Repository: thomasjball/PyExZ3
Branch: master
Commit: 7dac957d57bd
Files: 140
Total size: 1.2 MB

Directory structure:
gitextract_nf65lu9d/

├── .gitattributes
├── .gitignore
├── README.md
├── TODO.md
├── Vagrantfile
├── copyright.txt
├── fail/
│   ├── arrayindex.py
│   ├── dictbool.py
│   ├── divzero.py
│   ├── git.py
│   ├── pow.py
│   └── sqrttest.py
├── marktoberdorf_paper/
│   ├── DSE/
│   │   ├── CodeReview.pptx
│   │   ├── DSE.mdk
│   │   ├── IOS-Book-Article.cls
│   │   ├── cpp2.json
│   │   ├── dse.bib
│   │   ├── ignores.dic
│   │   └── out/
│   │       └── DSE.tex
│   ├── DSE.html
│   └── forPublisher/
│       ├── IOS-Book-Article.cls
│       ├── css.sty
│       ├── dse.tex
│       └── madoko.sty
├── marktoberdorf_slides/
│   ├── CodeReview.pptx
│   ├── Marktoberdorf2014_1.pptx
│   ├── Marktoberdorf2014_2.pptx
│   ├── Marktoberdorf2014_3.pptx
│   ├── Marktoberdorf2014_4.pptx
│   ├── collatz.py
│   └── examples/
│       ├── adder.py
│       ├── automata.py
│       ├── check_adder.py
│       ├── check_mult.py
│       ├── first.py
│       ├── hats.py
│       ├── mult.py
│       └── mult2.py
├── pyexz3.py
├── run_tests.py
├── setup.bat
├── setup.sh
├── symbolic/
│   ├── __init__.py
│   ├── args.py
│   ├── constraint.py
│   ├── cvc_expr/
│   │   ├── __init__.py
│   │   ├── exprbuilder.py
│   │   ├── expression.py
│   │   ├── integer.py
│   │   └── string.py
│   ├── cvc_wrap.py
│   ├── explore.py
│   ├── invocation.py
│   ├── loader.py
│   ├── path_to_constraint.py
│   ├── predicate.py
│   ├── symbolic_types/
│   │   ├── __init__.py
│   │   ├── symbolic_dict.py
│   │   ├── symbolic_int.py
│   │   ├── symbolic_str.py
│   │   └── symbolic_type.py
│   ├── z3_expr/
│   │   ├── __init__.py
│   │   ├── bitvector.py
│   │   ├── expression.py
│   │   └── integer.py
│   └── z3_wrap.py
├── test/
│   ├── abs_test.py
│   ├── andor.py
│   ├── arrayindex2.py
│   ├── bad_eq.py
│   ├── bignum.py
│   ├── binary_search.py
│   ├── bitwidth.py
│   ├── complex.py
│   ├── cseppento1.py
│   ├── cseppento2.py
│   ├── cseppento3.py
│   ├── cvc/
│   │   ├── effectivebool.py
│   │   ├── emptystr.py
│   │   ├── escape.py
│   │   ├── none.py
│   │   ├── strcontains.py
│   │   ├── strcount.py
│   │   ├── strfind.py
│   │   ├── strfindbeg.py
│   │   ├── strindex.py
│   │   ├── stringadd.py
│   │   ├── stringtest.py
│   │   ├── strmiddle.py
│   │   ├── strreplace.py
│   │   ├── strslice.py
│   │   ├── strsplit.py
│   │   ├── strstartswith.py
│   │   ├── strstrip.py
│   │   └── strsubstring.py
│   ├── decorator.py
│   ├── decorator_dict.py
│   ├── diamond.py
│   ├── dict.py
│   ├── dictionary.py
│   ├── elseif.py
│   ├── expand.py
│   ├── expressions.py
│   ├── filesys.py
│   ├── fp.py
│   ├── gcd.py
│   ├── hashval.py
│   ├── len_test.py
│   ├── lib/
│   │   ├── __init__.py
│   │   ├── bsearch.py
│   │   └── se_dict.py
│   ├── list.py
│   ├── logical_op.py
│   ├── loop.py
│   ├── many_branches.py
│   ├── maxtest.py
│   ├── mod.py
│   ├── modulo.py
│   ├── modulo2.py
│   ├── mult_assmt.py
│   ├── polyspace.py
│   ├── power.py
│   ├── power2.py
│   ├── powtest.py
│   ├── reverse.py
│   ├── set.py
│   ├── shallow_branches.py
│   ├── simple.py
│   ├── swap.py
│   ├── tmp
│   ├── tuplecmp.py
│   ├── unnecessary_condition.py
│   ├── unnecessary_condition2.py
│   ├── unnecessary_condition3.py
│   ├── unnecessary_condition4.py
│   ├── weird.py
│   └── whileloop.py
├── tools/
│   └── symbolic_int_subtype.py
├── utils.py
└── vagrant.sh

================================================
FILE CONTENTS
================================================

================================================
FILE: .gitattributes
================================================
# Auto detect text files and perform LF normalization
* text=auto

# Custom for Visual Studio
*.cs     diff=csharp
*.sln    merge=union
*.csproj merge=union
*.vbproj merge=union
*.fsproj merge=union
*.dbproj merge=union

# Standard to msysgit
*.doc	 diff=astextplain
*.DOC	 diff=astextplain
*.docx diff=astextplain
*.DOCX diff=astextplain
*.dot  diff=astextplain
*.DOT  diff=astextplain
*.pdf  diff=astextplain
*.PDF	 diff=astextplain
*.rtf	 diff=astextplain
*.RTF	 diff=astextplain


================================================
FILE: .gitignore
================================================
#################
## Eclipse
#################

*.pydevproject
.project
.metadata
bin/
tmp/
*.tmp
*.bak
*.swp
*~.nib
local.properties
.classpath
.settings/
.loadpath

# External tool builders
.externalToolBuilders/

# Locally stored "Eclipse launch configurations"
*.launch

# CDT-specific
.cproject

# PDT-specific
.buildpath


#################
## Visual Studio
#################

## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.

# User-specific files
*.suo
*.user
*.sln.docstates

# Build results

[Dd]ebug/
[Rr]elease/
x64/
build/
[Bb]in/
[Oo]bj/

# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*

*_i.c
*_p.c
*.ilk
*.meta
*.obj
*.pch
*.pdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.log
*.scc

# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opensdf
*.sdf
*.cachefile

# Visual Studio profiler
*.psess
*.vsp
*.vspx

# Guidance Automation Toolkit
*.gpState

# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper

# TeamCity is a build add-in
_TeamCity*

# DotCover is a Code Coverage Tool
*.dotCover

# NCrunch
*.ncrunch*
.*crunch*.local.xml

# Installshield output folder
[Ee]xpress/

# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html

# Click-Once directory
publish/

# Publish Web Output
*.Publish.xml
*.pubxml

# NuGet Packages Directory
## TODO: If you have NuGet Package Restore enabled, uncomment the next line
#packages/

# Windows Azure Build Output
csx
*.build.csdef

# Windows Store app package directory
AppPackages/

# Others
sql/
*.Cache
ClientBin/
[Ss]tyle[Cc]op.*
~$*
*~
*.dbmdl
*.[Pp]ublish.xml
*.pfx
*.publishsettings

# RIA/Silverlight projects
Generated_Code/

# Backup & report files from converting an old project file to a newer
# Visual Studio version. Backup files are not needed, because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm

# SQL Server files
App_Data/*.mdf
App_Data/*.ldf

#############
## Windows detritus
#############

# Windows image file caches
Thumbs.db
ehthumbs.db

# Folder config file
Desktop.ini

# Recycle Bin used on file shares
$RECYCLE.BIN/

# Mac crap
.DS_Store


#############
## Python
#############

*.py[co]

# Packages
*.egg
*.egg-info
dist/
build/
eggs/
parts/
var/
sdist/
develop-eggs/
.installed.cfg

# Installer logs
pip-log.txt

# Unit test / coverage reports
.coverage
.tox

#Translations
*.mo

#Mr Developer
.mr.developer.cfg


# PyEx stuff

se_normalized/
logfile
stdout
*.out
*.py#
#stdout#
#stdout.old#
#tmp#
*.dot
tmp.txt

#############
## Vagrant
#############
.vagrant

#############
## PyCharm
#############
.idea


================================================
FILE: README.md
================================================
PyExZ3
======

### Python Exploration with Z3

This code is a substantial rewrite of the NICE project's
(http://code.google.com/p/nice-of/) symbolic execution engine for
Python, now using the Z3 theorem prover (http://z3.codeplex.com). We have
removed the NICE-specific dependences, platform-specific code, and
made various improvements, documented below, so it can be used
by anyone wanting to experiment with dynamic symbolic execution.

The paper [Deconstructing Dynamic Symbolic Execution](http://research.microsoft.com/apps/pubs/?id=233035)
explains the basic ideas behind dynamic symbolic execution and the architecture
of the PyExZ3 tool (as of git tag v1.0).  Bruni, Disney and Flanagan wrote about 
encoding symbolic execution for Python in Python in the same way in their 2008 paper 
[A Peer Architecture for Lightweight Symbolic Execution](http://hoheinzollern.files.wordpress.com/2008/04/seer1.pdf) - they use proxies rather than multiple inheritance for representing symbolic versions of Python types. 

In the limit, **PyExZ3** attempts to *explore* all the feasible paths in a
Python function by:
- executing the function on a concrete input to trace a path through the control flow of the function;
- symbolic executing the path to determine how its conditions depend on the function's input parameters;
- generating new values for the parameters to drive the function to yet uncovered paths, using Z3.  

For small programs without loops or recursion, 
**PyExZ3** may be able to explore all feasible paths.

A novel aspect of the rewrite is to rely solely on Python's operator
overloading to accomplish all the interception needed for symbolic
execution; no AST rewriting or bytecode instrumentation is required,
This significantly improves the robustness and portability of **PyExZ3**, 
as well as reducing its size.

### Setup instructions:

- Make sure that you use Python 32-bit (64-bit) if-and-only-if you use the Z3 32-bit (64-bit) binaries. 
Testing so far has been on Python 3.2.3 and 32-bit.
- Install Python 3.2.3 (https://www.python.org/download/releases/3.2.3/)
- Install the latest "unstable" release of Z3 to directory Z3HOME from http://z3.codeplex.com/releases
(click on the "Planned" link on the right to get the latest binaries for all platforms)
- Add Z3HOME\bin to PATH and PYTHONPATH
- MacOS: setup.sh for Homebrew default locations for Python and Z3; see end for MacOS specific instructions
- Optional:
-- install GraphViz utilities (http://graphviz.org/)

### Check that everything works:

- `python run_tests.py test` should pass all tests

- `python pyexz3.py test\FILE.py` to run a single test from the test directory

### Usage of PyExZ3

- **Basic usage**: give a Python file `FILE.py` as input. By default, `pyexz3` expects `FILE.py` 
to contain a function named `FILE` where symbolic execution will start:

  - `pyexz3 FILE.py`

- **Starting function**: You can override the default starting function with `--start MAIN`,
where `MAIN` is the name of a  function in `FILE`: 

  - pyexz3 `--start=MAIN` FILE.py

- **Bounding the number of iterations** of the path exploration is essential when
analyzing functions with loops and/or recursion. Specify a bound using the `max-iters` flag:

  - pyexz3 `--max-iters=42` FILE.py

- **Arguments to starting function**: by default, pyexz3 associates a symbolic integer
(with initial value 0) for each parameter of the starting function. Import from
`symbolic.args` to get the `@concrete` and `@symbolic` decorators that let you override
the defaults on the starting function:

```
from symbolic.args import *

@concrete(a=1,b=2)
@symbolic(c=3)
def startingfun(a,b,c,d):
    ...
```
  
The `@concrete` decorator declares that a parameter will not be treated symbolically and
provides an initial value for the parameter.
The `@symbolic` decorator declares that a parameter will be treated symbolically - the type 
of the associated initial value for the argument will be used to determine the proper symbolic 
type  (if one exists).   In the above example, parameters `a` and `b` are treated concretely
and will have initial values `1` and `2` (for all paths explored), and parameter `c` will 
be treated as a symbolic integer input with the initial value `3` (its value can change after
first path has been explored). Since parameter `d` is not specified, it will be treated as a symbolic 
integer input with the initial value 0:

- **Output**: `pyexz3` prints the list of generated inputs and corresponding observed 
return values to standard out; the lists of generated inputs and the corresponding return values are
returned by the exploration engine to `pyexz3` where they can be used for other 
purposes, as described below.

- **Expected result functions** are used for testing of `pyexz3`. If the `FILE.py` contains a function named `expected_result` then after path exploration is complete, the list of return values will be compared against the list 
returned by `expected_result`. More precisely, the two lists are converted into bags and the bags compared for equality. If a function named `expected_result_set` is present instead, the list are converted into sets and the sets are
compared for equality.  List equality is too strong a criteria for testing, since small changes to programs can lead to paths being explored in different orders. 

- **Import behavior**: the location of the `FILE.py` is added to the import path so that all imports in `FILE.py` 
relative to that file will work.

- **Other options**
  - `--graph=DOTFILE`
  - `--log=LOGFILE`

### MacOS specific

1. Grab yourself a Brew at http://brew.sh/
2. Get the newest python or python3 version: `brew install python`
3. Have the system prefer brew python over system python: `echo export PATH='/usr/local/bin:$PATH' >> ~/.bash_profile`  - 
4. Get z3: `brew install homebrew/science/z3`
5. Clone this repository: `git clone https://github.com/thomasjball/PyExZ3.git` 
6. Set the PATH: `. PyExZ3/setup.sh`  (do not run the setup script in a subshell `./ PyExZ3/`)

### Vagrant specific

[Vagrant](http://www.vagrantup.com/) is a cross-platform tool to manage
virtualized development environments. Vagrant runs on Windows, OS X, and
Linux and can manage virtual machines running on VirtualBox, VMware,
Docker, and Hyper-V.

1. [Download Vagrant](http://www.vagrantup.com/downloads.html).
2. Install [VirtualBox](https://www.virtualbox.org/) or configure an
[alternative
provider](http://docs.vagrantup.com/v2/providers/index.html).
3. Run `vagrant up` from the PyExZ3 directory. The Vagrantfile in the
repository tells Vagrant to download a Debian base image, launch it with
the default provider (VirtualBox), and run the script `vagrant.sh` to
provision the machine.
4. Once the provisioning is done you can SSH into the machine using
`vagrant ssh` and PyExZ3 is ready to run. Please note that the
provisioning takes a while as Git is compiled from source as Debian's
Git is incompatible with [CodePlex](http://www.codeplex.com/) where Z3
is hosted.

### CVC SMT Solver

By default PyExZ3 uses the Z3 to solve path predicates. Optionally, the 
[CVC SMT](http://cvc4.cs.nyu.edu/web/) solver can be enabled with the 
`--cvc` argument. While the two solvers offer a similar feature set, the 
integration of CVC differs from Z3 in a number of ways. Most 
predominately, the CVC integration uses an unbounded rational number 
representation for Python numbers, converting to bit vectors only for 
bitwise operations. The Z3 integration uses bounded bit vectors for all 
numbers. For programs that use any significant number of bitwise 
operations, the default Z3-based configuration is strongly recommended. 
Additionally, CVC does not support generating models for non-linear 
relationships causing a few of the included PyExZ3 test cases to fail 
with a `LogicException`.


================================================
FILE: TODO.md
================================================
TODO List
=========

- add basic support for SymbolicDictionary
  - 
- need to capture exceptions thrown by code under test as test results
- interesting question arises about re-initialization of input arguments
by ExplorationEngine and re-import of module under test in the face of
mutable initial objects - we want the re-import to be done before the 
re-initialization, but that's not how it currently works. Easiest thing
to do is only allow empty dictionary to be specified in @symbolic
- check input/output behavior separately from sym_exe
- use consist case on names (Caml or C, choose one)




================================================
FILE: Vagrantfile
================================================
# -*- mode: ruby -*-
# vi: set ft=ruby :

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|

    config.vm.define "linux", primary: true do |v|
        v.vm.provision "shell", path: "vagrant.sh"        
        v.vm.box = "chef/debian-7.4"
    end

    config.vm.provider "virtualbox" do |v|
        v.memory = 1024
    end

end


================================================
FILE: copyright.txt
================================================
# Files that mention copyright.txt were derived from the NICE project
#
# Copyright (c) 2011, EPFL (Ecole Politechnique Federale de Lausanne)
# All rights reserved.
#
# Created by Marco Canini, Daniele Venzano, Dejan Kostic, Jennifer Rexford
#
# Updated by Thonas Ball (2014)
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
#   -  Redistributions of source code must retain the above copyright notice,
#      this list of conditions and the following disclaimer.
#   -  Redistributions in binary form must reproduce the above copyright notice,
#      this list of conditions and the following disclaimer in the documentation
#      and/or other materials provided with the distribution.
#   -  Neither the names of the contributors, nor their associated universities or
#      organizations may be used to endorse or promote products derived from this
#      software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#


================================================
FILE: fail/arrayindex.py
================================================
A = [0, 1]

# the index operation A[i] uses the underlying runtime representation
# of the Python int, so we have no way of capturing this "conditional
# through lookup" operation via inheritance from int, as done with 
# SymbolicInteger

# see test\arrayindex2.py for the rewriting we would need to do
# to make the lookup explicit (greatly expanding the search space)

def arrayindex(i):
  if A[i]:
    return A[i]
  else:
    return "OTHER"

def expected_result():
  return [ 1, "OTHER" ]


================================================
FILE: fail/dictbool.py
================================================
from symbolic.args import *

@symbolic(d={})
def dictbool(d):
    x = d or {}
    if x == {}:
        return 0
    return 1

def expected_result():
	return [0, 1]
    


================================================
FILE: fail/divzero.py
================================================
# this one fails because we always start with zero for SymbolicIntegers
# we should have a few seed values to avoid this.

def divzero(in1,in2):
  try:
    if in1 / in2 >= 0:
        return 1
    elif in1 / in2 < 0:
        return 2
    return 0
  except:
    return "DIVZERO"
    
def expected_result():
    return [0,1,2,"DIVZERO"]

================================================
FILE: fail/git.py
================================================
from symbolic.args import *

@symbolic(a=0xdeaddeaddeaddead,b=0xbeefbeefbeefbeef)
def git(a,b):
    i=0;
    passkeyn=[a,b]

    expandedkey=[]
    while i<6:
#    while i<2:  # WORKS
        expandedkey=expandedkey+passkeyn
        i=i+1
        v1=passkeyn[0]
        v2=passkeyn[1]
        v3=(v1>>0x30)|(((v1>>0x20)&0xffff)<<0x10)|(((v1>>0x10)&0xffff)<<0x20)|((v1&0xffff)<<0x30)
        v4=(v2>>0x30)|(((v2>>0x20)&0xffff)<<0x10)|(((v2>>0x10)&0xffff)<<0x20)|((v2&0xffff)<<0x30)
        v5 = ((v4 & 0xFFFFFF8000000000) >> 39) | ((v3 << 25)&0xffffffffffffffff);
        v6 = ((v3 & 0xFFFFFF8000000000) >> 39) | ((v4 << 25)&0xffffffffffffffff);
        v1=(v5>>0x30)|(((v5>>0x20)&0xffff)<<0x10)|(((v5>>0x10)&0xffff)<<0x20)|(((v4 & 0xFFFFFF8000000000) >> 39)<<0x30)
        v2=(v6>>0x30)|(((v6>>32)&0xffff)<<0x10)|(((v6>>0x10)&0xffff)<<0x20)|(((v3 & 0xFFFFFF8000000000) >> 39)<<0x30)
        passkeyn=[v1,v2]
    
    expandedkey=expandedkey+passkeyn
    
    print(expandedkey)
    if expandedkey==[16045725885737590445, 13758425323549998831, 7044313620519854103485, 8215411798635391606653, 8245388070021240879798, 3384596836810669685695, 9287860625795901259255, 4527376222128629444341, 4093654381503457390331, 4647353382867023162077, 8665057901351565392853, 8816957627389395711965, 6783497306152038280055, 9291067819851303074799]:
#    WORKS
#    if expandedkey==[16045725885737590445, 13758425323549998831, 7044313620519854103485, 8215411798635391606653, 8245388070021240879798, 3384596836810669685695]:
        print("HERE")
        return 1
    else:
        print("THERE")
        return 2

if __name__ == "__main__":
    git(0xdeaddeaddeaddead,0xbeefbeefbeefbeef)


================================================
FILE: fail/pow.py
================================================
# this one fails because we treat the operator ** concretely rather than symbolically
# so that the concrete value 0**2 is substituted in place of x**2.
# As a result, we never get to calling the theorem prover

def pow(x):
  if 4 == x**2:
    return "POW"
  else:
    return "OTHER"

def expected_result():
  return [ "OTHER", "POW" ]


================================================
FILE: fail/sqrttest.py
================================================
from math import sqrt

# sqrt is handled concretely, just as with pow (**)

def sqrttest(in1):
    if sqrt(in1) == 0:
        return 1
    elif sqrt(in1) > 0:
        return 2
    return 0

def expected_result():
    return [1,2]

================================================
FILE: marktoberdorf_paper/DSE/DSE.mdk
================================================
Title       : Deconstructing Dynamic Symbolic Execution
Author      : Thomas Ball, Jakub Daniel
Affiliation : Microsoft Research, Charles University
Email       : tball@microsoft.com, jakub.daniel@d3s.mff.cuni.cz
Doc Class   : IOS-Book-Article.cls

Colorizer   : javascript
Colorizer   : cpp
Colorizer   : cpp2
Bib style   : plainnat
Bibliography: dse
Heading base: 2
.rulename   : replace=/(.*)/(\1)/ font-variant=small-caps
~MathPre,.math-inline,.math-display: replace=/=\^=/{~\buildrel\triangle\over=~}/g
~MathPre,.math-inline,.math-display,~Equation: replace=/\bSt\b/\sigma/g
~Pre,~Code: language=python
.code2    : language=cpp2
.language-cpp2     : replace="/\b([TR])(')?(_.)?/\(T|$\1\2\3$\)/g"

~ HtmlOnly
[TITLE]
~

~ TexRaw
\begin{frontmatter}              % The preamble begins here.
%\pretitle{Pretitle}
\title{Deconstructing Dynamic Symbolic Execution}
%\runningtitle{IOS Press Style Sample}
%\subtitle{Subtitle}
\author[A]{\fnms{Thomas} \snm{Ball}}
and 
\author[B]{\fnms{Jakub} \snm{Daniel}}

\runningauthor{Thomas Ball et al.}
\address[A]{Microsoft Research}
\address[B]{Charles University}
~

~ Abstract
Dynamic symbolic execution (DSE) is a well-known technique
for automatically generating tests to achieve higher levels
of coverage in a program. Two keys ideas of DSE are
to: (1) seed symbolic execution by executing a program on an
initial input; (2) use concrete values from the program
execution in place of symbolic expressions whenever symbolic
reasoning is hard or not desired. We describe
DSE for a simple core language and then present
a minimalist implementation of DSE for Python (in Python) 
that follows this basic recipe. The code is available 
at https://www.github.com/thomasjball/PyExZ3/ (tagged "v1.0") 
and has been designed to make it easy to experiment with and
extend. 
~

~ TexRaw
\begin{keyword}
Symbolic Execution, Automatic Test Generation, White-box Testing, Automated 
Theorem Provers
\end{keyword}
\end{frontmatter}
\thispagestyle{empty}
\pagestyle{empty}
~


[PyExZ3]: https://github.com/thomasjball/PyExZ3/ 
[Z3]: http://z3.codeplex.org/
[MRO]: https://www.python.org/download/releases/2.3/mro/ 

# Introduction     { #sec-intro }

~ MathDefs
\defcommand{\mathkw}[1]{\textbf{#1}}
~

<!-- should we motivate more? -- this dives in deep very quickly -->

Static, path-based symbolic execution explores one control-flow path
at a time through a (sequential) program $P$, using an automated theorem
prover (ATP) to determine if the current path $p$ is feasible [@King76;@Clarke76]. 
Ideally, symbolic execution of a path $p$ through program
$P$ yields a logic formula $\phi_p$ that describes the set of inputs $I$ (possibly empty)
to program $P$ such that for any $i \in I$, the execution $P(i)$ follows path $p$. 

If the formula $\phi_p$ is unsatisfiable then $I$ is empty and so path $p$ is not feasible; 
if the formula is satisfiable then $I$ is not empty and so path $p$ is feasible.
In this case, a model of $\phi_p$ provides a witness $i \in I$.  Thus, a model-generating ATP
can be used in conjunction with
symbolic execution to automatically generate tests to cover paths
in a program. Combined with a search strategy, one gets, in the limit,
an exhaustive white-box testing procedure, for which there are many
applications [@CadarGPDE06; @GodefroidLM12; @CadarS13]. 

The formula $\phi_p$ is called a *path-condition* of the path $p$. 
We will see that a given path $p$ can induce many different path-conditions.
A path-condition $\psi_p$ for path $p$ is *sound* if 
every input assignment satisfying $\psi_p$ defines an
execution of program $P$ that follows path $p$ [@Godefroid11]. 
By its definition, the formula  $\phi_p$ is sound and the best representation of $p$
(as for all sound path-conditions $\psi_p$, we have that $\psi_p \implies \phi_p$).
In practice, we attempt to compute sound under-approximations of $\phi_p$ 
such as $\psi_p$. However, we also find it necessary (and useful) to 
compute unsound path-conditions.

A path-condition can be translated into the input
language of an ATP, such as [Z3][Z3][@deMouraB08], which provides an answer
of "unsatisfiable", "satisfiable" or "unknown", due to theoretical or practical
limitations in automatically deciding satisfiability of various logics.
In the case that the ATP is able to prove "satisfiable" we can query it for 
satisfying model in order to generate test inputs. A path-condition 
for $p$ can be thought of as function from a
program's primary inputs to a Boolean output representing whether
or not $p$ is executed under a given input. Thus, we are asking
the ATP to invert a function when we ask it to decide
the satisfiability/unsatisfiability of a path-condition.

The static translation of a path $p$ through a program $P$ into 
the most precise path-condition $\phi_p$ is not a simple task, as 
programming languages and their semantics are very complex.
Completely characterizing the set of inputs $I$ that follow
path $p$ means providing a symbolic interpretation of 
every operation in the language so that the
ATP can reason about it. For example, consider a method call in Python. 
Python's algorithm for method resolution order (see [MRO])
depends on the inheritance hierarchy of the program, a directed, 
acyclic graph that can evolve during program execution. Symbolically
encoding Python's method resolution order is possible but non-trivial.
There are other reasons it is hard or undesirable to symbolically 
execute various operations, as will be explained in detail later.

## Dynamic symbolic execution

*Dynamic* symbolic execution (DSE) is a form of path-based
symbolic execution based on two insights. First, the approach 
starts by executing program $P$ on
some input $i$, seeding the symbolic execution process
with a feasible path [@Korel90;@Korel92;@Gupta00]. 
Second,  DSE
uses concrete values from the execution $P(i)$ in place of symbolic expressions 
whenever symbolic reasoning is not possible or desired [@GodefroidKS05;@CadarE05].
The major benefit of DSE is to
simplify the construction of a symbolic execution tool by
leveraging concrete execution behavior (given by
actually running the program).
As DSE combines both 
concrete and symbolic reasoning, it also has been called "concolic" 
execution [@SenACAV06].

~ Figure { #fig-DSE caption="Pseudo-code for dynamic symbolic execution" }
```
  i = an input to program P
  while defined(i):
     p = path covered by execution P(i)
     cond = pathCondition(p)
     s = ATP(Not(cond))
     i = s.model()
```
~

The pseudo-code of Figure [#fig-DSE] shows the high level process
of DSE. The variable `i` represents an input
to program `P`. Execution of program `P` on the input `i`
traces  a path `p`, from which
a logical formula `pathCondition(p)` is constructed.
Finally, the ATP is called with the negation of the path-condition
to find a new input (that hopefully will cover a new path).  This
pseudo-code elides a number of details that we will deal with later. 

~ Figure { #fig-easy-DSE caption="Easy example: computing the maximum of four numbers in Python."}
```
def max2(s,t):
	if (s < t):
		return t
	else:
		return s

def max4(a,b,c,d):
	return max2(max2(a,b),max2(c,d))
```
~

Consider the  Python function `max4` in Figure [#fig-easy-DSE],
which computes the maximum of four numbers via three calls to
the function `max2`. Suppose we execute `max4` with values
of zero for all four arguments.  In this case, the 
execution path $p$ contains three comparisons (in the order `(a < b)`, 
`(c < d)`, `(a < c)`), all of which evaluate false.
Thus, the path-condition for path $p$ is `(not(a<b) and not(c<d) and not(a < c))`.
Negating this condition yields `((a<b) or (c<d) or (a<c))`.
Taking the execution ordering of the three comparisons into account, we
derive three expressions from the negated path-condition to generate
new inputs that will explore execution prefixes of path $p$ of increasing length:

 * *length 0*: `(a<b)`
 * *length 1*: `not (a<b) and (c<d)`
 * *length 2*: `not (a<b) and not (c<d) and (a<c)`

The purpose of taking execution order into account should be clear, as the
comparison `(a<c)` only executes in the case where `(not (a<b) and not (c<d))`
holds. Integer solutions to the above three systems of constraints are:

 * `a == 0 and b == 2 and c == 0 and d == 0`
 * `a == 0 and b == 0 and c == 0 and d == 3`
 * `a == 0 and b == 0 and c == 2 and d == 0`

In the three cases above, we sought solutions that kept as many of
the variables as possible equal to the original input (in which 
all variables are equal to 0). Execution of the `max4` function 
on the input corresponding to the first solution produces the path-condition
`((a<b) and not(c<d) and not(b < c))`, from which we can produce more
inputs.   For this (loop-free function), there are a finite number
of path-conditions. We leave it as an exercise to the reader to 
enumerate them all. 

## Leveraging concrete values in DSE

We now consider several situations where we can make use of concrete
values in DSE. In the realm of (unbounded-precision) integer arithmetic 
(e.g., bignum integer arithmetic, as in Python 3.0 onwards),
it is easy  to come up with  tiny programs that will be *very difficult*,
if not *impossible*, 
for any symbolic execution tool to deal with, such as the function `fermat3`
in Figure [#fig-fermat3].  


~ Figure { #fig-fermat3 caption="Hard example for symbolic execution"}
```
def fermat3(x,y,z):
   if (x > 0 and y > 0 and z > 0):
      if (x*x*x + y*y*y == z*z*z):
      	return "Fermat and Wiles were wrong!?!"
   return 0
```
~


Fermat's Last Theorem, proved
by Andrew Wiles in the late 20th century, states that no 
three positive integers $x$, $y$, and $z$ can satisfy the equation
$x^n + y^n = z^n$ for any integer value of $n$ greater than two.
The function `fermat3` encodes this statement for $n=3$.   It
is not reasonable to have a computer waste time trying to find
a solution that would cause `fermat3` to print the string 
`"Fermat and Wiles were wrong!?!"`.  In cases of complex (non-linear)
arithmetic operations,
such as `x*x*x`, we might choose to handle the operation concretely.

There are a number of ways to deal with the above issue: one is 
to recognize all non-linear terms in a symbolic expression and replace
them with their concrete counterparts during execution. For the `fermat3` 
example, this would mean that during DSE the symbolic expression 
`(x*x*x + y*y*y == z*z*z)` would be reduced to the constant `False`
by evaluation on the concrete values of variables `x`, `y` and `z`.

Besides difficult operations (such as non-linear arithmetic),
other examples of code that we might treat
concretely instead of symbolically include
functions that are hard to invert, such as cryptographic hash functions,
or low-level functions that we do not wish to test (such as 
operating system functions).  Consider
the code in Figure [#fig-hash], which applies the function
`unknown` to argument `x` and compares it to argument `y`.
By using the name `unknown` we simply mean to say that we 
wish to model this function as a black box, with no knowledge
of how it operates internally. 

~ Figure { #fig-hash caption="Another hard example for symbolic execution"}
```
def dart(x,y):
  if (unknown(x) == y):
     return 1
  return 0
```
~

In such a case, we can use DSE to execute the function `unknown`
on a specific input (say `5013`) and observe its output
(say `42`). That is, rather than execute `unknown` symbolically
and invoke an ATP to invert the function's path-condition, we
simply treat the call to `unknown` concretely, substituting
its return value (in this case `42`) for the specialized expression 
`unknown(5013) == y` to get the predicate `(42 == y)`. 

Adding the constraint `(x == 5013)` yields the sound but
rather specific path-condition 
`(x == 5013) and (42 == y)`.
Note that the path-condition `(42 == y)` is not sound, as it admits
any value for the variable `x`, which likely includes many values
for which `(unknown(x) == y)` is false.

## Overview 

This introduction elides many important 
issues that arise in implementing DSE for a real language, which we will 
focus on in the remainder of the paper. These include how to:

* Identify the code under test $P$ and the symbolic inputs to $P$;
* Trace the control flow path $p$ taken by execution $P(i)$;
* Reinterpret program operations to compute symbolic expressions;
* Generate a path-condition from $p$ and the symbolic expressions;
* Generate a new input $i'$ by negating (part of) the path-condition, translating
the path-condition to the input language of an ATP, invoking the ATP, and
lifting a satisfying model (if any) back up to the source level;
* Guide the search to expose new paths.

The rest of this paper is organized as follows. Section [#sec-semantics] 
describes an instrumented typing discipline where we lift each type (representing 
a set of concrete values) to a symbolic type (representing
a set of pairs of concrete and symbolic values).
Section [#sec-sp2dse] shows how strongest postconditions defines a symbolic
semantics for a small programming language and how strongest postconditions
can be refined to model DSE.
Section [#sec-impl] describes an implementation of DSE for the Python language
in the Python language that follows the instrumented semantics pattern closely
(full implementation and tests available at [PyExZ3], tagged "v1.0").
Section [#sec-int2z3] describes the symbolic encoding of Python integer 
operations using two decision procedures of Z3: linear arithmetic with
uninterpreted functions in place of non-linear operations;
fixed-width bit-vectors with precise encodings of most operations.
Section [#sec-extensions] offers a number of ideas for projects
to extend the capabilities of [PyExZ3].

# Instrumented Types { #sec-semantics }

We are given a universe of classes/types $U$; a type $T \in U$ carries
along a  set of operations that apply to values of type $T$,
where an operation $o \in T$  takes an argument list of typed 
values as input (the first being of type $T$) and produces a single 
typed value as output. Nullary (static) operations of type $T$ can be 
used to create values of type $T$ (such as constants, objects, etc.)

A program $P$ has typed input variables
$v_1 : T_1 \ldots v_k : T_k$ and a body from the language of statements $S$:

~MathPre
S \rightarrow   & v := E
   | & @skip 
   | & S_1 ; S_2 
   | & @if E @then S_1 @else S_2 @end
   | & @while E @do S @end
~ 

The language of expressions ($E$) is defined by the application of operations
to values, where constants (nullary operations) and 
program variables form the leaves 
of the expression tree and non-nullary operators 
form the interior nodes of the tree.
For now, we will consider all values to be immutable.
That is, the only source of mutation in the language is the 
assignment statement.

To introduce symbolic execution into the picture,
we can imagine that a type $T \in U$ has
(one or more) counterparts in a symbolic universe $U'$. A type $T' \in U'$
is a subtype of $T \in U$ with two purposes:

* First, a value of type $T'$ represents a pair of values: 
a concrete value $c$ of (super)type $T$ and a symbolic expression $e$. 
A symbolic expression is a tree
whose leaves are either nullary operators (i.e., constants) of a type in $U$
or are Skolem constants representing the (symbolic) inputs ($v_1 \ldots v_k$)
to the program $P$, and whose interior nodes represent operations 
from types in $U$. We refer to Skolem constants as "symbolic constants"
from this point on. Note that symbolic expressions do not contain
references to program variables.

* Second, the type $T'$ redefines some of the operations $o \in T$,
namely those for which we wish to compute symbolic expressions.
An operation $o \in T'$ has the same parameter list as $o \in T$, allowing it
to take inputs with types from both $U$ and $U'$. The return type
of $o \in T'$ generally is from $U'$ (though it can be from $U$). 
Thus, $o \in T'$ is a proper function subtype of $o \in T$. 
The purpose of $o \in T'$ is to:
(1) perform operation $o \in T$ on the concrete 
values associated with its inputs; 
(2) build a symbolic expression tree rooted at operation $o$ 
whose children are the trees associated with the inputs to $o$. 

Figure [#fig-subtype] presents pseudo code for the instrumentation
of a type $T$ via a type $T'$.
The class ``Symbolic`` is used to hold an expression tree (``Expr``).
Given a class $T \in U$, a symbolic type $T' \in U'$ is defined by inheriting 
from both $T$ and ``Symbolic``. This ensures that a $T'$ can be used
wherever a $T$ is expected. 

~ Figure { #fig-subtype caption="Type instrumentation to carry both concrete values and symbolic expressions." }
``` cpp2
  class T' : T, Symbolic {
    T'(c:T, e:Expr) : T(c), Symbolic(e) {}

    override o(this:T, f1:T_1, ... , fk:T_k) : R' {
      var c := T.o(this, f1, ... ,fk)
      var e := new Expr(T.o, expr(self), expr(f1), ..., expr(fk))
      return new R'(c,e) 
    }
    ...
  }
  
  class R' : R, Symbolic { ... }
  
  function expr(v) = v instanceof Symbolic ? v.getExpr() : v
```
~

A type such as $T'$  only can be constructed by providing a concrete value $c$ of 
type $T$ and a symbolic expression $e$ to the constructor for $T'$.
This will be done in exactly two places:

* by the creation of symbolic constants associated with the primary
inputs ($v_1 \ldots v_k$) to the program;

* by the instrumented operations as shown  in Figure [#fig-subtype]. 

An instrumented operation $o$ on arguments (``this``, `f1`, ..., `fk`)
first invokes its corresponding underlying
operator $T.o$ on arguments (``this``, `f1`, ..., `fk`) to get concrete value `c`.
It then constructs a new expression tree `e`
rooted at operator $T.o$, whose children are the result of
mapping the function `expr` over (``this``, `f1`, ..., `fk`). 
The helper function `expr(v)`
evaluates to an expression tree in the case that `v` is of ``Symbolic`` type
(representing a type in $U'$) and evaluates to `v` itself, a concrete value
of some type in $U$, otherwise.
Finally, having computed the values `c` and `e`, the instrumented operator 
returns ``\($R'$\)(c,e)``, where $R$ is the return type of operator $T.o$,
and $R'$ is a subtype of $R$ from universe $U'$.

Looked at another way, the universe $U'$ represents the "tainting" of
types from $U$. Tainted values flow from program inputs to the 
operands of operators. If an operator has been redefined
(as above) then the taint propagates from its inputs to its outputs.
On the other hand, if the operator has not been redefined, then it will
not propagate the taint. In the context of DSE, "taint" means
that the instrumented semantics carries along a symbolic expression tree $e$
along with a concrete value $c$.

The choice of types from the universe $U'$ determines how symbolic
expressions are constructed. For each $T \in U$, the "most symbolic"
(least concrete) choice is the $T'$ that redefines every operator of $T$
(as shown in Figure [#fig-subtype]).
The "least symbolic" (most concrete) choice is $T' = T$ which
redefines no operators.  Let $symbolic(T)$ be the
set of types in $U'$ that are subtypes of $T$. The types
in $symbolic(T)$ are partially ordered by subset inclusion on the 
set of operators from $T$ they redefine.

<!-- Example of an instrumentation -->

# From Strongest Postconditions to DSE {#sec-sp2dse}

The previous section showed how symbolic expressions can be computed via a
set of instrumented types, where the expressions are computed as a side-effect 
of the execution of program operations.
This section shows how these symbolic expressions can be used to form a 
*path-condition* (which then can be compiled into a logic formula and 
passed to an automated theorem prover to find new inputs to drive a 
program's execution along new paths). We derive a *path-condition*
directly from the _strongest postcondition_ (symbolic) semantics of our
programming language, refining it to model the basic operations
of an interpreter. 

## Strongest Postconditions

The strongest postcondition transformer $SP$ [@Dijkstra76] is defined over
a predicate $P$ representing a set of 
pre-states and a statement $S$ from our language. The transformer $SP(P,S)$
yields a predicate $Q$ such that for any state $s$ satisfying
predicate $P$, the execution of statement $S$ from state $s$,
if it does not go wrong or diverge, yields a state $s'$ satisfying predicate $Q$. 
The strongest postcondition for the statements in our language
is defined by the following five rules:

~ MathPre
1.  & SP(P, x := E) =^= \exists y . (x = E [ x \rightarrow y ]) \wedge P [ x \rightarrow y ]
2.  & SP(P, @skip) =^= P
3.  & SP(P,S1;S2) =^= SP(SP(P,S1), S2)
4.  & SP(P,@if E @then S_1 @else S_2 @end) =^=
    &       SP(P\wedge E,S_1) \vee  SP(P \wedge \neg E,S_2)
5.  & SP(P,@while E @do S @end) =^=
    &      SP(P,@if E @then S; @while E @do S @end @else @skip @end)
~

Rule (1) defines the strongest postcondition for 
the assignment statement. The assignment is modeled
logically by the equality $x = E$ where any free occurrence of $x$ in $E$
is replaced by the existentially quantified variable $y$, which represents
the value of $x$ in the pre-state. The same substitution ($[x \rightarrow y ]$)
is applied to the pre-state predicate $P$. 

Rules (2)-(5) define the strongest postcondition for the four control-flow
statements. The rules for the **skip** statement and sequencing (;) are
straightforward. 
Of particular interest, note that the rule for the **if-then-else** 
statement splits cases on the expression $E$. 
It is here that DSE will choose one of the cases for us, as the concrete
execution will evaluate $E$ either to be true or false. This gives rise
to the path-condition (either $P \wedge E$ or $P \wedge \neg E$). The
recursive rule for the **while** loop unfolds as many times as the
expression $E$ evaluates true, adding to the path-condition.

## From $SP$ to DSE {#sp-refined}

Assume that an execution begins with the assignment of initial values $c_1 \ldots c_k$ to the program $P$'s inputs
$V = \{ v_1 : T_1 \ldots v_k : T_k \}$.  To seed symbolic execution, some of the types $T_i$ are
replaced by symbolic counterparts $T'_i$, in which case
$v_i$ is initialized to the value $sc_i = T'_i (c_i,SC(v_i))$ instead of the value $c_i$,
where $SC(v_i)$ is the symbolic constant representing the initial value of variable $v_i$.
The symbolic constant $SC(v_i)$ can be thought of as representing any value of
type $T_i$, which includes the value $c_i$.  

Let $V_s$ and $V_c$ partition the variables of $V$ into those variables
that are treated symbolically ($V_s$) and those that are treated concretely 
($V_c$). The initial state of the program is characterized by the formula

~ Equation
Init = (\bigwedge_{v_i \in V_s} v_i = sc_i) ~\wedge~ (~\bigwedge_{v_i \in V_c} v_i = c_i)
~

Thus, we see that the initial value of every input variable is characterized by 
a symbolic constant $sc_i$ or constant $c_i$.  We assume that every non-input
variable in the program is initialized before being used.

The strongest postcondition is formulated to deal with open programs,
programs in which some variables are used before being assigned to. 
This surfaces in Rule (1) for assignment, which uses existential quantification
to refer to the value of variable $x$ in the pre-state.

By construction,
we have that every variable is defined before being used.  This means
that the precondition $P$ can be reformulated as a pair $<St,P_c>$,
where $St$ is a store mapping variables to values and $P_c$ is
the path-condition, a list of symbolic expressions (predicates) 
corresponding
to the expressions $E$ evaluated in the context of an **if-then-else** 
statement. Initially, we have that :

~ Equation
St = \{ (v_i,sc_i) | v_i \in V_s \} \cup \{ (v_i,c_i) | v_i \in V_c \}
~

representing the initial condition $Init$, and $P_c = []$, the empty list.
We use $St'$ to refer to the formula that the store $St$
induces: 

~ Equation
St ' =  \bigwedge_{(v,V) \in St} (v = V)
~

Thus, the pair $<St,P_c>$ represents the predicate 
$P = St' \wedge (\bigwedge_{c \in P_c} c)$.
A store $St$ supports two operations: $St[x]$ which denotes the
value that $x$ maps to under $St$; $St[x \mapsto V]$, which 
produces a new store in which $x$ maps to value $V$ and is everywhere 
else the same as $St$. 

Now, we can redefine strongest postcondition for assignment to eliminate the
use of existential quantification and model the operation of an interpreter,
by separating out the notion of the store:

~MathPre
1. & SP(<St, P_c>, x := E) =^= <St[x \mapsto eval(St,E)], P_c>\\
~

where $eval(St,E)$ evaluates expression $E$ under the store $St$
(where every occurrence of a free variable
$v$ in $E$ is replaced by the value $St[v]$). 
This is the standard substitution rule of a standard operational semantics. 

We also redefine the rule for the **if-then-else** statement so
that it chooses which branch to take and appends the appropriate
symbolic expression (predicate) to the path-condition $P_c$:

~MathPre
4. & SP(<St, P_c>, @if E @then S_1 @else S_2 @end) =^=  
   &   @let choice = eval(St,E) @in
   &   @if choice @then SP(<St, P_c :: expr(choice) >,S_1) 
   &   @else SP(<St, P_c :: \neg expr(choice) >,S_2)
~

The other strongest postcondition rules remain unchanged.

## Summing it up

We have shown how the symbolic predicate transformer $SP$ can 
be refined into a symbolic interpreter operating over the
symbolic types defined in the previous section.
In the case when every input variable is symbolic and every
operator is redefined, the path-condition is equivalent to the
_strongest postcondition_ of the execution path $p$. 
This guarantees that the path-condition for $p$ is *sound*.
In the case where a subset of the input variables are symbolic
and/or not all operators are redefined, the path-condition of $p$ 
is not guaranteed to be sound. We leave it as an exercise to the
reader to establish sufficient conditions under which the 
use of concrete values in place of symbolic expressions is 
guaranteed to result in sound path-conditions. 

This section does not address the compilation of a symbolic
expression to the (logic) language of an underlying ATP, nor the
lifting of a satisfying assignment to a formula back to the
level of the source language. This is best done for a particular
source language and ATP, as detailed in the next section. 


# Architecture of PyExZ3 { #sec-impl }

In this section we present the high-level architecture
of a simple DSE tool for the Python language, written in Python, called [PyExZ3]. 
Figure [#fig-arch]
shows the class diagram (dashed edges are "has-a" relationships; solid edges
are "is-a" relationships) of the tool. 

~ Figure { #fig-arch caption="Classes in PyExZ3" page-align=here }
![arch]
~

[arch]: arch.png "arch"  { width=100% }

## Loading the code under test

The `Loader` class takes as input the name of a Python file (e.g., `foo.py`) 
to import. The loader expects to find a function named
`foo` inside the file `foo.py`, which will serve as the starting point
for symbolic execution. The `FunctionInvocation` class
wraps this starting point. By default, each parameter to `foo` is
a `SymbolicInteger` unless there is decorator `@symbolic` specifying
the type to use for a particular argument.

The loader provides the capability to reload the
module `foo.py` so that the function `foo` can be 
reexecuted within the same process from the same initial
state with different inputs (see the class `ExplorationEngine`)
via the `FunctionInvocation` class. 

Finally, the loader looks for specially named functions `expected_result`
(`expected_result_set`) in file `foo.py` to use as a test oracle after
the path exploration (by `ExplorationEngine`) has completed. These
functions are expected to return a list of values to check
against the list of return values collected from the executions of 
the `foo` function.
The presence of the function `expected_result` (`expected_result_set`) 
yields a comparison of the two lists as bags (sets). We use such weaker
tests, rather than list equality, because the order in which paths
are explored by the `ExplorationEngine` can easily change due to small
differences in the input programs. 

## Symbolic types

Python supports multiple inheritance and, more importantly,
allows user-defined classes to inherit 
from its built-in types (such as `object` and `int`).
We use these two features two implement
symbolic versions of Python objects and integers, 
following the instrumented type approach defined in Section [#sec-semantics]. 

The abstract class `SymbolicType` contains the 
symbolic expression tree and provides basic functions for constructing 
and accessing the tree.  This class does double duty, as it is used
to represent the (typed) symbolic constants associated with the parameters to the 
function, as well as the expression trees (per Section [#sec-semantics]). Recall
that the symbolic constants only appear as leaves of expression trees.
This means that the expression tree stored in a `SymbolicType` will
have instances of a `SymbolicType` as some of its leaves, namely
those leaves representing the symbolic constants.
<!-- Need to say why this is important -->
The abstract class provides an `unwrap` method which returns
the pair of concrete value and expression tree associated with
the `SymbolicType`, as well as a `wrap` method that takes a 
pair of concrete value and expression tree and creates a `SymbolicType`
encapsulating them. 

The class `SymbolicObject` inherits from both `object` and `SymbolicType` and
overrides the basic comparison operations (`__eq__`, `__neq__`, `__lt__`, `__le__`,
`__gt__`, and `__ge__`).
The class `SymbolicInteger` inherits from both `int` and `SymbolicObject`
and overrides a number of `int`'s arithmetic methods
(`__add__`, `__sub__`, `__mul__`, `__mod__`, `__floordiv_`)
and bitwise methods
(`__and__`, `__or__`, `__xor__`, `__lshift__`, `__rshift__`).


## Tracing control-flow

As Python interprets a program, it will evaluate expressions, 
substituting the value of a variable in its place in an 
expression, applying operators (methods) to 
parameter values and assigning the return values of methods
to variables. Value of type `SymbolicInteger` will simply flow
through this interpretation, without necessitating any change 
to the program or the interpreter. This takes care
of the case of the strongest-postcondition rule for assignment,
as elaborated in Section [#sp-refined].

The strong-postcondition rule for a conditional test requires
a little more work. In Python, any object can be tested in
an `if` or `while` condition or as the operand of a Boolean operation
(`and`, `or`, `not`)
The Python base class `object` provides a method named `__bool__` that
the Python runtime calls whenever it needs to perform such a conditional test.
This hook provides us what we need to trace the conditional
control-flow of a Python execution.  We override this method in the class
`SymbolicObject` in order to inform the `PathToConstraint` object (defined
later) of the symbolic expression for the conditional (as captured by
the `SymbolicInteger` subclass). 

Note that the use of this hook in combination with the
tainted types will only trace those conditionals
in a Python execution whose values inherit from `SymbolicObject`; 
by definition, "untainted" conditionals do not depend on symbolic 
inputs so there is no value in adding them to the path-condition.

## Recording path-conditions

A `Predicate` records a conditional (more precisely the symbolic expression
found in `SymbolicInteger`) and
which way it evaluated in an execution.  A `Constraint`
has a `Predicate`, a parent `Constraint` and a set
of `Constraint` children. `Constraints` form a tree, where
each path starting from the root of the tree represents
a path-condition. The tree represents all path-conditions that have
been explored so far.

The class `PathToConstraint` has a reference to the root of 
the tree of `Constraint`s
and is responsible for installing a new `Constraint` in the tree
when notified by the overridden `__bool__` method of `SymbolicObject`.
`PathToConstraint` also tracks whether or not the current execution
is following an existing path in the tree and grows the
tree as needed. In fact, it actually
tracks whether or not the current execution follows a particular
*expected path* in the tree.

The expected path is the result
of the `ExplorationEngine` picking a constraint $c$ in the tree,
and asking the ATP if the path-condition consisting of the prefix
of predicates up to but not including $c$ in the tree, 
followed by the negation of $c$'s predicate is satisfiable. If the 
ATP returns "satisfiable" (with a new input $i$), then the assumption
is that path-condition prefix is sound (that is, the execution of
the program on input $i$ will follow the prefix). 

However, it is possible 
for the path-condition to be unsound and for 
the executed path to diverge early 
from the expected path, due to the fact that not every operation
has a symbolic encoding.  The tool simply reports the divergence
and continues to process the execution as usual (as a diverging
path may lead to some other interesting part of the code). 

## From symbolic types to Z3

As we have explained DSE, the symbolic expressions are 
represented at the level of the source language. As detailed later
in Section [#sec-int2z3], we must translate 
from the source language to the input language of an
automated theorem prover (ATP), in this case [Z3].  This
separation of languages is quite useful, as we may have
the need to translate a given symbolic expression
to the ATP's language multiple times, to make use of different
features of the underlying ATP. 
Furthermore, this separation
of concerns allows us to easily retarget the DSE tool to a
different ATP. 

The base class `Z3Expression` represents a Z3 formula. The two 
subclasses `Z3Integer` and `Z3BitVector` represent different ways 
to model arithmetic reasoning about integers in Z3. We will describe
the details of these encodings in Section [#sec-int2z3].

The class `Z3Wrapper` is responsible for performing the
translation from the source language (Python) to Z3's input language, 
invoking Z3, and lifting a Z3 answer back to the level of Python. 
The `findCounterexample` method does all the work, taking as
input a list of `Predicate`s (called `assertions`) 
as well as a single `Predicate` (called
the `query`). The `assertions` represent a path-condition
prefix derived from the `Constraint` tree that we wish the next
execution to follow, while `query` represents the predicate
following the prefix in the tree that we will negate.

The method constructs the formula

~Equation
(\bigwedge_{a \in asserts} a) \wedge \neg query
~

and asks Z3 if it is satisfiable. The method performs
a standard syntactic "cone of influence" (CIF)
reduction on the `asserts` with respect to the 
`query` to shrink the size of the formula. For example,
if `asserts` is the set of predicates $\{ (x<a), (a<0), (y>0) \}$ and
the query is $(x=0)$, then the CIF yields the
set  $\{ (x<a), (a<0) \}$, which does not include the predicate $(y>0)$,
as the variable $y$ is not in the set of variables (transitively)
related to variable $x$.

If the formula is satisfiable a model is requested
from Z3 and lifted back to Python's type universe.  Note that
because of the CIF reduction, the model may not mention certain
input variables, in which case we simply keep their values from
the execution from which the `asserts` and `query` were derived. 

## Putting it all together

The class `ExplorationEngine` ties everything together. It kicks off
an execution of the Python code under test using `FunctionInvocation`.
As the Python code executes, building symbolic expressions via `SymbolicType`
and its subclasses, callbacks to `PathToConstraint` create
a path-condition, represented by `Constraint` and `Predicate`. 
Newly discovered `Constraints` are added to the end of a deque maintained by
`ExplorationEngine`.

Given the first seed execution, `ExplorationEngine` starts the work of 
exploring paths in a breadth-first fashion. It removes a `Constraint` $c$
from the front of its deque and, if $c$ has not been already "processed", 
uses `Z3Wrapper` to find a new input (as discussed in the previous section)
where $c$ is the query (to be negated) and the path to $c$ in the 
`Constraint` tree forms the assertions. 

A `Constraint` $c$ in the tree is considered "processed" if an execution 
has covered $c'$, a sibling of $c$ in the tree that represents
the negation of the predicate associated with $c$, or if constraint $c$
has been removed from the deque. 

# From Python Integers to Z3 Arithmetic { #sec-int2z3 }

In languages such as C and Java, integers are finite-precision,
generally limited to the size of a machine word (32 or 64 bits, for example).
For such languages, satisfiability of finite-precision integer arithmetic
is decidable and can be reduced to Z3's theory of bit-vectors, where
each arithmetic operation is encoded by a circuit. This translation permits 
reasoning about non-linear arithmetic problems, such as 
$\exists x,y,z : x*z + y \leq (z/y)+5$.

Python (3.0) integers, however, are not finite-precision. They are only
limited by the size of machine memory. This means, for example, that
Python integers don't overflow or underflow. It also means that
we can't hope to decide algorithmically whether or not a given
equation over integer variables has a solution in general. Hilbert's famous
10th problem and its solution by Matiyasevich tells us that it is
undecidable whether or not a polynomial
equation of the form $p(x_1, \ldots, x_n) = 0$ with integer coefficients
has an solution in the integers.

This means that we will resort to heuristic approaches in our use
of the [Z3] ATP.  The special case of linear integer arithmetic (LIA)
is decidable and supported by Z3. In order to deal with non-linear operations,
we use uninterpreted functions (UF). Thus, if Z3 returns
"unsatisfiable" we know that there is no solution, but if the
Z3 "satisfiable", we must treat the answer as a "don't know". 
The class `Z3Integer` is used to translate a symbolic expression
into the theory LIA+UF and check for unsatisfiability. We leave it as an
implementation exercise to check if a symbolic expression can
be converted to LIA (without the use of UF) in order to make
use of "satisfiable" answers from the LIA solver.

If the translation to `Z3Integer` does not return "unsatisfiable", we
use Z3's bit-vector decision procedure (via the class
`Z3BitVector`) to heuristically
try to find satisfiable answers, even in the presence of non-linear 
arithmetic. We start with bit-vectors of size $N=32$ and *bound* the values
of the symbolic constants to fit within 8 bits in order to find 
satisfiable solutions
with small values. Also, because Python integers do not overflow/underflow, 
the bound helps us reserve space in the bit-vector to allow the
results of operations to exceed the bound while not overflowing
the bit-vector. As long as Z3 returns "unsatisfiable" we increase
the bound. If the bound reaches $N$, we increase $N$ by 8 bits,
leaving the bound where it is and continue. 

If Z3 returns
"satisfiable", it may be the case that Z3 found a solution
that involved overflow in the bit-vector world of arithmetic
(modulo $2^N-1$). Therefore,
the solution is validated back in the
Python world by evaluating the formula under that solution
using Python semantics. 
If the formula does not evaluate to the same
value in both worlds, then we increase $N$ by 8 bits (to 
create a gap between the bound and $N$) and continue to search
for a solution.

The process terminates when we find a valid satisfying solution 
or $N=64$ and the bound reaches 64 (in which case, we return "don't know").

# Extensions {#sec-extensions}

We have presented the basics of dynamic symbolic execution 
(for Python).
A more thorough treatment would deal with other data types besides
integers, such as Python dictionaries, strings and lists, each
of which presents their own challenges for symbolic reasoning. 
There are many other interesting challenges in DSE, such
as dealing with user-defined classes (rather than built-in types
as done here) and multi-threaded execution. 

# Acknowledgements

Many thanks to the students of the 2014 Marktoberdorf Summer School
on Dependable Software Systems Engineering
for their questions and feedback about the first author's lectures on dynamic
symbolic execution. The following students of the summer school
helpfully provided tests for the [PyExZ3] tool: Daniel Darvas,
Damien Rusinek, Christian Dehnert and Thomas Pani. Thanks also to Peter
Chapman for his contributions. 


<!-- 
# From Python Dictionaries to Z3 Maps { #sec-dict2z3 }

Python dictionaries, which map keys to values,
introduce mutation into the picture. The methods are:

- Length: 	`__length__(self)` - will be maintained concretely, as cardinality constraints
are beyond the scope of what we can handle
- Get: 	`__getitem__(self,key)` - Select
- Set: 	`__setitem__(self,key,value)` - Update
- Lookup: 	`__contains__(self,key)` - 
- Delete: 	`__delitem__(self,key)` - Update 


A dictionary can be mutated via the `__setitem__` and '__delitem__` methods.
The keys stored  in Python dictionary must be hashable values. 
All of Python's immutable
built-in objects (such as integers, tuples and strings) are hashable. 
User-defined classes give rise to hashable mutable objects, where
the hash value is the object id (an immutable field of the object).

Ideally, symbolic expression trees should contain only
immutable values, as they are a pure function of the initial
(immutable) state of a program.  However, the reality is that
the values associated with keys in a dictionary can be mutable.
For example, a dictionary itself can be a value in another
dictionary.    

As we will see, for the purposes of modelling a dictionary symbolically, 
however, the object id of the value in a (key,value) pair is all that
needs to be recorded. The object id is immutable, as mentioned before. 
Thus, we can represent the state of the dictionary via an append-only log 
of updates where the parameters 
to each update are immutable values (set and delete are the update
operations).  Each lookup/get/length operation hangs off of a particular
prefix of the log. 

We model the dictionary as initially
empty, containing no mapping (rejects all lookups and get, length is zero).



The essential axioms

* Initially empty
* Select
* Update

Inverting select means that we need disequality on values in
the dictionary (SymbolicObject)

Equality of dictionaries (extensional arrays)

-->

# References {-}
[BIB]


================================================
FILE: marktoberdorf_paper/DSE/IOS-Book-Article.cls
================================================
%% This is file `IOSarticle.cls'
%%
%% Generic LaTeX 2e class file for the IOS Press publications
%%
%% Macros written by Vytas Statulevicius, VTeX, Lithuania
%% for IOS Press, The Netherlands
%% Please submit bugs or your comments to vytas@vtex.lt
%%
%% You are free to use this class file as you see fit, provided 
%% that you do not make changes to the file. 
%% If you DO make changes, you are required to rename this file.
%%
%% It may be distributed under the terms of the LaTeX Project Public
%% License, as described in lppl.txt in the base LaTeX distribution.
%% Either version 1.0 or, at your option, any later version.
%%
%% \CharacterTable
%%  {Upper-case    \A\B\C\D\E\F\G\H\I\J\K\L\M\N\O\P\Q\R\S\T\U\V\W\X\Y\Z
%%   Lower-case    \a\b\c\d\e\f\g\h\i\j\k\l\m\n\o\p\q\r\s\t\u\v\w\x\y\z
%%   Digits        \0\1\2\3\4\5\6\7\8\9
%%   Exclamation   \!     Double quote  \"     Hash (number) \#
%%   Dollar        \$     Percent       \%     Ampersand     \&
%%   Acute accent  \'     Left paren    \(     Right paren   \)
%%   Asterisk      \*     Plus          \+     Comma         \,
%%   Minus         \-     Point         \.     Solidus       \/
%%   Colon         \:     Semicolon     \;     Less than     \<
%%   Equals        \=     Greater than  \>     Question mark \?
%%   Commercial at \@     Left bracket  \[     Backslash     \\
%%   Right bracket \]     Circumflex    \^     Underscore    \_
%%   Grave accent  \`     Left brace    \{     Vertical bar  \|
%%   Right brace   \}     Tilde         \~}
%%
%%
%% Bug fixes and changes:
%% 2004.05.19 - small change o layout
%% 2004.09.14 - \parindent changed
%% 2006.03.27 - centering on A4, no running heads, \snm makes uppercase
%% 2006.04.20 - changed: \thebibliography size, indent, \parindent

\NeedsTeXFormat{LaTeX2e}[1995/12/01]
\ProvidesClass{IOS-Book-Article}
              [2006/04/20 v1.0, IOS Press]

\newif\if@restonecol \@restonecolfalse
\newif\if@openright
\newif\if@mainmatter \@mainmattertrue

\DeclareOption{draft}{\setlength\overfullrule{5pt}}
\DeclareOption{final}{\setlength\overfullrule{0pt}}
\DeclareOption{openright}{\@openrighttrue}
\DeclareOption{openany}{\@openrightfalse}
\DeclareOption{onecolumn}{\@twocolumnfalse\@restonecoltrue}
\DeclareOption{twocolumn}{\@twocolumntrue}
\DeclareOption{leqno}{\input{leqno.clo}}
\DeclareOption{fleqn}{\input{fleqn.clo}}%
%
% Numbering switches:
\newif\if@seceqn   \@seceqnfalse   \DeclareOption{seceqn}{\@seceqntrue}
\newif\if@secfloat \@secfloatfalse \DeclareOption{secfloat}{\@secfloattrue}
\newif\if@secthm                   \DeclareOption{secthm}{\@secthmtrue}
%
% 
% Selection of font size and page dimensions
% If 12pt option is used, page will be reduced by 80% at printing time
\newif\if@ten@point \@ten@pointfalse

\DeclareOption{10pt}{\@ten@pointtrue}
\DeclareOption{12pt}{\@ten@pointfalse}

% Information about the publication
\def\booktitle#1{\gdef\book@title{#1}}
\def\bookeditors#1{\gdef\book@editors{#1}}
\def\publisher#1{\gdef\@publisher{#1}}

\booktitle{Book Title}
\bookeditors{Book Editors}
\publisher{IOS Press}

\ExecuteOptions{10pt,onecolumn,twoside,final,openright,fleqn}
\ProcessOptions
%

%************************* FONTS
%\def\@xivpt{14}
%\def\@xviipt{17}
%\def\@xviiipt{18}
%\def\@xxpt{20}
%\def\@xxivpt{24}

% Fonts:
\typeout{Ten point}
%
\renewcommand\normalsize{%
   \@setfontsize\normalsize\@xpt{12pt plus .5\p@ minus .1\p@}%
   \abovedisplayskip 12\p@ \@plus3pt \@minus3pt%
   \abovedisplayshortskip\abovedisplayskip%
   \belowdisplayshortskip\abovedisplayskip%
   \belowdisplayskip \abovedisplayskip%
   \let\@listi\@listI}

\newcommand\small{%
   \@setfontsize\small\@ixpt\@xipt%
   \abovedisplayskip 5.5\p@ \@plus3pt%
   \abovedisplayshortskip 5.5\p@ \@plus1pt \@minus1pt%
   \belowdisplayshortskip 5.5\p@ \@plus1pt \@minus1pt%
   \def\@listi{\leftmargin\leftmargini
               \topsep 5\p@ \@plus2\p@ \@minus2\p@
               \parsep \z@ \itemsep \parsep}%
   \belowdisplayskip \abovedisplayskip%
}
\newcommand\footnotesize{%
   \@setfontsize\footnotesize\@viiipt\@xpt%
   \abovedisplayskip 5.5\p@ \@plus3pt%
   \abovedisplayshortskip 5.5\p@ \@plus1pt \@minus1pt%
   \belowdisplayshortskip 5.5\p@ \@plus1pt \@minus1pt%
   \def\@listi{\leftmargin\leftmargini
               \topsep 4\p@ \@plus2\p@ \@minus2\p@
               \parsep \z@ \itemsep \parsep}%
   \belowdisplayskip \abovedisplayskip%
}
\newcommand\scriptsize{\@setfontsize\scriptsize\@viiipt{9.5}}
\newcommand\tiny{\@setfontsize\tiny\@vipt\@viipt}
\newcommand\large{\@setfontsize\large\@xiipt{14}}
\newcommand\Large{\@setfontsize\Large\@xivpt{18}}
\newcommand\LARGE{\@setfontsize\LARGE\@xviipt{22}}
\newcommand\huge{\@setfontsize\huge\@xxpt{25}}
\newcommand\Huge{\@setfontsize\Huge\@xxvpt{30}}

\normalsize

% Customization of fonts
\renewcommand\sldefault{it}
\renewcommand\bfdefault{b}
\let\slshape\itshape
%

% ********************* DIMENSIONS:
% TEXT DIMENSIONS
\setlength\parindent{18\p@}
\@settopoint\parindent
\setlength\textwidth{124mm}
\@settopoint\textwidth
\setlength\textheight{200mm}
\@settopoint\textheight
\setlength\columnsep{10mm}
\@settopoint\columnsep
\setlength\columnwidth{95mm}
\@settopoint\columnwidth
\setlength\columnseprule{0\p@}
\hoffset -0.5cm
\voffset -1cm

% HEADS:
\setlength\headheight{12\p@}
\setlength\headsep   {15\p@}
\setlength\topskip   {10\p@}
\setlength\footskip  {25\p@}
\setlength\maxdepth  {.5\topskip}
% SIDE MARGINS
\setlength\oddsidemargin   {0mm}
\setlength\evensidemargin  {0mm}
\setlength\topmargin       {10mm}
\@settopoint\topmargin
% TEXT PARAMETERS
\setlength\lineskip{1\p@}
\setlength\normallineskip{1\p@}
\renewcommand\baselinestretch{}
\setlength\parskip{0\p@}

% Center on A4:

\def\paper@width {210mm}
\def\paper@height{297mm}

\hoffset=-1in
\voffset=-1in

\@tempdima=\paper@width
\advance\@tempdima by-\textwidth
\divide\@tempdima by2
\setlength\evensidemargin  {\@tempdima}%
\setlength\oddsidemargin   {\@tempdima}%

\@tempdima=\paper@height
\advance\@tempdima by-\textheight
\advance\@tempdima by-\headsep
\advance\@tempdima by-\headheight
\divide\@tempdima by2
\setlength\topmargin  {\@tempdima}%




% BREAKS
\setlength\smallskipamount{6\p@ \@plus 1\p@ \@minus 1\p@}
\setlength\medskipamount{12\p@ \@plus 3\p@ \@minus 3\p@} 
\setlength\bigskipamount{24pt \@plus 3\p@ \@minus 3\p@}  
% PAGE-BREAKING PENALTIES
\clubpenalty=4000
\widowpenalty=4000
\displaywidowpenalty=50
\predisplaypenalty=0   % Breaking before a math display.
% \postdisplaypenalty  % Breaking after a math display.
% \interlinepenalty    % Breaking at a line within a paragraph.
% \brokenpenalty       % Breaking after a hyphenated line.
\pretolerance=100    % Badness tolerance for the first pass (before hyphenation)
\tolerance=800       % Badness tolerance after hyphenation
\hbadness=800        % Badness above which bad hboxes will be shown
\emergencystretch=3\p@
\hfuzz=1\p@           % do not be to critical about boxes

%
\doublehyphendemerits=0
\adjdemerits=0
\brokenpenalty=0
\interlinepenalty=0
%
\if@twocolumn
 \setlength\marginparsep {10\p@}
\else
  \setlength\marginparsep{7\p@}
\fi
\setlength\marginparpush{5\p@}

% FOOTNOTES
\setlength\footnotesep{6.65\p@}
\setlength{\skip\footins}{12\p@ \@plus 6\p@}
% FLOATS
\setlength\floatsep    {15\p@ \@plus 10\p@ \@minus 4\p@}
\setlength\textfloatsep{12\p@ \@plus 6\p@ \@minus 4\p@}
\setlength\intextsep   {12\p@ \@plus 6\p@ \@minus 4\p@}
\setlength\dblfloatsep    {15\p@ \@plus 10\p@ \@minus 4\p@}
\setlength\dbltextfloatsep{12\p@ \@plus 12\p@ \@minus 4\p@}
%  For floats on a separate float page or column:
\setlength\@fptop{0\p@ \@plus 1fil}
\setlength\@fpsep{8\p@ \@plus 1000fil}
\setlength\@fpbot{0\p@ \@plus 1fil}
\setlength\@dblfptop{0\p@ \@plus 1fil}
\setlength\@dblfpsep{8\p@ \@plus 1000fil}
\setlength\@dblfpbot{0\p@ \@plus 1fil}
%
\setcounter{topnumber}{5}
\renewcommand\topfraction{.90}
\setcounter{bottomnumber}{5}
\renewcommand\bottomfraction{.90}
\setcounter{totalnumber}{10}
\renewcommand\textfraction{.10}
\renewcommand\floatpagefraction{.9}
\setcounter{dbltopnumber}{5}
\renewcommand\dbltopfraction{.99}
\renewcommand\dblfloatpagefraction{.8}
%
% PENALTIES
\@lowpenalty   51
\@medpenalty  151
\@highpenalty 301
\@beginparpenalty -\@lowpenalty
\@endparpenalty   -\@lowpenalty
\@itempenalty     -\@lowpenalty
% LISTS
\setlength\partopsep{0\p@}
\def\@listI{\leftmargin\leftmargini
            \parsep 0\p@ \@plus2\p@ \@minus\p@
            \topsep 9\p@ \@plus2\p@ \@minus2\p@
            \partopsep\p@
            \itemsep 1\p@ \@plus.5\p@ \@minus1\p@}
\let\@listi\@listI
\@listi
\def\@listii {\leftmargin\leftmarginii
              \labelwidth\leftmarginii
              \advance\labelwidth-\labelsep
              \topsep    4\p@ \@plus2\p@ \@minus\p@
              \parsep    0\p@ \@plus1\p@  \@minus\p@
              \itemsep   \parsep}
\def\@listiii{\leftmargin\leftmarginiii
              \labelwidth\leftmarginiii
              \advance\labelwidth-\labelsep
              \topsep    2\p@ \@plus\p@\@minus\p@
              \parsep    \z@
              \partopsep \p@ \@plus\z@ \@minus\p@
              \itemsep   \topsep}
\def\@listiv {\leftmargin\leftmarginiv
              \labelwidth\leftmarginiv
              \advance\labelwidth-\labelsep}
\def\@listv  {\leftmargin\leftmarginv
              \labelwidth\leftmarginv
              \advance\labelwidth-\labelsep}
\def\@listvi {\leftmargin\leftmarginvi
              \labelwidth\leftmarginvi
              \advance\labelwidth-\labelsep}
%
\DeclareMathSizes{\@xivpt}{\@xivpt}{\@xpt}{\@viiipt}
\DeclareMathSizes{12}{12}{\@viiipt}{\@viipt}
%
% ******************** HEADINGS
%
% normal heading
\def\ps@headings{%
      \let\@oddfoot\@empty\let\@evenfoot\@empty
      \def\@evenhead{\footnotesize\rlap{\thepage}\hfill\textit{\leftmark}\hfill}%
      \def\@oddhead{\footnotesize\hfill\textit{\rightmark}\hfill\llap{\thepage}}%
}%
% empty RH
\def\ps@empty{\let\@mkboth\@gobbletwo
     \def\@oddhead{\hfill}\def\@oddfoot{}
\let\@evenhead\@oddhead\let\@evenfoot\@oddfoot}
%
% RH  with pagenumber at bottom
\def\ps@plain{\let\@mkboth\@gobbletwo
     \def\@oddhead{\hfill}\def\@oddfoot{}
\let\@evenhead\@oddhead
  \def\@oddfoot{\hfill\footnotesize\thepage\hfill}
  \let\@evenfoot\@oddfoot
}
% First page RH
\def\ps@copyright{\let\@mkboth\@gobbletwo
  \def\@evenhead{\parbox[t]{.75\textwidth}{\footnotesize\raggedright\itshape\titleheadline}\hfill\footnotesize\thepage}%
  \def\@oddhead {\parbox[t]{.75\textwidth}{\footnotesize\raggedright\itshape\titleheadline}\hfill\footnotesize\thepage}%
  \let\@oddfoot\relax%
  \let\@evenfoot\@oddfoot%
}
%
% HEADLINE: Book Title  
%           Book Editors
%           IOS Press, 0000
%
\def\titleheadline{%
   \book@title\\
   \book@editors\\
   \@publisher, \the\@pubyear}
%
\def\@copyright{\@issn/\the@copyear/\$\@price\ \copyright@sign\
\the\@pubyear\@copyrightowner}%
%

% ************************ FOOTNOTE
%
\newcommand\@makefntext[1]{%
    \parindent1em\@makefnmark #1}
\def\@makefnmark{\@textsuperscript{\normalfont\@thefnmark}}%
%
% ************************ Counters
\setcounter{secnumdepth}{3}
\newcounter {section}
\newcounter {subsection}[section]
\newcounter {subsubsection}[subsection]
\newcounter {paragraph}[subsubsection]
\newcounter {subparagraph}[paragraph]
\renewcommand \thesection {\@arabic\c@section}
\renewcommand\thesubsection   {\thesection.\@arabic\c@subsection}
\renewcommand\thesubsubsection{\thesubsection .\@arabic\c@subsubsection}
\renewcommand\theparagraph    {\thesubsubsection.\@arabic\c@paragraph}
\renewcommand\thesubparagraph {\theparagraph.\@arabic\c@subparagraph}
%
% ******************** Sectioning commands
\def\no@harm{\let\thanks=\@gobble \let\\=\@empty}
%**************** Section commands
\def\nohyphen{\pretolerance=10000 \tolerance=10000
\hyphenpenalty=10000 \exhyphenpenalty=10000}
\newcommand\section{\@startsection {section}{1}{\z@}%
                                   {-\bigskipamount}%
                                   {\medskipamount}%
                                   {\normalsize\bfseries\nohyphen\raggedright}}
\newcommand\subsection{\@startsection {subsection}{2}{\z@}%
                                   {-\medskipamount}%
                                   {\medskipamount}%
                                   {\normalsize\itshape\nohyphen\raggedright}}
\newcommand\subsubsection{\@startsection{subsubsection}{3}{\z@}%
                                     {-\medskipamount}%
                                     {\smallskipamount}%
                                     {\normalsize\itshape\nohyphen\raggedright}}
\newcommand\paragraph{\@startsection{paragraph}{4}{\z@}%
                                    {\smallskipamount}%
                                    {-1em}%
                                    {\normalsize\itshape}}
\newcommand\subparagraph{\@startsection{subparagraph}{5}{\z@}%
                                       {0.1pt}%
                                       {-1em}%
                                       {\normalsize\itshape}}
% Format for the counter:
\def\@seccntformat#1{\csname the#1\endcsname.\enspace}
%
\def\appendix{\par
   \setcounter{section}{0}%
   \setcounter{subsection}{0}%
   \gdef\thesection{\Alph{section}}}
%
\def\acknowledgements{\section*{\acknowledgementsname}%
  \typeout{\acknowledgementsname}}
%
\def\notes{\section*{Notes}\footnotesize}
\def\endnotes{\par \vskip 6pt plus12pt minus2pt\relax}
%****************** LISTS
\if@twocolumn
  \setlength\leftmargini  {2em}
\else
  \setlength\leftmargini  {2.5em}
\fi
\leftmargin  \leftmargini
\setlength\leftmarginii  {2.2em}
\setlength\leftmarginiii {1.87em}
\setlength\leftmarginiv  {1.7em}
\if@twocolumn
  \setlength\leftmarginv  {.5em}
  \setlength\leftmarginvi {.5em}
\else
  \setlength\leftmarginv  {1em}
  \setlength\leftmarginvi {1em}
\fi
\setlength  \labelsep  {.4em}
\setlength  \labelwidth{\leftmargini}
\addtolength\labelwidth{-\labelsep}
%
\renewcommand\theenumi{\@arabic\c@enumi}
\renewcommand\theenumii{\@alph\c@enumii}
\renewcommand\theenumiii{\@roman\c@enumiii}
\renewcommand\theenumiv{\@Alph\c@enumiv}
\newcommand\labelenumi{\theenumi.}
\newcommand\labelenumii{(\theenumii)}
\newcommand\labelenumiii{\theenumiii.}
\newcommand\labelenumiv{\theenumiv.}
\renewcommand\p@enumii{\theenumi}
\renewcommand\p@enumiii{\theenumi(\theenumii)}
\renewcommand\p@enumiv{\p@enumiii\theenumiii}
%
\def\setenumlabel#1{\gdef\max@enumlabel{#1}}
\setenumlabel{1.}
%
\def\enumerate{\@ifnextchar[{\enumerate@}{\enumerate@[\max@enumlabel]}}
%
\def\enumerate@[#1]{\ifnum \@enumdepth >4 \@toodeep\else
 \advance\@enumdepth \@ne
 \edef\@enumctr{enum\romannumeral\the\@enumdepth}%
 \list {\csname label\@enumctr\endcsname}%
 {\usecounter{\@enumctr}\def\makelabel##1{{\hfill\rm ##1}}
\settowidth{\labelwidth}{#1}
\advance\labelwidth by\parindent \labelsep=0.5em
 \leftmargin\z@ \rightmargin\z@ \itemindent=\labelwidth
        \advance\itemindent\labelsep
        \leftmargin=\the\itemindent\itemindent=\z@
        \partopsep\z@ \topsep\smallskipamount \parsep\z@ \itemsep\z@ %\@rightskip\z@ plus 1fil
 \listparindent\z@}\fi\setenumlabel{1.}}

%%%%%%%%%%%%%%%%%%%%%% ITEMIZE
\newcommand\labelitemi{\normalfont\bfseries \textbullet}
\newcommand\labelitemii{\textasteriskcentered}
\newcommand\labelitemiii{\textasteriskcentered}
\newcommand\labelitemiv{\textperiodcentered}

