = ashr i32 %v4_651, 31 %v3_66a = zext i32 %v2_66a to i64 %v6_66b = mul nuw i64 %v3_66a, 4294967296 %v7_66b = or i64 %v6_66b, %v0_64e %sext = mul i64 %v0_64e, 4294967296 %tmp30 = sdiv i64 %sext, 4294967296 br label %dec_label_pc_667 dec_label_pc_657: ; preds = %dec_label_pc_64a br label %dec_label_pc_68c dec_label_pc_667: ; preds = %dec_label_pc_667.lr.ph, %dec_label_pc_67b %indvars.iv = phi i64 [ 2, %dec_label_pc_667.lr.ph ], [ %indvars.iv.next, %dec_label_pc_67b ] %v10_66b = srem i64 %v7_66b, %indvars.iv %v4_670 = trunc i64 %v10_66b to i32 %v5_670 = icmp eq i32 %v4_670, 0 %v1_672 = icmp eq i1 %v5_670, false br i1 %v1_672, label %dec_label_pc_67b, label %dec_label_pc_674 dec_label_pc_674: ; preds = %dec_label_pc_667 br label %dec_label_pc_68c dec_label_pc_67b: ; preds = %dec_label_pc_667 %indvars.iv.next = add nuw nsw i64 %indvars.iv, 1 %v8_685 = icmp slt i64 %indvars.iv.next, %tmp30 br i1 %v8_685, label %dec_label_pc_667, label %dec_label_pc_67f.dec_label_pc_687_crit_edge dec_label_pc_67f.dec_label_pc_687_crit_edge: ; preds = %dec_label_pc_67b br label %dec_label_pc_687 dec_label_pc_687: ; preds = %dec_label_pc_67f.preheader, %dec_label_pc_67f.dec_label_pc_687_crit_edge br label %dec_label_pc_68c dec_label_pc_68c: ; preds = %dec_label_pc_674, %dec_label_pc_687, %dec_label_pc_657 %v0_68d = phi i64 [ 0, %dec_label_pc_674 ], [ 1, %dec_label_pc_687 ], [ 0, %dec_label_pc_657 ] ret i64 %v0_68d } define i64 @main(i64 %argc, i8** %argv) local_unnamed_addr { dec_label_pc_68e: %rbp.global-to-local = alloca i64, align 8 %rdi.global-to-local = alloca i64, align 8 store i64 %argc, i64* %rdi.global-to-local, align 8 %stack_var_-8 = alloca i64, align 8 %v0_68e = load i64, i64* %rbp.global-to-local, align 8 store i64 %v0_68e, i64* %stack_var_-8, align 8 %v4_68e = ptrtoint i64* %stack_var_-8 to i64 store i64 %v4_68e, i64* %rbp.global-to-local, align 8 %v0_696 = load i64, i64* %rdi.global-to-local, align 8 %v2_6d1 = add i64 %v0_696, 10000 %v16_6d1 = and i64 %v2_6d1, 4294967295 %v7_6d9254 = icmp eq i64 %v16_6d1, 0 br i1 %v7_6d9254, label %dec_label_pc_6db, label %dec_label_pc_6a6 dec_label_pc_6a6: ; preds = %dec_label_pc_68e, %dec_label_pc_6ca %storemerge255 = phi i32 [ %v4_6ca, %dec_label_pc_6ca ], [ 0, %dec_label_pc_68e ] %v4_6a6 = zext i32 %storemerge255 to i64 store i64 %v4_6a6, i64* %rdi.global-to-local, align 8 %v1_6ab = call i64 @isPrime(i64 %v4_6a6) %v4_6b0 = trunc i64 %v1_6ab to i32 %v5_6b0 = icmp eq i32 %v4_6b0, 0 br i1 %v5_6b0, label %dec_label_pc_6ca, label %dec_label_pc_6b4 dec_label_pc_6b4: ; preds = %dec_label_pc_6a6 store i64 ptrtoint ([15 x i8]* @global_var_774.3 to i64), i64* %rdi.global-to-local, align 8 %v4_6c5 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @global_var_774.3, i64 0, i64 0), i64 %v4_6a6) br label %dec_label_pc_6ca dec_label_pc_6ca: ; preds = %dec_label_pc_6b4, %dec_label_pc_6a6 %v4_6ca = add i32 %storemerge255, 1 %v6_6d6 = sext i32 %v4_6ca to i64 %v7_6d9 = icmp slt i64 %v6_6d6, %v16_6d1 br i1 %v7_6d9, label %dec_label_pc_6a6, label %dec_label_pc_6ce.dec_label_pc_6db_crit_edge dec_label_pc_6ce.dec_label_pc_6db_crit_edge: ; preds = %dec_label_pc_6ca %v2_6e0.pre = load i64, i64* %stack_var_-8, align 8 br label %dec_label_pc_6db dec_label_pc_6db: ; preds = %dec_label_pc_68e, %dec_label_pc_6ce.dec_label_pc_6db_crit_edge %v2_6e0 = phi i64 [ %v0_68e, %dec_label_pc_68e ], [ %v2_6e0.pre, %dec_label_pc_6ce.dec_label_pc_6db_crit_edge ] store i64 %v2_6e0, i64* %rbp.global-to-local, align 8 ret i64 0 } define i64 @__libc_csu_init(i64 %arg1, i64 %arg2, i64 %arg3) local_unnamed_addr { dec_label_pc_6f0: %r12.global-to-local = alloca i64, align 8 %r13.global-to-local = alloca i64, align 8 %r14.global-to-local = alloca i64, align 8 %r15.global-to-local = alloca i64, align 8 %rbp.global-to-local = alloca i64, align 8 %rbx.global-to-local = alloca i64, align 8 %rdi.global-to-local = alloca i64, align 8 %rdx.global-to-local = alloca i64, align 8 %rsi.global-to-local = alloca i64, align 8 store i64 %arg3, i64* %rdx.global-to-local, align 8 store i64 %arg2, i64* %rsi.global-to-local, align 8 store i64 %arg1, i64* %rdi.global-to-local, align 8 %v0_6f0 = load i64, i64* %r15.global-to-local, align 8 %v0_6f2 = load i64, i64* %r14.global-to-local, align 8 %v0_6f4 = load i64, i64* %rdx.global-to-local, align 8 store i64 %v0_6f4, i64* %r15.global-to-local, align 8 %v0_6f7 = load i64, i64* %r13.global-to-local, align 8 %v0_6f9 = load i64, i64* %r12.global-to-local, align 8 store i64 ptrtoint (i64* @global_var_200db8.4 to i64), i64* %r12.global-to-local, align 8 %v0_702 = load i64, i64* %rbp.global-to-local, align 8 %v0_70a = load i64, i64* %rbx.global-to-local, align 8 %v0_70b = load i64, i64* %rdi.global-to-local, align 8 store i64 %v0_70b, i64* %r13.global-to-local, align 8 %v0_70e = load i64, i64* %rsi.global-to-local, align 8 store i64 %v0_70e, i64* %r14.global-to-local, align 8 store i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200dc0.5 to i64), i64 ptrtoint (i64* @global_var_200db8.4 to i64)), i64 3), i64* %rbp.global-to-local, align 8 %v0_71c = call i64 @_init() br i1 icmp eq (i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200dc0.5 to i64), i64 ptrtoint (i64* @global_var_200db8.4 to i64)), i64 3), i64 0), label %dec_label_pc_746, label %dec_label_pc_726 dec_label_pc_726: ; preds = %dec_label_pc_6f0 store i64 0, i64* %rbx.global-to-local, align 8 %v0_730 = load i64, i64* %r15.global-to-local, align 8 %v0_733 = load i64, i64* %r14.global-to-local, align 8 %v0_736 = load i64, i64* %r13.global-to-local, align 8 br label %dec_label_pc_730 dec_label_pc_730: ; preds = %dec_label_pc_730, %dec_label_pc_726 %v1_73d2 = phi i64 [ %v1_73d, %dec_label_pc_730 ], [ 0, %dec_label_pc_726 ] %v1_73d = add i64 %v1_73d2, 1 %v12_741 = icmp eq i64 %v1_73d2, sub (i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200dc0.5 to i64), i64 ptrtoint (i64* @global_var_200db8.4 to i64)), i64 3), i64 1) %v1_744 = icmp eq i1 %v12_741, false br i1 %v1_744, label %dec_label_pc_730, label %dec_label_pc_746.loopexit dec_label_pc_746.loopexit: ; preds = %dec_label_pc_730 store i64 %v0_730, i64* %rdx.global-to-local, align 8 store i64 %v0_733, i64* %rsi.global-to-local, align 8 store i64 %v0_736, i64* %rdi.global-to-local, align 8 store i64 %v1_73d, i64* %rbx.global-to-local, align 8 br label %dec_label_pc_746 dec_label_pc_746: ; preds = %dec_label_pc_746.loopexit, %dec_label_pc_6f0 store i64 %v0_70a, i64* %rbx.global-to-local, align 8 store i64 %v0_702, i64* %rbp.global-to-local, align 8 store i64 %v0_6f9, i64* %r12.global-to-local, align 8 store i64 %v0_6f7, i64* %r13.global-to-local, align 8 store i64 %v0_6f2, i64* %r14.global-to-local, align 8 store i64 %v0_6f0, i64* %r15.global-to-local, align 8 ret i64 %v0_71c } define i64 @__libc_csu_fini() local_unnamed_addr { dec_label_pc_760: %rax.global-to-local = alloca i64, align 8 %v0_760 = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_760 } define i64 @_fini() local_unnamed_addr { dec_label_pc_764: %rax.global-to-local = alloca i64, align 8 %v0_76c = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_76c } declare i32 @printf(i8*, ...) local_unnamed_addr declare i32 @__libc_start_main(i64, i32, i8**, void ()*, void ()*, void ()*) local_unnamed_addr declare void @__gmon_start__() local_unnamed_addr declare void @__cxa_finalize(i64*) local_unnamed_addr declare i64 @__asm_hlt() local_unnamed_addr

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "test" target datalayout = "e-m:e-p:64:64-i64:64-f80:128-n8:16:32:64-S128" @global_var_201010.1 = global i64 0 @global_var_774.3 = constant [15 x i8] c"%d is a prime\0A\00" @global_var_200db8.4 = local_unnamed_addr global i64 1600 @global_var_200dc0.5 = local_unnamed_addr global i64 1536 @0 = external global i32 define i64 @_init() local_unnamed_addr { dec_label_pc_4f0: %v0_4f4 = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_4fb = icmp eq i64 %v0_4f4, 0 br i1 %v1_4fb, label %dec_label_pc_502, label %dec_label_pc_500 dec_label_pc_500: ; preds = %dec_label_pc_4f0 tail call void @__gmon_start__() br label %dec_label_pc_502 dec_label_pc_502: ; preds = %dec_label_pc_500, %dec_label_pc_4f0 %v0_506 = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_500 ], [ 0, %dec_label_pc_4f0 ] ret i64 %v0_506 } ; Function Attrs: nounwind define i32 @function_520(i8* nocapture readonly %format, ...) local_unnamed_addr #0 { dec_label_pc_520: %v2_520 = tail call i32 (i8*, ...) @printf(i8* %format) ret i32 %v2_520 } define void @function_530(i64* %d) local_unnamed_addr { dec_label_pc_530: tail call void @__cxa_finalize(i64* %d) ret void } ; Function Attrs: noreturn define i64 @_start(i64 %arg1, i64 %arg2, i64 %arg3, i64 %arg4) local_unnamed_addr #1 { dec_label_pc_540: %stack_var_8 = alloca i8*, align 8 %v2_564 = trunc i64 %arg4 to i32 %v13_564 = inttoptr i64 %arg3 to void ()* %v14_564 = call i32 @__libc_start_main(i64 1678, i32 %v2_564, i8** nonnull %stack_var_8, void ()* inttoptr (i64 1776 to void ()*), void ()* inttoptr (i64 1888 to void ()*), void ()* %v13_564) %v0_56a = call i64 @__asm_hlt() unreachable } ; Function Attrs: norecurse nounwind readnone define i64 @deregister_tm_clones() local_unnamed_addr #2 { dec_label_pc_570: ret i64 ptrtoint (i64* @global_var_201010.1 to i64) } ; Function Attrs: norecurse nounwind readnone define i64 @register_tm_clones() local_unnamed_addr #2 { dec_label_pc_5b0: ret i64 0 } define i64 @__do_global_dtors_aux() local_unnamed_addr { dec_label_pc_600: %v0_600 = load i8, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v7_600 = icmp eq i8 %v0_600, 0 br i1 %v7_600, label %dec_label_pc_609, label %dec_label_pc_638 dec_label_pc_609: ; preds = %dec_label_pc_600 %v0_609 = load i64, i64* inttoptr (i64 2101240 to i64*), align 8 %v7_609 = icmp eq i64 %v0_609, 0 br i1 %v7_609, label %dec_label_pc_623, label %dec_label_pc_617 dec_label_pc_617: ; preds = %dec_label_pc_609 %v0_6171 = load i64*, i64** inttoptr (i64 2101256 to i64**), align 8 tail call void @__cxa_finalize(i64* %v0_6171) br label %dec_label_pc_623 dec_label_pc_623: ; preds = %dec_label_pc_617, %dec_label_pc_609 store i8 1, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 ret i64 ptrtoint (i64* @global_var_201010.1 to i64) dec_label_pc_638: ; preds = %dec_label_pc_600 ret i64 undef } ; Function Attrs: norecurse nounwind readnone define i64 @frame_dummy() local_unnamed_addr #2 { dec_label_pc_640: ret i64 0 } ; Function Attrs: norecurse nounwind readnone define i64 @isPrime(i64 %arg1) local_unnamed_addr #2 { dec_label_pc_64a: %v4_651 = trunc i64 %arg1 to i32 %v9_655 = icmp sgt i32 %v4_651, 1 br i1 %v9_655, label %dec_label_pc_67f.preheader, label %dec_label_pc_68c dec_label_pc_67f.preheader: ; preds = %dec_label_pc_64a %v8_6859 = icmp eq i32 %v4_651, 2 br i1 %v8_6859, label %dec_label_pc_68c, label %dec_label_pc_667.lr.ph dec_label_pc_667.lr.ph: ; preds = %dec_label_pc_67f.preheader %0 = shl i64 %arg1, 1 %v6_66b = and i64 %0, 4294967296 %v7_66b = or i64 %v6_66b, %arg1 %sext = shl i64 %arg1, 32 %tmp30 = sdiv i64 %sext, 4294967296 br label %dec_label_pc_667 dec_label_pc_667: ; preds = %dec_label_pc_67b, %dec_label_pc_667.lr.ph %indvars.iv = phi i64 [ 2, %dec_label_pc_667.lr.ph ], [ %indvars.iv.next, %dec_label_pc_67b ] %v10_66b = srem i64 %v7_66b, %indvars.iv %v4_670 = trunc i64 %v10_66b to i32 %v5_670 = icmp eq i32 %v4_670, 0 br i1 %v5_670, label %dec_label_pc_68c, label %dec_label_pc_67b dec_label_pc_67b: ; preds = %dec_label_pc_667 %indvars.iv.next = add nuw nsw i64 %indvars.iv, 1 %v8_685 = icmp slt i64 %indvars.iv.next, %tmp30 br i1 %v8_685, label %dec_label_pc_667, label %dec_label_pc_68c dec_label_pc_68c: ; preds = %dec_label_pc_667, %dec_label_pc_67b, %dec_label_pc_67f.preheader, %dec_label_pc_64a %v0_68d = phi i64 [ 0, %dec_label_pc_64a ], [ 1, %dec_label_pc_67f.preheader ], [ 1, %dec_label_pc_67b ], [ 0, %dec_label_pc_667 ] ret i64 %v0_68d } ; Function Attrs: nounwind define i64 @main(i64 %argc, i8** nocapture readnone %argv) local_unnamed_addr #0 { dec_label_pc_68e: %v2_6d1 = add i64 %argc, 10000 %v16_6d1 = and i64 %v2_6d1, 4294967295 %v7_6d9254 = icmp eq i64 %v16_6d1, 0 br i1 %v7_6d9254, label %dec_label_pc_6db, label %dec_label_pc_6a6 dec_label_pc_6a6: ; preds = %dec_label_pc_68e, %dec_label_pc_6ca %storemerge255 = phi i32 [ %v4_6ca, %dec_label_pc_6ca ], [ 0, %dec_label_pc_68e ] %v4_6a6 = zext i32 %storemerge255 to i64 %v9_655.i = icmp sgt i32 %storemerge255, 1 br i1 %v9_655.i, label %dec_label_pc_67f.preheader.i, label %dec_label_pc_6ca dec_label_pc_67f.preheader.i: ; preds = %dec_label_pc_6a6 %v8_6859.i = icmp eq i32 %storemerge255, 2 br i1 %v8_6859.i, label %dec_label_pc_6b4, label %dec_label_pc_667.lr.ph.i dec_label_pc_667.lr.ph.i: ; preds = %dec_label_pc_67f.preheader.i %0 = shl nuw nsw i64 %v4_6a6, 1 %v6_66b.i = and i64 %0, 4294967296 %v7_66b.i = or i64 %v6_66b.i, %v4_6a6 %sext.i = shl nuw i64 %v4_6a6, 32 %tmp30.i = sdiv i64 %sext.i, 4294967296 br label %dec_label_pc_667.i dec_label_pc_667.i: ; preds = %dec_label_pc_67b.i, %dec_label_pc_667.lr.ph.i %indvars.iv.i = phi i64 [ 2, %dec_label_pc_667.lr.ph.i ], [ %indvars.iv.next.i, %dec_label_pc_67b.i ] %v10_66b.i = urem i64 %v7_66b.i, %indvars.iv.i %v4_670.i = trunc i64 %v10_66b.i to i32 %v5_670.i = icmp eq i32 %v4_670.i, 0 br i1 %v5_670.i, label %dec_label_pc_6ca, label %dec_label_pc_67b.i dec_label_pc_67b.i: ; preds = %dec_label_pc_667.i %indvars.iv.next.i = add nuw nsw i64 %indvars.iv.i, 1 %v8_685.i = icmp slt i64 %indvars.iv.next.i, %tmp30.i br i1 %v8_685.i, label %dec_label_pc_667.i, label %dec_label_pc_6b4 dec_label_pc_6b4: ; preds = %dec_label_pc_67b.i, %dec_label_pc_67f.preheader.i %v4_6c5 = tail call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @global_var_774.3, i64 0, i64 0), i64 %v4_6a6) br label %dec_label_pc_6ca dec_label_pc_6ca: ; preds = %dec_label_pc_667.i, %dec_label_pc_6a6, %dec_label_pc_6b4 %v4_6ca = add i32 %storemerge255, 1 %v6_6d6 = sext i32 %v4_6ca to i64 %v7_6d9 = icmp sgt i64 %v16_6d1, %v6_6d6 br i1 %v7_6d9, label %dec_label_pc_6a6, label %dec_label_pc_6db dec_label_pc_6db: ; preds = %dec_label_pc_6ca, %dec_label_pc_68e ret i64 0 } define i64 @__libc_csu_init(i64 %arg1, i64 %arg2, i64 %arg3) local_unnamed_addr { dec_label_pc_6f0: %v0_4f4.i = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_4fb.i = icmp eq i64 %v0_4f4.i, 0 br i1 %v1_4fb.i, label %dec_label_pc_746, label %dec_label_pc_500.i dec_label_pc_500.i: ; preds = %dec_label_pc_6f0 tail call void @__gmon_start__() br label %dec_label_pc_746 dec_label_pc_746: ; preds = %dec_label_pc_500.i, %dec_label_pc_6f0 %v0_506.i = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_500.i ], [ 0, %dec_label_pc_6f0 ] ret i64 %v0_506.i } ; Function Attrs: norecurse nounwind readnone define i64 @__libc_csu_fini() local_unnamed_addr #2 { dec_label_pc_760: ret i64 undef } ; Function Attrs: norecurse nounwind readnone define i64 @_fini() local_unnamed_addr #2 { dec_label_pc_764: ret i64 undef } ; Function Attrs: nounwind declare i32 @printf(i8* nocapture readonly, ...) local_unnamed_addr #0 declare i32 @__libc_start_main(i64, i32, i8**, void ()*, void ()*, void ()*) local_unnamed_addr declare void @__gmon_start__() local_unnamed_addr declare void @__cxa_finalize(i64*) local_unnamed_addr declare i64 @__asm_hlt() local_unnamed_addr attributes #0 = { nounwind } attributes #1 = { noreturn } attributes #2 = { norecurse nounwind readnone }

Raised by mcsema
Non-optimised:
; ModuleID = 'lifted.bc' source_filename = "llvm-link" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-pc-linux-gnu-elf" %union.anon = type { i64 } %seg_770__rodata_type = type <{ [19 x i8] }> %seg_200db8__init_array_type = type <{ i64, i64 }> %seg_200fb8__got_type = type <{ [72 x i8] }> %seg_201000__data_type = type <{ [8 x i8], i64 }> %seg_201010__bss_type = type <{ [8 x i8] }> %struct.State = type { %struct.ArchState, [32 x %union.VectorReg], %struct.ArithFlags, %union.anon, %struct.Segments, %struct.AddressSpace, %struct.GPR, %struct.X87Stack, %struct.MMX, %struct.FPUStatusFlags, %union.anon, %union.FPU, %struct.SegmentCaches } %struct.ArchState = type { i32, i32, %union.anon } %union.VectorReg = type { %union.vec512_t } %union.vec512_t = type { %struct.uint64v8_t } %struct.uint64v8_t = type { [8 x i64] } %struct.ArithFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8 } %struct.Segments = type { i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector } %union.SegmentSelector = type { i16 } %struct.AddressSpace = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.Reg = type { %union.anon } %struct.GPR = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.X87Stack = type { [8 x %struct.anon.3] } %struct.anon.3 = type { i64, double } %struct.MMX = type { [8 x %struct.anon.4] } %struct.anon.4 = type { i64, %union.vec64_t } %union.vec64_t = type { %struct.uint64v1_t } %struct.uint64v1_t = type { [1 x i64] } %struct.FPUStatusFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, [4 x i8] } %union.FPU = type { %struct.anon.13 } %struct.anon.13 = type { %struct.FpuFXSAVE, [96 x i8] } %struct.FpuFXSAVE = type { %union.SegmentSelector, %union.SegmentSelector, %union.FPUAbridgedTagWord, i8, i16, i32, %union.SegmentSelector, i16, i32, %union.SegmentSelector, i16, %union.FPUControlStatus, %union.FPUControlStatus, [8 x %struct.FPUStackElem], [16 x %union.vec128_t] } %union.FPUAbridgedTagWord = type { i8 } %union.FPUControlStatus = type { i32 } %struct.FPUStackElem = type { %union.anon.11, [6 x i8] } %union.anon.11 = type { %struct.float80_t } %struct.float80_t = type { [10 x i8] } %union.vec128_t = type { %struct.uint128v1_t } %struct.uint128v1_t = type { [1 x i128] } %struct.SegmentCaches = type { %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow } %struct.SegmentShadow = type { %union.anon, i32, i32 } %struct.Memory = type opaque @DR0 = external global i64, align 8 @DR1 = external global i64, align 8 @DR2 = external global i64, align 8 @DR3 = external global i64, align 8 @DR4 = external global i64, align 8 @DR5 = external global i64, align 8 @DR6 = external global i64, align 8 @DR7 = external global i64, align 8 @gCR0 = external global %union.anon, align 1 @gCR1 = external global %union.anon, align 1 @gCR2 = external global %union.anon, align 1 @gCR3 = external global %union.anon, align 1 @gCR4 = external global %union.anon, align 1 @gCR8 = external global %union.anon, align 1 @seg_770__rodata = internal constant %seg_770__rodata_type <{ [19 x i8] c"\01\00\02\00%d is a prime\0A\00" }> @seg_200db8__init_array = internal global %seg_200db8__init_array_type <{ i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_640_frame_dummy to i64), i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_600___do_global_dtors_aux to i64) }> @seg_200fb8__got = internal global %seg_200fb8__got_type <{ [72 x i8] c"\C8\0D \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00&\05\00\00\00\00\00\00@\14 \00\00\00\00\00H\14 \00\00\00\00\00P\14 \00\00\00\00\00X\14 \00\00\00\00\00`\14 \00\00\00\00\00" }> @seg_201000__data = internal global %seg_201000__data_type <{ [8 x i8] zeroinitializer, i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) }> @seg_201010__bss = internal global %seg_201010__bss_type zeroinitializer @__mcsema_reg_state = internal thread_local global %struct.State zeroinitializer @__mcsema_stack = internal thread_local global [131072 x i64] zeroinitializer @__mcsema_tls = internal thread_local global [512 x i64] zeroinitializer @0 = internal global i1 false @llvm.global_ctors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_constructor, i8* null }] @llvm.global_dtors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_destructor, i8* null }] ; Function Attrs: nounwind readnone declare i32 @llvm.ctpop.i32(i32) #0 ; Function Attrs: noduplicate noinline nounwind optnone define %struct.Memory* @__remill_error(%struct.State* dereferenceable(3376), i64, %struct.Memory*) local_unnamed_addr #1 { call void @llvm.trap() unreachable } ; Function Attrs: noinline declare x86_64_sysvcc i64 @printf() local_unnamed_addr #2 ; Function Attrs: noinline nounwind define %struct.Memory* @sub_764__fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #3 { block_764: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, -8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %9 = xor i64 %6, %5 %10 = lshr i64 %9, 4 %11 = trunc i64 %10 to i8 %12 = and i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %15 = lshr i64 %6, 63 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = lshr i64 %5, 63 %18 = xor i64 %15, %17 %19 = add nuw nsw i64 %18, %17 %20 = icmp eq i64 %19, 2 %21 = zext i1 %20 to i8 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %23 = icmp ult i64 %5, 8 %24 = zext i1 %23 to i8 store i8 %24, i8* %7, align 1, !tbaa !1261 %25 = trunc i64 %5 to i32 %26 = and i32 %25, 255 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #9 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %8, align 1, !tbaa !1278 store i8 %12, i8* %13, align 1, !tbaa !1279 %31 = icmp eq i64 %5, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %14, align 1, !tbaa !1280 %33 = trunc i64 %17 to i8 store i8 %33, i8* %16, align 1, !tbaa !1281 store i8 %21, i8* %22, align 1, !tbaa !1282 %34 = inttoptr i64 %5 to i64* %35 = load i64, i64* %34 store i64 %35, i64* %3, align 8, !tbaa !1283 %36 = add i64 %5, 8 store i64 %36, i64* %4, align 8, !tbaa !1283 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_6f0___libc_csu_init(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_6f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 27, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 3, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %11 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 25, i32 0, i32 0 %15 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 29, i32 0, i32 0 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 31, i32 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = load i64, i64* %12, align 8, !tbaa !1283 %20 = add i64 %19, -8 %21 = inttoptr i64 %20 to i64* store i64 %18, i64* %21 %22 = load i64, i64* %16, align 8 %23 = add i64 %19, -16 %24 = inttoptr i64 %23 to i64* store i64 %22, i64* %24 %25 = load i64, i64* %9, align 8 store i64 %25, i64* %17, align 8, !tbaa !1283 %26 = load i64, i64* %15, align 8 %27 = add i64 %19, -24 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28 %29 = load i64, i64* %14, align 8 %30 = add i64 %19, -32 %31 = inttoptr i64 %30 to i64* store i64 %29, i64* %31 store i64 ptrtoint (%seg_200db8__init_array_type* @seg_200db8__init_array to i64), i64* %14, align 8, !tbaa !1283 %32 = load i64, i64* %13, align 8 %33 = add i64 %19, -40 %34 = inttoptr i64 %33 to i64* store i64 %32, i64* %34 %35 = load i64, i64* %8, align 8 %36 = add i64 %19, -48 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37 %38 = load i32, i32* %5, align 4 %39 = zext i32 %38 to i64 store i64 %39, i64* %15, align 8, !tbaa !1283 %40 = load i64, i64* %10, align 8 store i64 %40, i64* %16, align 8, !tbaa !1283 %41 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %42 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %43 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %44 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %45 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 ashr (i64 sub (i64 add (i64 ptrtoint (%seg_200db8__init_array_type* @seg_200db8__init_array to i64), i64 8), i64 ptrtoint (%seg_200db8__init_array_type* @seg_200db8__init_array to i64)), i64 3), i64* %13, align 8, !tbaa !1283 %47 = add i64 %1, -512 %48 = add i64 %1, 49 %49 = add i64 %19, -64 %50 = inttoptr i64 %49 to i64* store i64 %48, i64* %50 store i64 %49, i64* %12, align 8, !tbaa !1283 %51 = tail call %struct.Memory* @sub_4f0__init(%struct.State* nonnull %0, i64 %47, %struct.Memory* %2) %52 = load i64, i64* %13, align 8 %53 = load i64, i64* %3, align 8 %54 = icmp eq i64 %52, 0 %55 = select i1 %54, i64 37, i64 5 %56 = add i64 %53, %55 br i1 %54, label %block_746, label %block_726 block_746.loopexit: ; preds = %block_730 br label %block_746 block_746: ; preds = %block_746.loopexit, %block_6f0 %57 = phi %struct.Memory* [ %51, %block_6f0 ], [ %118, %block_746.loopexit ] %58 = load i64, i64* %12, align 8 %59 = add i64 %58, 8 %60 = icmp ugt i64 %58, -9 %61 = zext i1 %60 to i8 store i8 %61, i8* %41, align 1, !tbaa !1261 %62 = trunc i64 %59 to i32 %63 = and i32 %62, 255 %64 = tail call i32 @llvm.ctpop.i32(i32 %63) #9 %65 = trunc i32 %64 to i8 %66 = and i8 %65, 1 %67 = xor i8 %66, 1 store i8 %67, i8* %42, align 1, !tbaa !1278 %68 = xor i64 %59, %58 %69 = lshr i64 %68, 4 %70 = trunc i64 %69 to i8 %71 = and i8 %70, 1 store i8 %71, i8* %43, align 1, !tbaa !1279 %72 = icmp eq i64 %59, 0 %73 = zext i1 %72 to i8 store i8 %73, i8* %44, align 1, !tbaa !1280 %74 = lshr i64 %59, 63 %75 = trunc i64 %74 to i8 store i8 %75, i8* %45, align 1, !tbaa !1281 %76 = lshr i64 %58, 63 %77 = xor i64 %74, %76 %78 = add nuw nsw i64 %77, %74 %79 = icmp eq i64 %78, 2 %80 = zext i1 %79 to i8 store i8 %80, i8* %46, align 1, !tbaa !1282 %81 = add i64 %58, 16 %82 = inttoptr i64 %59 to i64* %83 = load i64, i64* %82 store i64 %83, i64* %8, align 8, !tbaa !1283 %84 = add i64 %58, 24 %85 = inttoptr i64 %81 to i64* %86 = load i64, i64* %85 store i64 %86, i64* %13, align 8, !tbaa !1283 %87 = add i64 %58, 32 %88 = inttoptr i64 %84 to i64* %89 = load i64, i64* %88 store i64 %89, i64* %14, align 8, !tbaa !1283 %90 = add i64 %58, 40 %91 = inttoptr i64 %87 to i64* %92 = load i64, i64* %91 store i64 %92, i64* %15, align 8, !tbaa !1283 %93 = add i64 %58, 48 %94 = inttoptr i64 %90 to i64* %95 = load i64, i64* %94 store i64 %95, i64* %16, align 8, !tbaa !1283 %96 = add i64 %58, 56 %97 = inttoptr i64 %93 to i64* %98 = load i64, i64* %97 store i64 %98, i64* %17, align 8, !tbaa !1283 %99 = inttoptr i64 %96 to i64* %100 = load i64, i64* %99 store i64 %100, i64* %3, align 8, !tbaa !1283 %101 = add i64 %58, 64 store i64 %101, i64* %12, align 8, !tbaa !1283 ret %struct.Memory* %57 block_730: ; preds = %block_726, %block_730 %102 = phi i64 [ 0, %block_726 ], [ %121, %block_730 ] %103 = phi i64 [ %150, %block_726 ], [ %149, %block_730 ] %104 = phi %struct.Memory* [ %51, %block_726 ], [ %118, %block_730 ] %105 = load i64, i64* %17, align 8 store i64 %105, i64* %9, align 8, !tbaa !1283 %106 = load i64, i64* %16, align 8 store i64 %106, i64* %10, align 8, !tbaa !1283 %107 = load i32, i32* %7, align 4 %108 = zext i32 %107 to i64 store i64 %108, i64* %11, align 8, !tbaa !1283 %109 = load i64, i64* %14, align 8 %110 = shl i64 %102, 3 %111 = add i64 %110, %109 %112 = add i64 %103, 13 %113 = load i64, i64* %12, align 8, !tbaa !1283 %114 = add i64 %113, -8 %115 = inttoptr i64 %114 to i64* store i64 %112, i64* %115 store i64 %114, i64* %12, align 8, !tbaa !1283 %116 = inttoptr i64 %111 to i64* %117 = load i64, i64* %116 store i64 %117, i64* %3, align 8, !tbaa !1283 %118 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %117, %struct.Memory* %104) %119 = load i64, i64* %8, align 8 %120 = load i64, i64* %3, align 8 %121 = add i64 %119, 1 store i64 %121, i64* %8, align 8, !tbaa !1283 %122 = lshr i64 %121, 63 %123 = load i64, i64* %13, align 8 %124 = sub i64 %123, %121 %125 = icmp ult i64 %123, %121 %126 = zext i1 %125 to i8 store i8 %126, i8* %41, align 1, !tbaa !1261 %127 = trunc i64 %124 to i32 %128 = and i32 %127, 255 %129 = tail call i32 @llvm.ctpop.i32(i32 %128) #9 %130 = trunc i32 %129 to i8 %131 = and i8 %130, 1 %132 = xor i8 %131, 1 store i8 %132, i8* %42, align 1, !tbaa !1278 %133 = xor i64 %121, %123 %134 = xor i64 %133, %124 %135 = lshr i64 %134, 4 %136 = trunc i64 %135 to i8 %137 = and i8 %136, 1 store i8 %137, i8* %43, align 1, !tbaa !1279 %138 = icmp eq i64 %124, 0 %139 = zext i1 %138 to i8 store i8 %139, i8* %44, align 1, !tbaa !1280 %140 = lshr i64 %124, 63 %141 = trunc i64 %140 to i8 store i8 %141, i8* %45, align 1, !tbaa !1281 %142 = lshr i64 %123, 63 %143 = xor i64 %122, %142 %144 = xor i64 %140, %142 %145 = add nuw nsw i64 %144, %143 %146 = icmp eq i64 %145, 2 %147 = zext i1 %146 to i8 store i8 %147, i8* %46, align 1, !tbaa !1282 %148 = select i1 %138, i64 9, i64 -13 %149 = add i64 %120, %148 br i1 %138, label %block_746.loopexit, label %block_730 block_726: ; preds = %block_6f0 store i64 0, i64* %8, align 8, !tbaa !1283 store i8 0, i8* %41, align 1, !tbaa !1261 store i8 1, i8* %42, align 1, !tbaa !1278 store i8 1, i8* %44, align 1, !tbaa !1280 store i8 0, i8* %45, align 1, !tbaa !1281 store i8 0, i8* %46, align 1, !tbaa !1282 store i8 0, i8* %43, align 1, !tbaa !1279 %150 = add i64 %56, 10 br label %block_730 } ; Function Attrs: noinline define %struct.Memory* @sub_68e_main(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #4 { block_68e: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %10 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %13 = load i64, i64* %12, align 8 %14 = load i64, i64* %11, align 8, !tbaa !1283 %15 = add i64 %14, -8 %16 = inttoptr i64 %15 to i64* store i64 %13, i64* %16 store i64 %15, i64* %12, align 8, !tbaa !1283 %17 = add i64 %14, -40 store i64 %17, i64* %11, align 8, !tbaa !1283 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %21 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %23 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %24 = add i64 %14, -28 %25 = load i32, i32* %7, align 4 %26 = inttoptr i64 %24 to i32* store i32 %25, i32* %26 %27 = add i64 %14, -40 %28 = load i64, i64* %9, align 8 %29 = inttoptr i64 %27 to i64* store i64 %28, i64* %29 %30 = add i64 %14, -12 %31 = inttoptr i64 %30 to i32* store i32 0, i32* %31 %32 = add i64 %1, 64 br label %block_6ce block_6ce: ; preds = %block_6ca, %block_68e %33 = phi i64 [ %32, %block_68e ], [ %75, %block_6ca ] %34 = phi i64 [ %15, %block_68e ], [ %73, %block_6ca ] %35 = phi %struct.Memory* [ %2, %block_68e ], [ %72, %block_6ca ] %36 = add i64 %34, -20 %37 = inttoptr i64 %36 to i32* %38 = load i32, i32* %37 %39 = add i32 %38, 10000 %40 = lshr i32 %39, 31 %41 = add i64 %34, -4 %42 = inttoptr i64 %41 to i32* %43 = load i32, i32* %42 %44 = sub i32 %43, %39 %45 = icmp ult i32 %43, %39 %46 = zext i1 %45 to i8 store i8 %46, i8* %18, align 1, !tbaa !1261 %47 = and i32 %44, 255 %48 = tail call i32 @llvm.ctpop.i32(i32 %47) #9 %49 = trunc i32 %48 to i8 %50 = and i8 %49, 1 %51 = xor i8 %50, 1 store i8 %51, i8* %19, align 1, !tbaa !1278 %52 = xor i32 %43, %39 %53 = xor i32 %52, %44 %54 = lshr i32 %53, 4 %55 = trunc i32 %54 to i8 %56 = and i8 %55, 1 store i8 %56, i8* %20, align 1, !tbaa !1279 %57 = icmp eq i32 %44, 0 %58 = zext i1 %57 to i8 store i8 %58, i8* %21, align 1, !tbaa !1280 %59 = lshr i32 %44, 31 %60 = trunc i32 %59 to i8 store i8 %60, i8* %22, align 1, !tbaa !1281 %61 = lshr i32 %43, 31 %62 = xor i32 %61, %40 %63 = xor i32 %59, %61 %64 = add nuw nsw i32 %63, %62 %65 = icmp eq i32 %64, 2 %66 = zext i1 %65 to i8 store i8 %66, i8* %23, align 1, !tbaa !1282 %67 = icmp ne i8 %60, 0 %68 = xor i1 %67, %65 %69 = select i1 %68, i64 -40, i64 13 %70 = add i64 %33, %69 br i1 %68, label %block_6a6, label %block_6db block_6ca: ; preds = %block_6a6, %block_6b4 %71 = phi i64 [ %104, %block_6a6 ], [ %92, %block_6b4 ] %72 = phi %struct.Memory* [ %99, %block_6a6 ], [ %99, %block_6b4 ] %73 = load i64, i64* %12, align 8 %74 = add i64 %73, -4 %75 = add i64 %71, 4 %76 = inttoptr i64 %74 to i32* %77 = load i32, i32* %76 %78 = add i32 %77, 1 %79 = inttoptr i64 %74 to i32* store i32 %78, i32* %79 br label %block_6ce block_6b4: ; preds = %block_6a6 %80 = load i64, i64* %12, align 8 %81 = add i64 %80, -4 %82 = inttoptr i64 %81 to i32* %83 = load i32, i32* %82 %84 = zext i32 %83 to i64 store i64 %84, i64* %9, align 8, !tbaa !1283 store i64 add (i64 ptrtoint (%seg_770__rodata_type* @seg_770__rodata to i64), i64 4), i64* %10, align 8, !tbaa !1283 %85 = add i64 %104, 22 %86 = load i64, i64* %11, align 8, !tbaa !1283 %87 = add i64 %86, -8 %88 = inttoptr i64 %87 to i64* store i64 %85, i64* %88 %89 = inttoptr i64 %87 to i64* %90 = load i64, i64* %89 store i64 %90, i64* %3, align 8, !alias.scope !1284, !noalias !1287 store i64 %86, i64* %11, align 8, !alias.scope !1284, !noalias !1287 %91 = tail call i64 @printf(), !noalias !1284 %92 = load i64, i64* %3, align 8 br label %block_6ca block_6a6: ; preds = %block_6ce %93 = zext i32 %43 to i64 store i64 %93, i64* %10, align 8, !tbaa !1283 %94 = add i64 %70, -92 %95 = add i64 %70, 10 %96 = load i64, i64* %11, align 8, !tbaa !1283 %97 = add i64 %96, -8 %98 = inttoptr i64 %97 to i64* store i64 %95, i64* %98 store i64 %97, i64* %11, align 8, !tbaa !1283 %99 = tail call %struct.Memory* @sub_64a_isPrime(%struct.State* nonnull %0, i64 %94, %struct.Memory* %35) %100 = load i32, i32* %5, align 4 %101 = load i64, i64* %3, align 8 %102 = icmp eq i32 %100, 0 %103 = select i1 %102, i64 26, i64 4 %104 = add i64 %101, %103 br i1 %102, label %block_6ca, label %block_6b4 block_6db: ; preds = %block_6ce store i64 0, i64* %8, align 8, !tbaa !1283 %105 = inttoptr i64 %34 to i64* %106 = load i64, i64* %105 store i64 %106, i64* %12, align 8, !tbaa !1283 %107 = add i64 %34, 8 %108 = inttoptr i64 %107 to i64* %109 = load i64, i64* %108 store i64 %109, i64* %3, align 8, !tbaa !1283 %110 = add i64 %34, 16 store i64 %110, i64* %11, align 8, !tbaa !1283 ret %struct.Memory* %35 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_64a_isPrime(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_64a: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %11 = load i64, i64* %10, align 8 %12 = load i64, i64* %9, align 8, !tbaa !1283 %13 = add i64 %12, -8 %14 = inttoptr i64 %13 to i64* store i64 %11, i64* %14 store i64 %13, i64* %9, align 8, !tbaa !1283 store i64 %13, i64* %10, align 8, !tbaa !1283 %15 = add i64 %12, -28 %16 = load i32, i32* %7, align 4 %17 = inttoptr i64 %15 to i32* store i32 %16, i32* %17 %18 = inttoptr i64 %15 to i32* %19 = load i32, i32* %18 %20 = add i32 %19, -1 %21 = icmp eq i32 %19, 0 %22 = zext i1 %21 to i8 %23 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 %22, i8* %23, align 1, !tbaa !1261 %24 = and i32 %20, 255 %25 = tail call i32 @llvm.ctpop.i32(i32 %24) #9 %26 = trunc i32 %25 to i8 %27 = and i8 %26, 1 %28 = xor i8 %27, 1 %29 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %28, i8* %29, align 1, !tbaa !1278 %30 = xor i32 %20, %19 %31 = lshr i32 %30, 4 %32 = trunc i32 %31 to i8 %33 = and i8 %32, 1 %34 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 %33, i8* %34, align 1, !tbaa !1279 %35 = icmp eq i32 %20, 0 %36 = zext i1 %35 to i8 %37 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %36, i8* %37, align 1, !tbaa !1280 %38 = lshr i32 %20, 31 %39 = trunc i32 %38 to i8 %40 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %39, i8* %40, align 1, !tbaa !1281 %41 = lshr i32 %19, 31 %42 = xor i32 %38, %41 %43 = add nuw nsw i32 %42, %41 %44 = icmp eq i32 %43, 2 %45 = zext i1 %44 to i8 %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 %45, i8* %46, align 1, !tbaa !1282 %47 = icmp ne i8 %39, 0 %48 = xor i1 %47, %44 %49 = or i1 %35, %48 %50 = select i1 %49, i64 13, i64 20 %51 = add i64 %50, %1 br i1 %49, label %block_657, label %block_65e block_687: ; preds = %block_67f store i64 1, i64* %8, align 8, !tbaa !1283 br label %block_68c block_67b: ; preds = %_ZN12_GLOBAL__N_1L10IDIVedxeaxI2MnIjEEEP6MemoryS4_R5StateT_.exit %52 = load i64, i64* %10, align 8 %53 = add i64 %52, -4 %54 = add i64 %91, 4 %55 = inttoptr i64 %53 to i32* %56 = load i32, i32* %55 %57 = add i32 %56, 1 %58 = inttoptr i64 %53 to i32* store i32 %57, i32* %58 br label %block_67f block_667: ; preds = %block_67f %59 = zext i32 %100 to i64 store i64 %59, i64* %8, align 8, !tbaa !1283 %60 = sext i32 %100 to i64 %61 = lshr i64 %60, 32 store i64 %61, i64* %132, align 8, !tbaa !1283 %62 = add i64 %128, 7 store i64 %62, i64* %3, align 8 %63 = sext i32 %97 to i64 %64 = shl nuw i64 %61, 32 %65 = or i64 %64, %59 %66 = sdiv i64 %65, %63 %67 = shl i64 %66, 32 %68 = ashr exact i64 %67, 32 %69 = icmp eq i64 %66, %68 br i1 %69, label %74, label %70 ; <label>:70: ; preds = %block_667 %71 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull dereferenceable(3376) %0, i64 %62, %struct.Memory* %94) #12 %72 = load i32, i32* %5, align 4 %73 = load i64, i64* %3, align 8 br label %_ZN12_GLOBAL__N_1L10IDIVedxeaxI2MnIjEEEP6MemoryS4_R5StateT_.exit ; <label>:74: ; preds = %block_667 %75 = srem i64 %65, %63 %76 = and i64 %75, 4294967295 store i64 %76, i64* %133, align 8, !tbaa !1283 %77 = trunc i64 %75 to i32 br label %_ZN12_GLOBAL__N_1L10IDIVedxeaxI2MnIjEEEP6MemoryS4_R5StateT_.exit _ZN12_GLOBAL__N_1L10IDIVedxeaxI2MnIjEEEP6MemoryS4_R5StateT_.exit: ; preds = %74, %70 %78 = phi i64 [ %73, %70 ], [ %62, %74 ] %79 = phi i32 [ %72, %70 ], [ %77, %74 ] %80 = phi %struct.Memory* [ %71, %70 ], [ %94, %74 ] store i8 0, i8* %23, align 1, !tbaa !1261 %81 = and i32 %79, 255 %82 = tail call i32 @llvm.ctpop.i32(i32 %81) #9 %83 = trunc i32 %82 to i8 %84 = and i8 %83, 1 %85 = xor i8 %84, 1 store i8 %85, i8* %29, align 1, !tbaa !1278 %86 = icmp eq i32 %79, 0 %87 = zext i1 %86 to i8 store i8 %87, i8* %37, align 1, !tbaa !1280 %88 = lshr i32 %79, 31 %89 = trunc i32 %88 to i8 store i8 %89, i8* %40, align 1, !tbaa !1281 store i8 0, i8* %46, align 1, !tbaa !1282 store i8 0, i8* %34, align 1, !tbaa !1279 %90 = select i1 %86, i64 6, i64 13 %91 = add i64 %78, %90 br i1 %86, label %block_674, label %block_67b block_67f: ; preds = %block_65e, %block_67b %92 = phi i64 [ %131, %block_65e ], [ %54, %block_67b ] %93 = phi i64 [ %13, %block_65e ], [ %52, %block_67b ] %94 = phi %struct.Memory* [ %2, %block_65e ], [ %80, %block_67b ] %95 = add i64 %93, -4 %96 = inttoptr i64 %95 to i32* %97 = load i32, i32* %96 %98 = add i64 %93, -20 %99 = inttoptr i64 %98 to i32* %100 = load i32, i32* %99 %101 = sub i32 %97, %100 %102 = icmp ult i32 %97, %100 %103 = zext i1 %102 to i8 store i8 %103, i8* %23, align 1, !tbaa !1261 %104 = and i32 %101, 255 %105 = tail call i32 @llvm.ctpop.i32(i32 %104) #9 %106 = trunc i32 %105 to i8 %107 = and i8 %106, 1 %108 = xor i8 %107, 1 store i8 %108, i8* %29, align 1, !tbaa !1278 %109 = xor i32 %100, %97 %110 = xor i32 %109, %101 %111 = lshr i32 %110, 4 %112 = trunc i32 %111 to i8 %113 = and i8 %112, 1 store i8 %113, i8* %34, align 1, !tbaa !1279 %114 = icmp eq i32 %101, 0 %115 = zext i1 %114 to i8 store i8 %115, i8* %37, align 1, !tbaa !1280 %116 = lshr i32 %101, 31 %117 = trunc i32 %116 to i8 store i8 %117, i8* %40, align 1, !tbaa !1281 %118 = lshr i32 %97, 31 %119 = lshr i32 %100, 31 %120 = xor i32 %119, %118 %121 = xor i32 %116, %118 %122 = add nuw nsw i32 %121, %120 %123 = icmp eq i32 %122, 2 %124 = zext i1 %123 to i8 store i8 %124, i8* %46, align 1, !tbaa !1282 %125 = icmp ne i8 %117, 0 %126 = xor i1 %125, %123 %127 = select i1 %126, i64 -24, i64 8 %128 = add i64 %92, %127 br i1 %126, label %block_667, label %block_687 block_674: ; preds = %_ZN12_GLOBAL__N_1L10IDIVedxeaxI2MnIjEEEP6MemoryS4_R5StateT_.exit store i64 0, i64* %8, align 8, !tbaa !1283 br label %block_68c block_65e: ; preds = %block_64a %129 = add i64 %12, -12 %130 = inttoptr i64 %129 to i32* store i32 2, i32* %130 %131 = add i64 %51, 33 %132 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %133 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 br label %block_67f block_657: ; preds = %block_64a store i64 0, i64* %8, align 8, !tbaa !1283 br label %block_68c block_68c: ; preds = %block_657, %block_674, %block_687 %134 = phi %struct.Memory* [ %80, %block_674 ], [ %94, %block_687 ], [ %2, %block_657 ] %135 = load i64, i64* %9, align 8, !tbaa !1283 %136 = add i64 %135, 8 %137 = inttoptr i64 %135 to i64* %138 = load i64, i64* %137 store i64 %138, i64* %10, align 8, !tbaa !1283 %139 = inttoptr i64 %136 to i64* %140 = load i64, i64* %139 store i64 %140, i64* %3, align 8, !tbaa !1283 %141 = add i64 %135, 16 store i64 %141, i64* %9, align 8, !tbaa !1283 ret %struct.Memory* %134 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5b0_register_tm_clones(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_5f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %6, align 8, !tbaa !1283 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1283 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 0, i64* %4, align 8, !tbaa !1283 store i64 0, i64* %5, align 8, !tbaa !1283 store i8 0, i8* %13, align 1, !tbaa !1289 store i8 1, i8* %14, align 1, !tbaa !1289 store i8 0, i8* %15, align 1, !tbaa !1289 store i8 1, i8* %16, align 1, !tbaa !1289 store i8 0, i8* %17, align 1, !tbaa !1289 store i8 0, i8* %18, align 1, !tbaa !1289 %19 = inttoptr i64 %11 to i64* %20 = load i64, i64* %19 store i64 %20, i64* %8, align 8, !tbaa !1283 %21 = inttoptr i64 %10 to i64* %22 = load i64, i64* %21 store i64 %22, i64* %3, align 8, !tbaa !1283 %23 = add i64 %10, 8 store i64 %23, i64* %7, align 8, !tbaa !1283 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_570_deregister_tm_clones(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_5a0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %5, align 8, !tbaa !1283 %8 = load i64, i64* %7, align 8 %9 = load i64, i64* %6, align 8, !tbaa !1283 %10 = add i64 %9, -8 %11 = inttoptr i64 %10 to i64* store i64 %8, i64* %11 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %4, align 8, !tbaa !1283 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %12, align 1, !tbaa !1261 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 1, i8* %13, align 1, !tbaa !1278 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 and (i8 trunc (i64 lshr (i64 xor (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64)), i64 4) to i8), i8 1), i8* %14, align 1, !tbaa !1279 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 1, i8* %15, align 1, !tbaa !1280 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 0, i8* %16, align 1, !tbaa !1281 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 zext (i1 icmp eq (i64 add (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 xor (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63))), i64 2) to i8), i8* %17, align 1, !tbaa !1282 %18 = inttoptr i64 %10 to i64* %19 = load i64, i64* %18 store i64 %19, i64* %7, align 8, !tbaa !1283 %20 = inttoptr i64 %9 to i64* %21 = load i64, i64* %20 store i64 %21, i64* %3, align 8, !tbaa !1283 %22 = add i64 %9, 8 store i64 %22, i64* %6, align 8, !tbaa !1283 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_760___libc_csu_fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #3 { block_760: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8, !tbaa !1283 %6 = inttoptr i64 %5 to i64* %7 = load i64, i64* %6 store i64 %7, i64* %3, align 8, !tbaa !1283 %8 = add i64 %5, 8 store i64 %8, i64* %4, align 8, !tbaa !1283 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_540__start(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_540: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 store i64 0, i64* %10, align 8, !tbaa !1283 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %19 = load i64, i64* %6, align 8 store i64 %19, i64* %12, align 8, !tbaa !1283 %20 = load i64, i64* %9, align 8, !tbaa !1283 %21 = add i64 %20, 8 %22 = inttoptr i64 %20 to i64* %23 = load i64, i64* %22 store i64 %23, i64* %7, align 8, !tbaa !1283 store i64 %21, i64* %6, align 8, !tbaa !1283 %24 = and i64 %21, -16 store i8 0, i8* %13, align 1, !tbaa !1261 %25 = trunc i64 %21 to i32 %26 = and i32 %25, 240 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #9 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %14, align 1, !tbaa !1278 %31 = icmp eq i64 %24, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %15, align 1, !tbaa !1280 %33 = lshr i64 %21, 63 %34 = trunc i64 %33 to i8 store i8 %34, i8* %16, align 1, !tbaa !1281 store i8 0, i8* %17, align 1, !tbaa !1282 store i8 0, i8* %18, align 1, !tbaa !1279 %35 = load i64, i64* %4, align 8 %36 = add i64 %24, -8 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37 %38 = add i64 %24, -16 %39 = inttoptr i64 %38 to i64* store i64 %36, i64* %39 store i64 ptrtoint (i64 ()* @callback_sub_760___libc_csu_fini to i64), i64* %11, align 8, !tbaa !1283 store i64 ptrtoint (i64 ()* @callback_sub_6f0___libc_csu_init to i64), i64* %5, align 8, !tbaa !1283 store i64 ptrtoint (i64 (i64, i64, i64)* @main to i64), i64* %8, align 8, !tbaa !1283 %40 = add i64 %1, 42 %41 = add i64 %24, -24 %42 = inttoptr i64 %41 to i64* store i64 %40, i64* %42 store i64 %41, i64* %9, align 8, !tbaa !1283 %43 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb8__got_type* @seg_200fb8__got to i64), i64 40) to i64*) store i64 %43, i64* %3, align 8, !tbaa !1283 %44 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %43, %struct.Memory* %2) %45 = load i64, i64* %3, align 8 %46 = add i64 %45, 1 store i64 %46, i64* %3, align 8 %47 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull %0, i64 %46, %struct.Memory* %44) ret %struct.Memory* %47 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_640_frame_dummy(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_640: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = load i64, i64* %3, align 8, !tbaa !1283 %7 = add i64 %6, -8 %8 = inttoptr i64 %7 to i64* store i64 %5, i64* %8 %9 = inttoptr i64 %7 to i64* %10 = load i64, i64* %9 store i64 %10, i64* %4, align 8, !tbaa !1283 store i64 %6, i64* %3, align 8, !tbaa !1283 %11 = add i64 %1, -144 %12 = tail call %struct.Memory* @sub_5b0_register_tm_clones(%struct.State* nonnull %0, i64 %11, %struct.Memory* %2) ret %struct.Memory* %12 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_530_targ530(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_530: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb8__got_type* @seg_200fb8__got to i64), i64 64) to i64*) store i64 %4, i64* %3, align 8, !tbaa !1283 %5 = icmp eq i64 %4, 1334 br i1 %5, label %block_536, label %7 block_536: ; preds = %block_530 %6 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull %0, i64 1334, %struct.Memory* %2) ret %struct.Memory* %6 ; <label>:7: ; preds = %block_530 %8 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %4, %struct.Memory* %2) ret %struct.Memory* %8 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_600___do_global_dtors_aux(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_600: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %6 = load i8, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i32 0, i32 0, i32 0) %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %7, align 1, !tbaa !1261 %8 = zext i8 %6 to i32 %9 = tail call i32 @llvm.ctpop.i32(i32 %8) #9 %10 = trunc i32 %9 to i8 %11 = and i8 %10, 1 %12 = xor i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %12, i8* %13, align 1, !tbaa !1278 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 0, i8* %14, align 1, !tbaa !1279 %15 = icmp eq i8 %6, 0 %16 = zext i1 %15 to i8 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %16, i8* %17, align 1, !tbaa !1280 %18 = lshr i8 %6, 7 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %18, i8* %19, align 1, !tbaa !1281 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 0, i8* %20, align 1, !tbaa !1282 %21 = select i1 %15, i64 9, i64 56 %22 = add i64 %21, %1 %23 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 br i1 %15, label %block_609, label %block_638 block_617: ; preds = %block_609 %24 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) to i64*) store i64 %24, i64* %4, align 8, !tbaa !1283 %25 = add i64 %48, -231 %26 = add i64 %48, 12 %27 = add i64 %44, -16 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28 store i64 %27, i64* %23, align 8, !tbaa !1283 %29 = tail call %struct.Memory* @sub_530_targ530(%struct.State* nonnull %0, i64 %25, %struct.Memory* %2) %30 = load i64, i64* %3, align 8 %31 = load i64, i64* %23, align 8, !tbaa !1283 br label %block_623 block_609: ; preds = %block_600 %32 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb8__got_type* @seg_200fb8__got to i64), i64 64) to i64*) store i8 0, i8* %7, align 1, !tbaa !1261 %33 = trunc i64 %32 to i32 %34 = and i32 %33, 255 %35 = tail call i32 @llvm.ctpop.i32(i32 %34) #9 %36 = trunc i32 %35 to i8 %37 = and i8 %36, 1 %38 = xor i8 %37, 1 store i8 %38, i8* %13, align 1, !tbaa !1278 store i8 0, i8* %14, align 1, !tbaa !1279 %39 = icmp eq i64 %32, 0 %40 = zext i1 %39 to i8 store i8 %40, i8* %17, align 1, !tbaa !1280 %41 = lshr i64 %32, 63 %42 = trunc i64 %41 to i8 store i8 %42, i8* %19, align 1, !tbaa !1281 store i8 0, i8* %20, align 1, !tbaa !1282 %43 = load i64, i64* %5, align 8 %44 = load i64, i64* %23, align 8, !tbaa !1283 %45 = add i64 %44, -8 %46 = inttoptr i64 %45 to i64* store i64 %43, i64* %46 store i64 %45, i64* %5, align 8, !tbaa !1283 %47 = select i1 %39, i64 26, i64 14 %48 = add i64 %22, %47 br i1 %39, label %block_623, label %block_617 block_638: ; preds = %block_600 %49 = load i64, i64* %23, align 8, !tbaa !1283 %50 = inttoptr i64 %49 to i64* %51 = load i64, i64* %50 store i64 %51, i64* %3, align 8, !tbaa !1283 %52 = add i64 %49, 8 store i64 %52, i64* %23, align 8, !tbaa !1283 ret %struct.Memory* %2 block_623: ; preds = %block_609, %block_617 %53 = phi i64 [ %45, %block_609 ], [ %31, %block_617 ] %54 = phi i64 [ %48, %block_609 ], [ %30, %block_617 ] %55 = phi %struct.Memory* [ %2, %block_609 ], [ %29, %block_617 ] %56 = add i64 %54, -179 %57 = add i64 %54, 5 %58 = add i64 %53, -8 %59 = inttoptr i64 %58 to i64* store i64 %57, i64* %59 store i64 %58, i64* %23, align 8, !tbaa !1283 %60 = tail call %struct.Memory* @sub_570_deregister_tm_clones(%struct.State* nonnull %0, i64 %56, %struct.Memory* %55) store i8 1, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i32 0, i32 0, i32 0) %61 = load i64, i64* %23, align 8, !tbaa !1283 %62 = add i64 %61, 8 %63 = inttoptr i64 %61 to i64* %64 = load i64, i64* %63 store i64 %64, i64* %5, align 8, !tbaa !1283 %65 = inttoptr i64 %62 to i64* %66 = load i64, i64* %65 store i64 %66, i64* %3, align 8, !tbaa !1283 %67 = add i64 %61, 16 store i64 %67, i64* %23, align 8, !tbaa !1283 ret %struct.Memory* %60 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4f0__init(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_4f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, -8 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %14 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb8__got_type* @seg_200fb8__got to i64), i64 48) to i64*) store i64 %14, i64* %4, align 8, !tbaa !1283 store i8 0, i8* %8, align 1, !tbaa !1261 %15 = trunc i64 %14 to i32 %16 = and i32 %15, 255 %17 = tail call i32 @llvm.ctpop.i32(i32 %16) #9 %18 = trunc i32 %17 to i8 %19 = and i8 %18, 1 %20 = xor i8 %19, 1 store i8 %20, i8* %9, align 1, !tbaa !1278 %21 = icmp eq i64 %14, 0 %22 = zext i1 %21 to i8 store i8 %22, i8* %11, align 1, !tbaa !1280 %23 = lshr i64 %14, 63 %24 = trunc i64 %23 to i8 store i8 %24, i8* %12, align 1, !tbaa !1281 store i8 0, i8* %13, align 1, !tbaa !1282 store i8 0, i8* %10, align 1, !tbaa !1279 %25 = select i1 %21, i64 18, i64 16 %26 = add i64 %25, %1 br i1 %21, label %block_502, label %block_500 block_502: ; preds = %block_500, %block_4f0 %27 = phi i64 [ %7, %block_4f0 ], [ %58, %block_500 ] %28 = phi %struct.Memory* [ %2, %block_4f0 ], [ %57, %block_500 ] %29 = add i64 %27, 8 %30 = icmp ugt i64 %27, -9 %31 = zext i1 %30 to i8 store i8 %31, i8* %8, align 1, !tbaa !1261 %32 = trunc i64 %29 to i32 %33 = and i32 %32, 255 %34 = tail call i32 @llvm.ctpop.i32(i32 %33) #9 %35 = trunc i32 %34 to i8 %36 = and i8 %35, 1 %37 = xor i8 %36, 1 store i8 %37, i8* %9, align 1, !tbaa !1278 %38 = xor i64 %29, %27 %39 = lshr i64 %38, 4 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 store i8 %41, i8* %10, align 1, !tbaa !1279 %42 = icmp eq i64 %29, 0 %43 = zext i1 %42 to i8 store i8 %43, i8* %11, align 1, !tbaa !1280 %44 = lshr i64 %29, 63 %45 = trunc i64 %44 to i8 store i8 %45, i8* %12, align 1, !tbaa !1281 %46 = lshr i64 %27, 63 %47 = xor i64 %44, %46 %48 = add nuw nsw i64 %47, %44 %49 = icmp eq i64 %48, 2 %50 = zext i1 %49 to i8 store i8 %50, i8* %13, align 1, !tbaa !1282 %51 = inttoptr i64 %29 to i64* %52 = load i64, i64* %51 store i64 %52, i64* %3, align 8, !tbaa !1283 %53 = add i64 %27, 16 store i64 %53, i64* %5, align 8, !tbaa !1283 ret %struct.Memory* %28 block_500: ; preds = %block_4f0 %54 = add i64 %26, 2 %55 = add i64 %6, -16 %56 = inttoptr i64 %55 to i64* store i64 %54, i64* %56 store i64 %55, i64* %5, align 8, !tbaa !1283 store i64 %14, i64* %3, align 8, !tbaa !1283 %57 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %14, %struct.Memory* %2) %58 = load i64, i64* %5, align 8 br label %block_502 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_640_frame_dummy(i64, i64, i64, i64, i64, i64, i64, i64) #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1600, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_640_frame_dummy(%struct.State* nonnull @__mcsema_reg_state, i64 1600, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define void @__mcsema_verify_reg_state() local_unnamed_addr #6 { entry: %0 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %1 = icmp eq i64 %0, 0 br i1 %1, label %is_null, label %end is_null: ; preds = %entry store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %end end: ; preds = %is_null, %entry ret void } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_600___do_global_dtors_aux(i64, i64, i64, i64, i64, i64, i64, i64) #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1536, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_600___do_global_dtors_aux(%struct.State* nonnull @__mcsema_reg_state, i64 1536, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: noinline nounwind define %struct.Memory* @__mcsema_detach_call_value(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #3 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 %13 = load i64, i64* %9, align 8 %14 = load i64, i64* %8, align 8 %15 = load i64, i64* %7, align 8 %16 = load i64, i64* %6, align 8 %17 = load i64, i64* %11, align 8 %18 = load i64, i64* %12, align 8 %19 = load i64, i64* %10, align 8 %20 = add i64 %19, 8 %21 = inttoptr i64 %20 to i64* %22 = load i64, i64* %21 %23 = add i64 %19, 16 %24 = inttoptr i64 %23 to i64* %25 = load i64, i64* %24 %26 = inttoptr i64 %1 to i64 (i64, i64, i64, i64, i64, i64, i64, i64)* %27 = tail call i64 %26(i64 %13, i64 %14, i64 %15, i64 %16, i64 %17, i64 %18, i64 %22, i64 %25) #9 store i64 %27, i64* %5, align 8 %28 = inttoptr i64 %19 to i64* %29 = load i64, i64* %28 store i64 %29, i64* %4, align 8 store i64 %20, i64* %10, align 8 ret %struct.Memory* %2 } ; Function Attrs: alwaysinline inlinehint define %struct.Memory* @ext_201438_printf(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #7 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i64* %9 = load i64, i64* %8 store i64 %9, i64* %4, align 8 %10 = add i64 %7, 8 store i64 %10, i64* %6, align 8 %11 = tail call i64 @printf() store i64 %11, i64* %5, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_760___libc_csu_fini() #5 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1888, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_760___libc_csu_fini(%struct.State* nonnull @__mcsema_reg_state, i64 1888, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_6f0___libc_csu_init() #5 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1776, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_6f0___libc_csu_init(%struct.State* nonnull @__mcsema_reg_state, i64 1776, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline define i64 @main(i64, i64, i64) #8 { %4 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %3 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %3 %6 = phi i64 [ %4, %3 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1678, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %7 = load volatile i1, i1* @0, align 1 br i1 %7, label %__mcsema_early_init.exit, label %8 ; <label>:8: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %8, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 %9 = add i64 %6, -8 store i64 %9, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = tail call %struct.Memory* @sub_68e_main(%struct.State* nonnull @__mcsema_reg_state, i64 1678, %struct.Memory* null) store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %11 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %11 } ; Function Attrs: nobuiltin noinline nounwind define i64 @targ530(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1328, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_530_targ530(%struct.State* nonnull @__mcsema_reg_state, i64 1328, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nobuiltin noinline nounwind define i64 @isPrime(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1610, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_64a_isPrime(%struct.State* nonnull @__mcsema_reg_state, i64 1610, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nounwind define internal void @__mcsema_constructor() #9 { %1 = load volatile i1, i1* @0, align 1 br i1 %1, label %__mcsema_early_init.exit, label %2 ; <label>:2: ; preds = %0 store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %2, %0 %3 = tail call i64 @callback_sub_6f0___libc_csu_init() ret void } ; Function Attrs: nounwind define internal void @__mcsema_destructor() #9 { %1 = tail call i64 @callback_sub_760___libc_csu_fini() ret void } ; Function Attrs: noinline optnone define %struct.State* @__mcsema_debug_get_reg_state() #10 { ret %struct.State* @__mcsema_reg_state } ; Function Attrs: noreturn nounwind declare void @llvm.trap() #11 attributes #0 = { nounwind readnone } attributes #1 = { noduplicate noinline nounwind optnone "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #2 = { noinline } attributes #3 = { noinline nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #4 = { noinline "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #5 = { nobuiltin noinline nounwind } attributes #6 = { norecurse nounwind } attributes #7 = { alwaysinline inlinehint "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #8 = { nobuiltin noinline } attributes #9 = { nounwind } attributes #10 = { noinline optnone } attributes #11 = { noreturn nounwind } attributes #12 = { alwaysinline nobuiltin nounwind } !llvm.ident = !{!0, !0} !llvm.dbg.cu = !{!1} !llvm.module.flags = !{!1259, !1260}

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "llvm-link" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-pc-linux-gnu-elf" %seg_770__rodata_type = type <{ [19 x i8] }> %seg_200db8__init_array_type = type <{ i64, i64 }> %seg_200fb8__got_type = type <{ [72 x i8] }> %seg_201000__data_type = type <{ [8 x i8], i64 }> %seg_201010__bss_type = type <{ [8 x i8] }> %struct.State = type { %struct.ArchState, [32 x %union.VectorReg], %struct.ArithFlags, %union.anon, %struct.Segments, %struct.AddressSpace, %struct.GPR, %struct.X87Stack, %struct.MMX, %struct.FPUStatusFlags, %union.anon, %union.FPU, %struct.SegmentCaches } %struct.ArchState = type { i32, i32, %union.anon } %union.VectorReg = type { %union.vec512_t } %union.vec512_t = type { %struct.uint64v8_t } %struct.uint64v8_t = type { [8 x i64] } %struct.ArithFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8 } %struct.Segments = type { i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector } %union.SegmentSelector = type { i16 } %struct.AddressSpace = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.Reg = type { %union.anon } %struct.GPR = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.X87Stack = type { [8 x %struct.anon.3] } %struct.anon.3 = type { i64, double } %struct.MMX = type { [8 x %struct.anon.4] } %struct.anon.4 = type { i64, %union.vec64_t } %union.vec64_t = type { %struct.uint64v1_t } %struct.uint64v1_t = type { [1 x i64] } %struct.FPUStatusFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, [4 x i8] } %union.anon = type { i64 } %union.FPU = type { %struct.anon.13 } %struct.anon.13 = type { %struct.FpuFXSAVE, [96 x i8] } %struct.FpuFXSAVE = type { %union.SegmentSelector, %union.SegmentSelector, %union.FPUAbridgedTagWord, i8, i16, i32, %union.SegmentSelector, i16, i32, %union.SegmentSelector, i16, %union.FPUControlStatus, %union.FPUControlStatus, [8 x %struct.FPUStackElem], [16 x %union.vec128_t] } %union.FPUAbridgedTagWord = type { i8 } %union.FPUControlStatus = type { i32 } %struct.FPUStackElem = type { %union.anon.11, [6 x i8] } %union.anon.11 = type { %struct.float80_t } %struct.float80_t = type { [10 x i8] } %union.vec128_t = type { %struct.uint128v1_t } %struct.uint128v1_t = type { [1 x i128] } %struct.SegmentCaches = type { %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow } %struct.SegmentShadow = type { %union.anon, i32, i32 } %struct.Memory = type opaque @seg_770__rodata = internal constant %seg_770__rodata_type <{ [19 x i8] c"\01\00\02\00%d is a prime\0A\00" }> @seg_200db8__init_array = internal global %seg_200db8__init_array_type <{ i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_640_frame_dummy to i64), i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_600___do_global_dtors_aux to i64) }> @seg_200fb8__got = internal global %seg_200fb8__got_type <{ [72 x i8] c"\C8\0D \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00&\05\00\00\00\00\00\00@\14 \00\00\00\00\00H\14 \00\00\00\00\00P\14 \00\00\00\00\00X\14 \00\00\00\00\00`\14 \00\00\00\00\00" }> @seg_201000__data = internal global %seg_201000__data_type <{ [8 x i8] zeroinitializer, i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) }> @seg_201010__bss = internal global %seg_201010__bss_type zeroinitializer @__mcsema_reg_state = internal thread_local global %struct.State zeroinitializer @__mcsema_stack = internal thread_local global [131072 x i64] zeroinitializer @__mcsema_tls = internal thread_local global [512 x i64] zeroinitializer @0 = internal global i1 false @llvm.global_ctors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_constructor, i8* null }] @llvm.global_dtors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_destructor, i8* null }] ; Function Attrs: nounwind readnone declare i32 @llvm.ctpop.i32(i32) #0 ; Function Attrs: noduplicate noinline noreturn nounwind optnone define %struct.Memory* @__remill_error(%struct.State* dereferenceable(3376), i64, %struct.Memory*) local_unnamed_addr #1 { call void @llvm.trap() unreachable } ; Function Attrs: noinline declare x86_64_sysvcc i64 @printf() local_unnamed_addr #2 ; Function Attrs: noinline nounwind define %struct.Memory* @sub_764__fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_764: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, -8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %9 = xor i64 %6, %5 %10 = lshr i64 %9, 4 %11 = trunc i64 %10 to i8 %12 = and i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %15 = lshr i64 %6, 63 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = lshr i64 %5, 63 %18 = xor i64 %15, %17 %19 = add nuw nsw i64 %18, %17 %20 = icmp eq i64 %19, 2 %21 = zext i1 %20 to i8 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %23 = icmp ult i64 %5, 8 %24 = zext i1 %23 to i8 store i8 %24, i8* %7, align 1, !tbaa !1261 %25 = trunc i64 %5 to i32 %26 = and i32 %25, 255 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #12 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %8, align 1, !tbaa !1278 store i8 %12, i8* %13, align 1, !tbaa !1279 %31 = icmp eq i64 %5, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %14, align 1, !tbaa !1280 %33 = trunc i64 %17 to i8 store i8 %33, i8* %16, align 1, !tbaa !1281 store i8 %21, i8* %22, align 1, !tbaa !1282 %34 = inttoptr i64 %5 to i64* %35 = load i64, i64* %34, align 8 store i64 %35, i64* %3, align 8, !tbaa !1283 %36 = add i64 %5, 8 store i64 %36, i64* %4, align 8, !tbaa !1283 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_6f0___libc_csu_init(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #3 { block_6f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 27, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 3, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %11 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 25, i32 0, i32 0 %15 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 29, i32 0, i32 0 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 31, i32 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = load i64, i64* %12, align 8, !tbaa !1283 %20 = add i64 %19, -8 %21 = inttoptr i64 %20 to i64* store i64 %18, i64* %21, align 8 %22 = load i64, i64* %16, align 8 %23 = add i64 %19, -16 %24 = inttoptr i64 %23 to i64* store i64 %22, i64* %24, align 8 %25 = load i64, i64* %9, align 8 store i64 %25, i64* %17, align 8, !tbaa !1283 %26 = load i64, i64* %15, align 8 %27 = add i64 %19, -24 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28, align 8 %29 = load i64, i64* %14, align 8 %30 = add i64 %19, -32 %31 = inttoptr i64 %30 to i64* store i64 %29, i64* %31, align 8 store i64 ptrtoint (%seg_200db8__init_array_type* @seg_200db8__init_array to i64), i64* %14, align 8, !tbaa !1283 %32 = load i64, i64* %13, align 8 %33 = add i64 %19, -40 %34 = inttoptr i64 %33 to i64* store i64 %32, i64* %34, align 8 %35 = load i64, i64* %8, align 8 %36 = add i64 %19, -48 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37, align 8 %38 = load i32, i32* %5, align 4 %39 = zext i32 %38 to i64 store i64 %39, i64* %15, align 8, !tbaa !1283 %40 = load i64, i64* %10, align 8 store i64 %40, i64* %16, align 8, !tbaa !1283 %41 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %42 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %43 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %44 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %45 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 ashr (i64 sub (i64 add (i64 ptrtoint (%seg_200db8__init_array_type* @seg_200db8__init_array to i64), i64 8), i64 ptrtoint (%seg_200db8__init_array_type* @seg_200db8__init_array to i64)), i64 3), i64* %13, align 8, !tbaa !1283 %47 = add i64 %1, -512 %48 = add i64 %1, 49 %49 = add i64 %19, -64 %50 = inttoptr i64 %49 to i64* store i64 %48, i64* %50, align 8 store i64 %49, i64* %12, align 8, !tbaa !1283 %51 = tail call %struct.Memory* @sub_4f0__init(%struct.State* nonnull %0, i64 %47, %struct.Memory* %2) %52 = load i64, i64* %13, align 8 %53 = icmp eq i64 %52, 0 br i1 %53, label %block_746, label %block_726 block_746.loopexit: ; preds = %block_730 br label %block_746 block_746: ; preds = %block_746.loopexit, %block_6f0 %54 = load i64, i64* %12, align 8 %55 = add i64 %54, 8 %56 = icmp ugt i64 %54, -9 %57 = zext i1 %56 to i8 store i8 %57, i8* %41, align 1, !tbaa !1261 %58 = trunc i64 %55 to i32 %59 = and i32 %58, 255 %60 = tail call i32 @llvm.ctpop.i32(i32 %59) #12 %61 = trunc i32 %60 to i8 %62 = and i8 %61, 1 %63 = xor i8 %62, 1 store i8 %63, i8* %42, align 1, !tbaa !1278 %64 = xor i64 %55, %54 %65 = lshr i64 %64, 4 %66 = trunc i64 %65 to i8 %67 = and i8 %66, 1 store i8 %67, i8* %43, align 1, !tbaa !1279 %68 = icmp eq i64 %55, 0 %69 = zext i1 %68 to i8 store i8 %69, i8* %44, align 1, !tbaa !1280 %70 = lshr i64 %55, 63 %71 = trunc i64 %70 to i8 store i8 %71, i8* %45, align 1, !tbaa !1281 %72 = lshr i64 %54, 63 %73 = xor i64 %70, %72 %74 = add nuw nsw i64 %73, %70 %75 = icmp eq i64 %74, 2 %76 = zext i1 %75 to i8 store i8 %76, i8* %46, align 1, !tbaa !1282 %77 = add i64 %54, 16 %78 = inttoptr i64 %55 to i64* %79 = load i64, i64* %78, align 8 store i64 %79, i64* %8, align 8, !tbaa !1283 %80 = add i64 %54, 24 %81 = inttoptr i64 %77 to i64* %82 = load i64, i64* %81, align 8 store i64 %82, i64* %13, align 8, !tbaa !1283 %83 = add i64 %54, 32 %84 = inttoptr i64 %80 to i64* %85 = load i64, i64* %84, align 8 store i64 %85, i64* %14, align 8, !tbaa !1283 %86 = add i64 %54, 40 %87 = inttoptr i64 %83 to i64* %88 = load i64, i64* %87, align 8 store i64 %88, i64* %15, align 8, !tbaa !1283 %89 = add i64 %54, 48 %90 = inttoptr i64 %86 to i64* %91 = load i64, i64* %90, align 8 store i64 %91, i64* %16, align 8, !tbaa !1283 %92 = add i64 %54, 56 %93 = inttoptr i64 %89 to i64* %94 = load i64, i64* %93, align 8 store i64 %94, i64* %17, align 8, !tbaa !1283 %95 = inttoptr i64 %92 to i64* %96 = load i64, i64* %95, align 8 store i64 %96, i64* %3, align 8, !tbaa !1283 %97 = add i64 %54, 64 store i64 %97, i64* %12, align 8, !tbaa !1283 ret %struct.Memory* %51 block_730: ; preds = %block_726, %block_730 %98 = phi i64 [ 0, %block_726 ], [ %116, %block_730 ] %99 = phi i64 [ %146, %block_726 ], [ %144, %block_730 ] %100 = load i64, i64* %17, align 8 store i64 %100, i64* %9, align 8, !tbaa !1283 %101 = load i64, i64* %16, align 8 store i64 %101, i64* %10, align 8, !tbaa !1283 %102 = load i32, i32* %7, align 4 %103 = zext i32 %102 to i64 store i64 %103, i64* %11, align 8, !tbaa !1283 %104 = load i64, i64* %14, align 8 %105 = shl i64 %98, 3 %106 = add i64 %104, %105 %107 = add i64 %99, 13 %108 = load i64, i64* %12, align 8, !tbaa !1283 %109 = add