\let\@itemize@indent\parindent
%
\def\itemize{\@ifnextchar[{\itemize@}{\itemize@[]}}
\def\itemize@[#1]{\ifnum \@itemdepth >4 \@toodeep\else
  \advance\@itemdepth \@ne
  \edef\@itemitem{labelitem\romannumeral\the\@itemdepth}%
  \if.#1. \else\def\@@tempa{#1}\edef\@itemitem{@@tempa}\fi\list
{\csname\@itemitem\endcsname}{\settowidth{\labelwidth}
                {\csname\@itemitem\endcsname}
                \def\makelabel##1{##1}\labelsep=0.5em%ST
		\itemindent=\labelwidth \advance\itemindent\labelsep
                \advance\itemindent\@itemize@indent
		\leftmargin\the\itemindent \itemindent=\z@
                \partopsep\z@ \topsep\smallskipamount \parsep\z@ %\@rightskip\z@ plus 1fil
		\itemsep\z@ \listparindent\z@} \fi}
%
\newenvironment{description}
               {\list{}{\labelwidth\z@ \itemindent-\leftmargin
                        \let\makelabel\descriptionlabel}}
               {\endlist}
\newcommand*\descriptionlabel[1]{\hspace\labelsep
                                \normalfont\bfseries #1}
\newenvironment{verse}
               {\let\\\@centercr
                \list{}{\itemsep      \z@
                        \itemindent   -1.5em%
                        \listparindent\itemindent
                        \rightmargin  \leftmargin
                        \advance\leftmargin 1.5em}%
                \item\relax}
               {\endlist}

\newenvironment{quotation}
               {\list{}{\small\listparindent2mm%
                        \itemindent\z@   %
                        \rightmargin\z@   \leftmargin\parindent%
                        \partopsep\z@ \topsep\smallskipamount \parsep\z@%
                        }%
                \item[\Q@strut]\relax}
               {\endlist}
\def\Q@strut{\leavevmode\hbox{\vrule height9pt depth1pt width0pt}}

\newenvironment{quote}
               {\list{}{\listparindent\z@%
                        \itemindent    \listparindent%
                        \rightmargin\z@   \leftmargin 1.5em%
                        \partopsep\z@ \topsep6pt \parsep\z@%
                        }%
                \item[\Q@strut]\relax}
               {\endlist}
%
%************************** TABULAR
\let\savehline\hline
   \def\thline{\noalign{\vskip3pt}\savehline\noalign{\vskip3pt}}%
   \def\fhline{\noalign{\vskip1pt}\savehline\noalign{\vskip7pt}}%
   \def\bhline{\noalign{\vskip3pt}\noalign{\global\arrayrulewidth=1\p@}\savehline\noalign{\global\arrayrulewidth=.5\p@}\noalign{\vskip3pt}}%
   \def\lhline{\noalign{\vskip3pt}\noalign{\global\arrayrulewidth=.3\p@}\savehline\noalign{\global\arrayrulewidth=.5\p@}\noalign{\vskip3pt}}
%
%************************** MATH SETTINGS
\setlength\mathindent{2em}
\setlength\arraycolsep{1.2\p@}
\setlength\tabcolsep{6\p@}
\setlength\arrayrulewidth{.4\p@}
\setlength\doublerulesep{2\p@}
\setlength\tabbingsep{\labelsep}
\setlength\jot{6\p@}
\skip\@mpfootins = \skip\footins
\setlength\fboxsep{3\p@}
\setlength\fboxrule{.4\p@}
\if@seceqn
\@addtoreset {equation}{section}
\renewcommand\theequation{\thesection.\@arabic\c@equation}
\else
\renewcommand\theequation{\@arabic\c@equation}
\fi
%******* TABLES, FIGURES, ALGORITHM
\newcounter{figure}
\if@secfloat
 \@addtoreset{figure}{section}
 \renewcommand \thefigure {\thesection.\@arabic\c@figure}
\else
 \renewcommand \thefigure {\@arabic\c@figure}
\fi
\def\fps@figure{tbp}
\def\ftype@figure{1}
\def\ext@figure{lof}
\def\fnum@figure{\figurename~\thefigure.}
\newenvironment{figure}
               {\let\@makecaption\@makefigurecaption\let\@floatboxreset\@figureboxreset\@float{figure}}
               {\end@float}
\newenvironment{figure*}
               {\let\@makecaption\@makefigurecaption\let\@floatboxreset\@figureboxreset\@dblfloat{figure}}
               {\end@dblfloat}

\def\@figureboxreset{%
        \reset@font%
        \centering%
        \@setnobreak%
        \@setminipage%
}


\long\def\@makefigurecaption#1#2{\footnotesize%
 \vskip\abovecaptionskip
\setbox\@tempboxa\hbox{\textbf{#1}\enspace #2}%
  \ifdim \wd\@tempboxa >\hsize
    \unhbox\@tempboxa\par
  \else
    \hbox to\hsize{\hfil\box\@tempboxa\hfil}%
  \fi}
%
% TABLE
\newcounter{table}
\if@secfloat
  \@addtoreset{table}{section}
\renewcommand \thetable{\thesection.\@arabic\c@table}
\else
  \renewcommand \thetable{\@arabic\c@table}
\fi
\def\fps@table{tbp}
\def\ftype@table{2}
\def\ext@table{lot}
\def\fnum@table{\tablename~\thetable.}
%
\newenvironment{table}
               {\let\@makecaption\@maketablecaption%
               \let\@floatboxreset\@tableboxreset\@float{table}}
               {\end@float}
\newenvironment{table*}
               {\let\@makecaption\@maketablecaption%
               \let\@floatboxreset\@tableboxreset\@dblfloat{table}}
               {\end@dblfloat}
%
\def\@tableboxreset{%
        \reset@font%
        \centering\footnotesize%
        \def\arraystretch{1.2}
        \@setnobreak%
        \@setminipage%
}

\newlength\abovecaptionskip
\newlength\belowcaptionskip
\setlength\abovecaptionskip{8\p@}
\setlength\belowcaptionskip{3\p@}
%
\newdimen\tablewidth \tablewidth\textwidth
\newdimen\saved@tablewidth \saved@tablewidth\textwidth
%
\long\def\@maketablecaption#1#2{%
 \begingroup%
    \footnotesize%
    \global\setbox\@tempboxa\hbox{\textbf{#1}\enspace #2}%
 \endgroup%
 \centering%
 \ifdim \wd\@tempboxa>\tablewidth %
    \parbox[t]{\tablewidth}{\footnotesize\textbf{#1}\enspace #2\vphantom{Ay}\par}%
 \else
    \hbox to\hsize{\hfill\box\@tempboxa\vphantom{Ay}\hfill}%
 \fi%
 \global\saved@tablewidth\tablewidth%
 \global\tablewidth\hsize\vskip\belowcaptionskip}
%
%
%%****************** Algorithm
\newcounter{algorithm}
\if@secfloat
  \@addtoreset{algorithm}{section}
\renewcommand \thealgorithm{\thesection.\@arabic\c@algorithm}
\else
  \renewcommand \thealgorithm{\@arabic\c@algorithm}
\fi
\def\fps@algorithm{tbp}
\def\ftype@algorithm{4}
\def\ext@algorithm{loa}
\def\fnum@algorithm{\algorithmname~\thealgorithm.}
%
\newenvironment{algorithm}
               {\let\@makecaption\@makealgorithmcaption%
               \let\@floatboxreset\@algorithmboxreset\@float{algorithm}}
               {\end@float}
\newenvironment{algorithm*}
               {\let\@makecaption\@makealgorithmcaption%
               \let\@floatboxreset\@algorithmboxreset\@dblfloat{algorithm}}
               {\end@dblfloat}

\def\@algorithmboxreset{%
        \reset@font%
        \centering
        \@setnobreak%
        \@setminipage%
}
\long\def\@makealgorithmcaption#1#2{\vskip 2ex \small
  \hbox to \hsize{\parbox[t]{\hsize}{{\bf #1} #2}}}
%
%%%% Program Code:
\def\programcode{%
\let\@makealgorithmcaption\@makefigurecaption
\def\algorithmname{Program Code}}


%********************* COMPATIBILITY WITH OLD LATEX:
\DeclareOldFontCommand{\rm}{\normalfont\rmfamily}{\mathrm}
\DeclareOldFontCommand{\sf}{\normalfont\sffamily}{\mathsf}
\DeclareOldFontCommand{\tt}{\normalfont\ttfamily}{\mathtt}
\DeclareOldFontCommand{\bf}{\normalfont\bfseries}{\mathbf}
\DeclareOldFontCommand{\it}{\normalfont\itshape}{\mathit}
\let\sl\it
\DeclareOldFontCommand{\sc}{\normalfont\scshape}{\@nomath\sc}
\DeclareRobustCommand*\cal{\@fontswitch\relax\mathcal}
\DeclareRobustCommand*\mit{\@fontswitch\relax\mathnormal}
%
% *********** MATH
%
\if@secthm
 \@addtoreset{thm}{section}
 \def\thethm{\thesection.\arabic{thm}}
\else
 \def\thethm{\arabic{thm}}
\fi
%
%***************************** BIBLIOGRAPHY

\newenvironment{thebibliography}[1]
     {\section*{\refname}\footnotesize\rmfamily\upshape%
      \list{\@biblabel{\@arabic\c@enumiv}}%
           {\settowidth\labelwidth{\@biblabel{#1}}%
            \leftmargin\labelwidth
            \setlength\labelsep{8\p@}
            \advance\leftmargin\labelsep
            \usecounter{enumiv}%
            \let\p@enumiv\@empty
            \renewcommand\theenumiv{\@arabic\c@enumiv}}%
      \sloppy
      \clubpenalty4000
      \@clubpenalty \clubpenalty
      \widowpenalty4000%
      \sfcode`\.\@m}
     {\def\@noitemerr
       {\@latex@warning{Empty `thebibliography' environment}}%
      \endlist}
%
\newcommand\newblock{\hskip .11em\@plus.33em\@minus.07em}
%
\def\@citex[#1]#2{%
  \let\@citea\@empty
  \@cite{\@for\@citeb:=#2\do
    {\@citea\def\@citea{,\penalty\@m\hskip.1pt}%
     \edef\@citeb{\expandafter\@firstofone\@citeb}%
     \if@filesw\immediate\write\@auxout{\string\citation{\@citeb}}\fi
     \@ifundefined{b@\@citeb}{\mbox{\reset@font\bfseries ?}%
       \G@refundefinedtrue
       \@latex@warning
         {Citation `\@citeb' on page \thepage \space undefined}}%
       {\hbox{\csname b@\@citeb\endcsname}}}}{#1}}

%****************************** FRONTMATTER *
%
\newtoks\t@glob@notes
\newtoks\t@loc@notes
\newcount\note@cnt
\newcounter{author}
\newcount\n@author
\def\n@author@{}
\newcounter{address}
%
\newcount\sv@hyphenpenalty
%
\newcount\prev@elem \prev@elem=0
\newcount\cur@elem  \cur@elem=0
\chardef\e@pretitle=1
\chardef\e@title=1
\chardef\e@subtitle=1
\chardef\e@author=2
\chardef\e@address=3
%
\newif\if@newelem
\newif\if@firstauthor
\newif\if@preface
\newif\if@hasabstract
\newif\if@haskeywords
%
\newbox\fm@box
\newdimen\fm@size
\newbox\t@abstract
\newbox\t@keywords
%
\def\add@tok#1#2{\global#1\expandafter{\the#1#2}}
\def\add@xtok#1#2{\begingroup
  \no@harm
  \xdef\@act{\global\noexpand#1{\the#1#2}}\@act
\endgroup}
%
\def\tailthanksref[#1]#2{\noexpand\pthanksref{#1}}
\def\pthanksref#1{\global\advance\note@cnt\@ne\ifnum\note@cnt>\@ne
\global\t@loc@notes\expandafter{\the\t@loc@notes\note@sep}\fi
\global\t@loc@notes\expandafter{\the\t@loc@notes#1}}
%
\def\beg@elem{\global\t@loc@notes={}\global\note@cnt\z@}
\def\@xnamedef#1{\expandafter\xdef\csname #1\endcsname}
\def\no@harm{%
  \let\\=\relax  \let\rm\relax
  \let\ss=\relax \let\ae=\relax \let\oe=\relax
  \let\AE=\relax \let\OE=\relax
  \let\o=\relax  \let\O=\relax
  \let\i=\relax  \let\j=\relax
  \let\aa=\relax \let\AA=\relax
  \let\l=\relax  \let\L=\relax
  \let\d=\relax  \let\b=\relax \let\c=\relax
  \let\bar=\relax
  \def\protect{\noexpand\protect\noexpand}}
%
\def\proc@elem#1#2{\begingroup
    \no@harm
    \def\thanks##1##{\@gobble}%
    \def\thanksref##1##{\@gobble}%
    \@xnamedef{@#1}{#2}%
  \endgroup
  \prev@elem=\cur@elem
  \cur@elem=\csname e@#1\endcsname
  \expandafter\elem@nothanksref#2\thanksref\relax%
  \expandafter\elem@nothanks#2\thanks\relax}
%
\def\elem@nothanksref#1\thanksref{\futurelet\@peektok\elem@thanksref}
\def\elem@thanksref{\ifx\@peektok\relax
  \else \expandafter\elem@morethanksref \fi}
\def\elem@morethanksref[#1]#2{\add@thanks{#1}\elem@nothanksref}
%
\def\elem@nothanks#1\thanks{\futurelet\@peektok\elem@thanks}
\def\elem@thanks{\ifx\@peektok\relax
  \else \ifx\@peektok[ \expandafter\expandafter\expandafter\elem@morethankse
  \else \expandafter\expandafter\expandafter\elem@morethanks \fi\fi}
%
\def\elem@morethankse[#1]#2{\thanks@optarg[#1]{#2}\add@thanks{#1}\elem@nothanks}
\def\elem@morethanks#1{\thanks@optarg[]{#1}\add@thanks{}\elem@nothanks}
%
\def\add@thanks#1{%
  \global\advance\note@cnt\@ne
    \ifnum\note@cnt>\@ne \add@xtok\t@loc@notes{\note@sep}\fi
    \ifx.#1.\add@xtok\t@loc@notes{\thefootnote}\else
        \add@xtok\t@loc@notes{#1}\fi%
}
\def\add@addressref#1{%
  \global\advance\note@cnt\@ne
    \ifnum\note@cnt>\@ne \add@xtok\t@loc@notes{\note@sep}\fi
    \add@tok\t@loc@notes{\ref{#1}}%
}
\def\note@sep{,}
%
\def\thanks@optarg[#1]#2{%
    \ifx.#1.\add@tok\t@glob@notes{\footnotetext}%
    \else\add@tok\t@glob@notes{\freefootnotetext}\fi%
    \refstepcounter{footnote}%
    \ifx.#1.\add@xtok\t@glob@notes{[\the\c@footnote]}%
    \else\add@xtok\t@glob@notes{[#1]}\fi%
    \add@tok\t@glob@notes{{#2}}%
        \ignorespaces}%
%
% FRONTMATTER
%
\def\artty#1{}
%
\newdimen\a@title@skip   \a@title@skip=12\p@
\newskip\b@section@skip  \b@section@skip=12\p@ plus6\p@ minus6\p@%
\newskip\b@pretitle@skip \b@pretitle@skip=6\p@
%
\def\frontmatter{%
  \let\@corresp@note\relax
  \global\t@glob@notes={}\global\c@author\z@
  \global\c@address\z@
  \global\n@author=0\n@author@\relax
  \global\advance\n@author\m@ne
  \global\@firstauthortrue
  \global\@hasabstractfalse
  \global\@prefacefalse
  \parindent\z@
  \open@fm \ignorespaces}
%
\def\preface{\@prefacetrue}
%
% ENDFRONTMATTER
%
\def\endfrontmatter{%
  \global\n@author=\c@author \@writecount
  \global\@topnum\z@
  \ifx\@firstpage\@lastpage
    \gdef\@pagerange{\@firstpage}
  \else
    \gdef\@pagerange{\@firstpage--\@lastpage}
  \fi
%  \thispagestyle{copyright}%
  \if@twocolumn\else\output@glob@notes\fi
  \if@preface
    \@hasabstractfalse
  \fi
  \if@hasabstract
    \normal@text
    \vskip 18\p@
    \centering
    \leavevmode\box\t@abstract\par
  \fi
  \if@haskeywords
    \normal@text
    \if@hasabstract \vskip6pt\else\vskip18pt\fi    
    \centering
    \leavevmode\box\t@keywords\par
  \fi
  \close@fm
  \if@twocolumn\output@glob@notes\fi
  \markboth{\@runauthor\@runtitle}{\@runauthor\@runtitle}%
  \global\@prefacefalse
  \global\leftskip\z@
  \global\@rightskip\z@
  \global\rightskip\@rightskip
%  \global\c@footnote=0
  \let\title\relax       \let\author\relax
  \let\address\relax
  \let\frontmatter\relax \let\endfrontmatter\relax
  \let\@maketitle\relax  \let\@@maketitle\relax
  \normal@text}
%
% Dvieju koloneliu zurnale per visa lapo ploti eina
% tik pretitle, title ir subtitle. Tam ivedame komanda
% \maketitle, kuri uzdaro box'a

  \def\two@c@maketitle{%
    \global\let\close@fm\relax%
    \vskip\b@section@skip%
    \par \egroup
    \emergencystretch=1pc \twocolumn[\unvbox\fm@box]}
%
\if@restonecol
  \let\maketitle\relax
\else
  \let\maketitle\two@c@maketitle
\fi
%

%
\newdimen\t@xtheight
\def\init@settings{
\splittopskip=\topskip \splitmaxdepth=\maxdepth
\t@xtheight\textheight \advance\t@xtheight-\splittopskip}
%
\def\open@fm{
  \global\setbox\fm@box=\vbox\bgroup
  \hsize=\textwidth
  \centering
  \sv@hyphenpenalty\hyphenpenalty
  \hyphenpenalty\@M}
%

\def\close@fm{%
  \vskip\b@section@skip%
  \par \egroup
  \if@twocolumn\else%
    \fm@size=\dp\fm@box \advance\fm@size by \ht\fm@box
    \@whiledim\fm@size>\t@xtheight \do{%
      \global\setbox\@tempboxa=\vsplit\fm@box to \t@xtheight
      \unvbox\@tempboxa \newpage
      \fm@size=\dp\fm@box \advance\fm@size by \ht\fm@box}
  \fi%
  \if@twocolumn
    \emergencystretch=1pc \twocolumn[\unvbox\fm@box]
  \else
    \unvbox\fm@box
  \fi}
%
\def\output@glob@notes{\bgroup
  \the\t@glob@notes
  \egroup}
%
\def\justify@off{\let\\=\@normalcr
  \leftskip\z@ \@rightskip\@flushglue \rightskip\@rightskip}
\def\justify@on{\let\\=\@normalcr
  \parfillskip\@flushglue%
  \leftskip\z@ \@rightskip\z@ \rightskip\@rightskip}
%
\def\normal@text{\global\let\\=\@normalcr
  \global\leftskip\z@ \global\@rightskip\z@ \global\rightskip\@rightskip
  \global\parfillskip\@flushglue}
%
\def\@writecount{\write\@mainaux{\string\global
  \string\@namedef{n@author@}{\the\n@author}}%
}
%
% TITLE
\def\pretitle#1{%
\vspace*{\b@pretitle@skip}\pretitle@size#1\par\vskip6\p@\hrule
\vskip12\p@}
%
\def\title#1{%
  \beg@elem
  \title@note@fmt
  \add@tok\t@glob@notes
    {\title@note@fmt}%
  \proc@elem{title}{#1}%
  \def\title@notes{\the\t@loc@notes}%
  \title@fmt{\@title}{\title@notes}%
  \ignorespaces}
%
\newdimen\@@topskip \@@topskip=24\p@
%
\def\title@fmt#1#2{%
  \vspace*{\@@topskip}
  {\title@size #1\hbox{$^{#2}$}\par}%
  \vskip\a@title@skip%
  }

%
\def\subtitle#1{%
  \beg@elem
  \proc@elem{subtitle}{#1}%
  \def\title@notes{\the\t@loc@notes}%
  \subtitle@fmt{\@subtitle}{\title@notes}%
  \ignorespaces}
%
%
\def\subtitle@fmt#1#2{%
  {\subtitle@size #1\,\hbox{$^{\mathrm{#2}}$}\par}%
  \vskip\a@title@skip%
  }
%
\def\title@note@fmt{\def\thefootnote{\arabic{footnote}}}
%
% AUTHOR
%
\newdimen\b@author@skip
\b@author@skip 12\p@
%
\def\author{\@ifnextchar[{\author@optarg}{\author@optarg[]}}
%
\def\author@optarg[#1]#2{\stepcounter{author}%
  \beg@elem\def\degs##1{##1}\def\fnms##1{##1}\def\inits##1{##1}%
        \def\snm##1{\MakeUppercase{##1}}\def\roles##1{##1}%
  \if@firstauthor%
  \first@author \global\@firstauthorfalse \fi%
  \@for\@tempa:=#1\do{\expandafter\add@addressref\expandafter{\@tempa}}%
  \proc@elem{author}{#2}%
  \author@fmt{\the\c@author}{\the\t@loc@notes}{\@author}}%
%
%\newbox\author@box

%
\def\author@fmt#1#2#3{\@newelemtrue
  \ifnum\prev@elem=\e@author \global\@newelemfalse \fi
  \if@newelem \author@fmt@init \fi
  \edef\@tempb{#2}\ifx\@tempb\@empty
    \hbox{#3}\else
    \hbox{#3\,$^{\mathrm{#2}}$}%
  \fi}
%
\def\first@author{\author@note@fmt%
  \add@tok\t@glob@notes%
    {\author@note@fmt}}%
%
\def\author@fmt@init{%
  \par
  \vskip \b@author@skip
  \authors@size\centering
  \leavevmode}
%
\def\and{\unskip~and~}
%
\def\author@note@fmt{%
  \def\thefootnote{\arabic{footnote}}}
%
\def\sxarabic#1{%
        \expandafter\ifcase\value{#1} \or *\or **\or *** \or **** \or *****\fi
}
%
% ADDRESS
%
\def\email#1{{e-mail:\ #1}}
%
\def\address{\@ifstar{\address@star}%
  {\@ifnextchar[{\address@optarg}{\address@noptarg}}}
%
\def\address@optarg[#1]#2{\refstepcounter{address}%
  \beg@elem
  \proc@elem{address}{#2}%
  \address@fmt{\the\c@address}{\the\t@loc@notes}{\@address}\label{#1}%
  \ignorespaces}
%
\def\address@noptarg#1{\refstepcounter{address}%
  \beg@elem
  \proc@elem{address}{#1}%
  \address@fmt{\z@}{\the\t@loc@notes}{\@address}%
  \ignorespaces}
%
\def\address@star#1{%
  \beg@elem
  \proc@elem{address}{#1}%
  \address@fmt{\m@ne}{\the\t@loc@notes}{\@address}%
  \ignorespaces}
%
\def\theaddress{\alph{address}}
%
\def\address@fmt#1#2#3{\@newelemtrue
  \ifnum\prev@elem=\e@address \@newelemfalse \fi
  \if@newelem \address@fmt@init \fi
  \bgroup\parskip\z@\noindent\centering \address@size
  \ifnum#1=\z@
    #3\,$^{\mathrm{#2}}$\space%
  \else
    \ifnum#1=\m@ne
      $^{\phantom{\mathrm{\theaddress}}\,}$#3\,$^{\mathrm{#2}}$%
    \else
      $^{\mathrm{\theaddress}\,}$#3\,$^{\mathrm{#2}}$%
    \fi
  \fi
  \par\egroup}
%
\def\address@fmt@init{%
        \def\@currentlabel{\theaddress}
  \par
  \vskip 2\p@ plus 1\p@ minus 1\p@}
%
% ABSTRACT
%
\def\abstract{\@ifnextchar[{\@abstract}{\@abstract[]}}
\def\@abstract[#1]{%
  \global\@hasabstracttrue
  \hyphenpenalty\sv@hyphenpenalty
  \global\setbox\t@abstract=\vbox\bgroup
  \linewidth\abstract@width
  \hsize\abstract@width
  \justify@on\abstract@size\parindent 1em
  \abstract@indent\textbf{\abstractname}\ignorespaces}
\def\endabstract{\par\egroup}
%
% KEYWORDS
\def\sep{\unskip, }
\global\@haskeywordsfalse
\newdimen\dp@t@keywords
\def\keyword{\global\@haskeywordstrue%
  \global\setbox\t@keywords=\vbox\bgroup%
  \hsize\abstract@width%
  \justify@on\abstract@size\parindent 0\p@
  \textbf{\keywordsname}\ignorespaces
  }
\def\endkeyword{\par\egroup\global\dp@t@keywords=\dp\t@keywords}
\def\keywords#1{\begin{keyword}#1\end{keyword}}
%
% 
%
% Running title
\def\runningtitle#1{\gdef\@runtitle{#1}}   \def\@runtitle{}
\def\runningauthor#1{{\def\etal{et al.}\gdef\@runauthor{#1\@runsep}}} \def\@runauthor{}
\def\runningsep#1{\gdef\@runsep{#1}}
\def\@runsep{\ /\ }
%
\def\journal#1{\gdef\@journal{#1}}     \@ifundefined{@journal}{\gdef\@journal{Journal not defined}}{}
\def\volume#1{\gdef\@volume{#1}}       \def\@volume{0}
\def\issue#1{\gdef\@issue{#1}}         \def\@issue{0}
%
%
\newcount\@pubyear
\newcount\@copyear
\@pubyear=\number\year
\@copyear\@pubyear 
\advance\@copyear-2000

\def\pubyear#1{\global\@pubyear#1
  \global\@copyear\@pubyear 
  \global\advance\@copyear-2000%
  \ignorespaces}
%
\def\the@copyear{\ifnum\@copyear<10 0\fi\the\@copyear}

%
\pubyear{2003}
%
\def\firstpage#1{\def\@tempa{#1}\ifx\@tempa\@empty\else
  \gdef\@firstpage{#1}\gdef\@lastpage{#1}%
  \global\c@page=#1 \ignorespaces\fi
  }
\def\@firstpage{1}
\def\lastpage#1{\def\@tempa{#1}\ifx\@tempa\@empty\else
  \gdef\@lastpage{#1}\ignorespaces\fi}
\def\@lastpage{0}
\def\@pagerange{1--0}

% Write the last page:
\def\write@last@page{%
\write\@mainaux{\string\global\string\@namedef{@lastpage}{\the\c@page}}}

\AtEndDocument{\write@last@page}
% SGML
\long\def\convertas#1#2{#2}
\def\sday#1{#1}\def\smonth#1{#1}\def\syear#1{#1}
\def\aid#1{\gdef\@aid{#1}}
%
\def\SSDI#1{\gdef\@ssdi{#1}} \def\@ssdi{000000-00}
\def\issn#1{\gdef\@issn{#1}}
\def\price#1{\gdef\@price{#1}}
%
\def\date#1{\gdef\@date{#1}}    \def\@date{\today}
%

\def\empty@data{\@nil}
%

%***************** BACKMATTER
\newcommand\backmatter{\goodbreak}

%**************** INICIALIZATION
\newcommand\refname{References}
\newcommand\figurename{Figure}
\newcommand\tablename{Table}
\newcommand\algorithmname{Algorithm}
\newcommand\appendixname{Appendix}
\newcommand\abstractname{Abstract. }
\newcommand\keywordsname{Keywords. }
\def\acknowledgementsname{Acknowledgements}
%
\def\copyright@sign{\copyright}
%
% DIMENSIONS
\def\@articletypesize{\large}
\def\pretitle@size{\LARGE}
\def\title@size{\huge}
\def\subtitle@size{\large\itshape}
\def\authors@size{\normalsize}
\def\abstract@size{\footnotesize}
\def\abstract@width{22pc}
\def\abstract@indent{\noindent}
\def\address@size{\normalsize\itshape}
% Block preparation of contents:
\def\addcontentsline#1#2#3{}
\long\def\addtocontents#1#2{}
%
\newcommand\today{}
\edef\today{\ifcase\month\or
  January\or February\or March\or April\or May\or June\or
  July\or August\or September\or October\or November\or December\fi
  \space\number\day, \number\year}
%
\@twosidetrue
\pagenumbering{arabic}
\frenchspacing
\init@settings

\if@twocolumn\setlength\tablewidth{\columnwidth}
\else\setlength\tablewidth{\textwidth}\fi
%\pagestyle{headings}
\pagestyle{empty}

\endinput
%%
%% End of file `IOS-Book-Article.cls'.


================================================
FILE: marktoberdorf_paper/DSE/cpp2.json
================================================
{ "name": "cpp2",  
  "extend": "cpp",  
  "extraKeywords": ["function","override","var","instanceof"]
}

================================================
FILE: marktoberdorf_paper/DSE/dse.bib
================================================
@article{King76,
  author = {James C. King},
  title = {Symbolic Execution and Program Testing},
  journal = {Communications of the ACM},
  volume = {19},
  number = {7},
  pages = {385–394}, 
  year = {1976}
}

@article{Clarke76,
  author    = {Lori A. Clarke},
  title     = {A System to Generate Test Data and Symbolically Execute Programs},
  journal   = {{IEEE} Transactions on Software Engineering},
  volume    = {2},
  number    = {3},
  pages     = {215--222},
  year      = {1976}
}

@book{Dijkstra76,
  author    = {Edsger W. Dijkstra},
  title     = {A Discipline of Programming},
  publisher = {Prentice-Hall},
  year      = {1976}
}

@article{Korel90,
  author    = {Bogdan Korel},
  title     = {Automated Software Test Data Generation},
  journal   = {{IEEE} Transactions on Software Engineering},
  volume    = {16},
  number    = {8},
  pages     = {870--879},
  year      = {1990}
}

@article{Korel92,
  author    = {Bogdan Korel},
  title     = {Dynamic Method of Software Test Data Generation},
  journal   = {Journal of Software Testing, Verification and Reliability},
  volume    = {2},
  number    = {4},
  pages     = {203--213},
  year      = {1992}
}

@inproceedings{Gupta00,
  author    = {Neelam Gupta and
               Aditya P. Mathur and
               Mary Lou Soffa},
  title     = {Generating Test Data for Branch Coverage},
  booktitle = {Proceedings of the Automate Software Engineering Conference},
  pages     = {219--228},
  year      = {2000}
}

@inproceedings{GodefroidKS05,
  author    = {Patrice Godefroid and
               Nils Klarlund and
               Koushik Sen},
  title     = {{DART:} directed automated random testing},
  booktitle = {Proceedings of the {ACM} {SIGPLAN} Conference on Programming
               Language Design and Implementation},
  pages     = {213--223},
  year      = {2005}
}

@inproceedings{SenACAV06,
  author    = {Koushik Sen and
               Gul Agha},
  title     = {{CUTE} and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking
               Tools},
  booktitle = {Proceedings of 18th Computer Aided Verification Conference},
  pages     = {419--423},
  year      = {2006}
}

@inproceedings{CadarE05,
  author    = {Cristian Cadar and
               Dawson R. Engler},
  title     = {Execution Generated Test Cases: How to Make Systems Code Crash Itself},
  booktitle = {Proceedings of 12th International {SPIN} Workshop},
  pages     = {2--23},
  year      = {2005}
}

@inproceedings{CadarGPDE06,
  author    = {Cristian Cadar and
               Vijay Ganesh and
               Peter M. Pawlowski and
               David L. Dill and
               Dawson R. Engler},
  title     = {{EXE:} automatically generating inputs of death},
  booktitle = {Proceedings of the 13th {ACM} Conference on Computer and Communications
               Security},
  pages     = {322--335},
  year      = {2006}
}

@inproceedings{CadarDE08,
  author    = {Cristian Cadar and
               Daniel Dunbar and
               Dawson R. Engler},
  title     = {{KLEE:} Unassisted and Automatic Generation of High-Coverage Tests
               for Complex Systems Programs},
  booktitle = {Proceedings of the 8th {USENIX} Symposium on Operating Systems Design and Implementation},
  pages     = {209--224},
  year      = {2008}
}

@inproceedings{deMouraB08,
  author    = {Leonardo Mendon{\c{c}}a de Moura and
               Nikolaj Bj{\o}rner},
  title     = {{Z3:} An Efficient {SMT} Solver},
  booktitle = {Proceedings of the 14th International Conference of Tools and Algorithms for the Construction and Analysis of Systems},
  pages     = {337--340},
  year      = {2008}
}

@inproceedings{Godefroid11,
  author    = {Patrice Godefroid},
  title     = {Higher-order test generation},
  booktitle = {Proceedings of the {ACM} {SIGPLAN} Conference on Programming
               Language Design and Implementation},
  pages     = {258--269},
  year      = {2011}
}

@article{GodefroidLM12,
  author    = {Patrice Godefroid and
               Michael Y. Levin and
               David A. Molnar},
  title     = {{SAGE:} whitebox fuzzing for security testing},
  journal   = {Communications of the {ACM}},
  volume    = {55},
  number    = {3},
  pages     = {40--44},
  year      = {2012}
}

@article{CadarS13,
  author    = {Cristian Cadar and
               Koushik Sen},
  title     = {Symbolic execution for software testing: three decades later},
  journal   = {Communications of the {ACM}},
  volume    = {56},
  number    = {2},
  pages     = {82--90},
  year      = {2013}
}


================================================
FILE: marktoberdorf_paper/DSE/ignores.dic
================================================


================================================
FILE: marktoberdorf_paper/DSE/out/DSE.tex
================================================
\documentclass{IOS-Book-Article}
% generated by Madoko, version 0.9.3-beta
%mdk-data-line={1}

\usepackage[heading-base=2]{madoko}


\begin{document}
%mdk-begin-texraw
%mdk-data-line={25}
\begin{frontmatter}              % The preamble begins here.
%\pretitle{Pretitle}
\title{Deconstructing Dynamic Symbolic Execution}
%\runningtitle{IOS Press Style Sample}
%\subtitle{Subtitle}
\author[A]{\fnms{Thomas} \snm{Ball}}
and 
\author[B]{\fnms{Jakub} \snm{Daniel}}

\runningauthor{Thomas Ball et al.}
\address[A]{Microsoft Research}
\address[B]{Charles University}
\begin{mdDiv}[class={abstract},elem={abstract},data-line={39}]%
\begin{mdP}[data-line={40}]%
%mdk-data-line={40}
{}Dynamic symbolic execution (DSE) is a well-known technique
for automatically generating tests to achieve higher levels
of coverage in a program. Two keys ideas of DSE are
to: (1) seed symbolic execution by executing a program on an
initial input; (2) use concrete values from the program
execution in place of symbolic expressions whenever symbolic
reasoning is hard or not desired. We describe
DSE for a simple core language and then present
a minimalist implementation of DSE for Python (in Python) 
that follows this basic recipe. The code is available 
at https://www.github.com/thomasjball/PyExZ3/ (tagged %mdk-data-line={50}
{}{\textquotedblleft}v1.0{\textquotedblright}%mdk-data-line={50}
{}) 
and has been designed to make it easy to experiment with and
extend.%
\end{mdP}%%
\end{mdDiv}%
%mdk-begin-texraw
%mdk-data-line={56}
\begin{keyword}
Symbolic Execution, Automatic Test Generation, White-box Testing, Automated 
Theorem Provers
\end{keyword}
\end{frontmatter}
\thispagestyle{empty}
\pagestyle{empty}
\mdHxx[id=sec-intro,label={[1]\{.heading-label\}},toc={},data-line={70},caption={[[1]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Introduction},bookmark={1.{\hspace{0.5em}}Introduction}]{%mdk-data-line={70}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{1}.{\hspace{0.5em}}}%mdk-data-line={70}
{}Introduction}%mdk-data-line={73}
\defcommand{\mathkw}[1]{\textbf{#1}}
\begin{mdP}[data-line={78}]%
%mdk-data-line={78}
{}Static, path-based symbolic execution explores one control-flow path
at a time through a (sequential) program %mdk-data-line={79}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={79}
{}, using an automated theorem
prover (ATP) to determine if the current path %mdk-data-line={80}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={80}
{} is feasible%mdk-data-line={80}
{}{\mdNbsp}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{clarke76}{}{\mdSpan[class={bibitem-label}]{4}}, \mdA[class={bibref,localref},target-element={bibitem}]{king76}{}{\mdSpan[class={bibitem-label}]{11}}]}%mdk-data-line={80}
{}. 
Ideally, symbolic execution of a path %mdk-data-line={81}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={81}
{} through program
%mdk-data-line={82}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={82}
{} yields a logic formula %mdk-data-line={82}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\phi_p$}%mdk-data-line={82}
{} that describes the set of inputs %mdk-data-line={82}
{}\mdSpan[class={math-inline},elem={math-inline}]{$I$}%mdk-data-line={82}
{} (possibly empty)
to program %mdk-data-line={83}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={83}
{} such that for any %mdk-data-line={83}
{}\mdSpan[class={math-inline},elem={math-inline}]{$i \in I$}%mdk-data-line={83}
{}, the execution %mdk-data-line={83}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P(i)$}%mdk-data-line={83}
{} follows path %mdk-data-line={83}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={83}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={85}]%
%mdk-data-line={85}
{}If the formula %mdk-data-line={85}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\phi_p$}%mdk-data-line={85}
{} is unsatisfiable then %mdk-data-line={85}
{}\mdSpan[class={math-inline},elem={math-inline}]{$I$}%mdk-data-line={85}
{} is empty and so path %mdk-data-line={85}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={85}
{} is not feasible; 
if the formula is satisfiable then %mdk-data-line={86}
{}\mdSpan[class={math-inline},elem={math-inline}]{$I$}%mdk-data-line={86}
{} is not empty and so path %mdk-data-line={86}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={86}
{} is feasible.
In this case, a model of %mdk-data-line={87}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\phi_p$}%mdk-data-line={87}
{} provides a witness %mdk-data-line={87}
{}\mdSpan[class={math-inline},elem={math-inline}]{$i \in I$}%mdk-data-line={87}
{}.  Thus, a model-generating ATP
can be used in conjunction with
symbolic execution to automatically generate tests to cover paths
in a program. Combined with a search strategy, one gets, in the limit,
an exhaustive white-box testing procedure, for which there are many
applications%mdk-data-line={92}
{}{\mdNbsp}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{cadars13}{}{\mdSpan[class={bibitem-label}]{2}}, \mdA[class={bibref,localref},target-element={bibitem}]{cadargpde06}{}{\mdSpan[class={bibitem-label}]{3}}, \mdA[class={bibref,localref},target-element={bibitem}]{godefroidlm12}{}{\mdSpan[class={bibitem-label}]{9}}]}%mdk-data-line={92}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={94}]%
%mdk-data-line={94}
{}The formula %mdk-data-line={94}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\phi_p$}%mdk-data-line={94}
{} is called a %mdk-data-line={94}
{}\mdEm{path-condition}%mdk-data-line={94}
{} of the path %mdk-data-line={94}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={94}
{}. 
We will see that a given path %mdk-data-line={95}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={95}
{} can induce many different path-conditions.
A path-condition %mdk-data-line={96}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\psi_p$}%mdk-data-line={96}
{} for path %mdk-data-line={96}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={96}
{} is %mdk-data-line={96}
{}\mdEm{sound}%mdk-data-line={96}
{} if 
every input assignment satisfying %mdk-data-line={97}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\psi_p$}%mdk-data-line={97}
{} defines an
execution of program %mdk-data-line={98}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={98}
{} that follows path %mdk-data-line={98}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={98}
{}{\mdNbsp}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{godefroid11}{}{\mdSpan[class={bibitem-label}]{7}}]}%mdk-data-line={98}
{}. 
By its definition, the formula  %mdk-data-line={99}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\phi_p$}%mdk-data-line={99}
{} is sound and the best representation of %mdk-data-line={99}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={99}
{}
(as for all sound path-conditions %mdk-data-line={100}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\psi_p$}%mdk-data-line={100}
{}, we have that %mdk-data-line={100}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\psi_p \implies \phi_p$}%mdk-data-line={100}
{}).
In practice, we attempt to compute sound under-approximations of %mdk-data-line={101}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\phi_p$}%mdk-data-line={101}
{} 
such as %mdk-data-line={102}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\psi_p$}%mdk-data-line={102}
{}. However, we also find it necessary (and useful) to 
compute unsound path-conditions.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={105}]%
%mdk-data-line={105}
{}A path-condition can be translated into the input
language of an ATP, such as%mdk-data-line={106}
{}{\mdNbsp}\mdA[data-linkid={z3}]{http://z3.codeplex.org/}{}{Z3}%mdk-data-line={106}
{}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{demourab08}{}{\mdSpan[class={bibitem-label}]{5}}]}%mdk-data-line={106}
{}, which provides an answer
of %mdk-data-line={107}
{}{\textquotedblleft}unsatisfiable{\textquotedblright}%mdk-data-line={107}
{}, %mdk-data-line={107}
{}{\textquotedblleft}satisfiable{\textquotedblright}%mdk-data-line={107}
{} or %mdk-data-line={107}
{}{\textquotedblleft}unknown{\textquotedblright}%mdk-data-line={107}
{}, due to theoretical or practical
limitations in automatically deciding satisfiability of various logics.
In the case that the ATP is able to prove %mdk-data-line={109}
{}{\textquotedblleft}satisfiable{\textquotedblright}%mdk-data-line={109}
{} we can query it for 
satisfying model in order to generate test inputs. A path-condition 
for %mdk-data-line={111}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={111}
{} can be thought of as function from a
program%mdk-data-line={112}
{}{'}%mdk-data-line={112}
{}s primary inputs to a Boolean output representing whether
or not %mdk-data-line={113}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={113}
{} is executed under a given input. Thus, we are asking
the ATP to invert a function when we ask it to decide
the satisfiability/unsatisfiability of a path-condition.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={117}]%
%mdk-data-line={117}
{}The static translation of a path %mdk-data-line={117}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={117}
{} through a program %mdk-data-line={117}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={117}
{} into 
the most precise path-condition %mdk-data-line={118}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\phi_p$}%mdk-data-line={118}
{} is not a simple task, as 
programming languages and their semantics are very complex.
Completely characterizing the set of inputs %mdk-data-line={120}
{}\mdSpan[class={math-inline},elem={math-inline}]{$I$}%mdk-data-line={120}
{} that follow
path %mdk-data-line={121}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={121}
{} means providing a symbolic interpretation of 
every operation in the language so that the
ATP can reason about it. For example, consider a method call in Python. 
Python%mdk-data-line={124}
{}{'}%mdk-data-line={124}
{}s algorithm for method resolution order (see%mdk-data-line={124}
{}{\mdNbsp}\mdA[data-linkid={mro}]{https://www.python.org/download/releases/2.3/mro/}{}{MRO}%mdk-data-line={124}
{})
depends on the inheritance hierarchy of the program, a directed, 
acyclic graph that can evolve during program execution. Symbolically
encoding Python%mdk-data-line={127}
{}{'}%mdk-data-line={127}
{}s method resolution order is possible but non-trivial.
There are other reasons it is hard or undesirable to symbolically 
execute various operations, as will be explained in detail later.%
\end{mdP}%
\mdHxxx[id=sec-dynamic-symbolic-execution,label={[1.1]\{.heading-label\}},toc={},data-line={131},caption={[[1.1]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Dynamic symbolic execution},bookmark={1.1.{\hspace{0.5em}}Dynamic symbolic execution}]{%mdk-data-line={131}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{1.1}.{\hspace{0.5em}}}%mdk-data-line={131}
{}Dynamic symbolic execution}\begin{mdP}[data-line={133}]%
%mdk-data-line={133}
{}\mdEm{Dynamic}%mdk-data-line={133}
{} symbolic execution (DSE) is a form of path-based
symbolic execution based on two insights. First, the approach 
starts by executing program %mdk-data-line={135}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={135}
{} on
some input %mdk-data-line={136}
{}\mdSpan[class={math-inline},elem={math-inline}]{$i$}%mdk-data-line={136}
{}, seeding the symbolic execution process
with a feasible path%mdk-data-line={137}
{}{\mdNbsp}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{gupta00}{}{\mdSpan[class={bibitem-label}]{10}}, \mdA[class={bibref,localref},target-element={bibitem}]{korel90}{}{\mdSpan[class={bibitem-label}]{12}}, \mdA[class={bibref,localref},target-element={bibitem}]{korel92}{}{\mdSpan[class={bibitem-label}]{13}}]}%mdk-data-line={137}
{}. 
Second,  DSE
uses concrete values from the execution %mdk-data-line={139}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P(i)$}%mdk-data-line={139}
{} in place of symbolic expressions 
whenever symbolic reasoning is not possible or desired%mdk-data-line={140}
{}{\mdNbsp}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{cadare05}{}{\mdSpan[class={bibitem-label}]{1}}, \mdA[class={bibref,localref},target-element={bibitem}]{godefroidks05}{}{\mdSpan[class={bibitem-label}]{8}}]}%mdk-data-line={140}
{}.
The major benefit of DSE is to
simplify the construction of a symbolic execution tool by
leveraging concrete execution behavior (given by
actually running the program).
As DSE combines both 
concrete and symbolic reasoning, it also has been called %mdk-data-line={146}
{}{\textquotedblleft}concolic{\textquotedblright}%mdk-data-line={146}
{} 
execution%mdk-data-line={147}
{}{\mdNbsp}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{senacav06}{}{\mdSpan[class={bibitem-label}]{14}}]}%mdk-data-line={147}
{}.%
\end{mdP}%
\begin{mdDiv}[class={figure,floating,align-center},id=fig-dse,label={[1]\{.figure-label\}},elem={figure},toc-line={[1]\{.figure-label\}. Pseudo-code for dynamic symbolic execution},toc={tof},float-env={figure},float-name={Figure},caption={Pseudo-code for dynamic symbolic execution},data-line={149}]%
\begin{mdPre}[class={para-block,pre-fenced,pre-fenced3,language-python,lang-python,python,highlighted},language={python},data-line={150},data-line-code={151}]%
\mdPrecode[data-line={151}]{{\preindent{2}}\mdToken{Identifier,Python}{i}{\prespace{1}}\mdToken{Keyword,Python}{=}{\prespace{1}}\mdToken{Identifier,Python}{an}{\prespace{1}}\mdToken{Identifier,Python}{input}{\prespace{1}}\mdToken{Identifier,Python}{to}{\prespace{1}}\mdToken{Identifier,Python}{program}{\prespace{1}}\mdToken{Constructor,Identifier,Python}{P}\prebr{}
{\preindent{2}}\mdToken{Keyword,Python}{while}{\prespace{1}}\mdToken{Identifier,Python}{defined}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{i}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{5}}\mdToken{Identifier,Python}{p}{\prespace{1}}\mdToken{Keyword,Python}{=}{\prespace{1}}\mdToken{Identifier,Python}{path}{\prespace{1}}\mdToken{Identifier,Python}{covered}{\prespace{1}}\mdToken{Identifier,Python}{by}{\prespace{1}}\mdToken{Identifier,Python}{execution}{\prespace{1}}\mdToken{Constructor,Identifier,Python}{P}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{i}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\prebr{}
{\preindent{5}}\mdToken{Identifier,Python}{cond}{\prespace{1}}\mdToken{Keyword,Python}{=}{\prespace{1}}\mdToken{Identifier,Python}{pathCondition}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{p}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\prebr{}
{\preindent{5}}\mdToken{Identifier,Python}{s}{\prespace{1}}\mdToken{Keyword,Python}{=}{\prespace{1}}\mdToken{Constructor,Identifier,Python}{ATP}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Namespace,Identifier,Python}{Not}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{cond}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\prebr{}
{\preindent{5}}\mdToken{Identifier,Python}{i}{\prespace{1}}\mdToken{Keyword,Python}{=}{\prespace{1}}\mdToken{Identifier,Python}{s}\mdToken{Delimiter,Python}{.}\mdToken{Identifier,Python}{model}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%
\end{mdPre}%
\mdHr[class={figureline,madoko},data-line={158}]{}\begin{mdDiv}[data-line={159}]%
%mdk-data-line={159}
{}\mdSpan[class={figure-caption}]{\mdSpan[class={caption-before}]{\mdStrong{Figure{\mdNbsp}\mdSpan[class={figure-label}]{1}.} }Pseudo-code for dynamic symbolic execution}%mdk-data-line={159}
{}%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[class={indent},data-line={160}]%
%mdk-data-line={160}
{}The pseudo-code of Figure%mdk-data-line={160}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-dse}{}{\mdSpan[class={figure-label}]{1}}%mdk-data-line={160}
{} shows the high level process
of DSE. The variable %mdk-data-line={161}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{i}}%mdk-data-line={161}
{} represents an input
to program %mdk-data-line={162}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Constructor,Identifier,Python}{P}}%mdk-data-line={162}
{}. Execution of program %mdk-data-line={162}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Constructor,Identifier,Python}{P}}%mdk-data-line={162}
{} on the input %mdk-data-line={162}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{i}}%mdk-data-line={162}
{}
traces  a path %mdk-data-line={163}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{p}}%mdk-data-line={163}
{}, from which
a logical formula %mdk-data-line={164}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{pathCondition}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{p}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={164}
{} is constructed.
Finally, the ATP is called with the negation of the path-condition
to find a new input (that hopefully will cover a new path).  This
pseudo-code elides a number of details that we will deal with later.%
\end{mdP}%
\begin{mdDiv}[class={figure,floating,align-center},id=fig-easy-dse,label={[2]\{.figure-label\}},elem={figure},toc-line={[2]\{.figure-label\}. Easy example: computing the maximum of four numbers in Python.},toc={tof},float-env={figure},float-name={Figure},caption={Easy example: computing the maximum of four numbers in Python.},data-line={169}]%
\begin{mdPre}[class={para-block,pre-fenced,pre-fenced3,language-python,lang-python,python,highlighted},language={python},data-line={170},data-line-code={171}]%
\mdPrecode[data-line={171}]{\mdToken{Keyword,Python}{def}{\prespace{1}}\mdToken{Identifier,Python}{max2}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{s}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{t}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{4}}\mdToken{Keyword,Python}{if}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{s}{\prespace{1}}\mdToken{Operator,Python}{{\textless}}{\prespace{1}}\mdToken{Identifier,Python}{t}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{8}}\mdToken{Keyword,Python}{return}{\prespace{1}}\mdToken{Identifier,Python}{t}\prebr{}
{\preindent{4}}\mdToken{Keyword,Python}{else}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{8}}\mdToken{Keyword,Python}{return}{\prespace{1}}\mdToken{Identifier,Python}{s}\prebr{}
\prebr{}
\mdToken{Keyword,Python}{def}{\prespace{1}}\mdToken{Identifier,Python}{max4}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{4}}\mdToken{Keyword,Python}{return}{\prespace{1}}\mdToken{Identifier,Python}{max2}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{max2}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{max2}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%
\end{mdPre}%
\mdHr[class={figureline,madoko},data-line={180}]{}\begin{mdDiv}[data-line={181}]%
%mdk-data-line={181}
{}\mdSpan[class={figure-caption}]{\mdSpan[class={caption-before}]{\mdStrong{Figure{\mdNbsp}\mdSpan[class={figure-label}]{2}.} }Easy example: computing the maximum of four numbers in Python.}%mdk-data-line={181}
{}%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[class={indent,para-continue},data-line={182}]%
%mdk-data-line={182}
{}Consider the  Python function %mdk-data-line={182}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{max4}}%mdk-data-line={182}
{} in Figure%mdk-data-line={182}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-easy-dse}{}{\mdSpan[class={figure-label}]{2}}%mdk-data-line={182}
{},
which computes the maximum of four numbers via three calls to
the function %mdk-data-line={184}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{max2}}%mdk-data-line={184}
{}. Suppose we execute %mdk-data-line={184}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{max4}}%mdk-data-line={184}
{} with values
of zero for all four arguments.  In this case, the 
execution path %mdk-data-line={186}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={186}
{} contains three comparisons (in the order %mdk-data-line={186}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}{\prespace{1}}\mdToken{Operator,Python}{{\textless}}{\prespace{1}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={186}
{}, 
%mdk-data-line={187}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}{\prespace{1}}\mdToken{Operator,Python}{{\textless}}{\prespace{1}}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={187}
{}, %mdk-data-line={187}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}{\prespace{1}}\mdToken{Operator,Python}{{\textless}}{\prespace{1}}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={187}
{}), all of which evaluate false.
Thus, the path-condition for path %mdk-data-line={188}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={188}
{} is %mdk-data-line={188}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Keyword,Python}{not}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Keyword,Python}{not}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Keyword,Python}{not}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}{\prespace{1}}\mdToken{Operator,Python}{{\textless}}{\prespace{1}}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={188}
{}.
Negating this condition yields %mdk-data-line={189}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{or}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{or}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={189}
{}.
Taking the execution ordering of the three comparisons into account, we
derive three expressions from the negated path-condition to generate
new inputs that will explore execution prefixes of path %mdk-data-line={192}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={192}
{} of increasing length:%
\end{mdP}%
\begin{mdUl}[class={ul,list-star,compact},elem={ul},data-line={194}]%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(1)]\{.ul-li-label\}},elem={li},data-line={194}]%
%mdk-data-line={194}
{}\mdEm{length 0}%mdk-data-line={194}
{}: %mdk-data-line={194}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={194}
{}%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(2)]\{.ul-li-label\}},elem={li},data-line={195}]%
%mdk-data-line={195}
{}\mdEm{length 1}%mdk-data-line={195}
{}: %mdk-data-line={195}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Keyword,Python}{not}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={195}
{}%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(3)]\{.ul-li-label\}},elem={li},data-line={196}]%
%mdk-data-line={196}
{}\mdEm{length 2}%mdk-data-line={196}
{}: %mdk-data-line={196}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Keyword,Python}{not}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Keyword,Python}{not}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={196}
{}%
\end{mdLi}%%
\end{mdUl}%
\begin{mdP}[class={para-continue},data-line={198}]%
%mdk-data-line={198}
{}The purpose of taking execution order into account should be clear, as the
comparison %mdk-data-line={199}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={199}
{} only executes in the case where %mdk-data-line={199}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Keyword,Python}{not}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Keyword,Python}{not}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={199}
{}
holds. Integer solutions to the above three systems of constraints are:%
\end{mdP}%
\begin{mdUl}[class={ul,list-star,compact},elem={ul},data-line={202}]%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(1)]\{.ul-li-label\}},elem={li},data-line={202}]%
%mdk-data-line={202}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{a}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{b}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{2}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{c}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{d}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}}%mdk-data-line={202}
{}%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(2)]\{.ul-li-label\}},elem={li},data-line={203}]%
%mdk-data-line={203}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{a}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{b}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{c}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{d}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{3}}%mdk-data-line={203}
{}%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(3)]\{.ul-li-label\}},elem={li},data-line={204}]%
%mdk-data-line={204}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{a}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{b}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{c}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{2}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{d}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}}%mdk-data-line={204}
{}%
\end{mdLi}%%
\end{mdUl}%
\begin{mdP}[data-line={206}]%
%mdk-data-line={206}
{}In the three cases above, we sought solutions that kept as many of
the variables as possible equal to the original input (in which 
all variables are equal to 0). Execution of the %mdk-data-line={208}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{max4}}%mdk-data-line={208}
{} function 
on the input corresponding to the first solution produces the path-condition
%mdk-data-line={210}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Keyword,Python}{not}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Keyword,Python}{not}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{b}{\prespace{1}}\mdToken{Operator,Python}{{\textless}}{\prespace{1}}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={210}
{}, from which we can produce more
inputs.   For this (loop-free function), there are a finite number
of path-conditions. We leave it as an exercise to the reader to 
enumerate them all.%
\end{mdP}%
\mdHxxx[id=sec-leveraging-concrete-values-in-dse,label={[1.2]\{.heading-label\}},toc={},data-line={215},caption={[[1.2]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Leveraging concrete values in DSE},bookmark={1.2.{\hspace{0.5em}}Leveraging concrete values in DSE}]{%mdk-data-line={215}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{1.2}.{\hspace{0.5em}}}%mdk-data-line={215}
{}Leveraging concrete values in DSE}\begin{mdP}[data-line={217}]%
%mdk-data-line={217}
{}We now consider several situations where we can make use of concrete
values in DSE. In the realm of (unbounded-precision) integer arithmetic 
(e.g., bignum integer arithmetic, as in Python 3.0 onwards),
it is easy  to come up with  tiny programs that will be %mdk-data-line={220}
{}\mdEm{very difficult}%mdk-data-line={220}
{},
if not %mdk-data-line={221}
{}\mdEm{impossible}%mdk-data-line={221}
{}, 
for any symbolic execution tool to deal with, such as the function %mdk-data-line={222}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{fermat3}}%mdk-data-line={222}
{}
in Figure%mdk-data-line={223}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-fermat3}{}{\mdSpan[class={figure-label}]{3}}%mdk-data-line={223}
{}.%mdk-data-line={223}
{} %mdk-data-line={223}
{}%
\end{mdP}%
\begin{mdDiv}[class={figure,floating,align-center},id=fig-fermat3,label={[3]\{.figure-label\}},elem={figure},toc-line={[3]\{.figure-label\}. Hard example for symbolic execution},toc={tof},float-env={figure},float-name={Figure},caption={Hard example for symbolic execution},data-line={226}]%
\begin{mdPre}[class={para-block,pre-fenced,pre-fenced3,language-python,lang-python,python,highlighted},language={python},data-line={227},data-line-code={228}]%
\mdPrecode[data-line={228}]{\mdToken{Keyword,Python}{def}{\prespace{1}}\mdToken{Identifier,Python}{fermat3}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{y}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{z}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{3}}\mdToken{Keyword,Python}{if}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}{\prespace{1}}\mdToken{Operator,Python}{{\textgreater}}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{y}{\prespace{1}}\mdToken{Operator,Python}{{\textgreater}}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{z}{\prespace{1}}\mdToken{Operator,Python}{{\textgreater}}{\prespace{1}}\mdToken{Number,Python}{0}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{6}}\mdToken{Keyword,Python}{if}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{x}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{x}{\prespace{1}}\mdToken{Operator,Python}{+}{\prespace{1}}\mdToken{Identifier,Python}{y}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{y}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{y}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{z}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{z}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{z}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{10}}\mdToken{Keyword,Python}{return}{\prespace{1}}\mdToken{String,Delim,Python,BracketOpen}{{"}}\mdToken{String,Python}{Fermat\prespace{1}and\prespace{1}Wiles\prespace{1}were\prespace{1}wrong!?!}\mdToken{String,Delim,Python,BracketClose}{{"}}\prebr{}
{\preindent{3}}\mdToken{Keyword,Python}{return}{\prespace{1}}\mdToken{Number,Python}{0}}%
\end{mdPre}%
\mdHr[class={figureline,madoko},data-line={234}]{}\begin{mdDiv}[data-line={235}]%
%mdk-data-line={235}
{}\mdSpan[class={figure-caption}]{\mdSpan[class={caption-before}]{\mdStrong{Figure{\mdNbsp}\mdSpan[class={figure-label}]{3}.} }Hard example for symbolic execution}%mdk-data-line={235}
{}%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[class={indent},data-line={237}]%
%mdk-data-line={237}
{}Fermat%mdk-data-line={237}
{}{'}%mdk-data-line={237}
{}s Last Theorem, proved
by Andrew Wiles in the late 20th century, states that no 
three positive integers %mdk-data-line={239}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x$}%mdk-data-line={239}
{}, %mdk-data-line={239}
{}\mdSpan[class={math-inline},elem={math-inline}]{$y$}%mdk-data-line={239}
{}, and %mdk-data-line={239}
{}\mdSpan[class={math-inline},elem={math-inline}]{$z$}%mdk-data-line={239}
{} can satisfy the equation
%mdk-data-line={240}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x^n + y^n = z^n$}%mdk-data-line={240}
{} for any integer value of %mdk-data-line={240}
{}\mdSpan[class={math-inline},elem={math-inline}]{$n$}%mdk-data-line={240}
{} greater than two.
The function %mdk-data-line={241}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{fermat3}}%mdk-data-line={241}
{} encodes this statement for %mdk-data-line={241}
{}\mdSpan[class={math-inline},elem={math-inline}]{$n=3$}%mdk-data-line={241}
{}.   It
is not reasonable to have a computer waste time trying to find
a solution that would cause %mdk-data-line={243}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{fermat3}}%mdk-data-line={243}
{} to print the string 
%mdk-data-line={244}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{String,Delim,Python,BracketOpen}{{"}}\mdToken{String,Python}{Fermat\prespace{1}and\prespace{1}Wiles\prespace{1}were\prespace{1}wrong!?!}\mdToken{String,Delim,Python,BracketClose}{{"}}}%mdk-data-line={244}
{}.  In cases of complex (non-linear)
arithmetic operations,
such as %mdk-data-line={246}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{x}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{x}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{x}}%mdk-data-line={246}
{}, we might choose to handle the operation concretely.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={248}]%
%mdk-data-line={248}
{}There are a number of ways to deal with the above issue: one is 
to recognize all non-linear terms in a symbolic expression and replace
them with their concrete counterparts during execution. For the %mdk-data-line={250}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{fermat3}}%mdk-data-line={250}
{} 
example, this would mean that during DSE the symbolic expression 
%mdk-data-line={252}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{x}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{x}{\prespace{1}}\mdToken{Operator,Python}{+}{\prespace{1}}\mdToken{Identifier,Python}{y}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{y}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{y}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{z}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{z}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{z}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={252}
{} would be reduced to the constant %mdk-data-line={252}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{False}}%mdk-data-line={252}
{}
by evaluation on the concrete values of variables %mdk-data-line={253}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{x}}%mdk-data-line={253}
{}, %mdk-data-line={253}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{y}}%mdk-data-line={253}
{} and %mdk-data-line={253}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{z}}%mdk-data-line={253}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={255}]%
%mdk-data-line={255}
{}Besides difficult operations (such as non-linear arithmetic),
other examples of code that we might treat
concretely instead of symbolically include
functions that are hard to invert, such as cryptographic hash functions,
or low-level functions that we do not wish to test (such as 
operating system functions).  Consider
the code in Figure%mdk-data-line={261}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-hash}{}{\mdSpan[class={figure-label}]{4}}%mdk-data-line={261}
{}, which applies the function
%mdk-data-line={262}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{unknown}}%mdk-data-line={262}
{} to argument %mdk-data-line={262}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{x}}%mdk-data-line={262}
{} and compares it to argument %mdk-data-line={262}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{y}}%mdk-data-line={262}
{}.
By using the name %mdk-data-line={263}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{unknown}}%mdk-data-line={263}
{} we simply mean to say that we 
wish to model this function as a black box, with no knowledge
of how it operates internally.%
\end{mdP}%
\begin{mdDiv}[class={figure,floating,align-center},id=fig-hash,label={[4]\{.figure-label\}},elem={figure},toc-line={[4]\{.figure-label\}. Another hard example for symbolic execution},toc={tof},float-env={figure},float-name={Figure},caption={Another hard example for symbolic execution},data-line={267}]%
\begin{mdPre}[class={para-block,pre-fenced,pre-fenced3,language-python,lang-python,python,highlighted},language={python},data-line={268},data-line-code={269}]%
\mdPrecode[data-line={269}]{\mdToken{Keyword,Python}{def}{\prespace{1}}\mdToken{Identifier,Python}{dart}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{y}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{2}}\mdToken{Keyword,Python}{if}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{unknown}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{y}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{5}}\mdToken{Keyword,Python}{return}{\prespace{1}}\mdToken{Number,Python}{1}\prebr{}
{\preindent{2}}\mdToken{Keyword,Python}{return}{\prespace{1}}\mdToken{Number,Python}{0}}%
\end{mdPre}%
\mdHr[class={figureline,madoko},data-line={274}]{}\begin{mdDiv}[data-line={275}]%
%mdk-data-line={275}
{}\mdSpan[class={figure-caption}]{\mdSpan[class={caption-before}]{\mdStrong{Figure{\mdNbsp}\mdSpan[class={figure-label}]{4}.} }Another hard example for symbolic execution}%mdk-data-line={275}
{}%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[class={indent},data-line={276}]%
%mdk-data-line={276}
{}In such a case, we can use DSE to execute the function %mdk-data-line={276}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{unknown}}%mdk-data-line={276}
{}
on a specific input (say %mdk-data-line={277}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Number,Python}{5013}}%mdk-data-line={277}
{}) and observe its output
(say %mdk-data-line={278}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Number,Python}{42}}%mdk-data-line={278}
{}). That is, rather than execute %mdk-data-line={278}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{unknown}}%mdk-data-line={278}
{} symbolically
and invoke an ATP to invert the function%mdk-data-line={279}
{}{'}%mdk-data-line={279}
{}s path-condition, we
simply treat the call to %mdk-data-line={280}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{unknown}}%mdk-data-line={280}
{} concretely, substituting
its return value (in this case %mdk-data-line={281}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Number,Python}{42}}%mdk-data-line={281}
{}) for the specialized expression 
%mdk-data-line={282}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{unknown}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Number,Python}{5013}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{y}}%mdk-data-line={282}
{} to get the predicate %mdk-data-line={282}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Number,Python}{42}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{y}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={282}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={284}]%
%mdk-data-line={284}
{}Adding the constraint %mdk-data-line={284}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{5013}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={284}
{} yields the sound but
rather specific path-condition 
%mdk-data-line={286}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{5013}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Number,Python}{42}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{y}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={286}
{}.
Note that the path-condition %mdk-data-line={287}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Number,Python}{42}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{y}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={287}
{} is not sound, as it admits
any value for the variable %mdk-data-line={288}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{x}}%mdk-data-line={288}
{}, which likely includes many values
for which %mdk-data-line={289}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{unknown}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{y}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={289}
{} is false.%
\end{mdP}%
\mdHxxx[id=sec-overview,label={[1.3]\{.heading-label\}},toc={},data-line={291},caption={[[1.3]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Overview},bookmark={1.3.{\hspace{0.5em}}Overview}]{%mdk-data-line={291}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{1.3}.{\hspace{0.5em}}}%mdk-data-line={291}
{}Overview}\begin{mdP}[class={para-continue},data-line={293}]%
%mdk-data-line={293}
{}This introduction elides many important 
issues that arise in implementing DSE for a real language, which we will 
focus on in the remainder of the paper. These include how to:%
\end{mdP}%
\begin{mdUl}[class={ul,list-star,compact},elem={ul},data-line={297}]%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(1)]\{.ul-li-label\}},elem={li},data-line={297}]%
%mdk-data-line={297}
{}Identify the code under test %mdk-data-line={297}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={297}
{} and the symbolic inputs to %mdk-data-line={297}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={297}
{};%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(2)]\{.ul-li-label\}},elem={li},data-line={298}]%
%mdk-data-line={298}
{}Trace the control flow path %mdk-data-line={298}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={298}
{} taken by execution %mdk-data-line={298}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P(i)$}%mdk-data-line={298}
{};%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(3)]\{.ul-li-label\}},elem={li},data-line={299}]%
%mdk-data-line={299}
{}Reinterpret program operations to compute symbolic expressions;%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(4)]\{.ul-li-label\}},elem={li},data-line={300}]%
%mdk-data-line={300}
{}Generate a path-condition from %mdk-data-line={300}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={300}
{} and the symbolic expressions;%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(5)]\{.ul-li-label\}},elem={li},data-line={301}]%
%mdk-data-line={301}
{}Generate a new input %mdk-data-line={301}
{}\mdSpan[class={math-inline},elem={math-inline}]{$i'$}%mdk-data-line={301}
{} by negating (part of) the path-condition, translating
the path-condition to the input language of an ATP, invoking the ATP, and
lifting a satisfying model (if any) back up to the source level;%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(6)]\{.ul-li-label\}},elem={li},data-line={304}]%
%mdk-data-line={304}
{}Guide the search to expose new paths.%
\end{mdLi}%%
\end{mdUl}%
\begin{mdP}[data-line={306}]%
%mdk-data-line={306}
{}The rest of this paper is organized as follows. Section%mdk-data-line={306}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-semantics}{}{\mdSpan[class={heading-label}]{2}}%mdk-data-line={306}
{} 
describes an instrumented typing discipline where we lift each type (representing 
a set of concrete values) to a symbolic type (representing
a set of pairs of concrete and symbolic values).
Section%mdk-data-line={310}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-sp2dse}{}{\mdSpan[class={heading-label}]{3}}%mdk-data-line={310}
{} shows how strongest postconditions defines a symbolic
semantics for a small programming language and how strongest postconditions
can be refined to model DSE.
Section%mdk-data-line={313}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-impl}{}{\mdSpan[class={heading-label}]{4}}%mdk-data-line={313}
{} describes an implementation of DSE for the Python language
in the Python language that follows the instrumented semantics pattern closely
(full implementation and tests available at%mdk-data-line={315}
{}{\mdNbsp}\mdA[data-linkid={pyexz3}]{https://github.com/thomasjball/PyExZ3/}{}{PyExZ3}%mdk-data-line={315}
{}, tagged %mdk-data-line={315}
{}{\textquotedblleft}v1.0{\textquotedblright}%mdk-data-line={315}
{}).
Section%mdk-data-line={316}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-int2z3}{}{\mdSpan[class={heading-label}]{5}}%mdk-data-line={316}
{} describes the symbolic encoding of Python integer 
operations using two decision procedures of Z3: linear arithmetic with
uninterpreted functions in place of non-linear operations;
fixed-width bit-vectors with precise encodings of most operations.
Section%mdk-data-line={320}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-extensions}{}{\mdSpan[class={heading-label}]{6}}%mdk-data-line={320}
{} offers a number of ideas for projects
to extend the capabilities of%mdk-data-line={321}
{}{\mdNbsp}\mdA[data-linkid={pyexz3}]{https://github.com/thomasjball/PyExZ3/}{}{PyExZ3}%mdk-data-line={321}
{}.%
\end{mdP}%
\mdHxx[id=sec-semantics,label={[2]\{.heading-label\}},toc={},data-line={323},caption={[[2]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Instrumented Types},bookmark={2.{\hspace{0.5em}}Instrumented Types}]{%mdk-data-line={323}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{2}.{\hspace{0.5em}}}%mdk-data-line={323}
{}Instrumented Types}\begin{mdP}[data-line={325}]%
%mdk-data-line={325}
{}We are given a universe of classes/types %mdk-data-line={325}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U$}%mdk-data-line={325}
{}; a type %mdk-data-line={325}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T \in U$}%mdk-data-line={325}
{} carries
along a  set of operations that apply to values of type %mdk-data-line={326}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={326}
{},
where an operation %mdk-data-line={327}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T$}%mdk-data-line={327}
{}  takes an argument list of typed 
values as input (the first being of type %mdk-data-line={328}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={328}
{}) and produces a single 
typed value as output. Nullary (static) operations of type %mdk-data-line={329}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={329}
{} can be 
used to create values of type %mdk-data-line={330}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={330}
{} (such as constants, objects, etc.)%
\end{mdP}%
\begin{mdP}[class={indent,para-continue},data-line={332}]%
%mdk-data-line={332}
{}A program %mdk-data-line={332}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={332}
{} has typed input variables
%mdk-data-line={333}
{}\mdSpan[class={math-inline},elem={math-inline}]{$v_1 : T_1 \ldots v_k : T_k$}%mdk-data-line={333}
{} and a body from the language of statements %mdk-data-line={333}
{}\mdSpan[class={math-inline},elem={math-inline}]{$S$}%mdk-data-line={333}
{}:%
\end{mdP}%
\begin{mdDiv}[class={mathpre,para-block,input-mathpre},elem={mathpre},data-line={335}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={336}
\begin{mdMathprearray}%mdk
\mathid{S}\mdMathspace{1}\rightarrow   &\mdMathspace{1}\mathid{v}\mdMathspace{1}:=\mdMathspace{1}\mathid{E}\mdMathbr{}
\mdMathindent{3}|\mdMathspace{1}&\mdMathspace{1}\mathkw{skip}\mdMathspace{1}\mdMathbr{}
\mdMathindent{3}|\mdMathspace{1}&\mdMathspace{1}\mathid{S}_1\mdMathspace{1};\mdMathspace{1}\mathid{S}_2\mdMathspace{1}\mdMathbr{}
\mdMathindent{3}|\mdMathspace{1}&\mdMathspace{1}\mathkw{if}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{S}_1\mdMathspace{1}\mathkw{else}\mdMathspace{1}\mathid{S}_2\mdMathspace{1}\mathkw{end}\mdMathbr{}
\mdMathindent{3}|\mdMathspace{1}&\mdMathspace{1}\mathkw{while}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{do}\mdMathspace{1}\mathid{S}\mdMathspace{1}\mathkw{end}
\end{mdMathprearray}%mdk
\]%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[data-line={343}]%
%mdk-data-line={343}
{}The language of expressions (%mdk-data-line={343}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={343}
{}) is defined by the application of operations
to values, where constants (nullary operations) and 
program variables form the leaves 
of the expression tree and non-nullary operators 
form the interior nodes of the tree.
For now, we will consider all values to be immutable.
That is, the only source of mutation in the language is the 
assignment statement.%
\end{mdP}%
\begin{mdP}[class={indent,para-continue},data-line={352}]%
%mdk-data-line={352}
{}To introduce symbolic execution into the picture,
we can imagine that a type %mdk-data-line={353}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T \in U$}%mdk-data-line={353}
{} has
(one or more) counterparts in a symbolic universe %mdk-data-line={354}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={354}
{}. A type %mdk-data-line={354}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T' \in U'$}%mdk-data-line={354}
{}
is a subtype of %mdk-data-line={355}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T \in U$}%mdk-data-line={355}
{} with two purposes:%
\end{mdP}%
\begin{mdUl}[class={ul,list-star,loose},elem={ul},data-line={357}]%
\begin{mdLi}[class={li,ul-li,list-star-li,loose-li},label={[(1)]\{.ul-li-label\}},elem={li},data-line={357}]%
\begin{mdP}[data-line={357}]%
%mdk-data-line={357}
{}First, a value of type %mdk-data-line={357}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'$}%mdk-data-line={357}
{} represents a pair of values: 
a concrete value %mdk-data-line={358}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={358}
{} of (super)type %mdk-data-line={358}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={358}
{} and a symbolic expression %mdk-data-line={358}
{}\mdSpan[class={math-inline},elem={math-inline}]{$e$}%mdk-data-line={358}
{}. 
A symbolic expression is a tree
whose leaves are either nullary operators (i.e., constants) of a type in %mdk-data-line={360}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U$}%mdk-data-line={360}
{}
or are Skolem constants representing the (symbolic) inputs (%mdk-data-line={361}
{}\mdSpan[class={math-inline},elem={math-inline}]{$v_1 \ldots v_k$}%mdk-data-line={361}
{})
to the program %mdk-data-line={362}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={362}
{}, and whose interior nodes represent operations 
from types in %mdk-data-line={363}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U$}%mdk-data-line={363}
{}. We refer to Skolem constants as %mdk-data-line={363}
{}{\textquotedblleft}symbolic constants{\textquotedblright}%mdk-data-line={363}
{}
from this point on. Note that symbolic expressions do not contain
references to program variables.%
\end{mdP}%%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,loose-li},label={[(2)]\{.ul-li-label\}},elem={li},data-line={367}]%
\begin{mdP}[data-line={367}]%
%mdk-data-line={367}
{}Second, the type %mdk-data-line={367}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'$}%mdk-data-line={367}
{} redefines some of the operations %mdk-data-line={367}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T$}%mdk-data-line={367}
{},
namely those for which we wish to compute symbolic expressions.
An operation %mdk-data-line={369}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T'$}%mdk-data-line={369}
{} has the same parameter list as %mdk-data-line={369}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T$}%mdk-data-line={369}
{}, allowing it
to take inputs with types from both %mdk-data-line={370}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U$}%mdk-data-line={370}
{} and %mdk-data-line={370}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={370}
{}. The return type
of %mdk-data-line={371}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T'$}%mdk-data-line={371}
{} generally is from %mdk-data-line={371}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={371}
{} (though it can be from %mdk-data-line={371}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U$}%mdk-data-line={371}
{}). 
Thus, %mdk-data-line={372}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T'$}%mdk-data-line={372}
{} is a proper function subtype of %mdk-data-line={372}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T$}%mdk-data-line={372}
{}. 
The purpose of %mdk-data-line={373}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T'$}%mdk-data-line={373}
{} is to:
(1) perform operation %mdk-data-line={374}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T$}%mdk-data-line={374}
{} on the concrete 
values associated with its inputs; 
(2) build a symbolic expression tree rooted at operation %mdk-data-line={376}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o$}%mdk-data-line={376}
{} 
whose children are the trees associated with the inputs to %mdk-data-line={377}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o$}%mdk-data-line={377}
{}.%
\end{mdP}%%
\end{mdLi}%%
\end{mdUl}%
\begin{mdP}[data-line={379}]%
%mdk-data-line={379}
{}Figure%mdk-data-line={379}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-subtype}{}{\mdSpan[class={figure-label}]{5}}%mdk-data-line={379}
{} presents pseudo code for the instrumentation
of a type %mdk-data-line={380}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={380}
{} via a type %mdk-data-line={380}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'$}%mdk-data-line={380}
{}.
The class %mdk-data-line={381}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdToken{Type,Identifier,Cpp}{Symbolic}}%mdk-data-line={381}
{} is used to hold an expression tree (%mdk-data-line={381}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdToken{Type,Identifier,Cpp}{Expr}}%mdk-data-line={381}
{}).
Given a class %mdk-data-line={382}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T \in U$}%mdk-data-line={382}
{}, a symbolic type %mdk-data-line={382}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T' \in U'$}%mdk-data-line={382}
{} is defined by inheriting 
from both %mdk-data-line={383}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={383}
{} and %mdk-data-line={383}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdToken{Type,Identifier,Cpp}{Symbolic}}%mdk-data-line={383}
{}. This ensures that a %mdk-data-line={383}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'$}%mdk-data-line={383}
{} can be used
wherever a %mdk-data-line={384}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={384}
{} is expected.%
\end{mdP}%
\begin{mdDiv}[class={figure,floating,align-center},id=fig-subtype,label={[5]\{.figure-label\}},elem={figure},toc-line={[5]\{.figure-label\}. Type instrumentation to carry both concrete values and symbolic expressions.},toc={tof},float-env={figure},float-name={Figure},caption={Type instrumentation to carry both concrete values and symbolic expressions.},data-line={386}]%
\begin{mdPre}[class={para-block,pre-fenced,pre-fenced3,language-cpp2,lang-cpp2,cpp2,highlighted},data-line={387},data-line-code={388},language={cpp2}]%
\mdPrecode[data-line={388}]{{\preindent{2}}\mdToken{Keyword,Cpp}{class}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T'$}}}{\prespace{1}}\mdToken{Operator,Cpp}{:}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T$}}}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{Symbolic}{\prespace{1}}\mdToken{Delimiter,Curly,Cpp,BracketOpen}{\{}\prebr{}
{\preindent{4}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T'$}}}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{c}\mdToken{Operator,Cpp}{:}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T$}}}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Identifier,Cpp}{e}\mdToken{Operator,Cpp}{:}\mdToken{Type,Identifier,Cpp}{Expr}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}{\prespace{1}}\mdToken{Operator,Cpp}{:}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T$}}}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{c}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Source,Cpp}{S}\mdToken{Identifier,Cpp}{ymbolic}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{e}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}{\prespace{1}}\mdToken{Delimiter,Curly,Cpp,BracketOpen}{\{}\mdToken{Delimiter,Curly,Cpp,BracketClose}{\}}\prebr{}
\prebr{}
{\preindent{4}}\mdToken{Keyword,Extra,Cpp}{override}{\prespace{1}}\mdToken{Identifier,Cpp}{o}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Keyword,Cpp}{this}\mdToken{Operator,Cpp}{:}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T$}}}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Identifier,Cpp}{f1}\mdToken{Operator,Cpp}{:}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T_1$}}}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}{\prespace{1}}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Identifier,Cpp}{fk}\mdToken{Operator,Cpp}{:}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T_k$}}}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}{\prespace{1}}\mdToken{Operator,Cpp}{:}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$R'$}}}{\prespace{1}}\mdToken{Delimiter,Curly,Cpp,BracketOpen}{\{}\prebr{}
{\preindent{6}}\mdToken{Keyword,Extra,Cpp}{var}{\prespace{1}}\mdToken{Identifier,Cpp}{c}{\prespace{1}}:={\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T$}}}\mdToken{Delimiter,Cpp}{.}\mdToken{Identifier,Cpp}{o}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Keyword,Cpp}{this}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Identifier,Cpp}{f1}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}{\prespace{1}}\mdToken{Delimiter,Cpp}{,}\mdToken{Identifier,Cpp}{fk}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}\prebr{}
{\preindent{6}}\mdToken{Keyword,Extra,Cpp}{var}{\prespace{1}}\mdToken{Identifier,Cpp}{e}{\prespace{1}}:={\prespace{1}}\mdToken{Keyword,Cpp}{new}{\prespace{1}}\mdToken{Source,Cpp}{E}\mdToken{Identifier,Cpp}{xpr}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T$}}}\mdToken{Delimiter,Cpp}{.}\mdToken{Identifier,Cpp}{o}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Identifier,Cpp}{expr}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{self}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Identifier,Cpp}{expr}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{f1}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Identifier,Cpp}{expr}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{fk}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}\prebr{}
{\preindent{6}}\mdToken{Keyword,Cpp}{return}{\prespace{1}}\mdToken{Keyword,Cpp}{new}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$R'$}}}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{c}\mdToken{Delimiter,Cpp}{,}\mdToken{Identifier,Cpp}{e}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}{\prespace{1}}\prebr{}
{\preindent{4}}\mdToken{Delimiter,Curly,Cpp,BracketClose}{\}}\prebr{}
{\preindent{4}}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}\prebr{}
{\preindent{2}}\mdToken{Delimiter,Curly,Cpp,BracketClose}{\}}\prebr{}
{\preindent{2}}\prebr{}
{\preindent{2}}\mdToken{Keyword,Cpp}{class}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$R'$}}}{\prespace{1}}\mdToken{Operator,Cpp}{:}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$R$}}}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{Symbolic}{\prespace{1}}\mdToken{Delimiter,Curly,Cpp,BracketOpen}{\{}{\prespace{1}}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}{\prespace{1}}\mdToken{Delimiter,Curly,Cpp,BracketClose}{\}}\prebr{}
{\preindent{2}}\prebr{}
{\preindent{2}}\mdToken{Keyword,Extra,Cpp}{function}{\prespace{1}}\mdToken{Identifier,Cpp}{expr}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{v}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}{\prespace{1}}\mdToken{Operator,Cpp}{=}{\prespace{1}}\mdToken{Identifier,Cpp}{v}{\prespace{1}}\mdToken{Keyword,Extra,Cpp}{instanceof}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{Symbolic}{\prespace{1}}\mdToken{Operator,Cpp}{?}{\prespace{1}}\mdToken{Identifier,Cpp}{v}\mdToken{Delimiter,Cpp}{.}\mdToken{Identifier,Cpp}{getExpr}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}{\prespace{1}}\mdToken{Operator,Cpp}{:}{\prespace{1}}\mdToken{Identifier,Cpp}{v}}%
\end{mdPre}%
\mdHr[class={figureline,madoko},data-line={403}]{}\begin{mdDiv}[data-line={404}]%
%mdk-data-line={404}
{}\mdSpan[class={figure-caption}]{\mdSpan[class={caption-before}]{\mdStrong{Figure{\mdNbsp}\mdSpan[class={figure-label}]{5}.} }Type instrumentation to carry both concrete values and symbolic expressions.}%mdk-data-line={404}
{}%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[class={indent,para-continue},data-line={405}]%
%mdk-data-line={405}
{}A type such as %mdk-data-line={405}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'$}%mdk-data-line={405}
{}  only can be constructed by providing a concrete value %mdk-data-line={405}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={405}
{} of 
type %mdk-data-line={406}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={406}
{} and a symbolic expression %mdk-data-line={406}
{}\mdSpan[class={math-inline},elem={math-inline}]{$e$}%mdk-data-line={406}
{} to the constructor for %mdk-data-line={406}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'$}%mdk-data-line={406}
{}.
This will be done in exactly two places:%
\end{mdP}%
\begin{mdUl}[class={ul,list-star,loose},elem={ul},data-line={409}]%
\begin{mdLi}[class={li,ul-li,list-star-li,loose-li},label={[(1)]\{.ul-li-label\}},elem={li},data-line={409}]%
\begin{mdP}[data-line={409}]%
%mdk-data-line={409}
{}by the creation of symbolic constants associated with the primary
inputs (%mdk-data-line={410}
{}\mdSpan[class={math-inline},elem={math-inline}]{$v_1 \ldots v_k$}%mdk-data-line={410}
{}) to the program;%
\end{mdP}%%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,loose-li},label={[(2)]\{.ul-li-label\}},elem={li},data-line={412}]%
\begin{mdP}[data-line={412}]%
%mdk-data-line={412}
{}by the instrumented operations as shown  in Figure%mdk-data-line={412}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-subtype}{}{\mdSpan[class={figure-label}]{5}}%mdk-data-line={412}
{}.%
\end{mdP}%%
\end{mdLi}%%
\end{mdUl}%
\begin{mdP}[data-line={414}]%
%mdk-data-line={414}
{}An instrumented operation %mdk-data-line={414}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o$}%mdk-data-line={414}
{} on arguments (%mdk-data-line={414}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdToken{Keyword,Cpp}{this}}%mdk-data-line={414}
{}, %mdk-data-line={414}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{f1}}%mdk-data-line={414}
{}, %mdk-data-line={414}
{}{\dots}%mdk-data-line={414}
{}, %mdk-data-line={414}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{fk}}%mdk-data-line={414}
{})
first invokes its corresponding underlying
operator %mdk-data-line={416}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T.o$}%mdk-data-line={416}
{} on arguments (%mdk-data-line={416}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdToken{Keyword,Cpp}{this}}%mdk-data-line={416}
{}, %mdk-data-line={416}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{f1}}%mdk-data-line={416}
{}, %mdk-data-line={416}
{}{\dots}%mdk-data-line={416}
{}, %mdk-data-line={416}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{fk}}%mdk-data-line={416}
{}) to get concrete value %mdk-data-line={416}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{c}}%mdk-data-line={416}
{}.
It then constructs a new expression tree %mdk-data-line={417}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{e}}%mdk-data-line={417}
{}
rooted at operator %mdk-data-line={418}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T.o$}%mdk-data-line={418}
{}, whose children are the result of
mapping the function %mdk-data-line={419}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{expr}}%mdk-data-line={419}
{} over (%mdk-data-line={419}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdToken{Keyword,Cpp}{this}}%mdk-data-line={419}
{}, %mdk-data-line={419}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{f1}}%mdk-data-line={419}
{}, %mdk-data-line={419}
{}{\dots}%mdk-data-line={419}
{}, %mdk-data-line={419}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{fk}}%mdk-data-line={419}
{}). 
The helper function %mdk-data-line={420}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{expr}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{v}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={420}
{}
evaluates to an expression tree in the case that %mdk-data-line={421}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{v}}%mdk-data-line={421}
{} is of %mdk-data-line={421}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdToken{Type,Identifier,Cpp}{Symbolic}}%mdk-data-line={421}
{} type
(representing a type in %mdk-data-line={422}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={422}
{}) and evaluates to %mdk-data-line={422}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{v}}%mdk-data-line={422}
{} itself, a concrete value
of some type in %mdk-data-line={423}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U$}%mdk-data-line={423}
{}, otherwise.
Finally, having computed the values %mdk-data-line={424}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{c}}%mdk-data-line={424}
{} and %mdk-data-line={424}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{e}}%mdk-data-line={424}
{}, the instrumented operator 
returns %mdk-data-line={425}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$R'$}}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{c}\mdToken{Delimiter,Cpp}{,}\mdToken{Identifier,Cpp}{e}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}}%mdk-data-line={425}
{}, where %mdk-data-line={425}
{}\mdSpan[class={math-inline},elem={math-inline}]{$R$}%mdk-data-line={425}
{} is the return type of operator %mdk-data-line={425}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T.o$}%mdk-data-line={425}
{},
and %mdk-data-line={426}
{}\mdSpan[class={math-inline},elem={math-inline}]{$R'$}%mdk-data-line={426}
{} is a subtype of %mdk-data-line={426}
{}\mdSpan[class={math-inline},elem={math-inline}]{$R$}%mdk-data-line={426}
{} from universe %mdk-data-line={426}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={426}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={428}]%
%mdk-data-line={428}
{}Looked at another way, the universe %mdk-data-line={428}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={428}
{} represents the %mdk-data-line={428}
{}{\textquotedblleft}tainting{\textquotedblright}%mdk-data-line={428}
{} of
types from %mdk-data-line={429}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U$}%mdk-data-line={429}
{}. Tainted values flow from program inputs to the 
operands of operators. If an operator has been redefined
(as above) then the taint propagates from its inputs to its outputs.
On the other hand, if the operator has not been redefined, then it will
not propagate the taint. In the context of DSE, %mdk-data-line={433}
{}{\textquotedblleft}taint{\textquotedblright}%mdk-data-line={433}
{} means
that the instrumented semantics carries along a symbolic expression tree %mdk-data-line={434}
{}\mdSpan[class={math-inline},elem={math-inline}]{$e$}%mdk-data-line={434}
{}
along with a concrete value %mdk-data-line={435}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={435}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={437}]%
%mdk-data-line={437}
{}The choice of types from the universe %mdk-data-line={437}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={437}
{} determines how symbolic
expressions are constructed. For each %mdk-data-line={438}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T \in U$}%mdk-data-line={438}
{}, the %mdk-data-line={438}
{}{\textquotedblleft}most symbolic{\textquotedblright}%mdk-data-line={438}
{}
(least concrete) choice is the %mdk-data-line={439}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'$}%mdk-data-line={439}
{} that redefines every operator of %mdk-data-line={439}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={439}
{}
(as shown in Figure%mdk-data-line={440}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-subtype}{}{\mdSpan[class={figure-label}]{5}}%mdk-data-line={440}
{}).
The %mdk-data-line={441}
{}{\textquotedblleft}least symbolic{\textquotedblright}%mdk-data-line={441}
{} (most concrete) choice is %mdk-data-line={441}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T' = T$}%mdk-data-line={441}
{} which
redefines no operators.  Let %mdk-data-line={442}
{}\mdSpan[class={math-inline},elem={math-inline}]{$symbolic(T)$}%mdk-data-line={442}
{} be the
set of types in %mdk-data-line={443}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={443}
{} that are subtypes of %mdk-data-line={443}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={443}
{}. The types
in %mdk-data-line={444}
{}\mdSpan[class={math-inline},elem={math-inline}]{$symbolic(T)$}%mdk-data-line={444}
{} are partially ordered by subset inclusion on the 
set of operators from %mdk-data-line={445}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={445}
{} they redefine.%
\end{mdP}%