i64 %108, -8 %110 = inttoptr i64 %109 to i64* store i64 %107, i64* %110, align 8 store i64 %109, i64* %12, align 8, !tbaa !1283 %111 = inttoptr i64 %106 to i64* %112 = load i64, i64* %111, align 8 store i64 %112, i64* %3, align 8, !tbaa !1283 %113 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %112, %struct.Memory* %51) %114 = load i64, i64* %8, align 8 %115 = load i64, i64* %3, align 8 %116 = add i64 %114, 1 store i64 %116, i64* %8, align 8, !tbaa !1283 %117 = lshr i64 %116, 63 %118 = load i64, i64* %13, align 8 %119 = sub i64 %118, %116 %120 = icmp ult i64 %118, %116 %121 = zext i1 %120 to i8 store i8 %121, i8* %41, align 1, !tbaa !1261 %122 = trunc i64 %119 to i32 %123 = and i32 %122, 255 %124 = tail call i32 @llvm.ctpop.i32(i32 %123) #12 %125 = trunc i32 %124 to i8 %126 = and i8 %125, 1 %127 = xor i8 %126, 1 store i8 %127, i8* %42, align 1, !tbaa !1278 %128 = xor i64 %118, %116 %129 = xor i64 %128, %119 %130 = lshr i64 %129, 4 %131 = trunc i64 %130 to i8 %132 = and i8 %131, 1 store i8 %132, i8* %43, align 1, !tbaa !1279 %133 = icmp eq i64 %119, 0 %134 = zext i1 %133 to i8 store i8 %134, i8* %44, align 1, !tbaa !1280 %135 = lshr i64 %119, 63 %136 = trunc i64 %135 to i8 store i8 %136, i8* %45, align 1, !tbaa !1281 %137 = lshr i64 %118, 63 %138 = xor i64 %137, %117 %139 = xor i64 %135, %137 %140 = add nuw nsw i64 %139, %138 %141 = icmp eq i64 %140, 2 %142 = zext i1 %141 to i8 store i8 %142, i8* %46, align 1, !tbaa !1282 %143 = select i1 %133, i64 9, i64 -13 %144 = add i64 %143, %115 br i1 %133, label %block_746.loopexit, label %block_730 block_726: ; preds = %block_6f0 %145 = load i64, i64* %3, align 8 store i64 0, i64* %8, align 8, !tbaa !1283 store i8 0, i8* %41, align 1, !tbaa !1261 store i8 1, i8* %42, align 1, !tbaa !1278 store i8 1, i8* %44, align 1, !tbaa !1280 store i8 0, i8* %45, align 1, !tbaa !1281 store i8 0, i8* %46, align 1, !tbaa !1282 store i8 0, i8* %43, align 1, !tbaa !1279 %146 = add i64 %145, 15 br label %block_730 } ; Function Attrs: noinline define %struct.Memory* @sub_68e_main(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #4 { block_68e: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %9 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = load i64, i64* %10, align 8, !tbaa !1283 %14 = add i64 %13, -8 %15 = inttoptr i64 %14 to i64* store i64 %12, i64* %15, align 8 store i64 %14, i64* %11, align 8, !tbaa !1283 %16 = add i64 %13, -40 store i64 %16, i64* %10, align 8, !tbaa !1283 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %21 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %23 = add i64 %13, -28 %24 = load i32, i32* %7, align 4 %25 = inttoptr i64 %23 to i32* store i32 %24, i32* %25, align 4 %26 = load i64, i64* %8, align 8 %27 = inttoptr i64 %16 to i64* store i64 %26, i64* %27, align 8 %28 = add i64 %13, -12 %29 = inttoptr i64 %28 to i32* store i32 0, i32* %29, align 4 %30 = add i64 %1, 64 br label %block_6ce block_6ce: ; preds = %block_6ca, %block_68e %31 = phi i32 [ 0, %block_68e ], [ %72, %block_6ca ] %32 = phi i64 [ %30, %block_68e ], [ %69, %block_6ca ] %33 = phi i64 [ %14, %block_68e ], [ %67, %block_6ca ] %34 = add i64 %33, -20 %35 = inttoptr i64 %34 to i32* %36 = load i32, i32* %35, align 4 %37 = add i32 %36, 10000 %38 = lshr i32 %37, 31 %39 = sub i32 %31, %37 %40 = icmp ult i32 %31, %37 %41 = zext i1 %40 to i8 store i8 %41, i8* %17, align 1, !tbaa !1261 %42 = and i32 %39, 255 %43 = tail call i32 @llvm.ctpop.i32(i32 %42) #12 %44 = trunc i32 %43 to i8 %45 = and i8 %44, 1 %46 = xor i8 %45, 1 store i8 %46, i8* %18, align 1, !tbaa !1278 %47 = xor i32 %31, %37 %48 = xor i32 %47, %39 %49 = lshr i32 %48, 4 %50 = trunc i32 %49 to i8 %51 = and i8 %50, 1 store i8 %51, i8* %19, align 1, !tbaa !1279 %52 = icmp eq i32 %39, 0 %53 = zext i1 %52 to i8 store i8 %53, i8* %20, align 1, !tbaa !1280 %54 = lshr i32 %39, 31 %55 = trunc i32 %54 to i8 store i8 %55, i8* %21, align 1, !tbaa !1281 %56 = lshr i32 %31, 31 %57 = xor i32 %56, %38 %58 = xor i32 %54, %56 %59 = add nuw nsw i32 %58, %57 %60 = icmp eq i32 %59, 2 %61 = zext i1 %60 to i8 store i8 %61, i8* %22, align 1, !tbaa !1282 %62 = icmp ne i8 %55, 0 %63 = xor i1 %62, %60 %64 = select i1 %63, i64 -40, i64 13 %65 = add i64 %64, %32 br i1 %63, label %block_6a6, label %block_6db block_6ca: ; preds = %block_6a6, %block_6b4 %66 = phi i64 [ %94, %block_6a6 ], [ %78, %block_6b4 ] %67 = load i64, i64* %11, align 8 %68 = add i64 %67, -4 %69 = add i64 %66, 4 %70 = inttoptr i64 %68 to i32* %71 = load i32, i32* %70, align 4 %72 = add i32 %71, 1 store i32 %72, i32* %70, align 4 br label %block_6ce block_6b4: ; preds = %block_6a6 %73 = load i64, i64* %11, align 8 %74 = add i64 %73, -4 %75 = inttoptr i64 %74 to i32* %76 = load i32, i32* %75, align 4 %77 = zext i32 %76 to i64 store i64 %77, i64* %8, align 8, !tbaa !1283 store i64 add (i64 ptrtoint (%seg_770__rodata_type* @seg_770__rodata to i64), i64 4), i64* %9, align 8, !tbaa !1283 %78 = add i64 %94, 22 %79 = load i64, i64* %10, align 8, !tbaa !1283 %80 = add i64 %79, -8 %81 = inttoptr i64 %80 to i64* store i64 %78, i64* %81, align 8 store i64 %78, i64* %3, align 8, !alias.scope !1284, !noalias !1287 store i64 %79, i64* %10, align 8, !alias.scope !1284, !noalias !1287 %82 = tail call i64 @printf(), !noalias !1284 br label %block_6ca block_6a6: ; preds = %block_6ce %83 = zext i32 %31 to i64 store i64 %83, i64* %9, align 8, !tbaa !1283 %84 = add i64 %65, -92 %85 = add i64 %65, 10 %86 = load i64, i64* %10, align 8, !tbaa !1283 %87 = add i64 %86, -8 %88 = inttoptr i64 %87 to i64* store i64 %85, i64* %88, align 8 store i64 %87, i64* %10, align 8, !tbaa !1283 %89 = tail call %struct.Memory* @sub_64a_isPrime(%struct.State* nonnull %0, i64 %84, %struct.Memory* %2) %90 = load i32, i32* %5, align 4 %91 = load i64, i64* %3, align 8 %92 = icmp eq i32 %90, 0 %93 = select i1 %92, i64 26, i64 4 %94 = add i64 %93, %91 br i1 %92, label %block_6ca, label %block_6b4 block_6db: ; preds = %block_6ce %95 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 store i64 0, i64* %95, align 8, !tbaa !1283 %96 = inttoptr i64 %33 to i64* %97 = load i64, i64* %96, align 8 store i64 %97, i64* %11, align 8, !tbaa !1283 %98 = add i64 %33, 8 %99 = inttoptr i64 %98 to i64* %100 = load i64, i64* %99, align 8 store i64 %100, i64* %3, align 8, !tbaa !1283 %101 = add i64 %33, 16 store i64 %101, i64* %10, align 8, !tbaa !1283 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_64a_isPrime(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_64a: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1283 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12, align 8 store i64 %11, i64* %7, align 8, !tbaa !1283 store i64 %11, i64* %8, align 8, !tbaa !1283 %13 = add i64 %10, -28 %14 = load i32, i32* %5, align 4 %15 = inttoptr i64 %13 to i32* store i32 %14, i32* %15, align 4 %16 = add i32 %14, -1 %17 = icmp eq i32 %14, 0 %18 = zext i1 %17 to i8 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 %18, i8* %19, align 1, !tbaa !1261 %20 = and i32 %16, 255 %21 = tail call i32 @llvm.ctpop.i32(i32 %20) #12 %22 = trunc i32 %21 to i8 %23 = and i8 %22, 1 %24 = xor i8 %23, 1 %25 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %24, i8* %25, align 1, !tbaa !1278 %26 = xor i32 %16, %14 %27 = lshr i32 %26, 4 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 %29, i8* %30, align 1, !tbaa !1279 %31 = icmp eq i32 %16, 0 %32 = zext i1 %31 to i8 %33 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %32, i8* %33, align 1, !tbaa !1280 %34 = lshr i32 %16, 31 %35 = trunc i32 %34 to i8 %36 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %35, i8* %36, align 1, !tbaa !1281 %37 = lshr i32 %14, 31 %38 = xor i32 %34, %37 %39 = add nuw nsw i32 %38, %37 %40 = icmp eq i32 %39, 2 %41 = zext i1 %40 to i8 %42 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 %41, i8* %42, align 1, !tbaa !1282 %43 = icmp ne i8 %35, 0 %44 = xor i1 %43, %40 %45 = or i1 %31, %44 br i1 %45, label %block_68c, label %block_65e block_67b: ; preds = %_ZN12_GLOBAL__N_1L10IDIVedxeaxI2MnIjEEEP6MemoryS4_R5StateT_.exit %46 = load i64, i64* %8, align 8 %47 = add i64 %46, -4 %48 = inttoptr i64 %47 to i32* %49 = load i32, i32* %48, align 4 %50 = add i32 %49, 1 store i32 %50, i32* %48, align 4 br label %block_67f block_667: ; preds = %block_67f %51 = zext i32 %78 to i64 store i64 %51, i64* %6, align 8, !tbaa !1283 %52 = sext i32 %78 to i64 %53 = lshr i64 %52, 32 store i64 %53, i64* %107, align 8, !tbaa !1283 store i64 %108, i64* %3, align 8 %54 = sext i32 %74 to i64 %55 = shl nuw i64 %53, 32 %56 = or i64 %55, %51 %57 = sdiv i64 %56, %54 %58 = shl i64 %57, 32 %59 = ashr exact i64 %58, 32 %60 = icmp eq i64 %57, %59 br i1 %60, label %_ZN12_GLOBAL__N_1L10IDIVedxeaxI2MnIjEEEP6MemoryS4_R5StateT_.exit, label %61 ; <label>:61: ; preds = %block_667 tail call void @llvm.trap() #12 unreachable _ZN12_GLOBAL__N_1L10IDIVedxeaxI2MnIjEEEP6MemoryS4_R5StateT_.exit: ; preds = %block_667 %62 = srem i64 %56, %54 %63 = and i64 %62, 4294967295 store i64 %63, i64* %107, align 8, !tbaa !1283 %64 = trunc i64 %62 to i32 store i8 0, i8* %19, align 1, !tbaa !1261 %65 = and i32 %64, 255 %66 = tail call i32 @llvm.ctpop.i32(i32 %65) #12 %67 = trunc i32 %66 to i8 %68 = and i8 %67, 1 %69 = xor i8 %68, 1 store i8 %69, i8* %25, align 1, !tbaa !1278 %70 = icmp eq i32 %64, 0 %71 = zext i1 %70 to i8 store i8 %71, i8* %33, align 1, !tbaa !1280 %72 = lshr i32 %64, 31 %73 = trunc i32 %72 to i8 store i8 %73, i8* %36, align 1, !tbaa !1281 store i8 0, i8* %42, align 1, !tbaa !1282 store i8 0, i8* %30, align 1, !tbaa !1279 br i1 %70, label %block_68c.loopexit, label %block_67b block_67f: ; preds = %block_65e, %block_67b %74 = phi i32 [ 2, %block_65e ], [ %50, %block_67b ] %75 = phi i64 [ %11, %block_65e ], [ %46, %block_67b ] %76 = add i64 %75, -20 %77 = inttoptr i64 %76 to i32* %78 = load i32, i32* %77, align 4 %79 = sub i32 %74, %78 %80 = icmp ult i32 %74, %78 %81 = zext i1 %80 to i8 store i8 %81, i8* %19, align 1, !tbaa !1261 %82 = and i32 %79, 255 %83 = tail call i32 @llvm.ctpop.i32(i32 %82) #12 %84 = trunc i32 %83 to i8 %85 = and i8 %84, 1 %86 = xor i8 %85, 1 store i8 %86, i8* %25, align 1, !tbaa !1278 %87 = xor i32 %78, %74 %88 = xor i32 %87, %79 %89 = lshr i32 %88, 4 %90 = trunc i32 %89 to i8 %91 = and i8 %90, 1 store i8 %91, i8* %30, align 1, !tbaa !1279 %92 = icmp eq i32 %79, 0 %93 = zext i1 %92 to i8 store i8 %93, i8* %33, align 1, !tbaa !1280 %94 = lshr i32 %79, 31 %95 = trunc i32 %94 to i8 store i8 %95, i8* %36, align 1, !tbaa !1281 %96 = lshr i32 %74, 31 %97 = lshr i32 %78, 31 %98 = xor i32 %97, %96 %99 = xor i32 %94, %96 %100 = add nuw nsw i32 %99, %98 %101 = icmp eq i32 %100, 2 %102 = zext i1 %101 to i8 store i8 %102, i8* %42, align 1, !tbaa !1282 %103 = icmp ne i8 %95, 0 %104 = xor i1 %103, %101 br i1 %104, label %block_667, label %block_68c.loopexit block_65e: ; preds = %block_64a %105 = add i64 %10, -12 %106 = inttoptr i64 %105 to i32* store i32 2, i32* %106, align 4 %107 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %108 = add i64 %1, 36 br label %block_67f block_68c.loopexit: ; preds = %_ZN12_GLOBAL__N_1L10IDIVedxeaxI2MnIjEEEP6MemoryS4_R5StateT_.exit, %block_67f %.sink.ph = phi i64 [ 1, %block_67f ], [ 0, %_ZN12_GLOBAL__N_1L10IDIVedxeaxI2MnIjEEEP6MemoryS4_R5StateT_.exit ] br label %block_68c block_68c: ; preds = %block_68c.loopexit, %block_64a %.sink = phi i64 [ 0, %block_64a ], [ %.sink.ph, %block_68c.loopexit ] store i64 %.sink, i64* %6, align 8, !tbaa !1283 %109 = load i64, i64* %7, align 8, !tbaa !1283 %110 = add i64 %109, 8 %111 = inttoptr i64 %109 to i64* %112 = load i64, i64* %111, align 8 store i64 %112, i64* %8, align 8, !tbaa !1283 %113 = inttoptr i64 %110 to i64* %114 = load i64, i64* %113, align 8 store i64 %114, i64* %3, align 8, !tbaa !1283 %115 = add i64 %109, 16 store i64 %115, i64* %7, align 8, !tbaa !1283 ret %struct.Memory* %2 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_5b0_register_tm_clones(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #5 { block_5f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %6, align 8, !tbaa !1283 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1283 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12, align 8 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 0, i64* %4, align 8, !tbaa !1283 store i64 0, i64* %5, align 8, !tbaa !1283 store i8 0, i8* %13, align 1, !tbaa !1289 store i8 1, i8* %14, align 1, !tbaa !1289 store i8 0, i8* %15, align 1, !tbaa !1289 store i8 1, i8* %16, align 1, !tbaa !1289 store i8 0, i8* %17, align 1, !tbaa !1289 store i8 0, i8* %18, align 1, !tbaa !1289 %19 = load i64, i64* %12, align 8 store i64 %19, i64* %8, align 8, !tbaa !1283 %20 = inttoptr i64 %10 to i64* %21 = load i64, i64* %20, align 8 store i64 %21, i64* %3, align 8, !tbaa !1283 %22 = add i64 %10, 8 store i64 %22, i64* %7, align 8, !tbaa !1283 ret %struct.Memory* %2 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_570_deregister_tm_clones(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #5 { block_5a0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %5, align 8, !tbaa !1283 %8 = load i64, i64* %7, align 8 %9 = load i64, i64* %6, align 8, !tbaa !1283 %10 = add i64 %9, -8 %11 = inttoptr i64 %10 to i64* store i64 %8, i64* %11, align 8 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %4, align 8, !tbaa !1283 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %12, align 1, !tbaa !1261 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 1, i8* %13, align 1, !tbaa !1278 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 and (i8 trunc (i64 lshr (i64 xor (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64)), i64 4) to i8), i8 1), i8* %14, align 1, !tbaa !1279 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 1, i8* %15, align 1, !tbaa !1280 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 0, i8* %16, align 1, !tbaa !1281 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 zext (i1 icmp eq (i64 add (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 xor (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63))), i64 2) to i8), i8* %17, align 1, !tbaa !1282 %18 = load i64, i64* %11, align 8 store i64 %18, i64* %7, align 8, !tbaa !1283 %19 = inttoptr i64 %9 to i64* %20 = load i64, i64* %19, align 8 store i64 %20, i64* %3, align 8, !tbaa !1283 %21 = add i64 %9, 8 store i64 %21, i64* %6, align 8, !tbaa !1283 ret %struct.Memory* %2 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_760___libc_csu_fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #5 { block_760: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8, !tbaa !1283 %6 = inttoptr i64 %5 to i64* %7 = load i64, i64* %6, align 8 store i64 %7, i64* %3, align 8, !tbaa !1283 %8 = add i64 %5, 8 store i64 %8, i64* %4, align 8, !tbaa !1283 ret %struct.Memory* %2 } ; Function Attrs: noinline noreturn nounwind define noalias nonnull %struct.Memory* @sub_540__start(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #6 { block_540: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 store i64 0, i64* %10, align 8, !tbaa !1283 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %19 = load i64, i64* %6, align 8 store i64 %19, i64* %12, align 8, !tbaa !1283 %20 = load i64, i64* %9, align 8, !tbaa !1283 %21 = add i64 %20, 8 %22 = inttoptr i64 %20 to i64* %23 = load i64, i64* %22, align 8 store i64 %23, i64* %7, align 8, !tbaa !1283 store i64 %21, i64* %6, align 8, !tbaa !1283 %24 = and i64 %21, -16 store i8 0, i8* %13, align 1, !tbaa !1261 %25 = trunc i64 %21 to i32 %26 = and i32 %25, 240 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #12 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %14, align 1, !tbaa !1278 %31 = icmp eq i64 %24, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %15, align 1, !tbaa !1280 %33 = lshr i64 %21, 63 %34 = trunc i64 %33 to i8 store i8 %34, i8* %16, align 1, !tbaa !1281 store i8 0, i8* %17, align 1, !tbaa !1282 store i8 0, i8* %18, align 1, !tbaa !1279 %35 = load i64, i64* %4, align 8 %36 = add i64 %24, -8 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37, align 8 %38 = add i64 %24, -16 %39 = inttoptr i64 %38 to i64* store i64 %36, i64* %39, align 16 store i64 ptrtoint (i64 ()* @callback_sub_760___libc_csu_fini to i64), i64* %11, align 8, !tbaa !1283 store i64 ptrtoint (i64 ()* @callback_sub_6f0___libc_csu_init to i64), i64* %5, align 8, !tbaa !1283 store i64 ptrtoint (i64 (i64, i64, i64)* @main to i64), i64* %8, align 8, !tbaa !1283 %40 = add i64 %1, 42 %41 = add i64 %24, -24 %42 = inttoptr i64 %41 to i64* store i64 %40, i64* %42, align 8 store i64 %41, i64* %9, align 8, !tbaa !1283 %43 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb8__got_type* @seg_200fb8__got to i64), i64 40) to i64*), align 8 store i64 %43, i64* %3, align 8, !tbaa !1283 %44 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %43, %struct.Memory* %2) %45 = load i64, i64* %3, align 8 %46 = add i64 %45, 1 store i64 %46, i64* %3, align 8 %47 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull undef, i64 undef, %struct.Memory* undef) unreachable } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_640_frame_dummy(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #5 { block_640: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = load i64, i64* %3, align 8, !tbaa !1283 %7 = add i64 %6, -8 %8 = inttoptr i64 %7 to i64* store i64 %5, i64* %8, align 8 store i64 %5, i64* %4, align 8, !tbaa !1283 store i64 %6, i64* %3, align 8, !tbaa !1283 %9 = tail call %struct.Memory* @sub_5b0_register_tm_clones(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) ret %struct.Memory* %9 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_530_targ530(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_530: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb8__got_type* @seg_200fb8__got to i64), i64 64) to i64*), align 16 store i64 %4, i64* %3, align 8, !tbaa !1283 %5 = icmp eq i64 %4, 1334 br i1 %5, label %block_536, label %7 block_536: ; preds = %block_530 %6 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull undef, i64 undef, %struct.Memory* undef) unreachable ; <label>:7: ; preds = %block_530 %8 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %4, %struct.Memory* %2) ret %struct.Memory* %8 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_600___do_global_dtors_aux(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #3 { block_600: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %6 = load i8, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i64 0, i32 0, i64 0), align 8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %7, align 1, !tbaa !1261 %8 = zext i8 %6 to i32 %9 = tail call i32 @llvm.ctpop.i32(i32 %8) #12 %10 = trunc i32 %9 to i8 %11 = and i8 %10, 1 %12 = xor i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %12, i8* %13, align 1, !tbaa !1278 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 0, i8* %14, align 1, !tbaa !1279 %15 = icmp eq i8 %6, 0 %16 = zext i1 %15 to i8 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %16, i8* %17, align 1, !tbaa !1280 %18 = lshr i8 %6, 7 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %18, i8* %19, align 1, !tbaa !1281 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 0, i8* %20, align 1, !tbaa !1282 %21 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 br i1 %15, label %block_609, label %block_638 block_617: ; preds = %block_609 %22 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) to i64*), align 8 store i64 %22, i64* %4, align 8, !tbaa !1283 %23 = add i64 %46, 12 %24 = add i64 %42, -16 %25 = inttoptr i64 %24 to i64* store i64 %23, i64* %25, align 8 store i64 %24, i64* %21, align 8, !tbaa !1283 %26 = tail call %struct.Memory* @sub_530_targ530(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) %27 = load i64, i64* %3, align 8 %28 = load i64, i64* %21, align 8, !tbaa !1283 br label %block_623 block_609: ; preds = %block_600 %29 = add i64 %1, 9 %30 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb8__got_type* @seg_200fb8__got to i64), i64 64) to i64*), align 16 store i8 0, i8* %7, align 1, !tbaa !1261 %31 = trunc i64 %30 to i32 %32 = and i32 %31, 255 %33 = tail call i32 @llvm.ctpop.i32(i32 %32) #12 %34 = trunc i32 %33 to i8 %35 = and i8 %34, 1 %36 = xor i8 %35, 1 store i8 %36, i8* %13, align 1, !tbaa !1278 store i8 0, i8* %14, align 1, !tbaa !1279 %37 = icmp eq i64 %30, 0 %38 = zext i1 %37 to i8 store i8 %38, i8* %17, align 1, !tbaa !1280 %39 = lshr i64 %30, 63 %40 = trunc i64 %39 to i8 store i8 %40, i8* %19, align 1, !tbaa !1281 store i8 0, i8* %20, align 1, !tbaa !1282 %41 = load i64, i64* %5, align 8 %42 = load i64, i64* %21, align 8, !tbaa !1283 %43 = add i64 %42, -8 %44 = inttoptr i64 %43 to i64* store i64 %41, i64* %44, align 8 store i64 %43, i64* %5, align 8, !tbaa !1283 %45 = select i1 %37, i64 26, i64 14 %46 = add i64 %29, %45 br i1 %37, label %block_623, label %block_617 block_638: ; preds = %block_600 %47 = load i64, i64* %21, align 8, !tbaa !1283 %48 = inttoptr i64 %47 to i64* %49 = load i64, i64* %48, align 8 store i64 %49, i64* %3, align 8, !tbaa !1283 %50 = add i64 %47, 8 store i64 %50, i64* %21, align 8, !tbaa !1283 ret %struct.Memory* %2 block_623: ; preds = %block_609, %block_617 %51 = phi i64 [ %43, %block_609 ], [ %28, %block_617 ] %52 = phi i64 [ %46, %block_609 ], [ %27, %block_617 ] %53 = phi %struct.Memory* [ %2, %block_609 ], [ %26, %block_617 ] %54 = add i64 %52, 5 %55 = add i64 %51, -8 %56 = inttoptr i64 %55 to i64* store i64 %54, i64* %56, align 8 store i64 %55, i64* %21, align 8, !tbaa !1283 %57 = tail call %struct.Memory* @sub_570_deregister_tm_clones(%struct.State* nonnull %0, i64 undef, %struct.Memory* %53) store i8 1, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i64 0, i32 0, i64 0), align 8 %58 = load i64, i64* %21, align 8, !tbaa !1283 %59 = add i64 %58, 8 %60 = inttoptr i64 %58 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %5, align 8, !tbaa !1283 %62 = inttoptr i64 %59 to i64* %63 = load i64, i64* %62, align 8 store i64 %63, i64* %3, align 8, !tbaa !1283 %64 = add i64 %58, 16 store i64 %64, i64* %21, align 8, !tbaa !1283 ret %struct.Memory* %57 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_4f0__init(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #3 { block_4f0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, -8 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %14 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb8__got_type* @seg_200fb8__got to i64), i64 48) to i64*), align 16 store i64 %14, i64* %4, align 8, !tbaa !1283 store i8 0, i8* %8, align 1, !tbaa !1261 %15 = trunc i64 %14 to i32 %16 = and i32 %15, 255 %17 = tail call i32 @llvm.ctpop.i32(i32 %16) #12 %18 = trunc i32 %17 to i8 %19 = and i8 %18, 1 %20 = xor i8 %19, 1 store i8 %20, i8* %9, align 1, !tbaa !1278 %21 = icmp eq i64 %14, 0 %22 = zext i1 %21 to i8 store i8 %22, i8* %11, align 1, !tbaa !1280 %23 = lshr i64 %14, 63 %24 = trunc i64 %23 to i8 store i8 %24, i8* %12, align 1, !tbaa !1281 store i8 0, i8* %13, align 1, !tbaa !1282 store i8 0, i8* %10, align 1, !tbaa !1279 br i1 %21, label %block_502, label %block_500 block_502: ; preds = %block_500, %block_4f0 %25 = phi i64 [ %7, %block_4f0 ], [ %56, %block_500 ] %26 = phi %struct.Memory* [ %2, %block_4f0 ], [ %55, %block_500 ] %27 = add i64 %25, 8 %28 = icmp ugt i64 %25, -9 %29 = zext i1 %28 to i8 store i8 %29, i8* %8, align 1, !tbaa !1261 %30 = trunc i64 %27 to i32 %31 = and i32 %30, 255 %32 = tail call i32 @llvm.ctpop.i32(i32 %31) #12 %33 = trunc i32 %32 to i8 %34 = and i8 %33, 1 %35 = xor i8 %34, 1 store i8 %35, i8* %9, align 1, !tbaa !1278 %36 = xor i64 %27, %25 %37 = lshr i64 %36, 4 %38 = trunc i64 %37 to i8 %39 = and i8 %38, 1 store i8 %39, i8* %10, align 1, !tbaa !1279 %40 = icmp eq i64 %27, 0 %41 = zext i1 %40 to i8 store i8 %41, i8* %11, align 1, !tbaa !1280 %42 = lshr i64 %27, 63 %43 = trunc i64 %42 to i8 store i8 %43, i8* %12, align 1, !tbaa !1281 %44 = lshr i64 %25, 63 %45 = xor i64 %42, %44 %46 = add nuw nsw i64 %45, %42 %47 = icmp eq i64 %46, 2 %48 = zext i1 %47 to i8 store i8 %48, i8* %13, align 1, !tbaa !1282 %49 = inttoptr i64 %27 to i64* %50 = load i64, i64* %49, align 8 store i64 %50, i64* %3, align 8, !tbaa !1283 %51 = add i64 %25, 16 store i64 %51, i64* %5, align 8, !tbaa !1283 ret %struct.Memory* %26 block_500: ; preds = %block_4f0 %52 = add i64 %1, 18 %53 = add i64 %6, -16 %54 = inttoptr i64 %53 to i64* store i64 %52, i64* %54, align 8 store i64 %53, i64* %5, align 8, !tbaa !1283 store i64 %14, i64* %3, align 8, !tbaa !1283 %55 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %14, %struct.Memory* %2) %56 = load i64, i64* %5, align 8 br label %block_502 } ; Function Attrs: nobuiltin noinline norecurse nounwind define i64 @callback_sub_640_frame_dummy(i64, i64, i64, i64, i64, i64, i64, i64) #7 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1600, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_640_frame_dummy(%struct.State* nonnull @__mcsema_reg_state, i64 1600, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define void @__mcsema_verify_reg_state() local_unnamed_addr #8 { entry: %0 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %1 = icmp eq i64 %0, 0 br i1 %1, label %is_null, label %end is_null: ; preds = %entry store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %end end: ; preds = %is_null, %entry ret void } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_600___do_global_dtors_aux(i64, i64, i64, i64, i64, i64, i64, i64) #9 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1536, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_600___do_global_dtors_aux(%struct.State* nonnull @__mcsema_reg_state, i64 1536, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: noinline nounwind define %struct.Memory* @__mcsema_detach_call_value(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 %13 = load i64, i64* %9, align 8 %14 = load i64, i64* %8, align 8 %15 = load i64, i64* %7, align 8 %16 = load i64, i64* %6, align 8 %17 = load i64, i64* %11, align 8 %18 = load i64, i64* %12, align 8 %19 = load i64, i64* %10, align 8 %20 = add i64 %19, 8 %21 = inttoptr i64 %20 to i64* %22 = load i64, i64* %21, align 8 %23 = add i64 %19, 16 %24 = inttoptr i64 %23 to i64* %25 = load i64, i64* %24, align 8 %26 = inttoptr i64 %1 to i64 (i64, i64, i64, i64, i64, i64, i64, i64)* %27 = tail call i64 %26(i64 %13, i64 %14, i64 %15, i64 %16, i64 %17, i64 %18, i64 %22, i64 %25) #12 store i64 %27, i64* %5, align 8 %28 = inttoptr i64 %19 to i64* %29 = load i64, i64* %28, align 8 store i64 %29, i64* %4, align 8 store i64 %20, i64* %10, align 8 ret %struct.Memory* %2 } ; Function Attrs: alwaysinline inlinehint define %struct.Memory* @ext_201438_printf(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #10 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i64* %9 = load i64, i64* %8, align 8 store i64 %9, i64* %4, align 8 %10 = add i64 %7, 8 store i64 %10, i64* %6, align 8 %11 = tail call i64 @printf() store i64 %11, i64* %5, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline norecurse nounwind define i64 @callback_sub_760___libc_csu_fini() #7 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1888, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_760___libc_csu_fini(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_6f0___libc_csu_init() #9 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1776, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_6f0___libc_csu_init(%struct.State* nonnull @__mcsema_reg_state, i64 1776, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline define i64 @main(i64, i64, i64) #11 { %4 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %3 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %3 %6 = phi i64 [ %4, %3 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1678, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %7 = load volatile i1, i1* @0, align 1 br i1 %7, label %__mcsema_early_init.exit, label %8 ; <label>:8: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %8, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 %9 = add i64 %6, -8 store i64 %9, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = tail call %struct.Memory* @sub_68e_main(%struct.State* nonnull @__mcsema_reg_state, i64 1678, %struct.Memory* null) store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %11 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %11 } ; Function Attrs: nobuiltin noinline nounwind define i64 @targ530(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #9 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1328, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_530_targ530(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nobuiltin noinline nounwind define i64 @isPrime(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #9 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1610, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_64a_isPrime(%struct.State* nonnull @__mcsema_reg_state, i64 1610, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nounwind define internal void @__mcsema_constructor() #12 { %1 = load volatile i1, i1* @0, align 1 br i1 %1, label %__mcsema_early_init.exit, label %2 ; <label>:2: ; preds = %0 store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %2, %0 %3 = tail call i64 @callback_sub_6f0___libc_csu_init() ret void } ; Function Attrs: norecurse nounwind define internal void @__mcsema_destructor() #8 { %1 = tail call i64 @callback_sub_760___libc_csu_fini() ret void } ; Function Attrs: noinline nounwind optnone define %struct.State* @__mcsema_debug_get_reg_state() local_unnamed_addr #13 { ret %struct.State* @__mcsema_reg_state } ; Function Attrs: noreturn nounwind declare void @llvm.trap() #14 attributes #0 = { nounwind readnone } attributes #1 = { noduplicate noinline noreturn nounwind optnone "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #2 = { noinline } attributes #3 = { noinline nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #4 = { noinline "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #5 = { noinline norecurse nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #6 = { noinline noreturn nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #7 = { nobuiltin noinline norecurse nounwind } attributes #8 = { norecurse nounwind } attributes #9 = { nobuiltin noinline nounwind } attributes #10 = { alwaysinline inlinehint "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #11 = { nobuiltin noinline } attributes #12 = { nounwind } attributes #13 = { noinline nounwind optnone } attributes #14 = { noreturn nounwind } !llvm.ident = !{!0, !0} !llvm.dbg.cu = !{!1} !llvm.module.flags = !{!1259, !1260}

Test6

Source code:
#include <stdio.h> #include <stdlib.h> void quicksort(int number[25],int first,int last){ int i, j, pivot, temp; if(first<last){ pivot=first; i=first; j=last; while(i<j){ while(number[i]<=number[pivot]&&i<last) i++; while(number[j]>number[pivot]) j--; if(i<j){ temp=number[i]; number[i]=number[j]; number[j]=temp; } } temp=number[pivot]; number[pivot]=number[j]; number[j]=temp; quicksort(number,first,j-1); quicksort(number,j+1,last); } } int main(){ int i, count, number[25]; printf("How many elements are u going to enter?: "); scanf("%d",&count); printf("Enter %d elements: ", count); for(i=0;i<count;i++) scanf("%d",&number[i]); quicksort(number,0,count-1); printf("Order of Sorted elements: "); for(i=0;i<count;i++) printf(" %d",number[i]); return 0; }

Compiled LLVM:
Non-optimised:
; ModuleID = 'test.bc' source_filename = "test.c" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-unknown-linux-gnu" @.str = private unnamed_addr constant [42 x i8] c"How many elements are u going to enter?: \00", align 1 @.str.1 = private unnamed_addr constant [3 x i8] c"%d\00", align 1 @.str.2 = private unnamed_addr constant [20 x i8] c"Enter %d elements: \00", align 1 @.str.3 = private unnamed_addr constant [27 x i8] c"Order of Sorted elements: \00", align 1 @.str.4 = private unnamed_addr constant [4 x i8] c" %d\00", align 1 ; Function Attrs: noinline nounwind optnone uwtable define dso_local void @quicksort(i32* %number, i32 %first, i32 %last) #0 { entry: %number.addr = alloca i32*, align 8 %first.addr = alloca i32, align 4 %last.addr = alloca i32, align 4 %i = alloca i32, align 4 %j = alloca i32, align 4 %pivot = alloca i32, align 4 %temp = alloca i32, align 4 store i32* %number, i32** %number.addr, align 8 store i32 %first, i32* %first.addr, align 4 store i32 %last, i32* %last.addr, align 4 %0 = load i32, i32* %first.addr, align 4 %1 = load i32, i32* %last.addr, align 4 %cmp = icmp slt i32 %0, %1 br i1 %cmp, label %if.then, label %if.end35 if.then: ; preds = %entry %2 = load i32, i32* %first.addr, align 4 store i32 %2, i32* %pivot, align 4 %3 = load i32, i32* %first.addr, align 4 store i32 %3, i32* %i, align 4 %4 = load i32, i32* %last.addr, align 4 store i32 %4, i32* %j, align 4 br label %while.cond while.cond: ; preds = %if.end, %if.then %5 = load i32, i32* %i, align 4 %6 = load i32, i32* %j, align 4 %cmp1 = icmp slt i32 %5, %6 br i1 %cmp1, label %while.body, label %while.end26 while.body: ; preds = %while.cond br label %while.cond2 while.cond2: ; preds = %while.body7, %while.body %7 = load i32*, i32** %number.addr, align 8 %8 = load i32, i32* %i, align 4 %idxprom = sext i32 %8 to i64 %arrayidx = getelementptr inbounds i32, i32* %7, i64 %idxprom %9 = load i32, i32* %arrayidx, align 4 %10 = load i32*, i32** %number.addr, align 8 %11 = load i32, i32* %pivot, align 4 %idxprom3 = sext i32 %11 to i64 %arrayidx4 = getelementptr inbounds i32, i32* %10, i64 %idxprom3 %12 = load i32, i32* %arrayidx4, align 4 %cmp5 = icmp sle i32 %9, %12 br i1 %cmp5, label %land.rhs, label %land.end land.rhs: ; preds = %while.cond2 %13 = load i32, i32* %i, align 4 %14 = load i32, i32* %last.addr, align 4 %cmp6 = icmp slt i32 %13, %14 br label %land.end land.end: ; preds = %land.rhs, %while.cond2 %15 = phi i1 [ false, %while.cond2 ], [ %cmp6, %land.rhs ] br i1 %15, label %while.body7, label %while.end while.body7: ; preds = %land.end %16 = load i32, i32* %i, align 4 %inc = add nsw i32 %16, 1 store i32 %inc, i32* %i, align 4 br label %while.cond2 while.end: ; preds = %land.end br label %while.cond8 while.cond8: ; preds = %while.body14, %while.end %17 = load i32*, i32** %number.addr, align 8 %18 = load i32, i32* %j, align 4 %idxprom9 = sext i32 %18 to i64 %arrayidx10 = getelementptr inbounds i32, i32* %17, i64 %idxprom9 %19 = load i32, i32* %arrayidx10, align 4 %20 = load i32*, i32** %number.addr, align 8 %21 = load i32, i32* %pivot, align 4 %idxprom11 = sext i32 %21 to i64 %arrayidx12 = getelementptr inbounds i32, i32* %20, i64 %idxprom11 %22 = load i32, i32* %arrayidx12, align 4 %cmp13 = icmp sgt i32 %19, %22 br i1 %cmp13, label %while.body14, label %while.end15 while.body14: ; preds = %while.cond8 %23 = load i32, i32* %j, align 4 %dec = add nsw i32 %23, -1 store i32 %dec, i32* %j, align 4 br label %while.cond8 while.end15: ; preds = %while.cond8 %24 = load i32, i32* %i, align 4 %25 = load i32, i32* %j, align 4 %cmp16 = icmp slt i32 %24, %25 br i1 %cmp16, label %if.then17, label %if.end if.then17: ; preds = %while.end15 %26 = load i32*, i32** %number.addr, align 8 %27 = load i32, i32* %i, align 4 %idxprom18 = sext i32 %27 to i64 %arrayidx19 = getelementptr inbounds i32, i32* %26, i64 %idxprom18 %28 = load i32, i32* %arrayidx19, align 4 store i32 %28, i32* %temp, align 4 %29 = load i32*, i32** %number.addr, align 8 %30 = load i32, i32* %j, align 4 %idxprom20 = sext i32 %30 to i64 %arrayidx21 = getelementptr inbounds i32, i32* %29, i64 %idxprom20 %31 = load i32, i32* %arrayidx21, align 4 %32 = load i32*, i32** %number.addr, align 8 %33 = load i32, i32* %i, align 4 %idxprom22 = sext i32 %33 to i64 %arrayidx23 = getelementptr inbounds i32, i32* %32, i64 %idxprom22 store i32 %31, i32* %arrayidx23, align 4 %34 = load i32, i32* %temp, align 4 %35 = load i32*, i32** %number.addr, align 8 %36 = load i32, i32* %j, align 4 %idxprom24 = sext i32 %36 to i64 %arrayidx25 = getelementptr inbounds i32, i32* %35, i64 %idxprom24 store i32 %34, i32* %arrayidx25, align 4 br label %if.end if.end: ; preds = %if.then17, %while.end15 br label %while.cond while.end26: ; preds = %while.cond %37 = load i32*, i32** %number.addr, align 8 %38 = load i32, i32* %pivot, align 4 %idxprom27 = sext i32 %38 to i64 %arrayidx28 = getelementptr inbounds i32, i32* %37, i64 %idxprom27 %39 = load i32, i32* %arrayidx28, align 4 store i32 %39, i32* %temp, align 4 %40 = load i32*, i32** %number.addr, align 8 %41 = load i32, i32* %j, align 4 %idxprom29 = sext i32 %41 to i64 %arrayidx30 = getelementptr inbounds i32, i32* %40, i64 %idxprom29 %42 = load i32, i32* %arrayidx30, align 4 %43 = load i32*, i32** %number.addr, align 8 %44 = load i32, i32* %pivot, align 4 %idxprom31 = sext i32 %44 to i64 %arrayidx32 = getelementptr inbounds i32, i32* %43, i64 %idxprom31 store i32 %42, i32* %arrayidx32, align 4 %45 = load i32, i32* %temp, align 4 %46 = load i32*, i32** %number.addr, align 8 %47 = load i32, i32* %j, align 4 %idxprom33 = sext i32 %47 to i64 %arrayidx34 = getelementptr inbounds i32, i32* %46, i64 %idxprom33 store i32 %45, i32* %arrayidx34, align 4 %48 = load i32*, i32** %number.addr, align 8 %49 = load i32, i32* %first.addr, align 4 %50 = load i32, i32* %j, align 4 %sub = sub nsw i32 %50, 1 call void @quicksort(i32* %48, i32 %49, i32 %sub) %51 = load i32*, i32** %number.addr, align 8 %52 = load i32, i32* %j, align 4 %add = add nsw i32 %52, 1 %53 = load i32, i32* %last.addr, align 4 call void @quicksort(i32* %51, i32 %add, i32 %53) br label %if.end35 if.end35: ; preds = %while.end26, %entry ret void } ; Function Attrs: noinline nounwind optnone uwtable define dso_local i32 @main() #0 { entry: %retval = alloca i32, align 4 %i = alloca i32, align 4 %count = alloca i32, align 4 %number = alloca [25 x i32], align 16 store i32 0, i32* %retval, align 4 %call = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str, i32 0, i32 0)) %call1 = call i32 (i8*, ...) @__isoc99_scanf(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.1, i32 0, i32 0), i32* %count) %0 = load i32, i32* %count, align 4 %call2 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([20 x i8], [20 x i8]* @.str.2, i32 0, i32 0), i32 %0) store i32 0, i32* %i, align 4 br label %for.cond for.cond: ; preds = %for.inc, %entry %1 = load i32, i32* %i, align 4 %2 = load i32, i32* %count, align 4 %cmp = icmp slt i32 %1, %2 br i1 %cmp, label %for.body, label %for.end for.body: ; preds = %for.cond %3 = load i32, i32* %i, align 4 %idxprom = sext i32 %3 to i64 %arrayidx = getelementptr inbounds [25 x i32], [25 x i32]* %number, i64 0, i64 %idxprom %call3 = call i32 (i8*, ...) @__isoc99_scanf(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.1, i32 0, i32 0), i32* %arrayidx) br label %for.inc for.inc: ; preds = %for.body %4 = load i32, i32* %i, align 4 %inc = add nsw i32 %4, 1 store i32 %inc, i32* %i, align 4 br label %for.cond for.end: ; preds = %for.cond %arraydecay = getelementptr inbounds [25 x i32], [25 x i32]* %number, i32 0, i32 0 %5 = load i32, i32* %count, align 4 %sub = sub nsw i32 %5, 1 call void @quicksort(i32* %arraydecay, i32 0, i32 %sub) %call4 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3, i32 0, i32 0)) store i32 0, i32* %i, align 4 br label %for.cond5 for.cond5: ; preds = %for.inc11, %for.end %6 = load i32, i32* %i, align 4 %7 = load i32, i32* %count, align 4 %cmp6 = icmp slt i32 %6, %7 br i1 %cmp6, label %for.body7, label %for.end13 for.body7: ; preds = %for.cond5 %8 = load i32, i32* %i, align 4 %idxprom8 = sext i32 %8 to i64 %arrayidx9 = getelementptr inbounds [25 x i32], [25 x i32]* %number, i64 0, i64 %idxprom8 %9 = load i32, i32* %arrayidx9, align 4 %call10 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4, i32 0, i32 0), i32 %9) br label %for.inc11 for.inc11: ; preds = %for.body7 %10 = load i32, i32* %i, align 4 %inc12 = add nsw i32 %10, 1 store i32 %inc12, i32* %i, align 4 br label %for.cond5 for.end13: ; preds = %for.cond5 ret i32 0 } declare dso_local i32 @printf(i8*, ...) #1 declare dso_local i32 @__isoc99_scanf(i8*, ...) #1 attributes #0 = { noinline nounwind optnone uwtable "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "min-legal-vector-width"="0" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #1 = { "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } !llvm.module.flags = !{!0} !llvm.ident = !{!1} !0 = !{i32 1, !"wchar_size", i32 4} !1 = !{!"clang version 8.0.0 (tags/RELEASE_800/final)"}

Optimised:
; ModuleID = 'opt_test.bc' source_filename = "test.c" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-unknown-linux-gnu" @.str = private unnamed_addr constant [42 x i8] c"How many elements are u going to enter?: \00", align 1 @.str.1 = private unnamed_addr constant [3 x i8] c"%d\00", align 1 @.str.2 = private unnamed_addr constant [20 x i8] c"Enter %d elements: \00", align 1 @.str.3 = private unnamed_addr constant [27 x i8] c"Order of Sorted elements: \00", align 1 @.str.4 = private unnamed_addr constant [4 x i8] c" %d\00", align 1 ; Function Attrs: nounwind uwtable define dso_local void @quicksort(i32* %number, i32 %first, i32 %last) local_unnamed_addr #0 { entry: %cmp83 = icmp slt i32 %first, %last br i1 %cmp83, label %while.cond.preheader.preheader, label %if.end35 while.cond.preheader.preheader: ; preds = %entry %0 = sext i32 %last to i64 br label %while.cond.preheader while.cond.preheader: ; preds = %while.cond.preheader.preheader, %while.end26 %first.tr84 = phi i32 [ %add, %while.end26 ], [ %first, %while.cond.preheader.preheader ] %cmp180 = icmp slt i32 %first.tr84, %last %idxprom3 = sext i32 %first.tr84 to i64 br i1 %cmp180, label %while.cond2.preheader.lr.ph, label %while.end26 while.cond2.preheader.lr.ph: ; preds = %while.cond.preheader %arrayidx4 = getelementptr inbounds i32, i32* %number, i64 %idxprom3 br label %while.cond2.preheader while.cond2.preheader: ; preds = %if.end, %while.cond2.preheader.lr.ph %i.082 = phi i32 [ %first.tr84, %while.cond2.preheader.lr.ph ], [ %4, %if.end ] %j.081 = phi i32 [ %last, %while.cond2.preheader.lr.ph ], [ %7, %if.end ] %1 = load i32, i32* %arrayidx4, align 4, !tbaa !2 %2 = sext i32 %i.082 to i64 br label %while.cond2 while.cond2: ; preds = %while.cond2, %while.cond2.preheader %indvars.iv = phi i64 [ %indvars.iv.next, %while.cond2 ], [ %2, %while.cond2.preheader ] %arrayidx = getelementptr inbounds i32, i32* %number, i64 %indvars.iv %3 = load i32, i32* %arrayidx, align 4, !tbaa !2 %cmp5 = icmp sle i32 %3, %1 %cmp6 = icmp slt i64 %indvars.iv, %0 %or.cond = and i1 %cmp6, %cmp5 %indvars.iv.next = add nsw i64 %indvars.iv, 1 br i1 %or.cond, label %while.cond2, label %while.cond8.preheader while.cond8.preheader: ; preds = %while.cond2 %arrayidx.le = getelementptr inbounds i32, i32* %number, i64 %indvars.iv %4 = trunc i64 %indvars.iv to i32 %5 = sext i32 %j.081 to i64 br label %while.cond8 while.cond8: ; preds = %while.cond8, %while.cond8.preheader %indvars.iv87 = phi i64 [ %indvars.iv.next88, %while.cond8 ], [ %5, %while.cond8.preheader ] %arrayidx10 = getelementptr inbounds i32, i32* %number, i64 %indvars.iv87 %6 = load i32, i32* %arrayidx10, align 4, !tbaa !2 %cmp13 = icmp sgt i32 %6, %1 %indvars.iv.next88 = add i64 %indvars.iv87, -1 br i1 %cmp13, label %while.cond8, label %while.end15 while.end15: ; preds = %while.cond8 %7 = trunc i64 %indvars.iv87 to i32 %cmp16 = icmp slt i32 %4, %7 br i1 %cmp16, label %if.end, label %while.end26.loopexit if.end: ; preds = %while.end15 %arrayidx10.le = getelementptr inbounds i32, i32* %number, i64 %indvars.iv87 store i32 %6, i32* %arrayidx.le, align 4, !tbaa !2 store i32 %3, i32* %arrayidx10.le, align 4, !tbaa !2 br label %while.cond2.preheader while.end26.loopexit: ; preds = %while.end15 %8 = trunc i64 %indvars.iv87 to i32 %sext = shl i64 %indvars.iv87, 32 %.pre = ashr exact i64 %sext, 32 br label %while.end26 while.end26: ; preds = %while.cond.preheader, %while.end26.loopexit %idxprom29.pre-phi = phi i64 [ %.pre, %while.end26.loopexit ], [ %0, %while.cond.preheader ] %j.0.lcssa = phi i32 [ %8, %while.end26.loopexit ], [ %last, %while.cond.preheader ] %arrayidx28 = getelementptr inbounds i32, i32* %number, i64 %idxprom3 %9 = load i32, i32* %arrayidx28, align 4, !tbaa !2 %arrayidx30 = getelementptr inbounds i32, i32* %number, i64 %idxprom29.pre-phi %10 = load i32, i32* %arrayidx30, align 4, !tbaa !2 store i32 %10, i32* %arrayidx28, align 4, !tbaa !2 store i32 %9, i32* %arrayidx30, align 4, !tbaa !2 %sub = add nsw i32 %j.0.lcssa, -1 tail call void @quicksort(i32* %number, i32 %first.tr84, i32 %sub) %add = add nsw i32 %j.0.lcssa, 1 %cmp = icmp slt i32 %add, %last br i1 %cmp, label %while.cond.preheader, label %if.end35 if.end35: ; preds = %while.end26, %entry ret void } ; Function Attrs: argmemonly nounwind declare void @llvm.lifetime.start.p0i8(i64, i8* nocapture) #1 ; Function Attrs: argmemonly nounwind declare void @llvm.lifetime.end.p0i8(i64, i8* nocapture) #1 ; Function Attrs: nounwind uwtable define dso_local i32 @main() local_unnamed_addr #0 { entry: %count = alloca i32, align 4 %number = alloca [25 x i32], align 16 %0 = bitcast i32* %count to i8* call void @llvm.lifetime.start.p0i8(i64 4, i8* nonnull %0) #3 %1 = bitcast [25 x i32]* %number to i8* call void @llvm.lifetime.start.p0i8(i64 100, i8* nonnull %1) #3 %call = tail call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str, i64 0, i64 0)) %call1 = call i32 (i8*, ...) @__isoc99_scanf(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.1, i64 0, i64 0), i32* nonnull %count) %2 = load i32, i32* %count, align 4, !tbaa !2 %call2 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([20 x i8], [20 x i8]* @.str.2, i64 0, i64 0), i32 %2) %3 = load i32, i32* %count, align 4, !tbaa !2 %cmp22 = icmp sgt i32 %3, 0 br i1 %cmp22, label %for.body, label %for.end for.body: ; preds = %entry, %for.body %indvars.iv25 = phi i64 [ %indvars.iv.next26, %for.body ], [ 0, %entry ] %arrayidx = getelementptr inbounds [25 x i32], [25 x i32]* %number, i64 0, i64 %indvars.iv25 %call3 = call i32 (i8*, ...) @__isoc99_scanf(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.1, i64 0, i64 0), i32* nonnull %arrayidx) %indvars.iv.next26 = add nuw nsw i64 %indvars.iv25, 1 %4 = load i32, i32* %count, align 4, !tbaa !2 %5 = sext i32 %4 to i64 %cmp = icmp slt i64 %indvars.iv.next26, %5 br i1 %cmp, label %for.body, label %for.end for.end: ; preds = %for.body, %entry %.lcssa = phi i32 [ %3, %entry ], [ %4, %for.body ] %arraydecay = getelementptr inbounds [25 x i32], [25 x i32]* %number, i64 0, i64 0 %sub = add nsw i32 %.lcssa, -1 call void @quicksort(i32* nonnull %arraydecay, i32 0, i32 %sub) %call4 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3, i64 0, i64 0)) %6 = load i32, i32* %count, align 4, !tbaa !2 %cmp620 = icmp sgt i32 %6, 0 br i1 %cmp620, label %for.body7, label %for.end13 for.body7: ; preds = %for.end, %for.body7 %indvars.iv = phi i64 [ %indvars.iv.next, %for.body7 ], [ 0, %for.end ] %arrayidx9 = getelementptr inbounds [25 x i32], [25 x i32]* %number, i64 0, i64 %indvars.iv %7 = load i32, i32* %arrayidx9, align 4, !tbaa !2 %call10 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4, i64 0, i64 0), i32 %7) %indvars.iv.next = add nuw nsw i64 %indvars.iv, 1 %8 = load i32, i32* %count, align 4, !tbaa !2 %9 = sext i32 %8 to i64 %cmp6 = icmp slt i64 %indvars.iv.next, %9 br i1 %cmp6, label %for.body7, label %for.end13 for.end13: ; preds = %for.body7, %for.end call void @llvm.lifetime.end.p0i8(i64 100, i8* nonnull %1) #3 call void @llvm.lifetime.end.p0i8(i64 4, i8* nonnull %0) #3 ret i32 0 } ; Function Attrs: nounwind declare dso_local i32 @printf(i8* nocapture readonly, ...) local_unnamed_addr #2 ; Function Attrs: nounwind declare dso_local i32 @__isoc99_scanf(i8* nocapture readonly, ...) local_unnamed_addr #2 attributes #0 = { nounwind uwtable "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "min-legal-vector-width"="0" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #1 = { argmemonly nounwind } attributes #2 = { nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #3 = { nounwind } !llvm.module.flags = !{!0} !llvm.ident = !{!1} !0 = !{i32 1, !"wchar_size", i32 4} !1 = !{!"clang version 8.0.0 (tags/RELEASE_800/final)"} !2 = !{!3, !3, i64 0} !3 = !{!"int", !4, i64 0} !4 = !{!"omnipotent char", !5, i64 0} !5 = !{!"Simple C/C++ TBAA"}

Raised by mctoll
Non-optimised:
; ModuleID = '../a.out' source_filename = "../a.out" @RO-String = private constant [42 x i8] c"How many elements are u going to enter?: \00", align 1 @RO-String.1 = private constant [3 x i8] c"%d\00", align 1 @RO-String.2 = private constant [20 x i8] c"Enter %d elements: \00", align 1 @RO-String.3 = private constant [27 x i8] c"Order of Sorted elements: \00", align 1 @RO-String.4 = private constant [4 x i8] c" %d\00", align 1 define dso_local void @quicksort(i64 %arg1, i32 %arg2, i32 %arg3) { entry: %0 = alloca i64, align 8 %StackAdj = alloca i64, align 8 %1 = alloca i64, align 8 %2 = alloca i32, align 4 %3 = alloca i32, align 4 %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = ptrtoint i64* %0 to i64 store i64 %arg1, i64* %1, align 8 store i32 %arg2, i32* %2, align 4 %8 = zext i32 %arg3 to i64 store i64 %8, i64* %StackAdj, align 4 %9 = load i32, i32* %2, align 4 %10 = load i64, i64* %StackAdj, align 8 %11 = trunc i64 %10 to i32 %12 = sub i32 %9, %11 %ZF = icmp eq i32 %12, 0 %13 = shl i32 1, 31 %14 = and i32 %13, %12 %SF = icmp eq i32 %14, %13 %CmpSFOF_JGE = icmp eq i1 %SF, false br i1 %CmpSFOF_JGE, label %bb.12, label %bb.1 bb.1: ; preds = %entry %15 = load i32, i32* %2, align 4 store i32 %15, i32* %3, align 4 %16 = load i32, i32* %2, align 4 store i32 %16, i32* %4, align 4 %17 = load i64, i64* %StackAdj, align 8 %18 = trunc i64 %17 to i32 store i32 %18, i32* %5, align 4 br label %bb.10 bb.10: ; preds = %bb.9, %bb.8, %bb.1 %19 = load i32, i32* %4, align 4 %20 = load i32, i32* %5, align 4 %21 = sub i32 %19, %20 %ZF1 = icmp eq i32 %21, 0 %22 = shl i32 1, 31 %23 = and i32 %22, %21 %SF2 = icmp eq i32 %23, %22 %SFAndOF_JL = icmp ne i1 %SF2, false br i1 %SFAndOF_JL, label %bb.3, label %bb.11 bb.11: ; preds = %bb.10 %24 = load i32, i32* %3, align 4 %25 = sext i32 %24 to i64 %26 = mul i64 4, %25 %27 = load i64, i64* %1, align 8 %28 = add nsw i64 %27, %26 %29 = shl i64 1, 63 %30 = and i64 %29, %28 %SF3 = icmp eq i64 %30, %29 %ZF4 = icmp eq i64 %28, 0 %31 = inttoptr i64 %28 to i32* %32 = load i32, i32* %31, align 4 store i32 %32, i32* %6, align 4 %33 = load i32, i32* %5, align 4 %34 = sext i32 %33 to i64 %35 = mul i64 4, %34 %36 = load i64, i64* %1, align 8 %37 = add nsw i64 %36, %35 %38 = shl i64 1, 63 %39 = and i64 %38, %37 %SF5 = icmp eq i64 %39, %38 %ZF6 = icmp eq i64 %37, 0 %40 = load i32, i32* %3, align 4 %41 = sext i32 %40 to i64 %42 = mul i64 4, %41 %43 = load i64, i64* %1, align 8 %44 = add nsw i64 %43, %42 %45 = shl i64 1, 63 %46 = and i64 %45, %44 %SF7 = icmp eq i64 %46, %45 %ZF8 = icmp eq i64 %44, 0 %47 = inttoptr i64 %37 to i32* %48 = load i32, i32* %47, align 4 %49 = inttoptr i64 %44 to i32* store i32 %48, i32* %49, align 4 %50 = load i32, i32* %5, align 4 %51 = sext i32 %50 to i64 %52 = mul i64 4, %51 %53 = load i64, i64* %1, align 8 %54 = add nsw i64 %52, %53 %55 = shl i64 1, 63 %56 = and i64 %55, %54 %SF9 = icmp eq i64 %56, %55 %ZF10 = icmp eq i64 %54, 0 %57 = load i32, i32* %6, align 4 %58 = inttoptr i64 %54 to i32* store i32 %57, i32* %58, align 4 %59 = load i32, i32* %5, align 4 %60 = add i32 %59, -1 %61 = load i32, i32* %2, align 4 %62 = load i64, i64* %1, align 8 call void @quicksort(i64 %62, i32 %61, i32 %60) %63 = load i32, i32* %5, align 4 %64 = add i32 %63, 1 %65 = load i64, i64* %StackAdj, align 8 %66 = load i64, i64* %1, align 8 %67 = trunc i64 %65 to i32 call void @quicksort(i64 %66, i32 %64, i32 %67) br label %bb.12 bb.3: ; preds = %bb.2, %bb.10 %68 = load i32, i32* %4, align 4 %69 = sext i32 %68 to i64 %70 = mul i64 4, %69 %71 = load i64, i64* %1, align 8 %72 = add nsw i64 %71, %70 %73 = shl i64 1, 63 %74 = and i64 %73, %72 %SF11 = icmp eq i64 %74, %73 %ZF12 = icmp eq i64 %72, 0 %75 = inttoptr i64 %72 to i32* %76 = load i32, i32* %75, align 4 %77 = load i32, i32* %3, align 4 %78 = sext i32 %77 to i64 %79 = mul i64 4, %78 %80 = load i64, i64* %1, align 8 %81 = add nsw i64 %80, %79 %82 = shl i64 1, 63 %83 = and i64 %82, %81 %SF13 = icmp eq i64 %83, %82 %ZF14 = icmp eq i64 %81, 0 %84 = inttoptr i64 %81 to i32* %85 = load i32, i32* %84, align 4 %86 = sub i32 %76, %85 %ZF15 = icmp eq i32 %86, 0 %87 = shl i32 1, 31 %88 = and i32 %87, %86 %SF16 = icmp eq i32 %88, %87 %ZFCmp_JG = icmp eq i1 %ZF15, false %SFOFCmp_JG = icmp eq i1 %SF16, false %ZFAndSFOF_JG = and i1 %ZFCmp_JG, %SFOFCmp_JG br i1 %ZFAndSFOF_JG, label %bb.7, label %bb.4 bb.4: ; preds = %bb.3 %89 = load i32, i32* %4, align 4 %90 = load i64, i64* %StackAdj, align 8 %91 = trunc i64 %90 to i32 %92 = sub i32 %89, %91 %ZF17 = icmp eq i32 %92, 0 %93 = shl i32 1, 31 %94 = and i32 %93, %92 %SF18 = icmp eq i32 %94, %93 %SFAndOF_JL37 = icmp ne i1 %SF18, false br i1 %SFAndOF_JL37, label %bb.2, label %bb.5 bb.5: ; preds = %bb.4 br label %bb.7 bb.2: ; preds = %bb.4 %95 = load i32, i32* %4, align 4 %96 = zext i8 1 to i32 %97 = add i32 %95, %96 store i32 %97, i32* %4, align 4 br label %bb.3 bb.7: ; preds = %bb.6, %bb.5, %bb.3 %98 = load i32, i32* %5, align 4 %99 = sext i32 %98 to i64 %100 = mul i64 4, %99 %101 = load i64, i64* %1, align 8 %102 = add nsw i64 %101, %100 %103 = shl i64 1, 63 %104 = and i64 %103, %102 %SF19 = icmp eq i64 %104, %103 %ZF20 = icmp eq i64 %102, 0 %105 = inttoptr i64 %102 to i32* %106 = load i32, i32* %105, align 4 %107 = load i32, i32* %3, align 4 %108 = sext i32 %107 to i64 %109 = mul i64 4, %108 %110 = load i64, i64* %1, align 8 %111 = add nsw i64 %110, %109 %112 = shl i64 1, 63 %113 = and i64 %112, %111 %SF21 = icmp eq i64 %113, %112 %ZF22 = icmp eq i64 %111, 0 %114 = inttoptr i64 %111 to i32* %115 = load i32, i32* %114, align 4 %116 = sub i32 %106, %115 %ZF23 = icmp eq i32 %116, 0 %117 = shl i32 1, 31 %118 = and i32 %117, %116 %SF24 = icmp eq i32 %118, %117 %ZFCmp_JG38 = icmp eq i1 %ZF23, false %SFOFCmp_JG39 = icmp eq i1 %SF24, false %ZFAndSFOF_JG40 = and i1 %ZFCmp_JG38, %SFOFCmp_JG39 br i1 %ZFAndSFOF_JG40, label %bb.6, label %bb.8 bb.8: ; preds = %bb.7 %119 = load i32, i32* %4, align 4 %120 = load i32, i32* %5, align 4 %121 = sub i32 %119, %120 %ZF25 = icmp eq i32 %121, 0 %122 = shl i32 1, 31 %123 = and i32 %122, %121 %SF26 = icmp eq i32 %123, %122 %CmpSFOF_JGE41 = icmp eq i1 %SF26, false br i1 %CmpSFOF_JGE41, label %bb.10, label %bb.9 bb.9: ; preds = %bb.8 %124 = load i32, i32* %4, align 4 %125 = sext i32 %124 to i64 %126 = mul i64 4, %125 %127 = load i64, i64* %1, align 8 %128 = add nsw i64 %127, %126 %129 = shl i64 1, 63 %130 = and i64 %129, %128 %SF27 = icmp eq i64 %130, %129 %ZF28 = icmp eq i64 %128, 0 %131 = inttoptr i64 %128 to i32* %132 = load i32, i32* %131, align 4 store i32 %132, i32* %6, align 4 %133 = load i32, i32* %5, align 4 %134 = sext i32 %133 to i64 %135 = mul i64 4, %134 %136 = load i64, i64* %1, align 8 %137 = add nsw i64 %136, %135 %138 = shl i64 1, 63 %139 = and i64 %138, %137 %SF29 = icmp eq i64 %139, %138 %ZF30 = icmp eq i64 %137, 0 %140 = load i32, i32* %4, align 4 %141 = sext i32 %140 to i64 %142 = mul i64 4, %141 %143 = load i64, i64* %1, align 8 %144 = add nsw i64 %143, %142 %145 = shl i64 1, 63 %146 = and i64 %145, %144 %SF31 = icmp eq i64 %146, %145 %ZF32 = icmp eq i64 %144, 0 %147 = inttoptr i64 %137 to i32* %148 = load i32, i32* %147, align 4 %149 = inttoptr i64 %144 to i32* store i32 %148, i32* %149, align 4 %150 = load i32, i32* %5, align 4 %151 = sext i32 %150 to i64 %152 = mul i64 4, %151 %153 = load i64, i64* %1, align 8 %154 = add nsw i64 %152, %153 %155 = shl i64 1, 63 %156 = and i64 %155, %154 %SF33 = icmp eq i64 %156, %155 %ZF34 = icmp eq i64 %154, 0 %157 = load i32, i32* %6, align 4 %158 = inttoptr i64 %154 to i32* store i32 %157, i32* %158, align 4 br label %bb.10 bb.6: ; preds = %bb.7 %159 = load i32, i32* %5, align 4 %160 = zext i32 %159 to i64 %161 = zext i32 1 to i64 %162 = sub i64 %160, %161 %163 = trunc i64 %162 to i32 store i32 %163, i32* %5 %ZF35 = icmp eq i32 %163, 0 %164 = shl i32 1, 31 %165 = and i32 %164, %163 %SF36 = icmp eq i32 %165, %164 br label %bb.7 bb.12: ; preds = %bb.11, %entry ret void } declare dso_local i32 @printf(i8*, ...) declare dso_local i32 @__isoc99_scanf(i8*, ...) define dso_local i32 @main() { entry: %0 = alloca i64, align 8 %StackAdj = alloca i64, align 8 %1 = alloca i64, align 8 %2 = alloca i32, align 4 %3 = ptrtoint i64* %0 to i64 %4 = ptrtoint [42 x i8]* @RO-String to i64 %5 = inttoptr i64 %4 to i8* %6 = call i32 (i8*, ...) @printf(i8* %5) %7 = ptrtoint i64* %1 to i64 %8 = ptrtoint [3 x i8]* @RO-String.1 to i64 %9 = inttoptr i64 %8 to i8* %10 = call i32 (i8*, ...) @__isoc99_scanf(i8* %9, i64 %7) %11 = load i64, i64* %1, align 8 %12 = trunc i64 %11 to i32 %13 = trunc i64 %11 to i32 %14 = ptrtoint [20 x i8]* @RO-String.2 to i64 %15 = inttoptr i64 %14 to i8* %16 = call i32 (i8*, ...) @printf(i8* %15, i32 %13) store i32 0, i32* %2, align 4 br label %bb.2 bb.2: ; preds = %bb.1, %entry %17 = load i64, i64* %1, align 8 %18 = load i32, i32* %2, align 4 %19 = zext i32 %18 to i64 %20 = sub i64 %19, %17 %ZF = icmp eq i64 %20, 0 %21 = shl i64 1, 63 %22 = and i64 %21, %20 %SF = icmp eq i64 %22, %21 %SFAndOF_JL = icmp ne i1 %SF, false br i1 %SFAndOF_JL, label %bb.1, label %bb.3 bb.3: ; preds = %bb.2 %23 = load i64, i64* %1, align 8 %24 = add i64 %23, -1 %25 = trunc i64 %24 to i32 %26 = ptrtoint i64* %StackAdj to i64 call void @quicksort(i64 %26, i32 0, i32 %25) %27 = ptrtoint [27 x i8]* @RO-String.3 to i64 %28 = inttoptr i64 %27 to i8* %29 = call i32 (i8*, ...) @printf(i8* %28) store i32 0, i32* %2, align 4 br label %bb.5 bb.5: ; preds = %bb.4, %bb.3 %30 = load i64, i64* %1, align 8 %31 = load i32, i32* %2, align 4 %32 = zext i32 %31 to i64 %33 = sub i64 %32, %30 %ZF1 = icmp eq i64 %33, 0 %34 = shl i64 1, 63 %35 = and i64 %34, %33 %SF2 = icmp eq i64 %35, %34 %SFAndOF_JL7 = icmp ne i1 %SF2, false br i1 %SFAndOF_JL7, label %bb.4, label %bb.6 bb.6: ; preds = %bb.5 ret i32 0 bb.4: ; preds = %bb.5 %36 = load i32, i32* %2, align 4 %37 = sext i32 %36 to i64 %38 = load i64, i64* %StackAdj, align 8 %39 = trunc i64 %38 to i32 %40 = trunc i64 %38 to i32 %41 = ptrtoint [4 x i8]* @RO-String.4 to i64 %42 = inttoptr i64 %41 to i8* %43 = call i32 (i8*, ...) @printf(i8* %42, i32 %40) %44 = load i32, i32* %2, align 4 %45 = zext i8 1 to i32 %46 = add i32 %44, %45 store i32 %46, i32* %2, align 4 br label %bb.5 bb.1: ; preds = %bb.2 %47 = ptrtoint i64* %StackAdj to i64 %48 = load i32, i32* %2, align 4 %49 = sext i32 %48 to i64 %50 = shl i64 %49, 2 %51 = shl i64 1, 63 %52 = and i64 %51, %50 %SF3 = icmp eq i64 %52, %51 %ZF4 = icmp eq i64 %50, 0 %53 = add nsw i64 %47, %50 %54 = shl i64 1, 63 %55 = and i64 %54, %53 %SF5 = icmp eq i64 %55, %54 %ZF6 = icmp eq i64 %53, 0 %56 = ptrtoint [3 x i8]* @RO-String.1 to i64 %57 = inttoptr i64 %56 to i8* %58 = call i32 (i8*, ...) @__isoc99_scanf(i8* %57, i64 %53, i64 %50) %59 = load i32, i32* %2, align 4 %60 = zext i8 1 to i32 %61 = add i32 %59, %60 store i32 %61, i32* %2, align 4 br label %bb.2 }

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "../a.out" @RO-String = private constant [42 x i8] c"How many elements are u going to enter?: \00", align 1 @RO-String.1 = private constant [3 x i8] c"%d\00", align 1 @RO-String.2 = private constant [20 x i8] c"Enter %d elements: \00", align 1 @RO-String.3 = private constant [27 x i8] c"Order of Sorted elements: \00", align 1 @RO-String.4 = private constant [4 x i8] c" %d\00", align 1 ; Function Attrs: nounwind define dso_local void @quicksort(i64 %arg1, i32 %arg2, i32 %arg3) local_unnamed_addr #0 { entry: %0 = sub i32 %arg2, %arg3 %SF53 = icmp sgt i32 %0, -1 br i1 %SF53, label %bb.12, label %bb.10.preheader bb.10.preheader: ; preds = %entry, %bb.11 %arg2.tr54 = phi i32 [ %14, %bb.11 ], [ %arg2, %entry ] %1 = sub i32 %arg2.tr54, %arg3 %SF250 = icmp slt i32 %1, 0 %2 = sext i32 %arg2.tr54 to i64 %3 = shl nsw i64 %2, 2 %4 = add nsw i64 %3, %arg1 %5 = inttoptr i64 %4 to i32* br i1 %SF250, label %bb.3.preheader, label %bb.11 bb.3.preheader: ; preds = %bb.10.preheader, %bb.10.backedge %.052 = phi i32 [ %.1, %bb.10.backedge ], [ %arg3, %bb.10.preheader ] %.04451 = phi i32 [ %.145, %bb.10.backedge ], [ %arg2.tr54, %bb.10.preheader ] %6 = load i32, i32* %5, align 4 br label %bb.3 bb.11: ; preds = %bb.8, %bb.10.preheader %.0.lcssa = phi i32 [ %arg3, %bb.10.preheader ], [ %.1, %bb.8 ] %7 = load i32, i32* %5, align 4 %8 = sext i32 %.0.lcssa to i64 %9 = shl nsw i64 %8, 2 %10 = add nsw i64 %9, %arg1 %11 = inttoptr i64 %10 to i32* %12 = load i32, i32* %11, align 4 store i32 %12, i32* %5, align 4 store i32 %7, i32* %11, align 4 %13 = add i32 %.0.lcssa, -1 tail call void @quicksort(i64 %arg1, i32 %arg2.tr54, i32 %13) %14 = add i32 %.0.lcssa, 1 %15 = sub i32 %14, %arg3 %SF = icmp sgt i32 %15, -1 br i1 %SF, label %bb.12, label %bb.10.preheader bb.3: ; preds = %bb.3, %bb.3.preheader %.145 = phi i32 [ %24, %bb.3 ], [ %.04451, %bb.3.preheader ] %16 = sext i32 %.145 to i64 %17 = shl nsw i64 %16, 2 %18 = add nsw i64 %17, %arg1 %19 = inttoptr i64 %18 to i32* %20 = load i32, i32* %19, align 4 %21 = sub i32 %20, %6 %22 = icmp slt i32 %21, 1 %23 = sub i32 %.145, %arg3 %SF18 = icmp slt i32 %23, 0 %or.cond = and i1 %SF18, %22 %24 = add i32 %.145, 1 br i1 %or.cond, label %bb.3, label %bb.7 bb.7: ; preds = %bb.3, %bb.7 %.1 = phi i32 [ %32, %bb.7 ], [ %.052, %bb.3 ] %25 = sext i32 %.1 to i64 %26 = shl nsw i64 %25, 2 %27 = add nsw i64 %26, %arg1 %28 = inttoptr i64 %27 to i32* %29 = load i32, i32* %28, align 4 %30 = sub i32 %29, %6 %31 = icmp sgt i32 %30, 0 %32 = add i32 %.1, -1 br i1 %31, label %bb.7, label %bb.8 bb.8: ; preds = %bb.7 %33 = sub i32 %.145, %.1 %SF26 = icmp sgt i32 %33, -1 br i1 %SF26, label %bb.11, label %bb.10.backedge bb.10.backedge: ; preds = %bb.8 store i32 %29, i32* %19, align 4 store i32 %20, i32* %28, align 4 br label %bb.3.preheader bb.12: ; preds = %bb.11, %entry ret void } ; Function Attrs: nounwind declare dso_local i32 @printf(i8* nocapture readonly, ...) local_unnamed_addr #0 declare dso_local i32 @__isoc99_scanf(i8*, ...) local_unnamed_addr define dso_local i32 @main() local_unnamed_addr { entry: %StackAdj = alloca i64, align 8 %0 = alloca i64, align 8 %1 = tail call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @RO-String, i64 0, i64 0)) %2 = ptrtoint i64* %0 to i64 %3 = call i32 (i8*, ...) @__isoc99_scanf(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @RO-String.1, i64 0, i64 0), i64 %2) %4 = load i64, i64* %0, align 8 %5 = trunc i64 %4 to i32 %6 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([20 x i8], [20 x i8]* @RO-String.2, i64 0, i64 0), i32 %5) %7 = load i64, i64* %0, align 8 %8 = sub i64 0, %7 %SF8 = icmp slt i64 %8, 0 br i1 %SF8, label %bb.1.lr.ph, label %entry.bb.3_crit_edge entry.bb.3_crit_edge: ; preds = %entry %extract.t = trunc i64 %7 to i32 %.pre = ptrtoint i64* %StackAdj to i64 br label %bb.3 bb.1.lr.ph: ; preds = %entry %9 = ptrtoint i64* %StackAdj to i64 br label %bb.1 bb.3.loopexit: ; preds = %bb.1 %extract.t10 = trunc i64 %26 to i32 br label %bb.3 bb.3: ; preds = %entry.bb.3_crit_edge, %bb.3.loopexit %.pre-phi = phi i64 [ %.pre, %entry.bb.3_crit_edge ], [ %9, %bb.3.loopexit ] %.lcssa.off0 = phi i32 [ %extract.t, %entry.bb.3_crit_edge ], [ %extract.t10, %bb.3.loopexit ] %10 = add i32 %.lcssa.off0, -1 call void @quicksort(i64 %.pre-phi, i32 0, i32 %10) %11 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([27 x i8], [27 x i8]* @RO-String.3, i64 0, i64 0)) %12 = load i64, i64* %0, align 8 %13 = sub i64 0, %12 %SF26 = icmp slt i64 %13, 0 br i1 %SF26, label %bb.4, label %bb.6 bb.6: ; preds = %bb.4, %bb.3 ret i32 0 bb.4: ; preds = %bb.3, %bb.4 %.17 = phi i32 [ %17, %bb.4 ], [ 0, %bb.3 ] %14 = load i64, i64* %StackAdj, align 8 %15 = trunc i64 %14 to i32 %16 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @RO-String.4, i64 0, i64 0), i32 %15) %17 = add i32 %.17, 1 %18 = load i64, i64* %0, align 8 %19 = zext i32 %17 to i64 %20 = sub i64 %19, %18 %SF2 = icmp slt i64 %20, 0 br i1 %SF2, label %bb.4, label %bb.6 bb.1: ; preds = %bb.1.lr.ph, %bb.1 %.09 = phi i32 [ 0, %bb.1.lr.ph ], [ %25, %bb.1 ] %21 = sext i32 %.09 to i64 %22 = shl nsw i64 %21, 2 %23 = add nsw i64 %22, %9 %24 = call i32 (i8*, ...) @__isoc99_scanf(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @RO-String.1, i64 0, i64 0), i64 %23, i64 %22) %25 = add i32 %.09, 1 %26 = load i64, i64* %0, align 8 %27 = zext i32 %25 to i64 %28 = sub i64 %27, %26 %SF = icmp slt i64 %28, 0 br i1 %SF, label %bb.1, label %bb.3.loopexit } attributes #0 = { nounwind }

Raised by retdec
Non-optimised:
source_filename = "test" target datalayout = "e-m:e-p:64:64-i64:64-f80:128-n8:16:32:64-S128" @rbp = internal unnamed_addr global i64 0 @global_var_201010.1 = global i64 0 @global_var_9c8.3 = constant [42 x i8] c"How many elements are u going to enter?: \00" @global_var_9f2.4 = constant [3 x i8] c"%d\00" @global_var_9f5.5 = constant [20 x i8] c"Enter %d elements: \00" @global_var_a09.6 = constant [27 x i8] c"Order of Sorted elements: \00" @global_var_a24.7 = constant [4 x i8] c" %d\00" @global_var_200db0.8 = global i64 1696 @global_var_200db8.9 = global i64 1632 @0 = external global i32 define i64 @_init() local_unnamed_addr { dec_label_pc_548: %v0_54c = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_553 = icmp eq i64 %v0_54c, 0 br i1 %v1_553, label %dec_label_pc_55a, label %dec_label_pc_558 dec_label_pc_558: ; preds = %dec_label_pc_548 call void @__gmon_start__() br label %dec_label_pc_55a dec_label_pc_55a: ; preds = %dec_label_pc_558, %dec_label_pc_548 %v0_55e = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_558 ], [ 0, %dec_label_pc_548 ] ret i64 %v0_55e } define i32 @function_570(i8* %format, ...) local_unnamed_addr { dec_label_pc_570: %v2_570 = call i32 (i8*, ...) @printf(i8* %format) ret i32 %v2_570 } define i32 @function_580(i8* %format, ...) local_unnamed_addr { dec_label_pc_580: %v2_580 = call i32 (i8*, ...) @scanf(i8* %format) ret i32 %v2_580 } define void @function_590(i64* %d) local_unnamed_addr { dec_label_pc_590: call void @__cxa_finalize(i64* %d) ret void } define i64 @_start(i64 %arg1, i64 %arg2, i64 %arg3, i64 %arg4) local_unnamed_addr { dec_label_pc_5a0: %rdx.global-to-local = alloca i64, align 8 store i64 %arg3, i64* %rdx.global-to-local, align 8 %stack_var_8 = alloca i64, align 8 %v0_5a2 = load i64, i64* %rdx.global-to-local, align 8 %v4_5a5 = ptrtoint i64* %stack_var_8 to i64 %tmp248 = bitcast i64* %stack_var_8 to i8** store i64 %v4_5a5, i64* %rdx.global-to-local, align 8 %v2_5c4 = trunc i64 %arg4 to i32 %v13_5c4 = inttoptr i64 %v0_5a2 to void ()* %v14_5c4 = call i32 @__libc_start_main(i64 2132, i32 %v2_5c4, i8** %tmp248, void ()* inttoptr (i64 2368 to void ()*), void ()* inttoptr (i64 2480 to void ()*), void ()* %v13_5c4) %v0_5ca = call i64 @__asm_hlt() unreachable } define i64 @deregister_tm_clones() local_unnamed_addr { dec_label_pc_5d0: ret i64 ptrtoint (i64* @global_var_201010.1 to i64) } define i64 @register_tm_clones() local_unnamed_addr { dec_label_pc_610: ret i64 0 } define i64 @__do_global_dtors_aux() local_unnamed_addr { dec_label_pc_660: %rax.global-to-local = alloca i64, align 8 %rbp.global-to-local = alloca i64, align 8 %stack_var_-8 = alloca i64, align 8 %v0_660 = load i8, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v7_660 = icmp eq i8 %v0_660, 0 %v1_667 = icmp eq i1 %v7_660, false br i1 %v1_667, label %dec_label_pc_698, label %dec_label_pc_669 dec_label_pc_669: ; preds = %dec_label_pc_660 %v0_669 = load i64, i64* inttoptr (i64 2101240 to i64*), align 8 %v7_669 = icmp eq i64 %v0_669, 0 %v0_671 = load i64, i64* %rbp.global-to-local, align 8 store i64 %v0_671, i64* %stack_var_-8, align 8 %v4_671 = ptrtoint i64* %stack_var_-8 to i64 store i64 %v4_671, i64* %rbp.global-to-local, align 8 br i1 %v7_669, label %dec_label_pc_683, label %dec_label_pc_677 dec_label_pc_677: ; preds = %dec_label_pc_669 %v0_677 = load i64, i64* inttoptr (i64 2101256 to i64*), align 8 %v1_67e = inttoptr i64 %v0_677 to i64* call void @__cxa_finalize(i64* %v1_67e) store i64 ptrtoint (i32* @0 to i64), i64* %rax.global-to-local, align 8 br label %dec_label_pc_683 dec_label_pc_683: ; preds = %dec_label_pc_677, %dec_label_pc_669 %v0_683 = call i64 @deregister_tm_clones() store i64 %v0_683, i64* %rax.global-to-local, align 8 store i8 1, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v2_68f = load i64, i64* %stack_var_-8, align 8 store i64 %v2_68f, i64* %rbp.global-to-local, align 8 ret i64 %v0_683 dec_label_pc_698: ; preds = %dec_label_pc_660 %v0_698 = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_698 } define i64 @frame_dummy() local_unnamed_addr { dec_label_pc_6a0: %v0_6a5 = call i64 @register_tm_clones() ret i64 %v0_6a5 } define i64 @quicksort(i64 %arg1, i64 %arg2, i64 %arg3) local_unnamed_addr { dec_label_pc_6aa: %rdi.global-to-local = alloca i64, align 8 %rdx.global-to-local = alloca i64, align 8 %rsi.global-to-local = alloca i64, align 8 store i64 %arg3, i64* %rdx.global-to-local, align 8 store i64 %arg2, i64* %rsi.global-to-local, align 8 store i64 %arg1, i64* %rdi.global-to-local, align 8 %stack_var_-40 = alloca i64, align 8 %stack_var_-8 = alloca i64, align 8 %v0_6aa = load i64, i64* @rbp, align 8 store i64 %v0_6aa, i64* %stack_var_-8, align 8 %v4_6aa = ptrtoint i64* %stack_var_-8 to i64 store i64 %v4_6aa, i64* @rbp, align 8 %v0_6b2 = load i64, i64* %rdi.global-to-local, align 8 %v0_6b6 = load i64, i64* %rsi.global-to-local, align 8 %v0_6b9 = load i64, i64* %rdx.global-to-local, align 8 store i64 %v0_6b9, i64* %stack_var_-40, align 8 %v1_6bf = trunc i64 %v0_6b6 to i32 %v6_6bf = trunc i64 %v0_6b9 to i32 %v7_6c2 = icmp slt i32 %v1_6bf, %v6_6bf br i1 %v7_6c2, label %dec_label_pc_6e3.preheader.lr.ph, label %dec_label_pc_851 dec_label_pc_6e3.preheader.lr.ph: ; preds = %dec_label_pc_6aa %v1_6fe = mul i64 %v0_6b6, 4 %v2_70a = add i64 %v1_6fe, %v0_6b2 %v1_70d = inttoptr i64 %v2_70a to i32* br label %dec_label_pc_6e3.preheader dec_label_pc_6df: ; preds = %dec_label_pc_713 %v5_6df = mul i64 %stack_var_-12.074, 4294967296 %sext23 = add i64 %v5_6df, 4294967296 %v23_6df = sdiv i64 %sext23, 4294967296 %v1_6e8 = mul nsw i64 %v23_6df, 4 store i64 %v1_6e8, i64* %rdx.global-to-local, align 8 %v2_6f4 = add i64 %v1_6e8, %v0_6b2 %v1_6f7 = inttoptr i64 %v2_6f4 to i32* %v2_6f7 = load i32, i32* %v1_6f7, align 4 %v3_6f7 = zext i32 %v2_6f7 to i64 store i64 %v3_6f7, i64* %rdx.global-to-local, align 8 %v2_70d = load i32, i32* %v1_70d, align 4 %v8_711 = icmp ugt i32 %v2_6f7, %v2_70d br i1 %v8_711, label %dec_label_pc_721.preheader, label %dec_label_pc_713 dec_label_pc_713: ; preds = %dec_label_pc_713.lr.ph, %dec_label_pc_6df %v1_6f777 = phi i32* [ %v1_6f768, %dec_label_pc_713.lr.ph ], [ %v1_6f7, %dec_label_pc_6df ] %v2_6f476 = phi i64 [ %v2_6f467, %dec_label_pc_713.lr.ph ], [ %v2_6f4, %dec_label_pc_6df ] %v1_6e875 = phi i64 [ %v1_6e866, %dec_label_pc_713.lr.ph ], [ %v1_6e8, %dec_label_pc_6df ] %stack_var_-12.074 = phi i64 [ %stack_var_-12.119, %dec_label_pc_713.lr.ph ], [ %v23_6df, %dec_label_pc_6df ] %v1_716 = trunc i64 %stack_var_-12.074 to i32 %v6_716 = trunc i64 %v5_716.pre to i32 %v7_719 = icmp slt i32 %v1_716, %v6_716 br i1 %v7_719, label %dec_label_pc_6df, label %dec_label_pc_721.preheader dec_label_pc_721.preheader: ; preds = %dec_label_pc_713, %dec_label_pc_6df, %dec_label_pc_6e3.preheader %stack_var_-12.0.lcssa = phi i64 [ %stack_var_-12.119, %dec_label_pc_6e3.preheader ], [ %v23_6df, %dec_label_pc_6df ], [ %stack_var_-12.074, %dec_label_pc_713 ] %v1_6e8.lcssa = phi i64 [ %v1_6e866, %dec_label_pc_6e3.preheader ], [ %v1_6e8, %dec_label_pc_6df ], [ %v1_6e875, %dec_label_pc_713 ] %v2_6f4.lcssa = phi i64 [ %v2_6f467, %dec_label_pc_6e3.preheader ], [ %v2_6f4, %dec_label_pc_6df ], [ %v2_6f476, %dec_label_pc_713 ] %v1_6f7.lcssa = phi i32* [ %v1_6f768, %dec_label_pc_6e3.preheader ], [ %v1_6f7, %dec_label_pc_6df ], [ %v1_6f777, %dec_label_pc_713 ] %v1_72685 = mul i64 %stack_var_-16.120, 4 store i64 %v1_72685, i64* %rdx.global-to-local, align 8 %v2_73286 = add i64 %v1_72685, %v0_6b2 %v1_73587 = inttoptr i64 %v2_73286 to i32* %v2_73588 = load i32, i32* %v1_73587, align 4 %v3_73589 = zext i32 %v2_73588 to i64 store i64 %v3_73589, i64* %rdx.global-to-local, align 8 %v2_74b90 = load i32, i32* %v1_70d, align 4 %v8_74f92 = icmp ugt i32 %v2_73588, %v2_74b90 br i1 %v8_74f92, label %dec_label_pc_71d, label %dec_label_pc_751 dec_label_pc_71d: ; preds = %dec_label_pc_721.preheader, %dec_label_pc_71d %stack_var_-16.093 = phi i64 [ %v23_71d, %dec_label_pc_71d ], [ %stack_var_-16.120, %dec_label_pc_721.preheader ] %v5_71d = mul i64 %stack_var_-16.093, 4294967296 %sext = add i64 %v5_71d, -4294967296 %v23_71d = sdiv i64 %sext, 4294967296 %v1_726 = mul nsw i64 %v23_71d, 4 store i64 %v1_726, i64* %rdx.global-to-local, align 8 %v2_732 = add i64 %v1_726, %v0_6b2 %v1_735 = inttoptr i64 %v2_732 to i32* %v2_735 = load i32, i32* %v1_735, align 4 %v3_735 = zext i32 %v2_735 to i64 store i64 %v3_735, i64* %rdx.global-to-local, align 8 %v2_74b = load i32, i32* %v1_70d, align 4 %v8_74f = icmp ugt i32 %v2_735, %v2_74b br i1 %v8_74f, label %dec_label_pc_71d, label %dec_label_pc_751 dec_label_pc_751: ; preds = %dec_label_pc_71d, %dec_label_pc_721.preheader %stack_var_-16.0.lcssa = phi i64 [ %stack_var_-16.120, %dec_label_pc_721.preheader ], [ %v23_71d, %dec_label_pc_71d ] %v2_732.lcssa = phi i64 [ %v2_73286, %dec_label_pc_721.preheader ], [ %v2_732, %dec_label_pc_71d ] %v1_735.lcssa = phi i32* [ %v1_73587, %dec_label_pc_721.preheader ], [ %v1_735, %dec_label_pc_71d ] %v1_754 = trunc i64 %stack_var_-12.0.lcssa to i32 %v6_754 = trunc i64 %stack_var_-16.0.lcssa to i32 %v7_757 = icmp slt i32 %v1_754, %v6_754 br i1 %v7_757, label %dec_label_pc_7b8.backedge.thread, label %dec_label_pc_7c4 dec_label_pc_7b8.backedge.thread: ; preds = %dec_label_pc_751 store i64 %v1_6e8.lcssa, i64* %rdx.global-to-local, align 8 %v2_76d = load i32, i32* %v1_6f7.lcssa, align 4 store i64 %v2_6f4.lcssa, i64* %rdx.global-to-local, align 8 %v2_79b = load i32, i32* %v1_735.lcssa, align 4 store i32 %v2_79b, i32* %v1_6f7.lcssa, align 4 store i64 %v2_732.lcssa, i64* %rdx.global-to-local, align 8 store i32 %v2_76d, i32* %v1_735.lcssa, align 4 br label %dec_label_pc_6e3.preheader dec_label_pc_6e3.preheader: ; preds = %dec_label_pc_7b8.backedge.thread, %dec_label_pc_6e3.preheader.lr.ph %stack_var_-16.120 = phi i64 [ %v0_6b9, %dec_label_pc_6e3.preheader.lr.ph ], [ %stack_var_-16.0.lcssa, %dec_label_pc_7b8.backedge.thread ] %stack_var_-12.119 = phi i64 [ %v0_6b6, %dec_label_pc_6e3.preheader.lr.ph ], [ %stack_var_-12.0.lcssa, %dec_label_pc_7b8.backedge.thread ] %v1_6e866 = mul i64 %stack_var_-12.119, 4 store i64 %v1_6e866, i64* %rdx.global-to-local, align 8 %v2_6f467 = add i64 %v1_6e866, %v0_6b2 %v1_6f768 = inttoptr i64 %v2_6f467 to i32* %v2_6f769 = load i32, i32* %v1_6f768, align 4 %v3_6f770 = zext i32 %v2_6f769 to i64 store i64 %v3_6f770, i64* %rdx.global-to-local, align 8 %v2_70d71 = load i32, i32* %v1_70d, align 4 %v8_71173 = icmp ugt i32 %v2_6f769, %v2_70d71 br i1 %v8_71173, label %dec_label_pc_721.preheader, label %dec_label_pc_713.lr.ph dec_label_pc_713.lr.ph: ; preds = %dec_label_pc_6e3.preheader %v5_716.pre = load i64, i64* %stack_var_-40, align 8 br label %dec_label_pc_713 dec_label_pc_7c4: ; preds = %dec_label_pc_751 store i64 %v1_6fe, i64* %rdx.global-to-local, align 8 %v2_7d8 = load i32, i32* %v1_70d, align 4 store i64 %v2_70a, i64* %rdx.global-to-local, align 8 %v2_806 = load i32, i32* %v1_735.lcssa, align 4 store i32 %v2_806, i32* %v1_70d, align 4 store i32 %v2_7d8, i32* %v1_735.lcssa, align 4 %v1_826 = add i64 %stack_var_-16.0.lcssa, -1 store i64 %v1_826, i64* %rdx.global-to-local, align 8 store i64 %v0_6b6, i64* %rsi.global-to-local, align 8 store i64 %v0_6b2, i64* %rdi.global-to-local, align 8 %v3_835 = call i64 @quicksort(i64 %v0_6b2, i64 %v0_6b6, i64 %v1_826) %v1_83d = add i64 %stack_var_-16.0.lcssa, 1 %v3_840 = load i64, i64* %stack_var_-40, align 8 store i64 %v3_840, i64* %rdx.global-to-local, align 8 store i64 %v1_83d, i64* %rsi.global-to-local, align 8 store i64 %v0_6b2, i64* %rdi.global-to-local, align 8 %v3_84c = call i64 @quicksort(i64 %v0_6b2, i64 %v1_83d, i64 %v3_840) %v2_852.pre = load i64, i64* %stack_var_-8, align 8 br label %dec_label_pc_851 dec_label_pc_851: ; preds = %dec_label_pc_6aa, %dec_label_pc_7c4 %v0_853 = phi i64 [ %v0_6b6, %dec_label_pc_6aa ], [ %v3_84c, %dec_label_pc_7c4 ] %v2_852 = phi i64 [ %v0_6aa, %dec_label_pc_6aa ], [ %v2_852.pre, %dec_label_pc_7c4 ] store i64 %v2_852, i64* @rbp, align 8 ret i64 %v0_853 } define i64 @main(i64 %argc, i8** %argv) local_unnamed_addr { dec_label_pc_854: %stack_var_-16 = alloca i64, align 8 %stack_var_-120 = alloca i64, align 8 %v15_858 = ptrtoint i64* %stack_var_-120 to i64 %v3_868 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @global_var_9c8.3, i64 0, i64 0)) %v5_880 = call i32 (i8*, ...) @scanf(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @global_var_9f2.4, i64 0, i64 0), i64* nonnull %stack_var_-16) %v3_885 = load i64, i64* %stack_var_-16, align 8 %v4_896 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([20 x i8], [20 x i8]* @global_var_9f5.5, i64 0, i64 0), i64 %v3_885) %v3_8cd10 = load i64, i64* %stack_var_-16, align 8 %v6_8d316 = icmp sgt i64 %v3_8cd10, 0 br i1 %v6_8d316, label %dec_label_pc_8a4, label %dec_label_pc_8d5 dec_label_pc_8a4: ; preds = %dec_label_pc_854, %dec_label_pc_8a4 %storemerge117 = phi i32 [ %v4_8c9, %dec_label_pc_8a4 ], [ 0, %dec_label_pc_854 ] %v4_8a8 = zext i32 %storemerge117 to i64 %v2_8ae = mul nuw nsw i64 %v4_8a8, 4 %v2_8b2 = add i64 %v2_8ae, %v15_858 %v4_8c4 = inttoptr i64 %v2_8b2 to i64* %v5_8c4 = call i32 (i8*, ...) @scanf(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @global_var_9f2.4, i64 0, i64 0), i64* %v4_8c4) %v4_8c9 = add i32 %storemerge117, 1 %v3_8cd = load i64, i64* %stack_var_-16, align 8 %v5_8d3 = sext i32 %v4_8c9 to i64 %v6_8d3 = icmp slt i64 %v5_8d3, %v3_8cd br i1 %v6_8d3, label %dec_label_pc_8a4, label %dec_label_pc_8d5 dec_label_pc_8d5: ; preds = %dec_label_pc_8a4, %dec_label_pc_854 %v3_8d5 = phi i64 [ %v3_8cd10, %dec_label_pc_854 ], [ %v3_8cd, %dec_label_pc_8a4 ] %v1_8d8 = add i64 %v3_8d5, -1 %v3_8e7 = call i64 @quicksort(i64 %v15_858, i64 0, i64 %v1_8d8) %v3_8f8 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([27 x i8], [27 x i8]* @global_var_a09.6, i64 0, i64 0)) %v3_9262 = load i64, i64* %stack_var_-16, align 8 %v6_92c8 = icmp sgt i64 %v3_9262, 0 br i1 %v6_92c8, label %dec_label_pc_906, label %dec_label_pc_92e dec_label_pc_906: ; preds = %dec_label_pc_8d5, %dec_label_pc_906 %storemerge9 = phi i32 [ %v4_922, %dec_label_pc_906 ], [ 0, %dec_label_pc_8d5 ] %v4_906 = zext i32 %storemerge9 to i64 %v0_90b = load i64, i64* @rbp, align 8 %v2_90b = mul nuw nsw i64 %v4_906, 4 %v3_90b = add nsw i64 %v2_90b, -112 %v4_90b = add i64 %v3_90b, %v0_90b %v5_90b = inttoptr i64 %v4_90b to i32* %v6_90b = load i32, i32* %v5_90b, align 4 %v7_90b = zext i32 %v6_90b to i64 %v4_91d = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @global_var_a24.7, i64 0, i64 0), i64 %v7_90b) %v4_922 = add i32 %storemerge9, 1 %v3_926 = load i64, i64* %stack_var_-16, align 8 %v5_92c = sext i32 %v4_922 to i64 %v6_92c = icmp slt i64 %v5_92c, %v3_926 br i1 %v6_92c, label %dec_label_pc_906, label %dec_label_pc_92e dec_label_pc_92e: ; preds = %dec_label_pc_906, %dec_label_pc_8d5 ret i64 0 } define i64 @__libc_csu_init(i64 %arg1, i64 %arg2, i64 %arg3) local_unnamed_addr { dec_label_pc_940: %r12.global-to-local = alloca i64, align 8 %r13.global-to-local = alloca i64, align 8 %r14.global-to-local = alloca i64, align 8 %r15.global-to-local = alloca i64, align 8 %rbp.global-to-local = alloca i64, align 8 %rbx.global-to-local = alloca i64, align 8 %rdi.global-to-local = alloca i64, align 8 %rdx.global-to-local = alloca i64, align 8 %rsi.global-to-local = alloca i64, align 8 store i64 %arg3, i64* %rdx.global-to-local, align 8 store i64 %arg2, i64* %rsi.global-to-local, align 8 store i64 %arg1, i64* %rdi.global-to-local, align 8 %v0_940 = load i64, i64* %r15.global-to-local, align 8 %v0_942 = load i64, i64* %r14.global-to-local, align 8 %v0_944 = load i64, i64* %rdx.global-to-local, align 8 store i64 %v0_944, i64* %r15.global-to-local, align 8 %v0_947 = load i64, i64* %r13.global-to-local, align 8 %v0_949 = load i64, i64* %r12.global-to-local, align 8 store i64 ptrtoint (i64* @global_var_200db0.8 to i64), i64* %r12.global-to-local, align 8 %v0_952 = load i64, i64* %rbp.global-to-local, align 8 %v0_95a = load i64, i64* %rbx.global-to-local, align 8 %v0_95b = load i64, i64* %rdi.global-to-local, align 8 store i64 %v0_95b, i64* %r13.global-to-local, align 8 %v0_95e = load i64, i64* %rsi.global-to-local, align 8 store i64 %v0_95e, i64* %r14.global-to-local, align 8 store i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200db8.9 to i64), i64 ptrtoint (i64* @global_var_200db0.8 to i64)), i64 3), i64* %rbp.global-to-local, align 8 %v0_96c = call i64 @_init() br i1 icmp eq (i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200db8.9 to i64), i64 ptrtoint (i64* @global_var_200db0.8 to i64)), i64 3), i64 0), label %dec_label_pc_996, label %dec_label_pc_976 dec_label_pc_976: ; preds = %dec_label_pc_940 store i64 0, i64* %rbx.global-to-local, align 8 %v0_980 = load i64, i64* %r15.global-to-local, align 8 %v0_983 = load i64, i64* %r14.global-to-local, align 8 %v0_986 = load i64, i64* %r13.global-to-local, align 8 br label %dec_label_pc_980 dec_label_pc_980: ; preds = %dec_label_pc_980, %dec_label_pc_976 %v1_98d2 = phi i64 [ %v1_98d, %dec_label_pc_980 ], [ 0, %dec_label_pc_976 ] %v1_98d = add i64 %v1_98d2, 1 %v12_991 = icmp eq i64 %v1_98d2, sub (i64 ashr (i64 sub (i64 ptrtoint (i64* @global_var_200db8.9 to i64), i64 ptrtoint (i64* @global_var_200db0.8 to i64)), i64 3), i64 1) %v1_994 = icmp eq i1 %v12_991, false br i1 %v1_994, label %dec_label_pc_980, label %dec_label_pc_996.loopexit dec_label_pc_996.loopexit: ; preds = %dec_label_pc_980 store i64 %v0_980, i64* %rdx.global-to-local, align 8 store i64 %v0_983, i64* %rsi.global-to-local, align 8 store i64 %v0_986, i64* %rdi.global-to-local, align 8 store i64 %v1_98d, i64* %rbx.global-to-local, align 8 br label %dec_label_pc_996 dec_label_pc_996: ; preds = %dec_label_pc_996.loopexit, %dec_label_pc_940 store i64 %v0_95a, i64* %rbx.global-to-local, align 8 store i64 %v0_952, i64* %rbp.global-to-local, align 8 store i64 %v0_949, i64* %r12.global-to-local, align 8 store i64 %v0_947, i64* %r13.global-to-local, align 8 store i64 %v0_942, i64* %r14.global-to-local, align 8 store i64 %v0_940, i64* %r15.global-to-local, align 8 ret i64 %v0_96c } define i64 @__libc_csu_fini() local_unnamed_addr { dec_label_pc_9b0: %rax.global-to-local = alloca i64, align 8 %v0_9b0 = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_9b0 } define i64 @_fini() local_unnamed_addr { dec_label_pc_9b4: %rax.global-to-local = alloca i64, align 8 %v0_9bc = load i64, i64* %rax.global-to-local, align 8 ret i64 %v0_9bc } declare i32 @printf(i8*, ...) local_unnamed_addr declare i32 @scanf(i8*, ...) local_unnamed_addr declare i32 @__libc_start_main(i64, i32, i8**, void ()*, void ()*, void ()*) local_unnamed_addr declare void @__gmon_start__() local_unnamed_addr declare void @__cxa_finalize(i64*) local_unnamed_addr declare i64 @__asm_hlt() local_unnamed_addr

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "test" target datalayout = "e-m:e-p:64:64-i64:64-f80:128-n8:16:32:64-S128" @rbp = internal unnamed_addr global i64 0 @global_var_201010.1 = global i64 0 @global_var_9c8.3 = constant [42 x i8] c"How many elements are u going to enter?: \00" @global_var_9f2.4 = constant [3 x i8] c"%d\00" @global_var_9f5.5 = constant [20 x i8] c"Enter %d elements: \00" @global_var_a09.6 = constant [27 x i8] c"Order of Sorted elements: \00" @global_var_a24.7 = constant [4 x i8] c" %d\00" @global_var_200db0.8 = local_unnamed_addr global i64 1696 @global_var_200db8.9 = local_unnamed_addr global i64 1632 @0 = external global i32 define i64 @_init() local_unnamed_addr { dec_label_pc_548: %v0_54c = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_553 = icmp eq i64 %v0_54c, 0 br i1 %v1_553, label %dec_label_pc_55a, label %dec_label_pc_558 dec_label_pc_558: ; preds = %dec_label_pc_548 tail call void @__gmon_start__() br label %dec_label_pc_55a dec_label_pc_55a: ; preds = %dec_label_pc_558, %dec_label_pc_548 %v0_55e = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_558 ], [ 0, %dec_label_pc_548 ] ret i64 %v0_55e } ; Function Attrs: nounwind define i32 @function_570(i8* nocapture readonly %format, ...) local_unnamed_addr #0 { dec_label_pc_570: %v2_570 = tail call i32 (i8*, ...) @printf(i8* %format) ret i32 %v2_570 } ; Function Attrs: nounwind define i32 @function_580(i8* nocapture readonly %format, ...) local_unnamed_addr #0 { dec_label_pc_580: %v2_580 = tail call i32 (i8*, ...) @scanf(i8* %format) ret i32 %v2_580 } define void @function_590(i64* %d) local_unnamed_addr { dec_label_pc_590: tail call void @__cxa_finalize(i64* %d) ret void } ; Function Attrs: noreturn define i64 @_start(i64 %arg1, i64 %arg2, i64 %arg3, i64 %arg4) local_unnamed_addr #1 { dec_label_pc_5a0: %stack_var_8 = alloca i8*, align 8 %v2_5c4 = trunc i64 %arg4 to i32 %v13_5c4 = inttoptr i64 %arg3 to void ()* %v14_5c4 = call i32 @__libc_start_main(i64 2132, i32 %v2_5c4, i8** nonnull %stack_var_8, void ()* inttoptr (i64 2368 to void ()*), void ()* inttoptr (i64 2480 to void ()*), void ()* %v13_5c4) %v0_5ca = call i64 @__asm_hlt() unreachable } ; Function Attrs: norecurse nounwind readnone define i64 @deregister_tm_clones() local_unnamed_addr #2 { dec_label_pc_5d0: ret i64 ptrtoint (i64* @global_var_201010.1 to i64) } ; Function Attrs: norecurse nounwind readnone define i64 @register_tm_clones() local_unnamed_addr #2 { dec_label_pc_610: ret i64 0 } define i64 @__do_global_dtors_aux() local_unnamed_addr { dec_label_pc_660: %v0_660 = load i8, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 %v7_660 = icmp eq i8 %v0_660, 0 br i1 %v7_660, label %dec_label_pc_669, label %dec_label_pc_698 dec_label_pc_669: ; preds = %dec_label_pc_660 %v0_669 = load i64, i64* inttoptr (i64 2101240 to i64*), align 8 %v7_669 = icmp eq i64 %v0_669, 0 br i1 %v7_669, label %dec_label_pc_683, label %dec_label_pc_677 dec_label_pc_677: ; preds = %dec_label_pc_669 %v0_6771 = load i64*, i64** inttoptr (i64 2101256 to i64**), align 8 tail call void @__cxa_finalize(i64* %v0_6771) br label %dec_label_pc_683 dec_label_pc_683: ; preds = %dec_label_pc_677, %dec_label_pc_669 store i8 1, i8* bitcast (i64* @global_var_201010.1 to i8*), align 8 ret i64 ptrtoint (i64* @global_var_201010.1 to i64) dec_label_pc_698: ; preds = %dec_label_pc_660 ret i64 undef } ; Function Attrs: norecurse nounwind readnone define i64 @frame_dummy() local_unnamed_addr #2 { dec_label_pc_6a0: ret i64 0 } ; Function Attrs: nounwind define i64 @quicksort(i64 %arg1, i64 %arg2, i64 %arg3) local_unnamed_addr #0 { dec_label_pc_6aa: %stack_var_-8 = alloca i64, align 8 %v0_6aa = load i64, i64* @rbp, align 8 store i64 %v0_6aa, i64* %stack_var_-8, align 8 %v4_6aa = ptrtoint i64* %stack_var_-8 to i64 store i64 %v4_6aa, i64* @rbp, align 8 %v1_6bf = trunc i64 %arg2 to i32 %v6_6bf = trunc i64 %arg3 to i32 %v7_6c2 = icmp slt i32 %v1_6bf, %v6_6bf br i1 %v7_6c2, label %dec_label_pc_6e3.preheader.lr.ph, label %dec_label_pc_851 dec_label_pc_6e3.preheader.lr.ph: ; preds = %dec_label_pc_6aa %v1_6fe = shl i64 %arg2, 2 %v2_70a = add i64 %v1_6fe, %arg1 %v1_70d = inttoptr i64 %v2_70a to i32* br label %dec_label_pc_6e3.preheader dec_label_pc_6df: ; preds = %dec_label_pc_6e3.preheader, %dec_label_pc_6df %stack_var_-12.0745 = phi i64 [ %v23_6df, %dec_label_pc_6df ], [ %stack_var_-12.119, %dec_label_pc_6e3.preheader ] %v5_6df = shl i64 %stack_var_-12.0745, 32 %sext23 = add i64 %v5_6df, 4294967296 %v23_6df = sdiv i64 %sext23, 4294967296 %v1_6e8 = shl nsw i64 %v23_6df, 2 %v2_6f4 = add i64 %v1_6e8, %arg1 %v1_6f7 = inttoptr i64 %v2_6f4 to i32* %v2_6f7 = load i32, i32* %v1_6f7, align 4 %v8_711 = icmp ule i32 %v2_6f7, %v2_70d71 %v1_716 = trunc i64 %v23_6df to i32 %v7_719 = icmp slt i32 %v1_716, %v6_6bf %or.cond17 = and i1 %v8_711, %v7_719 br i1 %or.cond17, label %dec_label_pc_6df, label %dec_label_pc_721.preheader.loopexit dec_label_pc_721.preheader.loopexit: ; preds = %dec_label_pc_6df %v1_6f7.le = inttoptr i64 %v2_6f4 to i32* br label %dec_label_pc_721.preheader dec_label_pc_721.preheader: ; preds = %dec_label_pc_721.preheader.loopexit, %dec_label_pc_6e3.preheader %v2_76d = phi i32 [ %v2_6f769, %dec_label_pc_6e3.preheader ], [ %v2_6f7, %dec_label_pc_721.preheader.loopexit ] %stack_var_-12.0.lcssa = phi i64 [ %stack_var_-12.119, %dec_label_pc_6e3.preheader ], [ %v23_6df, %dec_label_pc_721.preheader.loopexit ] %v1_6f7.lcssa = phi i32* [ %v1_6f768, %dec_label_pc_6e3.preheader ], [ %v1_6f7.le, %dec_label_pc_721.preheader.loopexit ] %v1_72685 = shl i64 %stack_var_-16.120, 2 %v2_73286 = add i64 %v1_72685, %arg1 %v1_73587 = inttoptr i64 %v2_73286 to i32* %v2_73588 = load i32, i32* %v1_73587, align 4 %v8_74f92 = icmp ugt i32 %v2_73588, %v2_70d71 br i1 %v8_74f92, label %dec_label_pc_71d, label %dec_label_pc_751 dec_label_pc_71d: ; preds = %dec_label_pc_721.preheader, %dec_label_pc_71d %stack_var_-16.093 = phi i64 [ %v23_71d, %dec_label_pc_71d ], [ %stack_var_-16.120, %dec_label_pc_721.preheader ] %v5_71d = shl i64 %stack_var_-16.093, 32 %sext = add i64 %v5_71d, -4294967296 %v23_71d = sdiv i64 %sext, 4294967296 %v1_726 = shl nsw i64 %v23_71d, 2 %v2_732 = add i64 %v1_726, %arg1 %v1_735 = inttoptr i64 %v2_732 to i32* %v2_735 = load i32, i32* %v1_735, align 4 %v8_74f = icmp ugt i32 %v2_735, %v2_70d71 br i1 %v8_74f, label %dec_label_pc_71d, label %dec_label_pc_751.loopexit dec_label_pc_751.loopexit: ; preds = %dec_label_pc_71d %v1_735.le = inttoptr i64 %v2_732 to i32* br label %dec_label_pc_751 dec_label_pc_751: ; preds = %dec_label_pc_751.loopexit, %dec_label_pc_721.preheader %v2_79b = phi i32 [ %v2_73588, %dec_label_pc_721.preheader ], [ %v2_735, %dec_label_pc_751.loopexit ] %stack_var_-16.0.lcssa = phi i64 [ %stack_var_-16.120, %dec_label_pc_721.preheader ], [ %v23_71d, %dec_label_pc_751.loopexit ] %v1_735.lcssa = phi i32* [ %v1_73587, %dec_label_pc_721.preheader ], [ %v1_735.le, %dec_label_pc_751.loopexit ] %v1_754 = trunc i64 %stack_var_-12.0.lcssa to i32 %v6_754 = trunc i64 %stack_var_-16.0.lcssa to i32 %v7_757 = icmp slt i32 %v1_754, %v6_754 br i1 %v7_757, label %dec_label_pc_7b8.backedge.thread, label %dec_label_pc_7c4 dec_label_pc_7b8.backedge.thread: ; preds = %dec_label_pc_751 store i32 %v2_79b, i32* %v1_6f7.lcssa, align 4 store i32 %v2_76d, i32* %v1_735.lcssa, align 4 br label %dec_label_pc_6e3.preheader dec_label_pc_6e3.preheader: ; preds = %dec_label_pc_7b8.backedge.thread, %dec_label_pc_6e3.preheader.lr.ph %stack_var_-16.120 = phi i64 [ %arg3, %dec_label_pc_6e3.preheader.lr.ph ], [ %stack_var_-16.0.lcssa, %dec_label_pc_7b8.backedge.thread ] %stack_var_-12.119 = phi i64 [ %arg2, %dec_label_pc_6e3.preheader.lr.ph ], [ %stack_var_-12.0.lcssa, %dec_label_pc_7b8.backedge.thread ] %v1_6e866 = shl i64 %stack_var_-12.119, 2 %v2_6f467 = add i64 %v1_6e866, %arg1 %v1_6f768 = inttoptr i64 %v2_6f467 to i32* %v2_6f769 = load i32, i32* %v1_6f768, align 4 %v2_70d71 = load i32, i32* %v1_70d, align 4 %v8_71173 = icmp ule i32 %v2_6f769, %v2_70d71 %v1_7163 = trunc i64 %stack_var_-12.119 to i32 %v7_7194 = icmp slt i32 %v1_7163, %v6_6bf %or.cond = and i1 %v8_71173, %v7_7194 br i1 %or.cond, label %dec_label_pc_6df, label %dec_label_pc_721.preheader dec_label_pc_7c4: ; preds = %dec_label_pc_751 store i32 %v2_79b, i32* %v1_70d, align 4 store i32 %v2_70d71, i32* %v1_735.lcssa, align 4 %v1_826 = add i64 %stack_var_-16.0.lcssa, -1 %v3_835 = call i64 @quicksort(i64 %arg1, i64 %arg2, i64 %v1_826) %v1_83d = add i64 %stack_var_-16.0.lcssa, 1 %v3_84c = call i64 @quicksort(i64 %arg1, i64 %v1_83d, i64 %arg3) %v2_852.pre = load i64, i64* %stack_var_-8, align 8 br label %dec_label_pc_851 dec_label_pc_851: ; preds = %dec_label_pc_7c4, %dec_label_pc_6aa %v0_853 = phi i64 [ %arg2, %dec_label_pc_6aa ], [ %v3_84c, %dec_label_pc_7c4 ] %v2_852 = phi i64 [ %v0_6aa, %dec_label_pc_6aa ], [ %v2_852.pre, %dec_label_pc_7c4 ] store i64 %v2_852, i64* @rbp, align 8 ret i64 %v0_853 } ; Function Attrs: nounwind define i64 @main(i64 %argc, i8** nocapture readnone %argv) local_unnamed_addr #0 { dec_label_pc_854: %stack_var_-16 = alloca i64, align 8 %stack_var_-120 = alloca i64, align 8 %v15_858 = ptrtoint i64* %stack_var_-120 to i64 %v3_868 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @global_var_9c8.3, i64 0, i64 0)) %v5_880 = call i32 (i8*, ...) @scanf(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @global_var_9f2.4, i64 0, i64 0), i64* nonnull %stack_var_-16) %v3_885 = load i64, i64* %stack_var_-16, align 8 %v4_896 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([20 x i8], [20 x i8]* @global_var_9f5.5, i64 0, i64 0), i64 %v3_885) %v3_8cd10 = load i64, i64* %stack_var_-16, align 8 %v6_8d316 = icmp sgt i64 %v3_8cd10, 0 br i1 %v6_8d316, label %dec_label_pc_8a4, label %dec_label_pc_8d5 dec_label_pc_8a4: ; preds = %dec_label_pc_854, %dec_label_pc_8a4 %storemerge117 = phi i32 [ %v4_8c9, %dec_label_pc_8a4 ], [ 0, %dec_label_pc_854 ] %v4_8a8 = zext i32 %storemerge117 to i64 %v2_8ae = shl nuw nsw i64 %v4_8a8, 2 %v2_8b2 = add i64 %v2_8ae, %v15_858 %v4_8c4 = inttoptr i64 %v2_8b2 to i64* %v5_8c4 = call i32 (i8*, ...) @scanf(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @global_var_9f2.4, i64 0, i64 0), i64* %v4_8c4) %v4_8c9 = add i32 %storemerge117, 1 %v3_8cd = load i64, i64* %stack_var_-16, align 8 %v5_8d3 = sext i32 %v4_8c9 to i64 %v6_8d3 = icmp sgt i64 %v3_8cd, %v5_8d3 br i1 %v6_8d3, label %dec_label_pc_8a4, label %dec_label_pc_8d5 dec_label_pc_8d5: ; preds = %dec_label_pc_8a4, %dec_label_pc_854 %v3_8d5 = phi i64 [ %v3_8cd10, %dec_label_pc_854 ], [ %v3_8cd, %dec_label_pc_8a4 ] %v1_8d8 = add i64 %v3_8d5, -1 %v3_8e7 = call i64 @quicksort(i64 %v15_858, i64 0, i64 %v1_8d8) %v3_8f8 = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([27 x i8], [27 x i8]* @global_var_a09.6, i64 0, i64 0)) %v3_9262 = load i64, i64* %stack_var_-16, align 8 %v6_92c8 = icmp sgt i64 %v3_9262, 0 br i1 %v6_92c8, label %dec_label_pc_906, label %dec_label_pc_92e dec_label_pc_906: ; preds = %dec_label_pc_8d5, %dec_label_pc_906 %storemerge9 = phi i32 [ %v4_922, %dec_label_pc_906 ], [ 0, %dec_label_pc_8d5 ] %v4_906 = zext i32 %storemerge9 to i64 %v0_90b = load i64, i64* @rbp, align 8 %v2_90b = shl nuw nsw i64 %v4_906, 2 %v3_90b = add i64 %v0_90b, -112 %v4_90b = add i64 %v3_90b, %v2_90b %v5_90b = inttoptr i64 %v4_90b to i32* %v6_90b = load i32, i32* %v5_90b, align 4 %v7_90b = zext i32 %v6_90b to i64 %v4_91d = call i32 (i8*, ...) @printf(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @global_var_a24.7, i64 0, i64 0), i64 %v7_90b) %v4_922 = add i32 %storemerge9, 1 %v3_926 = load i64, i64* %stack_var_-16, align 8 %v5_92c = sext i32 %v4_922 to i64 %v6_92c = icmp sgt i64 %v3_926, %v5_92c br i1 %v6_92c, label %dec_label_pc_906, label %dec_label_pc_92e dec_label_pc_92e: ; preds = %dec_label_pc_906, %dec_label_pc_8d5 ret i64 0 } define i64 @__libc_csu_init(i64 %arg1, i64 %arg2, i64 %arg3) local_unnamed_addr { dec_label_pc_940: %v0_54c.i = load i64, i64* inttoptr (i64 2101224 to i64*), align 8 %v1_553.i = icmp eq i64 %v0_54c.i, 0 br i1 %v1_553.i, label %dec_label_pc_996, label %dec_label_pc_558.i dec_label_pc_558.i: ; preds = %dec_label_pc_940 tail call void @__gmon_start__() br label %dec_label_pc_996 dec_label_pc_996: ; preds = %dec_label_pc_558.i, %dec_label_pc_940 %v0_55e.i = phi i64 [ ptrtoint (i32* @0 to i64), %dec_label_pc_558.i ], [ 0, %dec_label_pc_940 ] ret i64 %v0_55e.i } ; Function Attrs: norecurse nounwind readnone define i64 @__libc_csu_fini() local_unnamed_addr #2 { dec_label_pc_9b0: ret i64 undef } ; Function Attrs: norecurse nounwind readnone define i64 @_fini() local_unnamed_addr #2 { dec_label_pc_9b4: ret i64 undef } ; Function Attrs: nounwind declare i32 @printf(i8* nocapture readonly, ...) local_unnamed_addr #0 ; Function Attrs: nounwind declare i32 @scanf(i8* nocapture readonly, ...) local_unnamed_addr #0 declare i32 @__libc_start_main(i64, i32, i8**, void ()*, void ()*, void ()*) local_unnamed_addr declare void @__gmon_start__() local_unnamed_addr declare void @__cxa_finalize(i64*) local_unnamed_addr declare i64 @__asm_hlt() local_unnamed_addr attributes #0 = { nounwind } attributes #1 = { noreturn } attributes #2 = { norecurse nounwind readnone }

Raised by mcsema
Non-optimised:
; ModuleID = 'lifted.bc' source_filename = "llvm-link" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-pc-linux-gnu-elf" %union.anon = type { i64 } %seg_9c0__rodata_type = type <{ [104 x i8] }> %seg_200db0__init_array_type = type <{ i64, i64 }> %seg_200fb0__got_type = type <{ [80 x i8] }> %seg_201000__data_type = type <{ [8 x i8], i64 }> %seg_201010__bss_type = type <{ [8 x i8] }> %struct.State = type { %struct.ArchState, [32 x %union.VectorReg], %struct.ArithFlags, %union.anon, %struct.Segments, %struct.AddressSpace, %struct.GPR, %struct.X87Stack, %struct.MMX, %struct.FPUStatusFlags, %union.anon, %union.FPU, %struct.SegmentCaches } %struct.ArchState = type { i32, i32, %union.anon } %union.VectorReg = type { %union.vec512_t } %union.vec512_t = type { %struct.uint64v8_t } %struct.uint64v8_t = type { [8 x i64] } %struct.ArithFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8 } %struct.Segments = type { i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector } %union.SegmentSelector = type { i16 } %struct.AddressSpace = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.Reg = type { %union.anon } %struct.GPR = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.X87Stack = type { [8 x %struct.anon.3] } %struct.anon.3 = type { i64, double } %struct.MMX = type { [8 x %struct.anon.4] } %struct.anon.4 = type { i64, %union.vec64_t } %union.vec64_t = type { %struct.uint64v1_t } %struct.uint64v1_t = type { [1 x i64] } %struct.FPUStatusFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, [4 x i8] } %union.FPU = type { %struct.anon.13 } %struct.anon.13 = type { %struct.FpuFXSAVE, [96 x i8] } %struct.FpuFXSAVE = type { %union.SegmentSelector, %union.SegmentSelector, %union.FPUAbridgedTagWord, i8, i16, i32, %union.SegmentSelector, i16, i32, %union.SegmentSelector, i16, %union.FPUControlStatus, %union.FPUControlStatus, [8 x %struct.FPUStackElem], [16 x %union.vec128_t] } %union.FPUAbridgedTagWord = type { i8 } %union.FPUControlStatus = type { i32 } %struct.FPUStackElem = type { %union.anon.11, [6 x i8] } %union.anon.11 = type { %struct.float80_t } %struct.float80_t = type { [10 x i8] } %union.vec128_t = type { %struct.uint128v1_t } %struct.uint128v1_t = type { [1 x i128] } %struct.SegmentCaches = type { %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow } %struct.SegmentShadow = type { %union.anon, i32, i32 } %struct.Memory = type opaque @DR0 = external global i64, align 8 @DR1 = external global i64, align 8 @DR2 = external global i64, align 8 @DR3 = external global i64, align 8 @DR4 = external global i64, align 8 @DR5 = external global i64, align 8 @DR6 = external global i64, align 8 @DR7 = external global i64, align 8 @gCR0 = external global %union.anon, align 1 @gCR1 = external global %union.anon, align 1 @gCR2 = external global %union.anon, align 1 @gCR3 = external global %union.anon, align 1 @gCR4 = external global %union.anon, align 1 @gCR8 = external global %union.anon, align 1 @seg_9c0__rodata = internal constant %seg_9c0__rodata_type <{ [104 x i8] c"\01\00\02\00\00\00\00\00How many elements are u going to enter?: \00%d\00Enter %d elements: \00Order of Sorted elements: \00 %d\00" }> @seg_200db0__init_array = internal global %seg_200db0__init_array_type <{ i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_6a0_frame_dummy to i64), i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_660___do_global_dtors_aux to i64) }> @seg_200fb0__got = internal global %seg_200fb0__got_type <{ [80 x i8] c"\C0\0D \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00v\05\00\00\00\00\00\00\86\05\00\00\00\00\00\00H\14 \00\00\00\00\00P\14 \00\00\00\00\00X\14 \00\00\00\00\00`\14 \00\00\00\00\00h\14 \00\00\00\00\00" }> @seg_201000__data = internal global %seg_201000__data_type <{ [8 x i8] zeroinitializer, i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) }> @seg_201010__bss = internal global %seg_201010__bss_type zeroinitializer @__mcsema_reg_state = internal thread_local global %struct.State zeroinitializer @__mcsema_stack = internal thread_local global [131072 x i64] zeroinitializer @__mcsema_tls = internal thread_local global [512 x i64] zeroinitializer @0 = internal global i1 false @llvm.global_dtors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_destructor, i8* null }] @llvm.global_ctors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_constructor, i8* null }] ; Function Attrs: nounwind readnone declare i32 @llvm.ctpop.i32(i32) #0 ; Function Attrs: noduplicate noinline nounwind optnone define %struct.Memory* @__remill_error(%struct.State* dereferenceable(3376), i64, %struct.Memory*) local_unnamed_addr #1 { call void @llvm.trap() unreachable } ; Function Attrs: noinline declare x86_64_sysvcc i64 @printf() local_unnamed_addr #2 ; Function Attrs: noinline declare x86_64_sysvcc i64 @__isoc99_scanf() local_unnamed_addr #2 ; Function Attrs: noinline nounwind define %struct.Memory* @sub_548__init(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_548: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, -8 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %14 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 56) to i64*) store i64 %14, i64* %4, align 8, !tbaa !1261 store i8 0, i8* %8, align 1, !tbaa !1265 %15 = trunc i64 %14 to i32 %16 = and i32 %15, 255 %17 = tail call i32 @llvm.ctpop.i32(i32 %16) #9 %18 = trunc i32 %17 to i8 %19 = and i8 %18, 1 %20 = xor i8 %19, 1 store i8 %20, i8* %9, align 1, !tbaa !1279 %21 = icmp eq i64 %14, 0 %22 = zext i1 %21 to i8 store i8 %22, i8* %11, align 1, !tbaa !1280 %23 = lshr i64 %14, 63 %24 = trunc i64 %23 to i8 store i8 %24, i8* %12, align 1, !tbaa !1281 store i8 0, i8* %13, align 1, !tbaa !1282 store i8 0, i8* %10, align 1, !tbaa !1283 %25 = select i1 %21, i64 18, i64 16 %26 = add i64 %25, %1 br i1 %21, label %block_55a, label %block_558 block_55a: ; preds = %block_558, %block_548 %27 = phi i64 [ %7, %block_548 ], [ %58, %block_558 ] %28 = phi %struct.Memory* [ %2, %block_548 ], [ %57, %block_558 ] %29 = add i64 %27, 8 %30 = icmp ugt i64 %27, -9 %31 = zext i1 %30 to i8 store i8 %31, i8* %8, align 1, !tbaa !1265 %32 = trunc i64 %29 to i32 %33 = and i32 %32, 255 %34 = tail call i32 @llvm.ctpop.i32(i32 %33) #9 %35 = trunc i32 %34 to i8 %36 = and i8 %35, 1 %37 = xor i8 %36, 1 store i8 %37, i8* %9, align 1, !tbaa !1279 %38 = xor i64 %29, %27 %39 = lshr i64 %38, 4 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 store i8 %41, i8* %10, align 1, !tbaa !1283 %42 = icmp eq i64 %29, 0 %43 = zext i1 %42 to i8 store i8 %43, i8* %11, align 1, !tbaa !1280 %44 = lshr i64 %29, 63 %45 = trunc i64 %44 to i8 store i8 %45, i8* %12, align 1, !tbaa !1281 %46 = lshr i64 %27, 63 %47 = xor i64 %44, %46 %48 = add nuw nsw i64 %47, %44 %49 = icmp eq i64 %48, 2 %50 = zext i1 %49 to i8 store i8 %50, i8* %13, align 1, !tbaa !1282 %51 = inttoptr i64 %29 to i64* %52 = load i64, i64* %51 store i64 %52, i64* %3, align 8, !tbaa !1261 %53 = add i64 %27, 16 store i64 %53, i64* %5, align 8, !tbaa !1261 ret %struct.Memory* %28 block_558: ; preds = %block_548 %54 = add i64 %26, 2 %55 = add i64 %6, -16 %56 = inttoptr i64 %55 to i64* store i64 %54, i64* %56 store i64 %55, i64* %5, align 8, !tbaa !1261 store i64 %14, i64* %3, align 8, !tbaa !1261 %57 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %14, %struct.Memory* %2) %58 = load i64, i64* %5, align 8 br label %block_55a } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5d0_deregister_tm_clones(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_600: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %5, align 8, !tbaa !1261 %8 = load i64, i64* %7, align 8 %9 = load i64, i64* %6, align 8, !tbaa !1261 %10 = add i64 %9, -8 %11 = inttoptr i64 %10 to i64* store i64 %8, i64* %11 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %4, align 8, !tbaa !1261 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %12, align 1, !tbaa !1265 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 1, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 and (i8 trunc (i64 lshr (i64 xor (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64)), i64 4) to i8), i8 1), i8* %14, align 1, !tbaa !1283 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 1, i8* %15, align 1, !tbaa !1280 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 0, i8* %16, align 1, !tbaa !1281 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 zext (i1 icmp eq (i64 add (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 xor (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63))), i64 2) to i8), i8* %17, align 1, !tbaa !1282 %18 = inttoptr i64 %10 to i64* %19 = load i64, i64* %18 store i64 %19, i64* %7, align 8, !tbaa !1261 %20 = inttoptr i64 %9 to i64* %21 = load i64, i64* %20 store i64 %21, i64* %3, align 8, !tbaa !1261 %22 = add i64 %9, 8 store i64 %22, i64* %6, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_9b0___libc_csu_fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #3 { block_9b0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8, !tbaa !1261 %6 = inttoptr i64 %5 to i64* %7 = load i64, i64* %6 store i64 %7, i64* %3, align 8, !tbaa !1261 %8 = add i64 %5, 8 store i64 %8, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_590_targ590(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_590: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 72) to i64*) store i64 %4, i64* %3, align 8, !tbaa !1261 %5 = icmp eq i64 %4, 1430 br i1 %5, label %block_596, label %7 block_596: ; preds = %block_590 %6 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull %0, i64 1430, %struct.Memory* %2) ret %struct.Memory* %6 ; <label>:7: ; preds = %block_590 %8 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %4, %struct.Memory* %2) ret %struct.Memory* %8 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_6a0_frame_dummy(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_6a0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = load i64, i64* %3, align 8, !tbaa !1261 %7 = add i64 %6, -8 %8 = inttoptr i64 %7 to i64* store i64 %5, i64* %8 %9 = inttoptr i64 %7 to i64* %10 = load i64, i64* %9 store i64 %10, i64* %4, align 8, !tbaa !1261 store i64 %6, i64* %3, align 8, !tbaa !1261 %11 = add i64 %1, -144 %12 = tail call %struct.Memory* @sub_610_register_tm_clones(%struct.State* nonnull %0, i64 %11, %struct.Memory* %2) ret %struct.Memory* %12 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_610_register_tm_clones(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_650: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %6, align 8, !tbaa !1261 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1261 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 0, i64* %4, align 8, !tbaa !1261 store i64 0, i64* %5, align 8, !tbaa !1261 store i8 0, i8* %13, align 1, !tbaa !1284 store i8 1, i8* %14, align 1, !tbaa !1284 store i8 0, i8* %15, align 1, !tbaa !1284 store i8 1, i8* %16, align 1, !tbaa !1284 store i8 0, i8* %17, align 1, !tbaa !1284 store i8 0, i8* %18, align 1, !tbaa !1284 %19 = inttoptr i64 %11 to i64* %20 = load i64, i64* %19 store i64 %20, i64* %8, align 8, !tbaa !1261 %21 = inttoptr i64 %10 to i64* %22 = load i64, i64* %21 store i64 %22, i64* %3, align 8, !tbaa !1261 %23 = add i64 %10, 8 store i64 %23, i64* %7, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_940___libc_csu_init(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_940: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 27, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 3, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %11 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 25, i32 0, i32 0 %15 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 29, i32 0, i32 0 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 31, i32 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = load i64, i64* %12, align 8, !tbaa !1261 %20 = add i64 %19, -8 %21 = inttoptr i64 %20 to i64* store i64 %18, i64* %21 %22 = load i64, i64* %16, align 8 %23 = add i64 %19, -16 %24 = inttoptr i64 %23 to i64* store i64 %22, i64* %24 %25 = load i64, i64* %9, align 8 store i64 %25, i64* %17, align 8, !tbaa !1261 %26 = load i64, i64* %15, align 8 %27 = add i64 %19, -24 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28 %29 = load i64, i64* %14, align 8 %30 = add i64 %19, -32 %31 = inttoptr i64 %30 to i64* store i64 %29, i64* %31 store i64 ptrtoint (%seg_200db0__init_array_type* @seg_200db0__init_array to i64), i64* %14, align 8, !tbaa !1261 %32 = load i64, i64* %13, align 8 %33 = add i64 %19, -40 %34 = inttoptr i64 %33 to i64* store i64 %32, i64* %34 %35 = load i64, i64* %8, align 8 %36 = add i64 %19, -48 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37 %38 = load i32, i32* %5, align 4 %39 = zext i32 %38 to i64 store i64 %39, i64* %15, align 8, !tbaa !1261 %40 = load i64, i64* %10, align 8 store i64 %40, i64* %16, align 8, !tbaa !1261 %41 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %42 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %43 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %44 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %45 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 ashr (i64 sub (i64 add (i64 ptrtoint (%seg_200db0__init_array_type* @seg_200db0__init_array to i64), i64 8), i64 ptrtoint (%seg_200db0__init_array_type* @seg_200db0__init_array to i64)), i64 3), i64* %13, align 8, !tbaa !1261 %47 = add i64 %1, -1016 %48 = add i64 %1, 49 %49 = add i64 %19, -64 %50 = inttoptr i64 %49 to i64* store i64 %48, i64* %50 store i64 %49, i64* %12, align 8, !tbaa !1261 %51 = tail call %struct.Memory* @sub_548__init(%struct.State* nonnull %0, i64 %47, %struct.Memory* %2) %52 = load i64, i64* %13, align 8 %53 = load i64, i64* %3, align 8 %54 = icmp eq i64 %52, 0 %55 = select i1 %54, i64 37, i64 5 %56 = add i64 %53, %55 br i1 %54, label %block_996, label %block_976 block_996.loopexit: ; preds = %block_980 br label %block_996 block_996: ; preds = %block_996.loopexit, %block_940 %57 = phi %struct.Memory* [ %51, %block_940 ], [ %118, %block_996.loopexit ] %58 = load i64, i64* %12, align 8 %59 = add i64 %58, 8 %60 = icmp ugt i64 %58, -9 %61 = zext i1 %60 to i8 store i8 %61, i8* %41, align 1, !tbaa !1265 %62 = trunc i64 %59 to i32 %63 = and i32 %62, 255 %64 = tail call i32 @llvm.ctpop.i32(i32 %63) #9 %65 = trunc i32 %64 to i8 %66 = and i8 %65, 1 %67 = xor i8 %66, 1 store i8 %67, i8* %42, align 1, !tbaa !1279 %68 = xor i64 %59, %58 %69 = lshr i64 %68, 4 %70 = trunc i64 %69 to i8 %71 = and i8 %70, 1 store i8 %71, i8* %43, align 1, !tbaa !1283 %72 = icmp eq i64 %59, 0 %73 = zext i1 %72 to i8 store i8 %73, i8* %44, align 1, !tbaa !1280 %74 = lshr i64 %59, 63 %75 = trunc i64 %74 to i8 store i8 %75, i8* %45, align 1, !tbaa !1281 %76 = lshr i64 %58, 63 %77 = xor i64 %74, %76 %78 = add nuw nsw i64 %77, %74 %79 = icmp eq i64 %78, 2 %80 = zext i1 %79 to i8 store i8 %80, i8* %46, align 1, !tbaa !1282 %81 = add i64 %58, 16 %82 = inttoptr i64 %59 to i64* %83 = load i64, i64* %82 store i64 %83, i64* %8, align 8, !tbaa !1261 %84 = add i64 %58, 24 %85 = inttoptr i64 %81 to i64* %86 = load i64, i64* %85 store i64 %86, i64* %13, align 8, !tbaa !1261 %87 = add i64 %58, 32 %88 = inttoptr i64 %84 to i64* %89 = load i64, i64* %88 store i64 %89, i64* %14, align 8, !tbaa !1261 %90 = add i64 %58, 40 %91 = inttoptr i64 %87 to i64* %92 = load i64, i64* %91 store i64 %92, i64* %15, align 8, !tbaa !1261 %93 = add i64 %58, 48 %94 = inttoptr i64 %90 to i64* %95 = load i64, i64* %94 store i64 %95, i64* %16, align 8, !tbaa !1261 %96 = add i64 %58, 56 %97 = inttoptr i64 %93 to i64* %98 = load i64, i64* %97 store i64 %98, i64* %17, align 8, !tbaa !1261 %99 = inttoptr i64 %96 to i64* %100 = load i64, i64* %99 store i64 %100, i64* %3, align 8, !tbaa !1261 %101 = add i64 %58, 64 store i64 %101, i64* %12, align 8, !tbaa !1261 ret %struct.Memory* %57 block_980: ; preds = %block_976, %block_980 %102 = phi i64 [ 0, %block_976 ], [ %121, %block_980 ] %103 = phi i64 [ %150, %block_976 ], [ %149, %block_980 ] %104 = phi %struct.Memory* [ %51, %block_976 ], [ %118, %block_980 ] %105 = load i64, i64* %17, align 8 store i64 %105, i64* %9, align 8, !tbaa !1261 %106 = load i64, i64* %16, align 8 store i64 %106, i64* %10, align 8, !tbaa !1261 %107 = load i32, i32* %7, align 4 %108 = zext i32 %107 to i64 store i64 %108, i64* %11, align 8, !tbaa !1261 %109 = load i64, i64* %14, align 8 %110 = shl i64 %102, 3 %111 = add i64 %110, %109 %112 = add i64 %103, 13 %113 = load i64, i64* %12, align 8, !tbaa !1261 %114 = add i64 %113, -8 %115 = inttoptr i64 %114 to i64* store i64 %112, i64* %115 store i64 %114, i64* %12, align 8, !tbaa !1261 %116 = inttoptr i64 %111 to i64* %117 = load i64, i64* %116 store i64 %117, i64* %3, align 8, !tbaa !1261 %118 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %117, %struct.Memory* %104) %119 = load i64, i64* %8, align 8 %120 = load i64, i64* %3, align 8 %121 = add i64 %119, 1 store i64 %121, i64* %8, align 8, !tbaa !1261 %122 = lshr i64 %121, 63 %123 = load i64, i64* %13, align 8 %124 = sub i64 %123, %121 %125 = icmp ult i64 %123, %121 %126 = zext i1 %125 to i8 store i8 %126, i8* %41, align 1, !tbaa !1265 %127 = trunc i64 %124 to i32 %128 = and i32 %127, 255 %129 = tail call i32 @llvm.ctpop.i32(i32 %128) #9 %130 = trunc i32 %129 to i8 %131 = and i8 %130, 1 %132 = xor i8 %131, 1 store i8 %132, i8* %42, align 1, !tbaa !1279 %133 = xor i64 %121, %123 %134 = xor i64 %133, %124 %135 = lshr i64 %134, 4 %136 = trunc i64 %135 to i8 %137 = and i8 %136, 1 store i8 %137, i8* %43, align 1, !tbaa !1283 %138 = icmp eq i64 %124, 0 %139 = zext i1 %138 to i8 store i8 %139, i8* %44, align 1, !tbaa !1280 %140 = lshr i64 %124, 63 %141 = trunc i64 %140 to i8 store i8 %141, i8* %45, align 1, !tbaa !1281 %142 = lshr i64 %123, 63 %143 = xor i64 %122, %142 %144 = xor i64 %140, %142 %145 = add nuw nsw i64 %144, %143 %146 = icmp eq i64 %145, 2 %147 = zext i1 %146 to i8 store i8 %147, i8* %46, align 1, !tbaa !1282 %148 = select i1 %138, i64 9, i64 -13 %149 = add i64 %120, %148 br i1 %138, label %block_996.loopexit, label %block_980 block_976: ; preds = %block_940 store i64 0, i64* %8, align 8, !tbaa !1261 store i8 0, i8* %41, align 1, !tbaa !1265 store i8 1, i8* %42, align 1, !tbaa !1279 store i8 1, i8* %44, align 1, !tbaa !1280 store i8 0, i8* %45, align 1, !tbaa !1281 store i8 0, i8* %46, align 1, !tbaa !1282 store i8 0, i8* %43, align 1, !tbaa !1283 %150 = add i64 %56, 10 br label %block_980 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_660___do_global_dtors_aux(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_660: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %6 = load i8, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i32 0, i32 0, i32 0) %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %7, align 1, !tbaa !1265 %8 = zext i8 %6 to i32 %9 = tail call i32 @llvm.ctpop.i32(i32 %8) #9 %10 = trunc i32 %9 to i8 %11 = and i8 %10, 1 %12 = xor i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %12, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 0, i8* %14, align 1, !tbaa !1283 %15 = icmp eq i8 %6, 0 %16 = zext i1 %15 to i8 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %16, i8* %17, align 1, !tbaa !1280 %18 = lshr i8 %6, 7 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %18, i8* %19, align 1, !tbaa !1281 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 0, i8* %20, align 1, !tbaa !1282 %21 = select i1 %15, i64 9, i64 56 %22 = add i64 %21, %1 %23 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 br i1 %15, label %block_669, label %block_698 block_677: ; preds = %block_669 %24 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) to i64*) store i64 %24, i64* %4, align 8, !tbaa !1261 %25 = add i64 %48, -231 %26 = add i64 %48, 12 %27 = add i64 %44, -16 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28 store i64 %27, i64* %23, align 8, !tbaa !1261 %29 = tail call %struct.Memory* @sub_590_targ590(%struct.State* nonnull %0, i64 %25, %struct.Memory* %2) %30 = load i64, i64* %3, align 8 %31 = load i64, i64* %23, align 8, !tbaa !1261 br label %block_683 block_669: ; preds = %block_660 %32 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 72) to i64*) store i8 0, i8* %7, align 1, !tbaa !1265 %33 = trunc i64 %32 to i32 %34 = and i32 %33, 255 %35 = tail call i32 @llvm.ctpop.i32(i32 %34) #9 %36 = trunc i32 %35 to i8 %37 = and i8 %36, 1 %38 = xor i8 %37, 1 store i8 %38, i8* %13, align 1, !tbaa !1279 store i8 0, i8* %14, align 1, !tbaa !1283 %39 = icmp eq i64 %32, 0 %40 = zext i1 %39 to i8 store i8 %40, i8* %17, align 1, !tbaa !1280 %41 = lshr i64 %32, 63 %42 = trunc i64 %41 to i8 store i8 %42, i8* %19, align 1, !tbaa !1281 store i8 0, i8* %20, align 1, !tbaa !1282 %43 = load i64, i64* %5, align 8 %44 = load i64, i64* %23, align 8, !tbaa !1261 %45 = add i64 %44, -8 %46 = inttoptr i64 %45 to i64* store i64 %43, i64* %46 store i64 %45, i64* %5, align 8, !tbaa !1261 %47 = select i1 %39, i64 26, i64 14 %48 = add i64 %22, %47 br i1 %39, label %block_683, label %block_677 block_698: ; preds = %block_660 %49 = load i64, i64* %23, align 8, !tbaa !1261 %50 = inttoptr i64 %49 to i64* %51 = load i64, i64* %50 store i64 %51, i64* %3, align 8, !tbaa !1261 %52 = add i64 %49, 8 store i64 %52, i64* %23, align 8, !tbaa !1261 ret %struct.Memory* %2 block_683: ; preds = %block_669, %block_677 %53 = phi i64 [ %45, %block_669 ], [ %31, %block_677 ] %54 = phi i64 [ %48, %block_669 ], [ %30, %block_677 ] %55 = phi %struct.Memory* [ %2, %block_669 ], [ %29, %block_677 ] %56 = add i64 %54, -179 %57 = add i64 %54, 5 %58 = add i64 %53, -8 %59 = inttoptr i64 %58 to i64* store i64 %57, i64* %59 store i64 %58, i64* %23, align 8, !tbaa !1261 %60 = tail call %struct.Memory* @sub_5d0_deregister_tm_clones(%struct.State* nonnull %0, i64 %56, %struct.Memory* %55) store i8 1, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i32 0, i32 0, i32 0) %61 = load i64, i64* %23, align 8, !tbaa !1261 %62 = add i64 %61, 8 %63 = inttoptr i64 %61 to i64* %64 = load i64, i64* %63 store i64 %64, i64* %5, align 8, !tbaa !1261 %65 = inttoptr i64 %62 to i64* %66 = load i64, i64* %65 store i64 %66, i64* %3, align 8, !tbaa !1261 %67 = add i64 %61, 16 store i64 %67, i64* %23, align 8, !tbaa !1261 ret %struct.Memory* %60 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_5a0__start(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_5a0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 store i64 0, i64* %10, align 8, !tbaa !1261 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %19 = load i64, i64* %6, align 8 store i64 %19, i64* %12, align 8, !tbaa !1261 %20 = load i64, i64* %9, align 8, !tbaa !1261 %21 = add i64 %20, 8 %22 = inttoptr i64 %20 to i64* %23 = load i64, i64* %22 store i64 %23, i64* %7, align 8, !tbaa !1261 store i64 %21, i64* %6, align 8, !tbaa !1261 %24 = and i64 %21, -16 store i8 0, i8* %13, align 1, !tbaa !1265 %25 = trunc i64 %21 to i32 %26 = and i32 %25, 240 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #9 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %14, align 1, !tbaa !1279 %31 = icmp eq i64 %24, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %15, align 1, !tbaa !1280 %33 = lshr i64 %21, 63 %34 = trunc i64 %33 to i8 store i8 %34, i8* %16, align 1, !tbaa !1281 store i8 0, i8* %17, align 1, !tbaa !1282 store i8 0, i8* %18, align 1, !tbaa !1283 %35 = load i64, i64* %4, align 8 %36 = add i64 %24, -8 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37 %38 = add i64 %24, -16 %39 = inttoptr i64 %38 to i64* store i64 %36, i64* %39 store i64 ptrtoint (i64 ()* @callback_sub_9b0___libc_csu_fini to i64), i64* %11, align 8, !tbaa !1261 store i64 ptrtoint (i64 ()* @callback_sub_940___libc_csu_init to i64), i64* %5, align 8, !tbaa !1261 store i64 ptrtoint (i64 (i64, i64, i64)* @main to i64), i64* %8, align 8, !tbaa !1261 %40 = add i64 %1, 42 %41 = add i64 %24, -24 %42 = inttoptr i64 %41 to i64* store i64 %40, i64* %42 store i64 %41, i64* %9, align 8, !tbaa !1261 %43 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 48) to i64*) store i64 %43, i64* %3, align 8, !tbaa !1261 %44 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %43, %struct.Memory* %2) %45 = load i64, i64* %3, align 8 %46 = add i64 %45, 1 store i64 %46, i64* %3, align 8 %47 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull %0, i64 %46, %struct.Memory* %44) ret %struct.Memory* %47 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_6aa_quicksort(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #3 { block_6aa: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %10 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %11 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %15 = load i64, i64* %14, align 8 %16 = load i64, i64* %13, align 8, !tbaa !1261 %17 = add i64 %16, -8 %18 = inttoptr i64 %17 to i64* store i64 %15, i64* %18 store i64 %17, i64* %14, align 8, !tbaa !1261 %19 = add i64 %16, -40 store i64 %19, i64* %13, align 8, !tbaa !1261 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %21 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %23 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %24 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %25 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %26 = add i64 %16, -32 %27 = load i64, i64* %12, align 8 %28 = inttoptr i64 %26 to i64* store i64 %27, i64* %28 %29 = add i64 %16, -36 %30 = load i32, i32* %7, align 4 %31 = inttoptr i64 %29 to i32* store i32 %30, i32* %31 %32 = add i64 %16, -40 %33 = load i32, i32* %5, align 4 %34 = inttoptr i64 %32 to i32* store i32 %33, i32* %34 %35 = inttoptr i64 %29 to i32* %36 = load i32, i32* %35 %37 = zext i32 %36 to i64 store i64 %37, i64* %8, align 8, !tbaa !1261 %38 = inttoptr i64 %32 to i32* %39 = load i32, i32* %38 %40 = sub i32 %36, %39 %41 = icmp ult i32 %36, %39 %42 = zext i1 %41 to i8 store i8 %42, i8* %20, align 1, !tbaa !1265 %43 = and i32 %40, 255 %44 = tail call i32 @llvm.ctpop.i32(i32 %43) #9 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = xor i8 %46, 1 store i8 %47, i8* %21, align 1, !tbaa !1279 %48 = xor i32 %39, %36 %49 = xor i32 %48, %40 %50 = lshr i32 %49, 4 %51 = trunc i32 %50 to i8 %52 = and i8 %51, 1 store i8 %52, i8* %22, align 1, !tbaa !1283 %53 = icmp eq i32 %40, 0 %54 = zext i1 %53 to i8 store i8 %54, i8* %23, align 1, !tbaa !1280 %55 = lshr i32 %40, 31 %56 = trunc i32 %55 to i8 store i8 %56, i8* %24, align 1, !tbaa !1281 %57 = lshr i32 %36, 31 %58 = lshr i32 %39, 31 %59 = xor i32 %58, %57 %60 = xor i32 %55, %57 %61 = add nuw nsw i32 %60, %59 %62 = icmp eq i32 %61, 2 %63 = zext i1 %62 to i8 store i8 %63, i8* %25, align 1, !tbaa !1282 %64 = icmp ne i8 %56, 0 %65 = xor i1 %64, %62 %66 = select i1 %65, i64 30, i64 423 %67 = add i64 %66, %1 br i1 %65, label %block_6c8, label %block_851 block_7c4: ; preds = %block_7b8 %68 = inttoptr i64 %285 to i32* %69 = load i32, i32* %68 %70 = sext i32 %69 to i64 %71 = shl nsw i64 %70, 2 %72 = inttoptr i64 %297 to i64* %73 = load i64, i64* %72 %74 = add i64 %71, %73 %75 = inttoptr i64 %74 to i32* %76 = load i32, i32* %75 %77 = inttoptr i64 %298 to i32* store i32 %76, i32* %77 %78 = inttoptr i64 %294 to i32* %79 = load i32, i32* %78 %80 = sext i32 %79 to i64 %81 = shl nsw i64 %80, 2 %82 = inttoptr i64 %297 to i64* %83 = load i64, i64* %82 %84 = add i64 %81, %83 %85 = load i64, i64* %14, align 8 %86 = add i64 %85, -12 %87 = inttoptr i64 %86 to i32* %88 = load i32, i32* %87 %89 = sext i32 %88 to i64 %90 = shl nsw i64 %89, 2 %91 = add i64 %85, -24 %92 = inttoptr i64 %91 to i64* %93 = load i64, i64* %92 %94 = add i64 %90, %93 %95 = inttoptr i64 %84 to i32* %96 = load i32, i32* %95 %97 = inttoptr i64 %94 to i32* store i32 %96, i32* %97 %98 = add i64 %85, -8 %99 = inttoptr i64 %98 to i32* %100 = load i32, i32* %99 %101 = sext i32 %100 to i64 %102 = shl nsw i64 %101, 2 %103 = inttoptr i64 %91 to i64* %104 = load i64, i64* %103 %105 = add i64 %102, %104 %106 = load i64, i64* %14, align 8 %107 = add i64 %106, -16 %108 = inttoptr i64 %107 to i32* %109 = load i32, i32* %108 %110 = inttoptr i64 %105 to i32* store i32 %109, i32* %110 %111 = add i64 %106, -8 %112 = inttoptr i64 %111 to i32* %113 = load i32, i32* %112 %114 = zext i32 %113 to i64 %115 = add nuw nsw i64 %114, 4294967295 %116 = and i64 %115, 4294967295 store i64 %116, i64* %10, align 8, !tbaa !1261 %117 = add i64 %106, -28 %118 = inttoptr i64 %117 to i32* %119 = load i32, i32* %118 %120 = zext i32 %119 to i64 store i64 %120, i64* %9, align 8, !tbaa !1261 %121 = add i64 %106, -24 %122 = inttoptr i64 %121 to i64* %123 = load i64, i64* %122 store i64 %120, i64* %11, align 8, !tbaa !1261 store i64 %123, i64* %12, align 8, !tbaa !1261 %124 = add i64 %177, -282 %125 = add i64 %177, 118 %126 = load i64, i64* %13, align 8, !tbaa !1261 %127 = add i64 %126, -8 %128 = inttoptr i64 %127 to i64* store i64 %125, i64* %128 store i64 %127, i64* %13, align 8, !tbaa !1261 %129 = tail call %struct.Memory* @sub_6aa_quicksort(%struct.State* nonnull %0, i64 %124, %struct.Memory* %161) %130 = load i64, i64* %14, align 8 %131 = add i64 %130, -8 %132 = load i64, i64* %3, align 8 %133 = inttoptr i64 %131 to i32* %134 = load i32, i32* %133 %135 = zext i32 %134 to i64 %136 = add nuw nsw i64 %135, 1 %137 = and i64 %136, 4294967295 store i64 %137, i64* %9, align 8, !tbaa !1261 %138 = add i64 %130, -32 %139 = inttoptr i64 %138 to i32* %140 = load i32, i32* %139 %141 = zext i32 %140 to i64 store i64 %141, i64* %10, align 8, !tbaa !1261 %142 = add i64 %130, -24 %143 = inttoptr i64 %142 to i64* %144 = load i64, i64* %143 %145 = and i64 %136, 4294967295 store i64 %145, i64* %11, align 8, !tbaa !1261 store i64 %144, i64* %12, align 8, !tbaa !1261 %146 = add i64 %132, -400 %147 = add i64 %132, 23 %148 = load i64, i64* %13, align 8, !tbaa !1261 %149 = add i64 %148, -8 %150 = inttoptr i64 %149 to i64* store i64 %147, i64* %150 store i64 %149, i64* %13, align 8, !tbaa !1261 %151 = tail call %struct.Memory* @sub_6aa_quicksort(%struct.State* nonnull %0, i64 %146, %struct.Memory* %129) br label %block_851 block_851: ; preds = %block_7c4, %block_6aa %152 = phi %struct.Memory* [ %2, %block_6aa ], [ %151, %block_7c4 ] %153 = load i64, i64* %14, align 8, !tbaa !1261 %154 = inttoptr i64 %153 to i64* %155 = load i64, i64* %154 store i64 %155, i64* %14, align 8, !tbaa !1261 %156 = add i64 %153, 8 %157 = inttoptr i64 %156 to i64* %158 = load i64, i64* %157 store i64 %158, i64* %3, align 8, !tbaa !1261 %159 = add i64 %153, 16 store i64 %159, i64* %13, align 8, !tbaa !1261 ret %struct.Memory* %152 block_7b8: ; preds = %block_6c8, %block_7b8.backedge %160 = phi i64 [ %296, %block_6c8 ], [ %210, %block_7b8.backedge ] %161 = phi %struct.Memory* [ %2, %block_6c8 ], [ %211, %block_7b8.backedge ] %162 = inttoptr i64 %289 to i32* %163 = load i32, i32* %162 %164 = inttoptr i64 %294 to i32* %165 = load i32, i32* %164 %166 = sub i32 %163, %165 %167 = lshr i32 %166, 31 %168 = lshr i32 %163, 31 %169 = lshr i32 %165, 31 %170 = xor i32 %169, %168 %171 = xor i32 %167, %168 %172 = add nuw nsw i32 %171, %170 %173 = icmp eq i32 %172, 2 %174 = icmp ne i32 %167, 0 %175 = xor i1 %174, %173 %176 = select i1 %175, i64 -213, i64 12 %177 = add i64 %160, %176 br i1 %175, label %block_6e3.preheader, label %block_7c4 block_6e3.preheader: ; preds = %block_7b8 br label %block_6e3 block_759: ; preds = %block_751 %178 = sext i32 %213 to i64 %179 = shl nsw i64 %178, 2 %180 = add i64 %179, %306 %181 = inttoptr i64 %180 to i32* %182 = load i32, i32* %181 %183 = inttoptr i64 %298 to i32* store i32 %182, i32* %183 %184 = inttoptr i64 %294 to i32* %185 = load i32, i32* %184 %186 = sext i32 %185 to i64 %187 = shl nsw i64 %186, 2 %188 = inttoptr i64 %297 to i64* %189 = load i64, i64* %188 %190 = add i64 %187, %189 %191 = inttoptr i64 %289 to i32* %192 = load i32, i32* %191 %193 = sext i32 %192 to i64 %194 = shl nsw i64 %193, 2 %195 = add i64 %194, %189 %196 = inttoptr i64 %190 to i32* %197 = load i32, i32* %196 %198 = inttoptr i64 %195 to i32* store i32 %197, i32* %198 %199 = inttoptr i64 %294 to i32* %200 = load i32, i32* %199 %201 = sext i32 %200 to i64 %202 = shl nsw i64 %201, 2 %203 = inttoptr i64 %297 to i64* %204 = load i64, i64* %203 %205 = add i64 %202, %204 %206 = inttoptr i64 %298 to i32* %207 = load i32, i32* %206 %208 = add i64 %225, 95 %209 = inttoptr i64 %205 to i32* store i32 %207, i32* %209 br label %block_7b8.backedge block_7b8.backedge: ; preds = %block_751, %block_759 %210 = phi i64 [ %225, %block_751 ], [ %208, %block_759 ] %211 = phi %struct.Memory* [ %300, %block_751 ], [ %300, %block_759 ] br label %block_7b8 block_751: ; preds = %block_721 %212 = inttoptr i64 %289 to i32* %213 = load i32, i32* %212 %214 = sub i32 %213, %302 %215 = lshr i32 %214, 31 %216 = lshr i32 %213, 31 %217 = lshr i32 %302, 31 %218 = xor i32 %217, %216 %219 = xor i32 %215, %216 %220 = add nuw nsw i32 %219, %218 %221 = icmp eq i32 %220, 2 %222 = icmp ne i32 %215, 0 %223 = xor i1 %222, %221 %224 = select i1 %223, i64 8, i64 103 %225 = add i64 %331, %224 br i1 %223, label %block_759, label %block_7b8.backedge block_71b: ; preds = %block_713 %226 = add i64 %241, 6 br label %block_721.preheader block_721.preheader: ; preds = %block_721.preheader.loopexit, %block_71b %227 = phi i64 [ %274, %block_721.preheader.loopexit ], [ %226, %block_71b ] br label %block_721 block_713: ; preds = %block_6e3 %228 = inttoptr i64 %291 to i32* %229 = load i32, i32* %228 %230 = sub i32 %245, %229 %231 = lshr i32 %230, 31 %232 = lshr i32 %245, 31 %233 = lshr i32 %229, 31 %234 = xor i32 %233, %232 %235 = xor i32 %231, %232 %236 = add nuw nsw i32 %235, %234 %237 = icmp eq i32 %236, 2 %238 = icmp ne i32 %231, 0 %239 = xor i1 %238, %237 %240 = select i1 %239, i64 -52, i64 8 %241 = add i64 %274, %240 br i1 %239, label %block_6df, label %block_71b block_6e3: ; preds = %block_6df, %block_6e3.preheader %242 = phi i64 [ %275, %block_6df ], [ %177, %block_6e3.preheader ] %243 = phi %struct.Memory* [ %243, %block_6df ], [ %161, %block_6e3.preheader ] %244 = inttoptr i64 %289 to i32* %245 = load i32, i32* %244 %246 = sext i32 %245 to i64 %247 = shl nsw i64 %246, 2 %248 = inttoptr i64 %297 to i64* %249 = load i64, i64* %248 %250 = add i64 %247, %249 %251 = inttoptr i64 %250 to i32* %252 = load i32, i32* %251 %253 = inttoptr i64 %285 to i32* %254 = load i32, i32* %253 %255 = sext i32 %254 to i64 %256 = shl nsw i64 %255, 2 %257 = add i64 %256, %249 %258 = inttoptr i64 %257 to i32* %259 = load i32, i32* %258 %260 = sub i32 %252, %259 %261 = lshr i32 %260, 31 %262 = lshr i32 %252, 31 %263 = lshr i32 %259, 31 %264 = xor i32 %263, %262 %265 = xor i32 %261, %262 %266 = add nuw nsw i32 %265, %264 %267 = icmp eq i32 %266, 2 %268 = icmp ne i32 %260, 0 %269 = icmp ne i32 %261, 0 %270 = xor i1 %269, %267 %271 = xor i1 %270, true %272 = and i1 %268, %271 %273 = select i1 %272, i64 62, i64 48 %274 = add i64 %242, %273 br i1 %272, label %block_721.preheader.loopexit, label %block_713 block_721.preheader.loopexit: ; preds = %block_6e3 br label %block_721.preheader block_6df: ; preds = %block_713 %275 = add i64 %241, 4 %276 = add i32 %245, 1 %277 = inttoptr i64 %289 to i32* store i32 %276, i32* %277 br label %block_6e3 block_71d: ; preds = %block_721 %278 = add i64 %331, 4 %279 = add i32 %302, -1 %280 = inttoptr i64 %294 to i32* store i32 %279, i32* %280 br label %block_721 block_6c8: ; preds = %block_6aa %281 = load i64, i64* %14, align 8 %282 = add i64 %281, -28 %283 = inttoptr i64 %282 to i32* %284 = load i32, i32* %283 %285 = add i64 %281, -12 %286 = inttoptr i64 %285 to i32* store i32 %284, i32* %286 %287 = inttoptr i64 %282 to i32* %288 = load i32, i32* %287 %289 = add i64 %281, -4 %290 = inttoptr i64 %289 to i32* store i32 %288, i32* %290 %291 = add i64 %281, -32 %292 = inttoptr i64 %291 to i32* %293 = load i32, i32* %292 %294 = add i64 %281, -8 %295 = inttoptr i64 %294 to i32* store i32 %293, i32* %295 %296 = add i64 %67, 240 %297 = add i64 %281, -24 %298 = add i64 %281, -16 br label %block_7b8 block_721: ; preds = %block_71d, %block_721.preheader %299 = phi i64 [ %278, %block_71d ], [ %227, %block_721.preheader ] %300 = phi %struct.Memory* [ %300, %block_71d ], [ %243, %block_721.preheader ] %301 = inttoptr i64 %294 to i32* %302 = load i32, i32* %301 %303 = sext i32 %302 to i64 %304 = shl nsw i64 %303, 2 %305 = inttoptr i64 %297 to i64* %306 = load i64, i64* %305 %307 = add i64 %304, %306 %308 = inttoptr i64 %307 to i32* %309 = load i32, i32* %308 %310 = inttoptr i64 %285 to i32* %311 = load i32, i32* %310 %312 = sext i32 %311 to i64 %313 = shl nsw i64 %312, 2 %314 = add i64 %313, %306 %315 = inttoptr i64 %314 to i32* %316 = load i32, i32* %315 %317 = sub i32 %309, %316 %318 = lshr i32 %317, 31 %319 = lshr i32 %309, 31 %320 = lshr i32 %316, 31 %321 = xor i32 %320, %319 %322 = xor i32 %318, %319 %323 = add nuw nsw i32 %322, %321 %324 = icmp eq i32 %323, 2 %325 = icmp ne i32 %317, 0 %326 = icmp ne i32 %318, 0 %327 = xor i1 %326, %324 %328 = xor i1 %327, true %329 = and i1 %325, %328 %330 = select i1 %329, i64 -4, i64 48 %331 = add i64 %299, %330 br i1 %329, label %block_71d, label %block_751 } ; Function Attrs: noinline define %struct.Memory* @sub_854_main(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias) local_unnamed_addr #4 { block_854: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %10 = load i64, i64* %9, align 8 %11 = load i64, i64* %8, align 8, !tbaa !1261 %12 = add i64 %11, -8 %13 = inttoptr i64 %12 to i64* store i64 %10, i64* %13 store i64 %12, i64* %9, align 8, !tbaa !1261 %14 = add i64 %11, -120 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %21 = add i64 %1, 25 %22 = add i64 %11, -128 %23 = inttoptr i64 %22 to i64* store i64 %21, i64* %23 %24 = inttoptr i64 %22 to i64* %25 = load i64, i64* %24 store i64 %25, i64* %3, align 8, !alias.scope !1285, !noalias !1288 store i64 %14, i64* %8, align 8, !alias.scope !1285, !noalias !1288 %26 = tail call i64 @printf(), !noalias !1285 %27 = load i64, i64* %3, align 8 %28 = add i64 %27, 24 %29 = load i64, i64* %8, align 8, !tbaa !1261 %30 = add i64 %29, -8 %31 = inttoptr i64 %30 to i64* store i64 %28, i64* %31 %32 = inttoptr i64 %30 to i64* %33 = load i64, i64* %32 store i64 %33, i64* %3, align 8, !alias.scope !1290, !noalias !1293 store i64 %29, i64* %8, align 8, !alias.scope !1290, !noalias !1293 %34 = tail call i64 @__isoc99_scanf(), !noalias !1290 %35 = load i64, i64* %3, align 8 %36 = add i64 %35, 22 %37 = load i64, i64* %8, align 8, !tbaa !1261 %38 = add i64 %37, -8 %39 = inttoptr i64 %38 to i64* store i64 %36, i64* %39 %40 = inttoptr i64 %38 to i64* %41 = load i64, i64* %40 store i64 %41, i64* %3, align 8, !alias.scope !1295, !noalias !1298 store i64 %37, i64* %8, align 8, !alias.scope !1295, !noalias !1298 %42 = tail call i64 @printf(), !noalias !1295 %43 = load i64, i64* %9, align 8 %44 = add i64 %43, -4 %45 = load i64, i64* %3, align 8 %46 = inttoptr i64 %44 to i32* store i32 0, i32* %46 %47 = add i64 %45, 50 br label %block_8cd block_92e: ; preds = %block_926 store i64 0, i64* %4, align 8, !tbaa !1261 %48 = inttoptr i64 %55 to i64* %49 = load i64, i64* %48 store i64 %49, i64* %9, align 8, !tbaa !1261 %50 = add i64 %55, 8 %51 = inttoptr i64 %50 to i64* %52 = load i64, i64* %51 store i64 %52, i64* %3, align 8, !tbaa !1261 %53 = add i64 %55, 16 store i64 %53, i64* %8, align 8, !tbaa !1261 ret %struct.Memory* %56 block_926: ; preds = %block_906, %block_8d5 %54 = phi i64 [ %112, %block_8d5 ], [ %168, %block_906 ] %55 = phi i64 [ %108, %block_8d5 ], [ %165, %block_906 ] %56 = phi %struct.Memory* [ %99, %block_8d5 ], [ %56, %block_906 ] %57 = add i64 %55, -8 %58 = inttoptr i64 %57 to i32* %59 = load i32, i32* %58 %60 = add i64 %55, -4 %61 = inttoptr i64 %60 to i32* %62 = load i32, i32* %61 %63 = sub i32 %62, %59 %64 = icmp ult i32 %62, %59 %65 = zext i1 %64 to i8 store i8 %65, i8* %15, align 1, !tbaa !1265 %66 = and i32 %63, 255 %67 = tail call i32 @llvm.ctpop.i32(i32 %66) #9 %68 = trunc i32 %67 to i8 %69 = and i8 %68, 1 %70 = xor i8 %69, 1 store i8 %70, i8* %16, align 1, !tbaa !1279 %71 = xor i32 %62, %59 %72 = xor i32 %71, %63 %73 = lshr i32 %72, 4 %74 = trunc i32 %73 to i8 %75 = and i8 %74, 1 store i8 %75, i8* %17, align 1, !tbaa !1283 %76 = icmp eq i32 %63, 0 %77 = zext i1 %76 to i8 store i8 %77, i8* %18, align 1, !tbaa !1280 %78 = lshr i32 %63, 31 %79 = trunc i32 %78 to i8 store i8 %79, i8* %19, align 1, !tbaa !1281 %80 = lshr i32 %62, 31 %81 = lshr i32 %59, 31 %82 = xor i32 %80, %81 %83 = xor i32 %78, %80 %84 = add nuw nsw i32 %83, %82 %85 = icmp eq i32 %84, 2 %86 = zext i1 %85 to i8 store i8 %86, i8* %20, align 1, !tbaa !1282 %87 = icmp ne i8 %79, 0 %88 = xor i1 %87, %85 %89 = select i1 %88, i64 -32, i64 8 %90 = add i64 %54, %89 br i1 %88, label %block_906, label %block_92e block_8d5: ; preds = %block_8cd %91 = add nuw nsw i64 %119, 4294967295 %92 = and i64 %91, 4294967295 store i64 %92, i64* %5, align 8, !tbaa !1261 %93 = add i64 %114, -112 store i64 0, i64* %6, align 8, !tbaa !1261 store i64 %93, i64* %7, align 8, !tbaa !1261 %94 = add i64 %135, -555 %95 = add i64 %135, 23 %96 = load i64, i64* %8, align 8, !tbaa !1261 %97 = add i64 %96, -8 %98 = inttoptr i64 %97 to i64* store i64 %95, i64* %98 store i64 %97, i64* %8, align 8, !tbaa !1261 %99 = tail call %struct.Memory* @sub_6aa_quicksort(%struct.State* nonnull %0, i64 %94, %struct.Memory* %115) %100 = load i64, i64* %3, align 8 store i64 add (i64 ptrtoint (%seg_9c0__rodata_type* @seg_9c0__rodata to i64), i64 73), i64* %7, align 8, !tbaa !1261 %101 = add i64 %100, 17 %102 = load i64, i64* %8, align 8, !tbaa !1261 %103 = add i64 %102, -8 %104 = inttoptr i64 %103 to i64* store i64 %101, i64* %104 %105 = inttoptr i64 %103 to i64* %106 = load i64, i64* %105 store i64 %106, i64* %3, align 8, !alias.scope !1300, !noalias !1303 store i64 %102, i64* %8, align 8, !alias.scope !1300, !noalias !1303 %107 = tail call i64 @printf(), !noalias !1300 %108 = load i64, i64* %9, align 8 %109 = add i64 %108, -4 %110 = load i64, i64* %3, align 8 %111 = inttoptr i64 %109 to i32* store i32 0, i32* %111 %112 = add i64 %110, 41 br label %block_926 block_8cd: ; preds = %block_8a4, %block_854 %113 = phi i64 [ %47, %block_854 ], [ %146, %block_8a4 ] %114 = phi i64 [ %43, %block_854 ], [ %143, %block_8a4 ] %115 = phi %struct.Memory* [ %2, %block_854 ], [ %115, %block_8a4 ] %116 = add i64 %114, -8 %117 = inttoptr i64 %116 to i32* %118 = load i32, i32* %117 %119 = zext i32 %118 to i64 %120 = add i64 %114, -4 %121 = inttoptr i64 %120 to i32* %122 = load i32, i32* %121 %123 = sub i32 %122, %118 %124 = lshr i32 %123, 31 %125 = trunc i32 %124 to i8 %126 = lshr i32 %122, 31 %127 = lshr i32 %118, 31 %128 = xor i32 %126, %127 %129 = xor i32 %124, %126 %130 = add nuw nsw i32 %129, %128 %131 = icmp eq i32 %130, 2 %132 = icmp ne i8 %125, 0 %133 = xor i1 %132, %131 %134 = select i1 %133, i64 -41, i64 8 %135 = add i64 %113, %134 br i1 %133, label %block_8a4, label %block_8d5 block_8a4: ; preds = %block_8cd %136 = add i64 %135, 37 %137 = load i64, i64* %8, align 8, !tbaa !1261 %138 = add i64 %137, -8 %139 = inttoptr i64 %138 to i64* store i64 %136, i64* %139 %140 = inttoptr i64 %138 to i64* %141 = load i64, i64* %140 store i64 %141, i64* %3, align 8, !alias.scope !1305, !noalias !1308 store i64 %137, i64* %8, align 8, !alias.scope !1305, !noalias !1308 %142 = tail call i64 @__isoc99_scanf(), !noalias !1305 %143 = load i64, i64* %9, align 8 %144 = add i64 %143, -4 %145 = load i64, i64* %3, align 8 %146 = add i64 %145, 4 %147 = inttoptr i64 %144 to i32* %148 = load i32, i32* %147 %149 = add i32 %148, 1 %150 = inttoptr i64 %144 to i32* store i32 %149, i32* %150 br label %block_8cd block_906: ; preds = %block_926 %151 = sext i32 %62 to i64 %152 = shl nsw i64 %151, 2 %153 = add i64 %55, -112 %154 = add i64 %153, %152 %155 = inttoptr i64 %154 to i32* %156 = load i32, i32* %155 %157 = zext i32 %156 to i64 store i64 %157, i64* %6, align 8, !tbaa !1261 store i64 add (i64 ptrtoint (%seg_9c0__rodata_type* @seg_9c0__rodata to i64), i64 100), i64* %7, align 8, !tbaa !1261 %158 = add i64 %90, 28 %159 = load i64, i64* %8, align 8, !tbaa !1261 %160 = add i64 %159, -8 %161 = inttoptr i64 %160 to i64* store i64 %158, i64* %161 %162 = inttoptr i64 %160 to i64* %163 = load i64, i64* %162 store i64 %163, i64* %3, align 8, !alias.scope !1310, !noalias !1313 store i64 %159, i64* %8, align 8, !alias.scope !1310, !noalias !1313 %164 = tail call i64 @printf(), !noalias !1310 %165 = load i64, i64* %9, align 8 %166 = add i64 %165, -4 %167 = load i64, i64* %3, align 8 %168 = add i64 %167, 4 %169 = inttoptr i64 %166 to i32* %170 = load i32, i32* %169 %171 = add i32 %170, 1 %172 = inttoptr i64 %166 to i32* store i32 %171, i32* %172 br label %block_926 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_9b4__fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #3 { block_9b4: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, -8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %9 = xor i64 %6, %5 %10 = lshr i64 %9, 4 %11 = trunc i64 %10 to i8 %12 = and i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %15 = lshr i64 %6, 63 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = lshr i64 %5, 63 %18 = xor i64 %15, %17 %19 = add nuw nsw i64 %18, %17 %20 = icmp eq i64 %19, 2 %21 = zext i1 %20 to i8 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %23 = icmp ult i64 %5, 8 %24 = zext i1 %23 to i8 store i8 %24, i8* %7, align 1, !tbaa !1265 %25 = trunc i64 %5 to i32 %26 = and i32 %25, 255 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #9 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %8, align 1, !tbaa !1279 store i8 %12, i8* %13, align 1, !tbaa !1283 %31 = icmp eq i64 %5, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %14, align 1, !tbaa !1280 %33 = trunc i64 %17 to i8 store i8 %33, i8* %16, align 1, !tbaa !1281 store i8 %21, i8* %22, align 1, !tbaa !1282 %34 = inttoptr i64 %5 to i64* %35 = load i64, i64* %34 store i64 %35, i64* %3, align 8, !tbaa !1261 %36 = add i64 %5, 8 store i64 %36, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_6a0_frame_dummy(i64, i64, i64, i64, i64, i64, i64, i64) #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1696, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_6a0_frame_dummy(%struct.State* nonnull @__mcsema_reg_state, i64 1696, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define void @__mcsema_verify_reg_state() local_unnamed_addr #6 { entry: %0 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %1 = icmp eq i64 %0, 0 br i1 %1, label %is_null, label %end is_null: ; preds = %entry store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %end end: ; preds = %is_null, %entry ret void } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_660___do_global_dtors_aux(i64, i64, i64, i64, i64, i64, i64, i64) #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1632, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_660___do_global_dtors_aux(%struct.State* nonnull @__mcsema_reg_state, i64 1632, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: noinline nounwind define %struct.Memory* @__mcsema_detach_call_value(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #3 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 %13 = load i64, i64* %9, align 8 %14 = load i64, i64* %8, align 8 %15 = load i64, i64* %7, align 8 %16 = load i64, i64* %6, align 8 %17 = load i64, i64* %11, align 8 %18 = load i64, i64* %12, align 8 %19 = load i64, i64* %10, align 8 %20 = add i64 %19, 8 %21 = inttoptr i64 %20 to i64* %22 = load i64, i64* %21 %23 = add i64 %19, 16 %24 = inttoptr i64 %23 to i64* %25 = load i64, i64* %24 %26 = inttoptr i64 %1 to i64 (i64, i64, i64, i64, i64, i64, i64, i64)* %27 = tail call i64 %26(i64 %13, i64 %14, i64 %15, i64 %16, i64 %17, i64 %18, i64 %22, i64 %25) #9 store i64 %27, i64* %5, align 8 %28 = inttoptr i64 %19 to i64* %29 = load i64, i64* %28 store i64 %29, i64* %4, align 8 store i64 %20, i64* %10, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_9b0___libc_csu_fini() #5 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 2480, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_9b0___libc_csu_fini(%struct.State* nonnull @__mcsema_reg_state, i64 2480, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_940___libc_csu_init() #5 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 2368, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_940___libc_csu_init(%struct.State* nonnull @__mcsema_reg_state, i64 2368, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline define i64 @main(i64, i64, i64) #7 { %4 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %3 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %3 %6 = phi i64 [ %4, %3 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 2132, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %7 = load volatile i1, i1* @0, align 1 br i1 %7, label %__mcsema_early_init.exit, label %8 ; <label>:8: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %8, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 %9 = add i64 %6, -8 store i64 %9, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = tail call %struct.Memory* @sub_854_main(%struct.State* nonnull @__mcsema_reg_state, i64 2132, %struct.Memory* null) store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %11 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %11 } ; Function Attrs: alwaysinline inlinehint define %struct.Memory* @ext_201440_printf(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #8 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i64* %9 = load i64, i64* %8 store i64 %9, i64* %4, align 8 %10 = add i64 %7, 8 store i64 %10, i64* %6, align 8 %11 = tail call i64 @printf() store i64 %11, i64* %5, align 8 ret %struct.Memory* %2 } ; Function Attrs: alwaysinline inlinehint define %struct.Memory* @ext_201438___isoc99_scanf(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias returned) local_unnamed_addr #8 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i64* %9 = load i64, i64* %8 store i64 %9, i64* %4, align 8 %10 = add i64 %7, 8 store i64 %10, i64* %6, align 8 %11 = tail call i64 @__isoc99_scanf() store i64 %11, i64* %5, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline nounwind define i64 @targ590(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1424, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_590_targ590(%struct.State* nonnull @__mcsema_reg_state, i64 1424, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nobuiltin noinline nounwind define i64 @quicksort(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #5 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1706, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_6aa_quicksort(%struct.State* nonnull @__mcsema_reg_state, i64 1706, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nounwind define internal void @__mcsema_destructor() #9 { %1 = tail call i64 @callback_sub_9b0___libc_csu_fini() ret void } ; Function Attrs: nounwind define internal void @__mcsema_constructor() #9 { %1 = load volatile i1, i1* @0, align 1 br i1 %1, label %__mcsema_early_init.exit, label %2 ; <label>:2: ; preds = %0 store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %2, %0 %3 = tail call i64 @callback_sub_940___libc_csu_init() ret void } ; Function Attrs: noinline optnone define %struct.State* @__mcsema_debug_get_reg_state() #10 { ret %struct.State* @__mcsema_reg_state } ; Function Attrs: noreturn nounwind declare void @llvm.trap() #11 attributes #0 = { nounwind readnone } attributes #1 = { noduplicate noinline nounwind optnone "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #2 = { noinline } attributes #3 = { noinline nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #4 = { noinline "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #5 = { nobuiltin noinline nounwind } attributes #6 = { norecurse nounwind } attributes #7 = { nobuiltin noinline } attributes #8 = { alwaysinline inlinehint "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #9 = { nounwind } attributes #10 = { noinline optnone } attributes #11 = { noreturn nounwind } !llvm.ident = !{!0, !0} !llvm.dbg.cu = !{!1} !llvm.module.flags = !{!1259, !1260}

Optimised:
; ModuleID = 'opt_lifted.bc' source_filename = "llvm-link" target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128" target triple = "x86_64-pc-linux-gnu-elf" %seg_9c0__rodata_type = type <{ [104 x i8] }> %seg_200db0__init_array_type = type <{ i64, i64 }> %seg_200fb0__got_type = type <{ [80 x i8] }> %seg_201000__data_type = type <{ [8 x i8], i64 }> %seg_201010__bss_type = type <{ [8 x i8] }> %struct.State = type { %struct.ArchState, [32 x %union.VectorReg], %struct.ArithFlags, %union.anon, %struct.Segments, %struct.AddressSpace, %struct.GPR, %struct.X87Stack, %struct.MMX, %struct.FPUStatusFlags, %union.anon, %union.FPU, %struct.SegmentCaches } %struct.ArchState = type { i32, i32, %union.anon } %union.VectorReg = type { %union.vec512_t } %union.vec512_t = type { %struct.uint64v8_t } %struct.uint64v8_t = type { [8 x i64] } %struct.ArithFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8 } %struct.Segments = type { i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector } %union.SegmentSelector = type { i16 } %struct.AddressSpace = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.Reg = type { %union.anon } %struct.GPR = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg } %struct.X87Stack = type { [8 x %struct.anon.3] } %struct.anon.3 = type { i64, double } %struct.MMX = type { [8 x %struct.anon.4] } %struct.anon.4 = type { i64, %union.vec64_t } %union.vec64_t = type { %struct.uint64v1_t } %struct.uint64v1_t = type { [1 x i64] } %struct.FPUStatusFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, [4 x i8] } %union.anon = type { i64 } %union.FPU = type { %struct.anon.13 } %struct.anon.13 = type { %struct.FpuFXSAVE, [96 x i8] } %struct.FpuFXSAVE = type { %union.SegmentSelector, %union.SegmentSelector, %union.FPUAbridgedTagWord, i8, i16, i32, %union.SegmentSelector, i16, i32, %union.SegmentSelector, i16, %union.FPUControlStatus, %union.FPUControlStatus, [8 x %struct.FPUStackElem], [16 x %union.vec128_t] } %union.FPUAbridgedTagWord = type { i8 } %union.FPUControlStatus = type { i32 } %struct.FPUStackElem = type { %union.anon.11, [6 x i8] } %union.anon.11 = type { %struct.float80_t } %struct.float80_t = type { [10 x i8] } %union.vec128_t = type { %struct.uint128v1_t } %struct.uint128v1_t = type { [1 x i128] } %struct.SegmentCaches = type { %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow } %struct.SegmentShadow = type { %union.anon, i32, i32 } %struct.Memory = type opaque @seg_9c0__rodata = internal constant %seg_9c0__rodata_type <{ [104 x i8] c"\01\00\02\00\00\00\00\00How many elements are u going to enter?: \00%d\00Enter %d elements: \00Order of Sorted elements: \00 %d\00" }> @seg_200db0__init_array = internal global %seg_200db0__init_array_type <{ i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_6a0_frame_dummy to i64), i64 ptrtoint (i64 (i64, i64, i64, i64, i64, i64, i64, i64)* @callback_sub_660___do_global_dtors_aux to i64) }> @seg_200fb0__got = internal global %seg_200fb0__got_type <{ [80 x i8] c"\C0\0D \00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00v\05\00\00\00\00\00\00\86\05\00\00\00\00\00\00H\14 \00\00\00\00\00P\14 \00\00\00\00\00X\14 \00\00\00\00\00`\14 \00\00\00\00\00h\14 \00\00\00\00\00" }> @seg_201000__data = internal global %seg_201000__data_type <{ [8 x i8] zeroinitializer, i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) }> @seg_201010__bss = internal global %seg_201010__bss_type zeroinitializer @__mcsema_reg_state = internal thread_local global %struct.State zeroinitializer @__mcsema_stack = internal thread_local global [131072 x i64] zeroinitializer @__mcsema_tls = internal thread_local global [512 x i64] zeroinitializer @0 = internal global i1 false @llvm.global_dtors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_destructor, i8* null }] @llvm.global_ctors = appending constant [1 x { i32, void ()*, i8* }] [{ i32, void ()*, i8* } { i32 101, void ()* @__mcsema_constructor, i8* null }] ; Function Attrs: nounwind readnone declare i32 @llvm.ctpop.i32(i32) #0 ; Function Attrs: noduplicate noinline noreturn nounwind optnone define %struct.Memory* @__remill_error(%struct.State* dereferenceable(3376), i64, %struct.Memory*) local_unnamed_addr #1 { call void @llvm.trap() unreachable } ; Function Attrs: noinline declare x86_64_sysvcc i64 @printf() local_unnamed_addr #2 ; Function Attrs: noinline declare x86_64_sysvcc i64 @__isoc99_scanf() local_unnamed_addr #2 ; Function Attrs: noinline nounwind define %struct.Memory* @sub_548__init(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #3 { block_548: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, -8 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %14 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 56) to i64*), align 8 store i64 %14, i64* %4, align 8, !tbaa !1261 store i8 0, i8* %8, align 1, !tbaa !1265 %15 = trunc i64 %14 to i32 %16 = and i32 %15, 255 %17 = tail call i32 @llvm.ctpop.i32(i32 %16) #12 %18 = trunc i32 %17 to i8 %19 = and i8 %18, 1 %20 = xor i8 %19, 1 store i8 %20, i8* %9, align 1, !tbaa !1279 %21 = icmp eq i64 %14, 0 %22 = zext i1 %21 to i8 store i8 %22, i8* %11, align 1, !tbaa !1280 %23 = lshr i64 %14, 63 %24 = trunc i64 %23 to i8 store i8 %24, i8* %12, align 1, !tbaa !1281 store i8 0, i8* %13, align 1, !tbaa !1282 store i8 0, i8* %10, align 1, !tbaa !1283 br i1 %21, label %block_55a, label %block_558 block_55a: ; preds = %block_558, %block_548 %25 = phi i64 [ %7, %block_548 ], [ %56, %block_558 ] %26 = phi %struct.Memory* [ %2, %block_548 ], [ %55, %block_558 ] %27 = add i64 %25, 8 %28 = icmp ugt i64 %25, -9 %29 = zext i1 %28 to i8 store i8 %29, i8* %8, align 1, !tbaa !1265 %30 = trunc i64 %27 to i32 %31 = and i32 %30, 255 %32 = tail call i32 @llvm.ctpop.i32(i32 %31) #12 %33 = trunc i32 %32 to i8 %34 = and i8 %33, 1 %35 = xor i8 %34, 1 store i8 %35, i8* %9, align 1, !tbaa !1279 %36 = xor i64 %27, %25 %37 = lshr i64 %36, 4 %38 = trunc i64 %37 to i8 %39 = and i8 %38, 1 store i8 %39, i8* %10, align 1, !tbaa !1283 %40 = icmp eq i64 %27, 0 %41 = zext i1 %40 to i8 store i8 %41, i8* %11, align 1, !tbaa !1280 %42 = lshr i64 %27, 63 %43 = trunc i64 %42 to i8 store i8 %43, i8* %12, align 1, !tbaa !1281 %44 = lshr i64 %25, 63 %45 = xor i64 %42, %44 %46 = add nuw nsw i64 %45, %42 %47 = icmp eq i64 %46, 2 %48 = zext i1 %47 to i8 store i8 %48, i8* %13, align 1, !tbaa !1282 %49 = inttoptr i64 %27 to i64* %50 = load i64, i64* %49, align 8 store i64 %50, i64* %3, align 8, !tbaa !1261 %51 = add i64 %25, 16 store i64 %51, i64* %5, align 8, !tbaa !1261 ret %struct.Memory* %26 block_558: ; preds = %block_548 %52 = add i64 %1, 18 %53 = add i64 %6, -16 %54 = inttoptr i64 %53 to i64* store i64 %52, i64* %54, align 8 store i64 %53, i64* %5, align 8, !tbaa !1261 store i64 %14, i64* %3, align 8, !tbaa !1261 %55 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %14, %struct.Memory* %2) %56 = load i64, i64* %5, align 8 br label %block_55a } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_5d0_deregister_tm_clones(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #4 { block_600: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %5, align 8, !tbaa !1261 %8 = load i64, i64* %7, align 8 %9 = load i64, i64* %6, align 8, !tbaa !1261 %10 = add i64 %9, -8 %11 = inttoptr i64 %10 to i64* store i64 %8, i64* %11, align 8 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %4, align 8, !tbaa !1261 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %12, align 1, !tbaa !1265 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 1, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 and (i8 trunc (i64 lshr (i64 xor (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64)), i64 4) to i8), i8 1), i8* %14, align 1, !tbaa !1283 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 1, i8* %15, align 1, !tbaa !1280 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 0, i8* %16, align 1, !tbaa !1281 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 zext (i1 icmp eq (i64 add (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 xor (i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63), i64 lshr (i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64 63))), i64 2) to i8), i8* %17, align 1, !tbaa !1282 %18 = load i64, i64* %11, align 8 store i64 %18, i64* %7, align 8, !tbaa !1261 %19 = inttoptr i64 %9 to i64* %20 = load i64, i64* %19, align 8 store i64 %20, i64* %3, align 8, !tbaa !1261 %21 = add i64 %9, 8 store i64 %21, i64* %6, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_9b0___libc_csu_fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #4 { block_9b0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8, !tbaa !1261 %6 = inttoptr i64 %5 to i64* %7 = load i64, i64* %6, align 8 store i64 %7, i64* %3, align 8, !tbaa !1261 %8 = add i64 %5, 8 store i64 %8, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_590_targ590(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_590: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 72) to i64*), align 8 store i64 %4, i64* %3, align 8, !tbaa !1261 %5 = icmp eq i64 %4, 1430 br i1 %5, label %block_596, label %7 block_596: ; preds = %block_590 %6 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull undef, i64 undef, %struct.Memory* undef) unreachable ; <label>:7: ; preds = %block_590 %8 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %4, %struct.Memory* %2) ret %struct.Memory* %8 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_6a0_frame_dummy(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #4 { block_6a0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = load i64, i64* %3, align 8, !tbaa !1261 %7 = add i64 %6, -8 %8 = inttoptr i64 %7 to i64* store i64 %5, i64* %8, align 8 store i64 %5, i64* %4, align 8, !tbaa !1261 store i64 %6, i64* %3, align 8, !tbaa !1261 %9 = tail call %struct.Memory* @sub_610_register_tm_clones(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) ret %struct.Memory* %9 } ; Function Attrs: noinline norecurse nounwind define %struct.Memory* @sub_610_register_tm_clones(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #4 { block_650: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 store i64 ptrtoint (%seg_201010__bss_type* @seg_201010__bss to i64), i64* %6, align 8, !tbaa !1261 %9 = load i64, i64* %8, align 8 %10 = load i64, i64* %7, align 8, !tbaa !1261 %11 = add i64 %10, -8 %12 = inttoptr i64 %11 to i64* store i64 %9, i64* %12, align 8 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 0, i64* %4, align 8, !tbaa !1261 store i64 0, i64* %5, align 8, !tbaa !1261 store i8 0, i8* %13, align 1, !tbaa !1284 store i8 1, i8* %14, align 1, !tbaa !1284 store i8 0, i8* %15, align 1, !tbaa !1284 store i8 1, i8* %16, align 1, !tbaa !1284 store i8 0, i8* %17, align 1, !tbaa !1284 store i8 0, i8* %18, align 1, !tbaa !1284 %19 = load i64, i64* %12, align 8 store i64 %19, i64* %8, align 8, !tbaa !1261 %20 = inttoptr i64 %10 to i64* %21 = load i64, i64* %20, align 8 store i64 %21, i64* %3, align 8, !tbaa !1261 %22 = add i64 %10, 8 store i64 %22, i64* %7, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_940___libc_csu_init(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #3 { block_940: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 27, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 3, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %11 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 25, i32 0, i32 0 %15 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 29, i32 0, i32 0 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 31, i32 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = load i64, i64* %12, align 8, !tbaa !1261 %20 = add i64 %19, -8 %21 = inttoptr i64 %20 to i64* store i64 %18, i64* %21, align 8 %22 = load i64, i64* %16, align 8 %23 = add i64 %19, -16 %24 = inttoptr i64 %23 to i64* store i64 %22, i64* %24, align 8 %25 = load i64, i64* %9, align 8 store i64 %25, i64* %17, align 8, !tbaa !1261 %26 = load i64, i64* %15, align 8 %27 = add i64 %19, -24 %28 = inttoptr i64 %27 to i64* store i64 %26, i64* %28, align 8 %29 = load i64, i64* %14, align 8 %30 = add i64 %19, -32 %31 = inttoptr i64 %30 to i64* store i64 %29, i64* %31, align 8 store i64 ptrtoint (%seg_200db0__init_array_type* @seg_200db0__init_array to i64), i64* %14, align 8, !tbaa !1261 %32 = load i64, i64* %13, align 8 %33 = add i64 %19, -40 %34 = inttoptr i64 %33 to i64* store i64 %32, i64* %34, align 8 %35 = load i64, i64* %8, align 8 %36 = add i64 %19, -48 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37, align 8 %38 = load i32, i32* %5, align 4 %39 = zext i32 %38 to i64 store i64 %39, i64* %15, align 8, !tbaa !1261 %40 = load i64, i64* %10, align 8 store i64 %40, i64* %16, align 8, !tbaa !1261 %41 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %42 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %43 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %44 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %45 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %46 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i64 ashr (i64 sub (i64 add (i64 ptrtoint (%seg_200db0__init_array_type* @seg_200db0__init_array to i64), i64 8), i64 ptrtoint (%seg_200db0__init_array_type* @seg_200db0__init_array to i64)), i64 3), i64* %13, align 8, !tbaa !1261 %47 = add i64 %1, -1016 %48 = add i64 %1, 49 %49 = add i64 %19, -64 %50 = inttoptr i64 %49 to i64* store i64 %48, i64* %50, align 8 store i64 %49, i64* %12, align 8, !tbaa !1261 %51 = tail call %struct.Memory* @sub_548__init(%struct.State* nonnull %0, i64 %47, %struct.Memory* %2) %52 = load i64, i64* %13, align 8 %53 = icmp eq i64 %52, 0 br i1 %53, label %block_996, label %block_976 block_996.loopexit: ; preds = %block_980 br label %block_996 block_996: ; preds = %block_996.loopexit, %block_940 %54 = load i64, i64* %12, align 8 %55 = add i64 %54, 8 %56 = icmp ugt i64 %54, -9 %57 = zext i1 %56 to i8 store i8 %57, i8* %41, align 1, !tbaa !1265 %58 = trunc i64 %55 to i32 %59 = and i32 %58, 255 %60 = tail call i32 @llvm.ctpop.i32(i32 %59) #12 %61 = trunc i32 %60 to i8 %62 = and i8 %61, 1 %63 = xor i8 %62, 1 store i8 %63, i8* %42, align 1, !tbaa !1279 %64 = xor i64 %55, %54 %65 = lshr i64 %64, 4 %66 = trunc i64 %65 to i8 %67 = and i8 %66, 1 store i8 %67, i8* %43, align 1, !tbaa !1283 %68 = icmp eq i64 %55, 0 %69 = zext i1 %68 to i8 store i8 %69, i8* %44, align 1, !tbaa !1280 %70 = lshr i64 %55, 63 %71 = trunc i64 %70 to i8 store i8 %71, i8* %45, align 1, !tbaa !1281 %72 = lshr i64 %54, 63 %73 = xor i64 %70, %72 %74 = add nuw nsw i64 %73, %70 %75 = icmp eq i64 %74, 2 %76 = zext i1 %75 to i8 store i8 %76, i8* %46, align 1, !tbaa !1282 %77 = add i64 %54, 16 %78 = inttoptr i64 %55 to i64* %79 = load i64, i64* %78, align 8 store i64 %79, i64* %8, align 8, !tbaa !1261 %80 = add i64 %54, 24 %81 = inttoptr i64 %77 to i64* %82 = load i64, i64* %81, align 8 store i64 %82, i64* %13, align 8, !tbaa !1261 %83 = add i64 %54, 32 %84 = inttoptr i64 %80 to i64* %85 = load i64, i64* %84, align 8 store i64 %85, i64* %14, align 8, !tbaa !1261 %86 = add i64 %54, 40 %87 = inttoptr i64 %83 to i64* %88 = load i64, i64* %87, align 8 store i64 %88, i64* %15, align 8, !tbaa !1261 %89 = add i64 %54, 48 %90 = inttoptr i64 %86 to i64* %91 = load i64, i64* %90, align 8 store i64 %91, i64* %16, align 8, !tbaa !1261 %92 = add i64 %54, 56 %93 = inttoptr i64 %89 to i64* %94 = load i64, i64* %93, align 8 store i64 %94, i64* %17, align 8, !tbaa !1261 %95 = inttoptr i64 %92 to i64* %96 = load i64, i64* %95, align 8 store i64 %96, i64* %3, align 8, !tbaa !1261 %97 = add i64 %54, 64 store i64 %97, i64* %12, align 8, !tbaa !1261 ret %struct.Memory* %51 block_980: ; preds = %block_976, %block_980 %98 = phi i64 [ 0, %block_976 ], [ %116, %block_980 ] %99 = phi i64 [ %146, %block_976 ], [ %144, %block_980 ] %100 = load i64, i64* %17, align 8 store i64 %100, i64* %9, align 8, !tbaa !1261 %101 = load i64, i64* %16, align 8 store i64 %101, i64* %10, align 8, !tbaa !1261 %102 = load i32, i32* %7, align 4 %103 = zext i32 %102 to i64 store i64 %103, i64* %11, align 8, !tbaa !1261 %104 = load i64, i64* %14, align 8 %105 = shl i64 %98, 3 %106 = add i64 %104, %105 %107 = add i64 %99, 13 %108 = load i64, i64* %12, align 8, !tbaa !1261 %109 = add i64 %108, -8 %110 = inttoptr i64 %109 to i64* store i64 %107, i64* %110, align 8 store i64 %109, i64* %12, align 8, !tbaa !1261 %111 = inttoptr i64 %106 to i64* %112 = load i64, i64* %111, align 8 store i64 %112, i64* %3, align 8, !tbaa !1261 %113 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %112, %struct.Memory* %51) %114 = load i64, i64* %8, align 8 %115 = load i64, i64* %3, align 8 %116 = add i64 %114, 1 store i64 %116, i64* %8, align 8, !tbaa !1261 %117 = lshr i64 %116, 63 %118 = load i64, i64* %13, align 8 %119 = sub i64 %118, %116 %120 = icmp ult i64 %118, %116 %121 = zext i1 %120 to i8 store i8 %121, i8* %41, align 1, !tbaa !1265 %122 = trunc i64 %119 to i32 %123 = and i32 %122, 255 %124 = tail call i32 @llvm.ctpop.i32(i32 %123) #12 %125 = trunc i32 %124 to i8 %126 = and i8 %125, 1 %127 = xor i8 %126, 1 store i8 %127, i8* %42, align 1, !tbaa !1279 %128 = xor i64 %118, %116 %129 = xor i64 %128, %119 %130 = lshr i64 %129, 4 %131 = trunc i64 %130 to i8 %132 = and i8 %131, 1 store i8 %132, i8* %43, align 1, !tbaa !1283 %133 = icmp eq i64 %119, 0 %134 = zext i1 %133 to i8 store i8 %134, i8* %44, align 1, !tbaa !1280 %135 = lshr i64 %119, 63 %136 = trunc i64 %135 to i8 store i8 %136, i8* %45, align 1, !tbaa !1281 %137 = lshr i64 %118, 63 %138 = xor i64 %137, %117 %139 = xor i64 %135, %137 %140 = add nuw nsw i64 %139, %138 %141 = icmp eq i64 %140, 2 %142 = zext i1 %141 to i8 store i8 %142, i8* %46, align 1, !tbaa !1282 %143 = select i1 %133, i64 9, i64 -13 %144 = add i64 %143, %115 br i1 %133, label %block_996.loopexit, label %block_980 block_976: ; preds = %block_940 %145 = load i64, i64* %3, align 8 store i64 0, i64* %8, align 8, !tbaa !1261 store i8 0, i8* %41, align 1, !tbaa !1265 store i8 1, i8* %42, align 1, !tbaa !1279 store i8 1, i8* %44, align 1, !tbaa !1280 store i8 0, i8* %45, align 1, !tbaa !1281 store i8 0, i8* %46, align 1, !tbaa !1282 store i8 0, i8* %43, align 1, !tbaa !1283 %146 = add i64 %145, 15 br label %block_980 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_660___do_global_dtors_aux(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #3 { block_660: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %6 = load i8, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i64 0, i32 0, i64 0), align 8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 store i8 0, i8* %7, align 1, !tbaa !1265 %8 = zext i8 %6 to i32 %9 = tail call i32 @llvm.ctpop.i32(i32 %8) #12 %10 = trunc i32 %9 to i8 %11 = and i8 %10, 1 %12 = xor i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 store i8 %12, i8* %13, align 1, !tbaa !1279 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 store i8 0, i8* %14, align 1, !tbaa !1283 %15 = icmp eq i8 %6, 0 %16 = zext i1 %15 to i8 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 store i8 %16, i8* %17, align 1, !tbaa !1280 %18 = lshr i8 %6, 7 %19 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 store i8 %18, i8* %19, align 1, !tbaa !1281 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 store i8 0, i8* %20, align 1, !tbaa !1282 %21 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 br i1 %15, label %block_669, label %block_698 block_677: ; preds = %block_669 %22 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_201000__data_type* @seg_201000__data to i64), i64 8) to i64*), align 8 store i64 %22, i64* %4, align 8, !tbaa !1261 %23 = add i64 %46, 12 %24 = add i64 %42, -16 %25 = inttoptr i64 %24 to i64* store i64 %23, i64* %25, align 8 store i64 %24, i64* %21, align 8, !tbaa !1261 %26 = tail call %struct.Memory* @sub_590_targ590(%struct.State* nonnull %0, i64 undef, %struct.Memory* %2) %27 = load i64, i64* %3, align 8 %28 = load i64, i64* %21, align 8, !tbaa !1261 br label %block_683 block_669: ; preds = %block_660 %29 = add i64 %1, 9 %30 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 72) to i64*), align 8 store i8 0, i8* %7, align 1, !tbaa !1265 %31 = trunc i64 %30 to i32 %32 = and i32 %31, 255 %33 = tail call i32 @llvm.ctpop.i32(i32 %32) #12 %34 = trunc i32 %33 to i8 %35 = and i8 %34, 1 %36 = xor i8 %35, 1 store i8 %36, i8* %13, align 1, !tbaa !1279 store i8 0, i8* %14, align 1, !tbaa !1283 %37 = icmp eq i64 %30, 0 %38 = zext i1 %37 to i8 store i8 %38, i8* %17, align 1, !tbaa !1280 %39 = lshr i64 %30, 63 %40 = trunc i64 %39 to i8 store i8 %40, i8* %19, align 1, !tbaa !1281 store i8 0, i8* %20, align 1, !tbaa !1282 %41 = load i64, i64* %5, align 8 %42 = load i64, i64* %21, align 8, !tbaa !1261 %43 = add i64 %42, -8 %44 = inttoptr i64 %43 to i64* store i64 %41, i64* %44, align 8 store i64 %43, i64* %5, align 8, !tbaa !1261 %45 = select i1 %37, i64 26, i64 14 %46 = add i64 %29, %45 br i1 %37, label %block_683, label %block_677 block_698: ; preds = %block_660 %47 = load i64, i64* %21, align 8, !tbaa !1261 %48 = inttoptr i64 %47 to i64* %49 = load i64, i64* %48, align 8 store i64 %49, i64* %3, align 8, !tbaa !1261 %50 = add i64 %47, 8 store i64 %50, i64* %21, align 8, !tbaa !1261 ret %struct.Memory* %2 block_683: ; preds = %block_669, %block_677 %51 = phi i64 [ %43, %block_669 ], [ %28, %block_677 ] %52 = phi i64 [ %46, %block_669 ], [ %27, %block_677 ] %53 = phi %struct.Memory* [ %2, %block_669 ], [ %26, %block_677 ] %54 = add i64 %52, 5 %55 = add i64 %51, -8 %56 = inttoptr i64 %55 to i64* store i64 %54, i64* %56, align 8 store i64 %55, i64* %21, align 8, !tbaa !1261 %57 = tail call %struct.Memory* @sub_5d0_deregister_tm_clones(%struct.State* nonnull %0, i64 undef, %struct.Memory* %53) store i8 1, i8* getelementptr inbounds (%seg_201010__bss_type, %seg_201010__bss_type* @seg_201010__bss, i64 0, i32 0, i64 0), align 8 %58 = load i64, i64* %21, align 8, !tbaa !1261 %59 = add i64 %58, 8 %60 = inttoptr i64 %58 to i64* %61 = load i64, i64* %60, align 8 store i64 %61, i64* %5, align 8, !tbaa !1261 %62 = inttoptr i64 %59 to i64* %63 = load i64, i64* %62, align 8 store i64 %63, i64* %3, align 8, !tbaa !1261 %64 = add i64 %58, 16 store i64 %64, i64* %21, align 8, !tbaa !1261 ret %struct.Memory* %57 } ; Function Attrs: noinline noreturn nounwind define noalias nonnull %struct.Memory* @sub_5a0__start(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #5 { block_5a0: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 store i64 0, i64* %10, align 8, !tbaa !1261 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %18 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %19 = load i64, i64* %6, align 8 store i64 %19, i64* %12, align 8, !tbaa !1261 %20 = load i64, i64* %9, align 8, !tbaa !1261 %21 = add i64 %20, 8 %22 = inttoptr i64 %20 to i64* %23 = load i64, i64* %22, align 8 store i64 %23, i64* %7, align 8, !tbaa !1261 store i64 %21, i64* %6, align 8, !tbaa !1261 %24 = and i64 %21, -16 store