\mdHxx[id=sec-sp2dse,label={[3]\{.heading-label\}},toc={},data-line={449},caption={[[3]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}From Strongest Postconditions to DSE},bookmark={3.{\hspace{0.5em}}From Strongest Postconditions to DSE}]{%mdk-data-line={449}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{3}.{\hspace{0.5em}}}%mdk-data-line={449}
{}From Strongest Postconditions to DSE}\begin{mdP}[data-line={451}]%
%mdk-data-line={451}
{}The previous section showed how symbolic expressions can be computed via a
set of instrumented types, where the expressions are computed as a side-effect 
of the execution of program operations.
This section shows how these symbolic expressions can be used to form a 
%mdk-data-line={455}
{}\mdEm{path-condition}%mdk-data-line={455}
{} (which then can be compiled into a logic formula and 
passed to an automated theorem prover to find new inputs to drive a 
program%mdk-data-line={457}
{}{'}%mdk-data-line={457}
{}s execution along new paths). We derive a %mdk-data-line={457}
{}\mdEm{path-condition}%mdk-data-line={457}
{}
directly from the %mdk-data-line={458}
{}\mdEm{strongest postcondition}%mdk-data-line={458}
{} (symbolic) semantics of our
programming language, refining it to model the basic operations
of an interpreter.%
\end{mdP}%
\mdHxxx[id=sec-strongest-postconditions,label={[3.1]\{.heading-label\}},toc={},data-line={462},caption={[[3.1]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Strongest Postconditions},bookmark={3.1.{\hspace{0.5em}}Strongest Postconditions}]{%mdk-data-line={462}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{3.1}.{\hspace{0.5em}}}%mdk-data-line={462}
{}Strongest Postconditions}\begin{mdP}[class={para-continue},data-line={464}]%
%mdk-data-line={464}
{}The strongest postcondition transformer %mdk-data-line={464}
{}\mdSpan[class={math-inline},elem={math-inline}]{$SP$}%mdk-data-line={464}
{}{\mdNbsp}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{dijkstra76}{}{\mdSpan[class={bibitem-label}]{6}}]}%mdk-data-line={464}
{} is defined over
a predicate %mdk-data-line={465}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={465}
{} representing a set of 
pre-states and a statement %mdk-data-line={466}
{}\mdSpan[class={math-inline},elem={math-inline}]{$S$}%mdk-data-line={466}
{} from our language. The transformer %mdk-data-line={466}
{}\mdSpan[class={math-inline},elem={math-inline}]{$SP(P,S)$}%mdk-data-line={466}
{}
yields a predicate %mdk-data-line={467}
{}\mdSpan[class={math-inline},elem={math-inline}]{$Q$}%mdk-data-line={467}
{} such that for any state %mdk-data-line={467}
{}\mdSpan[class={math-inline},elem={math-inline}]{$s$}%mdk-data-line={467}
{} satisfying
predicate %mdk-data-line={468}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={468}
{}, the execution of statement %mdk-data-line={468}
{}\mdSpan[class={math-inline},elem={math-inline}]{$S$}%mdk-data-line={468}
{} from state %mdk-data-line={468}
{}\mdSpan[class={math-inline},elem={math-inline}]{$s$}%mdk-data-line={468}
{},
if it does not go wrong or diverge, yields a state %mdk-data-line={469}
{}\mdSpan[class={math-inline},elem={math-inline}]{$s'$}%mdk-data-line={469}
{} satisfying predicate %mdk-data-line={469}
{}\mdSpan[class={math-inline},elem={math-inline}]{$Q$}%mdk-data-line={469}
{}. 
The strongest postcondition for the statements in our language
is defined by the following five rules:%
\end{mdP}%
\begin{mdDiv}[class={mathpre,para-block,input-mathpre},elem={mathpre},data-line={473}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={474}
\begin{mdMathprearray}%mdk
1.\mdMathspace{2}&\mdMathspace{1}\mathid{SP}(\mathid{P},\mdMathspace{1}\mathid{x}\mdMathspace{1}:=\mdMathspace{1}\mathid{E})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{1}\exists \mathid{y}\mdMathspace{1}.\mdMathspace{1}(\mathid{x}\mdMathspace{1}=\mdMathspace{1}\mathid{E}\mdMathspace{1}[\mdMathspace{1}\mathid{x}\mdMathspace{1}\rightarrow \mathid{y}\mdMathspace{1}])\mdMathspace{1}\wedge \mathid{P}\mdMathspace{1}[\mdMathspace{1}\mathid{x}\mdMathspace{1}\rightarrow \mathid{y}\mdMathspace{1}]\mdMathbr{}
2.\mdMathspace{2}&\mdMathspace{1}\mathid{SP}(\mathid{P},\mdMathspace{1}\mathkw{skip})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{1}\mathid{P}\mdMathbr{}
3.\mdMathspace{2}&\mdMathspace{1}\mathid{SP}(\mathid{P},\mathid{S}_{1};\mathid{S}_{2})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{1}\mathid{SP}(\mathid{SP}(\mathid{P},\mathid{S}_{1}),\mdMathspace{1}\mathid{S}_{2})\mdMathbr{}
4.\mdMathspace{2}&\mdMathspace{1}\mathid{SP}(\mathid{P},\mathkw{if}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{S}_1\mdMathspace{1}\mathkw{else}\mdMathspace{1}\mathid{S}_2\mdMathspace{1}\mathkw{end})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathbr{}
\mdMathindent{4}&\mdMathspace{7}\mathid{SP}(\mathid{P}\wedge \mathid{E},\mathid{S}_1)\mdMathspace{1}\vee  \mathid{SP}(\mathid{P}\mdMathspace{1}\wedge \neg \mathid{E},\mathid{S}_2)\mdMathbr{}
5.\mdMathspace{2}&\mdMathspace{1}\mathid{SP}(\mathid{P},\mathkw{while}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{do}\mdMathspace{1}\mathid{S}\mdMathspace{1}\mathkw{end})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathbr{}
\mdMathindent{4}&\mdMathspace{6}\mathid{SP}(\mathid{P},\mathkw{if}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{S};\mdMathspace{1}\mathkw{while}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{do}\mdMathspace{1}\mathid{S}\mdMathspace{1}\mathkw{end}\mdMathspace{1}\mathkw{else}\mdMathspace{1}\mathkw{skip}\mdMathspace{1}\mathkw{end})
\end{mdMathprearray}%mdk
\]%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[data-line={483}]%
%mdk-data-line={483}
{}Rule (1) defines the strongest postcondition for 
the assignment statement. The assignment is modeled
logically by the equality %mdk-data-line={485}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x = E$}%mdk-data-line={485}
{} where any free occurrence of %mdk-data-line={485}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x$}%mdk-data-line={485}
{} in %mdk-data-line={485}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={485}
{}
is replaced by the existentially quantified variable %mdk-data-line={486}
{}\mdSpan[class={math-inline},elem={math-inline}]{$y$}%mdk-data-line={486}
{}, which represents
the value of %mdk-data-line={487}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x$}%mdk-data-line={487}
{} in the pre-state. The same substitution (%mdk-data-line={487}
{}\mdSpan[class={math-inline},elem={math-inline}]{$[x \rightarrow y ]$}%mdk-data-line={487}
{})
is applied to the pre-state predicate %mdk-data-line={488}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={488}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={490}]%
%mdk-data-line={490}
{}Rules (2)-(5) define the strongest postcondition for the four control-flow
statements. The rules for the %mdk-data-line={491}
{}\mdStrong{skip}%mdk-data-line={491}
{} statement and sequencing (;) are
straightforward. 
Of particular interest, note that the rule for the %mdk-data-line={493}
{}\mdStrong{if-then-else}%mdk-data-line={493}
{} 
statement splits cases on the expression %mdk-data-line={494}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={494}
{}. 
It is here that DSE will choose one of the cases for us, as the concrete
execution will evaluate %mdk-data-line={496}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={496}
{} either to be true or false. This gives rise
to the path-condition (either %mdk-data-line={497}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P \wedge E$}%mdk-data-line={497}
{} or %mdk-data-line={497}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P \wedge \neg E$}%mdk-data-line={497}
{}). The
recursive rule for the %mdk-data-line={498}
{}\mdStrong{while}%mdk-data-line={498}
{} loop unfolds as many times as the
expression %mdk-data-line={499}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={499}
{} evaluates true, adding to the path-condition.%
\end{mdP}%
\mdHxxx[id=sp-refined,label={[3.2]\{.heading-label\}},toc={},data-line={501},caption={[[3.2]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}From \$SP\$ to DSE},bookmark={3.2.{\hspace{0.5em}}From \$SP\$ to DSE}]{%mdk-data-line={501}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{3.2}.{\hspace{0.5em}}}%mdk-data-line={501}
{}From %mdk-data-line={501}
{}\mdSpan[class={math-inline},elem={math-inline}]{$SP$}%mdk-data-line={501}
{} to DSE}\begin{mdP}[data-line={503}]%
%mdk-data-line={503}
{}Assume that an execution begins with the assignment of initial values %mdk-data-line={503}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c_1 \ldots c_k$}%mdk-data-line={503}
{} to the program %mdk-data-line={503}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={503}
{}{'}%mdk-data-line={503}
{}s inputs
%mdk-data-line={504}
{}\mdSpan[class={math-inline},elem={math-inline}]{$V = \{ v_1 : T_1 \ldots v_k : T_k \}$}%mdk-data-line={504}
{}.  To seed symbolic execution, some of the types %mdk-data-line={504}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T_i$}%mdk-data-line={504}
{} are
replaced by symbolic counterparts %mdk-data-line={505}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'_i$}%mdk-data-line={505}
{}, in which case
%mdk-data-line={506}
{}\mdSpan[class={math-inline},elem={math-inline}]{$v_i$}%mdk-data-line={506}
{} is initialized to the value %mdk-data-line={506}
{}\mdSpan[class={math-inline},elem={math-inline}]{$sc_i = T'_i (c_i,SC(v_i))$}%mdk-data-line={506}
{} instead of the value %mdk-data-line={506}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c_i$}%mdk-data-line={506}
{},
where %mdk-data-line={507}
{}\mdSpan[class={math-inline},elem={math-inline}]{$SC(v_i)$}%mdk-data-line={507}
{} is the symbolic constant representing the initial value of variable %mdk-data-line={507}
{}\mdSpan[class={math-inline},elem={math-inline}]{$v_i$}%mdk-data-line={507}
{}.
The symbolic constant %mdk-data-line={508}
{}\mdSpan[class={math-inline},elem={math-inline}]{$SC(v_i)$}%mdk-data-line={508}
{} can be thought of as representing any value of
type %mdk-data-line={509}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T_i$}%mdk-data-line={509}
{}, which includes the value %mdk-data-line={509}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c_i$}%mdk-data-line={509}
{}.%mdk-data-line={509}
{} %mdk-data-line={509}
{}%
\end{mdP}%
\begin{mdP}[class={indent,para-continue},data-line={511}]%
%mdk-data-line={511}
{}Let %mdk-data-line={511}
{}\mdSpan[class={math-inline},elem={math-inline}]{$V_s$}%mdk-data-line={511}
{} and %mdk-data-line={511}
{}\mdSpan[class={math-inline},elem={math-inline}]{$V_c$}%mdk-data-line={511}
{} partition the variables of %mdk-data-line={511}
{}\mdSpan[class={math-inline},elem={math-inline}]{$V$}%mdk-data-line={511}
{} into those variables
that are treated symbolically (%mdk-data-line={512}
{}\mdSpan[class={math-inline},elem={math-inline}]{$V_s$}%mdk-data-line={512}
{}) and those that are treated concretely 
(%mdk-data-line={513}
{}\mdSpan[class={math-inline},elem={math-inline}]{$V_c$}%mdk-data-line={513}
{}). The initial state of the program is characterized by the formula%
\end{mdP}%
\begin{mdDiv}[class={equation,para-block},label={[(1)]\{.equation-label\}},elem={equation},line-adjust={0},data-line={515}]%
%mdk-data-line={515}
{}\mdSpan[class={equation-before}]{\mdSpan[class={equation-label}]{(1)}}%mdk-data-line={515}
{}
\begin{mdDiv}[class={mathdisplay,para-block,input-math},elem={mathdisplay},color={},math-needpdf={},line-adjust={0},data-line={516}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={516}
Init = (\bigwedge_{v_i \in V_s} v_i = sc_i) ~\wedge~ (~\bigwedge_{v_i \in V_c} v_i = c_i)
\]%
\end{mdDiv}%%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[data-line={519}]%
%mdk-data-line={519}
{}Thus, we see that the initial value of every input variable is characterized by 
a symbolic constant %mdk-data-line={520}
{}\mdSpan[class={math-inline},elem={math-inline}]{$sc_i$}%mdk-data-line={520}
{} or constant %mdk-data-line={520}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c_i$}%mdk-data-line={520}
{}.  We assume that every non-input
variable in the program is initialized before being used.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={523}]%
%mdk-data-line={523}
{}The strongest postcondition is formulated to deal with open programs,
programs in which some variables are used before being assigned to. 
This surfaces in Rule (1) for assignment, which uses existential quantification
to refer to the value of variable %mdk-data-line={526}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x$}%mdk-data-line={526}
{} in the pre-state.%
\end{mdP}%
\begin{mdP}[class={indent,para-continue},data-line={528}]%
%mdk-data-line={528}
{}By construction,
we have that every variable is defined before being used.  This means
that the precondition %mdk-data-line={530}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={530}
{} can be reformulated as a pair %mdk-data-line={530}
{}\mdSpan[class={math-inline},elem={math-inline}]{$<\sigma,P_c>$}%mdk-data-line={530}
{},
where %mdk-data-line={531}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma$}%mdk-data-line={531}
{} is a store mapping variables to values and %mdk-data-line={531}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P_c$}%mdk-data-line={531}
{} is
the path-condition, a list of symbolic expressions (predicates) 
corresponding
to the expressions %mdk-data-line={534}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={534}
{} evaluated in the context of an %mdk-data-line={534}
{}\mdStrong{if-then-else}%mdk-data-line={534}
{} 
statement. Initially, we have that :%
\end{mdP}%
\begin{mdDiv}[class={equation,para-block},label={[(2)]\{.equation-label\}},elem={equation},line-adjust={0},data-line={537}]%
%mdk-data-line={537}
{}\mdSpan[class={equation-before}]{\mdSpan[class={equation-label}]{(2)}}%mdk-data-line={537}
{}
\begin{mdDiv}[class={mathdisplay,para-block,input-math},elem={mathdisplay},color={},math-needpdf={},line-adjust={0},data-line={538}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={538}
\sigma = \{ (v_i,sc_i) | v_i \in V_s \} \cup \{ (v_i,c_i) | v_i \in V_c \}
\]%
\end{mdDiv}%%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[class={para-continue},data-line={541}]%
%mdk-data-line={541}
{}representing the initial condition %mdk-data-line={541}
{}\mdSpan[class={math-inline},elem={math-inline}]{$Init$}%mdk-data-line={541}
{}, and %mdk-data-line={541}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P_c = []$}%mdk-data-line={541}
{}, the empty list.
We use %mdk-data-line={542}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma'$}%mdk-data-line={542}
{} to refer to the formula that the store %mdk-data-line={542}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma$}%mdk-data-line={542}
{}
induces:%
\end{mdP}%
\begin{mdDiv}[class={equation,para-block},label={[(3)]\{.equation-label\}},elem={equation},line-adjust={0},data-line={545}]%
%mdk-data-line={545}
{}\mdSpan[class={equation-before}]{\mdSpan[class={equation-label}]{(3)}}%mdk-data-line={545}
{}
\begin{mdDiv}[class={mathdisplay,para-block,input-math},elem={mathdisplay},color={},math-needpdf={},line-adjust={0},data-line={546}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={546}
\sigma ' =  \bigwedge_{(v,V) \in \sigma} (v = V)
\]%
\end{mdDiv}%%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[data-line={549}]%
%mdk-data-line={549}
{}Thus, the pair %mdk-data-line={549}
{}\mdSpan[class={math-inline},elem={math-inline}]{$<\sigma,P_c>$}%mdk-data-line={549}
{} represents the predicate 
%mdk-data-line={550}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P = \sigma' \wedge (\bigwedge_{c \in P_c} c)$}%mdk-data-line={550}
{}.
A store %mdk-data-line={551}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma$}%mdk-data-line={551}
{} supports two operations: %mdk-data-line={551}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma[x]$}%mdk-data-line={551}
{} which denotes the
value that %mdk-data-line={552}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x$}%mdk-data-line={552}
{} maps to under %mdk-data-line={552}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma$}%mdk-data-line={552}
{}; %mdk-data-line={552}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma[x \mapsto V]$}%mdk-data-line={552}
{}, which 
produces a new store in which %mdk-data-line={553}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x$}%mdk-data-line={553}
{} maps to value %mdk-data-line={553}
{}\mdSpan[class={math-inline},elem={math-inline}]{$V$}%mdk-data-line={553}
{} and is everywhere 
else the same as %mdk-data-line={554}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma$}%mdk-data-line={554}
{}.%
\end{mdP}%
\begin{mdP}[class={indent,para-continue},data-line={556}]%
%mdk-data-line={556}
{}Now, we can redefine strongest postcondition for assignment to eliminate the
use of existential quantification and model the operation of an interpreter,
by separating out the notion of the store:%
\end{mdP}%
\begin{mdDiv}[class={mathpre,para-block,input-mathpre},elem={mathpre},data-line={560}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={561}
\begin{mdMathprearray}%mdk
1.\mdMathspace{1}&\mdMathspace{1}\mathid{SP}(<\sigma,\mdMathspace{1}\mathid{P}_\mathid{c}>,\mdMathspace{1}\mathid{x}\mdMathspace{1}:=\mdMathspace{1}\mathid{E})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{1}<\sigma[\mathid{x}\mdMathspace{1}\mapsto \mathid{eval}(\sigma,\mathid{E})],\mdMathspace{1}\mathid{P}_\mathid{c}>\\
\end{mdMathprearray}%mdk
\]%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[data-line={564}]%
%mdk-data-line={564}
{}where %mdk-data-line={564}
{}\mdSpan[class={math-inline},elem={math-inline}]{$eval(\sigma,E)$}%mdk-data-line={564}
{} evaluates expression %mdk-data-line={564}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={564}
{} under the store %mdk-data-line={564}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma$}%mdk-data-line={564}
{}
(where every occurrence of a free variable
%mdk-data-line={566}
{}\mdSpan[class={math-inline},elem={math-inline}]{$v$}%mdk-data-line={566}
{} in %mdk-data-line={566}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={566}
{} is replaced by the value %mdk-data-line={566}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma[v]$}%mdk-data-line={566}
{}). 
This is the standard substitution rule of a standard operational semantics.%
\end{mdP}%
\begin{mdP}[class={indent,para-continue},data-line={569}]%
%mdk-data-line={569}
{}We also redefine the rule for the %mdk-data-line={569}
{}\mdStrong{if-then-else}%mdk-data-line={569}
{} statement so
that it chooses which branch to take and appends the appropriate
symbolic expression (predicate) to the path-condition %mdk-data-line={571}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P_c$}%mdk-data-line={571}
{}:%
\end{mdP}%
\begin{mdDiv}[class={mathpre,para-block,input-mathpre},elem={mathpre},data-line={573}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={574}
\begin{mdMathprearray}%mdk
4.\mdMathspace{1}&\mdMathspace{1}\mathid{SP}(<\sigma,\mdMathspace{1}\mathid{P}_\mathid{c}>,\mdMathspace{1}\mathkw{if}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{S}_1\mdMathspace{1}\mathkw{else}\mdMathspace{1}\mathid{S}_2\mdMathspace{1}\mathkw{end})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{2}\mdMathbr{}
\mdMathindent{3}&\mdMathspace{3}\mathkw{let}\mdMathspace{1}\mathid{choice}\mdMathspace{1}=\mdMathspace{1}\mathid{eval}(\sigma,\mathid{E})\mdMathspace{1}\mathkw{in}\mdMathbr{}
\mdMathindent{3}&\mdMathspace{3}\mathkw{if}\mdMathspace{1}\mathid{choice}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{SP}(<\sigma,\mdMathspace{1}\mathid{P}_\mathid{c}\mdMathspace{1}::\mdMathspace{1}\mathid{expr}(\mathid{choice})\mdMathspace{1}>,\mathid{S}_1)\mdMathspace{1}\mdMathbr{}
\mdMathindent{3}&\mdMathspace{3}\mathkw{else}\mdMathspace{1}\mathid{SP}(<\sigma,\mdMathspace{1}\mathid{P}_\mathid{c}\mdMathspace{1}::\mdMathspace{1}\neg \mathid{expr}(\mathid{choice})\mdMathspace{1}>,\mathid{S}_2)
\end{mdMathprearray}%mdk
\]%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[data-line={580}]%
%mdk-data-line={580}
{}The other strongest postcondition rules remain unchanged.%
\end{mdP}%
\mdHxxx[id=sec-summing-it-up,label={[3.3]\{.heading-label\}},toc={},data-line={582},caption={[[3.3]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Summing it up},bookmark={3.3.{\hspace{0.5em}}Summing it up}]{%mdk-data-line={582}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{3.3}.{\hspace{0.5em}}}%mdk-data-line={582}
{}Summing it up}\begin{mdP}[data-line={584}]%
%mdk-data-line={584}
{}We have shown how the symbolic predicate transformer %mdk-data-line={584}
{}\mdSpan[class={math-inline},elem={math-inline}]{$SP$}%mdk-data-line={584}
{} can 
be refined into a symbolic interpreter operating over the
symbolic types defined in the previous section.
In the case when every input variable is symbolic and every
operator is redefined, the path-condition is equivalent to the
%mdk-data-line={589}
{}\mdEm{strongest postcondition}%mdk-data-line={589}
{} of the execution path %mdk-data-line={589}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={589}
{}. 
This guarantees that the path-condition for %mdk-data-line={590}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={590}
{} is %mdk-data-line={590}
{}\mdEm{sound}%mdk-data-line={590}
{}.
In the case where a subset of the input variables are symbolic
and/or not all operators are redefined, the path-condition of %mdk-data-line={592}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={592}
{} 
is not guaranteed to be sound. We leave it as an exercise to the
reader to establish sufficient conditions under which the 
use of concrete values in place of symbolic expressions is 
guaranteed to result in sound path-conditions.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={598}]%
%mdk-data-line={598}
{}This section does not address the compilation of a symbolic
expression to the (logic) language of an underlying ATP, nor the
lifting of a satisfying assignment to a formula back to the
level of the source language. This is best done for a particular
source language and ATP, as detailed in the next section.%
\end{mdP}%
\mdHxx[id=sec-impl,label={[4]\{.heading-label\}},toc={},data-line={605},caption={[[4]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Architecture of PyExZ3},bookmark={4.{\hspace{0.5em}}Architecture of PyExZ3}]{%mdk-data-line={605}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{4}.{\hspace{0.5em}}}%mdk-data-line={605}
{}Architecture of PyExZ3}\begin{mdP}[data-line={607}]%
%mdk-data-line={607}
{}In this section we present the high-level architecture
of a simple DSE tool for the Python language, written in Python, called%mdk-data-line={608}
{}{\mdNbsp}\mdA[data-linkid={pyexz3}]{https://github.com/thomasjball/PyExZ3/}{}{PyExZ3}%mdk-data-line={608}
{}. 
Figure%mdk-data-line={609}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-arch}{}{\mdSpan[class={figure-label}]{6}}%mdk-data-line={609}
{}
shows the class diagram (dashed edges are %mdk-data-line={610}
{}{\textquotedblleft}has-a{\textquotedblright}%mdk-data-line={610}
{} relationships; solid edges
are %mdk-data-line={611}
{}{\textquotedblleft}is-a{\textquotedblright}%mdk-data-line={611}
{} relationships) of the tool.%
\end{mdP}%
\begin{mdDiv}[class={figure,floating,align-center},id=fig-arch,label={[6]\{.figure-label\}},elem={figure},toc-line={[6]\{.figure-label\}. Classes in PyExZ3},toc={tof},float-env={figure},float-name={Figure},caption={Classes in PyExZ3},page-align={here},data-line={613}]%
\begin{mdP}[data-line={614}]%
%mdk-data-line={614}
{}\mdImg[width={1.00\linewidth},data-linkid={arch}]{arch.png}%mdk-data-line={614}
{}%
\end{mdP}%
\mdHr[class={figureline,madoko},data-line={615}]{}\begin{mdDiv}[data-line={616}]%
%mdk-data-line={616}
{}\mdSpan[class={figure-caption}]{\mdSpan[class={caption-before}]{\mdStrong{Figure{\mdNbsp}\mdSpan[class={figure-label}]{6}.} }Classes in PyExZ3}%mdk-data-line={616}
{}%
\end{mdDiv}%%
\end{mdDiv}%
\mdHxxx[id=sec-loading-the-code-under-test,label={[4.1]\{.heading-label\}},toc={},data-line={619},caption={[[4.1]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Loading the code under test},bookmark={4.1.{\hspace{0.5em}}Loading the code under test}]{%mdk-data-line={619}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{4.1}.{\hspace{0.5em}}}%mdk-data-line={619}
{}Loading the code under test}\begin{mdP}[data-line={621}]%
%mdk-data-line={621}
{}The %mdk-data-line={621}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Loader}}%mdk-data-line={621}
{} class takes as input the name of a Python file (e.g., %mdk-data-line={621}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}\mdToken{Delimiter,Python}{.}\mdToken{Identifier,Python}{py}}%mdk-data-line={621}
{}) 
to import. The loader expects to find a function named
%mdk-data-line={623}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}}%mdk-data-line={623}
{} inside the file %mdk-data-line={623}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}\mdToken{Delimiter,Python}{.}\mdToken{Identifier,Python}{py}}%mdk-data-line={623}
{}, which will serve as the starting point
for symbolic execution. The %mdk-data-line={624}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{FunctionInvocation}}%mdk-data-line={624}
{} class
wraps this starting point. By default, each parameter to %mdk-data-line={625}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}}%mdk-data-line={625}
{} is
a %mdk-data-line={626}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicInteger}}%mdk-data-line={626}
{} unless there is decorator %mdk-data-line={626}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Python}{@}\mdToken{Identifier,Python}{symbolic}}%mdk-data-line={626}
{} specifying
the type to use for a particular argument.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={629}]%
%mdk-data-line={629}
{}The loader provides the capability to reload the
module %mdk-data-line={630}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}\mdToken{Delimiter,Python}{.}\mdToken{Identifier,Python}{py}}%mdk-data-line={630}
{} so that the function %mdk-data-line={630}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}}%mdk-data-line={630}
{} can be 
reexecuted within the same process from the same initial
state with different inputs (see the class %mdk-data-line={632}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{ExplorationEngine}}%mdk-data-line={632}
{})
via the %mdk-data-line={633}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{FunctionInvocation}}%mdk-data-line={633}
{} class.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={635}]%
%mdk-data-line={635}
{}Finally, the loader looks for specially named functions %mdk-data-line={635}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{expected\_result}}%mdk-data-line={635}
{}
(%mdk-data-line={636}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{expected\_result\_set}}%mdk-data-line={636}
{}) in file %mdk-data-line={636}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}\mdToken{Delimiter,Python}{.}\mdToken{Identifier,Python}{py}}%mdk-data-line={636}
{} to use as a test oracle after
the path exploration (by %mdk-data-line={637}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{ExplorationEngine}}%mdk-data-line={637}
{}) has completed. These
functions are expected to return a list of values to check
against the list of return values collected from the executions of 
the %mdk-data-line={640}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}}%mdk-data-line={640}
{} function.
The presence of the function %mdk-data-line={641}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{expected\_result}}%mdk-data-line={641}
{} (%mdk-data-line={641}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{expected\_result\_set}}%mdk-data-line={641}
{}) 
yields a comparison of the two lists as bags (sets). We use such weaker
tests, rather than list equality, because the order in which paths
are explored by the %mdk-data-line={644}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{ExplorationEngine}}%mdk-data-line={644}
{} can easily change due to small
differences in the input programs.%
\end{mdP}%
\mdHxxx[id=sec-symbolic-types,label={[4.2]\{.heading-label\}},toc={},data-line={647},caption={[[4.2]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Symbolic types},bookmark={4.2.{\hspace{0.5em}}Symbolic types}]{%mdk-data-line={647}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{4.2}.{\hspace{0.5em}}}%mdk-data-line={647}
{}Symbolic types}\begin{mdP}[data-line={649}]%
%mdk-data-line={649}
{}Python supports multiple inheritance and, more importantly,
allows user-defined classes to inherit 
from its built-in types (such as %mdk-data-line={651}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{object}}%mdk-data-line={651}
{} and %mdk-data-line={651}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{int}}%mdk-data-line={651}
{}).
We use these two features two implement
symbolic versions of Python objects and integers, 
following the instrumented type approach defined in Section%mdk-data-line={654}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-semantics}{}{\mdSpan[class={heading-label}]{2}}%mdk-data-line={654}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={656}]%
%mdk-data-line={656}
{}The abstract class %mdk-data-line={656}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicType}}%mdk-data-line={656}
{} contains the 
symbolic expression tree and provides basic functions for constructing 
and accessing the tree.  This class does double duty, as it is used
to represent the (typed) symbolic constants associated with the parameters to the 
function, as well as the expression trees (per Section%mdk-data-line={660}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-semantics}{}{\mdSpan[class={heading-label}]{2}}%mdk-data-line={660}
{}). Recall
that the symbolic constants only appear as leaves of expression trees.
This means that the expression tree stored in a %mdk-data-line={662}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicType}}%mdk-data-line={662}
{} will
have instances of a %mdk-data-line={663}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicType}}%mdk-data-line={663}
{} as some of its leaves, namely
those leaves representing the symbolic constants.
%mdk-data-line={665}
{}%mdk-data-line={665}
{}
The abstract class provides an %mdk-data-line={666}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{unwrap}}%mdk-data-line={666}
{} method which returns
the pair of concrete value and expression tree associated with
the %mdk-data-line={668}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicType}}%mdk-data-line={668}
{}, as well as a %mdk-data-line={668}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{wrap}}%mdk-data-line={668}
{} method that takes a 
pair of concrete value and expression tree and creates a %mdk-data-line={669}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicType}}%mdk-data-line={669}
{}
encapsulating them.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={672}]%
%mdk-data-line={672}
{}The class %mdk-data-line={672}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicObject}}%mdk-data-line={672}
{} inherits from both %mdk-data-line={672}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{object}}%mdk-data-line={672}
{} and %mdk-data-line={672}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicType}}%mdk-data-line={672}
{} and
overrides the basic comparison operations (%mdk-data-line={673}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_eq\_\_}}%mdk-data-line={673}
{}, %mdk-data-line={673}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_neq\_\_}}%mdk-data-line={673}
{}, %mdk-data-line={673}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_lt\_\_}}%mdk-data-line={673}
{}, %mdk-data-line={673}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_le\_\_}}%mdk-data-line={673}
{},
%mdk-data-line={674}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_gt\_\_}}%mdk-data-line={674}
{}, and %mdk-data-line={674}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_ge\_\_}}%mdk-data-line={674}
{}).
The class %mdk-data-line={675}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicInteger}}%mdk-data-line={675}
{} inherits from both %mdk-data-line={675}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{int}}%mdk-data-line={675}
{} and %mdk-data-line={675}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicObject}}%mdk-data-line={675}
{}
and overrides a number of %mdk-data-line={676}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{int}}%mdk-data-line={676}
{}{'}%mdk-data-line={676}
{}s arithmetic methods
(%mdk-data-line={677}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_add\_\_}}%mdk-data-line={677}
{}, %mdk-data-line={677}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_sub\_\_}}%mdk-data-line={677}
{}, %mdk-data-line={677}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_mul\_\_}}%mdk-data-line={677}
{}, %mdk-data-line={677}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_mod\_\_}}%mdk-data-line={677}
{}, %mdk-data-line={677}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_floordiv\_}}%mdk-data-line={677}
{})
and bitwise methods
(%mdk-data-line={679}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_and\_\_}}%mdk-data-line={679}
{}, %mdk-data-line={679}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_or\_\_}}%mdk-data-line={679}
{}, %mdk-data-line={679}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_xor\_\_}}%mdk-data-line={679}
{}, %mdk-data-line={679}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_lshift\_\_}}%mdk-data-line={679}
{}, %mdk-data-line={679}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_rshift\_\_}}%mdk-data-line={679}
{}).%
\end{mdP}%
\mdHxxx[id=sec-tracing-control-flow,label={[4.3]\{.heading-label\}},toc={},data-line={682},caption={[[4.3]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Tracing control-flow},bookmark={4.3.{\hspace{0.5em}}Tracing control-flow}]{%mdk-data-line={682}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{4.3}.{\hspace{0.5em}}}%mdk-data-line={682}
{}Tracing control-flow}\begin{mdP}[data-line={684}]%
%mdk-data-line={684}
{}As Python interprets a program, it will evaluate expressions, 
substituting the value of a variable in its place in an 
expression, applying operators (methods) to 
parameter values and assigning the return values of methods
to variables. Value of type %mdk-data-line={688}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicInteger}}%mdk-data-line={688}
{} will simply flow
through this interpretation, without necessitating any change 
to the program or the interpreter. This takes care
of the case of the strongest-postcondition rule for assignment,
as elaborated in Section%mdk-data-line={692}
{}{\mdNbsp}\mdA[class={localref},target-element={h2}]{sp-refined}{}{\mdSpan[class={heading-label}]{3.2}}%mdk-data-line={692}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={694}]%
%mdk-data-line={694}
{}The strong-postcondition rule for a conditional test requires
a little more work. In Python, any object can be tested in
an %mdk-data-line={696}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Keyword,Python}{if}}%mdk-data-line={696}
{} or %mdk-data-line={696}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Keyword,Python}{while}}%mdk-data-line={696}
{} condition or as the operand of a Boolean operation
(%mdk-data-line={697}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Keyword,Python}{and}}%mdk-data-line={697}
{}, %mdk-data-line={697}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Keyword,Python}{or}}%mdk-data-line={697}
{}, %mdk-data-line={697}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Keyword,Python}{not}}%mdk-data-line={697}
{})
The Python base class %mdk-data-line={698}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{object}}%mdk-data-line={698}
{} provides a method named %mdk-data-line={698}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_bool\_\_}}%mdk-data-line={698}
{} that
the Python runtime calls whenever it needs to perform such a conditional test.
This hook provides us what we need to trace the conditional
control-flow of a Python execution.  We override this method in the class
%mdk-data-line={702}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicObject}}%mdk-data-line={702}
{} in order to inform the %mdk-data-line={702}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{PathToConstraint}}%mdk-data-line={702}
{} object (defined
later) of the symbolic expression for the conditional (as captured by
the %mdk-data-line={704}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicInteger}}%mdk-data-line={704}
{} subclass).%
\end{mdP}%
\begin{mdP}[class={indent},data-line={706}]%
%mdk-data-line={706}
{}Note that the use of this hook in combination with the
tainted types will only trace those conditionals
in a Python execution whose values inherit from %mdk-data-line={708}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicObject}}%mdk-data-line={708}
{}; 
by definition, %mdk-data-line={709}
{}{\textquotedblleft}untainted{\textquotedblright}%mdk-data-line={709}
{} conditionals do not depend on symbolic 
inputs so there is no value in adding them to the path-condition.%
\end{mdP}%
\mdHxxx[id=sec-recording-path-conditions,label={[4.4]\{.heading-label\}},toc={},data-line={712},caption={[[4.4]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Recording path-conditions},bookmark={4.4.{\hspace{0.5em}}Recording path-conditions}]{%mdk-data-line={712}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{4.4}.{\hspace{0.5em}}}%mdk-data-line={712}
{}Recording path-conditions}\begin{mdP}[data-line={714}]%
%mdk-data-line={714}
{}A %mdk-data-line={714}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Predicate}}%mdk-data-line={714}
{} records a conditional (more precisely the symbolic expression
found in %mdk-data-line={715}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicInteger}}%mdk-data-line={715}
{}) and
which way it evaluated in an execution.  A %mdk-data-line={716}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={716}
{}
has a %mdk-data-line={717}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Predicate}}%mdk-data-line={717}
{}, a parent %mdk-data-line={717}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={717}
{} and a set
of %mdk-data-line={718}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={718}
{} children. %mdk-data-line={718}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraints}}%mdk-data-line={718}
{} form a tree, where
each path starting from the root of the tree represents
a path-condition. The tree represents all path-conditions that have
been explored so far.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={723}]%
%mdk-data-line={723}
{}The class %mdk-data-line={723}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{PathToConstraint}}%mdk-data-line={723}
{} has a reference to the root of 
the tree of %mdk-data-line={724}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={724}
{}s
and is responsible for installing a new %mdk-data-line={725}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={725}
{} in the tree
when notified by the overridden %mdk-data-line={726}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_bool\_\_}}%mdk-data-line={726}
{} method of %mdk-data-line={726}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicObject}}%mdk-data-line={726}
{}.
%mdk-data-line={727}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{PathToConstraint}}%mdk-data-line={727}
{} also tracks whether or not the current execution
is following an existing path in the tree and grows the
tree as needed. In fact, it actually
tracks whether or not the current execution follows a particular
%mdk-data-line={731}
{}\mdEm{expected path}%mdk-data-line={731}
{} in the tree.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={733}]%
%mdk-data-line={733}
{}The expected path is the result
of the %mdk-data-line={734}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{ExplorationEngine}}%mdk-data-line={734}
{} picking a constraint %mdk-data-line={734}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={734}
{} in the tree,
and asking the ATP if the path-condition consisting of the prefix
of predicates up to but not including %mdk-data-line={736}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={736}
{} in the tree, 
followed by the negation of %mdk-data-line={737}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={737}
{}{'}%mdk-data-line={737}
{}s predicate is satisfiable. If the 
ATP returns %mdk-data-line={738}
{}{\textquotedblleft}satisfiable{\textquotedblright}%mdk-data-line={738}
{} (with a new input %mdk-data-line={738}
{}\mdSpan[class={math-inline},elem={math-inline}]{$i$}%mdk-data-line={738}
{}), then the assumption
is that path-condition prefix is sound (that is, the execution of
the program on input %mdk-data-line={740}
{}\mdSpan[class={math-inline},elem={math-inline}]{$i$}%mdk-data-line={740}
{} will follow the prefix).%
\end{mdP}%
\begin{mdP}[class={indent},data-line={742}]%
%mdk-data-line={742}
{}However, it is possible 
for the path-condition to be unsound and for 
the executed path to diverge early 
from the expected path, due to the fact that not every operation
has a symbolic encoding.  The tool simply reports the divergence
and continues to process the execution as usual (as a diverging
path may lead to some other interesting part of the code).%
\end{mdP}%
\mdHxxx[id=sec-from-symbolic-types-to-z3,label={[4.5]\{.heading-label\}},toc={},data-line={750},caption={[[4.5]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}From symbolic types to Z3},bookmark={4.5.{\hspace{0.5em}}From symbolic types to Z3}]{%mdk-data-line={750}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{4.5}.{\hspace{0.5em}}}%mdk-data-line={750}
{}From symbolic types to Z3}\begin{mdP}[data-line={752}]%
%mdk-data-line={752}
{}As we have explained DSE, the symbolic expressions are 
represented at the level of the source language. As detailed later
in Section%mdk-data-line={754}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-int2z3}{}{\mdSpan[class={heading-label}]{5}}%mdk-data-line={754}
{}, we must translate 
from the source language to the input language of an
automated theorem prover (ATP), in this case%mdk-data-line={756}
{}{\mdNbsp}\mdA[data-linkid={z3}]{http://z3.codeplex.org/}{}{Z3}%mdk-data-line={756}
{}.  This
separation of languages is quite useful, as we may have
the need to translate a given symbolic expression
to the ATP%mdk-data-line={759}
{}{'}%mdk-data-line={759}
{}s language multiple times, to make use of different
features of the underlying ATP. 
Furthermore, this separation
of concerns allows us to easily retarget the DSE tool to a
different ATP.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={765}]%
%mdk-data-line={765}
{}The base class %mdk-data-line={765}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3Expression}}%mdk-data-line={765}
{} represents a Z3 formula. The two 
subclasses %mdk-data-line={766}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3Integer}}%mdk-data-line={766}
{} and %mdk-data-line={766}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3BitVector}}%mdk-data-line={766}
{} represent different ways 
to model arithmetic reasoning about integers in Z3. We will describe
the details of these encodings in Section%mdk-data-line={768}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-int2z3}{}{\mdSpan[class={heading-label}]{5}}%mdk-data-line={768}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={770}]%
%mdk-data-line={770}
{}The class %mdk-data-line={770}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3Wrapper}}%mdk-data-line={770}
{} is responsible for performing the
translation from the source language (Python) to Z3%mdk-data-line={771}
{}{'}%mdk-data-line={771}
{}s input language, 
invoking Z3, and lifting a Z3 answer back to the level of Python. 
The %mdk-data-line={773}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{findCounterexample}}%mdk-data-line={773}
{} method does all the work, taking as
input a list of %mdk-data-line={774}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Predicate}}%mdk-data-line={774}
{}s (called %mdk-data-line={774}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{assertions}}%mdk-data-line={774}
{}) 
as well as a single %mdk-data-line={775}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Predicate}}%mdk-data-line={775}
{} (called
the %mdk-data-line={776}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{query}}%mdk-data-line={776}
{}). The %mdk-data-line={776}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{assertions}}%mdk-data-line={776}
{} represent a path-condition
prefix derived from the %mdk-data-line={777}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={777}
{} tree that we wish the next
execution to follow, while %mdk-data-line={778}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{query}}%mdk-data-line={778}
{} represents the predicate
following the prefix in the tree that we will negate.%
\end{mdP}%
\begin{mdP}[class={indent,para-continue},data-line={781}]%
%mdk-data-line={781}
{}The method constructs the formula%
\end{mdP}%
\begin{mdDiv}[class={equation,para-block},label={[(4)]\{.equation-label\}},elem={equation},line-adjust={0},data-line={783}]%
%mdk-data-line={783}
{}\mdSpan[class={equation-before}]{\mdSpan[class={equation-label}]{(4)}}%mdk-data-line={783}
{}
\begin{mdDiv}[class={mathdisplay,para-block,input-math},elem={mathdisplay},color={},math-needpdf={},line-adjust={0},data-line={784}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={784}
(\bigwedge_{a \in asserts} a) \wedge \neg query
\]%
\end{mdDiv}%%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[data-line={787}]%
%mdk-data-line={787}
{}and asks Z3 if it is satisfiable. The method performs
a standard syntactic %mdk-data-line={788}
{}{\textquotedblleft}cone of influence{\textquotedblright}%mdk-data-line={788}
{} (CIF)
reduction on the %mdk-data-line={789}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{asserts}}%mdk-data-line={789}
{} with respect to the 
%mdk-data-line={790}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{query}}%mdk-data-line={790}
{} to shrink the size of the formula. For example,
if %mdk-data-line={791}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{asserts}}%mdk-data-line={791}
{} is the set of predicates %mdk-data-line={791}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\{ (x<a), (a<0), (y>0) \}$}%mdk-data-line={791}
{} and
the query is %mdk-data-line={792}
{}\mdSpan[class={math-inline},elem={math-inline}]{$(x=0)$}%mdk-data-line={792}
{}, then the CIF yields the
set  %mdk-data-line={793}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\{ (x<a), (a<0) \}$}%mdk-data-line={793}
{}, which does not include the predicate %mdk-data-line={793}
{}\mdSpan[class={math-inline},elem={math-inline}]{$(y>0)$}%mdk-data-line={793}
{},
as the variable %mdk-data-line={794}
{}\mdSpan[class={math-inline},elem={math-inline}]{$y$}%mdk-data-line={794}
{} is not in the set of variables (transitively)
related to variable %mdk-data-line={795}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x$}%mdk-data-line={795}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={797}]%
%mdk-data-line={797}
{}If the formula is satisfiable a model is requested
from Z3 and lifted back to Python%mdk-data-line={798}
{}{'}%mdk-data-line={798}
{}s type universe.  Note that
because of the CIF reduction, the model may not mention certain
input variables, in which case we simply keep their values from
the execution from which the %mdk-data-line={801}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{asserts}}%mdk-data-line={801}
{} and %mdk-data-line={801}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{query}}%mdk-data-line={801}
{} were derived.%
\end{mdP}%
\mdHxxx[id=sec-putting-it-all-together,label={[4.6]\{.heading-label\}},toc={},data-line={803},caption={[[4.6]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Putting it all together},bookmark={4.6.{\hspace{0.5em}}Putting it all together}]{%mdk-data-line={803}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{4.6}.{\hspace{0.5em}}}%mdk-data-line={803}
{}Putting it all together}\begin{mdP}[data-line={805}]%
%mdk-data-line={805}
{}The class %mdk-data-line={805}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{ExplorationEngine}}%mdk-data-line={805}
{} ties everything together. It kicks off
an execution of the Python code under test using %mdk-data-line={806}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{FunctionInvocation}}%mdk-data-line={806}
{}.
As the Python code executes, building symbolic expressions via %mdk-data-line={807}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicType}}%mdk-data-line={807}
{}
and its subclasses, callbacks to %mdk-data-line={808}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{PathToConstraint}}%mdk-data-line={808}
{} create
a path-condition, represented by %mdk-data-line={809}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={809}
{} and %mdk-data-line={809}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Predicate}}%mdk-data-line={809}
{}. 
Newly discovered %mdk-data-line={810}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraints}}%mdk-data-line={810}
{} are added to the end of a deque maintained by
%mdk-data-line={811}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{ExplorationEngine}}%mdk-data-line={811}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={813}]%
%mdk-data-line={813}
{}Given the first seed execution, %mdk-data-line={813}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{ExplorationEngine}}%mdk-data-line={813}
{} starts the work of 
exploring paths in a breadth-first fashion. It removes a %mdk-data-line={814}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={814}
{} %mdk-data-line={814}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={814}
{}
from the front of its deque and, if %mdk-data-line={815}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={815}
{} has not been already %mdk-data-line={815}
{}{\textquotedblleft}processed{\textquotedblright}%mdk-data-line={815}
{}, 
uses %mdk-data-line={816}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3Wrapper}}%mdk-data-line={816}
{} to find a new input (as discussed in the previous section)
where %mdk-data-line={817}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={817}
{} is the query (to be negated) and the path to %mdk-data-line={817}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={817}
{} in the 
%mdk-data-line={818}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={818}
{} tree forms the assertions.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={820}]%
%mdk-data-line={820}
{}A %mdk-data-line={820}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={820}
{} %mdk-data-line={820}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={820}
{} in the tree is considered %mdk-data-line={820}
{}{\textquotedblleft}processed{\textquotedblright}%mdk-data-line={820}
{} if an execution 
has covered %mdk-data-line={821}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c'$}%mdk-data-line={821}
{}, a sibling of %mdk-data-line={821}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={821}
{} in the tree that represents
the negation of the predicate associated with %mdk-data-line={822}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={822}
{}, or if constraint %mdk-data-line={822}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={822}
{}
has been removed from the deque.%
\end{mdP}%
\mdHxx[id=sec-int2z3,label={[5]\{.heading-label\}},toc={},data-line={825},caption={[[5]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}From Python Integers to Z3 Arithmetic},bookmark={5.{\hspace{0.5em}}From Python Integers to Z3 Arithmetic}]{%mdk-data-line={825}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{5}.{\hspace{0.5em}}}%mdk-data-line={825}
{}From Python Integers to Z3 Arithmetic}\begin{mdP}[data-line={827}]%
%mdk-data-line={827}
{}In languages such as C and Java, integers are finite-precision,
generally limited to the size of a machine word (32 or 64 bits, for example).
For such languages, satisfiability of finite-precision integer arithmetic
is decidable and can be reduced to Z3%mdk-data-line={830}
{}{'}%mdk-data-line={830}
{}s theory of bit-vectors, where
each arithmetic operation is encoded by a circuit. This translation permits 
reasoning about non-linear arithmetic problems, such as 
%mdk-data-line={833}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\exists x,y,z : x*z + y \leq (z/y)+5$}%mdk-data-line={833}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={835}]%
%mdk-data-line={835}
{}Python (3.0) integers, however, are not finite-precision. They are only
limited by the size of machine memory. This means, for example, that
Python integers don%mdk-data-line={837}
{}{'}%mdk-data-line={837}
{}t overflow or underflow. It also means that
we can%mdk-data-line={838}
{}{'}%mdk-data-line={838}
{}t hope to decide algorithmically whether or not a given
equation over integer variables has a solution in general. Hilbert%mdk-data-line={839}
{}{'}%mdk-data-line={839}
{}s famous
10th problem and its solution by Matiyasevich tells us that it is
undecidable whether or not a polynomial
equation of the form %mdk-data-line={842}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p(x_1, \ldots, x_n) = 0$}%mdk-data-line={842}
{} with integer coefficients
has an solution in the integers.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={845}]%
%mdk-data-line={845}
{}This means that we will resort to heuristic approaches in our use
of the%mdk-data-line={846}
{}{\mdNbsp}\mdA[data-linkid={z3}]{http://z3.codeplex.org/}{}{Z3}%mdk-data-line={846}
{} ATP.  The special case of linear integer arithmetic (LIA)
is decidable and supported by Z3. In order to deal with non-linear operations,
we use uninterpreted functions (UF). Thus, if Z3 returns
%mdk-data-line={849}
{}{\textquotedblleft}unsatisfiable{\textquotedblright}%mdk-data-line={849}
{} we know that there is no solution, but if the
Z3 %mdk-data-line={850}
{}{\textquotedblleft}satisfiable{\textquotedblright}%mdk-data-line={850}
{}, we must treat the answer as a %mdk-data-line={850}
{}{\textquotedblleft}don{'}t know{\textquotedblright}%mdk-data-line={850}
{}. 
The class %mdk-data-line={851}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3Integer}}%mdk-data-line={851}
{} is used to translate a symbolic expression
into the theory LIA+UF and check for unsatisfiability. We leave it as an
implementation exercise to check if a symbolic expression can
be converted to LIA (without the use of UF) in order to make
use of %mdk-data-line={855}
{}{\textquotedblleft}satisfiable{\textquotedblright}%mdk-data-line={855}
{} answers from the LIA solver.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={857}]%
%mdk-data-line={857}
{}If the translation to %mdk-data-line={857}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3Integer}}%mdk-data-line={857}
{} does not return %mdk-data-line={857}
{}{\textquotedblleft}unsatisfiable{\textquotedblright}%mdk-data-line={857}
{}, we
use Z3%mdk-data-line={858}
{}{'}%mdk-data-line={858}
{}s bit-vector decision procedure (via the class
%mdk-data-line={859}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3BitVector}}%mdk-data-line={859}
{}) to heuristically
try to find satisfiable answers, even in the presence of non-linear 
arithmetic. We start with bit-vectors of size %mdk-data-line={861}
{}\mdSpan[class={math-inline},elem={math-inline}]{$N=32$}%mdk-data-line={861}
{} and %mdk-data-line={861}
{}\mdEm{bound}%mdk-data-line={861}
{} the values
of the symbolic constants to fit within 8 bits in order to find 
satisfiable solutions
with small values. Also, because Python integers do not overflow/underflow, 
the bound helps us reserve space in the bit-vector to allow the
results of operations to exceed the bound while not overflowing
the bit-vector. As long as Z3 returns %mdk-data-line={867}
{}{\textquotedblleft}unsatisfiable{\textquotedblright}%mdk-data-line={867}
{} we increase
the bound. If the bound reaches %mdk-data-line={868}
{}\mdSpan[class={math-inline},elem={math-inline}]{$N$}%mdk-data-line={868}
{}, we increase %mdk-data-line={868}
{}\mdSpan[class={math-inline},elem={math-inline}]{$N$}%mdk-data-line={868}
{} by 8 bits,
leaving the bound where it is and continue.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={871}]%
%mdk-data-line={871}
{}If Z3 returns
%mdk-data-line={872}
{}{\textquotedblleft}satisfiable{\textquotedblright}%mdk-data-line={872}
{}, it may be the case that Z3 found a solution
that involved overflow in the bit-vector world of arithmetic
(modulo %mdk-data-line={874}
{}\mdSpan[class={math-inline},elem={math-inline}]{$2^N-1$}%mdk-data-line={874}
{}). Therefore,
the solution is validated back in the
Python world by evaluating the formula under that solution
using Python semantics. 
If the formula does not evaluate to the same
value in both worlds, then we increase %mdk-data-line={879}
{}\mdSpan[class={math-inline},elem={math-inline}]{$N$}%mdk-data-line={879}
{} by 8 bits (to 
create a gap between the bound and %mdk-data-line={880}
{}\mdSpan[class={math-inline},elem={math-inline}]{$N$}%mdk-data-line={880}
{}) and continue to search
for a solution.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={883}]%
%mdk-data-line={883}
{}The process terminates when we find a valid satisfying solution 
or %mdk-data-line={884}
{}\mdSpan[class={math-inline},elem={math-inline}]{$N=64$}%mdk-data-line={884}
{} and the bound reaches 64 (in which case, we return %mdk-data-line={884}
{}{\textquotedblleft}don{'}t know{\textquotedblright}%mdk-data-line={884}
{}).%
\end{mdP}%
\mdHxx[id=sec-extensions,label={[6]\{.heading-label\}},toc={},data-line={886},caption={[[6]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Extensions},bookmark={6.{\hspace{0.5em}}Extensions}]{%mdk-data-line={886}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{6}.{\hspace{0.5em}}}%mdk-data-line={886}
{}Extensions}\begin{mdP}[data-line={888}]%
%mdk-data-line={888}
{}We have presented the basics of dynamic symbolic execution 
(for Python).
A more thorough treatment would deal with other data types besides
integers, such as Python dictionaries, strings and lists, each
of which presents their own challenges for symbolic reasoning. 
There are many other interesting challenges in DSE, such
as dealing with user-defined classes (rather than built-in types
as done here) and multi-threaded execution.%
\end{mdP}%
\mdHxx[id=sec-acknowledgements,label={[7]\{.heading-label\}},toc={},data-line={897},caption={[[7]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Acknowledgements},bookmark={7.{\hspace{0.5em}}Acknowledgements}]{%mdk-data-line={897}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{7}.{\hspace{0.5em}}}%mdk-data-line={897}
{}Acknowledgements}\begin{mdP}[data-line={899}]%
%mdk-data-line={899}
{}Many thanks to the students of the 2014 Marktoberdorf Summer School
on Dependable Software Systems Engineering
for their questions and feedback about the first author%mdk-data-line={901}
{}{'}%mdk-data-line={901}
{}s lectures on dynamic
symbolic execution. The following students of the summer school
helpfully provided tests for the%mdk-data-line={903}
{}{\mdNbsp}\mdA[data-linkid={pyexz3}]{https://github.com/thomasjball/PyExZ3/}{}{PyExZ3}%mdk-data-line={903}
{} tool: Daniel Darvas,
Damien Rusinek, Christian Dehnert and Thomas Pani. Thanks also to Peter
Chapman for his contributions.%
\end{mdP}%

\mdHxx[id=sec-references,label={8},toc={},data-line={963},caption={References},bookmark={References}]{%mdk-data-line={963}
{}References}\begin{mdBibliography}[class={bibliography,bib-numeric},elem={bibliography},bibstyle={plainnat},bibdata={dse},caption={14},data-line={964;out{\textbackslash}DSE-bib.bbl:2}]%
\begin{mdBibitem}[class={bibitem},id=cadare05,label={[1]\{.bibitem-label\}},elem={bibitem},cite-label={Cadar and Engler(2005)},caption={Cristian Cadar and Dawson{\textbackslash} R. Engler. \\Execution generated test cases: How to make systems code crash itself. \\In \_Proceedings of 12th International SPIN Workshop\_{\textbackslash}/, pages 2--23, 2005.},searchterm={Cristian+Cadar+Dawson+Engler+Execution+generated+test+cases+make+systems+code+crash+itself+\_Proceedings+International+SPIN+Workshop\_+pages++},data-line={964;out{\textbackslash}DSE-bib.bbl:5}]%
%mdk-data-line={964;out\DSE-bib.bbl:6}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{1}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:6}
{}Cristian Cadar and Dawson%mdk-data-line={964;out\DSE-bib.bbl:6}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:6}
{}R. Engler.
%mdk-data-line={964;out\DSE-bib.bbl:7}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:7}
{} Execution generated test cases: How to make systems code crash
  itself.
%mdk-data-line={964;out\DSE-bib.bbl:9}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:9}
{} In %mdk-data-line={964;out\DSE-bib.bbl:9}
{}\mdEm{Proceedings of 12th International SPIN Workshop}%mdk-data-line={964;out\DSE-bib.bbl:9}
{}%mdk-data-line={964;out\DSE-bib.bbl:9}
{}, pages
  2%mdk-data-line={964;out\DSE-bib.bbl:10}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:10}
{}23, 2005.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=cadars13,label={[2]\{.bibitem-label\}},elem={bibitem},cite-label={Cadar and Sen(2013)},caption={Cristian Cadar and Koushik Sen. \\Symbolic execution for software testing: three decades later.},searchterm={Symbolic+execution+software+testing+three+decades+later++Cristian+Cadar+Koushik+},data-line={964;out{\textbackslash}DSE-bib.bbl:13}]%
%mdk-data-line={964;out\DSE-bib.bbl:14}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{2}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:14}
{}Cristian Cadar and Koushik Sen.
%mdk-data-line={964;out\DSE-bib.bbl:15}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:15}
{} Symbolic execution for software testing: three decades later.
%mdk-data-line={964;out\DSE-bib.bbl:16}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:16}
{} %mdk-data-line={964;out\DSE-bib.bbl:16}
{}\mdEm{Communications of the ACM}%mdk-data-line={964;out\DSE-bib.bbl:16}
{}%mdk-data-line={964;out\DSE-bib.bbl:16}
{}, 56%mdk-data-line={964;out\DSE-bib.bbl:16}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:16}
{} (2):%mdk-data-line={964;out\DSE-bib.bbl:16}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:16}
{} 82%mdk-data-line={964;out\DSE-bib.bbl:16}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:16}
{}90,
  2013.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=cadargpde06,label={[3]\{.bibitem-label\}},elem={bibitem},cite-label={Cadar et{\textbackslash} al.(2006)Cadar, Ganesh, Pawlowski, Dill, and\\  Engler},caption={Cristian Cadar, Vijay Ganesh, Peter{\textbackslash} M. Pawlowski, David{\textbackslash} L. Dill, and Dawson{\textbackslash} R. Engler. \\EXE: automatically generating inputs of death. \\In \_Proceedings of the 13th ACM Conference on Computer and Communications Security\_{\textbackslash}/, pages 322--335, 2006.},searchterm={Cristian+Cadar+Vijay+Ganesh+Peter+Pawlowski+David+Dill+Dawson+Engler+automatically+generating+inputs+death+\_Proceedings+Conference+Computer+Communications+Security\_+pages++},data-line={964;out{\textbackslash}DSE-bib.bbl:20}]%
%mdk-data-line={964;out\DSE-bib.bbl:21}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{3}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:21}
{}Cristian Cadar, Vijay Ganesh, Peter%mdk-data-line={964;out\DSE-bib.bbl:21}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:21}
{}M. Pawlowski, David%mdk-data-line={964;out\DSE-bib.bbl:21}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:21}
{}L. Dill, and Dawson%mdk-data-line={964;out\DSE-bib.bbl:21}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:21}
{}R.
  Engler.
%mdk-data-line={964;out\DSE-bib.bbl:23}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:23}
{} EXE: automatically generating inputs of death.
%mdk-data-line={964;out\DSE-bib.bbl:24}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:24}
{} In %mdk-data-line={964;out\DSE-bib.bbl:24}
{}\mdEm{Proceedings of the 13th ACM Conference on Computer and
  Communications Security}%mdk-data-line={964;out\DSE-bib.bbl:25}
{}%mdk-data-line={964;out\DSE-bib.bbl:25}
{}, pages 322%mdk-data-line={964;out\DSE-bib.bbl:25}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:25}
{}335, 2006.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=clarke76,label={[4]\{.bibitem-label\}},elem={bibitem},cite-label={Clarke(1976)},caption={Lori{\textbackslash} A. Clarke. \\A system to generate test data and symbolically execute programs.},searchterm={+system+generate+test+data+symbolically+execute+programs++Lori+Clarke+},data-line={964;out{\textbackslash}DSE-bib.bbl:28}]%
%mdk-data-line={964;out\DSE-bib.bbl:29}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{4}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:29}
{}Lori%mdk-data-line={964;out\DSE-bib.bbl:29}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:29}
{}A. Clarke.
%mdk-data-line={964;out\DSE-bib.bbl:30}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:30}
{} A system to generate test data and symbolically execute programs.
%mdk-data-line={964;out\DSE-bib.bbl:31}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:31}
{} %mdk-data-line={964;out\DSE-bib.bbl:31}
{}\mdEm{IEEE Transactions on Software Engineering}%mdk-data-line={964;out\DSE-bib.bbl:31}
{}%mdk-data-line={964;out\DSE-bib.bbl:31}
{}, 2%mdk-data-line={964;out\DSE-bib.bbl:31}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:31}
{}
  (3):%mdk-data-line={964;out\DSE-bib.bbl:32}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:32}
{} 215%mdk-data-line={964;out\DSE-bib.bbl:32}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:32}
{}222, 1976.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=demourab08,label={[5]\{.bibitem-label\}},elem={bibitem},cite-label={de{\textbackslash} Moura and Bj{\o}rner(2008)},caption={Leonardo{\textbackslash} Mendon{\c{c}}a de{\textbackslash} Moura and Nikolaj Bj{\o}rner. \\Z3: an efficient SMT solver.},searchterm={+efficient+solver++Leonardo+Mendon+Moura+Nikolaj+rner+},data-line={964;out{\textbackslash}DSE-bib.bbl:35}]%
%mdk-data-line={964;out\DSE-bib.bbl:36}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{5}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:36}
{}Leonardo%mdk-data-line={964;out\DSE-bib.bbl:36}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:36}
{}Mendon%mdk-data-line={964;out\DSE-bib.bbl:36}
{}{\c{c}}%mdk-data-line={964;out\DSE-bib.bbl:36}
{}a de%mdk-data-line={964;out\DSE-bib.bbl:36}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:36}
{}Moura and Nikolaj Bj%mdk-data-line={964;out\DSE-bib.bbl:36}
{}{\o}%mdk-data-line={964;out\DSE-bib.bbl:36}
{}rner.
%mdk-data-line={964;out\DSE-bib.bbl:37}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:37}
{} Z3: an efficient SMT solver.
%mdk-data-line={964;out\DSE-bib.bbl:38}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:38}
{} In %mdk-data-line={964;out\DSE-bib.bbl:38}
{}\mdEm{Proceedings of the 14th International Conference of Tools
  and Algorithms for the Construction and Analysis of Systems}%mdk-data-line={964;out\DSE-bib.bbl:39}
{}%mdk-data-line={964;out\DSE-bib.bbl:39}
{}, pages 337%mdk-data-line={964;out\DSE-bib.bbl:39}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:39}
{}340,
  2008.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=dijkstra76,label={[6]\{.bibitem-label\}},elem={bibitem},cite-label={Dijkstra(1976)},caption={Edsger{\textbackslash} W. Dijkstra. \\\_A Discipline of Programming\_{\textbackslash}/.},searchterm={+Discipline+Programming\_++Edsger+Dijkstra+},data-line={964;out{\textbackslash}DSE-bib.bbl:43}]%
%mdk-data-line={964;out\DSE-bib.bbl:44}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{6}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:44}
{}Edsger%mdk-data-line={964;out\DSE-bib.bbl:44}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:44}
{}W. Dijkstra.
%mdk-data-line={964;out\DSE-bib.bbl:45}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:45}
{} %mdk-data-line={964;out\DSE-bib.bbl:45}
{}\mdEm{A Discipline of Programming}%mdk-data-line={964;out\DSE-bib.bbl:45}
{}%mdk-data-line={964;out\DSE-bib.bbl:45}
{}.
%mdk-data-line={964;out\DSE-bib.bbl:46}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:46}
{} Prentice-Hall, 1976.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=godefroid11,label={[7]\{.bibitem-label\}},elem={bibitem},cite-label={Godefroid(2011)},caption={Patrice Godefroid. \\Higher-order test generation.},searchterm={Higher+order+test+generation++Patrice+Godefroid+},data-line={964;out{\textbackslash}DSE-bib.bbl:49}]%
%mdk-data-line={964;out\DSE-bib.bbl:50}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{7}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:50}
{}Patrice Godefroid.
%mdk-data-line={964;out\DSE-bib.bbl:51}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:51}
{} Higher-order test generation.
%mdk-data-line={964;out\DSE-bib.bbl:52}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:52}
{} In %mdk-data-line={964;out\DSE-bib.bbl:52}
{}\mdEm{Proceedings of the ACM SIGPLAN Conference on Programming
  Language Design and Implementation}%mdk-data-line={964;out\DSE-bib.bbl:53}
{}%mdk-data-line={964;out\DSE-bib.bbl:53}
{}, pages 258%mdk-data-line={964;out\DSE-bib.bbl:53}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:53}
{}269, 2011.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=godefroidks05,label={[8]\{.bibitem-label\}},elem={bibitem},cite-label={Godefroid et{\textbackslash} al.(2005)Godefroid, Klarlund, and Sen},caption={Patrice Godefroid, Nils Klarlund, and Koushik Sen. \\DART: directed automated random testing.},searchterm={DART+directed+automated+random+testing++Patrice+Godefroid+Nils+Klarlund+Koushik+},data-line={964;out{\textbackslash}DSE-bib.bbl:56}]%
%mdk-data-line={964;out\DSE-bib.bbl:57}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{8}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:57}
{}Patrice Godefroid, Nils Klarlund, and Koushik Sen.
%mdk-data-line={964;out\DSE-bib.bbl:58}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:58}
{} DART: directed automated random testing.
%mdk-data-line={964;out\DSE-bib.bbl:59}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:59}
{} In %mdk-data-line={964;out\DSE-bib.bbl:59}
{}\mdEm{Proceedings of the ACM SIGPLAN Conference on Programming
  Language Design and Implementation}%mdk-data-line={964;out\DSE-bib.bbl:60}
{}%mdk-data-line={964;out\DSE-bib.bbl:60}
{}, pages 213%mdk-data-line={964;out\DSE-bib.bbl:60}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:60}
{}223, 2005.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=godefroidlm12,label={[9]\{.bibitem-label\}},elem={bibitem},cite-label={Godefroid et{\textbackslash} al.(2012)Godefroid, Levin, and Molnar},caption={Patrice Godefroid, Michael{\textbackslash} Y. Levin, and David{\textbackslash} A. Molnar. \\SAGE: whitebox fuzzing for security testing.},searchterm={SAGE+whitebox+fuzzing+security+testing++Patrice+Godefroid+Michael+Levin+David+Molnar+},data-line={964;out{\textbackslash}DSE-bib.bbl:63}]%
%mdk-data-line={964;out\DSE-bib.bbl:64}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{9}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:64}
{}Patrice Godefroid, Michael%mdk-data-line={964;out\DSE-bib.bbl:64}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:64}
{}Y. Levin, and David%mdk-data-line={964;out\DSE-bib.bbl:64}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:64}
{}A. Molnar.
%mdk-data-line={964;out\DSE-bib.bbl:65}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:65}
{} SAGE: whitebox fuzzing for security testing.
%mdk-data-line={964;out\DSE-bib.bbl:66}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:66}
{} %mdk-data-line={964;out\DSE-bib.bbl:66}
{}\mdEm{Communications of the ACM}%mdk-data-line={964;out\DSE-bib.bbl:66}
{}%mdk-data-line={964;out\DSE-bib.bbl:66}
{}, 55%mdk-data-line={964;out\DSE-bib.bbl:66}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:66}
{} (3):%mdk-data-line={964;out\DSE-bib.bbl:66}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:66}
{} 40%mdk-data-line={964;out\DSE-bib.bbl:66}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:66}
{}44,
  2012.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=gupta00,label={[10]\{.bibitem-label\}},elem={bibitem},cite-label={Gupta et{\textbackslash} al.(2000)Gupta, Mathur, and Soffa},caption={Neelam Gupta, Aditya{\textbackslash} P. Mathur, and Mary{\textbackslash} Lou Soffa. \\Generating test data for branch coverage.},searchterm={Generating+test+data+branch+coverage++Neelam+Gupta+Aditya+Mathur+Mary+Soffa+},data-line={964;out{\textbackslash}DSE-bib.bbl:70}]%
%mdk-data-line={964;out\DSE-bib.bbl:71}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{10}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:71}
{}Neelam Gupta, Aditya%mdk-data-line={964;out\DSE-bib.bbl:71}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:71}
{}P. Mathur, and Mary%mdk-data-line={964;out\DSE-bib.bbl:71}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:71}
{}Lou Soffa.
%mdk-data-line={964;out\DSE-bib.bbl:72}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:72}
{} Generating test data for branch coverage.
%mdk-data-line={964;out\DSE-bib.bbl:73}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:73}
{} In %mdk-data-line={964;out\DSE-bib.bbl:73}
{}\mdEm{Proceedings of the Automate Software Engineering
  Conference}%mdk-data-line={964;out\DSE-bib.bbl:74}
{}%mdk-data-line={964;out\DSE-bib.bbl:74}
{}, pages 219%mdk-data-line={964;out\DSE-bib.bbl:74}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:74}
{}228, 2000.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=king76,label={[11]\{.bibitem-label\}},elem={bibitem},cite-label={King(1976)},caption={James{\textbackslash} C. King. \\Symbolic execution and program testing.},searchterm={Symbolic+execution+program+testing++James+King+},data-line={964;out{\textbackslash}DSE-bib.bbl:77}]%
%mdk-data-line={964;out\DSE-bib.bbl:78}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{11}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:78}
{}James%mdk-data-line={964;out\DSE-bib.bbl:78}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:78}
{}C. King.
%mdk-data-line={964;out\DSE-bib.bbl:79}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:79}
{} Symbolic execution and program testing.
%mdk-data-line={964;out\DSE-bib.bbl:80}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:80}
{} %mdk-data-line={964;out\DSE-bib.bbl:80}
{}\mdEm{Communications of the ACM}%mdk-data-line={964;out\DSE-bib.bbl:80}
{}%mdk-data-line={964;out\DSE-bib.bbl:80}
{}, 19%mdk-data-line={964;out\DSE-bib.bbl:80}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:80}
{} (7):%mdk-data-line={964;out\DSE-bib.bbl:80}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:80}
{}
  385–394, 1976.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=korel90,label={[12]\{.bibitem-label\}},elem={bibitem},cite-label={Korel(1990)},caption={Bogdan Korel. \\Automated software test data generation.},searchterm={Automated+software+test+data+generation++Bogdan+Korel+},data-line={964;out{\textbackslash}DSE-bib.bbl:84}]%
%mdk-data-line={964;out\DSE-bib.bbl:85}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{12}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:85}
{}Bogdan Korel.
%mdk-data-line={964;out\DSE-bib.bbl:86}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:86}
{} Automated software test data generation.
%mdk-data-line={964;out\DSE-bib.bbl:87}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:87}
{} %mdk-data-line={964;out\DSE-bib.bbl:87}
{}\mdEm{IEEE Transactions on Software Engineering}%mdk-data-line={964;out\DSE-bib.bbl:87}
{}%mdk-data-line={964;out\DSE-bib.bbl:87}
{}, 16%mdk-data-line={964;out\DSE-bib.bbl:87}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:87}
{}
  (8):%mdk-data-line={964;out\DSE-bib.bbl:88}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:88}
{} 870%mdk-data-line={964;out\DSE-bib.bbl:88}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:88}
{}879, 1990.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=korel92,label={[13]\{.bibitem-label\}},elem={bibitem},cite-label={Korel(1992)},caption={Bogdan Korel. \\Dynamic method of software test data generation.},searchterm={Dynamic+method+software+test+data+generation++Bogdan+Korel+},data-line={964;out{\textbackslash}DSE-bib.bbl:91}]%
%mdk-data-line={964;out\DSE-bib.bbl:92}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{13}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:92}
{}Bogdan Korel.
%mdk-data-line={964;out\DSE-bib.bbl:93}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:93}
{} Dynamic method of software test data generation.
%mdk-data-line={964;out\DSE-bib.bbl:94}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:94}
{} %mdk-data-line={964;out\DSE-bib.bbl:94}
{}\mdEm{Journal of Software Testing, Verification and Reliability}%mdk-data-line={964;out\DSE-bib.bbl:94}
{}%mdk-data-line={964;out\DSE-bib.bbl:94}
{},
  2%mdk-data-line={964;out\DSE-bib.bbl:95}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:95}
{} (4):%mdk-data-line={964;out\DSE-bib.bbl:95}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:95}
{} 203%mdk-data-line={964;out\DSE-bib.bbl:95}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:95}
{}213, 1992.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=senacav06,label={[14]\{.bibitem-label\}},elem={bibitem},cite-label={Sen and Agha(2006)},caption={Koushik Sen and Gul Agha. \\CUTE and jcute: Concolic unit testing and explicit path model-checking tools. \\In \_Proceedings of 18th Computer Aided Verification Conference\_{\textbackslash}/, pages 419--423, 2006.},searchterm={Koushik+Agha+CUTE+jcute+Concolic+unit+testing+explicit+path+model+checking+tools+\_Proceedings+Computer+Aided+Verification+Conference\_+pages++},data-line={964;out{\textbackslash}DSE-bib.bbl:98}]%
%mdk-data-line={964;out\DSE-bib.bbl:99}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{14}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:99}
{}Koushik Sen and Gul Agha.
%mdk-data-line={964;out\DSE-bib.bbl:100}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:100}
{} CUTE and jcute: Concolic unit testing and explicit path
  model-checking tools.
%mdk-data-line={964;out\DSE-bib.bbl:102}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:102}
{} In %mdk-data-line={964;out\DSE-bib.bbl:102}
{}\mdEm{Proceedings of 18th Computer Aided Verification Conference}%mdk-data-line={964;out\DSE-bib.bbl:102}
{}%mdk-data-line={964;out\DSE-bib.bbl:102}
{},
  pages 419%mdk-data-line={964;out\DSE-bib.bbl:103}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:103}
{}423, 2006.%
\end{mdBibitem}%%
\end{mdBibliography}%
\begin{mdDiv}[class={logomadoko,block},elem={logomadoko},text-align={right},font-size={xx-small},margin-top={4em},data-line={967}]%
%mdk-data-line={968}
{}Created with{\mdNbsp}\mdA{https://www.madoko.net}{}{Madoko.net}.%
\end{mdDiv}%


\end{document}


================================================
FILE: marktoberdorf_paper/DSE.html
================================================
<!DOCTYPE html>
<html>
<head>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
  <meta name="generator" content="Madoko, version 0.8.1-beta" />
  <meta name="viewport" content="initial-scale=1.0" />
  <meta name="author" content="Thomas Ball, Jakub Daniel" />
  <title>Deconstructing Dynamic Symbolic Execution</title>
  <style>
/* ---------------------------------------------------
   Various settings to display madoko elements correctly.
   For example, lines in tables or a table of contents.