i8 0, i8* %13, align 1, !tbaa !1265 %25 = trunc i64 %21 to i32 %26 = and i32 %25, 240 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #12 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %14, align 1, !tbaa !1279 %31 = icmp eq i64 %24, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %15, align 1, !tbaa !1280 %33 = lshr i64 %21, 63 %34 = trunc i64 %33 to i8 store i8 %34, i8* %16, align 1, !tbaa !1281 store i8 0, i8* %17, align 1, !tbaa !1282 store i8 0, i8* %18, align 1, !tbaa !1283 %35 = load i64, i64* %4, align 8 %36 = add i64 %24, -8 %37 = inttoptr i64 %36 to i64* store i64 %35, i64* %37, align 8 %38 = add i64 %24, -16 %39 = inttoptr i64 %38 to i64* store i64 %36, i64* %39, align 16 store i64 ptrtoint (i64 ()* @callback_sub_9b0___libc_csu_fini to i64), i64* %11, align 8, !tbaa !1261 store i64 ptrtoint (i64 ()* @callback_sub_940___libc_csu_init to i64), i64* %5, align 8, !tbaa !1261 store i64 ptrtoint (i64 (i64, i64, i64)* @main to i64), i64* %8, align 8, !tbaa !1261 %40 = add i64 %1, 42 %41 = add i64 %24, -24 %42 = inttoptr i64 %41 to i64* store i64 %40, i64* %42, align 8 store i64 %41, i64* %9, align 8, !tbaa !1261 %43 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (%seg_200fb0__got_type* @seg_200fb0__got to i64), i64 48) to i64*), align 16 store i64 %43, i64* %3, align 8, !tbaa !1261 %44 = tail call %struct.Memory* @__mcsema_detach_call_value(%struct.State* nonnull %0, i64 %43, %struct.Memory* %2) %45 = load i64, i64* %3, align 8 %46 = add i64 %45, 1 store i64 %46, i64* %3, align 8 %47 = tail call %struct.Memory* @__remill_error(%struct.State* nonnull undef, i64 undef, %struct.Memory* undef) unreachable } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_6aa_quicksort(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #3 { block_6aa: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0 %5 = bitcast %union.anon* %4 to i32* %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0 %7 = bitcast %union.anon* %6 to i32* %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %10 = getelementptr inbounds %union.anon, %union.anon* %4, i64 0, i32 0 %11 = getelementptr inbounds %union.anon, %union.anon* %6, i64 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %15 = load i64, i64* %14, align 8 %16 = load i64, i64* %13, align 8, !tbaa !1261 %17 = add i64 %16, -8 %18 = inttoptr i64 %17 to i64* store i64 %15, i64* %18, align 8 store i64 %17, i64* %14, align 8, !tbaa !1261 %19 = add i64 %16, -40 store i64 %19, i64* %13, align 8, !tbaa !1261 %20 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %21 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %23 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %24 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %25 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %26 = add i64 %16, -32 %27 = load i64, i64* %12, align 8 %28 = inttoptr i64 %26 to i64* store i64 %27, i64* %28, align 8 %29 = add i64 %16, -36 %30 = load i32, i32* %7, align 4 %31 = inttoptr i64 %29 to i32* store i32 %30, i32* %31, align 4 %32 = load i32, i32* %5, align 4 %33 = inttoptr i64 %19 to i32* store i32 %32, i32* %33, align 4 %34 = load i32, i32* %31, align 4 %35 = zext i32 %34 to i64 store i64 %35, i64* %8, align 8, !tbaa !1261 %36 = load i32, i32* %33, align 4 %37 = sub i32 %34, %36 %38 = icmp ult i32 %34, %36 %39 = zext i1 %38 to i8 store i8 %39, i8* %20, align 1, !tbaa !1265 %40 = and i32 %37, 255 %41 = tail call i32 @llvm.ctpop.i32(i32 %40) #12 %42 = trunc i32 %41 to i8 %43 = and i8 %42, 1 %44 = xor i8 %43, 1 store i8 %44, i8* %21, align 1, !tbaa !1279 %45 = xor i32 %36, %34 %46 = xor i32 %45, %37 %47 = lshr i32 %46, 4 %48 = trunc i32 %47 to i8 %49 = and i8 %48, 1 store i8 %49, i8* %22, align 1, !tbaa !1283 %50 = icmp eq i32 %37, 0 %51 = zext i1 %50 to i8 store i8 %51, i8* %23, align 1, !tbaa !1280 %52 = lshr i32 %37, 31 %53 = trunc i32 %52 to i8 store i8 %53, i8* %24, align 1, !tbaa !1281 %54 = lshr i32 %34, 31 %55 = lshr i32 %36, 31 %56 = xor i32 %55, %54 %57 = xor i32 %52, %54 %58 = add nuw nsw i32 %57, %56 %59 = icmp eq i32 %58, 2 %60 = zext i1 %59 to i8 store i8 %60, i8* %25, align 1, !tbaa !1282 %61 = icmp ne i8 %53, 0 %62 = xor i1 %61, %59 br i1 %62, label %block_6c8, label %block_851 block_7c4.loopexit: ; preds = %block_7b8.backedge br label %block_7c4 block_7c4: ; preds = %block_7c4.loopexit, %block_6c8 %.lcssa8 = phi i64 [ %278, %block_6c8 ], [ %201, %block_7c4.loopexit ] %63 = load i32, i32* %254, align 4 %64 = sext i32 %63 to i64 %65 = shl nsw i64 %64, 2 %66 = load i64, i64* %279, align 8 %67 = add i64 %65, %66 %68 = inttoptr i64 %67 to i32* %69 = load i32, i32* %68, align 4 store i32 %69, i32* %280, align 4 %70 = load i32, i32* %262, align 4 %71 = sext i32 %70 to i64 %72 = shl nsw i64 %71, 2 %73 = load i64, i64* %279, align 8 %74 = add i64 %72, %73 %75 = load i64, i64* %14, align 8 %76 = add i64 %75, -12 %77 = inttoptr i64 %76 to i32* %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = shl nsw i64 %79, 2 %81 = add i64 %75, -24 %82 = inttoptr i64 %81 to i64* %83 = load i64, i64* %82, align 8 %84 = add i64 %80, %83 %85 = inttoptr i64 %74 to i32* %86 = load i32, i32* %85, align 4 %87 = inttoptr i64 %84 to i32* store i32 %86, i32* %87, align 4 %88 = add i64 %75, -8 %89 = inttoptr i64 %88 to i32* %90 = load i32, i32* %89, align 4 %91 = sext i32 %90 to i64 %92 = shl nsw i64 %91, 2 %93 = load i64, i64* %82, align 8 %94 = add i64 %92, %93 %95 = load i64, i64* %14, align 8 %96 = add i64 %95, -16 %97 = inttoptr i64 %96 to i32* %98 = load i32, i32* %97, align 4 %99 = inttoptr i64 %94 to i32* store i32 %98, i32* %99, align 4 %100 = add i64 %95, -8 %101 = inttoptr i64 %100 to i32* %102 = load i32, i32* %101, align 4 %103 = zext i32 %102 to i64 %104 = add nuw nsw i64 %103, 4294967295 %105 = and i64 %104, 4294967295 store i64 %105, i64* %10, align 8, !tbaa !1261 %106 = add i64 %95, -28 %107 = inttoptr i64 %106 to i32* %108 = load i32, i32* %107, align 4 %109 = zext i32 %108 to i64 store i64 %109, i64* %9, align 8, !tbaa !1261 %110 = add i64 %95, -24 %111 = inttoptr i64 %110 to i64* %112 = load i64, i64* %111, align 8 store i64 %109, i64* %11, align 8, !tbaa !1261 store i64 %112, i64* %12, align 8, !tbaa !1261 %113 = add i64 %.lcssa8, -282 %114 = add i64 %.lcssa8, 118 %115 = load i64, i64* %13, align 8, !tbaa !1261 %116 = add i64 %115, -8 %117 = inttoptr i64 %116 to i64* store i64 %114, i64* %117, align 8 store i64 %116, i64* %13, align 8, !tbaa !1261 %118 = tail call %struct.Memory* @sub_6aa_quicksort(%struct.State* nonnull %0, i64 %113, %struct.Memory* %2) %119 = load i64, i64* %14, align 8 %120 = add i64 %119, -8 %121 = load i64, i64* %3, align 8 %122 = inttoptr i64 %120 to i32* %123 = load i32, i32* %122, align 4 %124 = zext i32 %123 to i64 %125 = add nuw nsw i64 %124, 1 %126 = and i64 %125, 4294967295 store i64 %126, i64* %9, align 8, !tbaa !1261 %127 = add i64 %119, -32 %128 = inttoptr i64 %127 to i32* %129 = load i32, i32* %128, align 4 %130 = zext i32 %129 to i64 store i64 %130, i64* %10, align 8, !tbaa !1261 %131 = add i64 %119, -24 %132 = inttoptr i64 %131 to i64* %133 = load i64, i64* %132, align 8 store i64 %126, i64* %11, align 8, !tbaa !1261 store i64 %133, i64* %12, align 8, !tbaa !1261 %134 = add i64 %121, -400 %135 = add i64 %121, 23 %136 = load i64, i64* %13, align 8, !tbaa !1261 %137 = add i64 %136, -8 %138 = inttoptr i64 %137 to i64* store i64 %135, i64* %138, align 8 store i64 %137, i64* %13, align 8, !tbaa !1261 %139 = tail call %struct.Memory* @sub_6aa_quicksort(%struct.State* nonnull %0, i64 %134, %struct.Memory* %118) br label %block_851 block_851: ; preds = %block_7c4, %block_6aa %140 = phi %struct.Memory* [ %2, %block_6aa ], [ %139, %block_7c4 ] %141 = load i64, i64* %14, align 8, !tbaa !1261 %142 = inttoptr i64 %141 to i64* %143 = load i64, i64* %142, align 8 store i64 %143, i64* %14, align 8, !tbaa !1261 %144 = add i64 %141, 8 %145 = inttoptr i64 %144 to i64* %146 = load i64, i64* %145, align 8 store i64 %146, i64* %3, align 8, !tbaa !1261 %147 = add i64 %141, 16 store i64 %147, i64* %13, align 8, !tbaa !1261 ret %struct.Memory* %140 block_6e3.preheader: ; preds = %block_6e3.preheader.preheader, %block_7b8.backedge %148 = phi i32 [ %189, %block_7b8.backedge ], [ %266, %block_6e3.preheader.preheader ] %149 = phi i64 [ %201, %block_7b8.backedge ], [ %278, %block_6e3.preheader.preheader ] br label %block_6e3 block_759: ; preds = %block_751 %150 = sext i32 %175 to i64 %151 = shl nsw i64 %150, 2 %152 = add i64 %151, %282 %153 = inttoptr i64 %152 to i32* %154 = load i32, i32* %153, align 4 store i32 %154, i32* %280, align 4 %155 = load i32, i32* %262, align 4 %156 = sext i32 %155 to i64 %157 = shl nsw i64 %156, 2 %158 = load i64, i64* %279, align 8 %159 = add i64 %157, %158 %160 = load i32, i32* %257, align 4 %161 = sext i32 %160 to i64 %162 = shl nsw i64 %161, 2 %163 = add i64 %162, %158 %164 = inttoptr i64 %159 to i32* %165 = load i32, i32* %164, align 4 %166 = inttoptr i64 %163 to i32* store i32 %165, i32* %166, align 4 %167 = load i32, i32* %262, align 4 %168 = sext i32 %167 to i64 %169 = shl nsw i64 %168, 2 %170 = load i64, i64* %279, align 8 %171 = add i64 %169, %170 %172 = load i32, i32* %280, align 4 %173 = add i64 %187, 95 %174 = inttoptr i64 %171 to i32* store i32 %172, i32* %174, align 4 %.pre17 = load i32, i32* %257, align 4 %.pre18 = load i32, i32* %262, align 4 br label %block_7b8.backedge block_751: ; preds = %block_721 %175 = load i32, i32* %257, align 4 %176 = sub i32 %175, %283 %177 = lshr i32 %176, 31 %178 = lshr i32 %175, 31 %179 = lshr i32 %283, 31 %180 = xor i32 %178, %179 %181 = xor i32 %177, %178 %182 = add nuw nsw i32 %181, %180 %183 = icmp eq i32 %182, 2 %184 = icmp ne i32 %177, 0 %185 = xor i1 %184, %183 %186 = select i1 %185, i64 8, i64 103 %187 = add i64 %186, %309 br i1 %185, label %block_759, label %block_7b8.backedge block_7b8.backedge: ; preds = %block_751, %block_759 %188 = phi i32 [ %283, %block_751 ], [ %.pre18, %block_759 ] %189 = phi i32 [ %175, %block_751 ], [ %.pre17, %block_759 ] %.be = phi i64 [ %187, %block_751 ], [ %173, %block_759 ] %190 = sub i32 %189, %188 %191 = lshr i32 %190, 31 %192 = lshr i32 %189, 31 %193 = lshr i32 %188, 31 %194 = xor i32 %193, %192 %195 = xor i32 %191, %192 %196 = add nuw nsw i32 %195, %194 %197 = icmp eq i32 %196, 2 %198 = icmp ne i32 %191, 0 %199 = xor i1 %198, %197 %200 = select i1 %199, i64 -213, i64 12 %201 = add i64 %200, %.be br i1 %199, label %block_6e3.preheader, label %block_7c4.loopexit block_71b: ; preds = %block_713 %202 = add i64 %215, 6 br label %block_721.preheader block_713: ; preds = %block_6e3 %203 = load i32, i32* %259, align 4 %204 = sub i32 %216, %203 %205 = lshr i32 %204, 31 %206 = lshr i32 %216, 31 %207 = lshr i32 %203, 31 %208 = xor i32 %207, %206 %209 = xor i32 %205, %206 %210 = add nuw nsw i32 %209, %208 %211 = icmp eq i32 %210, 2 %212 = icmp ne i32 %205, 0 %213 = xor i1 %212, %211 %214 = select i1 %213, i64 -52, i64 8 %215 = add i64 %214, %244 br i1 %213, label %block_6df, label %block_71b block_6e3: ; preds = %block_6e3.preheader, %block_6df %216 = phi i32 [ %246, %block_6df ], [ %148, %block_6e3.preheader ] %217 = phi i64 [ %245, %block_6df ], [ %149, %block_6e3.preheader ] %218 = sext i32 %216 to i64 %219 = shl nsw i64 %218, 2 %220 = load i64, i64* %279, align 8 %221 = add i64 %219, %220 %222 = inttoptr i64 %221 to i32* %223 = load i32, i32* %222, align 4 %224 = load i32, i32* %254, align 4 %225 = sext i32 %224 to i64 %226 = shl nsw i64 %225, 2 %227 = add i64 %226, %220 %228 = inttoptr i64 %227 to i32* %229 = load i32, i32* %228, align 4 %230 = sub i32 %223, %229 %231 = lshr i32 %230, 31 %232 = lshr i32 %223, 31 %233 = lshr i32 %229, 31 %234 = xor i32 %233, %232 %235 = xor i32 %231, %232 %236 = add nuw nsw i32 %235, %234 %237 = icmp eq i32 %236, 2 %238 = icmp ne i32 %230, 0 %239 = icmp ne i32 %231, 0 %240 = xor i1 %239, %237 %241 = xor i1 %240, true %242 = and i1 %238, %241 %243 = select i1 %242, i64 62, i64 48 %244 = add i64 %243, %217 br i1 %242, label %block_721.preheader.loopexit, label %block_713 block_721.preheader.loopexit: ; preds = %block_6e3 br label %block_721.preheader block_721.preheader: ; preds = %block_721.preheader.loopexit, %block_71b %.ph = phi i64 [ %202, %block_71b ], [ %244, %block_721.preheader.loopexit ] %.pre = load i32, i32* %262, align 4 br label %block_721 block_6df: ; preds = %block_713 %245 = add i64 %215, 4 %246 = add i32 %216, 1 store i32 %246, i32* %257, align 4 br label %block_6e3 block_71d: ; preds = %block_721 %247 = add i64 %309, 4 %248 = add i32 %283, -1 store i32 %248, i32* %262, align 4 %.pre15 = load i64, i64* %279, align 8 %.pre16 = load i32, i32* %254, align 4 br label %block_721 block_6c8: ; preds = %block_6aa %249 = load i64, i64* %14, align 8 %250 = add i64 %249, -28 %251 = inttoptr i64 %250 to i32* %252 = load i32, i32* %251, align 4 %253 = add i64 %249, -12 %254 = inttoptr i64 %253 to i32* store i32 %252, i32* %254, align 4 %255 = load i32, i32* %251, align 4 %256 = add i64 %249, -4 %257 = inttoptr i64 %256 to i32* store i32 %255, i32* %257, align 4 %258 = add i64 %249, -32 %259 = inttoptr i64 %258 to i32* %260 = load i32, i32* %259, align 4 %261 = add i64 %249, -8 %262 = inttoptr i64 %261 to i32* store i32 %260, i32* %262, align 4 %263 = add i64 %1, 270 %264 = add i64 %249, -24 %265 = add i64 %249, -16 %266 = load i32, i32* %257, align 4 %267 = sub i32 %266, %260 %268 = lshr i32 %267, 31 %269 = lshr i32 %266, 31 %270 = lshr i32 %260, 31 %271 = xor i32 %270, %269 %272 = xor i32 %268, %269 %273 = add nuw nsw i32 %272, %271 %274 = icmp eq i32 %273, 2 %275 = icmp ne i32 %268, 0 %276 = xor i1 %275, %274 %277 = select i1 %276, i64 -213, i64 12 %278 = add i64 %277, %263 %279 = inttoptr i64 %264 to i64* %280 = inttoptr i64 %265 to i32* br i1 %276, label %block_6e3.preheader.preheader, label %block_7c4 block_6e3.preheader.preheader: ; preds = %block_6c8 br label %block_6e3.preheader block_721: ; preds = %block_721.preheader, %block_71d %281 = phi i32 [ %.pre16, %block_71d ], [ %224, %block_721.preheader ] %282 = phi i64 [ %.pre15, %block_71d ], [ %220, %block_721.preheader ] %283 = phi i32 [ %248, %block_71d ], [ %.pre, %block_721.preheader ] %284 = phi i64 [ %247, %block_71d ], [ %.ph, %block_721.preheader ] %285 = sext i32 %283 to i64 %286 = shl nsw i64 %285, 2 %287 = add i64 %286, %282 %288 = inttoptr i64 %287 to i32* %289 = load i32, i32* %288, align 4 %290 = sext i32 %281 to i64 %291 = shl nsw i64 %290, 2 %292 = add i64 %291, %282 %293 = inttoptr i64 %292 to i32* %294 = load i32, i32* %293, align 4 %295 = sub i32 %289, %294 %296 = lshr i32 %295, 31 %297 = lshr i32 %289, 31 %298 = lshr i32 %294, 31 %299 = xor i32 %298, %297 %300 = xor i32 %296, %297 %301 = add nuw nsw i32 %300, %299 %302 = icmp eq i32 %301, 2 %303 = icmp ne i32 %295, 0 %304 = icmp ne i32 %296, 0 %305 = xor i1 %304, %302 %306 = xor i1 %305, true %307 = and i1 %303, %306 %308 = select i1 %307, i64 -4, i64 48 %309 = add i64 %308, %284 br i1 %307, label %block_71d, label %block_751 } ; Function Attrs: noinline define %struct.Memory* @sub_854_main(%struct.State* noalias dereferenceable(3376), i64, %struct.Memory* noalias readnone) local_unnamed_addr #6 { block_854: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 15, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = load i64, i64* %6, align 8, !tbaa !1261 %10 = add i64 %9, -8 %11 = inttoptr i64 %10 to i64* store i64 %8, i64* %11, align 8 store i64 %10, i64* %7, align 8, !tbaa !1261 %12 = add i64 %9, -120 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %15 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %16 = add i64 %1, 25 %17 = add i64 %9, -128 %18 = inttoptr i64 %17 to i64* store i64 %16, i64* %18, align 8 store i64 %16, i64* %3, align 8, !alias.scope !1285, !noalias !1288 store i64 %12, i64* %6, align 8, !alias.scope !1285, !noalias !1288 %19 = tail call i64 @printf(), !noalias !1285 %20 = add i64 %1, 49 %21 = add i64 %9, -128 %22 = inttoptr i64 %21 to i64* store i64 %20, i64* %22, align 8 store i64 %20, i64* %3, align 8, !alias.scope !1290, !noalias !1293 store i64 %12, i64* %6, align 8, !alias.scope !1290, !noalias !1293 %23 = tail call i64 @__isoc99_scanf(), !noalias !1290 %24 = add i64 %1, 71 store i64 %24, i64* %22, align 8 store i64 %24, i64* %3, align 8, !alias.scope !1295, !noalias !1298 store i64 %12, i64* %6, align 8, !alias.scope !1295, !noalias !1298 %25 = tail call i64 @printf(), !noalias !1295 %26 = load i64, i64* %7, align 8 %27 = add i64 %26, -4 %28 = inttoptr i64 %27 to i32* store i32 0, i32* %28, align 4 %29 = add i64 %1, 121 %30 = add i64 %26, -8 %31 = inttoptr i64 %30 to i32* %32 = load i32, i32* %31, align 4 %33 = sub i32 0, %32 %34 = lshr i32 %33, 31 %35 = lshr i32 %32, 31 %36 = add nuw nsw i32 %34, %35 %37 = icmp eq i32 %36, 2 %38 = icmp ne i32 %34, 0 %39 = xor i1 %38, %37 %40 = select i1 %39, i64 -41, i64 8 %41 = add i64 %40, %29 br i1 %39, label %block_8a4.preheader, label %block_8d5 block_8a4.preheader: ; preds = %block_854 br label %block_8a4 block_92e: ; preds = %block_926 store i64 0, i64* %4, align 8, !tbaa !1261 %42 = inttoptr i64 %50 to i64* %43 = load i64, i64* %42, align 8 store i64 %43, i64* %7, align 8, !tbaa !1261 %44 = add i64 %50, 8 %45 = inttoptr i64 %44 to i64* %46 = load i64, i64* %45, align 8 store i64 %46, i64* %3, align 8, !tbaa !1261 %47 = add i64 %50, 16 store i64 %47, i64* %6, align 8, !tbaa !1261 ret %struct.Memory* %94 block_926: ; preds = %block_906, %block_8d5 %48 = phi i32 [ 0, %block_8d5 ], [ %152, %block_906 ] %49 = phi i64 [ %105, %block_8d5 ], [ %149, %block_906 ] %50 = phi i64 [ %101, %block_8d5 ], [ %146, %block_906 ] %51 = add i64 %50, -8 %52 = inttoptr i64 %51 to i32* %53 = load i32, i32* %52, align 4 %54 = sub i32 %48, %53 %55 = icmp ult i32 %48, %53 %56 = zext i1 %55 to i8 store i8 %56, i8* %13, align 1, !tbaa !1265 %57 = and i32 %54, 255 %58 = tail call i32 @llvm.ctpop.i32(i32 %57) #12 %59 = trunc i32 %58 to i8 %60 = and i8 %59, 1 %61 = xor i8 %60, 1 store i8 %61, i8* %82, align 1, !tbaa !1279 %62 = xor i32 %48, %53 %63 = xor i32 %62, %54 %64 = lshr i32 %63, 4 %65 = trunc i32 %64 to i8 %66 = and i8 %65, 1 store i8 %66, i8* %14, align 1, !tbaa !1283 %67 = icmp eq i32 %54, 0 %68 = zext i1 %67 to i8 store i8 %68, i8* %83, align 1, !tbaa !1280 %69 = lshr i32 %54, 31 %70 = trunc i32 %69 to i8 store i8 %70, i8* %15, align 1, !tbaa !1281 %71 = lshr i32 %48, 31 %72 = lshr i32 %53, 31 %73 = xor i32 %71, %72 %74 = xor i32 %69, %71 %75 = add nuw nsw i32 %74, %73 %76 = icmp eq i32 %75, 2 %77 = zext i1 %76 to i8 store i8 %77, i8* %84, align 1, !tbaa !1282 %78 = icmp ne i8 %70, 0 %79 = xor i1 %78, %76 br i1 %79, label %block_906, label %block_92e block_8d5.loopexit: ; preds = %block_8a4 br label %block_8d5 block_8d5: ; preds = %block_8d5.loopexit, %block_854 %.lcssa12 = phi i64 [ %26, %block_854 ], [ %112, %block_8d5.loopexit ] %.lcssa11 = phi i32 [ %32, %block_854 ], [ %121, %block_8d5.loopexit ] %.lcssa10 = phi i64 [ %41, %block_854 ], [ %133, %block_8d5.loopexit ] %80 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %81 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %82 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %83 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %84 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %85 = zext i32 %.lcssa11 to i64 %86 = add nuw nsw i64 %85, 4294967295 %87 = and i64 %86, 4294967295 store i64 %87, i64* %80, align 8, !tbaa !1261 %88 = add i64 %.lcssa12, -112 store i64 0, i64* %5, align 8, !tbaa !1261 store i64 %88, i64* %81, align 8, !tbaa !1261 %89 = add i64 %.lcssa10, -555 %90 = add i64 %.lcssa10, 23 %91 = load i64, i64* %6, align 8, !tbaa !1261 %92 = add i64 %91, -8 %93 = inttoptr i64 %92 to i64* store i64 %90, i64* %93, align 8 store i64 %92, i64* %6, align 8, !tbaa !1261 %94 = tail call %struct.Memory* @sub_6aa_quicksort(%struct.State* nonnull %0, i64 %89, %struct.Memory* %2) %95 = load i64, i64* %3, align 8 store i64 add (i64 ptrtoint (%seg_9c0__rodata_type* @seg_9c0__rodata to i64), i64 73), i64* %81, align 8, !tbaa !1261 %96 = add i64 %95, 17 %97 = load i64, i64* %6, align 8, !tbaa !1261 %98 = add i64 %97, -8 %99 = inttoptr i64 %98 to i64* store i64 %96, i64* %99, align 8 store i64 %96, i64* %3, align 8, !alias.scope !1300, !noalias !1303 store i64 %97, i64* %6, align 8, !alias.scope !1300, !noalias !1303 %100 = tail call i64 @printf(), !noalias !1300 %101 = load i64, i64* %7, align 8 %102 = add i64 %101, -4 %103 = load i64, i64* %3, align 8 %104 = inttoptr i64 %102 to i32* store i32 0, i32* %104, align 4 %105 = add i64 %103, 41 br label %block_926 block_8a4: ; preds = %block_8a4.preheader, %block_8a4 %106 = phi i64 [ %133, %block_8a4 ], [ %41, %block_8a4.preheader ] %107 = add i64 %106, 37 %108 = load i64, i64* %6, align 8, !tbaa !1261 %109 = add i64 %108, -8 %110 = inttoptr i64 %109 to i64* store i64 %107, i64* %110, align 8 store i64 %107, i64* %3, align 8, !alias.scope !1305, !noalias !1308 store i64 %108, i64* %6, align 8, !alias.scope !1305, !noalias !1308 %111 = tail call i64 @__isoc99_scanf(), !noalias !1305 %112 = load i64, i64* %7, align 8 %113 = add i64 %112, -4 %114 = load i64, i64* %3, align 8 %115 = add i64 %114, 4 %116 = inttoptr i64 %113 to i32* %117 = load i32, i32* %116, align 4 %118 = add i32 %117, 1 store i32 %118, i32* %116, align 4 %119 = add i64 %112, -8 %120 = inttoptr i64 %119 to i32* %121 = load i32, i32* %120, align 4 %122 = sub i32 %118, %121 %123 = lshr i32 %122, 31 %124 = lshr i32 %118, 31 %125 = lshr i32 %121, 31 %126 = xor i32 %124, %125 %127 = xor i32 %123, %124 %128 = add nuw nsw i32 %127, %126 %129 = icmp eq i32 %128, 2 %130 = icmp ne i32 %123, 0 %131 = xor i1 %130, %129 %132 = select i1 %131, i64 -41, i64 8 %133 = add i64 %132, %115 br i1 %131, label %block_8a4, label %block_8d5.loopexit block_906: ; preds = %block_926 %134 = sext i32 %48 to i64 %135 = shl nsw i64 %134, 2 %136 = add i64 %50, -112 %137 = add i64 %136, %135 %138 = inttoptr i64 %137 to i32* %139 = load i32, i32* %138, align 4 %140 = zext i32 %139 to i64 store i64 %140, i64* %5, align 8, !tbaa !1261 store i64 add (i64 ptrtoint (%seg_9c0__rodata_type* @seg_9c0__rodata to i64), i64 100), i64* %81, align 8, !tbaa !1261 %141 = add i64 %49, -4 %142 = load i64, i64* %6, align 8, !tbaa !1261 %143 = add i64 %142, -8 %144 = inttoptr i64 %143 to i64* store i64 %141, i64* %144, align 8 store i64 %141, i64* %3, align 8, !alias.scope !1310, !noalias !1313 store i64 %142, i64* %6, align 8, !alias.scope !1310, !noalias !1313 %145 = tail call i64 @printf(), !noalias !1310 %146 = load i64, i64* %7, align 8 %147 = add i64 %146, -4 %148 = load i64, i64* %3, align 8 %149 = add i64 %148, 4 %150 = inttoptr i64 %147 to i32* %151 = load i32, i32* %150, align 4 %152 = add i32 %151, 1 store i32 %152, i32* %150, align 4 br label %block_926 } ; Function Attrs: noinline nounwind define %struct.Memory* @sub_9b4__fini(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { block_9b4: %3 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, -8 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 1 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 3 %9 = xor i64 %6, %5 %10 = lshr i64 %9, 4 %11 = trunc i64 %10 to i8 %12 = and i8 %11, 1 %13 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 5 %14 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 7 %15 = lshr i64 %6, 63 %16 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 9 %17 = lshr i64 %5, 63 %18 = xor i64 %15, %17 %19 = add nuw nsw i64 %18, %17 %20 = icmp eq i64 %19, 2 %21 = zext i1 %20 to i8 %22 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 2, i32 13 %23 = icmp ult i64 %5, 8 %24 = zext i1 %23 to i8 store i8 %24, i8* %7, align 1, !tbaa !1265 %25 = trunc i64 %5 to i32 %26 = and i32 %25, 255 %27 = tail call i32 @llvm.ctpop.i32(i32 %26) #12 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 1 %30 = xor i8 %29, 1 store i8 %30, i8* %8, align 1, !tbaa !1279 store i8 %12, i8* %13, align 1, !tbaa !1283 %31 = icmp eq i64 %5, 0 %32 = zext i1 %31 to i8 store i8 %32, i8* %14, align 1, !tbaa !1280 %33 = trunc i64 %17 to i8 store i8 %33, i8* %16, align 1, !tbaa !1281 store i8 %21, i8* %22, align 1, !tbaa !1282 %34 = inttoptr i64 %5 to i64* %35 = load i64, i64* %34, align 8 store i64 %35, i64* %3, align 8, !tbaa !1261 %36 = add i64 %5, 8 store i64 %36, i64* %4, align 8, !tbaa !1261 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline norecurse nounwind define i64 @callback_sub_6a0_frame_dummy(i64, i64, i64, i64, i64, i64, i64, i64) #7 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1696, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_6a0_frame_dummy(%struct.State* nonnull @__mcsema_reg_state, i64 1696, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define void @__mcsema_verify_reg_state() local_unnamed_addr #8 { entry: %0 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %1 = icmp eq i64 %0, 0 br i1 %1, label %is_null, label %end is_null: ; preds = %entry store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %end end: ; preds = %is_null, %entry ret void } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_660___do_global_dtors_aux(i64, i64, i64, i64, i64, i64, i64, i64) #9 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1632, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_660___do_global_dtors_aux(%struct.State* nonnull @__mcsema_reg_state, i64 1632, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: noinline nounwind define %struct.Memory* @__mcsema_detach_call_value(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #3 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 5, i32 0, i32 0 %7 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 7, i32 0, i32 0 %8 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 9, i32 0, i32 0 %9 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 11, i32 0, i32 0 %10 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %11 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 17, i32 0, i32 0 %12 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 19, i32 0, i32 0 %13 = load i64, i64* %9, align 8 %14 = load i64, i64* %8, align 8 %15 = load i64, i64* %7, align 8 %16 = load i64, i64* %6, align 8 %17 = load i64, i64* %11, align 8 %18 = load i64, i64* %12, align 8 %19 = load i64, i64* %10, align 8 %20 = add i64 %19, 8 %21 = inttoptr i64 %20 to i64* %22 = load i64, i64* %21, align 8 %23 = add i64 %19, 16 %24 = inttoptr i64 %23 to i64* %25 = load i64, i64* %24, align 8 %26 = inttoptr i64 %1 to i64 (i64, i64, i64, i64, i64, i64, i64, i64)* %27 = tail call i64 %26(i64 %13, i64 %14, i64 %15, i64 %16, i64 %17, i64 %18, i64 %22, i64 %25) #12 store i64 %27, i64* %5, align 8 %28 = inttoptr i64 %19 to i64* %29 = load i64, i64* %28, align 8 store i64 %29, i64* %4, align 8 store i64 %20, i64* %10, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline norecurse nounwind define i64 @callback_sub_9b0___libc_csu_fini() #7 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 2480, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_9b0___libc_csu_fini(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline nounwind define i64 @callback_sub_940___libc_csu_init() #9 { %1 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %2 = icmp eq i64 %1, 0 br i1 %2, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %0 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %0 %3 = phi i64 [ %1, %0 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 2368, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %4 = load volatile i1, i1* @0, align 1 br i1 %4, label %__mcsema_early_init.exit, label %5 ; <label>:5: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %5, %__mcsema_verify_reg_state.exit %6 = add i64 %3, -8 store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %7 = tail call %struct.Memory* @sub_940___libc_csu_init(%struct.State* nonnull @__mcsema_reg_state, i64 2368, %struct.Memory* null) store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %8 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %8 } ; Function Attrs: nobuiltin noinline define i64 @main(i64, i64, i64) #10 { %4 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %3 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %3 %6 = phi i64 [ %4, %3 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 2132, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %7 = load volatile i1, i1* @0, align 1 br i1 %7, label %__mcsema_early_init.exit, label %8 ; <label>:8: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %8, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 %9 = add i64 %6, -8 store i64 %9, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = tail call %struct.Memory* @sub_854_main(%struct.State* nonnull @__mcsema_reg_state, i64 2132, %struct.Memory* null) store i64 %6, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %11 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %11 } ; Function Attrs: alwaysinline inlinehint define %struct.Memory* @ext_201440_printf(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #11 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i64* %9 = load i64, i64* %8, align 8 store i64 %9, i64* %4, align 8 %10 = add i64 %7, 8 store i64 %10, i64* %6, align 8 %11 = tail call i64 @printf() store i64 %11, i64* %5, align 8 ret %struct.Memory* %2 } ; Function Attrs: alwaysinline inlinehint define %struct.Memory* @ext_201438___isoc99_scanf(%struct.State* noalias nocapture dereferenceable(3376), i64, %struct.Memory* noalias readnone returned) local_unnamed_addr #11 { %4 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 33, i32 0, i32 0 %5 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 1, i32 0, i32 0 %6 = getelementptr inbounds %struct.State, %struct.State* %0, i64 0, i32 6, i32 13, i32 0, i32 0 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i64* %9 = load i64, i64* %8, align 8 store i64 %9, i64* %4, align 8 %10 = add i64 %7, 8 store i64 %10, i64* %6, align 8 %11 = tail call i64 @__isoc99_scanf() store i64 %11, i64* %5, align 8 ret %struct.Memory* %2 } ; Function Attrs: nobuiltin noinline nounwind define i64 @targ590(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #9 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1424, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_590_targ590(%struct.State* nonnull @__mcsema_reg_state, i64 undef, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: nobuiltin noinline nounwind define i64 @quicksort(i64, i64, i64, i64, i64, i64, i64, i64) local_unnamed_addr #9 { %9 = load volatile i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %is_null.i, label %__mcsema_verify_reg_state.exit is_null.i: ; preds = %8 store i64 ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 br label %__mcsema_verify_reg_state.exit __mcsema_verify_reg_state.exit: ; preds = %is_null.i, %8 %11 = phi i64 [ %9, %8 ], [ ptrtoint (i64* getelementptr inbounds ([131072 x i64], [131072 x i64]* @__mcsema_stack, i64 0, i64 131064) to i64), %is_null.i ] store i64 1706, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 33, i32 0, i32 0), align 8 store i64 ptrtoint ([512 x i64]* @__mcsema_tls to i64), i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 5, i32 7, i32 0, i32 0), align 8 %12 = load volatile i1, i1* @0, align 1 br i1 %12, label %__mcsema_early_init.exit, label %13 ; <label>:13: ; preds = %__mcsema_verify_reg_state.exit store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %13, %__mcsema_verify_reg_state.exit store i64 %0, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 11, i32 0, i32 0), align 8 store i64 %1, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 9, i32 0, i32 0), align 8 store i64 %2, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 7, i32 0, i32 0), align 8 store i64 %3, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 5, i32 0, i32 0), align 8 store i64 %4, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 17, i32 0, i32 0), align 8 store i64 %5, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 19, i32 0, i32 0), align 8 %14 = inttoptr i64 %11 to i64* store i64 %7, i64* %14, align 8 %15 = add i64 %11, -8 %16 = inttoptr i64 %15 to i64* store i64 %6, i64* %16, align 8 %17 = add i64 %11, -24 store i64 %17, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %18 = tail call %struct.Memory* @sub_6aa_quicksort(%struct.State* nonnull @__mcsema_reg_state, i64 1706, %struct.Memory* null) store i64 %11, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 13, i32 0, i32 0), align 8 %19 = load i64, i64* getelementptr inbounds (%struct.State, %struct.State* @__mcsema_reg_state, i64 0, i32 6, i32 1, i32 0, i32 0), align 8 ret i64 %19 } ; Function Attrs: norecurse nounwind define internal void @__mcsema_destructor() #8 { %1 = tail call i64 @callback_sub_9b0___libc_csu_fini() ret void } ; Function Attrs: nounwind define internal void @__mcsema_constructor() #12 { %1 = load volatile i1, i1* @0, align 1 br i1 %1, label %__mcsema_early_init.exit, label %2 ; <label>:2: ; preds = %0 store volatile i1 true, i1* @0, align 1 br label %__mcsema_early_init.exit __mcsema_early_init.exit: ; preds = %2, %0 %3 = tail call i64 @callback_sub_940___libc_csu_init() ret void } ; Function Attrs: noinline nounwind optnone define %struct.State* @__mcsema_debug_get_reg_state() local_unnamed_addr #13 { ret %struct.State* @__mcsema_reg_state } ; Function Attrs: noreturn nounwind declare void @llvm.trap() #14 attributes #0 = { nounwind readnone } attributes #1 = { noduplicate noinline noreturn nounwind optnone "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #2 = { noinline } attributes #3 = { noinline nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #4 = { noinline norecurse nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #5 = { noinline noreturn nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #6 = { noinline "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #7 = { nobuiltin noinline norecurse nounwind } attributes #8 = { norecurse nounwind } attributes #9 = { nobuiltin noinline nounwind } attributes #10 = { nobuiltin noinline } attributes #11 = { alwaysinline inlinehint "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" } attributes #12 = { nounwind } attributes #13 = { noinline nounwind optnone } attributes #14 = { noreturn nounwind } !llvm.ident = !{!0, !0} !llvm.dbg.cu = !{!1} !llvm.module.flags = !{!1259, !1260}