   All rules use specific madoko classes and never just
   a generic element. This means one can safely include
   this CSS into any web page without affecting non-madoko
   content.
----------------------------------------------------*/

/* The table of contents */
.madoko .toc>.tocblock .tocblock .tocblock {
  margin-left: 2.5em;
}

.madoko .toc>.tocblock .tocblock {
  margin-left: 1.7em;
}

.madoko .toc>.tocblock>.tocitem {
  font-weight: bold;
}

.madoko .toc {
  margin-top: 1em;
}

/* Paragraphs */
.madoko p.para-continue {
  margin-bottom: 0pt;
}

.madoko .para-block+p {
  margin-top: 0pt;
}

.madoko ul.para-block, .madoko ol.para-block {
  margin-top: 0pt;
  margin-bottom: 0pt;
}

.madoko ul.para-end, .madoko ol.para-end {
  margin-bottom: 1em;
}

.madoko dl {
  margin-left: 0em;
}

/* Local page links do not get an underline unless hovering */
.madoko a.localref {
  text-decoration: none;
}
.madoko a.localref:hover {
  text-decoration: underline;
}

/* Footnotes */
.madoko .footnotes {
  font-size: smaller;
  margin-top: 2em;
}

.madoko .footnotes hr {
  width: 50%;
  text-align: left;
}

.madoko .footnote { 
  margin-left: 1em;
}
.madoko .footnote-before {
  margin-left: -1em;
  width: 1em;
  display: inline-block;
}

/* Abstract */
.madoko .abstract>p:first-child:before {
  content: "Abstract. ";
  font-weight: bold;
}

.madoko .abstract {
  margin-left: 2.7em;
  margin-right: 2.7em;
  font-size: small;
}


/* Alignment */
.madoko .align-center, .madoko .align-center>p {
  text-align: center !important;
}

.madoko .align-center pre {
  text-align: left;
}

.madoko .align-center>* {
  margin-left: auto !important;
  margin-right: auto !important;
}

.madoko .align-left, .madoko .align-left>p {
  text-align: left !important;
}

.madoko .align-left>* {
  margin-left: 0pt !important;
  margin-right: auto !important;
}

.madoko .align-right, .madoko .align-right>p {
  text-align: right !important;
}

.madoko .align-right>* {
  margin-left: auto !important;
  margin-right: 0pt !important;
}

.madoko .align-center>table,
.madoko .align-left>table,
.madoko .align-right>table {
  text-align: left !important;
}


/* Equations, Figure's etc. */
.madoko .equation-before {
  float: right;
}


/* Bibliography */
.madoko .bibitem {
  font-size: smaller;
}

.madoko .bib-numeric .bibitem {
  margin-left: 3em;
  text-indent: -3em;
}

.madoko .bibitem-before {
  display: none;
}

.madoko .bib-numeric .bibitem-before {
  display: inline-block;
  width: 3em;
  text-align: right;
}

.madoko .bibliography {
}

.madoko .bibsearch {
  font-size: x-small;
  text-decoration:none;
  color: black;
  font-family: "Segoe UI Symbol", Symbola;
}

/* General */
.madoko .block, .madoko .figure, .madoko .bibitem, .madoko .equation {
  margin-top: 1ex;
  margin-bottom: 1ex;
}

.madoko .figure {
  padding: 0.5em;
  margin-left: 0pt;
  margin-right: 0pt;
}

.madoko .hidden {
  display: none;
}

.madoko .invisible {
  visibility: hidden;
}

.madoko.preview .invisible {
  visibility: visible;
  opacity: 0.5;
}
.madoko.preview[data-view=full] .invisible {
  visibility: hidden;
}

.madoko code.code, .madoko span.code {
  white-space: pre-wrap;
}

.madoko hr, hr.madoko {
  border: none;
  border-bottom: black solid 1px;
  margin-bottom: 0.5ex;
}

.madoko .framed>*:first-child {
  margin-top: 0pt;
}
.madoko .framed>*:last-child {
  margin-bottom: 0pt;
}


/* Title, authors */
.madoko .title {
  font-size: xx-large;
  font-weight: bold;
  margin-bottom: 1ex;
}

.madoko .subtitle {
  font-size: x-large;
  margin-bottom: 1ex;
  margin-top: -1ex;
}

.madoko .titleblock>* {
  margin-left: auto;
  margin-right: auto;
  text-align: center;
}

.madoko .titleblock table {
  width: 80%;
}

.madoko .authorblock .author {
  font-size: large;
}

.madoko .titlenote {
  margin-top: -0.5ex;
  margin-bottom: 1.5ex;
}

/* Lists */

.madoko ul.list-star {
  list-style-type: disc;
}

.madoko ul.list-dash {
    list-style-type: none !important;
}

.madoko ul.list-dash > li:before {
    content: "\2013"; 
    position: absolute;
    margin-left: -1em; 
}

.madoko ul.list-plus {
  list-style-type: square;
}

/* Tables */
.madoko table.madoko {
  border-collapse: collapse;
}
.madoko td, .madoko th {
  padding: 0ex 0.5ex;
  margin: 0pt;
  vertical-align: top;
}

.madoko .cell-border-left {
  border-left: 1px solid black;
}
.madoko .cell-border-right {
  border-right: 1px solid black;
}


.madoko thead>tr:first-child>.cell-line,
.madoko tbody:first-child>tr:first-child>.cell-line {
  border-top: 1px solid black;
  border-bottom: none;
}

.madoko .cell-line, .madoko .cell-double-line {
  border-bottom: 1px solid black;
  border-top: none;
}

.madoko .cell-double-line {
  border-top: 1px solid black;
  padding-top: 1.5px !important;
}


/* Math Pre */
.madoko .input-mathpre .MathJax_Display, .madoko .input-mathpre .math-display {
  text-align: left !important;
}

.madoko div.input-mathpre {
  margin-top: 1.5ex;
  margin-bottom: 1ex;
}

.madoko .math-rendering {
  color: gray;
}


/*---------------------------------------------------------------------------
  Default style for syntax highlighting
---------------------------------------------------------------------------*/

.highlighted                        { color: black; }
.highlighted .token.identifier      { }
.highlighted .token.operators       { }
.highlighted .token.keyword         { color: blue }
.highlighted .token.string          { color: maroon } 
.highlighted .token.string.escape   { color: gray }
.highlighted .token.comment         { color: darkgreen }
.highlighted .token.comment.doc     { font-style: normal }
.highlighted .token.constant        { color: purple; }
.highlighted .token.entity          {  }
.highlighted .token.tag             { color: blue }
.highlighted .token.info-token      { color: black }
.highlighted .token.warn-token      { color: black }
.highlighted .token.error-token     { color: darkred }
.highlighted .token.debug-token     { color: gray }
.highlighted .token.regexp          { color: maroon }
.highlighted .token.attribute.name  { color: navy }
.highlighted .token.attribute.value { color: maroon }
.highlighted .token.constructor     { color: purple }
.highlighted .token.namespace       { color: navy }
.highlighted .token.header          { color: navy }
.highlighted .token.type            { color: teal } 
.highlighted .token.type.delimiter  { color: teal; } 
.highlighted .token.predefined      { color: navy }
.highlighted .token.invalid         { border-bottom: red dotted 1px }
.highlighted .token.code            { color: maroon }
.highlighted .token.code.keyword    { color: navy }
.highlighted .token.typevar         { font-style: italic; }

.highlighted .token.delimiter   {  } /* .[curly,square,parenthesis,angle,array,bracket] */
.highlighted .token.number      {  }    /* .[hex,octal,binary,float] */
.highlighted .token.variable    {  }  /* .[name,value]  */
.highlighted .token.meta        { color: navy }      /* .[content] */

.highlighted .token.bold            { font-weight: bold; }
.highlighted .token.italic          { font-style: italic; }


/* Pretty formatting of code */
.madoko pre.pretty, .madoko code.pretty { 
  font-family: Cambria,Times,Georgia,serif;
  font-size: 100%;
}

.madoko .pretty table {
  border-collapse: collapse;
}
.madoko .pretty td {
  padding: 0em;
}
.madoko .pretty td.empty {
  min-width: 1.5ex;
}
.madoko .pretty td.expander {
  width: 100em;
}
.madoko .pretty .token.identifier         { font-style: italic }
.madoko .pretty .token.constructor        { font-style: italic }


/* ---------------------------------------------------
   Styling for full documents
----------------------------------------------------*/
body.madoko, .madoko-body {
  font-family: Cambria,"Times New Roman","Liberation Serif","Times",serif;
  -webkit-text-size-adjust: 100%; /* so math displays well on mobile devices */
}

body.madoko, .madoko-body, body.madoko.preview[data-view=full] {
  padding: 1em 16% 1em 12%;
}

body.madoko.preview {
  padding: 0em 2em 0em 2em;
}

.madoko p,
.madoko li {
  text-align: justify;
}

/* style h5 and h6 headers a bit better */
.madoko h5, .madoko h6 {
  margin-top: 0.5em;
  margin-bottom: 0pt;
  font-size: 100%;
}
.madoko h5+p {
  margin-top: 0.5em;
}
.madoko h6+p {
  margin-top: 0pt;
}

/* Fix monospace display (see http://code.stephenmorley.org/html-and-css/fixing-browsers-broken-monospace-font-handling/) */
.madoko pre, .madoko code, .madoko kbd, .madoko samp, .madoko tt, .madoko .monospace, .madoko .token.indent, .madoko .reveal pre, .madoko .reveal code, .madoko .email {
  font-family: Consolas,"Andale Mono WT","Andale Mono",Lucida Console,Monaco,monospace,monospace;
  font-size: 0.85em;
}
.madoko pre code, .madoko .token.indent {
  font-size: 0.95em;
}

.madoko pre code {
  font-family: inherit !important;
}

/* Code prettify */
.madoko ol.linenums li {
  background-color: white;
  list-style-type: decimal;
}

/* Merging */
.madoko .remote {
  background-color: #F0FFF0;
}

/* ---------------------------------------------------
   Print settings
----------------------------------------------------*/

@media print {
  body.madoko, .madoko-body {
    font-size: 10pt;
  }
  @page {
    margin: 1in 1.5in;
  }
}

/* ---------------------------------------------------
   Mobile device settings
----------------------------------------------------*/

@media only screen and (max-device-width:1024px) {
  body.madoko, .madoko-body {
    padding-left: 1em;
    padding-right: 1em;
  }
}

  </style>

</head>
<body class="madoko">


<div class="htmlonly"><section class='titleblock align-center'><h1 class='title' data-line='1'>Deconstructing Dynamic Symbolic Execution</h1>


<table><tr><td class='authorblock align-center'><div class='author'>Thomas Ball, Jakub Daniel</div><div class='affiliation address'>Microsoft Research, Charles University</div><div class='email'>tball@microsoft.com, jakub.daniel@d3s.mff.cuni.cz</div></td></tr></table></section></div>
<div class="abstract">
<p data-line="1"><span data-line="1"></span>Dynamic symbolic execution (DSE) is a well-known technique
for automatically generating tests to achieve higher levels
of coverage in a program. Two keys ideas of DSE are
to: (1) seed symbolic execution by executing a program on an
initial input; (2) using concrete values from the program
execution in place of symbolic expressions whenever symbolic
reasoning is hard or not desired. In this paper, we describe
DSE for a simple core language and then present
a minimalist implementation of DSE for Python (in Python) 
that follows this basic recipe. The code is available 
at http://www.github.com/thomasjball/pyexz3/ (tagged <span data-line="11"></span>&#8220;v1.0&#8221;<span data-line="11"></span>) 
and has been designed to make it easy to experiment with and
extend. </p></div><h2 id="sec-intro"   style="bookmark:1.&#8194;Introduction"><span class="heading-before"><span class="heading-label">1</span>.&#8194;</span>Introduction</h2>
<div class="mathdefs hidden input-mathdefs"></div><!-- should we motivate more? -- this dives in deep very quickly -->


<p>Static, path-based symbolic execution explores one control-flow path
at a time through a (sequential) program <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">, using an automated theorem
prover (ATP) to determine if the current path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> is feasible&nbsp;<span class="citations" style="target-element:bibitem">[<a href="#clarke76" title="Lori&#160;A. Clarke. 
A system to generate test data and symbolically execute programs." class="bibref localref" style="target-element:bibitem"><span class="bibitem-label">4</span></a>, <a href="#king76" title="James&#160;C. King. 
Symbolic execution and program testing." class="bibref localref" style="target-element:bibitem"><span class="bibitem-label">11</span></a>]</span>. 
Ideally, symbolic execution a path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> through program
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> yields a logic formula <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAACp0lEQVRYw81Y0ZGbMBB978YFkOsgXAc4JXAdkEkHdx1wkxJIByQVJJSA00HsDrgrAXew+VlldggSBASxZhgbdiWedlfvIVFEsLSRbAE8i8grNmpcCpBkAqAXEWLDdreibw7ghI3bGoCPANpbBrhLBBfVoNbfm4i8u9UI7hK9NQA/7VF/a1LcAzhuyX+LI0gyBYA9wM0CSDIjWZE8a+Q6AAlJIdmRrElmmyEUkdELQKFgRH9LXRwtgFrtFYBefRoAiW+8pdcYsATA2QDLB/YeQDbwb4x/shlAAJmNyAj4VPV3bGKdr18UgApOQi/RNDeBknD9s6gANU0ucl2gLlsATx5bYgCWsQE2c2av9nTCHjXNrq7cwG3AMfPV3wjANhbAOwDPhnXqCf39MUXg2l5jEnVu7k8r9Lcw/6Pq9OTiMOlLAnbHnRKTZqzUXQPpywFcROQasDu5e/H41CqNZ5KleV6QbPW5k87E2Q9aL1Na+jiRfle7FxH5MgKuAnAVkQeSNYCKJAA8ALgH8FFErgrsJ4A3ku9dQMqp1IxJnrHV2r/3lYBd/fZ9AKoA4TeOZixJFz4C9ry4MhqcenyeLC+aCbUBOhM3KfcwN1FIR2bUjoBu55CyAsxGNNunSLmJcOL7UChdunTGpfFxETj70h4Aa+UwDej93wAHEWsUbG9S2GnUypDcTQAsbPo8Po1dE1MDpjF5zdRsM1fPpz75s8jbyzykNCStGr3M2ZPEPt5wfPvLY/+sv1//bMomUtItrbeJ1VkGFkcb3JMMVly/Qf2ddeLZiK0e9jvseLzh6u+7jvtNpe1e748ichl2OvyH+jspkOPajfuHWBHUrx1X85d/6XsIbOiPEaP36L529jzAXJTemwOo6c0Hh5/rz2YiUUtvuM9exdwxfgOHZY7f662mjQAAAABJRU5ErkJggg==" alt="$\phi_p$" class="math-inline math" style="vertical-align:-0.304em;height:1.041em"> that describes the set of inputs <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAcCAYAAABh2p9gAAAA8UlEQVRIx62W4Q2DIBBGH6QDmI7gCJ2hjtB0g47gEN2kcQSZxRFaN7j+KD+IoXgHkpAIOZ8fT4wgIvzrwASIoY8u3phtzrkO6OOwjw9I2xOYgTewishCKWEm8SdJM+dqPMoW03bJ1JSrUwOB62YcWoFDcv3zdWDC8K/IG/z1ydTcBNT6swDvGn+1CUOp0Cv89Zv9NzcBLf60wEHrryZh2Cv2Rn+vJqDVnwaY+ltEZD0yYdBsWH/U/tMkNPvbA5r9WRIG5TefB9b6KyWs8lcC3jbf76oFnuISL8A5LnPYJOyccw9giT/03Rc0Go8bU+kw8AVaaLebPZP9FwAAAABJRU5ErkJggg==" alt="$I$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> (possibly empty)
to program <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> such that for any <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFUAAAAeCAYAAABdalL1AAAC40lEQVRo3u2a7XHbMAyGH/g8gNpMUGUD57qBsoHTbiBv4FxHSDdQNmidDZyO4G5gb9DIG6A/CuVYltaHKzr0JbjTD9oUCb4EgRegRFVpExEpgSvgTlV3vDIRkRUwH/DKrbSBKiIVUFrzQVVvXiGoGZBbMwdWXpevwBp4AvaquusCtQYya96r6oJXLh4mj6p67feZdIxx37wM3L4BKpkDKAGr/dOvy6e+yV+gzj0gL0NxZprwAmbmw3LgoqXrVlXvT6SWe9T3BwO3qibzADOzhBrQAU92Iv22zpyrQ/2mCfmqFVDYTz/Njz9H1UPvnormeSwA0y0o0wQALQzQDHgAbhPlw4XXfkwSVAN0bZZ4raqPCcepz738qU+pRKQQkY2I1CKyFZFlREBzB9CrxAH1LbVdV8cJl8AGyK1dmUO+i+T0Nzb+LKVgeUDX3AuMZWt/J+rWbhQFljZAHUHJecwNi6Bv6YGa9wF1AxTeQKtmkIhWmp0JqCsH0LpHfwoj0P4fzSDbkRXMunhegqDWffhp80yAhflPv9zXSBXJ4a/PJDXNvXz/W9c7U+vkR7NFoKgyljQE+skU/i85AaftzU+fQVXVh8DOzJzS1n5kJS/aKjxHWBLAuwh6hvL9XZ95QuTftdK7CEr+ck7AGEBsIwI6jJ+2gFo6WUMMQt4c17V/Ss7An/aKA5NAvTCL5EtxiiUAH88gTg32p/+U/mwnggS3K4s4ooRWnxk/7U0tQ/xRgU2IW46o7LJPupcYP62OAdVNxeYBEKoIBd861awqkO/PjwH1YFpqi89HVrpoTkWKwAby/d46TgJReecFrwr4PjbJNmaxME78Y4xEYGS58eqn+yGLC5l7cxVb+f41skUsX/h+rLAKWhW4Byvt/1mX1YYG3thx356qNGfzNpdqtS1qbhudnWD+5cCLxtaiSlL3/saTvzhpch/ZAx8iZ1XD1pHixxR2c/kJuDQ39L4tQ1PVpL6e+Q1MMhvi0mUqewAAAABJRU5ErkJggg==" alt="$i \in I$" class="math-inline math" style="vertical-align:-0.042em;height:0.781em">, execution of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEoAAAArCAYAAADfeB6OAAAD9ElEQVRo3t1b7XHbMAx91GUAJpmgygZKuoG6gdMNKm/gXCfoqRsonSB1NpBHqL2B1QkaZQP0R8EWYRSJH7IsF3c6Xyx+wOAj8AAyiohwaqKUyohoN9ZYABoieu5rl5yYgbRSag8gHXHYCwBbpVT6XxiKf8hPAI9E9DjWuES0AVAOGUudytZjJDVE9OFA41cAcgDXnduQiN58AKwAUMTTAqh5xdK+uQb0WPNYOrB/AaAa0gHAHkDd+W6go2YrL3iy1jLEit/l1rPgd2urfRX4IwnAItBIlZh/PdA2M7/Ly1AdA21dJ7WMLfvVnnO2ALYRaGx9Fkosro4xlERH4dFPW31Lx34lt88jDGXGqF22LkfUV0DwmTC3fmwagcbWw7j7UCNFGNfompnvfOiBjDbPRNR4BhbZXjPR65PP/FkdIch+4c+lU9SL9U9W/9pCZOboW/TUiJJuJgRREgF1wCrd9CDM5jQ5b73B1OKAsmNdCmdmzopL2QTkU1r2HzDArVT2SPJD6pJM5J+W1t/lQPs8ArljSf1Cl0P7J19qYLXPAnxLzvq2zLRXgT5K6pEelD91OPG1Q/uF7Ug9WfzWUBfBystIslocjD8xcZNIXDn2W4XwJw42L/JBMVYbyaeqszH9k1JKc3RbMjIA4BHAnYdfuzJzefqUbwBurSDx3vC2QD/1xJ+pi6Fyiyi2b7TTVlS849qRr+NPLSVdo7Lm2pKUxRAVGZBnJ0MxQiR/+ipYa1fJZgzOcxGAqKXN4A3/iWT3ZrEuhhBlk8SHCQig9kUUgIcObicpyX0konDm4Z8wVkF/bETZpWEu6WaO5LZPfpnFSzz80wbTyNMIYyw9yK2TJB7+aWqWrCP6FiJKxyzwpRkncUTTlIh6trag7yHBQhj5fqTFekpm5p9kKNcjbLu+SOjlL10RtZlwyzWhiGJ3YfTeSQ7H76pARDVJz4TpkfzT3iKePvKxo0op/dZ9IKKawcQ0NIuPqCxmYl4dcP7XmVBzHpgGHqYskpn5J3uum8Bt21g7pALw3Sedsmr6G5npZ7y/S7w+8S34XTZFDVtk7aVnv1SikZ8KAeeC+HfwujfXDjL4HZOXExjq71lc4NaVhbsy8oS5IqJ5XtLgFGTPhPH8SDqY60XXRLSb5bUf9iUbLuvkR1qoFH9OgXY+hwvHEMN5bo8w99ImrLO+HyXgfz7l+Z4pTsptP/cbd0sryZ3CSAVHy08vvp/7jTulVM186t0UqGI0NUR07VRmmRmq9Fh1pQEjlV1oMhFm9o9IqfIJUqfC+2rizIxVhuRrHqfCLXpu5KlTupBvbu4S0dXI427ZL71JRdSp/eeCUmoF4JKI7qYc7zc4lryrNB5NqgAAAABJRU5ErkJggg==" alt="$P(i)$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em"> follows path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em">. 
</p>
<p class="indent">If the formula <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAACp0lEQVRYw81Y0ZGbMBB978YFkOsgXAc4JXAdkEkHdx1wkxJIByQVJJSA00HsDrgrAXew+VlldggSBASxZhgbdiWedlfvIVFEsLSRbAE8i8grNmpcCpBkAqAXEWLDdreibw7ghI3bGoCPANpbBrhLBBfVoNbfm4i8u9UI7hK9NQA/7VF/a1LcAzhuyX+LI0gyBYA9wM0CSDIjWZE8a+Q6AAlJIdmRrElmmyEUkdELQKFgRH9LXRwtgFrtFYBefRoAiW+8pdcYsATA2QDLB/YeQDbwb4x/shlAAJmNyAj4VPV3bGKdr18UgApOQi/RNDeBknD9s6gANU0ucl2gLlsATx5bYgCWsQE2c2av9nTCHjXNrq7cwG3AMfPV3wjANhbAOwDPhnXqCf39MUXg2l5jEnVu7k8r9Lcw/6Pq9OTiMOlLAnbHnRKTZqzUXQPpywFcROQasDu5e/H41CqNZ5KleV6QbPW5k87E2Q9aL1Na+jiRfle7FxH5MgKuAnAVkQeSNYCKJAA8ALgH8FFErgrsJ4A3ku9dQMqp1IxJnrHV2r/3lYBd/fZ9AKoA4TeOZixJFz4C9ry4MhqcenyeLC+aCbUBOhM3KfcwN1FIR2bUjoBu55CyAsxGNNunSLmJcOL7UChdunTGpfFxETj70h4Aa+UwDej93wAHEWsUbG9S2GnUypDcTQAsbPo8Po1dE1MDpjF5zdRsM1fPpz75s8jbyzykNCStGr3M2ZPEPt5wfPvLY/+sv1//bMomUtItrbeJ1VkGFkcb3JMMVly/Qf2ddeLZiK0e9jvseLzh6u+7jvtNpe1e748ichl2OvyH+jspkOPajfuHWBHUrx1X85d/6XsIbOiPEaP36L529jzAXJTemwOo6c0Hh5/rz2YiUUtvuM9exdwxfgOHZY7f662mjQAAAABJRU5ErkJggg==" alt="$\phi_p$" class="math-inline math" style="vertical-align:-0.304em;height:1.041em"> is unsatisfiable then <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAcCAYAAABh2p9gAAAA8UlEQVRIx62W4Q2DIBBGH6QDmI7gCJ2hjtB0g47gEN2kcQSZxRFaN7j+KD+IoXgHkpAIOZ8fT4wgIvzrwASIoY8u3phtzrkO6OOwjw9I2xOYgTewishCKWEm8SdJM+dqPMoW03bJ1JSrUwOB62YcWoFDcv3zdWDC8K/IG/z1ydTcBNT6swDvGn+1CUOp0Cv89Zv9NzcBLf60wEHrryZh2Cv2Rn+vJqDVnwaY+ltEZD0yYdBsWH/U/tMkNPvbA5r9WRIG5TefB9b6KyWs8lcC3jbf76oFnuISL8A5LnPYJOyccw9giT/03Rc0Go8bU+kw8AVaaLebPZP9FwAAAABJRU5ErkJggg==" alt="$I$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> is empty and so path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> is not feasible; 
if the formula is satisfiable then <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAcCAYAAABh2p9gAAAA8UlEQVRIx62W4Q2DIBBGH6QDmI7gCJ2hjtB0g47gEN2kcQSZxRFaN7j+KD+IoXgHkpAIOZ8fT4wgIvzrwASIoY8u3phtzrkO6OOwjw9I2xOYgTewishCKWEm8SdJM+dqPMoW03bJ1JSrUwOB62YcWoFDcv3zdWDC8K/IG/z1ydTcBNT6swDvGn+1CUOp0Cv89Zv9NzcBLf60wEHrryZh2Cv2Rn+vJqDVnwaY+ltEZD0yYdBsWH/U/tMkNPvbA5r9WRIG5TefB9b6KyWs8lcC3jbf76oFnuISL8A5LnPYJOyccw9giT/03Rc0Go8bU+kw8AVaaLebPZP9FwAAAABJRU5ErkJggg==" alt="$I$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> is not empty and so path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> is feasible.
In this case, a model of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAACp0lEQVRYw81Y0ZGbMBB978YFkOsgXAc4JXAdkEkHdx1wkxJIByQVJJSA00HsDrgrAXew+VlldggSBASxZhgbdiWedlfvIVFEsLSRbAE8i8grNmpcCpBkAqAXEWLDdreibw7ghI3bGoCPANpbBrhLBBfVoNbfm4i8u9UI7hK9NQA/7VF/a1LcAzhuyX+LI0gyBYA9wM0CSDIjWZE8a+Q6AAlJIdmRrElmmyEUkdELQKFgRH9LXRwtgFrtFYBefRoAiW+8pdcYsATA2QDLB/YeQDbwb4x/shlAAJmNyAj4VPV3bGKdr18UgApOQi/RNDeBknD9s6gANU0ucl2gLlsATx5bYgCWsQE2c2av9nTCHjXNrq7cwG3AMfPV3wjANhbAOwDPhnXqCf39MUXg2l5jEnVu7k8r9Lcw/6Pq9OTiMOlLAnbHnRKTZqzUXQPpywFcROQasDu5e/H41CqNZ5KleV6QbPW5k87E2Q9aL1Na+jiRfle7FxH5MgKuAnAVkQeSNYCKJAA8ALgH8FFErgrsJ4A3ku9dQMqp1IxJnrHV2r/3lYBd/fZ9AKoA4TeOZixJFz4C9ry4MhqcenyeLC+aCbUBOhM3KfcwN1FIR2bUjoBu55CyAsxGNNunSLmJcOL7UChdunTGpfFxETj70h4Aa+UwDej93wAHEWsUbG9S2GnUypDcTQAsbPo8Po1dE1MDpjF5zdRsM1fPpz75s8jbyzykNCStGr3M2ZPEPt5wfPvLY/+sv1//bMomUtItrbeJ1VkGFkcb3JMMVly/Qf2ddeLZiK0e9jvseLzh6u+7jvtNpe1e748ichl2OvyH+jspkOPajfuHWBHUrx1X85d/6XsIbOiPEaP36L529jzAXJTemwOo6c0Hh5/rz2YiUUtvuM9exdwxfgOHZY7f662mjQAAAABJRU5ErkJggg==" alt="$\phi_p$" class="math-inline math" style="vertical-align:-0.304em;height:1.041em"> provides a witness <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFUAAAAeCAYAAABdalL1AAAC40lEQVRo3u2a7XHbMAyGH/g8gNpMUGUD57qBsoHTbiBv4FxHSDdQNmidDZyO4G5gb9DIG6A/CuVYltaHKzr0JbjTD9oUCb4EgRegRFVpExEpgSvgTlV3vDIRkRUwH/DKrbSBKiIVUFrzQVVvXiGoGZBbMwdWXpevwBp4AvaquusCtQYya96r6oJXLh4mj6p67feZdIxx37wM3L4BKpkDKAGr/dOvy6e+yV+gzj0gL0NxZprwAmbmw3LgoqXrVlXvT6SWe9T3BwO3qibzADOzhBrQAU92Iv22zpyrQ/2mCfmqFVDYTz/Njz9H1UPvnormeSwA0y0o0wQALQzQDHgAbhPlw4XXfkwSVAN0bZZ4raqPCcepz738qU+pRKQQkY2I1CKyFZFlREBzB9CrxAH1LbVdV8cJl8AGyK1dmUO+i+T0Nzb+LKVgeUDX3AuMZWt/J+rWbhQFljZAHUHJecwNi6Bv6YGa9wF1AxTeQKtmkIhWmp0JqCsH0LpHfwoj0P4fzSDbkRXMunhegqDWffhp80yAhflPv9zXSBXJ4a/PJDXNvXz/W9c7U+vkR7NFoKgyljQE+skU/i85AaftzU+fQVXVh8DOzJzS1n5kJS/aKjxHWBLAuwh6hvL9XZ95QuTftdK7CEr+ck7AGEBsIwI6jJ+2gFo6WUMMQt4c17V/Ss7An/aKA5NAvTCL5EtxiiUAH88gTg32p/+U/mwnggS3K4s4ooRWnxk/7U0tQ/xRgU2IW46o7LJPupcYP62OAdVNxeYBEKoIBd861awqkO/PjwH1YFpqi89HVrpoTkWKwAby/d46TgJReecFrwr4PjbJNmaxME78Y4xEYGS58eqn+yGLC5l7cxVb+f41skUsX/h+rLAKWhW4Byvt/1mX1YYG3thx356qNGfzNpdqtS1qbhudnWD+5cCLxtaiSlL3/saTvzhpch/ZAx8iZ1XD1pHixxR2c/kJuDQ39L4tQ1PVpL6e+Q1MMhvi0mUqewAAAABJRU5ErkJggg==" alt="$i \in I$" class="math-inline math" style="vertical-align:-0.042em;height:0.781em">.  Thus, an ATP
that can provide such models can be used in conjunction with
symbolic execution to automatically generate tests to cover paths
in a program. Combined with a search strategy, one gets, in the limit,
an exhaustive white-box testing procedure, for which there are many
applications&nbsp;<span class="citations" style="target-element:bibitem">[<a href="#cadars13" title="Cristian Cadar and Koushik Sen. 
Symbolic execution for software testing: three decades later." class="bibref localref" style="target-element:bibitem"><span class="bibitem-label">2</span></a>, <a href="#cadargpde06" title="Cristian Cadar, Vijay Ganesh, Peter&#160;M. Pawlowski, David&#160;L. Dill, and Dawson&#160;R. Engler. 
EXE: automatically generating inputs of death. 
In Proceedings of the 13th ACM Conference on Computer and Communications Security, pages 322&#8211;335, 2006." class="bibref localref" style="target-element:bibitem"><span class="bibitem-label">3</span></a>, <a href="#godefroidlm12" title="Patrice Godefroid, Michael&#160;Y. Levin, and David&#160;A. Molnar. 
SAGE: whitebox fuzzing for security testing." class="bibref localref" style="target-element:bibitem"><span class="bibitem-label">9</span></a>]</span>. 
</p>
<p class="indent">The formula <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAACp0lEQVRYw81Y0ZGbMBB978YFkOsgXAc4JXAdkEkHdx1wkxJIByQVJJSA00HsDrgrAXew+VlldggSBASxZhgbdiWedlfvIVFEsLSRbAE8i8grNmpcCpBkAqAXEWLDdreibw7ghI3bGoCPANpbBrhLBBfVoNbfm4i8u9UI7hK9NQA/7VF/a1LcAzhuyX+LI0gyBYA9wM0CSDIjWZE8a+Q6AAlJIdmRrElmmyEUkdELQKFgRH9LXRwtgFrtFYBefRoAiW+8pdcYsATA2QDLB/YeQDbwb4x/shlAAJmNyAj4VPV3bGKdr18UgApOQi/RNDeBknD9s6gANU0ucl2gLlsATx5bYgCWsQE2c2av9nTCHjXNrq7cwG3AMfPV3wjANhbAOwDPhnXqCf39MUXg2l5jEnVu7k8r9Lcw/6Pq9OTiMOlLAnbHnRKTZqzUXQPpywFcROQasDu5e/H41CqNZ5KleV6QbPW5k87E2Q9aL1Na+jiRfle7FxH5MgKuAnAVkQeSNYCKJAA8ALgH8FFErgrsJ4A3ku9dQMqp1IxJnrHV2r/3lYBd/fZ9AKoA4TeOZixJFz4C9ry4MhqcenyeLC+aCbUBOhM3KfcwN1FIR2bUjoBu55CyAsxGNNunSLmJcOL7UChdunTGpfFxETj70h4Aa+UwDej93wAHEWsUbG9S2GnUypDcTQAsbPo8Po1dE1MDpjF5zdRsM1fPpz75s8jbyzykNCStGr3M2ZPEPt5wfPvLY/+sv1//bMomUtItrbeJ1VkGFkcb3JMMVly/Qf2ddeLZiK0e9jvseLzh6u+7jvtNpe1e748ichl2OvyH+jspkOPajfuHWBHUrx1X85d/6XsIbOiPEaP36L529jzAXJTemwOo6c0Hh5/rz2YiUUtvuM9exdwxfgOHZY7f662mjQAAAABJRU5ErkJggg==" alt="$\phi_p$" class="math-inline math" style="vertical-align:-0.304em;height:1.041em"> is called a <em>path-condition</em> of the path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em">. 
We will see that a given path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> can induce many different path-conditions.
A path-condition <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACsAAAAoCAYAAABnyQNuAAACuUlEQVRYw9VZ7ZGbMBB9z+MCyHVwuAOuBdwB18K5A1IDJTCpILE7wOkguAMuHQR3sPmzZGRFH9iWyWVnNFhIrB6a3X1PmCKCFEZyEJENHmirREBzLGCrRH4qAMf/BewWQPdosEwRsyQFwCcROX/onSVZADg9GmiqMCiXiNdUYBeJ1yQxS1JEhB9+Z0mWAE5YyFb24iR7kiPJgWQ9IwS+el5kT1JINsnQigg0FGoAPYBc+y0AAVBPc+ym8wvH/VqfnVru83FNm5yXAEYAmWPBMQB29NyvLLBlSrC97RDAflrMA6gE0AVepDHAFknA6qKDa9dCO6tg6ojzQX1kKcCuAOw0Pu0sz7T7LUAGh0hKHAGcU7HbWrPZZqCd8bt1ZHqmSfMe8X8G8CNVMViLyMEj+QDgXUROd1BsnpLdVo5dq4zu4U6KnRMq19dZIym6WH3UxMkjyVUB6FMk1kXpshaZgA4eEJlvzEEYZUqwK4c2NTP5JkmoNP1LRI6e8VbpvDcpnWRFstP7g87LzGpgJ8Rkwy3xqi+8A/DiGW+0nG1ItgAakgCwAfAE4FVEzgryO4CfJJ9F5OxiJQlpAn2JzDOW63gxh6ItDdEEaHsfi9m9D0yAfsdQnAJ4M/0aYqnzzC9MFkVEMRWOxRoP9Y4xDaDPFw46fgtswIQl8zn9o7gAVJa4KY1drnXB5lr+16oSK5F1FKzhrNZk6hXoaLROx7MbFVQ1Q4JeKL9rnJcpi7whIfeBORf5c80ZbJv4yF3qtfOUOJP2PzvpdilGiglzXU8AtF66DTlPCDRYz43E6oLaIFDvHhGvvU0ixlhrP7f+R5+IpnidhP8Xpdcn7b84dfTMneiWjNfZEtGnBx4Rr3dJxIBAT/lfwVavp7uPNQtYEdHLHwOsHvFL65S87Gf6mUBH41uEaa+eE/Zf9hvbOUiM+Wf2iQAAAABJRU5ErkJggg==" alt="$\psi_p$" class="math-inline math" style="vertical-align:-0.304em;height:1.041em"> for path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> is <em>sound</em> if 
every input assignment satisfying <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACsAAAAoCAYAAABnyQNuAAACuUlEQVRYw9VZ7ZGbMBB9z+MCyHVwuAOuBdwB18K5A1IDJTCpILE7wOkguAMuHQR3sPmzZGRFH9iWyWVnNFhIrB6a3X1PmCKCFEZyEJENHmirREBzLGCrRH4qAMf/BewWQPdosEwRsyQFwCcROX/onSVZADg9GmiqMCiXiNdUYBeJ1yQxS1JEhB9+Z0mWAE5YyFb24iR7kiPJgWQ9IwS+el5kT1JINsnQigg0FGoAPYBc+y0AAVBPc+ym8wvH/VqfnVru83FNm5yXAEYAmWPBMQB29NyvLLBlSrC97RDAflrMA6gE0AVepDHAFknA6qKDa9dCO6tg6ojzQX1kKcCuAOw0Pu0sz7T7LUAGh0hKHAGcU7HbWrPZZqCd8bt1ZHqmSfMe8X8G8CNVMViLyMEj+QDgXUROd1BsnpLdVo5dq4zu4U6KnRMq19dZIym6WH3UxMkjyVUB6FMk1kXpshaZgA4eEJlvzEEYZUqwK4c2NTP5JkmoNP1LRI6e8VbpvDcpnWRFstP7g87LzGpgJ8Rkwy3xqi+8A/DiGW+0nG1ItgAakgCwAfAE4FVEzgryO4CfJJ9F5OxiJQlpAn2JzDOW63gxh6ItDdEEaHsfi9m9D0yAfsdQnAJ4M/0aYqnzzC9MFkVEMRWOxRoP9Y4xDaDPFw46fgtswIQl8zn9o7gAVJa4KY1drnXB5lr+16oSK5F1FKzhrNZk6hXoaLROx7MbFVQ1Q4JeKL9rnJcpi7whIfeBORf5c80ZbJv4yF3qtfOUOJP2PzvpdilGiglzXU8AtF66DTlPCDRYz43E6oLaIFDvHhGvvU0ixlhrP7f+R5+IpnidhP8Xpdcn7b84dfTMneiWjNfZEtGnBx4Rr3dJxIBAT/lfwVavp7uPNQtYEdHLHwOsHvFL65S87Gf6mUBH41uEaa+eE/Zf9hvbOUiM+Wf2iQAAAABJRU5ErkJggg==" alt="$\psi_p$" class="math-inline math" style="vertical-align:-0.304em;height:1.041em"> defines an
execution of program <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> that follows path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em">&nbsp;<span class="citations" style="target-element:bibitem">[<a href="#godefroid11" title="Patrice Godefroid. 
Higher-order test generation." class="bibref localref" style="target-element:bibitem"><span class="bibitem-label">7</span></a>]</span>. 
By its definition, the formula  <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAACp0lEQVRYw81Y0ZGbMBB978YFkOsgXAc4JXAdkEkHdx1wkxJIByQVJJSA00HsDrgrAXew+VlldggSBASxZhgbdiWedlfvIVFEsLSRbAE8i8grNmpcCpBkAqAXEWLDdreibw7ghI3bGoCPANpbBrhLBBfVoNbfm4i8u9UI7hK9NQA/7VF/a1LcAzhuyX+LI0gyBYA9wM0CSDIjWZE8a+Q6AAlJIdmRrElmmyEUkdELQKFgRH9LXRwtgFrtFYBefRoAiW+8pdcYsATA2QDLB/YeQDbwb4x/shlAAJmNyAj4VPV3bGKdr18UgApOQi/RNDeBknD9s6gANU0ucl2gLlsATx5bYgCWsQE2c2av9nTCHjXNrq7cwG3AMfPV3wjANhbAOwDPhnXqCf39MUXg2l5jEnVu7k8r9Lcw/6Pq9OTiMOlLAnbHnRKTZqzUXQPpywFcROQasDu5e/H41CqNZ5KleV6QbPW5k87E2Q9aL1Na+jiRfle7FxH5MgKuAnAVkQeSNYCKJAA8ALgH8FFErgrsJ4A3ku9dQMqp1IxJnrHV2r/3lYBd/fZ9AKoA4TeOZixJFz4C9ry4MhqcenyeLC+aCbUBOhM3KfcwN1FIR2bUjoBu55CyAsxGNNunSLmJcOL7UChdunTGpfFxETj70h4Aa+UwDej93wAHEWsUbG9S2GnUypDcTQAsbPo8Po1dE1MDpjF5zdRsM1fPpz75s8jbyzykNCStGr3M2ZPEPt5wfPvLY/+sv1//bMomUtItrbeJ1VkGFkcb3JMMVly/Qf2ddeLZiK0e9jvseLzh6u+7jvtNpe1e748ichl2OvyH+jspkOPajfuHWBHUrx1X85d/6XsIbOiPEaP36L529jzAXJTemwOo6c0Hh5/rz2YiUUtvuM9exdwxfgOHZY7f662mjQAAAABJRU5ErkJggg==" alt="$\phi_p$" class="math-inline math" style="vertical-align:-0.304em;height:1.041em"> is sound and the best representation of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em">
(as for all sound path-conditions <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACsAAAAoCAYAAABnyQNuAAACuUlEQVRYw9VZ7ZGbMBB9z+MCyHVwuAOuBdwB18K5A1IDJTCpILE7wOkguAMuHQR3sPmzZGRFH9iWyWVnNFhIrB6a3X1PmCKCFEZyEJENHmirREBzLGCrRH4qAMf/BewWQPdosEwRsyQFwCcROX/onSVZADg9GmiqMCiXiNdUYBeJ1yQxS1JEhB9+Z0mWAE5YyFb24iR7kiPJgWQ9IwS+el5kT1JINsnQigg0FGoAPYBc+y0AAVBPc+ym8wvH/VqfnVru83FNm5yXAEYAmWPBMQB29NyvLLBlSrC97RDAflrMA6gE0AVepDHAFknA6qKDa9dCO6tg6ojzQX1kKcCuAOw0Pu0sz7T7LUAGh0hKHAGcU7HbWrPZZqCd8bt1ZHqmSfMe8X8G8CNVMViLyMEj+QDgXUROd1BsnpLdVo5dq4zu4U6KnRMq19dZIym6WH3UxMkjyVUB6FMk1kXpshaZgA4eEJlvzEEYZUqwK4c2NTP5JkmoNP1LRI6e8VbpvDcpnWRFstP7g87LzGpgJ8Rkwy3xqi+8A/DiGW+0nG1ItgAakgCwAfAE4FVEzgryO4CfJJ9F5OxiJQlpAn2JzDOW63gxh6ItDdEEaHsfi9m9D0yAfsdQnAJ4M/0aYqnzzC9MFkVEMRWOxRoP9Y4xDaDPFw46fgtswIQl8zn9o7gAVJa4KY1drnXB5lr+16oSK5F1FKzhrNZk6hXoaLROx7MbFVQ1Q4JeKL9rnJcpi7whIfeBORf5c80ZbJv4yF3qtfOUOJP2PzvpdilGiglzXU8AtF66DTlPCDRYz43E6oLaIFDvHhGvvU0ixlhrP7f+R5+IpnidhP8Xpdcn7b84dfTMneiWjNfZEtGnBx4Rr3dJxIBAT/lfwVavp7uPNQtYEdHLHwOsHvFL65S87Gf6mUBH41uEaa+eE/Zf9hvbOUiM+Wf2iQAAAABJRU5ErkJggg==" alt="$\psi_p$" class="math-inline math" style="vertical-align:-0.304em;height:1.041em">, we have that <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMkAAAAoCAYAAABU3t4iAAAF7ElEQVR42u1dS3LjNhB9rXJlrZnssgu9y5LObLKmbiBXTjDWDejKEegLpGSfYCLdgJ5lNqlQN6BygkS+QWfhRhWGJkBSAj+S+1WhZEkwCRCv0V9SxMwIASIqmfkaCsWAIKIcwIqZ932dYxZooJEul2IEAZkDSPoUkGBCAmAJ4FmXTTEwkiF4F0pIFgByXTPFwBiEdxTCJyEiBvCBmV903RQDmlslgFtm3k1akxBRDGCnAqIYwR/52LeAhDK3BrELFZ1JlBHRnfoj0xAS9Uemi7Vo+kvEr0Px7mSfhIiYmUn5OElz5CCm8M0Fzu8A4Kbv8O/JmoSIEgA7peT0ID7iPYCYiNILE5BI5rgf4nyzKumJqCCiAxGVLS7uAsAXx0Q2RMRElCllRxOUB7Hbs3M2u4goFh+rEA1SApgLv0oi6tesZGaIyZUCKABE8n4NgAGkpk+1Sf+45vNU/te0yHUMbf02AMbs4rq1mvjYlyIQLK+pOOy58HMJILPmtwEwDz4OGUwiJ5rXEP3gmcTBMzlbSJIzJVhV2PtsfwKIemqJWctzEBQR7MISjqTKO3se0n9j9Q8qKFeiUDK8JmXsXMcneZ17/JG/HdppS0QPQjIA+O9MNf0OwNZ1DQLhJwA/APhFFrhPzAEURHTLzNupmlYAvspYt8x86/BHdhX/61aSixGAJwC3wcYku8y6WsErtt8cwAszf6iZTAbgX7F7XRM2g9ZsvJ8UCYDvBzplAiAW4f88pXWRa1HI2zcCIn1SAJ8c3y1Fo0AiX8GCSpuq32GpZxYBcvkjUYPaXPvMNW2jm5EHAHcT9J1KT7/cNWY5Bjf50l3bTKJTjxXBWdkJKUcMPmoRgntxmWSK0aNeNwD2eE04cu8RomY8WWbtbYMmfPaEvavuwukhYGbe1qjcpbzuHSqrbUlABM3GT1VQTJJxIR/dib9SjJT3MJx7dplJIsQvLfMjwfzImcOuM9h68iNtyJ94jqEY3wdYViyFx5AObwd4LZcKn/5oEDaDfW9C0nLAjZpEFmA/VFZU0W3nFo2xEZN4xczEzKuR1iux/vbxqqley97gg1kwb2q35N4QY2pdO/yRoul+dlmEe2Z+PmMyJbJpzHs+1XcA/gLw+0CEXItwfJ5CKNiKpO59vGq6b0k4F4s5Ga6esBIdiFtEtZau7yrRk7wh6lVKhCytHDuXz0vpNx8x4pJhuGTikC0f87rWJaVlXIWnT9Lie29k61jeXdU42gblMf6IOFcriZ7UfZ+J83VNRGu81hUBwDWAj5CkpmisrwD+IaIfx4jnM/M9XosE+9xFh8qTmMTug8xrStgbDeDBosEUM67Bri53dxLvjpBGZ9pfhKyEp/QBVt4E35Z9ZJ7ylo3mN07aqTcInDvoq/zH0+dNeUpFQ5i8zzw07+oOxi5iGiHwqLsDPHVaEmbc1Ewud/Q35p8mJE8nYHYmRZhLV5KwwSQu4Uhun8q7pqK+uOZkmWOgjcVz8v9xZXdguDOotmabK+k7ky/2kWFiY7WLMKOanT2vEZy8jaVxKu/alC0sK2o7sbRKKifMupIY35YQRC2qcFVIuhOvOKdrJ0JtNEpqxi07f2r1MZqgQMcK82N413Sw1PL6NzIB03J7IkfeK9BUir9pslW1NV7fuzMdu803Y06VFu+ioXjXVR0WPYRXN54+rI77SVqkuIB5RCE3yWN4d9UhTNcUgjs2y5p7MvYGUwtZnkNt1qU8/CEem3ezjgfPA08ecFcJ/2bqibS05V1jMTbvughJHKrERMo96up2zPep2UGYeaU8edcIViR7LO9mLQ8eI+yjg0x59g7Ayr6PQTKjmUjyQjnyfmE9ynQ/Ju+uOkhzH3bhFznuk7kg8j7orZeKs9Yio/Ou1RMc5deEsoDmljmpCoPCx5M1XiN0j2Pyrq1PEvXhj6iAKBrwcyhNcgrvWplbgX8L0bYLFQof726mwLvZCHM3zpL+XIPiLHg3qJCIyksq0QuFYtK8C/JzcC0Ham7RrGKyTxNUXISAnMy7/wHVkGLTvJtgCgAAAABJRU5ErkJggg==" alt="$\psi_p \implies \phi_p$" class="math-inline math" style="vertical-align:-0.304em;height:1.041em">).
In practice, we attempt to compute sound under-approximations of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAACp0lEQVRYw81Y0ZGbMBB978YFkOsgXAc4JXAdkEkHdx1wkxJIByQVJJSA00HsDrgrAXew+VlldggSBASxZhgbdiWedlfvIVFEsLSRbAE8i8grNmpcCpBkAqAXEWLDdreibw7ghI3bGoCPANpbBrhLBBfVoNbfm4i8u9UI7hK9NQA/7VF/a1LcAzhuyX+LI0gyBYA9wM0CSDIjWZE8a+Q6AAlJIdmRrElmmyEUkdELQKFgRH9LXRwtgFrtFYBefRoAiW+8pdcYsATA2QDLB/YeQDbwb4x/shlAAJmNyAj4VPV3bGKdr18UgApOQi/RNDeBknD9s6gANU0ucl2gLlsATx5bYgCWsQE2c2av9nTCHjXNrq7cwG3AMfPV3wjANhbAOwDPhnXqCf39MUXg2l5jEnVu7k8r9Lcw/6Pq9OTiMOlLAnbHnRKTZqzUXQPpywFcROQasDu5e/H41CqNZ5KleV6QbPW5k87E2Q9aL1Na+jiRfle7FxH5MgKuAnAVkQeSNYCKJAA8ALgH8FFErgrsJ4A3ku9dQMqp1IxJnrHV2r/3lYBd/fZ9AKoA4TeOZixJFz4C9ry4MhqcenyeLC+aCbUBOhM3KfcwN1FIR2bUjoBu55CyAsxGNNunSLmJcOL7UChdunTGpfFxETj70h4Aa+UwDej93wAHEWsUbG9S2GnUypDcTQAsbPo8Po1dE1MDpjF5zdRsM1fPpz75s8jbyzykNCStGr3M2ZPEPt5wfPvLY/+sv1//bMomUtItrbeJ1VkGFkcb3JMMVly/Qf2ddeLZiK0e9jvseLzh6u+7jvtNpe1e748ichl2OvyH+jspkOPajfuHWBHUrx1X85d/6XsIbOiPEaP36L529jzAXJTemwOo6c0Hh5/rz2YiUUtvuM9exdwxfgOHZY7f662mjQAAAABJRU5ErkJggg==" alt="$\phi_p$" class="math-inline math" style="vertical-align:-0.304em;height:1.041em"> 
such as <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACsAAAAoCAYAAABnyQNuAAACuUlEQVRYw9VZ7ZGbMBB9z+MCyHVwuAOuBdwB18K5A1IDJTCpILE7wOkguAMuHQR3sPmzZGRFH9iWyWVnNFhIrB6a3X1PmCKCFEZyEJENHmirREBzLGCrRH4qAMf/BewWQPdosEwRsyQFwCcROX/onSVZADg9GmiqMCiXiNdUYBeJ1yQxS1JEhB9+Z0mWAE5YyFb24iR7kiPJgWQ9IwS+el5kT1JINsnQigg0FGoAPYBc+y0AAVBPc+ym8wvH/VqfnVru83FNm5yXAEYAmWPBMQB29NyvLLBlSrC97RDAflrMA6gE0AVepDHAFknA6qKDa9dCO6tg6ojzQX1kKcCuAOw0Pu0sz7T7LUAGh0hKHAGcU7HbWrPZZqCd8bt1ZHqmSfMe8X8G8CNVMViLyMEj+QDgXUROd1BsnpLdVo5dq4zu4U6KnRMq19dZIym6WH3UxMkjyVUB6FMk1kXpshaZgA4eEJlvzEEYZUqwK4c2NTP5JkmoNP1LRI6e8VbpvDcpnWRFstP7g87LzGpgJ8Rkwy3xqi+8A/DiGW+0nG1ItgAakgCwAfAE4FVEzgryO4CfJJ9F5OxiJQlpAn2JzDOW63gxh6ItDdEEaHsfi9m9D0yAfsdQnAJ4M/0aYqnzzC9MFkVEMRWOxRoP9Y4xDaDPFw46fgtswIQl8zn9o7gAVJa4KY1drnXB5lr+16oSK5F1FKzhrNZk6hXoaLROx7MbFVQ1Q4JeKL9rnJcpi7whIfeBORf5c80ZbJv4yF3qtfOUOJP2PzvpdilGiglzXU8AtF66DTlPCDRYz43E6oLaIFDvHhGvvU0ixlhrP7f+R5+IpnidhP8Xpdcn7b84dfTMneiWjNfZEtGnBx4Rr3dJxIBAT/lfwVavp7uPNQtYEdHLHwOsHvFL65S87Gf6mUBH41uEaa+eE/Zf9hvbOUiM+Wf2iQAAAABJRU5ErkJggg==" alt="$\psi_p$" class="math-inline math" style="vertical-align:-0.304em;height:1.041em">. However, we also find it necessary (and useful) to 
compute unsound path-conditions.
</p>
<p class="indent">A path-condition can be translated into the input
language of an ATP, such as&nbsp;<a href="http://z3.codeplex.org/">Z3</a><span class="citations" style="target-element:bibitem">[<a href="#demourab08" title="Leonardo&#160;Mendon&#231;a de&#160;Moura and Nikolaj Bj&#248;rner. 
Z3: an efficient SMT solver." class="bibref localref" style="target-element:bibitem"><span class="bibitem-label">5</span></a>]</span>, which provides an answer
of &#8220;unsatisfiable&#8221;, &#8220;satisfiable&#8221; or &#8220;unknown&#8221;, due to theoretical or practical
limitations in automatically deciding satisfiability of various logics.
In the case that the ATP is able to prove &#8220;satisfiable&#8221; we can query it for 
satisfying model in order to generate test inputs. A path-condition 
for <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> can be thought of as function from a
program&#39;s primary inputs to a boolean output representing whether
or not <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> is executed under a given input. Thus, we are asking
the ATP to invert a function when we ask it to decide
the satisfiability/unsatisfiability of a path-condition
</p>
<p class="indent">The static translation of a path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> through a program <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> into 
the most precise path-condition <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAACp0lEQVRYw81Y0ZGbMBB978YFkOsgXAc4JXAdkEkHdx1wkxJIByQVJJSA00HsDrgrAXew+VlldggSBASxZhgbdiWedlfvIVFEsLSRbAE8i8grNmpcCpBkAqAXEWLDdreibw7ghI3bGoCPANpbBrhLBBfVoNbfm4i8u9UI7hK9NQA/7VF/a1LcAzhuyX+LI0gyBYA9wM0CSDIjWZE8a+Q6AAlJIdmRrElmmyEUkdELQKFgRH9LXRwtgFrtFYBefRoAiW+8pdcYsATA2QDLB/YeQDbwb4x/shlAAJmNyAj4VPV3bGKdr18UgApOQi/RNDeBknD9s6gANU0ucl2gLlsATx5bYgCWsQE2c2av9nTCHjXNrq7cwG3AMfPV3wjANhbAOwDPhnXqCf39MUXg2l5jEnVu7k8r9Lcw/6Pq9OTiMOlLAnbHnRKTZqzUXQPpywFcROQasDu5e/H41CqNZ5KleV6QbPW5k87E2Q9aL1Na+jiRfle7FxH5MgKuAnAVkQeSNYCKJAA8ALgH8FFErgrsJ4A3ku9dQMqp1IxJnrHV2r/3lYBd/fZ9AKoA4TeOZixJFz4C9ry4MhqcenyeLC+aCbUBOhM3KfcwN1FIR2bUjoBu55CyAsxGNNunSLmJcOL7UChdunTGpfFxETj70h4Aa+UwDej93wAHEWsUbG9S2GnUypDcTQAsbPo8Po1dE1MDpjF5zdRsM1fPpz75s8jbyzykNCStGr3M2ZPEPt5wfPvLY/+sv1//bMomUtItrbeJ1VkGFkcb3JMMVly/Qf2ddeLZiK0e9jvseLzh6u+7jvtNpe1e748ichl2OvyH+jspkOPajfuHWBHUrx1X85d/6XsIbOiPEaP36L529jzAXJTemwOo6c0Hh5/rz2YiUUtvuM9exdwxfgOHZY7f662mjQAAAABJRU5ErkJggg==" alt="$\phi_p$" class="math-inline math" style="vertical-align:-0.304em;height:1.041em"> is not a simple task, as 
programming languages and their semantics are very complex.
Completely characterizing the set of inputs <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAcCAYAAABh2p9gAAAA8UlEQVRIx62W4Q2DIBBGH6QDmI7gCJ2hjtB0g47gEN2kcQSZxRFaN7j+KD+IoXgHkpAIOZ8fT4wgIvzrwASIoY8u3phtzrkO6OOwjw9I2xOYgTewishCKWEm8SdJM+dqPMoW03bJ1JSrUwOB62YcWoFDcv3zdWDC8K/IG/z1ydTcBNT6swDvGn+1CUOp0Cv89Zv9NzcBLf60wEHrryZh2Cv2Rn+vJqDVnwaY+ltEZD0yYdBsWH/U/tMkNPvbA5r9WRIG5TefB9b6KyWs8lcC3jbf76oFnuISL8A5LnPYJOyccw9giT/03Rc0Go8bU+kw8AVaaLebPZP9FwAAAABJRU5ErkJggg==" alt="$I$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> that follow
path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> means providing a symbolic interpretation of 
every operation in the language so that the
ATP can reason about it. For example, consider a method call in Python. 
Python&#39;s algorithm for method resolution order (see&nbsp;<a href="https://www.python.org/download/releases/2.3/mro/">MRO</a>)
depends on the inheritance hierarchy of the program, a directed, 
acyclic graph that can evolve during program execution. Symbolically
encoding Python&#39;s method resolution order is possible but non-trivial.
There are other reasons it is hard or undesirable to symbolically 
execute various operations, as will detail later.
</p><h3 id="sec-dynamic-symbolic-execution"   style="bookmark:1.1.&#8194;Dynamic symbolic execution"><span class="heading-before"><span class="heading-label">1.1</span>.&#8194;</span>Dynamic symbolic execution</h3>
<p><em>Dynamic</em> symbolic execution (DSE) is a form of path-based
symbolic execution based on two insights. First, the approach 
starts by executing program <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> on
some input <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAwAAAAcCAYAAABVo158AAABDUlEQVQ4y92U23GDQAxFj7aCrYES4hYowZMSSAduIeMSNiXEJVAD6cCkg5AOlB+tLQSG5Dea0cCuXlfSBVSVLQU6oACNqrLnXAA1vagqiW15du9fwG6Fs2XvgayqiBl+LYk/yr8LEJFWRAYRmUTkKiKnRUSgwHCjwH3L59luzPgETHU5dneygGktYADasOVL5VG4pwWuK7SopJvZEvBieH3znTuW2PfRY3cQa4W86CE4N865X9g3KK1xEI8CprVx+qZ9s0cg2/FtlRshe+/gNPFnMINkmavzEJxzXWB68MG/BiDdDeIeFdwgmlhhDM86iAK8q+oYK/iFZdMS+0luWiNwAD6AT6PHt6oefMUfyjONtCS7Ic0AAAAASUVORK5CYII=" alt="$i$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">, seeding the symbolic execution process
with a feasible path&nbsp;<span class="citations" style="target-element:bibitem">[<a href="#gupta00" title="Neelam Gupta, Aditya&#160;P. Mathur, and Mary&#160;Lou Soffa. 
Generating test data for branch coverage." class="bibref localref" style="target-element:bibitem"><span class="bibitem-label">10</span></a>, <a href="#korel90" title="Bogdan Korel. 
Automated software test data generation." class="bibref localref" style="target-element:bibitem"><span class="bibitem-label">12</span></a>, <a href="#korel92" title="Bogdan Korel. 
Dynamic method of software test data generation." class="bibref localref" style="target-element:bibitem"><span class="bibitem-label">13</span></a>]</span>. 
Second,  DSE
uses concrete values from the execution <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEoAAAArCAYAAADfeB6OAAAD9ElEQVRo3t1b7XHbMAx91GUAJpmgygZKuoG6gdMNKm/gXCfoqRsonSB1NpBHqL2B1QkaZQP0R8EWYRSJH7IsF3c6Xyx+wOAj8AAyiohwaqKUyohoN9ZYABoieu5rl5yYgbRSag8gHXHYCwBbpVT6XxiKf8hPAI9E9DjWuES0AVAOGUudytZjJDVE9OFA41cAcgDXnduQiN58AKwAUMTTAqh5xdK+uQb0WPNYOrB/AaAa0gHAHkDd+W6go2YrL3iy1jLEit/l1rPgd2urfRX4IwnAItBIlZh/PdA2M7/Ly1AdA21dJ7WMLfvVnnO2ALYRaGx9Fkosro4xlERH4dFPW31Lx34lt88jDGXGqF22LkfUV0DwmTC3fmwagcbWw7j7UCNFGNfompnvfOiBjDbPRNR4BhbZXjPR65PP/FkdIch+4c+lU9SL9U9W/9pCZOboW/TUiJJuJgRREgF1wCrd9CDM5jQ5b73B1OKAsmNdCmdmzopL2QTkU1r2HzDArVT2SPJD6pJM5J+W1t/lQPs8ArljSf1Cl0P7J19qYLXPAnxLzvq2zLRXgT5K6pEelD91OPG1Q/uF7Ug9WfzWUBfBystIslocjD8xcZNIXDn2W4XwJw42L/JBMVYbyaeqszH9k1JKc3RbMjIA4BHAnYdfuzJzefqUbwBurSDx3vC2QD/1xJ+pi6Fyiyi2b7TTVlS849qRr+NPLSVdo7Lm2pKUxRAVGZBnJ0MxQiR/+ipYa1fJZgzOcxGAqKXN4A3/iWT3ZrEuhhBlk8SHCQig9kUUgIcObicpyX0konDm4Z8wVkF/bETZpWEu6WaO5LZPfpnFSzz80wbTyNMIYyw9yK2TJB7+aWqWrCP6FiJKxyzwpRkncUTTlIh6trag7yHBQhj5fqTFekpm5p9kKNcjbLu+SOjlL10RtZlwyzWhiGJ3YfTeSQ7H76pARDVJz4TpkfzT3iKePvKxo0op/dZ9IKKawcQ0NIuPqCxmYl4dcP7XmVBzHpgGHqYskpn5J3uum8Bt21g7pALw3Sedsmr6G5npZ7y/S7w+8S34XTZFDVtk7aVnv1SikZ8KAeeC+HfwujfXDjL4HZOXExjq71lc4NaVhbsy8oS5IqJ5XtLgFGTPhPH8SDqY60XXRLSb5bUf9iUbLuvkR1qoFH9OgXY+hwvHEMN5bo8w99ImrLO+HyXgfz7l+Z4pTsptP/cbd0sryZ3CSAVHy08vvp/7jTulVM186t0UqGI0NUR07VRmmRmq9Fh1pQEjlV1oMhFm9o9IqfIJUqfC+2rizIxVhuRrHqfCLXpu5KlTupBvbu4S0dXI427ZL71JRdSp/eeCUmoF4JKI7qYc7zc4lryrNB5NqgAAAABJRU5ErkJggg==" alt="$P(i)$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em"> in place of symbolic expressions 
whenever symbolic reasoning is not possible or desired&nbsp;<span class="citations" style="target-element:bibitem">[<a href="#cadare05" title="Cristian Cadar and Dawson&#160;R. Engler. 
Execution generated test cases: How to make systems code crash itself. 
In Proceedings of 12th International SPIN Workshop, pages 2&#8211;23, 2005." class="bibref localref" style="target-element:bibitem"><span class="bibitem-label">1</span></a>, <a href="#godefroidks05" title="Patrice Godefroid, Nils Klarlund, and Koushik Sen. 
DART: directed automated random testing." class="bibref localref" style="target-element:bibitem"><span class="bibitem-label">8</span></a>]</span>.
The major benefit of DSE is to
simplify the construction of a symbolic execution tool by
leveraging the concrete execution behavior (given by
actually running the program).
As DSE combines both 
concrete and symbolic reasoning, it also has been called &#8220;concolic&#8221; 
execution&nbsp;<span class="citations" style="target-element:bibitem">[<a href="#senacav06" title="Koushik Sen and Gul Agha. 
CUTE and jcute: Concolic unit testing and explicit path model-checking tools. 
In Proceedings of 18th Computer Aided Verification Conference, pages 419&#8211;423, 2006." class="bibref localref" style="target-element:bibitem"><span class="bibitem-label">14</span></a>]</span>.
</p>
<figure id="fig-dse" class="figure align-center"   >
<pre class="para-block pre-fenced pre-fenced3 language-python lang-python python highlighted"  data-line="1" data-line-code="2"><code data-line="2"><span class='token white python'>  </span><span class='token identifier python'>i</span><span class='token white python'> </span><span class='token keyword python'>=</span><span class='token white python'> </span><span class='token identifier python'>an</span><span class='token white python'> </span><span class='token identifier python'>input</span><span class='token white python'> </span><span class='token identifier python'>to</span><span class='token white python'> </span><span class='token identifier python'>program</span><span class='token white python'> </span><span class='token constructor identifier python'>P</span><br><span class='token white python'>  </span><span class='token keyword python'>while</span><span class='token white python'> </span><span class='token identifier python'>defined</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>i</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token keyword python bracket-open'>:</span><br><span class='token white python'>     </span><span class='token identifier python'>p</span><span class='token white python'> </span><span class='token keyword python'>=</span><span class='token white python'> </span><span class='token identifier python'>path</span><span class='token white python'> </span><span class='token identifier python'>covered</span><span class='token white python'> </span><span class='token identifier python'>by</span><span class='token white python'> </span><span class='token identifier python'>execution</span><span class='token white python'> </span><span class='token constructor identifier python'>P</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>i</span><span class='token delimiter parenthesis python bracket-close'>)</span><br><span class='token white python'>     </span><span class='token identifier python'>cond</span><span class='token white python'> </span><span class='token keyword python'>=</span><span class='token white python'> </span><span class='token identifier python'>pathCondition</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>p</span><span class='token delimiter parenthesis python bracket-close'>)</span><br><span class='token white python'>     </span><span class='token identifier python'>s</span><span class='token white python'> </span><span class='token keyword python'>=</span><span class='token white python'> </span><span class='token constructor identifier python'>ATP</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token namespace identifier python'>Not</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>cond</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token delimiter parenthesis python bracket-close'>)</span><br><span class='token white python'>     </span><span class='token identifier python'>i</span><span class='token white python'> </span><span class='token keyword python'>=</span><span class='token white python'> </span><span class='token identifier python'>s</span><span class='token delimiter python'>.</span><span class='token identifier python'>model</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token delimiter parenthesis python bracket-close'>)</span></code></pre>
<hr  class="figureline madoko" data-line="9">

<div data-line="10"><span data-line="10"></span><fig-caption class="figure-caption"><span class="caption-before"><strong>Figure&#160;<span class="figure-label">1</span>.</strong> </span>Pseudo-code for dynamic symbolic execution</fig-caption><span data-line="10"></span>
</div></figure>
<p class="indent">The pseudo-code of Figure&nbsp;<a href="#fig-dse" title="Pseudo-code for dynamic symbolic execution" class="localref" style="target-element:figure"><span class="figure-label">1</span></a> shows the high level process
of DSE. The variable <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>i</span></code> represents an input
to program <code class="code code1 language-python lang-python python highlighted" ><span class='token constructor identifier python'>P</span></code>. Execution of program <code class="code code1 language-python lang-python python highlighted" ><span class='token constructor identifier python'>P</span></code> on the input <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>i</span></code>
traces  a path <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>p</span></code>, from which
a logical formula <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>pathCondition</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>p</span><span class='token delimiter parenthesis python bracket-close'>)</span></code> is constructed.
Finally, the ATP is called with the negation of the path-condition
to find a new input (that hopefully will cover a new path).  This
pseudo-code ellides a number of details that we will deal with later. 
</p>
<figure id="fig-easy-dse" class="figure align-center"   >
<pre class="para-block pre-fenced pre-fenced3 language-python lang-python python highlighted"  data-line="1" data-line-code="2"><code data-line="2"><span class='token keyword python'>def</span><span class='token white python'> </span><span class='token identifier python'>max2</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>s</span><span class='token delimiter python'>,</span><span class='token identifier python'>t</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token keyword python bracket-open'>:</span><br><span class='token white python'>    </span><span class='token keyword python'>if</span><span class='token white python'> </span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>s</span><span class='token white python'> </span><span class='token operator python'>&lt;</span><span class='token white python'> </span><span class='token identifier python'>t</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token keyword python bracket-open'>:</span><br><span class='token white python'>        </span><span class='token keyword python'>return</span><span class='token white python'> </span><span class='token identifier python'>t</span><br><span class='token white python'>    </span><span class='token keyword python'>else</span><span class='token keyword python bracket-open'>:</span><br><span class='token white python'>        </span><span class='token keyword python'>return</span><span class='token white python'> </span><span class='token identifier python'>s</span><br><br><span class='token keyword python'>def</span><span class='token white python'> </span><span class='token identifier python'>max4</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token delimiter python'>,</span><span class='token identifier python'>b</span><span class='token delimiter python'>,</span><span class='token identifier python'>c</span><span class='token delimiter python'>,</span><span class='token identifier python'>d</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token keyword python bracket-open'>:</span><br><span class='token white python'>    </span><span class='token keyword python'>return</span><span class='token white python'> </span><span class='token identifier python'>max2</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>max2</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token delimiter python'>,</span><span class='token identifier python'>b</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token delimiter python'>,</span><span class='token identifier python'>max2</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>c</span><span class='token delimiter python'>,</span><span class='token identifier python'>d</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token delimiter parenthesis python bracket-close'>)</span></code></pre>
<hr  class="figureline madoko" data-line="11">

<div data-line="12"><span data-line="12"></span><fig-caption class="figure-caption"><span class="caption-before"><strong>Figure&#160;<span class="figure-label">2</span>.</strong> </span>Easy example: computing the maximum of four numbers in Python.</fig-caption><span data-line="12"></span>
</div></figure>
<p class="indent para-continue">Consider the  Python function <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>max4</span></code> in Figure&nbsp;<a href="#fig-easy-dse" title="Easy example: computing the maximum of four numbers in Python." class="localref" style="target-element:figure"><span class="figure-label">2</span></a>,
which computes the maximum of four numbers via three calls to
the function <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>max2</span></code>. Suppose we execute <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>max4</span></code> with values
of zero for all four arguments.  In this case, the 
execution path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> contains three comparisons (in the order <code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token white python'> </span><span class='token operator python'>&lt;</span><span class='token white python'> </span><span class='token identifier python'>b</span><span class='token delimiter parenthesis python bracket-close'>)</span></code>, 
<code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>c</span><span class='token white python'> </span><span class='token operator python'>&lt;</span><span class='token white python'> </span><span class='token identifier python'>d</span><span class='token delimiter parenthesis python bracket-close'>)</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token white python'> </span><span class='token operator python'>&lt;</span><span class='token white python'> </span><span class='token identifier python'>c</span><span class='token delimiter parenthesis python bracket-close'>)</span></code>), all of which evaluate false.
Thus, the path-condition for path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> is <code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token keyword python'>not</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token operator python'>&lt;</span><span class='token identifier python'>b</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token keyword python'>not</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>c</span><span class='token operator python'>&lt;</span><span class='token identifier python'>d</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token keyword python'>not</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token white python'> </span><span class='token operator python'>&lt;</span><span class='token white python'> </span><span class='token identifier python'>c</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token delimiter parenthesis python bracket-close'>)</span></code>.
Negating this condition yields <code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token operator python'>&lt;</span><span class='token identifier python'>b</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token white python'> </span><span class='token keyword python'>or</span><span class='token white python'> </span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>c</span><span class='token operator python'>&lt;</span><span class='token identifier python'>d</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token white python'> </span><span class='token keyword python'>or</span><span class='token white python'> </span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token operator python'>&lt;</span><span class='token identifier python'>c</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token delimiter parenthesis python bracket-close'>)</span></code>.
Taking the execution ordering of the three comparisons into account, we
derive three expressions from the negated path-condition to generate
new inputs that will explore execution prefixes of path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> of increasing length:
</p>
<ul class="list-star compact">
<li><em>length 0</em>: <code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token operator python'>&lt;</span><span class='token identifier python'>b</span><span class='token delimiter parenthesis python bracket-close'>)</span></code>
</li>
<li><em>length 1</em>: <code class="code code1 language-python lang-python python highlighted" ><span class='token keyword python'>not</span><span class='token white python'> </span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token operator python'>&lt;</span><span class='token identifier python'>b</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>c</span><span class='token operator python'>&lt;</span><span class='token identifier python'>d</span><span class='token delimiter parenthesis python bracket-close'>)</span></code>
</li>
<li><em>length 2</em>: <code class="code code1 language-python lang-python python highlighted" ><span class='token keyword python'>not</span><span class='token white python'> </span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token operator python'>&lt;</span><span class='token identifier python'>b</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token keyword python'>not</span><span class='token white python'> </span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>c</span><span class='token operator python'>&lt;</span><span class='token identifier python'>d</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token operator python'>&lt;</span><span class='token identifier python'>c</span><span class='token delimiter parenthesis python bracket-close'>)</span></code>
</li></ul>

<p>The purpose of taking execution order into account should be clear, as the
comparison <code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token operator python'>&lt;</span><span class='token identifier python'>c</span><span class='token delimiter parenthesis python bracket-close'>)</span></code> only executes in the case where <code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token keyword python'>not</span><span class='token white python'> </span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token operator python'>&lt;</span><span class='token identifier python'>b</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token keyword python'>not</span><span class='token white python'> </span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>c</span><span class='token operator python'>&lt;</span><span class='token identifier python'>d</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token delimiter parenthesis python bracket-close'>)</span></code>
holds.
</p><!--

assertions, query

-->


<p class="para-continue">Integer solutions to the above three systems of constraints are:
</p>
<ul class="list-star compact">
<li><code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>a</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token number python'>0</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token identifier python'>b</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token number python'>2</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token identifier python'>c</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token number python'>0</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token identifier python'>d</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token number python'>0</span></code>
</li>
<li><code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>a</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token number python'>0</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token identifier python'>b</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token number python'>0</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token identifier python'>c</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token number python'>0</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token identifier python'>d</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token number python'>3</span></code>
</li>
<li><code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>a</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token number python'>0</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token identifier python'>b</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token number python'>0</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token identifier python'>c</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token number python'>2</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token identifier python'>d</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token number python'>0</span></code>
</li></ul>

<p>In the three cases above, we sought solutions that kept as many of
the variables as possible equal to the original input (in which 
all variables are equal to 0). Execution the <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>max4</span></code> function on the input
corresponding to the first solution produces the path-condition
<code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>a</span><span class='token operator python'>&lt;</span><span class='token identifier python'>b</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token keyword python'>not</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>c</span><span class='token operator python'>&lt;</span><span class='token identifier python'>d</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token keyword python'>not</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>b</span><span class='token white python'> </span><span class='token operator python'>&lt;</span><span class='token white python'> </span><span class='token identifier python'>c</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token delimiter parenthesis python bracket-close'>)</span></code>, from which we can produce more
inputs.   For this (loop-free function), there are a finite number
of path-conditions. We leave it as an exercise to the reader to 
enumerate them all. 
</p><h3 id="sec-leveraging-concrete-values-in-dse"   style="bookmark:1.2.&#8194;Leveraging concrete values in DSE"><span class="heading-before"><span class="heading-label">1.2</span>.&#8194;</span>Leveraging concrete values in DSE</h3>
<p>We now consider several situations where we can make use of concrete
values in DSE. In the realm of (unbounded-precision) integer arithmetic 
(e.g., bignum integer arithmetic, as in Python 3.0 onwards),
it is easy  to come up with  tiny programs that will be <em>very difficult</em>,
if not <em>impossible</em>, 
for any symbolic execution tool to deal with, such as the function <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>fermat3</span></code>
in Figure&nbsp;<a href="#fig-fermat3" title="Hard example for symbolic execution" class="localref" style="target-element:figure"><span class="figure-label">3</span></a>.  
</p>
<figure id="fig-fermat3" class="figure align-center"   >
<pre class="para-block pre-fenced pre-fenced3 language-python lang-python python highlighted"  data-line="1" data-line-code="2"><code data-line="2"><span class='token keyword python'>def</span><span class='token white python'> </span><span class='token identifier python'>fermat3</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>x</span><span class='token delimiter python'>,</span><span class='token identifier python'>y</span><span class='token delimiter python'>,</span><span class='token identifier python'>z</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token keyword python bracket-open'>:</span><br><span class='token white python'>   </span><span class='token keyword python'>if</span><span class='token white python'> </span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>x</span><span class='token white python'> </span><span class='token operator python'>&gt;</span><span class='token white python'> </span><span class='token number python'>0</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token identifier python'>y</span><span class='token white python'> </span><span class='token operator python'>&gt;</span><span class='token white python'> </span><span class='token number python'>0</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token identifier python'>z</span><span class='token white python'> </span><span class='token operator python'>&gt;</span><span class='token white python'> </span><span class='token number python'>0</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token keyword python bracket-open'>:</span><br><span class='token white python'>      </span><span class='token keyword python'>if</span><span class='token white python'> </span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>x</span><span class='token operator python'>*</span><span class='token identifier python'>x</span><span class='token operator python'>*</span><span class='token identifier python'>x</span><span class='token white python'> </span><span class='token operator python'>+</span><span class='token white python'> </span><span class='token identifier python'>y</span><span class='token operator python'>*</span><span class='token identifier python'>y</span><span class='token operator python'>*</span><span class='token identifier python'>y</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token identifier python'>z</span><span class='token operator python'>*</span><span class='token identifier python'>z</span><span class='token operator python'>*</span><span class='token identifier python'>z</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token keyword python bracket-open'>:</span><br><span class='token white python'>          </span><span class='token keyword python'>return</span><span class='token white python'> </span><span class='token string delim python bracket-open'>&quot;</span><span class='token string python'>Fermat and Wiles were wrong!?!</span><span class='token string delim python bracket-close'>&quot;</span><br><span class='token white python'>   </span><span class='token keyword python'>return</span><span class='token white python'> </span><span class='token number python'>0</span></code></pre>
<hr  class="figureline madoko" data-line="8">

<div data-line="9"><span data-line="9"></span><fig-caption class="figure-caption"><span class="caption-before"><strong>Figure&#160;<span class="figure-label">3</span>.</strong> </span>Hard example for symbolic execution</fig-caption><span data-line="9"></span>
</div></figure>
<p class="indent">Fermat&#39;s Last Theorem, proved
by Andrew Wiles in the late 20th century, states that no 
three positive integers <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABUAAAASCAYAAAC0EpUuAAABHklEQVQ4y6WUYY3DMAyFP08HoBh6DIohY7CjUAjlMAjDUAg5Cj0GHYVC8P04Z/KsrOl0liLV8fPTSxo/VJW4gARkYLO1AGPA9MAMrBFTI7wZILm9CVBgtnwwohT6FJhqhPmF+tWaRiMcKoQKLPHIa43Q6tk13kJtc7U5FtIO6eoa+1CbrD8DXdm87Kk0TCHcxakqJ/7iDnzxIkRkcOk3jfgAUNWfBi6579wiPXEszu8oFbuvfZBIAd1V9fPfSkUkvaPy6PHPR+5TRPrHD209DxvZ8py6Bu5SrrMzY9iAa8U0mu+zeIHLn+ZWA/jqZ/qIykLqZ3oOKjczEPVKAuHs+wrpGE2imEvxAneaa8AskfDhpzb7izPlXDGNGqZqQL/kpe0Z3roFswAAAABJRU5ErkJggg==" alt="$x$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">, <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAaCAYAAAC3g3x9AAABcElEQVRIx5WV4W2EMAyFv9wEdAVGQB0h3QB1hOsG7MAI1xU6At2gohvQFdIN3D/OyWdCQiNFMth5+L28BESEPIEIrEACNmCy+dIEOl2zAZ1NTPqy1+cbIMDcAJy1ToDBdpaAzn1AgNQAXDOgiGBfRlf4YQsrgLm7VZ+JwFYoTFq4VcCiAZxFhAvwpnrdRwhhVLHxOTdeTLzkYLTaebo+V9PvrmHBBg+6VOyyq7sUaLyauEb32cSf96hGo0H3ZupikbKjsTTsspVs5SlHE38fcQ0hdEC/ows7wN7EXxX9YskuJUA7fk7676FDr8vVaNgfaNebmt2xrG3K9cB7W23jSh2M+ZYBBgN0VbDFAE5NQEPrQwGSzpsC22M5+LUhXzlnRwghL/gVkSefv/wTzNrlvVhkKK6tK9/ol46OpS88vFDNZgkwHn7Un8tSh7oZ6dRPy3S4nvDe3Pyt6qJBOxgd0GRsE1tgDz503svCL6Wua/MPz3MNm1mBZ2QAAAAASUVORK5CYII=" alt="$y$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em">, and <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAASCAYAAAC5DOVpAAAA6klEQVQ4y52UURWDMAxFLzsTgAYkdBaQwCwgYR6QgAYkoKESmAUkZD+Bk7GmhfWc/JD08prmFRHBC2AEVkCAKVM3A8FL1sCiEBvR+eEsIniwaACLUSeaa7Tupfk6CQN63dQl1PZ6JAtv9hrn/F2hl40qCl/fc5uugC7DgOCBLsGAzjb/b5jeWtxuzYs7hVVV1QQgIo9S7a0AmoG3iDw5szIOiKUR2VqQm7PNSu0JUA8sSZhR1J6ctxXoPdjmyVXVjSmwsdySHA21kTVxmzB4PLwiv3YCBud5CQegGOUhUb83vM70JprnaPBqPzmXkP+U5dLxAAAAAElFTkSuQmCC" alt="$z$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> can satisfy the equation
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAO0AAAAkCAYAAABlqr3zAAAF9klEQVR42u1c7XHiSBB9QzkAeUOQM5DvIljIANYRLGSA6yLYkjMQF8EaMgBHcAsZSJeBIYO+H+oxvZykkW1phKC7SiUVzMCoe/pz3gyICD4uAAmAlK+5+DwAMAew5e/2AJYAQl9ju/RLeX9ZshjAAxljYgAHIroDsAEQG2OmxpiIB3kgonv+/h7AGMDWGBNASXmvsvhdFp6sy148zwGQsDZhQfsttxmrdVbeqyx+l8WNB+syZati6U++hwBGRJRVdA87towBER16bNl7y/sL9LKNyWLgacyJeI74viCijWOQWYdMTtjS9Z16x/sLpkZkYdgNe/NcnGADwD0R7QraREJZbrvydMaYNYAhEZkLsfS94f0VeN1PyWLgebxDvh+KBsr0wPedThrlvcri/7LwrbQjvm8q2kwLQgkl5b3KomNPuy4JGyLk61UA8Cw+X6qclfcqi1wW3pSW4/jQYWFsSLCxIQG/QKRyVt6rLHJZDEp+eGiMWRtj9nxtuWQt24TGmKUxJi1rUxHHZ4420rrHAB6vSKhD5uWeeTuvMxG4T1oCilDeNyefhGVDVVEI60/UhiwGRYPiBjER3RLRLYCfABI7SFHZSojojtv84jZzRxz/XMGTX3x/5f+JAWREtLqSCTHnHGbCPLWomdjR9S+2wiGK11eV9w14SGNMyrmmNYxjY8y2RIdQUmT6vCwKcJHrEjRHihydMUVero5O+hFf25L+8Wm/knZLbpey4egKvbLO2ePt/4b83kEBambv6GuRM3SuvBfv4uNatyCfrfh9iw1+m/NgRBO/Zyrl2LQs3tZpjTFD6znL3L1w2wsimonv9sL6rIhocgGW1es6LVvsR7nQzpHNmI2rqehrF9t3RHR/rmE/gJmYJ23RgZV20eDYpyICWp3kp98ATAD8Id7tzoFw+hxJXCRPUjg8LeEEJ8nWZc/eKbgQnKg3T8vGMC3CqlrL7uhr5RIrxre1uTB2tAlZR6K2x3PDFmMM4LUCTgWRK2WnVoSIngA8aebzYZrhZD2OZWItd9W66Ug8r5WVrTi2kcMTh8z7SQVYojGyGwYydvFlg5JVsI2KsXH6WcDXB/G8qFGVh8PoKrUT9kecf3pR2DelrfFnwz5bc67Kxh/s+15w9sZlmQss+eq0UmlzWVRACrmdNag7VSHv82rMlftRqzlsiad10ajnnnYHYPXOIogtLLz3fZswat/Ec+IYo0ZA3TmCBwBffeO0a+3yEd4mK6suX6BQOtvlw5Vk60FvKzxtgiNGdaThsTf5LDlC6mSV5KbGAIdqzb1OCBnybhxWvDf5rMclHyBf8nlq6T3WnLJ0hhSrEx7Xqk5yBS3wlYxfMA1Pwvoq5XZhWM+JRiJP90FPDStrAOAFwA8XSswYM2/LaAD1NgzU9bRL6BElTZDk4T815XL2xUEieiQi4+kataCwFvziUtgpRxSt0YAxlUsGQccF3jMS+WxZbhUhB1woTrVZympGQJq2tJuuvACYuVIQ1pcYH1ypeI+njTlsseeuSpIWoyq3+hvAdxVxI3Rw8Zwnx1R4MU1J2qMXdlx2R1tyUueRHjZFDlJatK20MhxbFUyMWUHYJge7hO4GaZKeS0JgafnX6mW9eFnLZ7uTbYZ8OW7NW/O2fBGOS3OtV5QHOO7ZW9gSNlsSC8taIEfkBDJ8tvs+2dJPVMSN5X4HIfjYotE4jZlybpX1KZ/tqcLGAL7w4eEZy2YD4KuIgOQhAQeUHNLWxiQBh8db5AB1C/w/3RRQ1GZ44SBx6vD/QzaoqeB5wmnMEsdNApGC+hvnfYDq7XUhjlv1Uk4xvW2U8XqEag9Do7M8QlWAXQ4ctildEQ2UBb0zJjLPXShHVGmVulPG0BY1HMfLPIoc6odyTpVW6Ug7+N05k4iixrhEscc4VpS/64Hi10k3yoLSAp1vbGnh0ptQ2AD5ejgAPOkSmyqtUveUccibnC7OCxhdwAqrx5pqeKx0BvTI3vZVKivv2/wXwBfk2+9UYa+cdMnnnIRxxK7aM4wPyM/AXbYNjVPqD/0H0PDfYqrLR+QAAAAASUVORK5CYII=" alt="$x^n + y^n = z^n$" class="math-inline math" style="vertical-align:-0.212em;height:0.937em"> for any integer value of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAASCAYAAACw50UTAAABWUlEQVQ4y6WV4VHDMAyFP+UygI8RygYBNigb+GCDskE5RsgIYQOubJCO0IyQbsCFDcQf+1Bcu2nBvyTr6Z30IjmoKqoK0AADMAEjsI0xg1kBXcCNATsAPsWqKjHJBeA6+B2gQGeIu0DozZ0L5DNsSt7ZSgEfEjRU2+eSTccR2+TIJ8AVyCegzRGb6iN2JmUlIh44qOo3v+fR2AdVfaV8box9awMV8AzskoS1sV84fxpjDzZQAx/APl6IiAs6A+xV9bhA/mDsOTajoS9pWNB8jPg0VmUqsXrvz5UsIivT5ecJ4JpKMtit6dJn57wwVv1/JFFV6qSRJ2PvFiRpjCTvScwB9/Vf9U5GNC3kDfhK25ziVl4gScSOhdiqSr68u2JKXG5KRGQT96MubGV/jlxVjyIS3THRugXuZqMYdIuT4i6QJT7LbfDXJ0+yAW+CVotbaXJa89Po0yf3ByaK/TzOgVZHAAAAAElFTkSuQmCC" alt="$n$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> greater than two.
The function <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>fermat3</span></code> encodes this statement for <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGMAAAAdCAYAAAC+E9IkAAADKklEQVRo3u2Z7XHaQBCGn2VcgMYdROkAkgoCHWCnAuMOYFyBB3cAHdiiA+gggQ5wKkigg82PrDzLIQk5iDhjbmc0I532dNLuvfvxSlSVKM2LiCTAHdAFUhv+DjwDmaouwjmtaLaTOGIM/AAS4B7oAF+AOXANzEVkKSLdnXkRGY07Ymm7/0ZVtwX3U2Dthq5UdRaRcRpEJMB9kSMAVPUZGLmhzBwUndGwDCw/LEVkUqEX5ovbGKaaT9ibAAVSU3elqp2IjIakLCzV1P0Vw1Tzcgts7biqQFEaDK0ALqL9GkXHFJjWUA2d8S0i4+3kKsgXs5jA3y7Ze6N3VHW1gwwRaVtXuBGRtYgMi2KdiExMb226SxHpRxPXdkTmLnu5I/I4hzUqG6Br1xNAgYmq4sbWQN+NJcAy1I3H/mF5IjNbLYH2no4z9NBN7NsktYfMy4wNtJ1uu8GXH7rnnvqYn8gBm4K1MiAp0s+rqWvgQwmylsBUVUcl95/deTcv0xqQFTAz9J1StrbZTiEfgEs7T8w+d8BGRKbAKOw5+uHOcGHq4K4x5GgMVbXRkjjEvKQGVaUFfDXoEOzwHd6kQtoBiqIc7r5vHFrmItLOq6lH4CngTfKmZGEsY5V8LglZUcodMrPw+MLcArRUdRbELY+KOrG07xZZRFPXliffkYvIoKgD77nzxYGaOXUomkX7vkrWIa9V5Iyu2+mruqiwcHfOzVzXNcODGlPCkJ7u0CEBz75Q1d6BF1jnyCjj7o/5OCsekn9gy7mqPhzxrnv/MoCPVfnWWAtfOG1D1vY6TCoVD2u7EDUteLlPR+aQXoC8U8vDEXPTkiqzqqC5DJFy8bf5Iih5Q8fdAT9rPKOq4hix+6/4f5aiH0uHvr0TXD+Wte+bV7T665J76Zk1c2v77kkdWsj01TV/SSuojJJXVFFJURVlyatOf/LeZJQTp4cKH8uHPrT9oUWcpwbOU4Mant3Tda1+eqZUR05ujg/QR55AHO6wtqaUOYWkxsITv7CVxDsU+5k6pG/GzkNW35J5FxgHoam7R6E7ZGy8p2osPHaxct4khf5OnJIV5IasbMP+BlytmcM2jFpZAAAAAElFTkSuQmCC" alt="$n=3$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em">.   It
is not reasonable to have a computer waste time trying to find
a solution that would cause <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>fermat3</span></code> to print the string 
<code class="code code1 language-python lang-python python highlighted" ><span class='token string delim python bracket-open'>&quot;</span><span class='token string python'>Fermat and Wiles were wrong!?!</span><span class='token string delim python bracket-close'>&quot;</span></code>.  In cases of complex (non-linear)
arithmetic operations,
such as <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>x</span><span class='token operator python'>*</span><span class='token identifier python'>x</span><span class='token operator python'>*</span><span class='token identifier python'>x</span></code>, we might choose to treat the operation concretely.
</p>
<p class="indent">There are a number of ways to deal with the above issue: one is 
to recognize all non-linear terms in a symbolic expression and replace
them with their concrete counterparts during execution. For the <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>fermat3</span></code> 
example, this would mean that during DSE the symbolic expression 
<code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>x</span><span class='token operator python'>*</span><span class='token identifier python'>x</span><span class='token operator python'>*</span><span class='token identifier python'>x</span><span class='token white python'> </span><span class='token operator python'>+</span><span class='token white python'> </span><span class='token identifier python'>y</span><span class='token operator python'>*</span><span class='token identifier python'>y</span><span class='token operator python'>*</span><span class='token identifier python'>y</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token identifier python'>z</span><span class='token operator python'>*</span><span class='token identifier python'>z</span><span class='token operator python'>*</span><span class='token identifier python'>z</span><span class='token delimiter parenthesis python bracket-close'>)</span></code> would be reduced to the constant <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>False</span></code>
by evaluation on the concrete values of variables <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>x</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>y</span></code> and <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>z</span></code>.
</p>
<p class="indent">Besides difficult operations (such as non-linear arithmetic),
other examples of code that we might treat
concretely instead of symbolically include
functions that are hard to invert, such as cryptographic hash functions,
or low-level functions that we do not wish to test (such as 
operating system functions).  Consider
the code in Figure&nbsp;<a href="#fig-hash" title="Another hard example for symbolic execution" class="localref" style="target-element:figure"><span class="figure-label">4</span></a>, which applies the function
<code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>unknown</span></code> to argument <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>x</span></code> and compares it to argument <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>y</span></code>.
By using the name <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>unknown</span></code> we simply mean to say that we 
wish treat this function as a black box, with no knowledge
of how it operates internally. 
</p>
<figure id="fig-hash" class="figure align-center"   >
<pre class="para-block pre-fenced pre-fenced3 language-python lang-python python highlighted"  data-line="1" data-line-code="2"><code data-line="2"><span class='token keyword python'>def</span><span class='token white python'> </span><span class='token identifier python'>dart</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>x</span><span class='token delimiter python'>,</span><span class='token identifier python'>y</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token keyword python bracket-open'>:</span><br><span class='token white python'>  </span><span class='token keyword python'>if</span><span class='token white python'> </span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>unknown</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>x</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token identifier python'>y</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token keyword python bracket-open'>:</span><br><span class='token white python'>     </span><span class='token keyword python'>return</span><span class='token white python'> </span><span class='token number python'>1</span><br><span class='token white python'>  </span><span class='token keyword python'>return</span><span class='token white python'> </span><span class='token number python'>0</span></code></pre>
<hr  class="figureline madoko" data-line="7">

<div data-line="8"><span data-line="8"></span><fig-caption class="figure-caption"><span class="caption-before"><strong>Figure&#160;<span class="figure-label">4</span>.</strong> </span>Another hard example for symbolic execution</fig-caption><span data-line="8"></span>
</div></figure>
<p class="indent">In such a case, we can use DSE to execute the function <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>unknown</span></code>
function on a specific input (say <code class="code code1 language-python lang-python python highlighted" ><span class='token number python'>5013</span></code>) and observe its output
(say 42). That is, rather than try to execute <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>unknown</span></code> symbolically
and invoke an ATP to invert the function&#39;s path-condition, we
simply treat the call to <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>unknown</span></code> concretely, substituting
its return value (in this case <code class="code code1 language-python lang-python python highlighted" ><span class='token number python'>42</span></code>) for the specialized expression 
<code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>unknown</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token number python'>5013</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token identifier python'>y</span></code> to get the predicate <code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token number python'>42</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token identifier python'>y</span><span class='token delimiter parenthesis python bracket-close'>)</span></code>. 
</p>
<p class="indent">Adding the constraint <code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>x</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token number python'>5013</span><span class='token delimiter parenthesis python bracket-close'>)</span></code> yields the sound but
rather specific path-condition 
<code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>x</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token number python'>5013</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token white python'> </span><span class='token keyword python'>and</span><span class='token white python'> </span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token number python'>42</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token identifier python'>y</span><span class='token delimiter parenthesis python bracket-close'>)</span></code>.
Note that the path-condition <code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token number python'>42</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token identifier python'>y</span><span class='token delimiter parenthesis python bracket-close'>)</span></code> is not sound, as it admits
any value for the variable <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>x</span></code>, which likely includes many values
for which <code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>unknown</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>x</span><span class='token delimiter parenthesis python bracket-close'>)</span><span class='token white python'> </span><span class='token operator python'>==</span><span class='token white python'> </span><span class='token identifier python'>y</span><span class='token delimiter parenthesis python bracket-close'>)</span></code> is false.
</p><h3 id="sec-overview"   style="bookmark:1.3.&#8194;Overview"><span class="heading-before"><span class="heading-label">1.3</span>.&#8194;</span>Overview</h3>
<p class="para-continue">This introduction elides many important 
issues that arise in implementing DSE for a real language, which we will 
focus on in the remainder of the paper. These include how to:
</p>
<ul class="list-star compact">
<li>Identify the code under test <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> and the symbolic inputs to <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">;
</li>
<li>Trace the control flow path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> taken by execution <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEoAAAArCAYAAADfeB6OAAAD9ElEQVRo3t1b7XHbMAx91GUAJpmgygZKuoG6gdMNKm/gXCfoqRsonSB1NpBHqL2B1QkaZQP0R8EWYRSJH7IsF3c6Xyx+wOAj8AAyiohwaqKUyohoN9ZYABoieu5rl5yYgbRSag8gHXHYCwBbpVT6XxiKf8hPAI9E9DjWuES0AVAOGUudytZjJDVE9OFA41cAcgDXnduQiN58AKwAUMTTAqh5xdK+uQb0WPNYOrB/AaAa0gHAHkDd+W6go2YrL3iy1jLEit/l1rPgd2urfRX4IwnAItBIlZh/PdA2M7/Ly1AdA21dJ7WMLfvVnnO2ALYRaGx9Fkosro4xlERH4dFPW31Lx34lt88jDGXGqF22LkfUV0DwmTC3fmwagcbWw7j7UCNFGNfompnvfOiBjDbPRNR4BhbZXjPR65PP/FkdIch+4c+lU9SL9U9W/9pCZOboW/TUiJJuJgRREgF1wCrd9CDM5jQ5b73B1OKAsmNdCmdmzopL2QTkU1r2HzDArVT2SPJD6pJM5J+W1t/lQPs8ArljSf1Cl0P7J19qYLXPAnxLzvq2zLRXgT5K6pEelD91OPG1Q/uF7Ug9WfzWUBfBystIslocjD8xcZNIXDn2W4XwJw42L/JBMVYbyaeqszH9k1JKc3RbMjIA4BHAnYdfuzJzefqUbwBurSDx3vC2QD/1xJ+pi6Fyiyi2b7TTVlS849qRr+NPLSVdo7Lm2pKUxRAVGZBnJ0MxQiR/+ipYa1fJZgzOcxGAqKXN4A3/iWT3ZrEuhhBlk8SHCQig9kUUgIcObicpyX0konDm4Z8wVkF/bETZpWEu6WaO5LZPfpnFSzz80wbTyNMIYyw9yK2TJB7+aWqWrCP6FiJKxyzwpRkncUTTlIh6trag7yHBQhj5fqTFekpm5p9kKNcjbLu+SOjlL10RtZlwyzWhiGJ3YfTeSQ7H76pARDVJz4TpkfzT3iKePvKxo0op/dZ9IKKawcQ0NIuPqCxmYl4dcP7XmVBzHpgGHqYskpn5J3uum8Bt21g7pALw3Sedsmr6G5npZ7y/S7w+8S34XTZFDVtk7aVnv1SikZ8KAeeC+HfwujfXDjL4HZOXExjq71lc4NaVhbsy8oS5IqJ5XtLgFGTPhPH8SDqY60XXRLSb5bUf9iUbLuvkR1qoFH9OgXY+hwvHEMN5bo8w99ImrLO+HyXgfz7l+Z4pTsptP/cbd0sryZ3CSAVHy08vvp/7jTulVM186t0UqGI0NUR07VRmmRmq9Fh1pQEjlV1oMhFm9o9IqfIJUqfC+2rizIxVhuRrHqfCLXpu5KlTupBvbu4S0dXI427ZL71JRdSp/eeCUmoF4JKI7qYc7zc4lryrNB5NqgAAAABJRU5ErkJggg==" alt="$P(i)$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em">;
</li>
<li>Reinterpret program operations to compute symbolic expressions;
</li>
<li>Generate a path-condition from <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> and the symbolic expressions;
</li>
<li>Generate a new input <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAgCAYAAAAWl4iLAAABdUlEQVRIx61V0XGDMAx9YgJ3BUZIVqAb0IxANkhH6DECHaEZga5ANyDdoGYD5UfuKQYTY8OdzwbL78TTezIxM/Z6iKgE8MfME5h5lwGgAsAy6gL7Pe9q/Up7UEFEBoBVn95ifrEB0AEoV2JqRcPIzHgG2qkD15W4q4prYoCtOtCtxLkY+//tCXArB3oAJkINbRRwpMw0XWZPYLtEVS5oqbJ9UE2uQWqZv5n59rCTmfEg2R5mexmgRkCHpf3Cs2ZFRAMRWSIaieiyQsNJ5o/FXc+6gyuCklG7ot+wGyXoILIx6uDFd9MmqlQRqpD/E2uAynWkgP/HFOACwFn41EVs1GuXI3IT0CeHmk8Uxys27VN1vmTps1q3ydeVf+cRkRVXTcz8kgrsO68WUAD4zGpPHr99qA26u2xz8VRTmTUWt5davJNa+42l2UxNjIWlj5SpGd+82RW0A/A1uyE2ZKyNYWR0oUYenbFkdATwA+BXbD0x8zFFbXfjGV5esZwD6gAAAABJRU5ErkJggg==" alt="$i&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"> by negating (part of) the path-condition, translating
the path-condition to the input language of an ATP, invoking the ATP, and
lifting a satisfying model (if any) back up to the source level;
</li>
<li>Guide the search to expose new paths.
</li></ul>

<p>The rest of this paper is organized as follows. Section&nbsp;<a href="#sec-semantics" title="2.&#8194;Instrumented Types" class="localref" style="target-element:h1"><span class="heading-label">2</span></a> 
describes an instrumented typing discipline where we lift each type (representing 
a set of concrete values) to a symbolic type (representing
a set of pairs of concrete and symbolic values).
Section&nbsp;<a href="#sec-sp2dse" title="3.&#8194;From Strongest Postconditions to DSE" class="localref" style="target-element:h1"><span class="heading-label">3</span></a> shows how strongest postconditions defines a symbolic
semantics for a small programming language and how strongest postconditions
can be refined to model DSE.
Section&nbsp;<a href="#sec-impl" title="4.&#8194;Architecture of PyExZ3" class="localref" style="target-element:h1"><span class="heading-label">4</span></a> describes an implementation of DSE for the Python language
in the Python language that follows the instrumented semantics pattern closely
(full implementation and tests available at&nbsp;<a href="http://www.github.com/thomasjball/pyexz3">PyExZ3</a>, tagged &#8220;v1.0&#8221;).
Section&nbsp;<a href="#sec-int2z3" title="5.&#8194;From Python Integers to Z3 Arithmetic" class="localref" style="target-element:h1"><span class="heading-label">5</span></a> describes the symbolic encoding of Python integer 
operations using two decision procedures of Z3: linear arithmetic with
uninterpreted functions in place of non-linear operations;
fixed-width bitvectors with precise encodings of most operations.
Section&nbsp;<a href="#sec-extensions" title="6.&#8194;Extensions" class="localref" style="target-element:h1"><span class="heading-label">6</span></a> offers a number of ideas for projects
to extend the capabilities of&nbsp;<a href="http://www.github.com/thomasjball/pyexz3">PyExZ3</a>.
</p><h2 id="sec-semantics"   style="bookmark:2.&#8194;Instrumented Types"><span class="heading-before"><span class="heading-label">2</span>.&#8194;</span>Instrumented Types</h2>
<p>We are given a universe of classes/types <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAcCAYAAAB2+A+pAAABj0lEQVRIx7WW7XHCMAyGH+c6QK4jpBt4hrBBemxAN+gOHYEVSDeAjgAbhBEgG6g/qvRUY4gTp7rTXS6WrI9XkoWIALwDMoFrESFkoErU3zgRwTlXAR54Bl7UEUufwB64AL2IHLhDzrlGHVjrnQMd9I4e2HHH86vxbh+TSWFzjw/PniIeV0BpfrXMpwuwE5HTzUnEy02AR5URcTRaEYkabo3RLsNo/RNX/LyIpKcOCmIuvT7SL0bw3WcYrh/qB+kJ+7mcmebyEb6xVK/M91lE+oxo+2g1x1K9IL7rMf3C4OuDs/bf8LUYh/hmtFGV0v/FHXxPmdH2InJOSvWC+K6S9O2UGXv2JozJZlROhT8Wwten9n+xcJrr1P4fDPuFxuRal4YkKpfA17SRT5T/xSV3Pm+B4wT5vxFnFpVP1onsWNWMl6gDtlP0huLaGcz9xIL60kn1NkkreD+T1x0tpg44zqmLmx1JeTtidHhQ2tnDJlIknV561YnWqFMbswh2KWMx2bBxoFEjtug6bZk6x+DA32lYn1cpV7d9AAAAAElFTkSuQmCC" alt="$U$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">; a type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHAAAAAfCAYAAAA/QknEAAADy0lEQVRo3u2b0XHiMBCGPzEU4JAKzteBb66CkA7IpYIjHcCkgpukAygB6ICkgkvoADq4QAd7D6zmFA8G2ZaDILczHnuwJFa72v1Xq7UREf7T6VLLPhhjEmOMfMCVnKswjTGDkrLoFoyTevbvt51+987zCpgBS+AN2OgdoAMMAffPh8Ai1wYgBa6Bnm0oIpszNoiZyq4DfAUGO97PrUxF5GnXICKyMsbcqPxugcx5/aRjbIAJIoK60SUgQN/+VnTpAKLX0qN9pm3Xh9qe0wWsHTnNA4yT5d+11WQz1fZQRMYeK62bW1V7SUQWxpgN8PJZsMkYkwIuXExrDPcGTERkUYSBt8BCRB49GMtyP809mXhR9/JZKI9vTzXGSoHRrhcWA/uKY6UZK/LjO6hTcxWWtQDrVVLgck/TpafXKUvXbkwhIquK8+haL7ZTgdaiSkzCZWxRgpekaQvUudzrIktK9Js0EFx1A1nfzb7+bXWfkw9gLG0KA3VrMnV4WzjRmo2ii/B51QA/efyb11wIo30N1kDqGQ1lTlQlQNezX9JUBKoTtFHa1HcuDUefg5yckorjJEXRp9PGf8J5xkoykzakPFEFdiPaPpTaZu0Zp3do4bdLupCq+BfcVambshvab024wgjw7/ZQ/9aRGAtBNqK9ikl5O7ZZ05oLYR5EgTX2f00Iqad4/FgUXsey/yuxzSoKhIJZYBDGApHN2/6KcANfGWZ2yHtzyLu0jsBYiC1DBswiTYyHgplrn/7tE8S/7rFd+KGsSSCY6ekmvr4CY8I/TQgAvClO1KLAAdB1IPzLfA2lXcH6jo1/lwGiO1dYABeB3HEoL9Vlmz/dhFJgFPin9Efv430pshK0DIilWSAvdYvHMV1VCzz2/s+6vLmIzIiEdpSKLCqOk+pC+OnTvuUxYEz45wrme2QxTB6Pqybuh2zPZr0WgDlUlWaMGQAPDv6ZCFb7EuiIyEVkFriuIyc1lle2qcFFEAuMDP8sjYDEGNOPRYGKo5ucKyy7AKbAuEx2yUeBMeGfFdajYuFDZGWKk4KAxoeeNfNyV6ZT68Twz6U7trnC54iU6JalPPgGLQoJAFdVVvO+86gRAQ4mGzx36ytfr0RwkJs7oxRg5Hm+Oq36f0ZE3Mx3x7m/K8hVeleYaqOtY+YkFQdtycHQp7LuA3jKFM9SldMY+K3PbrHzSnme1cET+FfUW+UaRLDqM2cOa1VoT4WVHJGvnirSLfBdKn9BKgjMOX3coueE9yUDiA3w5VRL/s05fp2kQc0Ptt8nWEgozOyIyPBU5/oXJlUEAeXOaG8AAAAASUVORK5CYII=" alt="$T \in U$" class="math-inline math" style="vertical-align:-0.044em;height:0.807em"> carries
along a  set of operations that apply to values of type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em">,
where an operation <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGQAAAAfCAYAAAARB2hWAAADS0lEQVRo3u1a7ZHaMBB9y1wBvksFcTowkwrOdECSDrgOYK4E0gGUcNABXAcHHZgOgt3B5s9qZs8DWJIFRol3RgMMK+vjab+eTMyMXu5HHvotaBYiSgCUNxjqsQfETl7V9wOANYACwBFAJZ8A8ARgBiBX+jMA+5oOAKQARgDGRpGZKzBz3xqabD4DmFjobkSXARQW+pnolsyMQX/4G91VJqd5xsxLiy7aOtZNysy8Fyv7ANADYiG/AOyZ+bcleFo2lmN8iCuML6irE5sC+HJBtbA80U0ykTgAR+sAM28t+z0BWEUDiIDwKgtOHPq9MXPVclw4ADtS3/cOQyVRWIikmyt18vYAtuIKTIZzzjcfArmrNwd9bSFbh36piSH3nNnkkvuzgJJ2MIfSdlyVLZmWW/ZLTIbFzPdpIUSUixVUAEYOvji0DB0szSt+MHNFREPze2CzOUS0IqKCiEppOyKaXgmMVIEx7BAMV7fnGz8+j9PgMkxBNNemK5kHi0lngd3ETp6dRVY8anc1937OmYcvTKV5zodKyW8mkAZa1LjtgjoCwyt+WAGiSv/GgKYsaBPYOpLIAJlqQNo8a1Dz3zrFfLbwocZX5pKitk1xMwDrNrVDR+IdP+oyUBsyUczjVjgWF8lbLip3pBvuSXzrj9P3IXI65zXK2LagQY1W9hXzrKNkWrfMkNqyCD781XlAJGsyLufgYB16MseWazO81CrQRgHA4w3cny9/dRGQFxfKWNULqF3ctJE/8rm8RIk4SHGjWBQsfgDAg7ir1MPk8hO8fhsxgG6YeY14JFj8MEE9PcHN28gPV6uyzNi+R3YVECx+aIRNDl06EGJ8hcKwsJ3Dv1Z/6Drk4BEH9KX/MmBGswCQSAr+X9Ufn7gsRXOXjtaxu9ILBWUM1Xoo/upUpb5UN1dN8q6s6fkKp+5F5vHetvqPMX7oU19cQlp0DNe0ueYJVmzyrouLKcs5LmoWEmQ/9ABpjW5PFBBTcSMlLN5NCgwKA5h2uPGpFMC5UEsTKV651lby31h0cx+Qzm3ETgFQiEWMO6K1C8U+L2TB6a1ijBrfpzkfJIrhZWsiGktmlzl0qwB8jY05ppjefpcg/xPAN3GllwjNAzPPEJn8Bdqk4RgC5J+EAAAAAElFTkSuQmCC" alt="$o \in T$" class="math-inline math" style="vertical-align:-0.044em;height:0.807em">  takes an argument list of typed 
values as input (the first being of type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em">) and produces a single 
typed value as output. Nullary (static) operations of type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> can be 
used to create values of type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> (such as constants, objects, etc.)
</p>
<p class="indent para-continue">A program <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> has typed input variables
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASYAAAAjCAYAAAA5fqfdAAAFfUlEQVR42u1d4XXaOhT+LqcDOIxANyDtBJAN0pcNyAbO6Qh0A6cTNGED0gleYAPTDYI3uP3B1Xuqa7Bky45B9zvHB0iEZD59vrpXvpKJmaFQKBRDwgelwA9ElADY99DUFTMXyrgiRj2rYfLHV+v9DsAKQA7gDUAhrwAwBvAAYG6VfwCwLZUBgAmAGwC3pqAaJUXMeiYN5bxHmFyIv2fmx5qya6sjd8z8sab8FMAGQMHMV8q2IlY9j7RrvDpxKp34UNeJAnt0WdUVZuatjFKvyrYiZj2rYfLDHYAtM39z7HQba8c2XsWlViii1bMaJj8sAGSOZeel0ePF8XtjcX8Vimj1rIbJz+2Fo8sLHCb/DLYeTSXqMSli17MaJj+398mjvD3CvHh8bwKdY1JErmdNF/Bze699RiPfeFxySgpNFVDErmf1mNxxzcyuLmmjeFw68FqpVsSu51HJws2JaENEeyLKiSitsYgZETERZUNjnYiW8js2RDRpW59HJ7aJx33bURzv/4vRcpR6ZmZIkuUCh9nziXzOADCApSljHzhkdbJ1TKvKvcchFt4+t03P7dttL4fCSyzHJWk5Vj2PrBhyCWBmWbjcikWrsKuY5BoKJu91bi3yPRTh+L8kLUepZxPKfQfwpTRJ9VlekyOe1haHtTIGQ5qwfSqdz2OPbTfN91CEwaVpOVo9zwHsK9y3vbhueY2bt5FyEweXcApg3pP7mQBIAdz27PauQ7vcffJ25iFcZ1qWcG8j3pepL+nxt52tnptwBwDPANITMXdaU8HyYEidLi4GsL7wiyNoPB4Lb4G470zLYhhurQt1HwmnrfXchLsRgB8VruGd9b5usV5+aqaeiKZyp+Pil1mEjMdj4i0gOtMyMxfMvLLmo15Uz8432Ly5GzHzyo7HJSnK7KOydbjdd13VkNzWZAA/cVgvs43gwmgdj0fKWxB0peUjfbxWPTeur5a7qgTLf6z3mWNjVQ3NmJmY+YqZvyCO9V+N8z0i560rhNKyMXQT/H9H7EX17DXgenFXZZjuLQv56NDYuMqSRrqsoul6oth56wpBtFzRv0UkibCt9dyUuyrDNPU4kXv4LQTUeFzRJ0Jr+SYWb6kDPXtxNzpxMi4n4rOfi8bjive6sEJpuXKOhIgSWTKSy5GpnttxV/aYPrnGlER0C+BVktMUAeNxRRAE1bKEekl51BcD+BPAv7IH9grAQupUPTfkrrztiZ0Z+1bT3ncAswGPmAkOk5+7nryXkPF4XxzNhZ/dUOoKeE6htfzXHAkRLSQEnDFzIeeeqp7bc1c2TLZlHJ8gKQPwOFRvSTrxlxEnEX1j5oczisf74Mg8HQNEdO+xk2FndYU8pw60bDyIJ/leCuAzM9vberxKuzvJ21E9N+XuRPp+diSLM0WD1HQcsnJ7yWCW+QI7Y3XfcXtZqb0kcDZzUN7w92r6/XvXFfKcutCyVVcqF2ra824JZ6vnJtxV7WA5wyHbeEFEGzNqiRX9KhNhQ9/MbFfzuW2sPLZe/3iwnwkN5Blc5qGBkDmMoaQCFAH5CVVX0UGfBdFyaY5kKaHNjoiSnvr0bPXcmLuaBYO5sdCmg4c08ruse5LfMAlUZ14aSXyOdEi8lfiZDqGukOcUUsuWx5LLfMnS8gKe0cNi3nPVc1Pu+l5gqYtRlbdz7oPsyG4Ez8pTWO50z2+Fwv2uUnkSOKu4g2W2wU2UtubcqWFSKNznSMq3zZPynI8YpIUuLWrHnRomhcJtxN9VGJuiYjJ6gX53mLxI7np5rpxYTpMb8YmIJvo0EOXtTHBqjZf5m8m9mgK4O4O71oPnbtThRWUeh/PfnQTLhcvN/+Q2pEJ5GyreZFRflv8hg8SN9FsO2W9cKWvP3W985ch0S4j4GAAAAABJRU5ErkJggg==" alt="$v_1 : T_1 \ldots v_k : T_k$" class="math-inline math" style="vertical-align:-0.164em;height:0.911em"> and a body from the language of statements <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABkAAAAcCAYAAACUJBTQAAABnElEQVRIx62W7XHDIAyGXzyBL93A3cB33cAjcB3B2SA7eAS3E/TcDcgGbbqBvUHP2UD9EeFTKF+m1Z0OEgMPEkIIRIRcBVADOAEwAFYAxO2F/6+d8RrAuGfxkRedecEOQMNtzyACoHlOx79POYBW7LpPjNXbwreWALQ5gG1wptVazFmJCCkXrdIFO85u5nkTEaFCWF4Z9EVE79gnZ24NAD9EKVWz2QDwhv1ylbCQJc+ivxRAvgEsRLTEII+i/1QAeRAui56Jlb4A8sH36iYZYUh80Zo9ESZV8aK+g189O1zYDQbAmYiuWXZFYr13rPHpBcCQuqipS5UDsjoWQTyZNwWaiiCBfBaD6j9DIk+AVfOvEAGbBGR2v1cibFulVIcyGUX/4H6UN/7IL12JfMZyXeUkxaUQcvCk+XuIUqrhQyyVLuC6O0vs21HqriO3Lza9/0orIuZNQWT1ooqpg5fRifN+B0CL2quJjNvqo1XsagjtSkwchAVNYuw2uBVpw1YbhlOI5s1oPlhbxQyZFsMA6AKumATQWmt8JWlMfwDWk6gpP8EGnAAAAABJRU5ErkJggg==" alt="$S$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">:
</p>
<div class="mathpre para-block input-mathpre"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAh0AAADvCAYAAABWpWbcAAAgAElEQVR42u2d7XHiSNeG7/PUBsB6I3g0GeDZCBZngHcjWMjArolgCmeAJ4IZnAFsBLsmA3gjeAYy6PeHjtayRhISSCDguqpUNqCPVvfp7ru/TlsIQVUxs76ksaSPkiJJPUlLSV9DCE+Zc+eSxiGEtQAAAODqsSqiw8x6kr5IGkpaSJpKSsTER0mPkm4k/RZCWJrZTNIwhGBEMQAAAFQSHd678Zd/vA8hLArOm0kaSPomaSRpGUK4JYoBAABAkv6zQ3BEkl4VD6PcFgkOSQoh3Pt5I/9qQfTCVSt6s4mZhYaPGTELAOfKTzt+n/vfqnMzniQ9+P9fiV64cj57HupJuksJ8kSUTyVtC67tKZ439aviYc309wAAlyU6zGzihd4yhPBc8X5/J/+EEJZEL1wzIYStiwuZ2TYjOipPsvYex5V/JF8BwNlSNrzykGqtVWWdasUBwBt36XxSZ1WXn/voH1dEJQBclOgws3R37j4tqzlRC/COQer/fUT5MiPsAQAuQ3RkWmXfa9zv5oBCtfP40mGAfeymn/rqkMmgiA4AuDjREaX+/1jjfj3pMudzmNlA0ibTCwRQhXQvh8pWgVXIW4gOALg40ZGeUf9Y434LSR8uNK7+8b9/YDZQk3TP4XKHuB0V9KjdiF4OALhQ0ZEu3AZmNq0ytBBC2F5qS8xXIiz1fvkiQBXSPR1fSwRHpHgZ7U1BnpwSlQBwiaIjW7iNFA8tvJrZgxeO18g0aY0e42Fm1jezuZltzGxlZg8l5z74eUefxOtOsBL7iMhW7+Im8beRUDa0MpaUK9xDCIvs/kYAAGdXJha5QTezqd77Fchreb1Iml7TOLOZbbwS+Lnl5wwUTzi8DyEsUukxzvpNyfhxkKS7PecN7BvOtNDB/f37+BkqNXG0aD+iVBq+uHdfAICr6elQCGEsqcwpWKTYl8fqWC3/jvAoqefO09psHc8k/ZkSD9tUazjLd72fh3PM3oZox+f0ez204Ba86OjKsu0/ino5zKxnZpHnn1f/muXmAHB9PR2pgjHZzv53lbtgvr0WL6ReoQ28F+KlhftPJUUhhLucZ65DCB929Di0Eq4SgfR/Kdt4CiE8lvSKjNW+K++tpHkNT7ptxs+m5vt+YIUKAFyt6MgUoJHiiZR/6L3fAemKutW9on31Vn2jFbzfe6PMEImZJQlV2P1uZisP01ErLg/zyAXRC9nqXX5JD3vd6/0k7RtPr7Hnp23bw3YAAGcjOnIK1Lned6f/7Ks8rk14PPtwVBP3HUmapCsf/266qxfDdyAdFs0bgKPbSDrdCgVFSpw0ZkcAAF3kp30vDCGszewu05KLdIINqVwA3Jwg/u4Vz70Y+dDBYwMt/X/8vtnnJPG+6/5sCNYd0v45qkzsZT4HAFyH6Egq7robUZnZQm9+CI5e8VdYZXMsIkkzM8udc1EjTpc5giqJ311zFPpis70uMagoKPplwsRXwCyZ6wEAFyM6JH3Jtqorsi74/1hM9X7lxrEZ6m2IaSnpz4bvP8q8a5H4SvxBzDDr0+MTsNMTSMvE4I2kRd7QZGol053wSAoAFyQ6BhVa0rta6UcvFL1n4CRDCu6sK/LK4LGlSZTJksvtjtVBv3t80NPRDdK9HKWeen2VzXOJ6FyTrgBwMaLDJ7L19H5+RlWiCi25S2zJThT7KVmkl7Y2/Iz07qTfdpx+r9hZW5fj7FhLZqV4yewpPXjWnc9RxCdJnymqAOBiREemVVa3UkyuvZp9IXxVQquCIydd5hXOvet41N3puHvXnFJ01Em7Mjvr6cAeSACAromOpLKqOwEy8cq5vBb/DKlNuZYtCw7p/XLk5Y7KqfNd8O407PEKbCTrw2axxz16nr9ermUZOgBcPv/JtMoqt0K98k0mOf55RXE2PeI7/5KqsNc7xN/JKnN3550sG4b3vRzrPec6fVHcy8HQCgBcjuhIzeeQpKjKPireCku6jMdX5P687xXK85HeeZWJ87wwTST9c6qeppQb9KmkeZt70pwRhfutVIzTB28ALK8lbwHAlYiOVKtsrXjseLpjC/W+3jxxjruwv8UR+ZTqWTgG3wpaz0laDBT3Np1yV9Lsnjyja85Qmcm/Uo35HL752yxlX1MBAFwQPymez7FVvNfH2sy2kiZm9slFyMoFSaS3iYBrXdEGbymO6qQphLA1s7FXPl/c8dgytdfJJ0m/nXjMf73j8zUIjb7e76OS5lfPU3kknnQ/uKjsZ9KfCaQAcFnlpfda/JkWED7kMvaCMBl+2Sp20T29xk29Uj08j8deiunpMfFK6SbVC/LYhUmGqeXD60S8XpFdDNSO+/LHEy/5BQBovszcd8O3KxQdSe/CM6sJAAAAEB0AAADQUf5DFAAAAACiAwAAABAdAAAAAIgOAAAAQHQAAAAAogMAAAAA0QEAAACIDgAAAABEBwAAACA6AAAAANEBAAAAgOgAAAAARAcAAAAAogMAAAAQHQAAAIDoAAAAAEB0VMfMhmYWkeQAAACIjraZSRqT5AAAAIiO1jCznv/bI8kBAAAQHdCcyHows1BwbFp43sDMXv3+r2bWJxUAACDLT0QBHCg4+pLmqa/6kl7N7EMIYU0MAQBAAj0dl8mzpA+S7iRtW37WuOb3AACA6IBLIYSwDSGsQwgLSYuWHxfV/B4AABAdcKF8b/n+85rfAwAAogOgPiGEJ0nLzNeLEMIzsQMAAGmYSApNCI9bMxtK+lXS3yGEF2IFAAAQHdCW8HiRhNgAAIBCGF4BAAAARAcAAAAgOqBFzCxyr6JzM9ukvYm6x88H9wI6M7NVg8+dl3gyDT5vI33+puTcQc79K3lK9c35Zma2Sj0j/e4sxwUAOEOY09E9wTGR9OAfF5I+683BV0+xw69JS4/fHvj7oe8+kDTVm4+PtaR//HOk2NtpX9LEzF4k/RlC2GI1AACIDjhMcNyGEJY5pz256/G/1PAGdiGEezObShqlRM9jQTgk6db/PqauKePFhcSNC6d0+HuKfXtsJY2zS279nWcpQTKU1DezO9ytAwCcBwyvdEdw9FKC47mkopf/9mcLYZilxMNTCOFuRzjWXuFPK4qadQjhxQVFnqfUtaT/5vn48HBk3bpHkuapXYQBAADRARX4mPr/pkIF3tjyVDPrmdmr9x5I0n0I4bHl983zlHpfNlziAicbrkjtDTcBAACi4yJJT44c+lDLLp78OERw9CX9n+K5ElvFwzqn8rexc35GgafTEZNLAQAQHVCd7LyEZKXHPFmtklMBPx7SI+GrUV4Vz6dYKh7aWJ5BXOWFcYAJAQAgOqACviPsuqAynSieuxB8GenUeyj2xntSZqmvFme0EiQvnu6wIgAARAdUJztRMo9I8WTPV/dlUXsSpU8Yfch8ndubckaig+EVAABEB1TFJ0reKn/4II+h4qWzdejpbcJoltmZzI34X8F7AQAAogPqCI8Qwq2Lj0fFS0vLej/6FSedZnsKPki6z6m4Z2cadTgJAwBAdMCe4mMZQkh8ZfycEgnPORXsQx3BEUL4kPjM8PtlRcy049HzoUBIAQAAogN24XupbMzsoUCEJI61xpL+q4xzrRrDIsvMfcf6cThnlN1npWN8zPlujhUBACA6oBqR4uGN8a4TQwjbEEKVSadVuc+5Vyfnd/jE2byVO98wIQAARAfUFB81ehnWKSGy9/CCX3vfgd6DKpNB8/Z4eWLjNwAARAfsx5eKS2GTFv/BHkTdT8hzjgCadeW9veclO2l2eQSX7QAAgOi4WHqK/XD0CyrfnpmleyEaqXR9fke2x2C4x+qYfekXvbf7EHnNCg5Jv2EuAADnAVvbd5Ot4jker2a2lPSPf9fz7xMnXmvFm6StMxX0KNUj0MsRERv//3MI4Sl1XSgIz0Nqgut9sjdL6j55vRNzM9sqXi1zW/G9Hz3c6fe+cTESZeLnXdgBAADRAdVZpyrU/3olO3aB8XuqYl8rHgaZl2zM1lP5/Ijkt18ODHOvwu91nHYlS3hHir2zDjwetv7eS0lfT7ghHQAAHICFEC7/JeN5AhtJzz6EAKdPk6l+nBT64ZAJsQAA0G2Y0wEAAACIDgAAAEB0AAAAACA6AAAAANEBAAAAVwpLZuFo7PAfIsX+OSRJvrMuAAAgOgD2oqr/EAAAuECuYniFzcA6kw5PIQSrchBbAACIjnNmrR/37gAAAIAjcRUeSQEAAOD0sHoFAAAAEB0AAACA6AAAAABAdAAAAACiAwAAABAdAAAAAIgOAAAAQHScB2Y2NLOIJAcAAEB0tM1M0pgkBwAAQHS0hpklG4n1Luy9+mY2NbNXM9uYWfD/H3LOndPTQ9wBACA6oLaIMrOZ4r1kIkmfJf0m6VbSVNLYK9K+nz+TNAghrIk74g4A4FSwtf0ZttAl/eUf70IIi8wpS0nPXln+ZWbfJA39e+KOuAMAQHRApUoz0ttOuR/KWt8hhHszC5JG/tWCuCPuAABOCcMr58Xc/44rdvc/pf7/StwRdwAAiA6o0lKfKJ6DsAwhPFe87O9U631J3BF3AACIDqhCsqric41rkhb9grgj7gAAEB1QpaU+TH3cp9U9J+6IOwAARAdU4S71//ca193QWifuAAAQHVCHtGOqjzWu60lXPyeBuAMAQHRADbap/x9rXLeQ9IG4I+4AABAdUJX0Es+Bu+/e6dI9hLDFkyZxBwCA6IA6TDOfR5I2yV4hXd4XxMwm7lb89UThPNu4AwBAdMDR8RZ3nn+JvqSJpJWZrbyC70wlamYDxctVex7WGXEHAIDogO4Lj3FB5ZkQeQW/MrNRR4Id7fhM3AEAIDqgw8Lj1ivQbcmp02SX1BPzLRPOZ+IOAOB6sRDC5b9kPHFwI+nZK59Lea9I8S6ofygeLkizDCHcVrhHX9JNzo6rTcb9SNI6hPBySXEHAACIjqsRHTmV6FzvhzB+DiFsdwiOV0mLEMLd1WaCinHndvTJRUpy7lLxPi3PZXENAAAMr1wMPmEyKxyiIrFhZlO9bfVO3O2IOzN7kPSXpP8pnoB6pze/HxPFK2IeiE0AAETHOba+e3VXU3jlmR4mucnc89XMgleeN9pvL5Krizvfv+XXEMJtCOEphLAIIaxDCC8hhHtJSe/ZxHe0BQAARMdZ8cVb0HVZF/wvSb+FECyE8LNXlmvirlLcfZE0LFrZEkJ4TgkWfH8AACA6zo7BoaIg61HziuYcNBZ3Po8j8WBa5kY97YRsjPkCACA6zgJvKfckrfa4PGllL4i7w+POhdoyR1hkSYucHlYMAPAjPxEFnW2p71Ph9lLXTom7ZuKu4vLZ9PyZFSYMAPAj9HR0k2QlRd1dTpN5DMsu+cS4krhLr35ZYsIAAIiOc2utD2u01CPFTrgk6c+uvIiZRWY28n1YLjnukusXbTlaAwBAdEDjlbTe5gREVfYC8aGBuX8chxCWHXmXnmJfIFNJc196enFxZ2Yzf+5a0j1WDACA6DgXkpZ6sjvqtMzpVMqraOSV5nOH3uV3vZ9UObm0uHNhM/Rn3uGVFACgGCaSdo87xRuS3YUQ1ma2Vex06pNXpCuv4CI/N6nwbrvSw5Eiu2w1uqS4856bqeLVLvcIDgCAcujp6B6RYidea0kKITwqnhT57C35ieLhgIn3ItyHED50UHDI5zYkvQdLSVsfzjj7uHPBMVO85wo9HAAAVcpONny74sSP5yIMdaQN38xsFUL4cAHxNlLcw/HDkIzPK4mYTAoA8CMMr8AxubkQwTFR8ZDMUNIvulLnbAAAZTC8AseqrCOd+V4vLjgeVT4H5A/FW90DAEAGejrgWIwlfT1jwfGguIfjSfHmb9lTflE8T6Svy91IDwAA0QF7VaKRV5CS9NHMouwGcQ0zlHR7pnGVCA5Jeth1fhcn9QIAdAGGV65LaEzNLJhZULx8NFnC2pO0Sn4zs3kLlfbiHFd4uDir41+EVSwAAEVlKqtX4AiV9quk/7KsFADguqGnA9rmUTjOAgAAXcmcjhDCNmfiHxwn7ulZAgAASdfV07FW3M0PAAAAJ+Aq5nQAAADA6WFOBwAAACA6AAAAANEBAAAAgOgAAAAARAcAAAAgOgAAAAAQHQdjZkN3yQ0AAACIjlaZKd5eHQAAABAd7eAbvknxbqoA0O382vcdkV/NbOM7H7/6bsXZc+f0YGIf2AeiAw7LVAPPRElm6u95n6GZzTKZc+XfkRGL4y3yuCo6+sRSO40DM5sp3q4gkvRZ0m+SbiVNJY3djvt+/kzSIISwvoB3L7O3AdZx3fZxJnVWmQ3/2+D/iejqnoqXNE991Zf0amYfqmYeM5tISqv+raRvkm4kDT3DDs3sLoSwINahI3b/l3/Ms8ulpGevSP4ys29uy0tiD/vAPujpgP0Z1/w+mznnGcHxGEL42Xd7zQ4vzQ4sCCY71O0+x6zJyEzuW+caF3cfvAX1gkm2XqFE3nrtSbotE8IhhHs/b+RfXYpoTuztGYvAPs4NT5PEhkuFHj0d3SOq+X06cz5ISnfFvoQQnlKfP2Yu6ZlZL4Sw3TOsn71XpifpLpXRk8w+9V6WPHr+Tr96iyT9fZOF1b6ZaO33mGbCB82T9OyNK/bmPaWE9dcLKbTT9jbCJLCPM7bhr4p76BEdZ5TBBiUZr4xPmc/TzOd/MvdeHyA45Ncu3NC2mcJyXGM4KJK08o9Ndocyb6X7rdiJp9MyhFC1lf93ygbpPsc+sI9uUVqnMLzSPbX4lFPxLnZlOJ+ok+0lyFb694q7b9eKhw3uGgz6XUbMrGu881rSo39cNRimeyyq8yQt0s81rklsi65z7AP7ODPo6eim8Lg1s6HioYe/QwhV5hXc5Hz3Padnoi1fJekelH0y+7JAKO3bQkqP60I3W7HDnPSvw5xYxD6wD0QHNCM8XnQmkxi9gk+P4R0yGbSp5W0TrKjz3BUJ5IoCm5Ys9oF9nBkMr0ATDDKCaZ/M3vNrDxYdZjYSvRznQHrOzcc9bIXxeuwD+0B0wJW3SJa7BEHaUUymdbK34HDHQQNfMjwlSc6C9ISzxxrXJcvzAPvAPhAdcEDFuanjlTDtBU75EzA3ZZ7hGiQdtq8l7xe5IMibf7LeVyz4fTcqXvlT6PGxgTTrub+Secbr69zMHvaNb/cmO/V7pdMx8Sg7KouPMl8oxwh/RdIic+Dvu/N5IYRtl7xMHpJWDT0/8rSaZ56/SdyDe1kxM7PVubzXpdhHE3HZhTzt7ucnGQ/XiY3NKnvODSFc/OHdbUHStOPh3Hg4845BzvmDkvOLjl5LcZsc/ZJzJ5I2LaZv7aPCvfPiuO+/PfjnRPBM/G/63I2kqMa7jHLsILn3LPPbRtIw5x5RlXduI/w1060onK8etqjj+fXgtMq5Z79K3s/kqfSzHzxcI/9/vofNN/5e12gfTcblKfO0Pzt7j5U3ErPv8erfF9Y7iI5uhTPyY1qn4CkxyuERwjysUqClwjc7QphqF7R1RUeqsJ9UeP6q4rNmmetmBec9ZM57KEiXoRcCP8RFG+HfM36nO4ThysMadSyvNpZW+4qOjODo77jnpkpeaOu9rs0+2ojLU+RpF02hojAaVWnsIjq6Gd7+GYmOdMaa58R7lFH7owsQHdMdlcFgj/TLFlDzHedPqvQwFYRl2HT4W65YwrFsZ8/KpJG0qpP3M7170zqNg1O81zXZxxFs5Ch5OtugrJLGBfaL6EB0HG1IKO+ILkB0lLbsCtJiUjNzRzWHlOY1wr9pMvwN2vy0gj31T5w3W0urmqJjsKsFnXNNYV5o+72uxT6OZCOt5+mCIevpnoLrnehgIikcNIFN772g3ive8Cc57hQ7I0tWtHRugte+ZPa0yZLnU6Bs8lbWp8jOeHJHb8vMRLuqE8R6DYe/ifhchhDGIYSffeXBo/JXQn05cdIfO62KSC8nHbq78F08+dHl9zp3+zhVXPZaLpOkhlYFIjrgEAaZjPXihUNyJO7bE3fk3y7kvfdx2nZTNCNcP+4RU1WY/ZP5/PHY4W+pglmHEJ5CCLdewaTjo1+lMPaZ9oMmw3WitCoi+9wHX02QrFAY5MTrYwjhsePvdRT7aLEhdqq4bDpP/54n/JqIIzySwiGk/XNUcQh2KW6Jm+ytyasYv1csOLMbK/UrpsPZ9DaFENZmdqf3S8IjlfiD8YL/1eNiceZpVRQvCzNb51RwgyScZpak9UJx1/iy6+/Vln34u3zy8CVxtlS8OdzzIRtfdiQuG8vTnn9aE26IDmgqg5UJin6ZMPE9FpZnNPTyvwbv9aEgXjd73Gt7gvDXLdB6km7qbghoZouUvZX1Go3VnjfaU6TVLtH/uqOCSCZyj8zsRdKfORVsZ96rDfswswdJfyj2ITTxCrrv300kTczsccfwRNdtpMk83eru3IgOaEoNlynyG8U75W4LCpmZF6DrK4zKvAp0qXoeGCXp+5m4fU7G3OvuALwuatWZ2atXIlu3w6Xe7wV0kWnlle2t558q7zv0CuW2w+/VqH0kG2f6UEz2/Bd3yjV14fFL3vDTFebnm5ZEMqIDGuvlKJ0o5fM6ngt+Hkla77lfyyXwvaDAWVyw3TwfWtlmvvotLWjNrGolfPZp5XFx642AgYv3jyW9H30zm2Qq1y69V9P28UVSz8xGXg79UDaZ2b0/98HMpgf2uF5Cfv7e5s2ZSAr7Unc+RxGfdIK9UtxV8NzMTr1Py6piS+PsSa12Wu1xeVRkaw2Ox59tWvnE7acQwl1qhce9V+DZ+Hno4ns1bR/ei5qIr7KehnQZMCY/5/Y4NzbHA9EBTfR07DVB1Ls2e4e2bA58h8GJ4zFv1nn/CmymlkBMXTslrf7dd2nj8xVyW/u+mmws6b9ZseYVfNfeq1H7yCxDnVasZHvXnp/bHtZBdMA+mTybiRZ7FhQTSS9HbKl2sYW6Vs5KjJw4LhVvvlxy1HHTSXrH6u4AmvgMWIYQXkirf1v2vSotc98A7U4F4/Ideq/G7SOEcBtCsB2TRG929FRcY35+yRO6iA7oQot1vecY6BcvND+3EL4qIqaX08o5FX/mfFepmzcl3qQf1/l31W6GNQrgZPVFUTxde1pFPlmyCutM5di19zqVfaSHipfkZ0n5w1FVhVMP0QFN88eBvRwPXrAsW+rKm1doaQwaLGQObUHnzW4f7WpZpFb+9BT7Gujs6pWM99qoSivO3y9Jy3EX3q+jafWloh+IflEr9tTvdWL7SJ61aGLC5yXkZxel2Xf4VLFsH+y6OXuvsPfKIdvID2tcG+m9X/5Ri+n9w3bSmXAkv/f22HvloWYcVdofQz/uNrlrx8mVn/PahfBX3K0y2RJ71/41/dT7jfbcbKvNvUAaT6uae69kd/RcqXjTv6Ry3rkPSFvv1SX7KLCV1a6yoEM2cswyaaJqezz1VL4x34OSIUFER6fCuVH5hkabrEGmrtmUXLPRAduTewYfeMGQ3VZ5orcJmdlj6NdMVLAdc8vCbZNTMM93CaaUKNmVFpt0hVAjLXYVpq8517562LO/TbsU/h2F+yap8FKF2cb/H6VsbLarIj216GgqrWrm/XT8jTK/pZ899TidZuy9Unw2+V5dtI8CoRN12UZOXCalBVFyzdSFxEOmITlRzoab765FdHQqnFV2aV3tcc3elbyKd1k99Hg4UpyOPBNsUgXMTOVbR0c13mO4R1pMKhZWiVjbZIVn0nLoavhzwvSajXMPZ/YdN55ewwZar/Mj9kzulVZ7xH2UyZcbL9+SXVhXmTAkPQfDU7xXF+0jsxPsvOkejjbisiNl0jDHxpLwT5J4VP4us/++r/lJF42PlW18nGwsALjk/D7zAnLhqzYA0vYx9IqR+uAEMJEUAACuRXAkwzPjrOAws6jpnYnhR3CDDgAA1yI4JpJuC1aGDCX9oiPuknuN0NMBAADXIDgeSwSHFLsC+JvYahd6OgAA4JIFx4PiHo4nSUMzy57yi94m466JMUQHAEDVCibSmxOsj2YWHbhrKFyG4JB+3OjuB7rsYO9SYHgFAM69Ypn6XhX/+lzwn3qSVslvZjYntq5OgE5qXLIl1o6QLiyZBQAAgGNwFT0dJ9rFFAAAAK5NdDhrxZ7TAAAA4ARcxfAKAAAAnB4mkgIAAACiAwAAABAdAAAAAIgOAAAAQHQAAAAAogMAAAAA0QEAAACIjvPAzIbuix8AAAAQHa0yk8S+KwAAAIiO9vAN36R410kAgH3Lkr7vavtqZhvfvfbVt1DPnjundxXgCkUH1CpUo9RW4HlHv6XnDrzwTgrxfsm5ZeEbkIpHtZfBjvToXch79sxspnj/pkjSZ0m/SbqVNJU0dhHS9/NnkgYhhDVWgh3BGz8RBdCF1qOkeeqrvqRXM/tAoQ0dsc+//ONdCGGROWUp6dmFxl9m9k3S0L8HAHo6oAiv5D94C+7lSI8d1/w+Cd/zhVRqkx2tvH2O2ZHsZZFKj4urZH145FXx0OxtjuBIx8W9nzfyrxaUKNgR0NMB1YSHzGzqLba2iep8nwnf6AKi/LPinp6epLvMOy0Ud99vC67teTz9mkmr3gns5aviXqpLIumBG1fsdXuSlMzv+Eppgh0BogO6WbAPSgr8Sy9st0mr2My2GdFRtbJLWuUr/3iK1uL2ktLFzCYu6JYhhKq9an+n0pUWO3YEGRhegS5Uuk85leSiRkF/Sdyl/l/XmdPi5z76xxWWdTBJj8XnGtck6cXQCkAO9HRAV4THrZkNFQ8T/B1CeLnSqEj3+OxTcS0zlR/sgdtiNk7rMCcWARAd0G3h8aLjTV7tYkXX0/ux7EMmgyI6DiPd4/S9xnU3BwhGgIuH4RWA7jDIiLB9Kq6eX4voOIz0JOaPe8Q/8zkAEB0AZ9O6Lq20zGxU4DDpRvRyNEF6MuNjjeuSpZ8AgOjoLnV8L7gr5l3nznOe8Vpy/miPMPfcx8Q85RJ65Z8fqngRTF13dO+ivgng1MOcDsfKzGb7xEmDPR1fS8IdKc2sUmYAAAfDSURBVF5Ge5Pz89p/azKe+p7OadffG/88azKd3DNl9llZuzrGcsq0cBu4ney05xDCto1epkNtdZen4abz9antCDpMCOHiD8VdnkHStMNhXEnaeDizx8aPqZ8bpb4rPTfzjHnB/YOkYc75g5zz+v7bQ+p5c0mTnPtvJEU73ntTEqbBjmv7da/x60Y5z03eYZb5bZMXNy3a6Lt4Ljh3ImlzhDBFOWm6clGTjatX/z6bHr2Kzxr4vfPSZJoTjnlZHDX07nk2+eq2Hx2pXGjEVkveJ8TVwL/nNZKvT2VHHGdQHyM6OhfWvIp+uqMCqnRuzjXzssxcJDpS108qCJtVhQIpKihoGhcdXsClz58VnPeQOe+h5XQf5lUCJZXH7AiVXahYoY1KKrReDXsstWHPx1n7GrUYB9OyitorzklbAqRpW3UbG3rF/oPoaDJfn8KOOBAdiI79w5tt2WzqtMgq3P+1YgWdK4DKri24pkrvQ79t0ZFTiM9rVoZttqxnReHSm9fRdKt3dCwBVOXdC9JiZ2WRE8ezGvZb2Et3ROHRivhp01YL8uiw6Xx9TDviQHQgOg4L70OV4Y/U+ZULwFSm3uzZ61La6i/oxp2cWnQUFIBRRbupVPA3LDR3HVHLeaVW71lBRRn26EmL9hRFvRbTpu/iY1ca9VsUfY3ZakG8b5rM18e0I47zOphI2k3yPHF+KppglvP1uOTeyW+f9w2cexAtIs+nQRe2pZ5kVyfsmvDn7smXmQmFjb+LTwxN3/de8cZXyXHn6basGvYG40lNT0wteVZVD6yLiuFuat7bMoQwDiH8rHhlyqPyVxd9OWNb7TWcr49pR3BGIDq6Obl3qx+dZPW9cqoiRorOTcZNi4RNFfZx3nVzyvj01Q5RyeqEMv7JfP7YQhAHmQrmxSu65Ehcwt/7Od9ajK7f8yrdloRWf5808fyx3RXulvLmOoTwFEK4dQGyzuS73pnaatP5+ih2BIgOaI7prh6MVMG9Vby7ZZrHnALt3y23veDeh3P0AZG3FO+7Lw0sPXIqtzaWa97taMVnacXFtld4vROmySH0jrSU9p0AyaSdVLxjctdtdX2mdgSIDmioQFvkFCKjAhHynCNSRiWi5ZCu6P+dYXR+KCjcNxWOh8x1beyAOagoKPplwsR9ORxS6UVHTJPbnO/qxO33psPvlXdUM5+uM+lxc6a22mS+jgRQAHuvdJvPGYHQM7NhajO0RFhMQwhrM1ukK7D0uelekT3da58zeRXBUvU8TUrS96a7iHNahYsd75HbS+Ut3Zm3vNcNxtP2iGly6soumZNxX/O6dYM9Bp211Y7aESA6oEGec3olxpJefAJpzyuhpKCbZlrNn/Q2VvuYuue18b2gUO6C+MrO51iXtKqfS9JvpHgi5qLheDpmmhzKtoG0OCh/NDDBt8u22kU7gjOD4ZUO4y3abGEz8F6LTymhkZz/kil40xNKR6nek2tjdaSW9j7Unc9RxCcdvjogr8Jsa2x+e+CzbiqGvxKpFUSrPS6PGki/c7DVLtoRIDqgYSYF3yVDJdlZ59mW2mNDE0jPmbyZ+f2OhK3qfI6yCnPkhfqhrfRjdsd/Lam8q9DLCf+ioXSoE/e91LXTC7fVLtoRIDqg4QycN6F0WCAw8gq+3/U2gXR6pXG4Vo5fhTqrHXxX19DkJnA5z1/scY+ei9CXhgTlS84zBi2kyTLHrqM9462JXoakx6nuDrFJo2CZ0wC4GFvtqh0BogPaoagFOy0otBaZFmFRr8g18WfOd+OaFbv0oy+Epno51nvOB/jiadzUsNnjAS3t3qHPqlgxDSqGe5+0GNao3BPX9EX2dUm22mU7AkQHNExehbIoqaSmNYTLtfR25K0AGO2q5FKrQnqSnhvuOv7jwF6OB68kl02Fy20qG0+fKoZlUPNZzzkt4kmF9MiG5/GQ9894hI2q9BB4OJLhsHGTdtFRW+2sHQGiA5rPwHkTSqcl52cnlJaef0Xx+JRTEM69oMsrAJMdOQdesY+bCotXEOmW37zGtZGZzVIV9LSFeEo7m+uZ2bzoPcxsWiIWRh7eXsGz7jPCo29m8zx/GT7E8JppCT/tcN9dp5dj7eJ8WmQTmXBELjieL9lWz8GO4Hww32Dnsl8yNtSNq//xmb7DIFUxbX0fiLLzJ3pzFrQIIdzVaPW9JoVEwWmJoLlPJu+Z2SZduJRc8zldSaSuK3vW2t1O17lGkm7zeoO80viiH7t7l4qX+91kfmvEbvy5N0lllXnGU4nw6Pl1H7xS6WcKd2vJ5oZeCUSpeP2mtxUWv+ptOOLJw1XUSi21We9dmGTSdK23lRCR3s/5WHoPx6KB95x5uG/d302Sd7YuQlYejkjx3I+hf75vuzehKVs9dr4+lR3BebT+2GX2fN5j7uJpVPGdV35+v8Yz8naTLDqGJTvdFh2THTvk5h2rPa6psjNn3wvDV73fQXTj3z2ood1cVbxj76HHwxHsbui9KatUPCVxNJHvAKr83UH/jdOazypKk4ka2s019czX7D09H2RtY+N5cHiCvH+QrR47X5/ajji6e9DTAQAAAEeBOR0AAACA6AAAAABEBwAAAACiAwAAABAdAAAAgOgAAAAAQHQAAAAAoqP7XOl27gAAAIiOE7HWmxtgAAAAODL/DzkXCGSqXFDLAAAAAElFTkSuQmCC" alt="\[\begin{mdMathprearray}%
\mathid{S}\mdMathspace{1}\rightarrow   &amp;\mdMathspace{1}\mathid{v}\mdMathspace{1}:=\mdMathspace{1}\mathid{E}\mdMathbr{}
\mdMathindent{3}|\mdMathspace{1}&amp;\mdMathspace{1}\mathkw{skip}\mdMathspace{1}\mdMathbr{}
\mdMathindent{3}|\mdMathspace{1}&amp;\mdMathspace{1}\mathid{S}_1\mdMathspace{1};\mdMathspace{1}\mathid{S}_2\mdMathspace{1}\mdMathbr{}
\mdMathindent{3}|\mdMathspace{1}&amp;\mdMathspace{1}\mathkw{if}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{S}_1\mdMathspace{1}\mathkw{else}\mdMathspace{1}\mathid{S}_2\mdMathspace{1}\mathkw{end}\mdMathbr{}
\mdMathindent{3}|\mdMathspace{1}&amp;\mdMathspace{1}\mathkw{while}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{do}\mdMathspace{1}\mathid{S}\mdMathspace{1}\mathkw{end}
\end{mdMathprearray}\]" class="math-display math" style="vertical-align:-0.000em;height:6.218em"></div>
<p>The language of expressions (<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAdCAYAAABSZrcyAAABm0lEQVRIx8VX7W3CMBB9z2KAiBEyQtoRYAOkbkA3oCNUjEA7AmxARiBsUEYo2eD651K5luOcQ6JasvLh+8j53jtfKCL4tyEivRPAHoDMNPdMRU6yAFACWOr1EIi8ArgkYlsC6Gy8AKi8tY9k5JGduHtffszRVf3Ks7Fz1vSQLDWKbpxHpPgK4F0fby5DdxU81yNh1um1Oc7X3n0rIreRzm+PRl5PwDKb8ynyHTCgBQA3R75J7khuepaL3603UuToUexukP8CUCXWSxHB5PxWLovFrpsh359WQLoR+b6EJZhkSXJDstHITYBcZPIbABqSQzpXE4uGjlSSd2/bawBvPYfHGsBWQcyHI4/k+6j1OTZOKr+0Et5Nye/c6ucy8m2p52UKbArMakzktbFmp+QO+oHpNkqF/LZnm9s8xBoJa5GZ6vzuxt5rJAYjz6rnlpILoPjzfq5+LbDVxGzMnm8AO7VRWZ1vA+flSMednSa63qN0fiTfunM+ZjYxuYWSvwpqtI/0b5KrASQXqv8E4Dn4OWhF5JSilMw4e/HyA0LLUfEX45grAAAAAElFTkSuQmCC" alt="$E$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em">) is defined by the application of operations
to values, where constants (nullary operations) and 
program variables form the leaves 
of the expression tree and non-nullary operators 
form the interior nodes of the tree.
For now, we will consider all values to be immutable.
That is, the only source of mutation in the language is the 
assignment statement.
</p>
<p class="indent para-continue">To introduce symbolic execution into the picture,
we can imagine that a type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHAAAAAfCAYAAAA/QknEAAADy0lEQVRo3u2b0XHiMBCGPzEU4JAKzteBb66CkA7IpYIjHcCkgpukAygB6ICkgkvoADq4QAd7D6zmFA8G2ZaDILczHnuwJFa72v1Xq7UREf7T6VLLPhhjEmOMfMCVnKswjTGDkrLoFoyTevbvt51+987zCpgBS+AN2OgdoAMMAffPh8Ai1wYgBa6Bnm0oIpszNoiZyq4DfAUGO97PrUxF5GnXICKyMsbcqPxugcx5/aRjbIAJIoK60SUgQN/+VnTpAKLX0qN9pm3Xh9qe0wWsHTnNA4yT5d+11WQz1fZQRMYeK62bW1V7SUQWxpgN8PJZsMkYkwIuXExrDPcGTERkUYSBt8BCRB49GMtyP809mXhR9/JZKI9vTzXGSoHRrhcWA/uKY6UZK/LjO6hTcxWWtQDrVVLgck/TpafXKUvXbkwhIquK8+haL7ZTgdaiSkzCZWxRgpekaQvUudzrIktK9Js0EFx1A1nfzb7+bXWfkw9gLG0KA3VrMnV4WzjRmo2ii/B51QA/efyb11wIo30N1kDqGQ1lTlQlQNezX9JUBKoTtFHa1HcuDUefg5yckorjJEXRp9PGf8J5xkoykzakPFEFdiPaPpTaZu0Zp3do4bdLupCq+BfcVambshvab024wgjw7/ZQ/9aRGAtBNqK9ikl5O7ZZ05oLYR5EgTX2f00Iqad4/FgUXsey/yuxzSoKhIJZYBDGApHN2/6KcANfGWZ2yHtzyLu0jsBYiC1DBswiTYyHgplrn/7tE8S/7rFd+KGsSSCY6ekmvr4CY8I/TQgAvClO1KLAAdB1IPzLfA2lXcH6jo1/lwGiO1dYABeB3HEoL9Vlmz/dhFJgFPin9Efv430pshK0DIilWSAvdYvHMV1VCzz2/s+6vLmIzIiEdpSKLCqOk+pC+OnTvuUxYEz45wrme2QxTB6Pqybuh2zPZr0WgDlUlWaMGQAPDv6ZCFb7EuiIyEVkFriuIyc1lle2qcFFEAuMDP8sjYDEGNOPRYGKo5ucKyy7AKbAuEx2yUeBMeGfFdajYuFDZGWKk4KAxoeeNfNyV6ZT68Twz6U7trnC54iU6JalPPgGLQoJAFdVVvO+86gRAQ4mGzx36ytfr0RwkJs7oxRg5Hm+Oq36f0ZE3Mx3x7m/K8hVeleYaqOtY+YkFQdtycHQp7LuA3jKFM9SldMY+K3PbrHzSnme1cET+FfUW+UaRLDqM2cOa1VoT4WVHJGvnirSLfBdKn9BKgjMOX3coueE9yUDiA3w5VRL/s05fp2kQc0Ptt8nWEgozOyIyPBU5/oXJlUEAeXOaG8AAAAASUVORK5CYII=" alt="$T \in U$" class="math-inline math" style="vertical-align:-0.044em;height:0.807em"> has
(one or more) counterparts in a symbolic universe <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAgCAYAAABgrToAAAACF0lEQVRYw82X/W3bMBDFfxQ8gNAR1A00g7yBXG+QbNCMUGQEd4NG3sDpBo03kEawtcHlj56KM0shlCgFPoCwwC8/3j0e3zkR4d7MOVcAFxHpszsEVwEtcHXO1XcHEHgy31t3TyF2zuXA1XTtUIDfAZnQKhHBb0ARuf5hZH1t5rQiwkaRHoEO+AJ8VcDWjsAJuAC9iLyGPCAinXNup0D3QGmGX3WPHngZceLefD8Pm4ZOcjUnOYXmxDSzTxk5f/jP69C3GbniuelqEmh1AV5E5Bx5ewf7acPin+LB40uR4MEp3juY/8z/9QcmNj5RZ4Kr/p5/Mh0ON/0f8O+QAPAQy1/v9t9ELPuAf6cE/lUT1tfDTReRzk8N9iR+Psxnei+fyL+3sfn+xNNC/Kttqog8zFtoPAuExSbWubafsP6b/v4IDWaGf6U31nwS/zrgKCJHRp6nIP8Swluk5s+xEG/N9znRe/1/t3GmZSvwb5u4/sY2gXcwNf/VwG4pgFkgvIzJqYgHv1wgAkGAS4W3AjoR6ZcGWC4U3r2K28Us0zqA1Bus73gJ/FoUoOYta38SqrFzjDidanlqglbPRYuDSXsHNGAxQ7m0Kdox5iWxVVY5MQK/9eV4XKVY9iRPtMxS7raq5fI1vHejB4caIkbqG2HRrAVsTLCW6hVRXj7r01VptTcUVC1Qrw0uWDQZRdx4l6fVQqj6DGBDewfKfKJpSn3rWAAAAABJRU5ErkJggg==" alt="$U&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em">. A type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIYAAAAiCAYAAACa9KFpAAAEY0lEQVR42u1c0VHjMBB98lCACRWcrwMzVwFOBwEqOOiADBXchA6SEpJ0kFDBQTpwOjjiDvY+sroTim0kW5Flws5kYrAtr1art2/XUgQRIRQRQiQA3oiowJd0av8oIKUyADmAnRBi9DVM3do/Cki3sXI8/Bqqbu0fBeKtMYBM+dfqa5w6tj8RgXlGDIA8fGL5TOXZI+V8rp//rB8AD5a2yyraSQzvv6u4/8D+Z4qXPCrHWwBLjjlvAAr+BoABw06mwdBGu0YqPOQHAwAqiOWtcjw5ocm6ZFsPAHxnR9HPr+QYENG6rBEi2gohrtnetwBS5fSa2ygAzCv0OLS/4jV5nVdpHraymeGsKAHYVZynuvMnhCA7xRYrB+2khtcf2P+MY0zK3jYmopmBp2eaV9cKEW2EEAWAlwo2LGV2wnE+4XAuZdGiuTcAcyLaGGYjB/aPFCjZENGTQUOp9i9TovjCsKnLtXL864Q5YKb9vW7RVgJganhtqf0lx7jT0hXjDlTFvRIZVMyCG+mtXRW2FMRMAFzUXJobImoTUVP0LRFtW9QjYIIWH9k/tYntGr94tbgv11m1xqYTz/E8ZUfdtc2qjsAvpi3amZrykzr7n3EYmTeEvLUlvOkcQ2Yr66YzpGHOvlD6sVGYu8zAqrjS9kg66fxi1TIkmYaRWvvvTGerkl3U5tUl98VlqATg1YY9O5iVmTIzF75RyqKeETdsJ7bMRirtDxvj6B2wVDqp6MSrR6cgdowssDTVKv2vaWdkSgs+sv+ZJTyqBGljg28lz7nxlYkwVMsiz6WvsOUhPJcVqtaWpLPU/lFHHfhXXSWipQfDy2zoKjSnKEn/Fy0dbOXE/pYs3ppfBADT8j3ApA/vS1q0k7jM7qKGaGFTv+haHgMvnjUOzyXjU7hCxKiDDviE6ZiRbhnwqjBX4XnoILxDr3z65he+jb4K1HGzhq8XqmoS114do8X7ka4l4e83zkxayRGI69BFeFbGxzti9JVfXDhg+uoAAMC5w7DkCoUzfr9S+HaM3vELlj/8PasrdVtI7pirpI5Q+BYGyx+OjRjrHjmGhP6Vp3qJLTFG2wnHITIF8NOlfpHBg/vKL1Rj/wiY/0h5adjOGPu1NE6RXHy04UgI8QBlHSYRiR45BoQQOYABEZ0HiBi7NnblSfuKfZl/4xUxeswvpEwBxEKIu5CUYq5SaCHB1rEW2C+wcT4uJo7RV34hB+CJucakJK53LfMKImoiz9hXOu+PoVj0ifmFKvfYv2Z+Dsw51OWUE0OkSDg8AsDVsRSLDAzqgiB1jRpr7kvKzpEEolehhOpECDE14Hs5k83LY5b5BRGpS8sGyve7jUIs7zbASGfpy+505hnS+GOTVfGe9JLrTxO26wzAbz5WN21tWe+lD68F/m82avJ56NmmnlTp744dZcQDEAewREBfoJyzjl6XOYiQfh/D8ywdYf9K3ob0FQC+ncLvd5ysY2hp3w32e0dlGK2SLRGNT8EufwGWLH4pM/0gpQAAAABJRU5ErkJggg==" alt="$T&#39; \in U&#39;$" class="math-inline math" style="vertical-align:-0.044em;height:0.885em">
is a subtype of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHAAAAAfCAYAAAA/QknEAAADy0lEQVRo3u2b0XHiMBCGPzEU4JAKzteBb66CkA7IpYIjHcCkgpukAygB6ICkgkvoADq4QAd7D6zmFA8G2ZaDILczHnuwJFa72v1Xq7UREf7T6VLLPhhjEmOMfMCVnKswjTGDkrLoFoyTevbvt51+987zCpgBS+AN2OgdoAMMAffPh8Ai1wYgBa6Bnm0oIpszNoiZyq4DfAUGO97PrUxF5GnXICKyMsbcqPxugcx5/aRjbIAJIoK60SUgQN/+VnTpAKLX0qN9pm3Xh9qe0wWsHTnNA4yT5d+11WQz1fZQRMYeK62bW1V7SUQWxpgN8PJZsMkYkwIuXExrDPcGTERkUYSBt8BCRB49GMtyP809mXhR9/JZKI9vTzXGSoHRrhcWA/uKY6UZK/LjO6hTcxWWtQDrVVLgck/TpafXKUvXbkwhIquK8+haL7ZTgdaiSkzCZWxRgpekaQvUudzrIktK9Js0EFx1A1nfzb7+bXWfkw9gLG0KA3VrMnV4WzjRmo2ii/B51QA/efyb11wIo30N1kDqGQ1lTlQlQNezX9JUBKoTtFHa1HcuDUefg5yckorjJEXRp9PGf8J5xkoykzakPFEFdiPaPpTaZu0Zp3do4bdLupCq+BfcVambshvab024wgjw7/ZQ/9aRGAtBNqK9ikl5O7ZZ05oLYR5EgTX2f00Iqad4/FgUXsey/yuxzSoKhIJZYBDGApHN2/6KcANfGWZ2yHtzyLu0jsBYiC1DBswiTYyHgplrn/7tE8S/7rFd+KGsSSCY6ekmvr4CY8I/TQgAvClO1KLAAdB1IPzLfA2lXcH6jo1/lwGiO1dYABeB3HEoL9Vlmz/dhFJgFPin9Efv430pshK0DIilWSAvdYvHMV1VCzz2/s+6vLmIzIiEdpSKLCqOk+pC+OnTvuUxYEz45wrme2QxTB6Pqybuh2zPZr0WgDlUlWaMGQAPDv6ZCFb7EuiIyEVkFriuIyc1lle2qcFFEAuMDP8sjYDEGNOPRYGKo5ucKyy7AKbAuEx2yUeBMeGfFdajYuFDZGWKk4KAxoeeNfNyV6ZT68Twz6U7trnC54iU6JalPPgGLQoJAFdVVvO+86gRAQ4mGzx36ytfr0RwkJs7oxRg5Hm+Oq36f0ZE3Mx3x7m/K8hVeleYaqOtY+YkFQdtycHQp7LuA3jKFM9SldMY+K3PbrHzSnme1cET+FfUW+UaRLDqM2cOa1VoT4WVHJGvnirSLfBdKn9BKgjMOX3coueE9yUDiA3w5VRL/s05fp2kQc0Ptt8nWEgozOyIyPBU5/oXJlUEAeXOaG8AAAAASUVORK5CYII=" alt="$T \in U$" class="math-inline math" style="vertical-align:-0.044em;height:0.807em"> with two purposes:
</p>
<ul class="list-star loose">
<li>
<p>First, a value of type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACYAAAAgCAYAAAB+ZAqzAAABvUlEQVRYw82Y4W3CMBCFP0cdIOoIjJAZwga03aDdgKoTVIzAClU2SEYANoARCBtc/5wl9+QUJ5AQS5aN7fM9v3tOcjgRYS7FObcAziJyyWYEqgSOQOucW80GGPAZ9JduDqF0zuVAGwy9ICIouByQCWrufQa+V8H8UUR4ClB+Bf0TUGnMz8BFW4Bnpb00YTiYNQALYKmOARCRS4S0t6C/8Qs96qMifrcnipywtie8sr7QtW3HvNh5a7i+5sRsJMAm0aYF6sh4GdvLT26AfaKDwgArE+1qYBsZ38b0F57mPdHBOgSWYqN2+5gP9S0WtGeg7eEg1Ne+h93RsquXw++1COcyvRE/PR474W1setgtgJ0Z87e1EZGTNWgt2hH0lceiouEVoIjMpYG6RV8+bBGwnXLIYhT+U5ZB/9DntRPx86rtd2x935f4UH3FygmoRKTqOglj6mtozQayhYg0Y35xZFPoa2xg99TXfYA55wozVM+FsUn11QfYpPoaylgzC2CP0FcqY5PrKxXY5PoawlgzC2CP0lcKYx/m926y7FxE/L8suSaqvv2TqGqplDWfBAPsOpLY24pJdofU9RifPb/7eZ3zKDyarQAAAABJRU5ErkJggg==" alt="$T&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"> represents a pair of values: 
a concrete value <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA30lEQVQ4y52UURHCMAyGv3AI6CFhEtAwLZMwD5UwDZUwDUgoEigOwksHIUdhJXd52d98f65NhqryLYERSEAGSs0LMANBVflVnAEFIjAYLQBThYUWYKnFxRY7g/I0+HBgNYDQMFGTyYvJiGMDEBxktOJkhHXHZcfNyNLLry6a0AqZDaD0ACwkG0jshRxEJAADr1jpjIMDAFz/gZzsB1Xthvh3z92XCuejqt5F5F5hXSEiCbhttGi6CTs7SNtQ2mHLe57YbPfyNidVHNzqB6dNVc9+oj85TXVWivsJxdY6PAB/ne4jt7G24QAAAABJRU5ErkJggg==" alt="$c$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> of (super)type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> and a symbolic expression <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA/0lEQVQ4y6WU/W2DQAzFfxdlALoCIzADIzAD2YAdOkJmYIRkBbIBHaFkg9c/+ogceiWgnGTpZPve2c8fSGJNgBbogRGYLBegfvisPO78YPS9CLbGti4LApTAAAjoVz5pAP0BMcD0CsC+lf3KqCwCwLSBq8/ZLyrPBhDQbiBbM7kxDQUpMmnWJni0PKpz5PeceD5DSmmh4gu4ASdJ1yeLfxpDFN0rPpZyMFYZcG/sPEkSKSUF3Yek+1sgktLeSA6BNID77lRSqo6Bh9INtwegB77n6tShOvWWiniyL8uO7TfOTOOWOGdXgfeEPALFomPbXLf+twoag01BBg9clYvuB0wmtUhHaPolAAAAAElFTkSuQmCC" alt="$e$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">. 
A symbolic expression is a tree
whose leaves are either nullary operators (i.e., constants) of a type in <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAcCAYAAAB2+A+pAAABj0lEQVRIx7WW7XHCMAyGH+c6QK4jpBt4hrBBemxAN+gOHYEVSDeAjgAbhBEgG6g/qvRUY4gTp7rTXS6WrI9XkoWIALwDMoFrESFkoErU3zgRwTlXAR54Bl7UEUufwB64AL2IHLhDzrlGHVjrnQMd9I4e2HHH86vxbh+TSWFzjw/PniIeV0BpfrXMpwuwE5HTzUnEy02AR5URcTRaEYkabo3RLsNo/RNX/LyIpKcOCmIuvT7SL0bw3WcYrh/qB+kJ+7mcmebyEb6xVK/M91lE+oxo+2g1x1K9IL7rMf3C4OuDs/bf8LUYh/hmtFGV0v/FHXxPmdH2InJOSvWC+K6S9O2UGXv2JozJZlROhT8Wwten9n+xcJrr1P4fDPuFxuRal4YkKpfA17SRT5T/xSV3Pm+B4wT5vxFnFpVP1onsWNWMl6gDtlP0huLaGcz9xIL60kn1NkkreD+T1x0tpg44zqmLmx1JeTtidHhQ2tnDJlIknV561YnWqFMbswh2KWMx2bBxoFEjtug6bZk6x+DA32lYn1cpV7d9AAAAAElFTkSuQmCC" alt="$U$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">
or are Skolem constants representing the (symbolic) inputs (<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIkAAAAYCAYAAADOHt4vAAADM0lEQVRo3u2a4VHbQBCFv2UoQKEEpwMDFdh0YEIHpgOnhIxLEFQQ7A4wFQS7A6kErA42P9ibXMTZEnAyGriduZEsyavVvKfdvXdCVXEDGANrYAsUwMw/Xx9ADiiQ77sujbePPmDiO59aMIPazeY7gpnYeTeGCdToBOkFJkcAIjIE5sBIVUuerbDtlLCVtd8DkkWzPmFyZNtb4FJVK+/cuW2z0B9VdQP89A5VCdqo1itMxsA2kLq2lrKKhpS4tusGLdLnEBinUtKqD+kEEytJa8tKzl/WVG6ugV+1VDfx2Jo3kGxlLC5bpM91jenJwtYlJivzXZq/qpatguXmN3BTO37l7S8bAiqAzT5yiEhuBEnWzjrDRFUrVV16/cuqsSdR1aXPJBHJLCUBbJoyBHAaupGIrEVEgQfgZB+Rkr0AshNMAm0GwH3bxtW3H95+3uKZxjtuNFJVUdVvqnoZ6LyTtbdYmDjSDbyZz+otJLn2GH3T0GcMgBNVXYXSWsI2ao/ybkwCWaRqkZWCJBm2ZZgFf5cw7NxiY3LxCn//k8RmILStVSbq5AnDzkW12JgE+xERyURkLiKFjTyUSc68/U1D8BPg0QScZN1ZVEysHGX1TGJkfAD+qOp3m0FNRWRyXPPhK3lPLRTBUY/euDFQtqmxh/IVyU9sTF70IyIytTI1UtXK4p7t6kl8Bp7sefgcuOlLFhGRwlJnYQ/84b4ixhQbE9eP3Nn/ZsCFqp56k41Hu+9SVZfskX7zHZLvDFi/QWpemN/7yBJ2feVz+9G+YsYUGxPP18xIPGu1ClzXN1wD5L8BppwugHNVPe1Rza5Ptcse+IoZUzRMav3I3MVmYt1edS/EtsyYVrg3gWdZffqOt6GTTGK+5+a74J3fUMTyFTOmWJjYzMfFNLYYXWZZsGOh75Arm52RJI1XY5DvWDVetC03yT6v7VqvyWvnXXmai0iWSPJ1RLmgPlKbZpe+sGalrEok+XpZpAysq1WBBnuKfa5wfEAWO3n5TEQGMUSvZK+yfes17tjAU1+v3IzpqENi5CKi9k1Jwb+l6cwEJrVxn/A7iD1ZppgHZrilI5GJgLfApTv/F4urg/voq4NjAAAAAElFTkSuQmCC" alt="$v_1 \ldots v_k$" class="math-inline math" style="vertical-align:-0.161em;height:0.624em">)
to the program <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">, and whose interior nodes represent operations 
from types in <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAcCAYAAAB2+A+pAAABj0lEQVRIx7WW7XHCMAyGH+c6QK4jpBt4hrBBemxAN+gOHYEVSDeAjgAbhBEgG6g/qvRUY4gTp7rTXS6WrI9XkoWIALwDMoFrESFkoErU3zgRwTlXAR54Bl7UEUufwB64AL2IHLhDzrlGHVjrnQMd9I4e2HHH86vxbh+TSWFzjw/PniIeV0BpfrXMpwuwE5HTzUnEy02AR5URcTRaEYkabo3RLsNo/RNX/LyIpKcOCmIuvT7SL0bw3WcYrh/qB+kJ+7mcmebyEb6xVK/M91lE+oxo+2g1x1K9IL7rMf3C4OuDs/bf8LUYh/hmtFGV0v/FHXxPmdH2InJOSvWC+K6S9O2UGXv2JozJZlROhT8Wwten9n+xcJrr1P4fDPuFxuRal4YkKpfA17SRT5T/xSV3Pm+B4wT5vxFnFpVP1onsWNWMl6gDtlP0huLaGcz9xIL60kn1NkkreD+T1x0tpg44zqmLmx1JeTtidHhQ2tnDJlIknV561YnWqFMbswh2KWMx2bBxoFEjtug6bZk6x+DA32lYn1cpV7d9AAAAAElFTkSuQmCC" alt="$U$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">. We refer to Skolem constants as &#8220;symbolic constants&#8221;
from this point on. Note that symbolic expressions do not contain
references to program variables.
</p></li>
<li>
<p>Second, the type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACYAAAAgCAYAAAB+ZAqzAAABvUlEQVRYw82Y4W3CMBCFP0cdIOoIjJAZwga03aDdgKoTVIzAClU2SEYANoARCBtc/5wl9+QUJ5AQS5aN7fM9v3tOcjgRYS7FObcAziJyyWYEqgSOQOucW80GGPAZ9JduDqF0zuVAGwy9ICIouByQCWrufQa+V8H8UUR4ClB+Bf0TUGnMz8BFW4Bnpb00YTiYNQALYKmOARCRS4S0t6C/8Qs96qMifrcnipywtie8sr7QtW3HvNh5a7i+5sRsJMAm0aYF6sh4GdvLT26AfaKDwgArE+1qYBsZ38b0F57mPdHBOgSWYqN2+5gP9S0WtGeg7eEg1Ne+h93RsquXw++1COcyvRE/PR474W1setgtgJ0Z87e1EZGTNWgt2hH0lceiouEVoIjMpYG6RV8+bBGwnXLIYhT+U5ZB/9DntRPx86rtd2x935f4UH3FygmoRKTqOglj6mtozQayhYg0Y35xZFPoa2xg99TXfYA55wozVM+FsUn11QfYpPoaylgzC2CP0FcqY5PrKxXY5PoawlgzC2CP0lcKYx/m926y7FxE/L8suSaqvv2TqGqplDWfBAPsOpLY24pJdofU9RifPb/7eZ3zKDyarQAAAABJRU5ErkJggg==" alt="$T&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"> redefines some of the operations <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGQAAAAfCAYAAAARB2hWAAADS0lEQVRo3u1a7ZHaMBB9y1wBvksFcTowkwrOdECSDrgOYK4E0gGUcNABXAcHHZgOgt3B5s9qZs8DWJIFRol3RgMMK+vjab+eTMyMXu5HHvotaBYiSgCUNxjqsQfETl7V9wOANYACwBFAJZ8A8ARgBiBX+jMA+5oOAKQARgDGRpGZKzBz3xqabD4DmFjobkSXARQW+pnolsyMQX/4G91VJqd5xsxLiy7aOtZNysy8Fyv7ANADYiG/AOyZ+bcleFo2lmN8iCuML6irE5sC+HJBtbA80U0ykTgAR+sAM28t+z0BWEUDiIDwKgtOHPq9MXPVclw4ADtS3/cOQyVRWIikmyt18vYAtuIKTIZzzjcfArmrNwd9bSFbh36piSH3nNnkkvuzgJJ2MIfSdlyVLZmWW/ZLTIbFzPdpIUSUixVUAEYOvji0DB0szSt+MHNFREPze2CzOUS0IqKCiEppOyKaXgmMVIEx7BAMV7fnGz8+j9PgMkxBNNemK5kHi0lngd3ETp6dRVY8anc1937OmYcvTKV5zodKyW8mkAZa1LjtgjoCwyt+WAGiSv/GgKYsaBPYOpLIAJlqQNo8a1Dz3zrFfLbwocZX5pKitk1xMwDrNrVDR+IdP+oyUBsyUczjVjgWF8lbLip3pBvuSXzrj9P3IXI65zXK2LagQY1W9hXzrKNkWrfMkNqyCD781XlAJGsyLufgYB16MseWazO81CrQRgHA4w3cny9/dRGQFxfKWNULqF3ctJE/8rm8RIk4SHGjWBQsfgDAg7ir1MPk8hO8fhsxgG6YeY14JFj8MEE9PcHN28gPV6uyzNi+R3YVECx+aIRNDl06EGJ8hcKwsJ3Dv1Z/6Drk4BEH9KX/MmBGswCQSAr+X9Ufn7gsRXOXjtaxu9ILBWUM1Xoo/upUpb5UN1dN8q6s6fkKp+5F5vHetvqPMX7oU19cQlp0DNe0ueYJVmzyrouLKcs5LmoWEmQ/9ABpjW5PFBBTcSMlLN5NCgwKA5h2uPGpFMC5UEsTKV651lby31h0cx+Qzm3ETgFQiEWMO6K1C8U+L2TB6a1ijBrfpzkfJIrhZWsiGktmlzl0qwB8jY05ppjefpcg/xPAN3GllwjNAzPPEJn8Bdqk4RgC5J+EAAAAAElFTkSuQmCC" alt="$o \in T$" class="math-inline math" style="vertical-align:-0.044em;height:0.807em">,
namely those for which we wish to compute symbolic expressions.
An operation <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAG0AAAAiCAYAAABV9lfvAAADyElEQVRo3u1b0XHbMAx98HkAJZ2g6gbKdYIwGzjJBs4GznWCnrNBMkLsDexsEHsDeYNa3gD9KJiijGRRlCxLPeGOF50EiTTBBzwCDDEzBum+EFEMYM/Mh9EwHb0wmAGQAsiIaDIYrR/yqK5vaHCPnUdZBCBTt27Hw7QETdyp5IKZD849o653zLwcjOYnP/TEAVhKjNkDOMhfALgUV2Yc17Z1dAAgBnADYGIVcwwGAPfqem4Vh1bSxEAMYOqhuxJdBpB66CeimxU8Z/f5QETKXWMiqHhk5hePVzTKlmXKzLwVtL4XsEYrH30PRiuXewBbZn7yNLCWlWcf7+J2XblV1z/txbjHKz8G8OWIauqJjDKZOpTbF2Vg5rXne5cAFjn37yzK/ol3PYkpifyoTPl4nxY10G9WQV/Hs03FmGmce7H6VqyfjTuOqkiMZVfwFsBaJscyt6JYsWvINb5W0NdIW1d4L86JaZZVrj/9lg6jyyhkLdzV1tIYMt9+FQu0zXi+F+WhGcBGvpN8etZhg7FMmjnjOOIKujNttDr9iCELXezIw0UZIloQUUpEmbQNEc1OmM1eieu7qhDMG5eKLvZGXW9r9nPnMkYv9yir3W4q53o1CKOySEgaXt2FbqHjZEm7xnkDnmZR+LzgpWe7oy9yERIoc9lNjcFOmvjRZ2K3leNZcH9HaGtpEFZIXDWMsqhnRguOZyFt5MQTTa+vPXy69d1G6Hldep8AWBYkTrsswfEsREZq0qbO3qBq56bmWEzF1E+XJHR/FiRjtcrnBZXSsk0hnJJDqNhv7YVBtsn86qbVQvKN9YwmbDBShTZflOkB72uOxeYRFw1NZlFR8ZQoQxtbFGu0hyrlBLWfglMcrCO/VAmiiYlOW4qNrcYzABiLa4wD4G1y6kJ1xBp9xcxL9EdajWeWiMQ5tR0fua2KTk8m+r1nZaJW45k1miYQBx+XIug0AcSljDjsJL72EWVoK+U2cmKRb1zSB11eGmRqzwAi2X4M+7Mi0DAziCgT9nhg5gsPlNnjZFtmvmrY5aSC/q9d32QTkT40+sTMj20hzTI2KNp/TN4UKq9PMKYHGcdb3SzL/xjPrB+2xvrI6B8p1tnc4AonzA/ibxVhgzMUPz3HaJPqjRxtCEoYC4vUpZhIGWsmLjGDx9m/hg3HAGbnLIRKEsFImm8qCQD3PMpCnk1E15zKkEWTtVFGSgVZkzOVPOxCymR1T2Qio5YPqoa0kyy2XvwDBhFNhLEmFV479IHMBLPHHm1mI/wpxX8Tt30sSb1ri821Lb8BSDTsGhm4KYgAAAAASUVORK5CYII=" alt="$o \in T&#39;$" class="math-inline math" style="vertical-align:-0.044em;height:0.885em"> has the same parameter list as <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGQAAAAfCAYAAAARB2hWAAADS0lEQVRo3u1a7ZHaMBB9y1wBvksFcTowkwrOdECSDrgOYK4E0gGUcNABXAcHHZgOgt3B5s9qZs8DWJIFRol3RgMMK+vjab+eTMyMXu5HHvotaBYiSgCUNxjqsQfETl7V9wOANYACwBFAJZ8A8ARgBiBX+jMA+5oOAKQARgDGRpGZKzBz3xqabD4DmFjobkSXARQW+pnolsyMQX/4G91VJqd5xsxLiy7aOtZNysy8Fyv7ANADYiG/AOyZ+bcleFo2lmN8iCuML6irE5sC+HJBtbA80U0ykTgAR+sAM28t+z0BWEUDiIDwKgtOHPq9MXPVclw4ADtS3/cOQyVRWIikmyt18vYAtuIKTIZzzjcfArmrNwd9bSFbh36piSH3nNnkkvuzgJJ2MIfSdlyVLZmWW/ZLTIbFzPdpIUSUixVUAEYOvji0DB0szSt+MHNFREPze2CzOUS0IqKCiEppOyKaXgmMVIEx7BAMV7fnGz8+j9PgMkxBNNemK5kHi0lngd3ETp6dRVY8anc1937OmYcvTKV5zodKyW8mkAZa1LjtgjoCwyt+WAGiSv/GgKYsaBPYOpLIAJlqQNo8a1Dz3zrFfLbwocZX5pKitk1xMwDrNrVDR+IdP+oyUBsyUczjVjgWF8lbLip3pBvuSXzrj9P3IXI65zXK2LagQY1W9hXzrKNkWrfMkNqyCD781XlAJGsyLufgYB16MseWazO81CrQRgHA4w3cny9/dRGQFxfKWNULqF3ctJE/8rm8RIk4SHGjWBQsfgDAg7ir1MPk8hO8fhsxgG6YeY14JFj8MEE9PcHN28gPV6uyzNi+R3YVECx+aIRNDl06EGJ8hcKwsJ3Dv1Z/6Drk4BEH9KX/MmBGswCQSAr+X9Ufn7gsRXOXjtaxu9ILBWUM1Xoo/upUpb5UN1dN8q6s6fkKp+5F5vHetvqPMX7oU19cQlp0DNe0ueYJVmzyrouLKcs5LmoWEmQ/9ABpjW5PFBBTcSMlLN5NCgwKA5h2uPGpFMC5UEsTKV651lby31h0cx+Qzm3ETgFQiEWMO6K1C8U+L2TB6a1ijBrfpzkfJIrhZWsiGktmlzl0qwB8jY05ppjefpcg/xPAN3GllwjNAzPPEJn8Bdqk4RgC5J+EAAAAAElFTkSuQmCC" alt="$o \in T$" class="math-inline math" style="vertical-align:-0.044em;height:0.807em">, allowing it
to take inputs with types from both <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAcCAYAAAB2+A+pAAABj0lEQVRIx7WW7XHCMAyGH+c6QK4jpBt4hrBBemxAN+gOHYEVSDeAjgAbhBEgG6g/qvRUY4gTp7rTXS6WrI9XkoWIALwDMoFrESFkoErU3zgRwTlXAR54Bl7UEUufwB64AL2IHLhDzrlGHVjrnQMd9I4e2HHH86vxbh+TSWFzjw/PniIeV0BpfrXMpwuwE5HTzUnEy02AR5URcTRaEYkabo3RLsNo/RNX/LyIpKcOCmIuvT7SL0bw3WcYrh/qB+kJ+7mcmebyEb6xVK/M91lE+oxo+2g1x1K9IL7rMf3C4OuDs/bf8LUYh/hmtFGV0v/FHXxPmdH2InJOSvWC+K6S9O2UGXv2JozJZlROhT8Wwten9n+xcJrr1P4fDPuFxuRal4YkKpfA17SRT5T/xSV3Pm+B4wT5vxFnFpVP1onsWNWMl6gDtlP0huLaGcz9xIL60kn1NkkreD+T1x0tpg44zqmLmx1JeTtidHhQ2tnDJlIknV561YnWqFMbswh2KWMx2bBxoFEjtug6bZk6x+DA32lYn1cpV7d9AAAAAElFTkSuQmCC" alt="$U$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> and <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAgCAYAAABgrToAAAACF0lEQVRYw82X/W3bMBDFfxQ8gNAR1A00g7yBXG+QbNCMUGQEd4NG3sDpBo03kEawtcHlj56KM0shlCgFPoCwwC8/3j0e3zkR4d7MOVcAFxHpszsEVwEtcHXO1XcHEHgy31t3TyF2zuXA1XTtUIDfAZnQKhHBb0ARuf5hZH1t5rQiwkaRHoEO+AJ8VcDWjsAJuAC9iLyGPCAinXNup0D3QGmGX3WPHngZceLefD8Pm4ZOcjUnOYXmxDSzTxk5f/jP69C3GbniuelqEmh1AV5E5Bx5ewf7acPin+LB40uR4MEp3juY/8z/9QcmNj5RZ4Kr/p5/Mh0ON/0f8O+QAPAQy1/v9t9ELPuAf6cE/lUT1tfDTReRzk8N9iR+Psxnei+fyL+3sfn+xNNC/Kttqog8zFtoPAuExSbWubafsP6b/v4IDWaGf6U31nwS/zrgKCJHRp6nIP8Swluk5s+xEG/N9znRe/1/t3GmZSvwb5u4/sY2gXcwNf/VwG4pgFkgvIzJqYgHv1wgAkGAS4W3AjoR6ZcGWC4U3r2K28Us0zqA1Bus73gJ/FoUoOYta38SqrFzjDidanlqglbPRYuDSXsHNGAxQ7m0Kdox5iWxVVY5MQK/9eV4XKVY9iRPtMxS7raq5fI1vHejB4caIkbqG2HRrAVsTLCW6hVRXj7r01VptTcUVC1Qrw0uWDQZRdx4l6fVQqj6DGBDewfKfKJpSn3rWAAAAABJRU5ErkJggg==" alt="$U&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em">. The return type
of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAG0AAAAiCAYAAABV9lfvAAADyElEQVRo3u1b0XHbMAx98HkAJZ2g6gbKdYIwGzjJBs4GznWCnrNBMkLsDexsEHsDeYNa3gD9KJiijGRRlCxLPeGOF50EiTTBBzwCDDEzBum+EFEMYM/Mh9EwHb0wmAGQAsiIaDIYrR/yqK5vaHCPnUdZBCBTt27Hw7QETdyp5IKZD849o653zLwcjOYnP/TEAVhKjNkDOMhfALgUV2Yc17Z1dAAgBnADYGIVcwwGAPfqem4Vh1bSxEAMYOqhuxJdBpB66CeimxU8Z/f5QETKXWMiqHhk5hePVzTKlmXKzLwVtL4XsEYrH30PRiuXewBbZn7yNLCWlWcf7+J2XblV1z/txbjHKz8G8OWIauqJjDKZOpTbF2Vg5rXne5cAFjn37yzK/ol3PYkpifyoTPl4nxY10G9WQV/Hs03FmGmce7H6VqyfjTuOqkiMZVfwFsBaJscyt6JYsWvINb5W0NdIW1d4L86JaZZVrj/9lg6jyyhkLdzV1tIYMt9+FQu0zXi+F+WhGcBGvpN8etZhg7FMmjnjOOIKujNttDr9iCELXezIw0UZIloQUUpEmbQNEc1OmM1eieu7qhDMG5eKLvZGXW9r9nPnMkYv9yir3W4q53o1CKOySEgaXt2FbqHjZEm7xnkDnmZR+LzgpWe7oy9yERIoc9lNjcFOmvjRZ2K3leNZcH9HaGtpEFZIXDWMsqhnRguOZyFt5MQTTa+vPXy69d1G6Hldep8AWBYkTrsswfEsREZq0qbO3qBq56bmWEzF1E+XJHR/FiRjtcrnBZXSsk0hnJJDqNhv7YVBtsn86qbVQvKN9YwmbDBShTZflOkB72uOxeYRFw1NZlFR8ZQoQxtbFGu0hyrlBLWfglMcrCO/VAmiiYlOW4qNrcYzABiLa4wD4G1y6kJ1xBp9xcxL9EdajWeWiMQ5tR0fua2KTk8m+r1nZaJW45k1miYQBx+XIug0AcSljDjsJL72EWVoK+U2cmKRb1zSB11eGmRqzwAi2X4M+7Mi0DAziCgT9nhg5gsPlNnjZFtmvmrY5aSC/q9d32QTkT40+sTMj20hzTI2KNp/TN4UKq9PMKYHGcdb3SzL/xjPrB+2xvrI6B8p1tnc4AonzA/ibxVhgzMUPz3HaJPqjRxtCEoYC4vUpZhIGWsmLjGDx9m/hg3HAGbnLIRKEsFImm8qCQD3PMpCnk1E15zKkEWTtVFGSgVZkzOVPOxCymR1T2Qio5YPqoa0kyy2XvwDBhFNhLEmFV479IHMBLPHHm1mI/wpxX8Tt30sSb1ri821Lb8BSDTsGhm4KYgAAAAASUVORK5CYII=" alt="$o \in T&#39;$" class="math-inline math" style="vertical-align:-0.044em;height:0.885em"> generally is from <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAgCAYAAABgrToAAAACF0lEQVRYw82X/W3bMBDFfxQ8gNAR1A00g7yBXG+QbNCMUGQEd4NG3sDpBo03kEawtcHlj56KM0shlCgFPoCwwC8/3j0e3zkR4d7MOVcAFxHpszsEVwEtcHXO1XcHEHgy31t3TyF2zuXA1XTtUIDfAZnQKhHBb0ARuf5hZH1t5rQiwkaRHoEO+AJ8VcDWjsAJuAC9iLyGPCAinXNup0D3QGmGX3WPHngZceLefD8Pm4ZOcjUnOYXmxDSzTxk5f/jP69C3GbniuelqEmh1AV5E5Bx5ewf7acPin+LB40uR4MEp3juY/8z/9QcmNj5RZ4Kr/p5/Mh0ON/0f8O+QAPAQy1/v9t9ELPuAf6cE/lUT1tfDTReRzk8N9iR+Psxnei+fyL+3sfn+xNNC/Kttqog8zFtoPAuExSbWubafsP6b/v4IDWaGf6U31nwS/zrgKCJHRp6nIP8Swluk5s+xEG/N9znRe/1/t3GmZSvwb5u4/sY2gXcwNf/VwG4pgFkgvIzJqYgHv1wgAkGAS4W3AjoR6ZcGWC4U3r2K28Us0zqA1Bus73gJ/FoUoOYta38SqrFzjDidanlqglbPRYuDSXsHNGAxQ7m0Kdox5iWxVVY5MQK/9eV4XKVY9iRPtMxS7raq5fI1vHejB4caIkbqG2HRrAVsTLCW6hVRXj7r01VptTcUVC1Qrw0uWDQZRdx4l6fVQqj6DGBDewfKfKJpSn3rWAAAAABJRU5ErkJggg==" alt="$U&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"> (though it can be from <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAcCAYAAAB2+A+pAAABj0lEQVRIx7WW7XHCMAyGH+c6QK4jpBt4hrBBemxAN+gOHYEVSDeAjgAbhBEgG6g/qvRUY4gTp7rTXS6WrI9XkoWIALwDMoFrESFkoErU3zgRwTlXAR54Bl7UEUufwB64AL2IHLhDzrlGHVjrnQMd9I4e2HHH86vxbh+TSWFzjw/PniIeV0BpfrXMpwuwE5HTzUnEy02AR5URcTRaEYkabo3RLsNo/RNX/LyIpKcOCmIuvT7SL0bw3WcYrh/qB+kJ+7mcmebyEb6xVK/M91lE+oxo+2g1x1K9IL7rMf3C4OuDs/bf8LUYh/hmtFGV0v/FHXxPmdH2InJOSvWC+K6S9O2UGXv2JozJZlROhT8Wwten9n+xcJrr1P4fDPuFxuRal4YkKpfA17SRT5T/xSV3Pm+B4wT5vxFnFpVP1onsWNWMl6gDtlP0huLaGcz9xIL60kn1NkkreD+T1x0tpg44zqmLmx1JeTtidHhQ2tnDJlIknV561YnWqFMbswh2KWMx2bBxoFEjtug6bZk6x+DA32lYn1cpV7d9AAAAAElFTkSuQmCC" alt="$U$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">). 
Thus, <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAG0AAAAiCAYAAABV9lfvAAADyElEQVRo3u1b0XHbMAx98HkAJZ2g6gbKdYIwGzjJBs4GznWCnrNBMkLsDexsEHsDeYNa3gD9KJiijGRRlCxLPeGOF50EiTTBBzwCDDEzBum+EFEMYM/Mh9EwHb0wmAGQAsiIaDIYrR/yqK5vaHCPnUdZBCBTt27Hw7QETdyp5IKZD849o653zLwcjOYnP/TEAVhKjNkDOMhfALgUV2Yc17Z1dAAgBnADYGIVcwwGAPfqem4Vh1bSxEAMYOqhuxJdBpB66CeimxU8Z/f5QETKXWMiqHhk5hePVzTKlmXKzLwVtL4XsEYrH30PRiuXewBbZn7yNLCWlWcf7+J2XblV1z/txbjHKz8G8OWIauqJjDKZOpTbF2Vg5rXne5cAFjn37yzK/ol3PYkpifyoTPl4nxY10G9WQV/Hs03FmGmce7H6VqyfjTuOqkiMZVfwFsBaJscyt6JYsWvINb5W0NdIW1d4L86JaZZVrj/9lg6jyyhkLdzV1tIYMt9+FQu0zXi+F+WhGcBGvpN8etZhg7FMmjnjOOIKujNttDr9iCELXezIw0UZIloQUUpEmbQNEc1OmM1eieu7qhDMG5eKLvZGXW9r9nPnMkYv9yir3W4q53o1CKOySEgaXt2FbqHjZEm7xnkDnmZR+LzgpWe7oy9yERIoc9lNjcFOmvjRZ2K3leNZcH9HaGtpEFZIXDWMsqhnRguOZyFt5MQTTa+vPXy69d1G6Hldep8AWBYkTrsswfEsREZq0qbO3qBq56bmWEzF1E+XJHR/FiRjtcrnBZXSsk0hnJJDqNhv7YVBtsn86qbVQvKN9YwmbDBShTZflOkB72uOxeYRFw1NZlFR8ZQoQxtbFGu0hyrlBLWfglMcrCO/VAmiiYlOW4qNrcYzABiLa4wD4G1y6kJ1xBp9xcxL9EdajWeWiMQ5tR0fua2KTk8m+r1nZaJW45k1miYQBx+XIug0AcSljDjsJL72EWVoK+U2cmKRb1zSB11eGmRqzwAi2X4M+7Mi0DAziCgT9nhg5gsPlNnjZFtmvmrY5aSC/q9d32QTkT40+sTMj20hzTI2KNp/TN4UKq9PMKYHGcdb3SzL/xjPrB+2xvrI6B8p1tnc4AonzA/ibxVhgzMUPz3HaJPqjRxtCEoYC4vUpZhIGWsmLjGDx9m/hg3HAGbnLIRKEsFImm8qCQD3PMpCnk1E15zKkEWTtVFGSgVZkzOVPOxCymR1T2Qio5YPqoa0kyy2XvwDBhFNhLEmFV479IHMBLPHHm1mI/wpxX8Tt30sSb1ri821Lb8BSDTsGhm4KYgAAAAASUVORK5CYII=" alt="$o \in T&#39;$" class="math-inline math" style="vertical-align:-0.044em;height:0.885em"> is a proper function subtype of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGQAAAAfCAYAAAARB2hWAAADS0lEQVRo3u1a7ZHaMBB9y1wBvksFcTowkwrOdECSDrgOYK4E0gGUcNABXAcHHZgOgt3B5s9qZs8DWJIFRol3RgMMK+vjab+eTMyMXu5HHvotaBYiSgCUNxjqsQfETl7V9wOANYACwBFAJZ8A8ARgBiBX+jMA+5oOAKQARgDGRpGZKzBz3xqabD4DmFjobkSXARQW+pnolsyMQX/4G91VJqd5xsxLiy7aOtZNysy8Fyv7ANADYiG/AOyZ+bcleFo2lmN8iCuML6irE5sC+HJBtbA80U0ykTgAR+sAM28t+z0BWEUDiIDwKgtOHPq9MXPVclw4ADtS3/cOQyVRWIikmyt18vYAtuIKTIZzzjcfArmrNwd9bSFbh36piSH3nNnkkvuzgJJ2MIfSdlyVLZmWW/ZLTIbFzPdpIUSUixVUAEYOvji0DB0szSt+MHNFREPze2CzOUS0IqKCiEppOyKaXgmMVIEx7BAMV7fnGz8+j9PgMkxBNNemK5kHi0lngd3ETp6dRVY8anc1937OmYcvTKV5zodKyW8mkAZa1LjtgjoCwyt+WAGiSv/GgKYsaBPYOpLIAJlqQNo8a1Dz3zrFfLbwocZX5pKitk1xMwDrNrVDR+IdP+oyUBsyUczjVjgWF8lbLip3pBvuSXzrj9P3IXI65zXK2LagQY1W9hXzrKNkWrfMkNqyCD781XlAJGsyLufgYB16MseWazO81CrQRgHA4w3cny9/dRGQFxfKWNULqF3ctJE/8rm8RIk4SHGjWBQsfgDAg7ir1MPk8hO8fhsxgG6YeY14JFj8MEE9PcHN28gPV6uyzNi+R3YVECx+aIRNDl06EGJ8hcKwsJ3Dv1Z/6Drk4BEH9KX/MmBGswCQSAr+X9Ufn7gsRXOXjtaxu9ILBWUM1Xoo/upUpb5UN1dN8q6s6fkKp+5F5vHetvqPMX7oU19cQlp0DNe0ueYJVmzyrouLKcs5LmoWEmQ/9ABpjW5PFBBTcSMlLN5NCgwKA5h2uPGpFMC5UEsTKV651lby31h0cx+Qzm3ETgFQiEWMO6K1C8U+L2TB6a1ijBrfpzkfJIrhZWsiGktmlzl0qwB8jY05ppjefpcg/xPAN3GllwjNAzPPEJn8Bdqk4RgC5J+EAAAAAElFTkSuQmCC" alt="$o \in T$" class="math-inline math" style="vertical-align:-0.044em;height:0.807em">. 
The purpose of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAG0AAAAiCAYAAABV9lfvAAADyElEQVRo3u1b0XHbMAx98HkAJZ2g6gbKdYIwGzjJBs4GznWCnrNBMkLsDexsEHsDeYNa3gD9KJiijGRRlCxLPeGOF50EiTTBBzwCDDEzBum+EFEMYM/Mh9EwHb0wmAGQAsiIaDIYrR/yqK5vaHCPnUdZBCBTt27Hw7QETdyp5IKZD849o653zLwcjOYnP/TEAVhKjNkDOMhfALgUV2Yc17Z1dAAgBnADYGIVcwwGAPfqem4Vh1bSxEAMYOqhuxJdBpB66CeimxU8Z/f5QETKXWMiqHhk5hePVzTKlmXKzLwVtL4XsEYrH30PRiuXewBbZn7yNLCWlWcf7+J2XblV1z/txbjHKz8G8OWIauqJjDKZOpTbF2Vg5rXne5cAFjn37yzK/ol3PYkpifyoTPl4nxY10G9WQV/Hs03FmGmce7H6VqyfjTuOqkiMZVfwFsBaJscyt6JYsWvINb5W0NdIW1d4L86JaZZVrj/9lg6jyyhkLdzV1tIYMt9+FQu0zXi+F+WhGcBGvpN8etZhg7FMmjnjOOIKujNttDr9iCELXezIw0UZIloQUUpEmbQNEc1OmM1eieu7qhDMG5eKLvZGXW9r9nPnMkYv9yir3W4q53o1CKOySEgaXt2FbqHjZEm7xnkDnmZR+LzgpWe7oy9yERIoc9lNjcFOmvjRZ2K3leNZcH9HaGtpEFZIXDWMsqhnRguOZyFt5MQTTa+vPXy69d1G6Hldep8AWBYkTrsswfEsREZq0qbO3qBq56bmWEzF1E+XJHR/FiRjtcrnBZXSsk0hnJJDqNhv7YVBtsn86qbVQvKN9YwmbDBShTZflOkB72uOxeYRFw1NZlFR8ZQoQxtbFGu0hyrlBLWfglMcrCO/VAmiiYlOW4qNrcYzABiLa4wD4G1y6kJ1xBp9xcxL9EdajWeWiMQ5tR0fua2KTk8m+r1nZaJW45k1miYQBx+XIug0AcSljDjsJL72EWVoK+U2cmKRb1zSB11eGmRqzwAi2X4M+7Mi0DAziCgT9nhg5gsPlNnjZFtmvmrY5aSC/q9d32QTkT40+sTMj20hzTI2KNp/TN4UKq9PMKYHGcdb3SzL/xjPrB+2xvrI6B8p1tnc4AonzA/ibxVhgzMUPz3HaJPqjRxtCEoYC4vUpZhIGWsmLjGDx9m/hg3HAGbnLIRKEsFImm8qCQD3PMpCnk1E15zKkEWTtVFGSgVZkzOVPOxCymR1T2Qio5YPqoa0kyy2XvwDBhFNhLEmFV479IHMBLPHHm1mI/wpxX8Tt30sSb1ri821Lb8BSDTsGhm4KYgAAAAASUVORK5CYII=" alt="$o \in T&#39;$" class="math-inline math" style="vertical-align:-0.044em;height:0.885em"> is to:
(1) perform operation <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGQAAAAfCAYAAAARB2hWAAADS0lEQVRo3u1a7ZHaMBB9y1wBvksFcTowkwrOdECSDrgOYK4E0gGUcNABXAcHHZgOgt3B5s9qZs8DWJIFRol3RgMMK+vjab+eTMyMXu5HHvotaBYiSgCUNxjqsQfETl7V9wOANYACwBFAJZ8A8ARgBiBX+jMA+5oOAKQARgDGRpGZKzBz3xqabD4DmFjobkSXARQW+pnolsyMQX/4G91VJqd5xsxLiy7aOtZNysy8Fyv7ANADYiG/AOyZ+bcleFo2lmN8iCuML6irE5sC+HJBtbA80U0ykTgAR+sAM28t+z0BWEUDiIDwKgtOHPq9MXPVclw4ADtS3/cOQyVRWIikmyt18vYAtuIKTIZzzjcfArmrNwd9bSFbh36piSH3nNnkkvuzgJJ2MIfSdlyVLZmWW/ZLTIbFzPdpIUSUixVUAEYOvji0DB0szSt+MHNFREPze2CzOUS0IqKCiEppOyKaXgmMVIEx7BAMV7fnGz8+j9PgMkxBNNemK5kHi0lngd3ETp6dRVY8anc1937OmYcvTKV5zodKyW8mkAZa1LjtgjoCwyt+WAGiSv/GgKYsaBPYOpLIAJlqQNo8a1Dz3zrFfLbwocZX5pKitk1xMwDrNrVDR+IdP+oyUBsyUczjVjgWF8lbLip3pBvuSXzrj9P3IXI65zXK2LagQY1W9hXzrKNkWrfMkNqyCD781XlAJGsyLufgYB16MseWazO81CrQRgHA4w3cny9/dRGQFxfKWNULqF3ctJE/8rm8RIk4SHGjWBQsfgDAg7ir1MPk8hO8fhsxgG6YeY14JFj8MEE9PcHN28gPV6uyzNi+R3YVECx+aIRNDl06EGJ8hcKwsJ3Dv1Z/6Drk4BEH9KX/MmBGswCQSAr+X9Ufn7gsRXOXjtaxu9ILBWUM1Xoo/upUpb5UN1dN8q6s6fkKp+5F5vHetvqPMX7oU19cQlp0DNe0ueYJVmzyrouLKcs5LmoWEmQ/9ABpjW5PFBBTcSMlLN5NCgwKA5h2uPGpFMC5UEsTKV651lby31h0cx+Qzm3ETgFQiEWMO6K1C8U+L2TB6a1ijBrfpzkfJIrhZWsiGktmlzl0qwB8jY05ppjefpcg/xPAN3GllwjNAzPPEJn8Bdqk4RgC5J+EAAAAAElFTkSuQmCC" alt="$o \in T$" class="math-inline math" style="vertical-align:-0.044em;height:0.807em"> on the concrete 
values associated with its inputs; 
(2) build a symbolic expression tree rooted at operation <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAASCAYAAAC5DOVpAAABBElEQVQ4y5WU4W2EMAyFP24CZsgIzMAIzMBtcFJH6AjtCtcNmIHbIDdCGcH9cQ56Chy4kSJF5vn5+ZEYM+NoAz1wBzKw+J6B2wZ7QpIBAz6BJN9Gjy9Ad0gGfDk4K0mFGRxjBbMHmqRqOrGgKJ82ZO5NqdYF/FR8y44Pa6V/kg0l2HpbYVWeN0vOeOG1RicEeJrZg9jq5PxbyK4S/ImwNE2TqtCztGiy+2CL6rF5jK4ia4Nkk+TcC1kvwSVIVHeTzIxL6VX7DqwPOX+b2SvPKy1RZZWqefPQ/SGvRgbvVq791WrrhDhQVIimvR+l4FSNnFZIbjLLxreq39yfWZKzKxnOLPgD9K5IIvtC36IAAAAASUVORK5CYII=" alt="$o$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> 
whose children are the trees associated with the inputs to <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAASCAYAAAC5DOVpAAABBElEQVQ4y5WU4W2EMAyFP24CZsgIzMAIzMBtcFJH6AjtCtcNmIHbIDdCGcH9cQ56Chy4kSJF5vn5+ZEYM+NoAz1wBzKw+J6B2wZ7QpIBAz6BJN9Gjy9Ad0gGfDk4K0mFGRxjBbMHmqRqOrGgKJ82ZO5NqdYF/FR8y44Pa6V/kg0l2HpbYVWeN0vOeOG1RicEeJrZg9jq5PxbyK4S/ImwNE2TqtCztGiy+2CL6rF5jK4ia4Nkk+TcC1kvwSVIVHeTzIxL6VX7DqwPOX+b2SvPKy1RZZWqefPQ/SGvRgbvVq791WrrhDhQVIimvR+l4FSNnFZIbjLLxreq39yfWZKzKxnOLPgD9K5IIvtC36IAAAAASUVORK5CYII=" alt="$o$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">. 
</p></li></ul>

<p>Figure&nbsp;<a href="#fig-subtype" title="Type instrumentation to carry both concrete values and symbolic expressions." class="localref" style="target-element:figure"><span class="figure-label">5</span></a> presents pseudo code for the instrumention
of a type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> via a type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACYAAAAgCAYAAAB+ZAqzAAABvUlEQVRYw82Y4W3CMBCFP0cdIOoIjJAZwga03aDdgKoTVIzAClU2SEYANoARCBtc/5wl9+QUJ5AQS5aN7fM9v3tOcjgRYS7FObcAziJyyWYEqgSOQOucW80GGPAZ9JduDqF0zuVAGwy9ICIouByQCWrufQa+V8H8UUR4ClB+Bf0TUGnMz8BFW4Bnpb00YTiYNQALYKmOARCRS4S0t6C/8Qs96qMifrcnipywtie8sr7QtW3HvNh5a7i+5sRsJMAm0aYF6sh4GdvLT26AfaKDwgArE+1qYBsZ38b0F57mPdHBOgSWYqN2+5gP9S0WtGeg7eEg1Ne+h93RsquXw++1COcyvRE/PR474W1setgtgJ0Z87e1EZGTNWgt2hH0lceiouEVoIjMpYG6RV8+bBGwnXLIYhT+U5ZB/9DntRPx86rtd2x935f4UH3FygmoRKTqOglj6mtozQayhYg0Y35xZFPoa2xg99TXfYA55wozVM+FsUn11QfYpPoaylgzC2CP0FcqY5PrKxXY5PoawlgzC2CP0lcKYx/m926y7FxE/L8suSaqvv2TqGqplDWfBAPsOpLY24pJdofU9RifPb/7eZ3zKDyarQAAAABJRU5ErkJggg==" alt="$T&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em">.
The class <code class="code code2 language-cpp2 lang-cpp2 cpp2 highlighted" ><span class='token type identifier cpp2'>Symbolic</span></code> is used to hold an expression tree (<code class="code code2 language-cpp2 lang-cpp2 cpp2 highlighted" ><span class='token type identifier cpp2'>Expr</span></code>).
Given a class <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHAAAAAfCAYAAAA/QknEAAADy0lEQVRo3u2b0XHiMBCGPzEU4JAKzteBb66CkA7IpYIjHcCkgpukAygB6ICkgkvoADq4QAd7D6zmFA8G2ZaDILczHnuwJFa72v1Xq7UREf7T6VLLPhhjEmOMfMCVnKswjTGDkrLoFoyTevbvt51+987zCpgBS+AN2OgdoAMMAffPh8Ai1wYgBa6Bnm0oIpszNoiZyq4DfAUGO97PrUxF5GnXICKyMsbcqPxugcx5/aRjbIAJIoK60SUgQN/+VnTpAKLX0qN9pm3Xh9qe0wWsHTnNA4yT5d+11WQz1fZQRMYeK62bW1V7SUQWxpgN8PJZsMkYkwIuXExrDPcGTERkUYSBt8BCRB49GMtyP809mXhR9/JZKI9vTzXGSoHRrhcWA/uKY6UZK/LjO6hTcxWWtQDrVVLgck/TpafXKUvXbkwhIquK8+haL7ZTgdaiSkzCZWxRgpekaQvUudzrIktK9Js0EFx1A1nfzb7+bXWfkw9gLG0KA3VrMnV4WzjRmo2ii/B51QA/efyb11wIo30N1kDqGQ1lTlQlQNezX9JUBKoTtFHa1HcuDUefg5yckorjJEXRp9PGf8J5xkoykzakPFEFdiPaPpTaZu0Zp3do4bdLupCq+BfcVambshvab024wgjw7/ZQ/9aRGAtBNqK9ikl5O7ZZ05oLYR5EgTX2f00Iqad4/FgUXsey/yuxzSoKhIJZYBDGApHN2/6KcANfGWZ2yHtzyLu0jsBYiC1DBswiTYyHgplrn/7tE8S/7rFd+KGsSSCY6ekmvr4CY8I/TQgAvClO1KLAAdB1IPzLfA2lXcH6jo1/lwGiO1dYABeB3HEoL9Vlmz/dhFJgFPin9Efv430pshK0DIilWSAvdYvHMV1VCzz2/s+6vLmIzIiEdpSKLCqOk+pC+OnTvuUxYEz45wrme2QxTB6Pqybuh2zPZr0WgDlUlWaMGQAPDv6ZCFb7EuiIyEVkFriuIyc1lle2qcFFEAuMDP8sjYDEGNOPRYGKo5ucKyy7AKbAuEx2yUeBMeGfFdajYuFDZGWKk4KAxoeeNfNyV6ZT68Twz6U7trnC54iU6JalPPgGLQoJAFdVVvO+86gRAQ4mGzx36ytfr0RwkJs7oxRg5Hm+Oq36f0ZE3Mx3x7m/K8hVeleYaqOtY+YkFQdtycHQp7LuA3jKFM9SldMY+K3PbrHzSnme1cET+FfUW+UaRLDqM2cOa1VoT4WVHJGvnirSLfBdKn9BKgjMOX3coueE9yUDiA3w5VRL/s05fp2kQc0Ptt8nWEgozOyIyPBU5/oXJlUEAeXOaG8AAAAASUVORK5CYII=" alt="$T \in U$" class="math-inline math" style="vertical-align:-0.044em;height:0.807em">, a symbolic type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIYAAAAiCAYAAACa9KFpAAAEY0lEQVR42u1c0VHjMBB98lCACRWcrwMzVwFOBwEqOOiADBXchA6SEpJ0kFDBQTpwOjjiDvY+sroTim0kW5Flws5kYrAtr1art2/XUgQRIRQRQiQA3oiowJd0av8oIKUyADmAnRBi9DVM3do/Cki3sXI8/Bqqbu0fBeKtMYBM+dfqa5w6tj8RgXlGDIA8fGL5TOXZI+V8rp//rB8AD5a2yyraSQzvv6u4/8D+Z4qXPCrHWwBLjjlvAAr+BoABw06mwdBGu0YqPOQHAwAqiOWtcjw5ocm6ZFsPAHxnR9HPr+QYENG6rBEi2gohrtnetwBS5fSa2ygAzCv0OLS/4jV5nVdpHraymeGsKAHYVZynuvMnhCA7xRYrB+2khtcf2P+MY0zK3jYmopmBp2eaV9cKEW2EEAWAlwo2LGV2wnE+4XAuZdGiuTcAcyLaGGYjB/aPFCjZENGTQUOp9i9TovjCsKnLtXL864Q5YKb9vW7RVgJganhtqf0lx7jT0hXjDlTFvRIZVMyCG+mtXRW2FMRMAFzUXJobImoTUVP0LRFtW9QjYIIWH9k/tYntGr94tbgv11m1xqYTz/E8ZUfdtc2qjsAvpi3amZrykzr7n3EYmTeEvLUlvOkcQ2Yr66YzpGHOvlD6sVGYu8zAqrjS9kg66fxi1TIkmYaRWvvvTGerkl3U5tUl98VlqATg1YY9O5iVmTIzF75RyqKeETdsJ7bMRirtDxvj6B2wVDqp6MSrR6cgdowssDTVKv2vaWdkSgs+sv+ZJTyqBGljg28lz7nxlYkwVMsiz6WvsOUhPJcVqtaWpLPU/lFHHfhXXSWipQfDy2zoKjSnKEn/Fy0dbOXE/pYs3ppfBADT8j3ApA/vS1q0k7jM7qKGaGFTv+haHgMvnjUOzyXjU7hCxKiDDviE6ZiRbhnwqjBX4XnoILxDr3z65he+jb4K1HGzhq8XqmoS114do8X7ka4l4e83zkxayRGI69BFeFbGxzti9JVfXDhg+uoAAMC5w7DkCoUzfr9S+HaM3vELlj/8PasrdVtI7pirpI5Q+BYGyx+OjRjrHjmGhP6Vp3qJLTFG2wnHITIF8NOlfpHBg/vKL1Rj/wiY/0h5adjOGPu1NE6RXHy04UgI8QBlHSYRiR45BoQQOYABEZ0HiBi7NnblSfuKfZl/4xUxeswvpEwBxEKIu5CUYq5SaCHB1rEW2C+wcT4uJo7RV34hB+CJucakJK53LfMKImoiz9hXOu+PoVj0ifmFKvfYv2Z+Dsw51OWUE0OkSDg8AsDVsRSLDAzqgiB1jRpr7kvKzpEEolehhOpECDE14Hs5k83LY5b5BRGpS8sGyve7jUIs7zbASGfpy+505hnS+GOTVfGe9JLrTxO26wzAbz5WN21tWe+lD68F/m82avJ56NmmnlTp744dZcQDEAewREBfoJyzjl6XOYiQfh/D8ywdYf9K3ob0FQC+ncLvd5ysY2hp3w32e0dlGK2SLRGNT8EufwGWLH4pM/0gpQAAAABJRU5ErkJggg==" alt="$T&#39; \in U&#39;$" class="math-inline math" style="vertical-align:-0.044em;height:0.885em"> is defined by inheriting 
from both <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> and <code class="code code2 language-cpp2 lang-cpp2 cpp2 highlighted" ><span class='token type identifier cpp2'>Symbolic</span></code>. This ensures that a <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACYAAAAgCAYAAAB+ZAqzAAABvUlEQVRYw82Y4W3CMBCFP0cdIOoIjJAZwga03aDdgKoTVIzAClU2SEYANoARCBtc/5wl9+QUJ5AQS5aN7fM9v3tOcjgRYS7FObcAziJyyWYEqgSOQOucW80GGPAZ9JduDqF0zuVAGwy9ICIouByQCWrufQa+V8H8UUR4ClB+Bf0TUGnMz8BFW4Bnpb00YTiYNQALYKmOARCRS4S0t6C/8Qs96qMifrcnipywtie8sr7QtW3HvNh5a7i+5sRsJMAm0aYF6sh4GdvLT26AfaKDwgArE+1qYBsZ38b0F57mPdHBOgSWYqN2+5gP9S0WtGeg7eEg1Ne+h93RsquXw++1COcyvRE/PR474W1setgtgJ0Z87e1EZGTNWgt2hH0lceiouEVoIjMpYG6RV8+bBGwnXLIYhT+U5ZB/9DntRPx86rtd2x935f4UH3FygmoRKTqOglj6mtozQayhYg0Y35xZFPoa2xg99TXfYA55wozVM+FsUn11QfYpPoaylgzC2CP0FcqY5PrKxXY5PoawlgzC2CP0lcKYx/m926y7FxE/L8suSaqvv2TqGqplDWfBAPsOpLY24pJdofU9RifPb/7eZ3zKDyarQAAAABJRU5ErkJggg==" alt="$T&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"> can be used
whereever a <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> is expected. 
</p>
<figure id="fig-subtype" class="figure align-center"   >
<pre class="para-block pre-fenced pre-fenced3 language-cpp2 lang-cpp2 cpp2 highlighted" data-line="1" data-line-code="2" ><code data-line="2"><span class='token white cpp2'>  </span><span class='token keyword cpp2'>class</span><span class='token white cpp2'> </span><span class='token type identifier cpp2'><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACYAAAAgCAYAAAB+ZAqzAAABvUlEQVRYw82Y4W3CMBCFP0cdIOoIjJAZwga03aDdgKoTVIzAClU2SEYANoARCBtc/5wl9+QUJ5AQS5aN7fM9v3tOcjgRYS7FObcAziJyyWYEqgSOQOucW80GGPAZ9JduDqF0zuVAGwy9ICIouByQCWrufQa+V8H8UUR4ClB+Bf0TUGnMz8BFW4Bnpb00YTiYNQALYKmOARCRS4S0t6C/8Qs96qMifrcnipywtie8sr7QtW3HvNh5a7i+5sRsJMAm0aYF6sh4GdvLT26AfaKDwgArE+1qYBsZ38b0F57mPdHBOgSWYqN2+5gP9S0WtGeg7eEg1Ne+h93RsquXw++1COcyvRE/PR474W1setgtgJ0Z87e1EZGTNWgt2hH0lceiouEVoIjMpYG6RV8+bBGwnXLIYhT+U5ZB/9DntRPx86rtd2x935f4UH3FygmoRKTqOglj6mtozQayhYg0Y35xZFPoa2xg99TXfYA55wozVM+FsUn11QfYpPoaylgzC2CP0FcqY5PrKxXY5PoawlgzC2CP0lcKYx/m926y7FxE/L8suSaqvv2TqGqplDWfBAPsOpLY24pJdofU9RifPb/7eZ3zKDyarQAAAABJRU5ErkJggg==" alt="$T&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"></span></span><span class='token white cpp2'> </span><span class='token operator cpp2'>:</span><span class='token white cpp2'> </span><span class='token type identifier cpp2'><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"></span></span><span class='token delimiter cpp2'>,</span><span class='token white cpp2'> </span><span class='token type identifier cpp2'>Symbolic</span><span class='token white cpp2'> </span><span class='token delimiter curly cpp2 bracket-open'>{</span><br><span class='token white cpp2'>    </span><span class='token type identifier cpp2'><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACYAAAAgCAYAAAB+ZAqzAAABvUlEQVRYw82Y4W3CMBCFP0cdIOoIjJAZwga03aDdgKoTVIzAClU2SEYANoARCBtc/5wl9+QUJ5AQS5aN7fM9v3tOcjgRYS7FObcAziJyyWYEqgSOQOucW80GGPAZ9JduDqF0zuVAGwy9ICIouByQCWrufQa+V8H8UUR4ClB+Bf0TUGnMz8BFW4Bnpb00YTiYNQALYKmOARCRS4S0t6C/8Qs96qMifrcnipywtie8sr7QtW3HvNh5a7i+5sRsJMAm0aYF6sh4GdvLT26AfaKDwgArE+1qYBsZ38b0F57mPdHBOgSWYqN2+5gP9S0WtGeg7eEg1Ne+h93RsquXw++1COcyvRE/PR474W1setgtgJ0Z87e1EZGTNWgt2hH0lceiouEVoIjMpYG6RV8+bBGwnXLIYhT+U5ZB/9DntRPx86rtd2x935f4UH3FygmoRKTqOglj6mtozQayhYg0Y35xZFPoa2xg99TXfYA55wozVM+FsUn11QfYpPoaylgzC2CP0FcqY5PrKxXY5PoawlgzC2CP0lcKYx/m926y7FxE/L8suSaqvv2TqGqplDWfBAPsOpLY24pJdofU9RifPb/7eZ3zKDyarQAAAABJRU5ErkJggg==" alt="$T&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"></span></span><span class='token delimiter parenthesis cpp2 bracket-open'>(</span><span class='token identifier cpp2'>c</span><span class='token operator cpp2'>:</span><span class='token type identifier cpp2'><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"></span></span><span class='token delimiter cpp2'>,</span><span class='token white cpp2'> </span><span class='token identifier cpp2'>e</span><span class='token operator cpp2'>:</span><span class='token type identifier cpp2'>Expr</span><span class='token delimiter parenthesis cpp2 bracket-close'>)</span><span class='token white cpp2'> </span><span class='token operator cpp2'>:</span><span class='token white cpp2'> </span><span class='token type identifier cpp2'><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"></span></span><span class='token delimiter parenthesis cpp2 bracket-open'>(</span><span class='token identifier cpp2'>c</span><span class='token delimiter parenthesis cpp2 bracket-close'>)</span><span class='token delimiter cpp2'>,</span><span class='token white cpp2'> </span><span class='token source cpp2'>S</span><span class='token identifier cpp2'>ymbolic</span><span class='token delimiter parenthesis cpp2 bracket-open'>(</span><span class='token identifier cpp2'>e</span><span class='token delimiter parenthesis cpp2 bracket-close'>)</span><span class='token white cpp2'> </span><span class='token delimiter curly cpp2 bracket-open'>{</span><span class='token delimiter curly cpp2 bracket-close'>}</span><br><br><span class='token white cpp2'>    </span><span class='token keyword extra cpp2'>override</span><span class='token white cpp2'> </span><span class='token identifier cpp2'>o</span><span class='token delimiter parenthesis cpp2 bracket-open'>(</span><span class='token keyword cpp2'>this</span><span class='token operator cpp2'>:</span><span class='token type identifier cpp2'><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"></span></span><span class='token delimiter cpp2'>,</span><span class='token white cpp2'> </span><span class='token identifier cpp2'>f1</span><span class='token operator cpp2'>:</span><span class='token type identifier cpp2'><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACUAAAAjCAYAAAATx8MeAAABwklEQVRYw+2Y7VHCQBCGn81QAFBC7ICxA0MHOnSAHcBYgnaAdqB2EOwA0gGUYOhg/XM3nhlD9kKI/HBnMrlkdu/e7L37cRFV5dJk4AciMgTKHtYcqerBBAp4CMZ74B3YAZ/Awd0BxsASyAL9JVBUdABSYArcesUmQF4Jt4U7QIG5f1d3AbnTVWBn0J843bJJV1WpGi1MRt+AFHg02pRAbtFNnMNmQKGqT02eFZFJ5VVu5NLG0aJRPKg5sDJOnlW2f220GwNbEyj/5ar6bJx8GoyLiKgbxnhqBrxGTB56ah1hl7otNEkJpEayTiokz4x2Q2vk+WSeRigvQlBWO2drXidR1X3EFrTlEzHrJJEloi2fosQM6oT8dD5QJ+Sns4Jqzadj3heRrLYgn6PeGdNLXlf7euOT887qWMlJ+uKTiGxFRIEPVweLU0F1wacbVRVVHanq3bE6mPSVn0wdpxVUn/kpxlO95acYUJ3np649tf5zUH/BJ4un7n9p/vs5IYtI6rrDcXD/cYh08iIieXBABdjEhLs1f4QH0TbXomXte6urfQMH7OqSfnAkXKD8g7poUC7afQ68ds/xnWcHnebKGM35F6xW133FNGZFAAAAAElFTkSuQmCC" alt="$T_1$" class="math-inline math" style="vertical-align:-0.164em;height:0.911em"></span></span><span class='token delimiter cpp2'>,</span><span class='token white cpp2'> </span><span class='token delimiter cpp2'>.</span><span class='token delimiter cpp2'>.</span><span class='token delimiter cpp2'>.</span><span class='token white cpp2'> </span><span class='token delimiter cpp2'>,</span><span class='token white cpp2'> </span><span class='token identifier cpp2'>fk</span><span class='token operator cpp2'>:</span><span class='token type identifier cpp2'><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAjCAYAAADmOUiuAAACT0lEQVRYw82X4XHiMBCFv/VQgC8luARurgPogBs6IB2QuRK4Dkg6SOgAlxDTgSkhdgd7f1ZzigJYMqA7zXhsy7vS8+7TSk9Ulf+5TdyDiJRAl2HOb6raJwMEfnnPR2AHtMAH0Nsd4AF4Amae/RNwCGwAKmAOLJxhCjjngKW5BRRYub5zF7A3WwXaCPup2XZDtl98gwHWUU5/wSmwifTpgH0qwMICuQQOqvp7KOIiMg269pHJejfqJDUHcAVsI31mAUXqSL8HoEkG6CKiqs+RPnPv+ZAwVzk2gkvgNcHHj2Cd4FdZmpNbB1SRRJ8GC2QW6VeOWcFuE6kSjNc+wMSJqjEAC1VN4cVY/pE4z5dVfG/+jW7RAK+of3kAXlH/sgEczT8vCwsRaUSkFZFORNROUVGnmRz8c36PVhf7odNNkZN/qtqr6s7bUepbpfjW/JvF/miRi39eNipL790ieKvo9THFu8jFvxPZqG9VZrLwT0RKEdlYCWpFZPtJk0Tqj2bMhu8fGLyxquCU1AALe9+YzeIu+uPCWKtQPFlfA5T2PvPmW0z+Ef9ebfw18ENVvwfa5QAcVXU39MfbIILllRHsnHq0nx1UkROvNpUmbNz9k+C29iIie0/MA7zHiHFvDsexGjiKSHnRPxDtY651Iv9a49nGi+jbuexwTcoS0/tmYLZBf+NAXhLuOdq5/Xd7qt5aTSyzAAz4V5/Qy/ia2c6IK1Xti8zRO55YEH0I0Pj6nHpgvdf+W3vC3tXepauNuSL4YRHanJGjcwPXAi/AT/f9D/wk7Rb6Pj0bAAAAAElFTkSuQmCC" alt="$T_k$" class="math-inline math" style="vertical-align:-0.164em;height:0.911em"></span></span><span class='token delimiter parenthesis cpp2 bracket-close'>)</span><span class='token white cpp2'> </span><span class='token operator cpp2'>:</span><span class='token white cpp2'> </span><span class='token type identifier cpp2'><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAgCAYAAABgrToAAAACHUlEQVRYw81Y7XHCMAx95jpAjhEygq9sEDZIu0HbDcIMGQFGaLoBdIIWNkhGINlA/eNQVTiOFaCH73znJJb9JD19gCEi3NswxqQAjkTUze4QXAagBtAaY/K7AwhgxdZLc08uNsYkAFr26glENDgBvAKgCbN1bqoAFACS0D3svpydURMRghZ0Gj0CSADMAZRuzd1xEGIJgBTAAkDG9m8ArIioC9xXOZAA8EZEG8RoxjTcMw2rSJlSWDYN7D3tO71TAuRuzBVylXSdZ0/G9pRqgOIAiuWVh1te5QCsfWdr0sySrZsQlzyjC5zVj+eeq/xsDcCMrXfKDJKGALvK0QdTyb9pAFq23ioBSot9iec+cndE1Pz58g/8S4RsHcgO9uzbhFSxV0Z+KQDaAQW8507Jf+XEyG+9FvqtVvklALkFskiZgsmsh2jhlBhM+mr+jXAtcy5t+2oTqhwx80EbgcaY1rMnESnkhYg+rtLiKPlXjFhvz/iWX2K5KBd7UoRV1t381gCj+Cdk0qk50zdnCv4dIinTBEqkesyuXX9dXeVjfhOArpueUn+teG5uZcFMuC62g1mI5+OtAKr5N8C57j8sqOn/7EjQXA7Q8S/V8s8TIEP7rLtjsgWlm74jFT6OBYgD9hkb3bNr/v5w+w4jKaYE8B7tepb9LetG5L8EuftmxyqDO6uV7ZkrmxWArbLhPStNY7OIbPML0TzUMbJy/gAZmUMwaJ60OwAAAABJRU5ErkJggg==" alt="$R&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"></span></span><span class='token white cpp2'> </span><span class='token delimiter curly cpp2 bracket-open'>{</span><br><span class='token white cpp2'>      </span><span class='token keyword extra cpp2'>var</span><span class='token white cpp2'> </span><span class='token identifier cpp2'>c</span><span class='token white cpp2'> </span>:=<span class='token white cpp2'> </span><span class='token type identifier cpp2'><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"></span></span><span class='token delimiter cpp2'>.</span><span class='token identifier cpp2'>o</span><span class='token delimiter parenthesis cpp2 bracket-open'>(</span><span class='token keyword cpp2'>this</span><span class='token delimiter cpp2'>,</span><span class='token white cpp2'> </span><span class='token identifier cpp2'>f1</span><span class='token delimiter cpp2'>,</span><span class='token white cpp2'> </span><span class='token delimiter cpp2'>.</span><span class='token delimiter cpp2'>.</span><span class='token delimiter cpp2'>.</span><span class='token white cpp2'> </span><span class='token delimiter cpp2'>,</span><span class='token identifier cpp2'>fk</span><span class='token delimiter parenthesis cpp2 bracket-close'>)</span><br><span class='token white cpp2'>      </span><span class='token keyword extra cpp2'>var</span><span class='token white cpp2'> </span><span class='token identifier cpp2'>e</span><span class='token white cpp2'> </span>:=<span class='token white cpp2'> </span><span class='token keyword cpp2'>new</span><span class='token white cpp2'> </span><span class='token source cpp2'>E</span><span class='token identifier cpp2'>xpr</span><span class='token delimiter parenthesis cpp2 bracket-open'>(</span><span class='token type identifier cpp2'><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"></span></span><span class='token delimiter cpp2'>.</span><span class='token identifier cpp2'>o</span><span class='token delimiter cpp2'>,</span><span class='token white cpp2'> </span><span class='token identifier cpp2'>expr</span><span class='token delimiter parenthesis cpp2 bracket-open'>(</span><span class='token identifier cpp2'>self</span><span class='token delimiter parenthesis cpp2 bracket-close'>)</span><span class='token delimiter cpp2'>,</span><span class='token white cpp2'> </span><span class='token identifier cpp2'>expr</span><span class='token delimiter parenthesis cpp2 bracket-open'>(</span><span class='token identifier cpp2'>f1</span><span class='token delimiter parenthesis cpp2 bracket-close'>)</span><span class='token delimiter cpp2'>,</span><span class='token white cpp2'> </span><span class='token delimiter cpp2'>.</span><span class='token delimiter cpp2'>.</span><span class='token delimiter cpp2'>.</span><span class='token delimiter cpp2'>,</span><span class='token white cpp2'> </span><span class='token identifier cpp2'>expr</span><span class='token delimiter parenthesis cpp2 bracket-open'>(</span><span class='token identifier cpp2'>fk</span><span class='token delimiter parenthesis cpp2 bracket-close'>)</span><span class='token delimiter parenthesis cpp2 bracket-close'>)</span><br><span class='token white cpp2'>      </span><span class='token keyword cpp2'>return</span><span class='token white cpp2'> </span><span class='token keyword cpp2'>new</span><span class='token white cpp2'> </span><span class='token type identifier cpp2'><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAgCAYAAABgrToAAAACHUlEQVRYw81Y7XHCMAx95jpAjhEygq9sEDZIu0HbDcIMGQFGaLoBdIIWNkhGINlA/eNQVTiOFaCH73znJJb9JD19gCEi3NswxqQAjkTUze4QXAagBtAaY/K7AwhgxdZLc08uNsYkAFr26glENDgBvAKgCbN1bqoAFACS0D3svpydURMRghZ0Gj0CSADMAZRuzd1xEGIJgBTAAkDG9m8ArIioC9xXOZAA8EZEG8RoxjTcMw2rSJlSWDYN7D3tO71TAuRuzBVylXSdZ0/G9pRqgOIAiuWVh1te5QCsfWdr0sySrZsQlzyjC5zVj+eeq/xsDcCMrXfKDJKGALvK0QdTyb9pAFq23ioBSot9iec+cndE1Pz58g/8S4RsHcgO9uzbhFSxV0Z+KQDaAQW8507Jf+XEyG+9FvqtVvklALkFskiZgsmsh2jhlBhM+mr+jXAtcy5t+2oTqhwx80EbgcaY1rMnESnkhYg+rtLiKPlXjFhvz/iWX2K5KBd7UoRV1t381gCj+Cdk0qk50zdnCv4dIinTBEqkesyuXX9dXeVjfhOArpueUn+teG5uZcFMuC62g1mI5+OtAKr5N8C57j8sqOn/7EjQXA7Q8S/V8s8TIEP7rLtjsgWlm74jFT6OBYgD9hkb3bNr/v5w+w4jKaYE8B7tepb9LetG5L8EuftmxyqDO6uV7ZkrmxWArbLhPStNY7OIbPML0TzUMbJy/gAZmUMwaJ60OwAAAABJRU5ErkJggg==" alt="$R&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"></span></span><span class='token delimiter parenthesis cpp2 bracket-open'>(</span><span class='token identifier cpp2'>c</span><span class='token delimiter cpp2'>,</span><span class='token identifier cpp2'>e</span><span class='token delimiter parenthesis cpp2 bracket-close'>)</span><span class='token white cpp2'> </span><br><span class='token white cpp2'>    </span><span class='token delimiter curly cpp2 bracket-close'>}</span><br><span class='token white cpp2'>    </span><span class='token delimiter cpp2'>.</span><span class='token delimiter cpp2'>.</span><span class='token delimiter cpp2'>.</span><br><span class='token white cpp2'>  </span><span class='token delimiter curly cpp2 bracket-close'>}</span><br><span class='token white cpp2'>  </span><br><span class='token white cpp2'>  </span><span class='token keyword cpp2'>class</span><span class='token white cpp2'> </span><span class='token type identifier cpp2'><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAgCAYAAABgrToAAAACHUlEQVRYw81Y7XHCMAx95jpAjhEygq9sEDZIu0HbDcIMGQFGaLoBdIIWNkhGINlA/eNQVTiOFaCH73znJJb9JD19gCEi3NswxqQAjkTUze4QXAagBtAaY/K7AwhgxdZLc08uNsYkAFr26glENDgBvAKgCbN1bqoAFACS0D3svpydURMRghZ0Gj0CSADMAZRuzd1xEGIJgBTAAkDG9m8ArIioC9xXOZAA8EZEG8RoxjTcMw2rSJlSWDYN7D3tO71TAuRuzBVylXSdZ0/G9pRqgOIAiuWVh1te5QCsfWdr0sySrZsQlzyjC5zVj+eeq/xsDcCMrXfKDJKGALvK0QdTyb9pAFq23ioBSot9iec+cndE1Pz58g/8S4RsHcgO9uzbhFSxV0Z+KQDaAQW8507Jf+XEyG+9FvqtVvklALkFskiZgsmsh2jhlBhM+mr+jXAtcy5t+2oTqhwx80EbgcaY1rMnESnkhYg+rtLiKPlXjFhvz/iWX2K5KBd7UoRV1t381gCj+Cdk0qk50zdnCv4dIinTBEqkesyuXX9dXeVjfhOArpueUn+teG5uZcFMuC62g1mI5+OtAKr5N8C57j8sqOn/7EjQXA7Q8S/V8s8TIEP7rLtjsgWlm74jFT6OBYgD9hkb3bNr/v5w+w4jKaYE8B7tepb9LetG5L8EuftmxyqDO6uV7ZkrmxWArbLhPStNY7OIbPML0TzUMbJy/gAZmUMwaJ60OwAAAABJRU5ErkJggg==" alt="$R&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"></span></span><span class='token white cpp2'> </span><span class='token operator cpp2'>:</span><span class='token white cpp2'> </span><span class='token type identifier cpp2'><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABq0lEQVRIx62X4XHCMAyFP+c6gI8RMkKubBA2oCO0I4TrCBmhHaHpBtAJ2rIBGYGwgfvHcEY12DLoznf2RbIsPenZwTnHpQG8AK5gTMAOGIAOsLH9jXcSFWOMBR4BC8yA3s+PsgK2wswCNTAH2kD/HVg55w4nzWuRRzLxG0Q3ZNr0IiP16ZvSeZjapcJuCOx2auc+haFzq7Bdxg5ekS+LYD6eYZeWQ2wvjfM2mG/QSR07jMZ5E8zXSucLsf7OrvYb8bbC9lRwVcHJt0q8X8X6SdXnor/7wg6ZgObse0F/t5k2XWDzFoNKjXcC29Yz2nRkwZDR5HjQVqoxZoroWNFGz865z+TOSry7RNS/Ab5J+tW2SaPk8eUtzrPwFjZ1LidUmv7OaWrn3HiFls+kujefG2Mkj8/Uzv0rpoTPG7EeSyJvRTpzb7K5WO9LnKvxvoDx4dbIN4VXb6wArzv3eNdavCPFdkmvMcbYKjN1P5lR71PF5gP7AmbVPd9rXm+baLMe+HDOjSErNcGtJP8+lv5bk3rF+L0meQV7qh6AdaD7jw5To8t8OnXiotlJ2z+dJqQxSULtcgAAAABJRU5ErkJggg==" alt="$R$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"></span></span><span class='token delimiter cpp2'>,</span><span class='token white cpp2'> </span><span class='token type identifier cpp2'>Symbolic</span><span class='token white cpp2'> </span><span class='token delimiter curly cpp2 bracket-open'>{</span><span class='token white cpp2'> </span><span class='token delimiter cpp2'>.</span><span class='token delimiter cpp2'>.</span><span class='token delimiter cpp2'>.</span><span class='token white cpp2'> </span><span class='token delimiter curly cpp2 bracket-close'>}</span><br><span class='token white cpp2'>  </span><br><span class='token white cpp2'>  </span><span class='token keyword extra cpp2'>function</span><span class='token white cpp2'> </span><span class='token identifier cpp2'>expr</span><span class='token delimiter parenthesis cpp2 bracket-open'>(</span><span class='token identifier cpp2'>v</span><span class='token delimiter parenthesis cpp2 bracket-close'>)</span><span class='token white cpp2'> </span><span class='token operator cpp2'>=</span><span class='token white cpp2'> </span><span class='token identifier cpp2'>v</span><span class='token white cpp2'> </span><span class='token keyword extra cpp2'>instanceof</span><span class='token white cpp2'> </span><span class='token type identifier cpp2'>Symbolic</span><span class='token white cpp2'> </span><span class='token operator cpp2'>?</span><span class='token white cpp2'> </span><span class='token identifier cpp2'>v</span><span class='token delimiter cpp2'>.</span><span class='token identifier cpp2'>getExpr</span><span class='token delimiter parenthesis cpp2 bracket-open'>(</span><span class='token delimiter parenthesis cpp2 bracket-close'>)</span><span class='token white cpp2'> </span><span class='token operator cpp2'>:</span><span class='token white cpp2'> </span><span class='token identifier cpp2'>v</span></code></pre>
<hr  class="figureline madoko" data-line="17">

<div data-line="18"><span data-line="18"></span><fig-caption class="figure-caption"><span class="caption-before"><strong>Figure&#160;<span class="figure-label">5</span>.</strong> </span>Type instrumentation to carry both concrete values and symbolic expressions.</fig-caption><span data-line="18"></span>
</div></figure>
<p class="indent para-continue">A type such as <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACYAAAAgCAYAAAB+ZAqzAAABvUlEQVRYw82Y4W3CMBCFP0cdIOoIjJAZwga03aDdgKoTVIzAClU2SEYANoARCBtc/5wl9+QUJ5AQS5aN7fM9v3tOcjgRYS7FObcAziJyyWYEqgSOQOucW80GGPAZ9JduDqF0zuVAGwy9ICIouByQCWrufQa+V8H8UUR4ClB+Bf0TUGnMz8BFW4Bnpb00YTiYNQALYKmOARCRS4S0t6C/8Qs96qMifrcnipywtie8sr7QtW3HvNh5a7i+5sRsJMAm0aYF6sh4GdvLT26AfaKDwgArE+1qYBsZ38b0F57mPdHBOgSWYqN2+5gP9S0WtGeg7eEg1Ne+h93RsquXw++1COcyvRE/PR474W1setgtgJ0Z87e1EZGTNWgt2hH0lceiouEVoIjMpYG6RV8+bBGwnXLIYhT+U5ZB/9DntRPx86rtd2x935f4UH3FygmoRKTqOglj6mtozQayhYg0Y35xZFPoa2xg99TXfYA55wozVM+FsUn11QfYpPoaylgzC2CP0FcqY5PrKxXY5PoawlgzC2CP0lcKYx/m926y7FxE/L8suSaqvv2TqGqplDWfBAPsOpLY24pJdofU9RifPb/7eZ3zKDyarQAAAABJRU5ErkJggg==" alt="$T&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em">  only can be constructed by providing a concrete value <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA30lEQVQ4y52UURHCMAyGv3AI6CFhEtAwLZMwD5UwDZUwDUgoEigOwksHIUdhJXd52d98f65NhqryLYERSEAGSs0LMANBVflVnAEFIjAYLQBThYUWYKnFxRY7g/I0+HBgNYDQMFGTyYvJiGMDEBxktOJkhHXHZcfNyNLLry6a0AqZDaD0ACwkG0jshRxEJAADr1jpjIMDAFz/gZzsB1Xthvh3z92XCuejqt5F5F5hXSEiCbhttGi6CTs7SNtQ2mHLe57YbPfyNidVHNzqB6dNVc9+oj85TXVWivsJxdY6PAB/ne4jt7G24QAAAABJRU5ErkJggg==" alt="$c$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> of 
type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> and a symbolic expression <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA/0lEQVQ4y6WU/W2DQAzFfxdlALoCIzADIzAD2YAdOkJmYIRkBbIBHaFkg9c/+ogceiWgnGTpZPve2c8fSGJNgBbogRGYLBegfvisPO78YPS9CLbGti4LApTAAAjoVz5pAP0BMcD0CsC+lf3KqCwCwLSBq8/ZLyrPBhDQbiBbM7kxDQUpMmnWJni0PKpz5PeceD5DSmmh4gu4ASdJ1yeLfxpDFN0rPpZyMFYZcG/sPEkSKSUF3Yek+1sgktLeSA6BNID77lRSqo6Bh9INtwegB77n6tShOvWWiniyL8uO7TfOTOOWOGdXgfeEPALFomPbXLf+twoag01BBg9clYvuB0wmtUhHaPolAAAAAElFTkSuQmCC" alt="$e$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> to the constructor for <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACYAAAAgCAYAAAB+ZAqzAAABvUlEQVRYw82Y4W3CMBCFP0cdIOoIjJAZwga03aDdgKoTVIzAClU2SEYANoARCBtc/5wl9+QUJ5AQS5aN7fM9v3tOcjgRYS7FObcAziJyyWYEqgSOQOucW80GGPAZ9JduDqF0zuVAGwy9ICIouByQCWrufQa+V8H8UUR4ClB+Bf0TUGnMz8BFW4Bnpb00YTiYNQALYKmOARCRS4S0t6C/8Qs96qMifrcnipywtie8sr7QtW3HvNh5a7i+5sRsJMAm0aYF6sh4GdvLT26AfaKDwgArE+1qYBsZ38b0F57mPdHBOgSWYqN2+5gP9S0WtGeg7eEg1Ne+h93RsquXw++1COcyvRE/PR474W1setgtgJ0Z87e1EZGTNWgt2hH0lceiouEVoIjMpYG6RV8+bBGwnXLIYhT+U5ZB/9DntRPx86rtd2x935f4UH3FygmoRKTqOglj6mtozQayhYg0Y35xZFPoa2xg99TXfYA55wozVM+FsUn11QfYpPoaylgzC2CP0FcqY5PrKxXY5PoawlgzC2CP0lcKYx/m926y7FxE/L8suSaqvv2TqGqplDWfBAPsOpLY24pJdofU9RifPb/7eZ3zKDyarQAAAABJRU5ErkJggg==" alt="$T&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em">.
This will be done in exactly two places:
</p>
<ul class="list-star loose">
<li>
<p>by the creation of symbolic constants associated with the primary
inputs (<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIkAAAAYCAYAAADOHt4vAAADM0lEQVRo3u2a4VHbQBCFv2UoQKEEpwMDFdh0YEIHpgOnhIxLEFQQ7A4wFQS7A6kErA42P9ibXMTZEnAyGriduZEsyavVvKfdvXdCVXEDGANrYAsUwMw/Xx9ADiiQ77sujbePPmDiO59aMIPazeY7gpnYeTeGCdToBOkFJkcAIjIE5sBIVUuerbDtlLCVtd8DkkWzPmFyZNtb4FJVK+/cuW2z0B9VdQP89A5VCdqo1itMxsA2kLq2lrKKhpS4tusGLdLnEBinUtKqD+kEEytJa8tKzl/WVG6ugV+1VDfx2Jo3kGxlLC5bpM91jenJwtYlJivzXZq/qpatguXmN3BTO37l7S8bAiqAzT5yiEhuBEnWzjrDRFUrVV16/cuqsSdR1aXPJBHJLCUBbJoyBHAaupGIrEVEgQfgZB+Rkr0AshNMAm0GwH3bxtW3H95+3uKZxjtuNFJVUdVvqnoZ6LyTtbdYmDjSDbyZz+otJLn2GH3T0GcMgBNVXYXSWsI2ao/ybkwCWaRqkZWCJBm2ZZgFf5cw7NxiY3LxCn//k8RmILStVSbq5AnDzkW12JgE+xERyURkLiKFjTyUSc68/U1D8BPg0QScZN1ZVEysHGX1TGJkfAD+qOp3m0FNRWRyXPPhK3lPLRTBUY/euDFQtqmxh/IVyU9sTF70IyIytTI1UtXK4p7t6kl8Bp7sefgcuOlLFhGRwlJnYQ/84b4ixhQbE9eP3Nn/ZsCFqp56k41Hu+9SVZfskX7zHZLvDFi/QWpemN/7yBJ2feVz+9G+YsYUGxPP18xIPGu1ClzXN1wD5L8BppwugHNVPe1Rza5Ptcse+IoZUzRMav3I3MVmYt1edS/EtsyYVrg3gWdZffqOt6GTTGK+5+a74J3fUMTyFTOmWJjYzMfFNLYYXWZZsGOh75Arm52RJI1XY5DvWDVetC03yT6v7VqvyWvnXXmai0iWSPJ1RLmgPlKbZpe+sGalrEok+XpZpAysq1WBBnuKfa5wfEAWO3n5TEQGMUSvZK+yfes17tjAU1+v3IzpqENi5CKi9k1Jwb+l6cwEJrVxn/A7iD1ZppgHZrilI5GJgLfApTv/F4urg/voq4NjAAAAAElFTkSuQmCC" alt="$v_1 \ldots v_k$" class="math-inline math" style="vertical-align:-0.161em;height:0.624em">) to the program;
</p></li>
<li>
<p>by the instrumented operations as shown  in Figure&nbsp;<a href="#fig-subtype" title="Type instrumentation to carry both concrete values and symbolic expressions." class="localref" style="target-element:figure"><span class="figure-label">5</span></a>. 
</p></li></ul>

<p>An instrumented operation <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAASCAYAAAC5DOVpAAABBElEQVQ4y5WU4W2EMAyFP24CZsgIzMAIzMBtcFJH6AjtCtcNmIHbIDdCGcH9cQ56Chy4kSJF5vn5+ZEYM+NoAz1wBzKw+J6B2wZ7QpIBAz6BJN9Gjy9Ad0gGfDk4K0mFGRxjBbMHmqRqOrGgKJ82ZO5NqdYF/FR8y44Pa6V/kg0l2HpbYVWeN0vOeOG1RicEeJrZg9jq5PxbyK4S/ImwNE2TqtCztGiy+2CL6rF5jK4ia4Nkk+TcC1kvwSVIVHeTzIxL6VX7DqwPOX+b2SvPKy1RZZWqefPQ/SGvRgbvVq791WrrhDhQVIimvR+l4FSNnFZIbjLLxreq39yfWZKzKxnOLPgD9K5IIvtC36IAAAAASUVORK5CYII=" alt="$o$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> on arguments (<code class="code code2 language-cpp2 lang-cpp2 cpp2 highlighted" ><span class='token keyword cpp2'>this</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>f1</span></code>, &#8230;, <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>fk</span></code>)
first invokes its corresponding underlying
operator <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADsAAAAdCAYAAAAU0BSYAAACYUlEQVRYw+WY7XHbMAyGH+gygOoRNIK8gr2Be9lA2cC5TtBzN3C6QZMN5BFibyCPEHkD9kfBFGH9QTpW6FxxxxNPBkS+BkC8hDjn+F/kxk9EpAT6D1jzi3NulxUs8M3Mt8AT0AEvwE6fACPgHpgY/XtgE+gAVMAUmHnFXED94mgod4ADGv/u0ABa1XVAF6Ffq25/SnfIEW5mHmX0F6gDFpE2PdDmBFuog2+BjXPux6lIEJE6eNVGBtGzpkc28WAbYBlpMwnSYBVpNwLWWcF6TznnHiJtpma+SVirvAbP3gK/EmysZ1cJdpWGctY62wDjGOVz81Vr+C5r2VHPjp1z2yHzVUGOySxFAtD35CuJ60SLiExE5FFEOhHpdaxFZH6QVAxVXwcjCH+izBOhBVCZ3xpPYoD6DamI/HgdgJ1kBLr07M2CDHRmZq9VKti5BZsRaGu8Vp3Q9Z5vU8FaPrzOBPTR7KFO1C+LD6ivlzqIGnN7WjnnNomfmBRD1tcLAi31ELJXylgi80pXiyHr6wWlUboJsE3wqnXSSzF0fb2Q3Jn5U2Q0VMGrbXHt+aohXJ2RQmE0boprz9cAKAmXia9hNBSfIF9HZh51mdBoCHtkUWBz5+v2wPyY2Obhwysvz82H1QNVRP8qqmGnp/Ze8pOVDxs6d7SrqTU2iqZq68fz5jIF7DIAW14Q6Cz4dn/CW92x6FIdD7Tdt9cbU5NKPQz8801zW+WniLSmcQ7wfGYHYnckN/+5/IvIVEHMRQTgu74vlXT4PL072E/bE06pY/4O7y5MyNWRNo16sNfR6Z8wO2X7GyKNOYY8yEMpAAAAAElFTkSuQmCC" alt="$T.o$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> on arguments (<code class="code code2 language-cpp2 lang-cpp2 cpp2 highlighted" ><span class='token keyword cpp2'>this</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>f1</span></code>, &#8230;, <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>fk</span></code>) to get concrete value <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>c</span></code>.
It then constructs a new expression tree <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>e</span></code>
rooted at operator <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADsAAAAdCAYAAAAU0BSYAAACYUlEQVRYw+WY7XHbMAyGH+gygOoRNIK8gr2Be9lA2cC5TtBzN3C6QZMN5BFibyCPEHkD9kfBFGH9QTpW6FxxxxNPBkS+BkC8hDjn+F/kxk9EpAT6D1jzi3NulxUs8M3Mt8AT0AEvwE6fACPgHpgY/XtgE+gAVMAUmHnFXED94mgod4ADGv/u0ABa1XVAF6Ffq25/SnfIEW5mHmX0F6gDFpE2PdDmBFuog2+BjXPux6lIEJE6eNVGBtGzpkc28WAbYBlpMwnSYBVpNwLWWcF6TznnHiJtpma+SVirvAbP3gK/EmysZ1cJdpWGctY62wDjGOVz81Vr+C5r2VHPjp1z2yHzVUGOySxFAtD35CuJ60SLiExE5FFEOhHpdaxFZH6QVAxVXwcjCH+izBOhBVCZ3xpPYoD6DamI/HgdgJ1kBLr07M2CDHRmZq9VKti5BZsRaGu8Vp3Q9Z5vU8FaPrzOBPTR7KFO1C+LD6ivlzqIGnN7WjnnNomfmBRD1tcLAi31ELJXylgi80pXiyHr6wWlUboJsE3wqnXSSzF0fb2Q3Jn5U2Q0VMGrbXHt+aohXJ2RQmE0boprz9cAKAmXia9hNBSfIF9HZh51mdBoCHtkUWBz5+v2wPyY2Obhwysvz82H1QNVRP8qqmGnp/Ze8pOVDxs6d7SrqTU2iqZq68fz5jIF7DIAW14Q6Cz4dn/CW92x6FIdD7Tdt9cbU5NKPQz8801zW+WniLSmcQ7wfGYHYnckN/+5/IvIVEHMRQTgu74vlXT4PL072E/bE06pY/4O7y5MyNWRNo16sNfR6Z8wO2X7GyKNOYY8yEMpAAAAAElFTkSuQmCC" alt="$T.o$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em">, whose children are the result of
mapping the function <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>expr</span></code> over (<code class="code code2 language-cpp2 lang-cpp2 cpp2 highlighted" ><span class='token keyword cpp2'>this</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>f1</span></code>, &#8230;, <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>fk</span></code>). 
The helper function <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>expr</span><span class='token delimiter parenthesis python bracket-open'>(</span><span class='token identifier python'>v</span><span class='token delimiter parenthesis python bracket-close'>)</span></code>
evaluates to an expression tree in the case that <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>v</span></code> is of <code class="code code2 language-cpp2 lang-cpp2 cpp2 highlighted" ><span class='token type identifier cpp2'>Symbolic</span></code> type
(representing a type in <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAgCAYAAABgrToAAAACF0lEQVRYw82X/W3bMBDFfxQ8gNAR1A00g7yBXG+QbNCMUGQEd4NG3sDpBo03kEawtcHlj56KM0shlCgFPoCwwC8/3j0e3zkR4d7MOVcAFxHpszsEVwEtcHXO1XcHEHgy31t3TyF2zuXA1XTtUIDfAZnQKhHBb0ARuf5hZH1t5rQiwkaRHoEO+AJ8VcDWjsAJuAC9iLyGPCAinXNup0D3QGmGX3WPHngZceLefD8Pm4ZOcjUnOYXmxDSzTxk5f/jP69C3GbniuelqEmh1AV5E5Bx5ewf7acPin+LB40uR4MEp3juY/8z/9QcmNj5RZ4Kr/p5/Mh0ON/0f8O+QAPAQy1/v9t9ELPuAf6cE/lUT1tfDTReRzk8N9iR+Psxnei+fyL+3sfn+xNNC/Kttqog8zFtoPAuExSbWubafsP6b/v4IDWaGf6U31nwS/zrgKCJHRp6nIP8Swluk5s+xEG/N9znRe/1/t3GmZSvwb5u4/sY2gXcwNf/VwG4pgFkgvIzJqYgHv1wgAkGAS4W3AjoR6ZcGWC4U3r2K28Us0zqA1Bus73gJ/FoUoOYta38SqrFzjDidanlqglbPRYuDSXsHNGAxQ7m0Kdox5iWxVVY5MQK/9eV4XKVY9iRPtMxS7raq5fI1vHejB4caIkbqG2HRrAVsTLCW6hVRXj7r01VptTcUVC1Qrw0uWDQZRdx4l6fVQqj6DGBDewfKfKJpSn3rWAAAAABJRU5ErkJggg==" alt="$U&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em">) and evaluates to <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>v</span></code> itself, a concrete value
of some type in <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAcCAYAAAB2+A+pAAABj0lEQVRIx7WW7XHCMAyGH+c6QK4jpBt4hrBBemxAN+gOHYEVSDeAjgAbhBEgG6g/qvRUY4gTp7rTXS6WrI9XkoWIALwDMoFrESFkoErU3zgRwTlXAR54Bl7UEUufwB64AL2IHLhDzrlGHVjrnQMd9I4e2HHH86vxbh+TSWFzjw/PniIeV0BpfrXMpwuwE5HTzUnEy02AR5URcTRaEYkabo3RLsNo/RNX/LyIpKcOCmIuvT7SL0bw3WcYrh/qB+kJ+7mcmebyEb6xVK/M91lE+oxo+2g1x1K9IL7rMf3C4OuDs/bf8LUYh/hmtFGV0v/FHXxPmdH2InJOSvWC+K6S9O2UGXv2JozJZlROhT8Wwten9n+xcJrr1P4fDPuFxuRal4YkKpfA17SRT5T/xSV3Pm+B4wT5vxFnFpVP1onsWNWMl6gDtlP0huLaGcz9xIL60kn1NkkreD+T1x0tpg44zqmLmx1JeTtidHhQ2tnDJlIknV561YnWqFMbswh2KWMx2bBxoFEjtug6bZk6x+DA32lYn1cpV7d9AAAAAElFTkSuQmCC" alt="$U$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">, otherwise.
Finally, having computed the values <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>c</span></code> and <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>e</span></code>, the instrumented operator 
returns <code class="code code2 language-cpp2 lang-cpp2 cpp2 highlighted" ><span class="code-escaped"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAgCAYAAABgrToAAAACHUlEQVRYw81Y7XHCMAx95jpAjhEygq9sEDZIu0HbDcIMGQFGaLoBdIIWNkhGINlA/eNQVTiOFaCH73znJJb9JD19gCEi3NswxqQAjkTUze4QXAagBtAaY/K7AwhgxdZLc08uNsYkAFr26glENDgBvAKgCbN1bqoAFACS0D3svpydURMRghZ0Gj0CSADMAZRuzd1xEGIJgBTAAkDG9m8ArIioC9xXOZAA8EZEG8RoxjTcMw2rSJlSWDYN7D3tO71TAuRuzBVylXSdZ0/G9pRqgOIAiuWVh1te5QCsfWdr0sySrZsQlzyjC5zVj+eeq/xsDcCMrXfKDJKGALvK0QdTyb9pAFq23ioBSot9iec+cndE1Pz58g/8S4RsHcgO9uzbhFSxV0Z+KQDaAQW8507Jf+XEyG+9FvqtVvklALkFskiZgsmsh2jhlBhM+mr+jXAtcy5t+2oTqhwx80EbgcaY1rMnESnkhYg+rtLiKPlXjFhvz/iWX2K5KBd7UoRV1t381gCj+Cdk0qk50zdnCv4dIinTBEqkesyuXX9dXeVjfhOArpueUn+teG5uZcFMuC62g1mI5+OtAKr5N8C57j8sqOn/7EjQXA7Q8S/V8s8TIEP7rLtjsgWlm74jFT6OBYgD9hkb3bNr/v5w+w4jKaYE8B7tepb9LetG5L8EuftmxyqDO6uV7ZkrmxWArbLhPStNY7OIbPML0TzUMbJy/gAZmUMwaJ60OwAAAABJRU5ErkJggg==" alt="$R&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"></span><span class='token delimiter parenthesis cpp2 bracket-open'>(</span><span class='token identifier cpp2'>c</span><span class='token delimiter cpp2'>,</span><span class='token identifier cpp2'>e</span><span class='token delimiter parenthesis cpp2 bracket-close'>)</span></code>, where <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABq0lEQVRIx62X4XHCMAyFP+c6gI8RMkKubBA2oCO0I4TrCBmhHaHpBtAJ2rIBGYGwgfvHcEY12DLoznf2RbIsPenZwTnHpQG8AK5gTMAOGIAOsLH9jXcSFWOMBR4BC8yA3s+PsgK2wswCNTAH2kD/HVg55w4nzWuRRzLxG0Q3ZNr0IiP16ZvSeZjapcJuCOx2auc+haFzq7Bdxg5ekS+LYD6eYZeWQ2wvjfM2mG/QSR07jMZ5E8zXSucLsf7OrvYb8bbC9lRwVcHJt0q8X8X6SdXnor/7wg6ZgObse0F/t5k2XWDzFoNKjXcC29Yz2nRkwZDR5HjQVqoxZoroWNFGz865z+TOSry7RNS/Ab5J+tW2SaPk8eUtzrPwFjZ1LidUmv7OaWrn3HiFls+kujefG2Mkj8/Uzv0rpoTPG7EeSyJvRTpzb7K5WO9LnKvxvoDx4dbIN4VXb6wArzv3eNdavCPFdkmvMcbYKjN1P5lR71PF5gP7AmbVPd9rXm+baLMe+HDOjSErNcGtJP8+lv5bk3rF+L0meQV7qh6AdaD7jw5To8t8OnXiotlJ2z+dJqQxSULtcgAAAABJRU5ErkJggg==" alt="$R$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> is the return type of operator <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADsAAAAdCAYAAAAU0BSYAAACYUlEQVRYw+WY7XHbMAyGH+gygOoRNIK8gr2Be9lA2cC5TtBzN3C6QZMN5BFibyCPEHkD9kfBFGH9QTpW6FxxxxNPBkS+BkC8hDjn+F/kxk9EpAT6D1jzi3NulxUs8M3Mt8AT0AEvwE6fACPgHpgY/XtgE+gAVMAUmHnFXED94mgod4ADGv/u0ABa1XVAF6Ffq25/SnfIEW5mHmX0F6gDFpE2PdDmBFuog2+BjXPux6lIEJE6eNVGBtGzpkc28WAbYBlpMwnSYBVpNwLWWcF6TznnHiJtpma+SVirvAbP3gK/EmysZ1cJdpWGctY62wDjGOVz81Vr+C5r2VHPjp1z2yHzVUGOySxFAtD35CuJ60SLiExE5FFEOhHpdaxFZH6QVAxVXwcjCH+izBOhBVCZ3xpPYoD6DamI/HgdgJ1kBLr07M2CDHRmZq9VKti5BZsRaGu8Vp3Q9Z5vU8FaPrzOBPTR7KFO1C+LD6ivlzqIGnN7WjnnNomfmBRD1tcLAi31ELJXylgi80pXiyHr6wWlUboJsE3wqnXSSzF0fb2Q3Jn5U2Q0VMGrbXHt+aohXJ2RQmE0boprz9cAKAmXia9hNBSfIF9HZh51mdBoCHtkUWBz5+v2wPyY2Obhwysvz82H1QNVRP8qqmGnp/Ze8pOVDxs6d7SrqTU2iqZq68fz5jIF7DIAW14Q6Cz4dn/CW92x6FIdD7Tdt9cbU5NKPQz8801zW+WniLSmcQ7wfGYHYnckN/+5/IvIVEHMRQTgu74vlXT4PL072E/bE06pY/4O7y5MyNWRNo16sNfR6Z8wO2X7GyKNOYY8yEMpAAAAAElFTkSuQmCC" alt="$T.o$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em">,
and <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAgCAYAAABgrToAAAACHUlEQVRYw81Y7XHCMAx95jpAjhEygq9sEDZIu0HbDcIMGQFGaLoBdIIWNkhGINlA/eNQVTiOFaCH73znJJb9JD19gCEi3NswxqQAjkTUze4QXAagBtAaY/K7AwhgxdZLc08uNsYkAFr26glENDgBvAKgCbN1bqoAFACS0D3svpydURMRghZ0Gj0CSADMAZRuzd1xEGIJgBTAAkDG9m8ArIioC9xXOZAA8EZEG8RoxjTcMw2rSJlSWDYN7D3tO71TAuRuzBVylXSdZ0/G9pRqgOIAiuWVh1te5QCsfWdr0sySrZsQlzyjC5zVj+eeq/xsDcCMrXfKDJKGALvK0QdTyb9pAFq23ioBSot9iec+cndE1Pz58g/8S4RsHcgO9uzbhFSxV0Z+KQDaAQW8507Jf+XEyG+9FvqtVvklALkFskiZgsmsh2jhlBhM+mr+jXAtcy5t+2oTqhwx80EbgcaY1rMnESnkhYg+rtLiKPlXjFhvz/iWX2K5KBd7UoRV1t381gCj+Cdk0qk50zdnCv4dIinTBEqkesyuXX9dXeVjfhOArpueUn+teG5uZcFMuC62g1mI5+OtAKr5N8C57j8sqOn/7EjQXA7Q8S/V8s8TIEP7rLtjsgWlm74jFT6OBYgD9hkb3bNr/v5w+w4jKaYE8B7tepb9LetG5L8EuftmxyqDO6uV7ZkrmxWArbLhPStNY7OIbPML0TzUMbJy/gAZmUMwaJ60OwAAAABJRU5ErkJggg==" alt="$R&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"> is a subtype of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABq0lEQVRIx62X4XHCMAyFP+c6gI8RMkKubBA2oCO0I4TrCBmhHaHpBtAJ2rIBGYGwgfvHcEY12DLoznf2RbIsPenZwTnHpQG8AK5gTMAOGIAOsLH9jXcSFWOMBR4BC8yA3s+PsgK2wswCNTAH2kD/HVg55w4nzWuRRzLxG0Q3ZNr0IiP16ZvSeZjapcJuCOx2auc+haFzq7Bdxg5ekS+LYD6eYZeWQ2wvjfM2mG/QSR07jMZ5E8zXSucLsf7OrvYb8bbC9lRwVcHJt0q8X8X6SdXnor/7wg6ZgObse0F/t5k2XWDzFoNKjXcC29Yz2nRkwZDR5HjQVqoxZoroWNFGz865z+TOSry7RNS/Ab5J+tW2SaPk8eUtzrPwFjZ1LidUmv7OaWrn3HiFls+kujefG2Mkj8/Uzv0rpoTPG7EeSyJvRTpzb7K5WO9LnKvxvoDx4dbIN4VXb6wArzv3eNdavCPFdkmvMcbYKjN1P5lR71PF5gP7AmbVPd9rXm+baLMe+HDOjSErNcGtJP8+lv5bk3rF+L0meQV7qh6AdaD7jw5To8t8OnXiotlJ2z+dJqQxSULtcgAAAABJRU5ErkJggg==" alt="$R$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> from universe <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAgCAYAAABgrToAAAACF0lEQVRYw82X/W3bMBDFfxQ8gNAR1A00g7yBXG+QbNCMUGQEd4NG3sDpBo03kEawtcHlj56KM0shlCgFPoCwwC8/3j0e3zkR4d7MOVcAFxHpszsEVwEtcHXO1XcHEHgy31t3TyF2zuXA1XTtUIDfAZnQKhHBb0ARuf5hZH1t5rQiwkaRHoEO+AJ8VcDWjsAJuAC9iLyGPCAinXNup0D3QGmGX3WPHngZceLefD8Pm4ZOcjUnOYXmxDSzTxk5f/jP69C3GbniuelqEmh1AV5E5Bx5ewf7acPin+LB40uR4MEp3juY/8z/9QcmNj5RZ4Kr/p5/Mh0ON/0f8O+QAPAQy1/v9t9ELPuAf6cE/lUT1tfDTReRzk8N9iR+Psxnei+fyL+3sfn+xNNC/Kttqog8zFtoPAuExSbWubafsP6b/v4IDWaGf6U31nwS/zrgKCJHRp6nIP8Swluk5s+xEG/N9znRe/1/t3GmZSvwb5u4/sY2gXcwNf/VwG4pgFkgvIzJqYgHv1wgAkGAS4W3AjoR6ZcGWC4U3r2K28Us0zqA1Bus73gJ/FoUoOYta38SqrFzjDidanlqglbPRYuDSXsHNGAxQ7m0Kdox5iWxVVY5MQK/9eV4XKVY9iRPtMxS7raq5fI1vHejB4caIkbqG2HRrAVsTLCW6hVRXj7r01VptTcUVC1Qrw0uWDQZRdx4l6fVQqj6DGBDewfKfKJpSn3rWAAAAABJRU5ErkJggg==" alt="$U&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em">.
</p>
<p class="indent">Looked at another way, the universe <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAgCAYAAABgrToAAAACF0lEQVRYw82X/W3bMBDFfxQ8gNAR1A00g7yBXG+QbNCMUGQEd4NG3sDpBo03kEawtcHlj56KM0shlCgFPoCwwC8/3j0e3zkR4d7MOVcAFxHpszsEVwEtcHXO1XcHEHgy31t3TyF2zuXA1XTtUIDfAZnQKhHBb0ARuf5hZH1t5rQiwkaRHoEO+AJ8VcDWjsAJuAC9iLyGPCAinXNup0D3QGmGX3WPHngZceLefD8Pm4ZOcjUnOYXmxDSzTxk5f/jP69C3GbniuelqEmh1AV5E5Bx5ewf7acPin+LB40uR4MEp3juY/8z/9QcmNj5RZ4Kr/p5/Mh0ON/0f8O+QAPAQy1/v9t9ELPuAf6cE/lUT1tfDTReRzk8N9iR+Psxnei+fyL+3sfn+xNNC/Kttqog8zFtoPAuExSbWubafsP6b/v4IDWaGf6U31nwS/zrgKCJHRp6nIP8Swluk5s+xEG/N9znRe/1/t3GmZSvwb5u4/sY2gXcwNf/VwG4pgFkgvIzJqYgHv1wgAkGAS4W3AjoR6ZcGWC4U3r2K28Us0zqA1Bus73gJ/FoUoOYta38SqrFzjDidanlqglbPRYuDSXsHNGAxQ7m0Kdox5iWxVVY5MQK/9eV4XKVY9iRPtMxS7raq5fI1vHejB4caIkbqG2HRrAVsTLCW6hVRXj7r01VptTcUVC1Qrw0uWDQZRdx4l6fVQqj6DGBDewfKfKJpSn3rWAAAAABJRU5ErkJggg==" alt="$U&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"> represents the &#8220;tainting&#8221; of
types from <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAcCAYAAAB2+A+pAAABj0lEQVRIx7WW7XHCMAyGH+c6QK4jpBt4hrBBemxAN+gOHYEVSDeAjgAbhBEgG6g/qvRUY4gTp7rTXS6WrI9XkoWIALwDMoFrESFkoErU3zgRwTlXAR54Bl7UEUufwB64AL2IHLhDzrlGHVjrnQMd9I4e2HHH86vxbh+TSWFzjw/PniIeV0BpfrXMpwuwE5HTzUnEy02AR5URcTRaEYkabo3RLsNo/RNX/LyIpKcOCmIuvT7SL0bw3WcYrh/qB+kJ+7mcmebyEb6xVK/M91lE+oxo+2g1x1K9IL7rMf3C4OuDs/bf8LUYh/hmtFGV0v/FHXxPmdH2InJOSvWC+K6S9O2UGXv2JozJZlROhT8Wwten9n+xcJrr1P4fDPuFxuRal4YkKpfA17SRT5T/xSV3Pm+B4wT5vxFnFpVP1onsWNWMl6gDtlP0huLaGcz9xIL60kn1NkkreD+T1x0tpg44zqmLmx1JeTtidHhQ2tnDJlIknV561YnWqFMbswh2KWMx2bBxoFEjtug6bZk6x+DA32lYn1cpV7d9AAAAAElFTkSuQmCC" alt="$U$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">. Tainted values flow from program inputs to the 
operands of operators. If an operator has been redefined
(as above) then taintedness propagates from its inputs to its outputs.
On the other hand, if the operator has not been redefined, then it will
not propagate taintedness. In the context of DSE, &#8220;taintedness&#8221; means
that the instrumented semantics carries along a symbolic expression tree <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA/0lEQVQ4y6WU/W2DQAzFfxdlALoCIzADIzAD2YAdOkJmYIRkBbIBHaFkg9c/+ogceiWgnGTpZPve2c8fSGJNgBbogRGYLBegfvisPO78YPS9CLbGti4LApTAAAjoVz5pAP0BMcD0CsC+lf3KqCwCwLSBq8/ZLyrPBhDQbiBbM7kxDQUpMmnWJni0PKpz5PeceD5DSmmh4gu4ASdJ1yeLfxpDFN0rPpZyMFYZcG/sPEkSKSUF3Yek+1sgktLeSA6BNID77lRSqo6Bh9INtwegB77n6tShOvWWiniyL8uO7TfOTOOWOGdXgfeEPALFomPbXLf+twoag01BBg9clYvuB0wmtUhHaPolAAAAAElFTkSuQmCC" alt="$e$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">
along with a concrete value <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA30lEQVQ4y52UURHCMAyGv3AI6CFhEtAwLZMwD5UwDZUwDUgoEigOwksHIUdhJXd52d98f65NhqryLYERSEAGSs0LMANBVflVnAEFIjAYLQBThYUWYKnFxRY7g/I0+HBgNYDQMFGTyYvJiGMDEBxktOJkhHXHZcfNyNLLry6a0AqZDaD0ACwkG0jshRxEJAADr1jpjIMDAFz/gZzsB1Xthvh3z92XCuejqt5F5F5hXSEiCbhttGi6CTs7SNtQ2mHLe57YbPfyNidVHNzqB6dNVc9+oj85TXVWivsJxdY6PAB/ne4jt7G24QAAAABJRU5ErkJggg==" alt="$c$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">.
</p>
<p class="indent">The choice of types from the universe <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAgCAYAAABgrToAAAACF0lEQVRYw82X/W3bMBDFfxQ8gNAR1A00g7yBXG+QbNCMUGQEd4NG3sDpBo03kEawtcHlj56KM0shlCgFPoCwwC8/3j0e3zkR4d7MOVcAFxHpszsEVwEtcHXO1XcHEHgy31t3TyF2zuXA1XTtUIDfAZnQKhHBb0ARuf5hZH1t5rQiwkaRHoEO+AJ8VcDWjsAJuAC9iLyGPCAinXNup0D3QGmGX3WPHngZceLefD8Pm4ZOcjUnOYXmxDSzTxk5f/jP69C3GbniuelqEmh1AV5E5Bx5ewf7acPin+LB40uR4MEp3juY/8z/9QcmNj5RZ4Kr/p5/Mh0ON/0f8O+QAPAQy1/v9t9ELPuAf6cE/lUT1tfDTReRzk8N9iR+Psxnei+fyL+3sfn+xNNC/Kttqog8zFtoPAuExSbWubafsP6b/v4IDWaGf6U31nwS/zrgKCJHRp6nIP8Swluk5s+xEG/N9znRe/1/t3GmZSvwb5u4/sY2gXcwNf/VwG4pgFkgvIzJqYgHv1wgAkGAS4W3AjoR6ZcGWC4U3r2K28Us0zqA1Bus73gJ/FoUoOYta38SqrFzjDidanlqglbPRYuDSXsHNGAxQ7m0Kdox5iWxVVY5MQK/9eV4XKVY9iRPtMxS7raq5fI1vHejB4caIkbqG2HRrAVsTLCW6hVRXj7r01VptTcUVC1Qrw0uWDQZRdx4l6fVQqj6DGBDewfKfKJpSn3rWAAAAABJRU5ErkJggg==" alt="$U&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"> determines how symbolic
expressions are constructed. For each <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHAAAAAfCAYAAAA/QknEAAADy0lEQVRo3u2b0XHiMBCGPzEU4JAKzteBb66CkA7IpYIjHcCkgpukAygB6ICkgkvoADq4QAd7D6zmFA8G2ZaDILczHnuwJFa72v1Xq7UREf7T6VLLPhhjEmOMfMCVnKswjTGDkrLoFoyTevbvt51+987zCpgBS+AN2OgdoAMMAffPh8Ai1wYgBa6Bnm0oIpszNoiZyq4DfAUGO97PrUxF5GnXICKyMsbcqPxugcx5/aRjbIAJIoK60SUgQN/+VnTpAKLX0qN9pm3Xh9qe0wWsHTnNA4yT5d+11WQz1fZQRMYeK62bW1V7SUQWxpgN8PJZsMkYkwIuXExrDPcGTERkUYSBt8BCRB49GMtyP809mXhR9/JZKI9vTzXGSoHRrhcWA/uKY6UZK/LjO6hTcxWWtQDrVVLgck/TpafXKUvXbkwhIquK8+haL7ZTgdaiSkzCZWxRgpekaQvUudzrIktK9Js0EFx1A1nfzb7+bXWfkw9gLG0KA3VrMnV4WzjRmo2ii/B51QA/efyb11wIo30N1kDqGQ1lTlQlQNezX9JUBKoTtFHa1HcuDUefg5yckorjJEXRp9PGf8J5xkoykzakPFEFdiPaPpTaZu0Zp3do4bdLupCq+BfcVambshvab024wgjw7/ZQ/9aRGAtBNqK9ikl5O7ZZ05oLYR5EgTX2f00Iqad4/FgUXsey/yuxzSoKhIJZYBDGApHN2/6KcANfGWZ2yHtzyLu0jsBYiC1DBswiTYyHgplrn/7tE8S/7rFd+KGsSSCY6ekmvr4CY8I/TQgAvClO1KLAAdB1IPzLfA2lXcH6jo1/lwGiO1dYABeB3HEoL9Vlmz/dhFJgFPin9Efv430pshK0DIilWSAvdYvHMV1VCzz2/s+6vLmIzIiEdpSKLCqOk+pC+OnTvuUxYEz45wrme2QxTB6Pqybuh2zPZr0WgDlUlWaMGQAPDv6ZCFb7EuiIyEVkFriuIyc1lle2qcFFEAuMDP8sjYDEGNOPRYGKo5ucKyy7AKbAuEx2yUeBMeGfFdajYuFDZGWKk4KAxoeeNfNyV6ZT68Twz6U7trnC54iU6JalPPgGLQoJAFdVVvO+86gRAQ4mGzx36ytfr0RwkJs7oxRg5Hm+Oq36f0ZE3Mx3x7m/K8hVeleYaqOtY+YkFQdtycHQp7LuA3jKFM9SldMY+K3PbrHzSnme1cET+FfUW+UaRLDqM2cOa1VoT4WVHJGvnirSLfBdKn9BKgjMOX3coueE9yUDiA3w5VRL/s05fp2kQc0Ptt8nWEgozOyIyPBU5/oXJlUEAeXOaG8AAAAASUVORK5CYII=" alt="$T \in U$" class="math-inline math" style="vertical-align:-0.044em;height:0.807em">, the &#8220;most symbolic&#8221;
(least concrete) choice is the <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACYAAAAgCAYAAAB+ZAqzAAABvUlEQVRYw82Y4W3CMBCFP0cdIOoIjJAZwga03aDdgKoTVIzAClU2SEYANoARCBtc/5wl9+QUJ5AQS5aN7fM9v3tOcjgRYS7FObcAziJyyWYEqgSOQOucW80GGPAZ9JduDqF0zuVAGwy9ICIouByQCWrufQa+V8H8UUR4ClB+Bf0TUGnMz8BFW4Bnpb00YTiYNQALYKmOARCRS4S0t6C/8Qs96qMifrcnipywtie8sr7QtW3HvNh5a7i+5sRsJMAm0aYF6sh4GdvLT26AfaKDwgArE+1qYBsZ38b0F57mPdHBOgSWYqN2+5gP9S0WtGeg7eEg1Ne+h93RsquXw++1COcyvRE/PR474W1setgtgJ0Z87e1EZGTNWgt2hH0lceiouEVoIjMpYG6RV8+bBGwnXLIYhT+U5ZB/9DntRPx86rtd2x935f4UH3FygmoRKTqOglj6mtozQayhYg0Y35xZFPoa2xg99TXfYA55wozVM+FsUn11QfYpPoaylgzC2CP0FcqY5PrKxXY5PoawlgzC2CP0lcKYx/m926y7FxE/L8suSaqvv2TqGqplDWfBAPsOpLY24pJdofU9RifPb/7eZ3zKDyarQAAAABJRU5ErkJggg==" alt="$T&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"> that redefines every operator of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em">
(as shown in Figure&nbsp;<a href="#fig-subtype" title="Type instrumentation to carry both concrete values and symbolic expressions." class="localref" style="target-element:figure"><span class="figure-label">5</span></a>).
The &#8220;least symbolic&#8221; (most concrete) choice is <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAAAgCAYAAADUp8wPAAACjUlEQVRo3u2b4W3bMBCFHwUNoHoEj+CsoG7QpBskGzjoBEW8QTNC4Q2iEVxtYI8QeYPXHz0VDCG1pEzSlsgDCEm0aNn8ePeONK1I4lZMKbUG8E7yjGxBrbgh6DWAI4BOKfUlo0kEPIBn7fxzRpMAeKVUBaDWqt4ymrBWGp3fRXjmpwEN16GfSO5ThBGTQaldfNM7H8BeNPcdwFmOALCSsFwbYbo17gGAtYTtv5o9krh91c5fEnbEeAxIQjL7IwACeOzrxoqEYko5Wty/kXu7kdf5r9dTKTEZmJVbyw9IrbxYtukAvA3U167vtVDoURkUWqhtSe4sdGhjVNkmYgcJX6bda+ffEw7zURn04B8B/LBsrOsKSDaW7VYAfg3UP8jxNfGFm6gMin70kHy1bKzPsVuHL1aZHi8rdVXqSd01GBQSYn46NNZHW+PQbi2hRrc+02xInhIP89EZdADWjglIX2rLdtVQxi5hhwA2iWfz0RkUAO4cvG2Stoh23w0sVmwkoWmRtkVnUDiG2KnagoHnPORMfrRvgjNwXaufqi1DdgKwT3V59gLzwsAa/AVzx7HR15C8D5wtb5VSjFSC/7Dkk0E5caS5zB2vaa2sd1eBn3NGnF8UvTFwAT9ZW66onY0HSbol88agmDjaltSZyem7NXjf+p7tuvru4vFz1Pcle/vFDGzBz07fF2heGUzx+OztM9d3q6x+zvouW7afIkzngD8bHHaBvod3BqXjSJubvn/YaxbBdhG83QuD0rLzZqnvJJ/xcb9+1ncHjc/6vjB9/y/4PH9f3vzd1uOfjOtDRhHdgjBQJPW9byvtOJQY7WXE9Rv8AeCQ/93qxbPjMjA28k8p25S3TQX4M0UUBr8BrgUk4z7AhP8AAAAASUVORK5CYII=" alt="$T&#39; = T$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"> which
redefines no operators.  Let <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAANoAAAArCAYAAAAe05ZnAAAJZklEQVR42u1d/XHjOg4HM1cA11fBeTtw3nWgdKDcq+CUDpy5Cna8HSivgntKB0oJT+lA3g5W6YD3R8AEy/ADoGVHuiFmPMnYFAWS+PgRgChljIFChdZCSqmdMeZ5SfwAwNEY8xJrd1WWrtBKFEwrpUYA2C6MtQ0ADEqpbVG0QmtXsi0A/ACAR2PM45J4M8Y8AcAhpWyqQMdCK1C0EeHZzYJ5bAGgAoBrH4wsina6pb1HOLMBAI1/j8aY60/mrQKAO8KTRj4fjDF3gn4aALgGgIMx5vgJ4+hQgP8R2wcppTQATBdg6UuIj5hB+FtRl5PICvEGAHbk++NCeLPKRSHNILTSDdmL3F5YyRoAqAHgNhVsAID/OPP/CAAjAPwEgBf8a8dxj8pr6R4Anp02gPN2gzxYqBjj4xYh5N4Y893FmOUzwwcA9gBg8NMsjLee8LYVXDeR69pP4HsCgIHZduTOvTMfI6P9DttOjLYdttX0+xIMmY/+Sf7/c2G8WY/2IoR/D/j3Ca3+Jb3ZAT3yPaPtDsd4b4x5YHRPvVkyuILphBcA+IvRt+X3j7JHO49gTCgYR2PM1wXxRfcuj8aY2xXMpeWZNZeolBVnX4xKSeHzDUYOU9f1yM8do+2AXvDa5vyKR5svKKKJ9V8S/Yv8369kSu1+q2W2bwRtK8dbcddrI9jffsO/b0pZFG0eqhYszDQC9rSS+Wwc6JryUMCEjO58SCpMNDfIRXJ9TVG0eel2wcJsjcDxM8LzGeigIhD8hXHJ78I9cZW5VlvmHu0XJcbIaVG0Mwjzy4KEdsmQNmW0uN6mgdfKDM587JyveuZ1Gl4DSZK1/YuOpyja6cK8W4E3W9P+rBLyey3w1Fn7M1QwaQFCT+95FdNipdReKTUopSb8jEqpXilVp9w/uW5USu05VgOvGdGCeC10ql9s05K+Jvy/DvTZ4JhG0m8b4oEjzDhvI5m3zmNNWTAKr6V9DZz5zIG0OeuWw3tkfW2CHbgwTQiHc/dnkAG7n35BFoGkWwWYLMT/Nflti666iyRuR8DEKEaDDLyW8MQSfQd4TyLuPL/bkG/l9NuSNi3eu3auG7Bt5yQhR7zvlnxfgyC5S/o2Tp+azJdtUzOTrxW8J2Bd/hr8fvLNk9OPJCnbIJ+idRPyrsl9tOfat7k/UwLckM/hQgl3AwBNLAseUiQqOFVAQbWnYmLiCmzg9xYA9iGFQG/SJjL7BnmsqDGIVA70wsWbAkaC3l8n+rMCHuMvaQyce7aMyoesdQvwPvn4IvLhFXRyz/EMQr9z1qq6gKJZmW5jpSyaUb5SezquAiUphimwQ8Q66ICwTTELhZbUtu1wjJohMIZhvU3ME3usW8soDZpS3pSsU88oCasYApG1bgHeNcModZF5H85cImcuXPrWhwRnSkCMyV1g6yUiAjYyBfYQsOB9SBlSngc9nhEIHtc4ULi7ZyrGlLpnChJ62uuYQeRAvRNhZ5eaW8fYedtJkMSJ9Z7DhRSte0MnEa3fZXS6j0CcPVNgq0DfTUBwDcP6VzFLKlUKLtyNFOhqj/EyEiFzhLuWIoTEujUCA9IIDF6Fa10l5rNb+/7sA5SOuVdsWDE7rT0C1HH2Joz9We3ARi0RzJQiRyxvz2w3CBd66wnyiAycE4RpJAiBsW4Dc91c3qsTBXOEMzwp8Bn7M0fuphTEop+BRtMYN2EJolRgJZ4y0/NwvXAtsPruQuuAcRszLXSda1gSMLsX7HumGaN0h7Xvz9z7XnlyBdfw+kiASzu88EfqIBIkWswaK/j8LSPhy67fw9zMTpA7+Z38/zgHD84Y3YcH75j3cys+KB1DuT1B0ayPn4Og7QOcTj/PlATPzp/NRgns3TnQQLJB5sKPVmp96f7sDN6PNUahl+x9e0ROgICxLzI50JfhVSYBYpkFjp0ROl58f+ZCx6uIAj4YY26NMV8A4CsA0Eezt1j8yfEiT4kaMZH1daoHnmb2fg3TC4PQS9K5+q9TqOqrj5NUfDzOVXaF1TOa6aFSXjWHrJxszlQid+lSNDuXP69IyVCwtMoYczTG3DsLvGUK1vOMSuNC0k4i5IyDN29DUMhRQrZyOHN6dI5LowLFKlrFOXPPu2AZlsgYfFCwTVy7ObFEyUdHR0DnrvfMgdKn0IYaENFGkZmc3cdCz7mwzhPJ3M4RQUy1tb8F5mEvgI11JPAwCOGIF2KFYDV64KygVGD8OieIQ/mJjG1Yc/7Mc+/uytn8PzOsqbW+z0IrdWpAwbVQnPMvJDAqBhsbD5R6ZnifHeHhw+GfyP8LAyHQ+beFvs+Bx+pDCOEuMccUKXxLjR+9b9YjQXiEnI/3kTsXmR7t0k9XbKgO9LbSg+EhDsA4acjZrG851RoZoedO6P12udUgvpIoMhctY3M/cDyUIMA0BqpBdMjbpcq6pOP3eFctQCQ9Iw2i15o/86Ce+q1qm1mVzYoIOQveBH4fM6ohGhAc6cat8HAjRJ6oaBsZ45SADQMj6TvGImLOEwh9or8PuShc6IE5/pEzfi7vnqr+limc1YyVGbMpb6aSazrJY6BKoCLWbi+4Ue1WtJPHJEYHO+fsz7RA2Vuht9RkoQbGGDtyzY4oxUHgqemjJZqMYY9zODGNS0O9KKnM30nGj5+WoaBe3slvdr1HjvJI547cx8L0mqSm3LRUh7/V5CkOfSZFa6jhcjXQPs9lF9YqxD6HIZyAzumzxUUUFdE6Bc17QV4mWQnvzEFPxn7IGOOHZ9yEizN45r8W9lOTfkbg5+d2znUHIe894X0i1URVRu6pz8i/5Xz2Z1K0X56X/LRzHZVShgQ1vkChQu9VL+Pa5YK8YuraGPN89UlMVDOX7hT6PyGMxD4BgI4VRazAWGwxbzr/AarkTA+Dp8eG6J4k8r4V8SrkUOspIFgT3blpolmhIx6bTI9e++ppU8N7Rcft0l4sV2hx0OvLko7wY/I+oXd+g75zQ0eaaHz0MKDh/fD/70XJCjG8QrMyJWvgNdj371++P4NH28BrpOXBo2QDKuN3rJ0sVCglT79B4iWEC/RmH15EObdHs2+//EkVDM8H/IFKeFOUrJDAq2lgnkS8ACU7+LzZ7B7NBkRwYuw7q+x7pTrBiwgKFXL39DcXrryX8mlzkHc+OS/vRyu0Fk/RgOz470vypxGx/Rl6f1pRtEJrUTZ7UNTXBfI24L4smI4oilZoTcq2B4C/L2mPz+Xpf3WO7CAqZMuNAAAAAElFTkSuQmCC" alt="$symbolic(T)$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em"> be the
set of types in <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAgCAYAAABgrToAAAACF0lEQVRYw82X/W3bMBDFfxQ8gNAR1A00g7yBXG+QbNCMUGQEd4NG3sDpBo03kEawtcHlj56KM0shlCgFPoCwwC8/3j0e3zkR4d7MOVcAFxHpszsEVwEtcHXO1XcHEHgy31t3TyF2zuXA1XTtUIDfAZnQKhHBb0ARuf5hZH1t5rQiwkaRHoEO+AJ8VcDWjsAJuAC9iLyGPCAinXNup0D3QGmGX3WPHngZceLefD8Pm4ZOcjUnOYXmxDSzTxk5f/jP69C3GbniuelqEmh1AV5E5Bx5ewf7acPin+LB40uR4MEp3juY/8z/9QcmNj5RZ4Kr/p5/Mh0ON/0f8O+QAPAQy1/v9t9ELPuAf6cE/lUT1tfDTReRzk8N9iR+Psxnei+fyL+3sfn+xNNC/Kttqog8zFtoPAuExSbWubafsP6b/v4IDWaGf6U31nwS/zrgKCJHRp6nIP8Swluk5s+xEG/N9znRe/1/t3GmZSvwb5u4/sY2gXcwNf/VwG4pgFkgvIzJqYgHv1wgAkGAS4W3AjoR6ZcGWC4U3r2K28Us0zqA1Bus73gJ/FoUoOYta38SqrFzjDidanlqglbPRYuDSXsHNGAxQ7m0Kdox5iWxVVY5MQK/9eV4XKVY9iRPtMxS7raq5fI1vHejB4caIkbqG2HRrAVsTLCW6hVRXj7r01VptTcUVC1Qrw0uWDQZRdx4l6fVQqj6DGBDewfKfKJpSn3rWAAAAABJRU5ErkJggg==" alt="$U&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"> that are subtypes of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em">. The types
in <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAANoAAAArCAYAAAAe05ZnAAAJZklEQVR42u1d/XHjOg4HM1cA11fBeTtw3nWgdKDcq+CUDpy5Cna8HSivgntKB0oJT+lA3g5W6YD3R8AEy/ADoGVHuiFmPMnYFAWS+PgRgChljIFChdZCSqmdMeZ5SfwAwNEY8xJrd1WWrtBKFEwrpUYA2C6MtQ0ADEqpbVG0QmtXsi0A/ACAR2PM45J4M8Y8AcAhpWyqQMdCK1C0EeHZzYJ5bAGgAoBrH4wsina6pb1HOLMBAI1/j8aY60/mrQKAO8KTRj4fjDF3gn4aALgGgIMx5vgJ4+hQgP8R2wcppTQATBdg6UuIj5hB+FtRl5PICvEGAHbk++NCeLPKRSHNILTSDdmL3F5YyRoAqAHgNhVsAID/OPP/CAAjAPwEgBf8a8dxj8pr6R4Anp02gPN2gzxYqBjj4xYh5N4Y893FmOUzwwcA9gBg8NMsjLee8LYVXDeR69pP4HsCgIHZduTOvTMfI6P9DttOjLYdttX0+xIMmY/+Sf7/c2G8WY/2IoR/D/j3Ca3+Jb3ZAT3yPaPtDsd4b4x5YHRPvVkyuILphBcA+IvRt+X3j7JHO49gTCgYR2PM1wXxRfcuj8aY2xXMpeWZNZeolBVnX4xKSeHzDUYOU9f1yM8do+2AXvDa5vyKR5svKKKJ9V8S/Yv8369kSu1+q2W2bwRtK8dbcddrI9jffsO/b0pZFG0eqhYszDQC9rSS+Wwc6JryUMCEjO58SCpMNDfIRXJ9TVG0eel2wcJsjcDxM8LzGeigIhD8hXHJ78I9cZW5VlvmHu0XJcbIaVG0Mwjzy4KEdsmQNmW0uN6mgdfKDM587JyveuZ1Gl4DSZK1/YuOpyja6cK8W4E3W9P+rBLyey3w1Fn7M1QwaQFCT+95FdNipdReKTUopSb8jEqpXilVp9w/uW5USu05VgOvGdGCeC10ql9s05K+Jvy/DvTZ4JhG0m8b4oEjzDhvI5m3zmNNWTAKr6V9DZz5zIG0OeuWw3tkfW2CHbgwTQiHc/dnkAG7n35BFoGkWwWYLMT/Nflti666iyRuR8DEKEaDDLyW8MQSfQd4TyLuPL/bkG/l9NuSNi3eu3auG7Bt5yQhR7zvlnxfgyC5S/o2Tp+azJdtUzOTrxW8J2Bd/hr8fvLNk9OPJCnbIJ+idRPyrsl9tOfat7k/UwLckM/hQgl3AwBNLAseUiQqOFVAQbWnYmLiCmzg9xYA9iGFQG/SJjL7BnmsqDGIVA70wsWbAkaC3l8n+rMCHuMvaQyce7aMyoesdQvwPvn4IvLhFXRyz/EMQr9z1qq6gKJZmW5jpSyaUb5SezquAiUphimwQ8Q66ICwTTELhZbUtu1wjJohMIZhvU3ME3usW8soDZpS3pSsU88oCasYApG1bgHeNcModZF5H85cImcuXPrWhwRnSkCMyV1g6yUiAjYyBfYQsOB9SBlSngc9nhEIHtc4ULi7ZyrGlLpnChJ62uuYQeRAvRNhZ5eaW8fYedtJkMSJ9Z7DhRSte0MnEa3fZXS6j0CcPVNgq0DfTUBwDcP6VzFLKlUKLtyNFOhqj/EyEiFzhLuWIoTEujUCA9IIDF6Fa10l5rNb+/7sA5SOuVdsWDE7rT0C1HH2Joz9We3ARi0RzJQiRyxvz2w3CBd66wnyiAycE4RpJAiBsW4Dc91c3qsTBXOEMzwp8Bn7M0fuphTEop+BRtMYN2EJolRgJZ4y0/NwvXAtsPruQuuAcRszLXSda1gSMLsX7HumGaN0h7Xvz9z7XnlyBdfw+kiASzu88EfqIBIkWswaK/j8LSPhy67fw9zMTpA7+Z38/zgHD84Y3YcH75j3cys+KB1DuT1B0ayPn4Og7QOcTj/PlATPzp/NRgns3TnQQLJB5sKPVmp96f7sDN6PNUahl+x9e0ROgICxLzI50JfhVSYBYpkFjp0ROl58f+ZCx6uIAj4YY26NMV8A4CsA0Eezt1j8yfEiT4kaMZH1daoHnmb2fg3TC4PQS9K5+q9TqOqrj5NUfDzOVXaF1TOa6aFSXjWHrJxszlQid+lSNDuXP69IyVCwtMoYczTG3DsLvGUK1vOMSuNC0k4i5IyDN29DUMhRQrZyOHN6dI5LowLFKlrFOXPPu2AZlsgYfFCwTVy7ObFEyUdHR0DnrvfMgdKn0IYaENFGkZmc3cdCz7mwzhPJ3M4RQUy1tb8F5mEvgI11JPAwCOGIF2KFYDV64KygVGD8OieIQ/mJjG1Yc/7Mc+/uytn8PzOsqbW+z0IrdWpAwbVQnPMvJDAqBhsbD5R6ZnifHeHhw+GfyP8LAyHQ+beFvs+Bx+pDCOEuMccUKXxLjR+9b9YjQXiEnI/3kTsXmR7t0k9XbKgO9LbSg+EhDsA4acjZrG851RoZoedO6P12udUgvpIoMhctY3M/cDyUIMA0BqpBdMjbpcq6pOP3eFctQCQ9Iw2i15o/86Ce+q1qm1mVzYoIOQveBH4fM6ohGhAc6cat8HAjRJ6oaBsZ45SADQMj6TvGImLOEwh9or8PuShc6IE5/pEzfi7vnqr+limc1YyVGbMpb6aSazrJY6BKoCLWbi+4Ue1WtJPHJEYHO+fsz7RA2Vuht9RkoQbGGDtyzY4oxUHgqemjJZqMYY9zODGNS0O9KKnM30nGj5+WoaBe3slvdr1HjvJI547cx8L0mqSm3LRUh7/V5CkOfSZFa6jhcjXQPs9lF9YqxD6HIZyAzumzxUUUFdE6Bc17QV4mWQnvzEFPxn7IGOOHZ9yEizN45r8W9lOTfkbg5+d2znUHIe894X0i1URVRu6pz8i/5Xz2Z1K0X56X/LRzHZVShgQ1vkChQu9VL+Pa5YK8YuraGPN89UlMVDOX7hT6PyGMxD4BgI4VRazAWGwxbzr/AarkTA+Dp8eG6J4k8r4V8SrkUOspIFgT3blpolmhIx6bTI9e++ppU8N7Rcft0l4sV2hx0OvLko7wY/I+oXd+g75zQ0eaaHz0MKDh/fD/70XJCjG8QrMyJWvgNdj371++P4NH28BrpOXBo2QDKuN3rJ0sVCglT79B4iWEC/RmH15EObdHs2+//EkVDM8H/IFKeFOUrJDAq2lgnkS8ACU7+LzZ7B7NBkRwYuw7q+x7pTrBiwgKFXL39DcXrryX8mlzkHc+OS/vRyu0Fk/RgOz470vypxGx/Rl6f1pRtEJrUTZ7UNTXBfI24L4smI4oilZoTcq2B4C/L2mPz+Xpf3WO7CAqZMuNAAAAAElFTkSuQmCC" alt="$symbolic(T)$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em"> are partially ordered by subset inclusion on the 
set of operators from <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAdCAYAAABWk2cPAAABYklEQVRIx72W4W3CMBSEP0cMQBkhI2QG2KASG9ANgjpCu0E7QsUGyQiUDWCEwgbXPzYyUSueHYcnWXasd7mcz3aek8SjYxYGzrk5cH4A59MseniNxidgBxyBH+Die4AFsAWWUf4WOAxyAGpgBTyHREkXJOGX+AgI2IS5/xrQ+VwBR0N+43PPkhhOtvde4PMVtTcj5gx0kqi86jVwkPR+zxDnXDOY6oxe7r1tV9IN8GEEx14iqTfiFsA3QBW+XNKnEbyKxoeEXTuPla6BrwRwrLRPwNV+iQkG18bN0Aw20dKIm4edGy4jE6FPbmNSK85jrzyVpFPCEuX6ScxTJV5huX7ehJl0xPnMJx1xPkeRZvtZSmk/OWlJP1OUFvMzhbSYn7lK+8lJS/tpVVrUTytpUT9zlPaTk07hp0Xpyx/F1ehwknDO1f7vvoj6myLZx86rDQU4wF7SJYl1UGjntDalgpDEL7QAl68Ddnz/AAAAAElFTkSuQmCC" alt="$T$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> they redefine.
</p><!-- Example of an instrumentation -->

<h2 id="sec-sp2dse"   style="bookmark:3.&#8194;From Strongest Postconditions to DSE"><span class="heading-before"><span class="heading-label">3</span>.&#8194;</span>From Strongest Postconditions to DSE</h2>
<p>The previous section showed how symbolic expressions can be computed via a
set of instrumented types, where the expressions are computed as a side-effect 
of the execution of program operations.
This section shows how these symbolic expressions can be used to form a 
<em>path-condition</em> (which then can be compiled into a logic formula and 
passed to an automated theorem prover to find new inputs to drive a 
program&#39;s execution along new paths). We derive a <em>path-condition</em>
directly from the <em>strongest postcondition</em> (symbolic) semantics of our
programming language, refining it to model the basic operations
of an interpreter. 
</p><h3 id="sec-strongest-postconditions"   style="bookmark:3.1.&#8194;Strongest Postconditions"><span class="heading-before"><span class="heading-label">3.1</span>.&#8194;</span>Strongest Postconditions</h3>
<p class="para-continue">The strongest postcondition transformer <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADoAAAAcCAYAAAAwTqwDAAACsElEQVRYw81Z7Y3bMAx9DDqAcd3A3cC4m6C+DdyM4GzgzODbIO0ERW4DZ4NeskGyQWtvwP6hA0LnD4mycUdAsOyIkqhHik8KmBm+BUACoALQAGgBsDzP8j1x2hcADp59V9KftbQyrxpA6vZPMsikEFEiHZQAbgAOAC5ST6XsAGQAfjDzKxHlMvCemV88x3iUxXyQ8RLVZC/jdY5qIuM/ycL28pOZd/c3j5XOFHrlTNtC2ml0shCvUX2dVR/HAI/Tes39Nw8jgyasjGUArcVI6Ue7ZRkYXlq3njRUFHoki8BJXkOQGNDPncmmEd7QMjM2E2HzS4y9MPMrwuQkzwY2eVb1jplvgfq6fUJE2WZiY+gD+7dhop1jcKjkA4sWIon7YQzR7cjq+MpfADcDEr1kqm7xikcX4TFDv6n6k2Ggr1Y0JS3BiigRZQ6iJ2buNh66pWG+fyTXfkR87pz3ejSPOimCZRdLrali7fw5l1pG08uAQl+uglTh0r0FDTXlT9FtxhZpSqn04JdncY1sISNN+VMooPaE6l2bmQ58jO3LYQFDa19WJV6XAzhqFMcWJ/TEMmfsccH47E8kQ0W3aWR+k+hbJpPNGF4YjXy3kci3wRLcfyQCiWxOPHRiiIzPbMlNboMIYeZOznyaC6cL5E8w8wULykYzigFW4iuaHDx8EL/1M1QYhRWNtxhuLIeIWH7rbejWSOBdFE+RaK6HKBGlQ0cb40QPny0+NaJF5EayUxdSt88Wn3dSr3JiY0gLpeLByQL5s1qFQ0deRBWKwaTG/FmsmT/VOPdE3Sp06jl0FC+9xhzhXMKx1vHvi9oIvjPzhYjehBxXRHQSt+4vjhNpv5X6CzPvA1NJqi6pn92DPRH1l+T/5DqmWypMGwD5iEsd1dWlvvavjPGYBf7NUC+F6H8B5h8MFnk0iQAAAABJRU5ErkJggg==" alt="$SP$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">&nbsp;<span class="citations" style="target-element:bibitem">[<a href="#dijkstra76" title="Edsger&#160;W. Dijkstra. 
A Discipline of Programming." class="bibref localref" style="target-element:bibitem"><span class="bibitem-label">6</span></a>]</span> is defined over
a predicate <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> representing a set of 
pre-states and a statement <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABkAAAAcCAYAAACUJBTQAAABnElEQVRIx62W7XHDIAyGXzyBL93A3cB33cAjcB3B2SA7eAS3E/TcDcgGbbqBvUHP2UD9EeFTKF+m1Z0OEgMPEkIIRIRcBVADOAEwAFYAxO2F/6+d8RrAuGfxkRedecEOQMNtzyACoHlOx79POYBW7LpPjNXbwreWALQ5gG1wptVazFmJCCkXrdIFO85u5nkTEaFCWF4Z9EVE79gnZ24NAD9EKVWz2QDwhv1ylbCQJc+ivxRAvgEsRLTEII+i/1QAeRAui56Jlb4A8sH36iYZYUh80Zo9ESZV8aK+g189O1zYDQbAmYiuWXZFYr13rPHpBcCQuqipS5UDsjoWQTyZNwWaiiCBfBaD6j9DIk+AVfOvEAGbBGR2v1cibFulVIcyGUX/4H6UN/7IL12JfMZyXeUkxaUQcvCk+XuIUqrhQyyVLuC6O0vs21HqriO3Lza9/0orIuZNQWT1ooqpg5fRifN+B0CL2quJjNvqo1XsagjtSkwchAVNYuw2uBVpw1YbhlOI5s1oPlhbxQyZFsMA6AKumATQWmt8JWlMfwDWk6gpP8EGnAAAAABJRU5ErkJggg==" alt="$S$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> from our language. The transformer <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAPkAAAArCAYAAAC6uS60AAAIDUlEQVR42u1d63HbOBD+VpMCmKSC0B3QuQrCdECng1AdyJMKbpQO6FSQyB3IV8GF6oBKBYnUAe6HFtaKIi0SAF8n7AxHkk0C2F3sEwuQlFLw4GEoIKJIKbXxlDCjHYCtUmr/0n0zTyoPA03QgIgKAKGnhjG8AZATUeiF3MPYBDwE8AvAo1Lq0VPEDJRSTwCWlwSdvLvuYQAhL9jN/Oip4YSeGYAYwG2V6z4zbDQkoiURrYkoJ6IdESn+zIloccmF8FDrwi6YrlU0DUr3J8zgJm0vuD3Ta8fjWtrwlohW7GbeGTw7ChzGxmul1Jy/rupMfuMLwAJAAUAByAGkACIAAV8Ruw+KrxWAsE0f13gx7TKmWcF0jjlejZnOOf8/4Wdi/r1o0UcMIOH2doJPivtM+B55Jfy/Ven+zADPVOJgSKdBcRgrr1n2Ku9pOrBEEPSi4DIia0HMxAvzi8zRtE0b8EFPZk3byLDfXCrjFhNUPrdu2ecOQO6Qdr3jMGZeCyUWNBbyEkF2bYW1RMzYC3Wt9m0srIL5CsDOom9p0dKWlkg+u2z43NL1POgbh7Hzmr2BM4XXVOvsTNxu0amq0jDeRX+mb1vlWbSxXhXPxyW+hBbKe9dCqAqH9OsVh6nwWuD1rEhmNUmBmG8OAOw5a7c1SPFvAcglkqVPrz3DN6bvxmAZ6Yk/14Z9y6z23oC38v6AizJegi/8mTmkX984TIXXf/PnvDa7zsjKBo0EXMB38T31sn3IrLIrVqZPU9iXJkBbiCsmURsIWt6v+f7gkIx94zAJXgslklYKOS8r/CP+NLcU8LPBsZdw7fCpxqI0hd+8zmzKG2m1TLyB9y9YxSqvMECD8sux4jBBXm+Y9mmVJV8JDbdVSllr3grG+gII4EZ8/8vg+bemVrxCyT61fD4qWcGnC8J7JyeeI+vYNw5T4/VPSfuZQDwtace7jpAOvIxXurJt4F+L+NY2lp2Xfl/Ks8SW+YMx4DA1Xq9PaF+R/XO6dojzDPvKZ9ZPlkZ0YVHYU9+5KS/QcumpdH80RRymyOsSjuFMZD+lhc06tNx/vPE+c78iAAURFUSUcQljVx6PTSwryyYflVL3TZNjjreT9onD5HjNocf+mQeiEqmTNcMKTbZw0Oai1GaX17ojbZs26DtnVzIacm2ZvbG8LQ8FnwZfHzfFYcK81rhmryqSED8ca7KPVZk/S9jgsP7edXy/dxxLSm37QESXvKaIrwURPYiNCJ3Hsmxd3nP8qpeAHgHct4iBbwQde4/HHeEwVV5rjznUHUuNkjjWYoVs31e7VcZPC5zW+tddK4exrK5krLpOPBken0nF47qDHE+vOEyY17qOvUBFh2GHSbe1F+xGNc4vTYTEQTJGsWsY1F2OBXLVQUKpFxymyGtuOxNK8MTSuo7Hy7Gz36Rivi3RSlFWxLJRD+PXcyvrKB6PPK8vbgjazXB6xpbrzLeMKzZ8XI2HFllSjs1kvXPoIJZ1ne2ugzeOY/IhcJgir4FDpRwABLMSA5wlI4goKQ3y/poFlogii5LerEJw2oJtrbdN8scVDIHDFHl9AjN0V7Mrq4gevBXH3EIz/7RRxJxltq31toHAgeAMjcMkeC3grfaiXnGjkQP3QDJkKdraOlgOKLcfMyH7KJFdK6W+OmjnE+rO4Gru9ppaMKtab8slSFcWaSgcpsbrsmL984o1YupKyHndfSGYfNsBET/iuO7ZB3y1pEloqZDiGndu7LHsFsczAK8iHh8Br8/yITPef7otxdKV1lmczJpXbbIvbVXVh004392jlLpXSlFPl4tdc4mlEp2LsGdrOXH6tIDbjiz5mK340LwuW/Ktrl2XSbEv5ViIz8n+DeCDUuo1gM8Avsljbfm7Pk1mA+Bdn1VFIwetKEyOIda7A7cwSF5yLBsOFMsWLjzEPnEgotiylnwwXtdY8m3V4vlJXS/HFmlNTfpKrF/qKqPMr3E7O3BQ1/0bnbFXs3cg6rnYw/p8v75wwGnNSDI1XteMI6mrknkWdNRsLsDxoEd5hnTkhbq2gGOH40aF5aVJj2MxQ2HD9BJP1YAKLh4zDhWKZDc1Xtcp17qBFqLTggesywVD/q1L8fKXGIgrP6FVMDASDND01TXV+oUACU9o7RUtDUuJI25vifNSyZT/F/XBGxxLW5djxgHn1XStFVPfvG6w6624dCRzzIPIcVrwX7ALv7pECGZWceVCvq6ikQ53Si7iTkyGwFKDN7mWPSq59dhxKHmlOdofn9wbrxvikSmlzF94yFn4FQ6HPT7U3JNxNnwOD1cJnJAtcNgW+npC485weNvLwwRprl8JfauU2ti8ulhn725fyIimcHvKjIeJAa+wPOFwtvmUTup9g+6qQbtWqiEORWgbwM37yT/V/D2XHXm4ashMl5UGhAinJaZTgXmJ5lZCrtcSAyJa6bVFPrNKuwv+jSkeIAqu0g7PrnNpDSMOL/YTJHfKY//qQsilK5MA2BHR81tP4ejcdg//G5iLSTh2+ILj64am5KrrVbDPJ3+3SLzphEod3HpX3UNpzqxxOHPt3VitJFvxlVLqZoL03bFxPcmTGVtyTqjUCfGdF3APNdY8GGsYx6HEamK5Az32ZZUVt3XXAeADjidZ7Pn7jcGbGz1cR2y+ZQFKR5ppX+JwkutmYgKud37Oq8Zu7K578GBpdVLYvzHX0/LgffwC8KOuHsULuYehJmeGQ3XYjaeGFR31UnVtiOGF3MOQE3QB4G0Pryq6avr9B9EGZJD+DjRIAAAAAElFTkSuQmCC" alt="$Q = SP(P,S)$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em">
yields a predicate <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAkCAYAAAB15jFqAAACHklEQVRYw7WX4ZGbMBBGn5gUwFwJlOC0QDogKcHp4DIpgRJcQsJ14LQgdyCXcHYHmz+rmz0hAQasGYYRQvu0K7H74USER5tzrgF+AgfgBWiAGrgDV+AP8CYi16wBEVl8Aa9AAATwwFHBtV4HoNdxAQagGdlZCOuA25Sh5P0aOBt4txiqk71OvKWTFyzWG3A7C9VQ3QyweQSoNhoDFaAuQoHWvLgKaGwNxtYpC1UP7epWA815+LA3gmo4bual4xagORfWiXZq48NWoLFroX1lPvj4zcX2nee02obAhvW8o5fpCR6ip78VHNtpV88+t/cIPZqHdxF52xHaJP1QOecOyWr+7ryH35L+JYZSSnlyhz0N6XdaZdy/7OWilkBr/x8wgt6LNXBd65J+/1FSn5EQMqH18Xml1T62646h7ZIo/rLj/klJIaTVxYx9Or1hJ2A/ZTNbejYCD0ktrrMaKQlFN7F6r4Y8cCjk2Vm1kSu0PlMPgyrB2njjrdEE6HMejjRSsrevidw4FhTBYOTNLXdoJqElcOlwGeEW54RcyGehZtXBGApahaKgbrR/NqFsp+TKYrGt8JM5PGIWMhiV184U8LBK4c+ovOPEO6fcHn/ZkOle9P61kAZr3YbReLVDmv1ReO6Bq4hc9oRGtVE75wb1DOdc55wLup/95l/FKeWeuYp5fIuncwqjrJs3Jndf8LJ7KDms+E8ZTIKf/WEWEf4DdlIo9FYP4+kAAAAASUVORK5CYII=" alt="$Q$" class="math-inline math" style="vertical-align:-0.207em;height:0.937em"> such that for any state <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAASCAYAAABSO15qAAAA7UlEQVQ4y42UYRGDMAxGX1FQDUhAAxKYBSSwmwQkoAEJzEIlYGHMQfYncKU0Zb3LwTXNo/3yFUSEXAAeGIAAbBorsADdsc4obrUg6LuPcjUwAnMWADSA7Asy+VrBArS5BasmvQFYNC9Al9u6AFtBm16Pt1yOoKLt9MaCxFFhj+Ccm5xzLaWREUiMCKr+SRurC1sBtAF10QeRWLMBW28BmaONCaQ9AKr+yaIGqIsAvc6dWid/7ObUZiJbChBuin1qtAr4AF/gDTwoj5c+n/Fkf/flxObTxQeq8Koi+UzhrMXDBZwYaFJQ+gMZrNv5A62t9IKDIoPaAAAAAElFTkSuQmCC" alt="$s$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> satisfying
predicate <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">, the execution of statement <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABkAAAAcCAYAAACUJBTQAAABnElEQVRIx62W7XHDIAyGXzyBL93A3cB33cAjcB3B2SA7eAS3E/TcDcgGbbqBvUHP2UD9EeFTKF+m1Z0OEgMPEkIIRIRcBVADOAEwAFYAxO2F/6+d8RrAuGfxkRedecEOQMNtzyACoHlOx79POYBW7LpPjNXbwreWALQ5gG1wptVazFmJCCkXrdIFO85u5nkTEaFCWF4Z9EVE79gnZ24NAD9EKVWz2QDwhv1ylbCQJc+ivxRAvgEsRLTEII+i/1QAeRAui56Jlb4A8sH36iYZYUh80Zo9ESZV8aK+g189O1zYDQbAmYiuWXZFYr13rPHpBcCQuqipS5UDsjoWQTyZNwWaiiCBfBaD6j9DIk+AVfOvEAGbBGR2v1cibFulVIcyGUX/4H6UN/7IL12JfMZyXeUkxaUQcvCk+XuIUqrhQyyVLuC6O0vs21HqriO3Lza9/0orIuZNQWT1ooqpg5fRifN+B0CL2quJjNvqo1XsagjtSkwchAVNYuw2uBVpw1YbhlOI5s1oPlhbxQyZFsMA6AKumATQWmt8JWlMfwDWk6gpP8EGnAAAAABJRU5ErkJggg==" alt="$S$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> from state <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAASCAYAAABSO15qAAAA7UlEQVQ4y42UYRGDMAxGX1FQDUhAAxKYBSSwmwQkoAEJzEIlYGHMQfYncKU0Zb3LwTXNo/3yFUSEXAAeGIAAbBorsADdsc4obrUg6LuPcjUwAnMWADSA7Asy+VrBArS5BasmvQFYNC9Al9u6AFtBm16Pt1yOoKLt9MaCxFFhj+Ccm5xzLaWREUiMCKr+SRurC1sBtAF10QeRWLMBW28BmaONCaQ9AKr+yaIGqIsAvc6dWid/7ObUZiJbChBuin1qtAr4AF/gDTwoj5c+n/Fkf/flxObTxQeq8Koi+UzhrMXDBZwYaFJQ+gMZrNv5A62t9IKDIoPaAAAAAElFTkSuQmCC" alt="$s$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">,
if it does not go wrong or diverge, yields a state <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABoAAAAgCAYAAAAMq2gFAAABjElEQVRIx7VW0W2DMBB9LxPQjpARmIFuQNoNkg2oOkGVEcgKjEBWYAQyQswG158DGdcQsGxLli2ffM939+7JFBGkGiSPAJ4iMhwSghQAegCGZJkMCMC3tf9gitSRzAAY6+gEEYk+AZQARGcvIkiVui9rfwWAVKkbnQ4i8gYgfkTKtnHcpl2C+tRWfbLpPAGQUZB6dh4Z5GhFc7RtsWtU6noXkcfMEjmiTqPJ/9kigmQK0vnshzUZIVmR7EganT3JlmTpufKp66/X4cLrCmVPp/vMKfgVQOO50yxG7AHJNQXNCrPGWhSbU+tx1LvN5thbi8JlEJCGLwDMStHPmtZ2F1kcJ5X12jwm9dcatiNZOyIZPlYkxJ2dsi0L6rMF1pkVQOPqWBCQU/RmAbSPBuRJ6dUBK3YDKdvaV33hfDrOO7VwRmnZcCGI/ra0LyqvR6FNSB89AQwA7gBOL7rhx/ML3TzOryJx5KkO7iNlVK/FznzyryBVqARNH0iSOYCLOn7XaJ8AHsrIm4gMoQr0Bw/SK554+M3NAAAAAElFTkSuQmCC" alt="$s&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"> satisfying predicate <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB0AAAAkCAYAAAB15jFqAAACHklEQVRYw7WX4ZGbMBBGn5gUwFwJlOC0QDogKcHp4DIpgRJcQsJ14LQgdyCXcHYHmz+rmz0hAQasGYYRQvu0K7H74USER5tzrgF+AgfgBWiAGrgDV+AP8CYi16wBEVl8Aa9AAATwwFHBtV4HoNdxAQagGdlZCOuA25Sh5P0aOBt4txiqk71OvKWTFyzWG3A7C9VQ3QyweQSoNhoDFaAuQoHWvLgKaGwNxtYpC1UP7epWA815+LA3gmo4bual4xagORfWiXZq48NWoLFroX1lPvj4zcX2nee02obAhvW8o5fpCR6ip78VHNtpV88+t/cIPZqHdxF52xHaJP1QOecOyWr+7ryH35L+JYZSSnlyhz0N6XdaZdy/7OWilkBr/x8wgt6LNXBd65J+/1FSn5EQMqH18Xml1T62646h7ZIo/rLj/klJIaTVxYx9Or1hJ2A/ZTNbejYCD0ktrrMaKQlFN7F6r4Y8cCjk2Vm1kSu0PlMPgyrB2njjrdEE6HMejjRSsrevidw4FhTBYOTNLXdoJqElcOlwGeEW54RcyGehZtXBGApahaKgbrR/NqFsp+TKYrGt8JM5PGIWMhiV184U8LBK4c+ovOPEO6fcHn/ZkOle9P61kAZr3YbReLVDmv1ReO6Bq4hc9oRGtVE75wb1DOdc55wLup/95l/FKeWeuYp5fIuncwqjrJs3Jndf8LJ7KDms+E8ZTIKf/WEWEf4DdlIo9FYP4+kAAAAASUVORK5CYII=" alt="$Q$" class="math-inline math" style="vertical-align:-0.207em;height:0.937em">. 
The strongest postcondition for the statements in our language
is defined by the following five rules:
</p>
<div class="mathpre para-block input-mathpre"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABHcAAAGhCAYAAADr8FiOAAAgAElEQVR42uzd+3HbxtfG8ed4XACtVBC6AyqpIFQHVFyByQ6kcQUeqgPKFcRUB2IqiMUOxFTwi9jBvn/g4BUE8wKAIK7fzwzHF4kkdrE4e8Fi10IIAgCgScxsIWkRQliTGwAAAMCR9jODOwCARlVMZlNJC0mbEMJHcgQAAAA47B1ZAABoCjMbSJpLWksamtkNuQIAAAAcxuAOAKBJ5pIGkv6QdC9pbmZDsgUAAADYj8eyAADNqJDMRpKeJM1CCPc+i+dfST9CCFfkEAAAALCnLc3gDgCgERWS2ZOkQXKdncT6O1chhBW5BAAAAOxoSzO4AwCovTJ6HcS5TO+QtWvQBwAAAMAr1twBANTKH79aSLrfs/X5Z0WLK8/JLQAAAGBHm5qZOwCAWisis6WksaRfQwjbPb+zkDSV9DGEsCHXAAAAgER7mcEdAEBtlVBqEeUDv8fiygAAAMC+9jKDOwCA2iohs2dJ2xDCZYbfnUhaSroOITyQewAAAIC3lRncAQDUUgEdWET5wHueJA1DCB/IQQAAACDCgsoAgMplWER5n2tJAxZXBgAAABLta2buAAAqr3wyLKJ84L1zSTdicWUAAAAgaiMzuAMAqLTiybiI8pHPeBGLKwMAAABR+5jBHZyzA5fzcQsAietH0ibvrJaWpC3zIsoHPoPFlUGdg3OWp4HHmLRl0UFpUJ7ylqcutwUoA8QUlF+W3pM9OFOBe5J0K4mGNlDMhaSlmV116dEjM7uRNJR0ecrnhBAezGwl6ZskBneoc6hzcA7jHf/Ho6Cosjx1si1AGSCm4DxliQWV62+UjsxsYWZPZvZiZsH/frPjdx/NbNjw9Awl/SvpgbvpQHEhhJWkuaSnpl/3OTvhc+VfRHmfmVhcue91KHUOzu0uhGCJ14wsQYE6fZssR5I+ZHxf59oCIKbgfPGEmTv1dnK+SZpIWkn6qteR298k3ZrZF0l/hBDW8eKjLRi1f1S0DsYtZxk4OXjfm9mlpEczu+zAtOxvkraKZliUkT8bM7uTdGNmizbc1fTt38toyH1lMIM6BwBtAQCIZRrc8bUNvqnAribYmZ8jSX/7P698VD5pLeneB3T+NrPvigaB1g1P11LR9NFLzjJQWqNu5mvULCW1dvFgj3vxYPafZlbWR//P/1y0JH8G/ro48TNm6vnjaNQ5AGgLAMCr90caTgNJXxRtOStF6yTwPPtpjdGhorUBpCPb+IYQrs0sSJr6f60OfO6NommbRWz9s/8qeifY70ZPFC1uui34GbWmAchYTueJmFiWhxDC9YGfXyuakn0TQrhradaNE3+Oz/D5v7WkgX4n6e7EMvjCdXh6nYPex1WgbbrQFqgqptCnQD/LfnK3LB/MuZA0kvTJG05Jl+xEcXKweVY0SJZpC+BUg2dv/vu5+03RHd3fU42kB0l/ebBKGvixfPJzLkWPhl3nPc/e2dicuPtNrWkACpTTK70OvsobA4sd5TRdXn9PxdfVsS29fZbCRNIHOrO9L4O93wa+jDoHxNUMx/SiaH0MHvvDOcr8i6I16GY53kdboKV9CmIKqogn7xP/GW8rG1srmvY998KO0zN+7kFjnWPLu3/ivxwKLB7gV/49m1QQ+3ykArjzu6ALP74nM/uYdf0KT9dAJ66jUWcagILldJvqhMxyXDdDSc+JeHvMrTfovim6ewf0uS49uc4BcRVooca3BXwAarFj2Ym6Ygp9CvRGcreslaLn1j/6ysuXOQYgkE0cWL7meM8mcX6ySj7ysM4ysu/nOjn1cJExgA88XZuSg3hlaQBOkLwrvMlT8fvvxp3T54y/v5Y08fVrgN45Y52DHsZVoG2a3hbwyQLpCQN1o0+B3niXKMTbEMKaUcmzBrv/DywFPuIxx+9+Svz9rxzv+ycZCL0RfcyXMwW9KtMAlNFgKNLRjGNB1rgbDwyzbSb66lx1DvobV4G2aXJbII7Rg1Tfp070KdAb78iCyiTvRP2X430XBRo4o4INo19S/x5meE88dbrsWV5VpgHIzSv5ZDk95S5Vpk5IYmG/KWcAPXWuOgc9jatozHlHRk1tC/hMopFeZ7x8acih0acgnvQGgzvVSQaEPLu6DDyQrzMW6HGqAsgzSyg9vXOb4bsGiqZNb0u8KCtLA3CCdDktcoc5vr7zdELWfp0wwIO+NdjOUueAuIrar+uXBs3yaIsmtgXiwZxbRQPwo7ofHaNPQTzpGwZ3qpMMCHkWgVxJ+pjj969S780jOei0zdAwuk5WMCWqMg1AGeV0faSyme65k3Ch/HeXf6SuP6AvzlXngLiK+sR12ieyor1tAV/MfCLpwdve8Tbkdc/eoU9BPOkVBneqkwwIYzNbZJk25msh5QkmyRHqzNOZE3dEY19zfNdjyXlVZRqAMsrpX0caPAu9PmKZjgt51w553PH9QJ+uuUeygrhaclxFTXwW3lpvt7FH+9oCt8m2t/ddVooWfq7zcSb6FMSTXmFwpzrphsZU0bSxJzO7KSPw7XhWPc8IdXI20SaEcJfhu+Jj/lFWJlWZhrqY2cTP+4u/lsnzb2ZDM3tM/PyxjmmtZjb373+quWJu4jlMlv9j5XSmPXd8QgirAuV0lergAPvK6SgRS57N7CbDe+LfHzb4mvtx4me1IgYTVyuNq7QFGtBGrvoRo5bHyMa0BfzanSraiSo5426euF7rOq5O9ymIJ8QT7agED74kvUgK/hod+31eB/NykcjLXa9nD4TDgp8/SXzWS9H3Zfn+5HtKzqPK0lBTGXiU9BRfS4ruCjz7MQ8U3WEIkiaJnz/5/w0rPM5xqmw+cQ3vLW/hwO8N/XeWJX9/HJennI9elr8XSY8ZruEXSeNU/TPNWK7HTb3m+hCDiavVx9Ud3zPw75n3tS1QQ1x7qbidU1uMTJSvRdvbApJukuU19bPnsvsKbe1TnCumEE+IJ8l4wsydCoUQZjq8w8fQA+RzwdHG5HOl3zOOMk71Ok1xLenXjI+BxSOMZT9/WmUaqh5Vf/RycBnf2fDpg3O/KJceoK8TOyEsE3cdqpx6Ozzy72S6bswsVPRqyuMYn/bdCTKzgd8hmXrlGVe8ZYrL92VL7sj3sYwcy5Nh0VfGu5VLSZ8TC9JuM9xBTZbrHw3LspPrnDbFYOJqLXGVtkC9bhVtnz2vaEZHF2JkU9oCXxTNpHvY8bN5HNNqOK7O9imIJ8STfd4z5FL9AI+ZLfxk/6m3z3MmLczsR85V3ZMX6OOhToX/7q03mLeSbkMIebaW/ZgqvGWpMg1VBt+pooXZfj1QOY8VTWlNVo6/1dSQ+J6oGKTDg5JrRdtennvrwW2DGvPJcjo2s3Dk91clf/9/xwbdGqaPZeRQI+DlzF8zl/QjFUvihtwgQ7leN3A3qpPqnBbGYOJq9XGVtkC97eN7M7uWdGNm/+wZKCBGNqwt4LsSDbRnsxg/r3MfALqrMaZ0pk9BPCGeMLjTvAK39sGdWWJ1+U/6ecu9b8o4Gr/jWfWlmaULyiDVoFt58CpS4IepiqWsTk+VaaiyMzf349weyEvp57WZrv21zDnQd2oZ3ZrZr4qeod4cyl8fpV715fr1a3aQOkfJuzoXfk5nfk2fY4eFbZsGd/pWRjJcWzPl2wUx7eZIvJnq7R3LN42IDOW6ieeqcJ3T0hhMXK0+rtIWqN+1oplZSzO7PkfbrmMxsgltgXg3rEMDIffeyZ5U1V7vap+CeEI8YXCn+Q39jaKR7Ds/0Y+JC3JkZoOMo3njVID69VDnooRDv0hVLGWoOg1V+dOPeV/FlxzA+96UBr7n8R1X6eFyuq+yMLOVomeev5/hGP5LXYdoV9w/6W7gkcd2//Ryudrz+4sM5bqJs59OqXNaGYOJq5XHVdoC9cfGrZldJjpk976kQdnnoSsxsta2gC/IO5J0f6Rd/lXRTYkvimYkVh5TOtSnIJ4QTw5icKdZhXBjZlfecIkNtWfUL+XNs+oVBKpBqmIpQ9VpqMoPRaPHxyqgTYfS3GXJ0fksleM5GoGUE+SJN9eJTvMqQ7lu4jTtU+ocYjBxlbZAsc77oKaBg2tFa1hMfUvqMmdTdClG1l1O5qk/D3Wy7/18jiqaLdLVPgXxhHhyEIM7FRTiPFOHfYBnlbgos14EVd9ROPfMnceulINDlVhq2ih3h9shazkdHTqv/pz6uuCjBf9LdXiBnfHGY0xcZr9nKNfrhjaCC9c5xGDiKm2BQm3YhaLHDeo2VHTXfRNC+Fj2eWh5jKytLZBYp2aV8Xqbe3n6cmRQgj4F8YR4cgIGd87rm/+ZN4ht9vz9UIBNBvYqLuT/yqxMakpD0xq0Sy6ZZvMpyFnL6YX23C1KrKx/pfJ3nAOSjk4PbsF6O6XXOcRg4iptgaMWqndmyCTRQV1L+kyMbJR4AeVMuxElbl5Pciw5QZ+CeEI8yYnBnfNfXCetrZBxNDz9rHqVjZpBiXlVVxrqdJU41zQY2lVhHiyn/hz0/YHgvznhnP8SHwOnBEd8SpTXdYZy3fQ7nGUP8BCDiau0BXbn9VrZlgU4R+f8xjtiG51/gds2x8ha2gKJRWTXOcvr3PPyi/bsrkWfgnhCPDkNgzvnK0jxqNxzgbfnnUqX91n1MsQVSVnPTtaRhiY1atctLutjRTuYVDEt+DGEUOciz2WV0y+KFhg8tYP7H2WkcWWkSfk+0OtjLN9bPsBRdp3T6BhMXK0lrtIWaEbZnytafHcVQrgiRjayLRDPTsh1vYUQVma28fN7zsGdvvYpiCfEEwZ3KriwihSM+L2LAt9V1R2FjRfgc8zceexDAfEBwKMDeT7ifN/gxeCuFE13rMpdQ67rx4LnferXzSmz+s6x5hVlpNv10GPLG4Jl1zlNj8HE1erjKm2B+vNiWlVHrCMxsq62wBcd2NXuiLmkhZlNT905kj4F8YR48rN3tH3P2jCTpLyLNcXPrq6zBM2cz6qX3dBOViynXHx1paHxHS+/eztvcvANIdyGEKyi11Vd6fRyqlPKqQ/eziU9nHhOB6nrsNH6UkYaaJj4+/pAQ7ANa0mUVue0IQYTV2uJq7QF6u+ULrz9W1WZbHuMrLwt4IuWD1RwlpwP6Gx1ppk7Pe5TEE+IJ9UN7pjZ2BPTx4trkrMgxlMdPxe4iKt8rvR5R0EuIxBV+mysl83Bmb9jambzHdfA9Y6OS9qtpIc6CrCZDfzYx0K6nG4KltNvpzSKEi7aNLiD2vySaFDvKyuTYw3BhtT9heuctsZg4mrlcfXcdSrl8LBFzvZv62NkCepoC3zxP0+ZdXMvaegDReeMKZ1db4d4QjzZ530Fhe85boyZ2eyMU/CadMElR+WGWaYe+gBDfJJnh7a4S6nrudIf/ueghFXva0lDqmxen2OBLZ/2GM/GGihaQyG5heTeIOCDKmNJH2oowwNJ/8bl2MzuQgi36rdPp5RTLwvxNr2nTsWM73b/Q98QB2QpH7NEHCot/p6h7i9U57Q1BhNXa4mr56xTKYeH82fkabyv+DzWFiNLUmlbwM/TSKc/zvNV0eMyX84wyND59XaIJ8STQ7LM3EnOarjImbnJbcekjNvldUB8YW0UjU4v/EI8VAifPK/yNoLHOQtVKVIXy28l5VeVFVS6bH4701clK5mn1LWwlj8nnR55938vvTzUMW3yz9S1P+1z7yO1SJqUY7TdzIZmtkzEv8WJxzLqesMFpVmnYkq6LC31dmvQc8XXk+v+E+qctsZg4mqFcbUClMPDvtTUT6glRpbYga26LTAv4zx5WX6QNNrxaGZZfbBK+0XEE+JJU+LJ+wOBYqi3d1TkgxRzH7SIV2bfHCgg6f/v0/bWW0lXIYSNmW0lzc3si6LBnmfPi6FeF03cSLo8NsLo5+jC3ztL/fh3Xzxqo+LTm/MW4pGnIXPF0pA0pMvmwMzGZxhFfdTr6PG9p3/u+XbpP4sbqNeJjtE3SV9rnOm26em1m6ec7ot7A3/fRz+/o1Sj5tRz+luG2IvmlqvxjvKUV6ZHSb3+ufX4sjSzP0IIWy/b33S+dQnOVfcXqXPaGoOJq9XG1XOjHB4Wz76qtK1RY4wsQ6VtgcSskFVJ5+mrn/cvevsoUdkxpcp+EfGEeFJ/PAkhKIQQV5yhwGsaf8aulycw+IDG6NDvduWlaBR1lPq/oefFk6QXz5MXv0AnGT93nOO8PFaQznne72pSGhTd6YvL5lPW81Dge6aJ8/7s3ztI5Un88xcPyKMGlOPktTvsw7VbsJzmed2UWG4XfTonHSpb86rL0o4Y8+Rx6SbxeeMzxo9RXXVOm2MwcbW6uLrneON28bzPbYEKysXonOexwTFycEpdXnVbIBF/xyV+5qN/5qCCmPLYgLJeWkwhnhBP9sUT8/+IRz8HqYGf7Z5R0sGx30Ev7sANPaBsQwgfWp6WhaQn7tKiBWU1XsvksslrTKAVZenJG0KtiOFdqnPQiutj4A1z1pw7fz5P1cBtmc8ZIxPl6z6EMCvw/krbAr68xO8hhOsSP3Pkgw5XXV34mJhCPKk6nrx5LCtrJjCgAy8HGzNbSRqf6ZGmKl2InYfQjs7tUNH0YgZ2cGpZih9t+dqGY+5YnQPgtU9xR4xsdlsghHB3hs9cK3rUEiCelOQdxQAnihcxvG55OkZ63Y0FaKpZ6roDdjUiRmb2YmbhwFazyTvFbZqx2JU6BwAxkrYAQDwpFYM7OIlvH76RNE0/1temi1LRFDlmpKHppl5W78gKHDDX68J9v++IeQNFz35L0nWbYl8X6hwAxEjaAgDx5BwY3EEZZonKpo2+qCWPJaC/fMeHgaTP5AaOiLfa3Gr3nd2l/3nvgyXUOQCIkS2IkbQFAOLJIQzu4GS+7sFK0pe23Un1WTujlnZw0C9zRVs7UlZxzNrLyof0IpW+XWq8ne2sjYlrc50DgBhJWwAgnpwLgzsoy0zRnYR5Ww7YOwVLsXYDml9W4ymf3KlDFl8ljfwOb1yGRmb2qGhq8G0I4Yo6BwAxsj0xkrYAQDw5hsEdlMJHKq8VrYMwbslhz/2CY9chNJbPLruRNKOsImM8Xku6lHTti/y9KBrIXkv62IV1Glpa5wAgRtIWAIgnZ/OeU4ISC/eDmd1JWprZZXpqWgOPd8ZZQ5P57LK/FT2ne0+OIGdj46rjaWxVnQOAGElbACCenBODOyi7cN96JfQo6SM5Apzkb7V4bRSAOgcdMPFZE7ElHWzklVgKgLYAiCk4WzxhcAfnaGzPzOzGzOYhhFtyBCgUuG+8Mcc1BFDnoD5Dve6GIknMEENRuR8hpS1ATAHyxBMLIZA1AAAAAAAALcWCygAAAAAAAC3G4A4AAAAAAECLMbgDAAAAAADQYgzuAAAAAAAAtBiDOwAAAAAAAC3G4A4AAAAAAECLMbgDAC1hZgszG5ETAAAAAN70FUII5AIAND1Ym00lLSRtQggfyREAAAAAMWbuAEDDmdlA0lzSWtLQzG7IFQAAAAAxBncAoPnmkgaS/pB0L2luZkOyBQAAAIDEY1kA0OwgHa2x8yRpFkK491k8/0r6EUK4IocAAAAAMLgDAE0O0mZPkgbJdXYS6+9chRBW5BIAAADQ834DgzsA0NAA/TqIcxlCWKd+9tOgDwAAAIB+Ys0dAGggf/xqIek+PbDjPitaXHlObgEAAAA97z8wcwcAGhiczZaSxpJ+DSFs9/zOQtJU0scQwoZcAwAAAHraf2BwBwAaFphTiygf+D0WVwYAAADA4A4ANC4wmz1L2oYQLjP87kTSUtJ1COGB3AMAAAB62IdgcAcAGhSUDyyifOA9T5KGIYQP5CAAAADQPyyoDAANkWER5X2uJQ1YXBkAAADoaV+CmTsA0JCAnGER5QPvnUu6EYsrAwAAAP3rSzC4AwANCMYZF1E+8hkvYnFlAAAAoHd4LAvn7qwCpZYpf3Spi5aS1kUHdtxnSWNfZBkAAABATzC4g3N0wAe+28+Q3EDJLiQ9mdmwY9fMjV8vn0/5HN8tayXpG0UFAAAA6A8Gd+rv1I3MbGFmT2b2YmbB/36z43cfm96p9eP7V9ID2zKjbCGElaS5OjTA4zOR5sq/iPI+M7G4MgAAANArDO7U2KHzxVOfFN2x/yrpD0mXinbLmflgz8h/fylp3IKFUh8Vrflxy1kutbzc+MDfrtfLGb5v7IOM8WBjYx6x88eWvkt67MgjWt8kbSXdlpQ/G0l3km66NsMJAAAAwG7v93XsFN39HUuKO09bRdP9/2JGxskd55Gkv/2fVz4bIWkt6d4HdP42s++SJv7/TU7XUtFjM5ec5daXz8fEf40UzZRpzC5MIYSZP/q3lHTV8ryeeGz908zK+uj/+Z+LNucPAAAAgIx9i+RuWX4XPN6K917RrJKNopklM+/kSdFAz/WOQQkc78wNJT37P492ls0suZ3Z3b4ZMf4YV9HHME4euDOzqXckr0/4jFrT0PByM1A0cDb0azQ5Y2UbQvhQ4nctJE13/OiuSTOyErtL3YYQ7lp6Xk8p85muizLLRgvziJsSAAAA6MdYQ2pw59kbw3+EELYHOvCxaxrMuTsq8ULDmbY79nUz4vV3LvetyeGd/9+80/974j2S9CDpLz+3SQM/lk96Hbjb+Hld50zXi6RNCOHyhLypNQ0tKkNLRbM9ztKBN7NHRQO8aQ8hhOuG5sWHXTELnSjvxAUAAADgWLs5HtzxTtLIBxC2GQcbDg44YG/erbMOgviWxktJCiFYxvfEMxpiRzu+OwbuMj+Ck0jXVVmzuapOQ8vKUXpmTdmDO/tmSsxO3Kb7HHkRz4Rr3MATznK+iQsAAADADu8SDeaJoruax+5+f039my13s7vZk4eHxJ2QPIMmyVkX6ywzGrzTnpyFtcjY2Rp4ujYlP6ZXWRrwUz7e6ef1nVZNG9jxY934sU6atOgzzoa4AAAAAOwQ75Y1UzSt/bdju894YzrZyRuxI8txPgPn/zslBT7iMcfvfkr8/a8c7/sn2YnKuBPRlzN1mKpMA36+zi8lXSvadek6hNDkRXm/JuIYuo24AAAAAOwQD+7Eu2ItJP2boeH7lPr3hKw8Ktk5/i/H+y78zzyzYpIzGPK875fUv7MM2sWPB5U9q6PKNGCHEMJDCOG26etqJY5vylnrPOICAAAAsMO71ACCFA3yjI+870fq3x/JyqOSnYnfcrxv4B3YTLN9fBv7ZMc3zyyh9GMt2wzfNVD0SFZpi9lWmQZ0xtrLDgM8HUVcAAAAAPaLB3fSgzUsNlm+ZGciz3bSK+UbPLtKvTeP5KDTNsOio9fJjnWJqkwDuuFHqkyie4gLAAAAwB7JNXfiDvpdhjui6Snt3AU9LtmZGJvZIsu6DyGEvB2R5N3tZdY3JWbhxL7m+K7HkvOqyjRUwsyGZnZjZo9m9mJmwV8vZvbkPxub2dLMnkv83sfEd+16TVK//3Lgd8c7Pv/mwO+/JH5vEqct8R3JtJ/6mMzjjrKDbulcXAAAAADK8t4HEDaSLnO87/c9HSvst9DbLeSnkqZmtla0MOjDqXeTfbCo6JoUydlEG98x6dh3xR3yHyUORlSWhqoktoqP0/NVrwOiA0UzEuZn+vrtiT8/Ne1jL/txWdl4eRn6a+SvuZk9SPpc8BG/VeI7h8zM6JYuxgUAAACgTO8Kvm+SaiyvyMrDvLO5a9HhkXfsn31Ww/yEWQzJO9uZZ/z47I1xorN/lee7cq590aQ0VNEpTQ7sXIYQrkIIdyGEe3/d+U5UlzrDQEsI4TpV7lZ+HOav9LV7qegxwKwLZD8oehRqtuP4B4oGfi8kzfz7PnoefPTv2qTiylOR8u8DQtsdZQjd0Km4AAAAAJQt9+CO34lPdr5uycbMHdDZkU7z0AcCngsuDJvsuHzPeD6nen3EYS3p14wdp+RMjDJVmYaz8tkG8cDO/aFBMP/Z5zMcw1Kvu0jd+cDKoePYeN4tMpbpje+qda/dsyk2fj7u96T5Sm8HhYaSHgtuVR2f88s2xIMjj7SV/Wr77MrOxAUAAADgHN4XeE/y8ZGHpm+T3DQhhJmZLRTNdPhTb9eCSFqY2Y+cs2KSd7cfD3R6hv67t96Z3kq63dUBPyBe5Lns2SZVpuHckou4XmQoGw9mVtbAwUDS33p9lOW6gmv1vx3/d33oMasQwsbMbvV2MGnocWZW8Pvbss31WtHMp8GZv2er9j8626W4AAAAAJQu1+COT3GPO4srf+QDOfmAzUzSzDsjE0mf9PN2vd+UcRZCag0cSVqa2a7HZJIdvpV3fIp0+ocHOvSnDEhUmYZzS6ZlYmbzEMKxmW53JeTjSNHAzsDz6I+SH53LO7Bw7Hq49wHPpKnn16bAdw1bEgdWyr/rU+90MC4AAAAApcs8uOMN7G/+z7WvE4LTO3gb79Df+UDPY6IjMzKzQcYFZsepzs2vB76zjNk2F1k77zlUnYZzSw9M3JjZjXc8H/06WqXSddJjjj4Am3wU5Y+W5NVaPw9ujpV97R/pdaDxgsjSKV2LCwAAAEDp8szciWcCbCT9QdaVzx9RuZKU3Ap7qNdt6g/5lPj7qoJOziDVoS5D1Wk49/lcmdlGP88kGccdVn8Ma6NowGdxygyb1OLNbcvDjX4e3LlSvsEdOvbd1Km4AAAAAJxDpgWV/ZGJkQ8yXNK4ztzZHuTd+cdn8iRnc2SdhZBpTYoSnXvmzmNHisFVhjwaKlr0+MnMlkUWE/aFk29S/33jC6C3wWZPvuTxP/9zIHRJF+MCAAAAUKqjgzv+GMlU0R1TBnby+aa3C1AX6ehuMpyjYapDW8U6HmXO2KkrDWfng3WXyjb7SorWX/o759cM/H27LItsLV6D/+1JF3qsq3EBAAAAKNu7Iw3riaLBiXvW2ClkrBO3Cs+4oOybNSkq3u53UGJe1ZWGs/Ltwi8VDfLcegf10CDpyB+xymOjaAez6x3nZ9nSrMs7kPxLwfeh2TG0k3EBAAAAKNPeNXf8cY6lpLtDi7zGd1Zr3I2nkWi9kcIAACAASURBVBJ3nJ8LvD2eaZH1LnVy4K2qO9txB7qsxWvrSEOl/BpZy3fE8jIy8rT/qbcDZTeKBoKy2IQQ4q3pN2Z2r2i2XWxkZosQwqzB2fNxV7pyfsY51oE6Z4wYK9o1r4oZSo8hhLsWXjadjwsAAABAGd7v6XTEuzbdZdi951bRAAaDO28VWuvE11uJ37so8F1VrUkRL4B7jpk7nVhXIzFA+nVXx9pnIWwkPZjZrf/uOHkdZpypsE597szMftPbBYqnZvbY4K2hf9s1IJHzM86xDtQ5XWn/43Tn0MbBHdbbAQAAADJ4t2dw4UnZBnbiThlT5Xd33KTdMxIOiR/HWWfpiJtZeoClqrvbm1SHurAa03Bu8eytozNmQghbf/SxrIGJ6x2f1cj1dzzmjHb86HvOjxqkymajhRBuQwhW0at1j9V2OC4AAAAApdu15s6TojV2jg7sJDpl6yO/N27Joq5liu84Z74z73kUP07zOef3SNWuSfGcGMAoK6+qTkNcNs/9WMzQ16/KYpPo/BfOB3/v9Y4fVT37IUveTnf8312Bxdsv0nmITsTQyuMCAAAA0DbvUx3dR+8YPWbYQnkon51yqNFtZs/xAICZzUII913P1NQOL0Mzmx5Ltw8wxB3vWY41jOpak+JH3Hk3s8GJu6jVkoZU2bw+8yNL38xslSGf4hksJx9LCGG1Y/2doZktQwjXFWXzNzP7Y1+6/VpJLx69zjhrcF/e/UNo7wTW2wEAAAAyep/oZCXX+8izXsyhgZ2J3s7smEu670G+jhN5s5K08AGQuz35NFK03spQ0cDOfYHvqrRTG0JYm1n8z99O7HxVnoYdZfObShhQOWAg6ckHkdY7jie9q9VtSedpZmbpxZonZjYvOICS12hfuhNrEiWtJf1R4HyOGAjobBytNLYBAAAAbfTeO0Y3Kr6w56Gp8tscv9sl8dopVyGEjZltJc3N7Iuiwa1nz4t49tPE/315bMaOd2Iv/L3ptVx+N7Opf9amgscY1nrd7Slzh7ohaUiXzYGZjUMIqzN+31DRQMda0cynraJBl6HeDghep9PteRLPcEk/6jQxsxf/+5vFm80s7DmeG7/u5d/34L//suc7pGhG39bPy2XGdN/6cSfTfeHlZpjKn68n7OgUL8i8OXEWGWrSsNgGAAAAtEo8c+fLiR38nfyxkDtF2zpvlH0dmbYbSvoj7oCEEG7NbOEdlrGix2QG3qH9kexcH+n8jHV4zZSJXgfpVnr7WMM5rLyTPsrRgWtEGlKPLG30OtBSpk1i4OLXRKd1rLdbn28UDfod2s1qcOT44p/9cuIxDzL8PE8+PXjapn4ux54PW0/3WtJfJTwSd5koM2iZBsY2AAAAoF1t6hACuYCiHbKhollI2xDCh5anZSHpqQ9rQp05D9OLI3+sYpZFYv2kyxzrVQEAAABAJ7wjC1CUd9pX8keaWp6cC7HLUiv5IONQ0eM6DOwAAAAA6B0Gd3Cqhf953fJ0jPS6AxjaZZYqiwAAAADQKwzu4CS+VspG0tR3fGodX8h1y0K8rTX183dHVgAAAADoIwZ3UIZZopPdRl8kfeU0to/voDRQfxZrBwAAAICfMLiDk/n24StJX9o2e8dn7YxK2K0J9ZhLWnP+AAAAAPQZgzsoy0zRDIp5Ww7YB6KWav96QXXm4dTMXszsRbtnbj0lfl72d8/FrB0AAAAAYHAH5fCds64Vrb3Tlp2z5pJu2WHpJIPEq8jPC/EZVzeSZpw/AAAAAH1nIQRyAWV2uueKZnBc+oAPUHYZG0j6V9L3EMKMHAEAAADQ+34Sgzs4Q+d7IWkcQvhIbuAM5etJ0iaEwON0AAAAACAGd3C+DviNpF9CCLfkBihXAAAAAHDGvhKDOwAAAAAAAO3FgsoAAAAAAAAtxuAOAAAAAABAizG4AwAAAAAA0GIM7gAAAAAAALQYgzsAAAAAAAAtxuAOAAAAAABAizG4AwAdY2YLMxuREwAAAEBP+gAhBHIBALoS1M2mkhaSNiGEj+QIAAAA0H3M3AGAjjCzgaS5pLWkoZndkCsAAABA9zG4AwDdMZc0kPSHpHtJczMbki0AAABAt/FYFgB0IZhHa+w8SZqFEO59Fs+/kn6EEK7IIQAAAKDD/QEGdwCgA8Hc7EnSILnOTmL9nasQwopcAgAAADraH2BwBwBaHshfB3EuQwjr1M9+GvQBAAAA0C2suQMALeaPXy0k3acHdtxnRYsrz8ktAAAAoKP9AmbuAECLg7jZUtJY0q8hhO2e31lImkr6GELYkGsAAABAx/oFDO4AQEsDeGoR5QO/x+LKAAAAQJf7BgzuAEBLA7jZs6RtCOEyw+9OJC0lXYcQHsg9AAAAoEN9AwZ3AKCFwfvAIsoH3vMkaRhC+EAOAgAAAN3BgsoA0DIZFlHe51rSgMWVAQAAgI71EZi5AwAtC9wZFlE+8N65pBuxuDIAAADQGczcwTk7oCNyAXWUO5/Z0uXraiLpNu/AjiSFEG4lbRXN/AGxlfwBsZg8BQB0AIM7OEfjY+ALvQ7JDdTgQtKTmXW1/C0lrQ/tjpXBZ0ljX2QZxFbyB8Ri8hQA0HIM7tTfGB2Z2cLMnszsxcyC//1mx+8+Nr1C9+P7V9IDO/J0+1w3Nb0hhJWkeRcbwJ53Q0WDM6fk0YOklaRvXG/9jK3kD3UPsZg8BQB0rM7fteaOT/n8omhNh7jy+CFpI2nplQtOaxgMvGM18U7WwvNXkn6TdKvoDs0fIYS1r7ExCSFYw9P1LGkTQrjiLHf7XDc9vWa28Bh2WeTxpYbm64uiRZRnJXWGnyXd+aNaXG89iK3kD3UPsZg8BQD0ZHDHF9ucSvou6VHSWtLAK5Ev/ve1ovUeGOQpVimPJP3t/7zel4+JRVO/+zlZhxAuG5yuwou8cq7bda7bkt4udfjOcX11bXFlYiv5Q91DLCZPAQC9rf+Tgztm9qToDsTnXQ2kxJ1eJSo3pj/nq4yTeXi0Q2VmydG3vXfYfSpw0e2Nt4ruQP1V9Hya2VTRHazrEz6j1jS05Vz3rWyX0Bh/UjQYfdfyTsWTl/FliR898Gtu1fYOArGV/KHuIRaTpwCAXo81xIM7fgd34g2kdY5GENvp5quM48UeZ1kWRE3cWZei6bfrPb83UDQleCDp98R7JOlB0l/eCE137IaSPkmKdxfZHCsDe77/RdEdpMsT8qbWNLTlXPetbJdwXEuPbR/aelf/xM5npg5qCOEDsbWbsZX8oe4hFpOnAIAeCCHIB3heJAV/LeL/T7+8ERMSr/m+3+X1U97NPc+ecrxnEud1jvekz9Egw3umqfcMC6RrXGJeVZqGtp7rvpXtgsc29O9ZEoeIrX2MreQPdQ+xmDzlxYsXL17df71L3LUaJMZ8pgfGg9KzdMYMkWUW38X5muM9cX7nWd8oeU7WWe7m+J2o5JTyRY47njd+57TMNZgqS0PLz3XfynaRAeyNonXCJj6NHcTWvsVW8oe6h1hMngIAOu6dVw6Zp3Lu+N3/yMZMDdFJssFY4CMec/zup8Tf/8rxvn+SDVxvPB/z5UyN2SrT0OZz3beyXVTcKJ8JxNYexVbyh7qHWEyeAgD64V3i7zNFz5RvJV0fqOiGqf9ak42ZJBcrzTMgduF/5rn7k7x7k+d9v6T+PczwnniW133J+VVlGtp8rvtWtgtJLHQ6JRQRW3sWW8kf6h5iMXkKAOiBd4nK4T6E8MFfh3Z8SDdY/iEbM0nm22853jfw85NpEM3MxqlKP8/gW3pK7zbDdw0UTYsvbSG/KtPQ5nPdt7JdgrWXLxrAxNY+xVbyh7qHWEyeAgB64F2B9yRn9azZCj2zZEMvz5aYK0kfc/z+Veq9eSQbLtsMu6BdJxsVJaoyDW0+130r26f6sSOGgdja9dhK/lD3EIvJUwBADxQZ3EneFfhMFmaWbOiNzWyR5Zn8EELeRmLyzuMy65sSd0JjX3N8V9nPlFeZhjaf676V7VM97ihfILZ2PbaSP9Q9xGLyFADQA+ZbKWZtwCwVbe8oSVcl71DR7YyO1ip63vGjtaJFGx9ObQh4g+Ml8V8fs36mmT0mGgWbEMLHHN91WdbU4yrT0OZzXfC45ooGZzeSrss6hqam90jZ+tjSgTQQW8kf6h5iMXlK/QYA+EmmmTtmNkwM7Ky9QcXATg5e0e5a+HEkaS7p2cyezWy+Y9HqrJJ3bLY5GqaTxHu3ejs1/eh3lfxMeZVpaPO5ztvwGyvaznXgx7Hscnr3HGe8YHy6nIHY2tnYSv5Q9xCLyVMAQD+8O9BgeTGzYGZB0V2LiaQHSX+0cMHXpjQSZjq8s8fQO+DPBRfFSzYqv2dsmE4THf21pF8zNmrjRkzZd4eqTEObz3VewyP/7lp694nLxWUbYoaZ3cRxuILXo1qK2Er+UPcQi8nTdtVvAIDyvT/ws1/1upXjQNGdgC+SXszsXtJtmbtU9EUIYWZmC0Vbz/+pt8/pJy3M7EfOgbTk3ZrHAw3Sof/urTdKtn4+82wpG087L7sMVJmGNp/rvL4russYH8N9x9O7z3+pDmLTrRUNqg/O/D1blb9+CbG1QbGV/KHuIRaTpwCAbsu75s5A0r9eqW0VrdvB41mnnICooTiR9Ek/b6W6DiFc5jg3Lzs6bEmD1M9Wkv4qsuNZYo2BVQjhqqS8qDQNbT3XJ+bvVNGaEA9dT++eY4ofL61tXQwQW6uOreQPdQ+xmDwFAPSg/ZtncMcrj4nertdxyWNapTYWHvX2rsuHLDOkUudlq2jm1U5lzLgysydv0DyEEK5LSn+laWjjuTazkaSLtg2qnlK2Sz6OhaIBrm0I4QNRh9jah9hK/lD3NK3u6VIspn4DADTF+7xvCCE8mNlWr3exlnqdJo0ThBA2ZnaltzszDBU9mnHMp8TfVxU0KuLz/1+Jn1l1Glp1rr1x/aTojvGqi+n1O+hfvPMWN5TXkv6RdF9CmeBRUmJrH2Mr+UPd07S6Z9u3PKV+AwCc27uC70suNjiseQG5xjKzQd7dE3wxxmTj6SLjWzOtF1CiizM0JqpOQyvOtZmN/I7cU5fTa2Y3kv6W9D9F6wNdKVrXQv7vF/+dU/wv1UEEsbVzsZX8oe5pQd3T2FhM/QYAaKv3Bd/3nPr3sZ0E+uqb/5l36vhmz9/3NUSGqcq8ilkd/5XZgKgpDY0+14nHD+L1Hdb6+dn+TqTXH4v4fcc6BRtJDz6AvJA0N7NfQgi3hBdiK7GV/KHu6V3dQ/0GAMAe77ziGZvZk5ll3cYx3ehjZf7dxjpxu9aM26om7zpuK96KdVBiXtWVhqae6z9CCBZC+OBrS2w6nN5vkib74o/vRBN3um7y3lVN+CUuY4QnYmuHYyv5Q93T9LqnybGY+g0A0Erv/Rng5DTkhZmtWtjAaZTE3cDnAm+PK/asdxCTO4ZUddcxbjxclPR5daSh0ee6qes+lJ1ej0FxR+1W+2cBLhIdsZlep7QX6RD+15KyNfa0VjHN/jGEcEdsbXdsJX+oe1pS9zQyFlO/AQDa7L12z7oZ6fBdi3SjioGgn40LNiwGifcuCnxXVesFbLycnOPu6SPnuj/pDSFszSye9r84UubSjdi8zrFexzldKdratip3XG+tj63kD3VPG+qepsZi6jcAQGu931MJHLt7lX5u+C+ycmenTMq/k9jc/1yHEB4yNCjSjdyq7jxuUo2JwmpMQ6vOdZfTu2MtgkMNV6nYXdVko7kVA9K+9gLrLxBbyR/qnq7VPU2NxdRvAIDWeuePX20UDfLcS7rMMCX3zTPqOrKYsq/p07d1eeI8ynzX3fMofib7c87vkapdLyBufAxLzKuq0xCXzUFLzvWpaR2a2dQf9WljepOPT6wLfsYFjV9ia8djK/nT8LqnpHqnNXVPGbG4xDyjfgMAdFa8FfqtohH/pxDC+lgFm2pU3R4aDDKzZ0VTnZ/7smV6aveNTFvFp9Y+mh07D3saBFXedfzhfw5KaHDVkoZE2Xzx3Syafq5PSetA0Xa2C0mPLU1v/F2rEELRchLv+PIP4Z/Y2rXYSv40v+4po95pU91TRiwuK8+o3wAAXfdOknwK6a2ixZTnRyq+ZeK/bn2V/32/P9HbgaB5T/I1vvOzUTSraWFmNwfyaeQd76E3Du4LfFelFXqqAfNbSflVWRp2lM1vLTjXp/hTbx8/mLcpvWa29OPfKP/2tMljqaMzCmJrVbGV/Glw3VNivdOmuuekWFxynlG/AQA67X2iwXRnZhtJ3/xuxXdFdyM2iqZ6XkmKK7mtpOsMdxfSM3r6MlX0ytN+FULYmNlW0tzMvniD4dnzYqjXBVM3ih6JOzZzauTnY6hoR4Wk3/3cbSRtKphiHi8SeJWnMdGQNKTL5sDMxgXumJ3tXJcsnY/DppXtA+VlmvicqxN2cok7gpum7kQGYuspsZX8aXzdU1a906a659RYXGaeUb8BALothPDTyyuapVdkwV8v/n+TXe/Z91I0QyD4Z43yvLetL0V3ckap/xt6Xjx5XsZ5+pg1TxXdVQoZX48VpHOe97ualAZFjyjFZfMpb9k+57ne813LU/Ilkd74uAZNTm8iFgX/rEFJ53vRhzhEbO1XbCV/2pGGMuqdttU9p8bisvKM+o0XL168eHX9ZV4pAEXuOA29sbUNIXxoeVoWitacum/wMS69MbgKIVyd+FnPIYSPDT8n8SDzfQhhVsLnPXtDvQl3roFexFbyp931Ttl1z6mxuC15Rv0GAKjDO7IARfm09ZV8mnTLk3Ohfu0wcdHkg/Op6ktF6xjM0h27vOXNO4NDRVPWafiC2Er+UO/UE9tPjcWtzzPqNwDAuTC4g1Mt/M/rlqdjpNddWPrQuN40+PimiqbBX+65OzvR211uspilyitAbCV/qHeqd2osbnWeUb8BAM6JwR2cxHda20ialrAtbV2NrZGi6f19WYRwJumvBjd8b3V4avkn5d/ZZurn+I6rFsRW8od6pzaFY3Hb84z6DQBwbu/JApQ0WPDoDYw2Ni6+SPrao/M1kXTZwIbvjaI7mneSJmaW/pVfFG0XO1KOmUfeoB6IGRAgtpI/1Dt1xvhTY3Fr84z6DQBQSX3DgsooqeHyqGgrzl/bdFfN7wQuW7C48NA7MUNFW7VeFtmq1xuYH8tYwPFMDd9MQgiW47NfFK1FcMmVCmIr+UO9U33dc2osblOeUb8BAOrCY1koy0zR3aN5Ww7Yp/Iv1dA7Xma2MLNgZvEWsEP/0UDSc/wz79xkbaR/UTQtvGmdhzzlZpvjs+eeX5+5REFsJX+od6qve06NxW3IM+o3AEAj6h1m7qDERky8tedVCGHVguNdSHr0tRv6cH4Wiu58rnqS3pGkJ0U7ktxzhYLYSv5Q77QvFvcxz6jfAACF6gcGd1Byg2OuaP2DwlO3gRLK4UDSv5K+N+0RNIDYSv4Qi0GeAgBKryMY3MEZGh4LSeM2PhuPzpTBJ0XrELDIJIit5A+IxeQpAKD7dQSDOzhT4+NG0i8hhFtyA5Q9gPJN/nAuQJ4CAM5YTzC4AwAAAAAA0F7slgUAAAAAANBiDO4AAAAAAAC0GIM7AAAAAAAALcbgDgAAAAAAQIsxuAMAAAAAANBiDO4AAAAAAAC0GIM7AAAAAAAALcbgDgAAAHCAmS3MbEROAAAaW1eFEMgFAAAAYFdj2WwqaSFpE0L4SI4AAJqImTsAAADADmY2kDSXtJY0NLMbcgUA0EQM7gAAAAC7zSUNJP0h6V7S3MyGZAsAoGl4LAsAAABIN5KjNXaeJM1CCPc+i+dfST9CCFfkEACgUfUWgzsAAABAqpFs9iRpkFxnJ7H+zlUIYUUuAQAaU28xuAMAAAAkGsivgziXIYR16mc/DfoAAFA31twBAAAAnD9+tZB0nx7YcZ8VLa48J7cAAI2pv5i5AwAAAHjj2GwpaSzp1xDCds/vLCRNJX0MIWzINQBA7fUXgzsAAADAz4soH/g9FlcGADSrDmNwBwAAAJDM7FnSNoRwmeF3J5KWkq5DCA/kHgCg1jqMwR0AAAD0vlF8YBHlA+95kjQMIXwgBwEAdWJBZQAAAPRahkWU97mWNGBxZQBA7XUZM3cAAADQ6wZxhkWUD7x3LulGLK4MAKgRM3dwzobSiFwAAKAbdbrPbulqe2Ui6TbvwI4khRBuJW0VzfwBAKAWDO7gHI2kgS9IOCQ3AADohAtJT2bWxbp9KWl9aHesDD5LGvsiywAAVI7BnZr5nbCFmT2Z2YuZBf/7zY7ffWx6o8qP719JD+wcARDD2hbDQPnAbiGElaS5OjbA42VxqGhw5pT8eZC0kvSN0gIAqEPuwR0zG3oDbUz2ndSYGPjz3U/eqPgq6Q9Jl4qm9c48n0f++0tJ4xY8y/0o6YdPUe7LuRx7ZyXutIwKfs7EzJapTtCz/x8dnsMxKRx48XggMazstB8qb9SNPS8fLamzDpXhwYEBjHtJ3yU9duERLU/DXPkXUd5nJhZXBgDU5H2B9ywkDcQjN6c0JkaS/vZ/XvndsKS1pHtv7P5tZt8VPQu+bni6loqmbV/27Fw+Jv5rpOiuZuZFFRMLMca23ni+8PM+lDQxs11lBSCGgfKByoQQZv7o9VLSVcuT883r3NuS8mZjZneSbsxswWAlAKBKuQZ3/Dli7kqe1ugdKrqTKR3ZVSGEcG1mQdLU/2t14HNvFN19KmLrn/1X0UepzGzqjfPrIosRNiENBc0O/P9thjQ/pq6p2xDCXeJnSUtJH04oe+lBpDI8hBCuS7w+gpd9y9mY/qho0PmLl0O0LIa1TFzeZom0gfLRCiGEVSJmflN0UyKva0U3Mm7iOquFZTVeRHkl6U8zK+uj/+d/LtT+wS8AQItkHtzxqas8R3y6uMM+y3hH5y7RIf/rwO/dK7rrOZD0e6oT/+DvTQ+6xDOwPnkDZ2JmG0UDNHnvoM4VLUZ4ysBK3WkoYpjz/5PX1I3eDuw8pBrJv6XTamaDooNnih6LePQ8u0p1SlfeEN332XE+/54aPCltWv4pj57F15KZLcTgTltjWJs6x8nyxuAO5aPNZfgvFRjcCSGszexB0tzM7k+ol+o0Tvx5jhuXv1HSAABVyjNzZ15mR66PfObEUPl2ZPgn2Zg60NCKZ67IBzeSAyOfjzS87nzmzcKPr8hjRQOdOK25zjSc2JEZH+jgHPIl9e/0Fqo/Up+9OaUBncrfbapTOstxvoeSnv2fZQ6g8ahnj2MYKB+Uj1qcMihzq2gw/ZuimTyt4jdT7igCAICuyLSgsk9d/VPRzAoUFw9WfM3xnrjDnWe6enJAYJ1lQMAb4g8HBhr2lY2Bp2tT8nowlaWhhMZhukOyOtax8Xwb7DnXsWu/5jaerjKndyc/a5NnEMx/Nx7Iey7xmK4JEcQwUD7QDl4XrBXNmGXhegAAapZ1t6ylTtwisu98vaJYkbuTjzl+91Pi73mmuf+T+Ps4404Y8eyTsgdSqkzDqQ3cS0UDE3eKHgfLMghzseP//kt97jaEMAshfAwhXJc8Cyk5eFakU7VOdcxOvT4G4vEWYhgoH2ibeCBvRlYAAFCvo4M7vi7IpuJFarvoal8nPuMgQJ4O+Khgx/2X1L+zPCYTd8jLntVVZRpOFkJ4CCHctuE68YGUZP4uT/i4sgac2DaWGAbKB1omUecxOA8AQM3eHekEDhXNzOBxidMlBxnyLLI38AZUpjuhZjZONbzy3EFNT6veZviugU5cC6bONPRUOn+LdKricrkp4XxP6RgQw0D5IAtba52I5QAAoCbHZu4sJH1t6S4ITZPMwzwLD68Ubbub1VXqvXkkG+TbDB3362TDrkRVpqGPrtKN8n3MbLrn0bYLnTBrx8wGZjb27d4XnBJiGCgfaK0fqTYBAACowbsDna+JpGFqa2YUl+wIj81skWU9GF93JU8nOjkrI/PjNolZOLGvOb6r7LUSqkxDYWb2YmZhz2u86/jin2v3QsS7Pu8cawYlj+2vA+kbKhp4udhTnhcF820o6UX7dxrTvnwt4ZwNzGxuZo+J8/fs/74pmt9mNvFr+jlVLp7NbHnojraZDQ+Uo1DF8TcshunM123hc1XS9w/9XD2mvv/FzJ78Z2M/lue2pKsr5aOMvGzCNW1mI//cp8TnxmVsuauOOsHjjroFAABU3YYJIeztuEr6IzlV2swWen18YpZjq1My+u320Ulr72A/nNrA9UbgS+K/8mxnnuxob0IIH3N812VZU+qrTEMZgzv6ecer2FX6cSdvTOcdCPtQ8iNv6fzde+58W+NpCOFDyfmWPobMQgh25LN35fFlCGHt64fNFc0w+OHX3ijVIdn672ctc1P/zGQ5WPlnD/2zB4nP/pxel+lAbHiT5nMcf9Ni2Jmv15PP1a4OtKSnY9d+6pq6SXz3o15nvAwUzaob5yzzpaerj+WjzLys85pODMonP2Pj6dim0rH2752eUu+kYvpHZswCAFCTEMJPL28YLPb8f/DXdNd7ee1/pfJv1+vZG3rDgp8/SXzWS9H3Zfn+5HtKzqPK0lDCsQ79teu8jjO8N/2eSQXHnMynkOH4lhUc02M6L074rPGOfB35dRUkzTN8/3PG71qm3rfc83s3qd+72XNeJj5Q8FNenOP4mxjDznjcpZ2r1O+Psl77iXMYJI2OfOZLlmvhXOnqW/k4R17WcU37IE1I1YWTjL+bfA0K5N8LbUNevHjx4sWr5vbMvoZlhoYbFfh5Gr+F8zf12YsCjcGnrI26RAP3+Yz5c9Y0lHjMoxYN7iQ7MI+pnw38uKZVNtQrGNxZHOl0jwucv3RH8PHI78/TA045jmVS9vE3NYZV1Gkv5Vzlufb92soc17IMnp8zXX0qHxWUkUqu6fTAfZZzvKf8Fh3cecpTb9d8vm8yltEyXo+0fXnx4sWLV1Wv9zsm8ywlfWZO09lmSs388baZpD8PPNazMLMfOR93Sk7DfjwybXusaNHLoU/VlFW5wwAAIABJREFUvs35mN3HxJTxMlWZhj5K5u84wzo2XdieeOplY19adj1CcLUv7b4e2ST137Mjx/BVr4/jxJ3Dq4zH/63M4294DCtVDedqn+RC7xcZ8vjBzNqQrlaXjxrz8lvJMWmgn9enuz+Wt/646sOO9Bfxn/85bEGdsJb0cKBslmWr8tckBABgr/epBsKNorVKHsia8/EG10zSzAcpJpI+6edtvL9JuszYQB2kGlVLM0sPvAxSjY6VNzCLnO9hqkFXRiO76jT0ipe1ZP5dpzoRF57/My+Lndlt7MjC8LvK8KFG/zzdgD+WTyGErZmtE9f42MwGGde1GJR8/I2LYb52zcWBzm5RVZ+rY/FSkiZmNg8hHNtR6q4F6aqsjjujOvJycOaYJFW/C+F2R1lvan2wUjduXAAA8Mb7VMf6SwMaWr3ijcg7SXfeCH5MNI5GORqM6QUYfz3UMC3h0C9SDboyVJ2GvhmnOjAPezraK0VrY3zvSLofTijfuwYh0p2XrANgP1Kd298ydjBKO/4mxrDEosSldrhqOlf7pL/3xm+mxIsqr9MDW/sGfxqWrrOUj0R7JJnWtaR/FM1I2ba8jJR9Tf+5I9+rnhH1X9WxBwAAvJXcCn0p6Su7HNTH8z49tTvrXbBPib+vfHvZna+SDneQatCVoeo09E2ybGXphHRlOnmZMW3XVr//+XbGB1/6eSB0VMPxNyaG+VbNC/2821Sbz9W+fFntOY9jRbMuHhNbYC980KHx6TpH+fBBr78l/U+vjzvFA11zSS/+O20uI6Vd015WBg24/KmXAQCo2XtvHEwU7V5xR5aUxxuAF3kGzEIIG585ETc6s94Fy7RWTYnOPXOH59TP29k9lL9xJ+XQmjPrFg0E/6/Ez/q4J1+LbO2+reH4a49hZvbkZSx+rHJ9pkGGOs7VIVfyBd8P/E68oPnU10L5vGMwuzHpKrt8eGz5PYSQnkG8kfTgW5UvJM3N7JcMj7Y1tYyUeU035TGoOE0DAQCAWsSPZX2T9AfZUbpv/ud1zvdt9vx9XwM7vZZKFc+S/1dmI66mNPTGjru7h/L3Qj5zak9nbukd1T7O8ts12LrW68yCzNdP3QvJ1hjD/kiWLTNb6jyDO406Vz6ocenXT5b0TrzjftngdJVdPr5JGpjZdNfi+CGEezO7VjQAc2NmixMHmbtwPe9KA7NoAADoofc+LX4laeMdtzwdxkGi0UVj4mdjSSft3pSx4ZpeS6XKTvegxLyqKw19KYuZ8tc7VfvK7VTRout9HXz7b0/HbtXhclNqDKuwrmjcufK8uPTB1rGiQdLfDsTR0Y7Fl5uUrtLKh7cn4ny4PfC5i0Q8myn/QEzXruf/GnIcv8T1C9UtAAD1eO+NpHg3izwWSuzGYGZ3JUyR7ozETJTnAm+Pp1lnbWDmXUulDHEDrqzFE+tIQ5+Ulb9fFG0DXPX1FM8Y2oQQZjXm467ruZMLiFYcw3p1rnyWx1q+I5bn9civ0/T24Td6O4DRiHSVXT5SO1Ad2ukpOVg44HreOYOyjkejzrEO37nK7ljRwGAV+fTIkgcAgKq8VzSdOmtjZpFolN3p7bodzLR4a3xCJ3acyO+831XVWjUbb4SfY+YO6+2ctzw+FiybUz/f9zWmoe4486Cftx0e9aDMnDuGdfpceWcy3rTgp46ez16J15W59d8dJ94/TMyAakq6Si8fO9ba2SXZXnnu+/UcQlibWRMO5Rzr8J3LlfLf0DwFgzsAgEq8CyGsQwirLK/Ue59TP2dw5+fGg7R7wcZD4obmet9W1amGcp61VMq02dHQLtrxqSsNvbBj551Vgc8YeNl8qOkRzKbMuNgomnFxLI8P5eXUd0aaEsN6c67iWS6zDMe9DSFc7eskNyhddZWP5CzENdezpB1bq/uAYpUGqbZBY4UQbkMIVtHrilYIAKAq7yrqXI59CnefxA2rSY58indKkaTPOb9HqnatmudEp6WsvKo6DXHZHPSkLErRY01F8vebN97P8UhWlsGiJnUcdl2bs4zlbZDo3P4ghvXuXA19R6gsNqlBiKalq67yEb9/VdLaOF24nnc9Ep91gKqs+u+iQTEaAIBeOvvgjpk9K3oM5LkFd6rLSnNy56dhlnR7IzF+XGaWY+eNutaqiRuygxIGR2pJQ6JsvuTocLXRp1Py18xuvAO3PtOOMI87vnO0pyNZ+w5TngfpztT02J3yxLpBA0n3Td4tq+IY1rdz9S1jzIyvgYempauu8uE7qw18AOGa6/n/07DZkYYvGWN7WTN84vL6D01rAADqccrgztHGqXeYkzM75j3J17ixtFG0PsnCG1H78mkk6cnzarZrC9gM31VpoyrVkP2tpPyqLA07yua3LhZE74CMDg2kHOrAeWcqvm7PtX7Kd/08e2ee6kjGHZWvTchXXzcl3Zl63Hede3l78rK+rnlR6KbFsL6dq4Gkp32P/pjZwMyS1+ltA9NVefnwAaSJf+dVmY+HduF69jQk13ZJl6N0GVscaJNNPf4PMp6bZFnmsWoAAOrq+4UQDnbuvCF6oWh2RbKhs/GGQTyDY5NubPmdr2TjYp1xwcS2d6jjxTAvQwgbM5t73m29Ifzs+TfU68J+G0nXx+7+eSPqIm4kpzruD57fGxV//CZPOp/8+3PtlNaENOwom/IOwyrHZ7wkOmu7bD0Nlzves+998TX0XwjhY8G0HcrfuwMDPPG1/tHL7yjVebAzlqWRpL9TeRIvMht3JK93rdHhceopw7mIP2OV81x83bfbiR/3N/38CMRa0a4xF6mf3ac7gnUefx0xbM93TRQ9ZnN15jJ20rnKee0rkX9TvQ6ObhPvW3sdGv/fMDVwkrVOKCVdTSwficGUpQ8cXJ9r3a+y8rLmmDTxttkw8Z7ven2U+ne9Pkp35+nZN3tnG0L4kHHgbeH13UcBAIB6hBD2vrwxEDK+pns+Y+4/f5Y0OvR9XXl5o26U+r+h58WTpBfPkxfvaE8yfu44x/l4rCCd87zf1aQ0eGM0LptPWc9D4v1Z0vBc4D0hujQLpSlP/uZ53VR07Uz9mnhJnJvlodjh11bWdEwKnIt5huMe7bi+42v8yTu+w6Yef1UxbM93LauKWaeeqwJ5P0xdly/eaY+3+35OHcOz//+kjnQ1tHxM/LMWFdbhJ+VlQ2LSZEcZi49/LmmQuv52vV5y1qWLPrTxePHixYsXr6a+js3cGSQGgbZ5f45u87uTz1nv7jU8LQtJT016nAToSRypZOYOWlk24hkhPz3K5fXPsKRFlXHaeXr2Aa3LJq8lBgBA1x1cc8e3ZN3uG7g59nN0mz8ytVL0bP+45cm5ELt8AEBTBgymimaYXO4ZdJ/o7WL8qOc8DRUN7GwY2AEAoF7vyAKcKF5H4rrl6Rip+VtTA0Dn+cDOrQ7PBPkkdmZqglmqLQAAAGrynizAKUIID2a2UbS7xm0bZ3H5IprMQAOA+uPxjaIZO3eSJmY/reP+i17XLWK2Zf2mXn/ekRUAANSLwR2UYaZo0cyp3m7F2hZf1JAttoGedeSHet196DczG557lz80ujzEAzvS2905d+IxoNrP11TRQNs1uQEAQAPq5kMLKgM5GnmPkn6T9GubZsD4rJ0l27cClV1zC0UDwcewwHK/ykW8QH9WrV/IvwPn7EXRWjuX5AYAAA2omxncQckN8/sQwqwlxzxQtC3sNXeAAQDIXH/OFc2uYocsAACaUj8zuIMSG3sTSUtJV23YntZnEDyGEB44ewAAZKo7R4pujMz27GQGAADqqKMZ3EHJjb65okcuLlk7AwCATtXxA0n/Svrellm6AAD0pp5mcAdnaPwtJI1ZxwYAgE7V70+K1tlhEWUAAJpWTzO4gzM1AG8k/RJCuCU3AACgXgcAAGesqxncAQAAAAAAaK93ZAEAAAAAAEB7MbgDAAAAAADQYgzuAAAAAAAAtBiDOwAAAAAAAC3G4A4AAAAAAECLMbgDAAAAAADQYgzuAAWY2YhcQBfKsZkNyAkQ7wDiLwCg3RjcAfI1xgZm9ixpSG6gAy4kPZkZ5RnEO4D4CwBoMQZ3cO7OwcjMFmb2ZGYvZhb87zc7fvexyY0cP7Z/JT2EEB44u2j7dRJCWEma08Eg1hHvwLVL/AUAtLxOCyGQCzhHY2kg6ZukiaSVpIWkjf/4N0m3iu5a/RFCWJvZUtIkhGANTtOzpE0I4YozjC5dJ2a2kDSWdBlC2HJm+h3riHfg2iX+AgBaWLcxuIMzNJhGkv72f1773aldv7f0Bs13SVNJ6xDCZUPTFB/rrzS+0MXrhM48sY54B65d4i8AoL14LAtlN1CGkp4kDRTdhVrt+90QwrX/3tT/a3Xgc298qnSR14uZLc1sUjBNU0V39j4X7ejUefwdKFPzE/Ju32vZxevkRNeSxrseRUA/Yh3xDn2IwcRfAEBn62xm7qDkRlO8+OYshHCfpdEoKW7MXIYQ1nt+b6BomvRA0u+J90jSg6S/JKU7IgM/lk+S4t1eNoru0q1zpOlF0R21yxPypbbj70CZSubdVaKRHTe0FzvyLp2Hv3uH9f/fV+cd0nNdJyUc19Lz6QMzNvoX64h36EMMJv4CADorhMCLVykvRQsDBklPOd4z8feEHO8Zxe/x1yDDe6ap9wxzpmlcYj5VdvwlHOuyzLSXcDzjovngjfn4ffOuXycFjy3Oo2XFeTIt+5x4Wh6zXF/EOuJdW2MiMZj4y4sXL168eMUvHstCmeI7W19zvGeTuPuX1Tjx93WWO1x+dy6548si493KG7+LXeZU7EqOv4S7iBNv1C4bVMaSd3o3IYRNjoHsjaIFMiXpuQfXSZHB/o2ktaSJr0lRlUtJNyV/59yvtQtiXebZGb2Ndy2OicRg4i8AAJJYcwflNnr/vwFf4CMec/zup8Tf/8rxvn+SHQ7vzBzy5Uwdi6qO/1Rx+gcNWv8i2VEs0tBepxrrXb5Oioo7PbMKs2aeKnOn5vPQO+GrPJ3PHsc64l17YyIxmPgLAIAkBndQnuTdvP9yvO+iQCNxVLBx+Uvq38Mjvx+vK3Bfcl5VdfynNIJHfpwPZXa6TzymQSrvTrl7vunBdVJICOEhVf5VwXduPG2Tkjrx8eyAObEuc6zobbxra0wkBhN/AQBIYnAHZUk2vH/L8b6BN2gy3UUzs3GqIZTn7lt6mvP2yPcMFE07L21hw6qOvwRfEp3ke0mjBkwTT+ddkYb2IDGY0NnrpARrL69VdjDKnL0zVfmPF3Uy1hHvWh0TicHEXwAA/h+DOyhLsuF9m+N9K0kfc/z+Veq9eSQbc9sjjcvrZCOrRFUd/ykdsviRlgf/jlIfmSkp79ZH0jDdMwPkQvXN2qnyOjnVj9R1cHbeUdzoxDvWia2E5y0/h1XGit7Gu5bHRGIw8RcAgP/H4A7Kkmysjc1skeXxihBC3kZ78s5h5inhiTvTsa8Zv6fsZ+yrOv5T3Ca/I/XITJ2PRiTz7q8jHbGFdi+ku1G9i7NWdZ2c6nFHnldhrmg9k1MGeL74YMB9y89hlbGiz/GuzTGRGEz8BQDgtQ727ReB0wpS1JjbtfvF2huBD6c2jrwR9pL4r49ZP9PMHhMNpU0I4WPG77ksayp2Vcdf0jGuQwiXqc7Wo6S7EMJtDeUrnXd7z4uZzSVNQwgf+nidnCG/P1Z5TGb2Ium/ImXcF0xdSroNIdwR647Hij7HuzbHRGIw8RcAgDRm7qAU3vjYdad8pOhu/LOZPZvZ/IQ7ncm7WNscHYVJ4r1bvZ1afvB7Sn7GvqrjP0U8Y+Jr6vzGj8zc1FTEMq3d4WXrRhUsfNng66SM49zq9RGGqu8e30saptdryehL4jOIddliRZ/jXZtjIjGY+AsAwBsM7qDMBsnsSKcqbvQ9F3zsItnI/56xozDV6+MAa0m/ZuhkxI26su+WVXX8p4gfaXnY8bO5H1MdnZnkdsqrVB4NzGzoefXk//3Y4+ukLHE5u6z4e78my1tWid2M7stcFLjjsa7v8a7NMZEYTPwFAOBtW4rHslB6oYo6WTNJf+rtuglpuR4BMLPnREfkek9jO75zOFa0TsJQ0R2w26xrcJjZQtHd2jfT8EvIl0qO/4TjO/pIiz8yo6qn2/v35tkiu/FT2c91nZR4fPGjMasQwlXF3x1fg5c5dpdaKlr0trJz3/ZY1+d41/SY6DPXZmdI1n+enm3O4+lUDCb+AgA62Q9ncAdnbqDEu4x80s9b22buTOx43l/6eWvcQepnK0l/7etUVNmoqvL4TzjGJz9HH/Y1/H0thZtDnbUzlaHkOgnXejvL4MI7hTM//m0T19s593XinZWLsrb/TgyWVL7mSeKcP4QQrnP8fm0doTbGuj7Hu6bHxMTnnkOuY+16DC7r2i35mGqLvwCAFve9GdxBxQ2oR73ezdWhRnPqvfEd1Lgj8Ou+3z31kYxEgz5TxzLjZ1Z2/AWPb6RoOv29T1s/1mmrrMHrU+Pj3VX2dhoSHZCDaejidZI4f2V20OMZHbV01BKDDkdjRKIjfFXW4FYfYl1f413bY2IJ5yXv4E5vYnDWa9fP+xe/duLfXUv6RyU8Glp3/AUAtBNr7qAyPkU73fHMumjhm+f9fWvSna8SDjW+o/xficmv8viLmKf+PNQRu5c08s5PFZJlJkvH/bEv14mZjbwT8HSGQ6m70x2XxS8ZfvdG0R3uVdvOYQNiRR/jXdtjYtV6E4OzXLu+xtLfkv7n5eNK0WOFcXl5KWEdpq0AAMiJwR0UFi+iWKDhlGwcXmR867jChuPFGRpXVR5/3vMYr3mxyrhGQp5Od5V5NzrU+TCzSR07oJzjOjGzJzML3sG4UHTHuGz/S3X+q+5kxbsRTY/kb9yJum3TOWxQrOhVvOtITKxaa2Nw2deuz376PYRwGUK4CyGsQgibEEI88y2esTT3GYWtjL8AgHZicAen+KacO9q4zZ6/H2poJxs45747X+Yd7DqOP6/bVAcla8N34lPTz9kwH+XIuwvvjG13NfAVPY4w7Mh18kcIwUIIH7xDselojJlLGhzZtebQbkbEOuJdp2Ji1ToQg8u+dr/5eZ7uKQv3iTy6qXNLdQBA/zC4g1OMT+1UZrwrmrxruK1wB45BiflUx/FnabgP9LpTTp5OWFV3qjPnXQjh/sB6M1PV99hO6ddJRY+z/BLne13l0ztKW+2ZleN30Qd63T6dWEe863pMrCN+tTkGl3btetmIr5NDMwUXib8XXXuo9vgLAGgfBndQtAEc3519LvD2+E5W1kZe3uf9TxU3pi5K+ryqjz+P+O5jrs5x4pGZmzMfX1l59yXV4O7idXKuzv5/NZfRe0lD3xp613mNf4dYR7zrQ0ysWmtjcNnXrg+qx4/AHkrLZkccbWv8BQC0CIM7KGpcsLE1SLx3UeC7qli/YXNio6zu48/b4C76SMvcz+m0onL2WLDMTf1c3nf8OinbOdZiKSLuZN+m8mikaI2P+zPPZOpyrOtbvOtCTKwzhrUtBpd+7fpaOxZCuMsQO6ViA0tNir8AgBZhcAdFxXfzPhZp/Cqa8n608Zzzef+yOzsn38mu6fizHttJj7Qce2SmpLzTKXnnjfS5om2et129Ts5kkLoeauHn7UHSOFUmvqTyilhHvOt0TKwhP9oeg+uKv8nZTkUXu29E/AUAtAuDOygqvqs1ydHIG+p1yvvnnN8jVbd+Q3ynbVhiPlV5/FmV8UhL/MjM5IxlTIrWaiiSd9+KdNbMbFzSwqhVXSfncNGgzsXXZJn1czNR9t2MiHXEuy7ExFNtU392PQbXFX/j969OWGOoSfEXANASDO4gt9RuKMMsU9C9kRZP6Z6FELLezapj/YYf/ueghMZlI9efKPGRlq+pTlGZPp2Sd75F9kTR3dd1jvc9e1l9OaWDVvF1cg7xXft/6i6vng9rve5GVMmsnR7Eul7Euw7FxFOvo5WXyaznprUxuK74a2ZL/96NpOsuxF8AQHswuIMi4rthG0V3KRfeiDvUaH5SdGd45lPX835XZY2cVIPut5LyqmmNtHkZnePEIzOjHVP4T+loDRKNWynHWg9mNvQGdpy2RY73TvR2BsO3llwn5+joNq2T/jVRZm+UfzcjYl1/413rY2KJ5/s+YwxoewyuPP76ANLEv/Oq6CBhQ+MvAKAF3pMFKOBK0bTuqxDCxsy2kuZm9sUbUc/euBn678aNnctjd8K8UXMRN7BSP/7dG08bFZ8intXaG7ZXeRpXDTr+gw1vb/iW9UjLVz/HX3TCncoMebevoTzw9330dI2KdGZc+jsGZjYuOIhwtuukAnEnf1PTWkW7OqUPZrZRwd2MiHX9jHdtjok15EOXYnCl8dcHpRZ+/VyfGDcbF38BAC0RQuDFK9dL0d2tUer/horu0j1JepEU/M9HSZOMnzv292V5PZ45jfO839Ok48+YtnGJn/nonzko+P48eZfndVPgWBb+3mcvz5MmXSd7vmtZZrlK5MGiYbFnGucZsY541+WYWEMedCoGVxx/J2XGy6bGX168ePHi1fyXeUUC4Oc7uc+KFgX90LG03Uj6PYRwXeJnjnyA4aqFi6geStdC0lOdj0hlPM6lXhcYvirh8569I9SEWUTpY3vyTs+9QLwjJnb93DQ6BvvstIV2PMrl19Uw76yjJsdfAECz8VgWsINP414p2n55XMHaHlWm7e4Mn7lW/u1m2+BCPdutJO6QKHokYN3A8ntJhCLeERN7o7Ex2Ad25to/CDOR9IvyPerY6PgLAGg2FlQG9osXgbwmK3prpNfdhPpilir/IN4BxOAEH9i51eHZNZ+Uf2Fx4i8AoHj9xGNZwMEGXDw9+gMLG/bu3I8kfWvDTJEyH8sysxdJ6uPjOZR54h2IwRmO60bRjJ07Sf/b8Su/KFpkeqqcj1YRfwEAp+CxLOCwmaLFFqfekEN/fFE1OzKd2tEY6nV3mt/MbFh0jQ+/Gz0QszeId8Q7EIN3xch4YEeSbo79fs6BHeIvAOC0eoqZO8DRBtejoq1Jf+Vudm/O+UjSMoTwsaHHt9DrluCH5JrJ43eNN6xrQ7wj3oEY/NMxxQuPZ5VrgXLiLwDgVKy5Axw3U3Q3bU5W9KJTMVC0y01j756GEGb/1975H7dxO334g0wKOCsVhO6ASip46Q6opAKTHVDjCjx0B5QriKkOyFQQUx2IqeBrqgO8fxAXQ/Dd8e6I+0U+zwzGkny/ACz2dveAhbXWlChVAjtLJ+fvkQL0HfoO0ME/6N19Sb2bliqBHfQvAACc/w5l5g5AKcNrqu/b2m5pkYvu65WkjbX28YrqPJa0U8Z2voC+o0UAHYz+BQCAAbxTCO4AlDbAlvqeIHFPi8CFyHUi6V9JX6y1c1oE0HcA6F8AABjge4XgDkAlQ2wladLXXCwANWR6p2OeB5J4AvoOAP0LAABDfa8Q3AGobIwtJP1irb2nNQBZBmQEABhbAADQ+buF4A4AAAAAAAAAwHBhtywAAAAAAAAAgAFDcAcAAAAAAAAAYMAQ3AEAAAAAAAAAGDAEdwAAAAAAAAAABgzBHQAAAAAAAACAAUNwBwAAAAAAAABgwBDcAQAAAGgYY8zKGDOmJQAAAKARW8NaSysAAAAANGVsGTOTtJK0t9a+pUUAAAAgNszcAQAAAGgIY0wiaSnpSdLIGLOgVQAAACA2BHcAAAAAmmMpKZH0f5IeJC2NMSOaBQAAAGLCsiwAAACAJoysY46dnaS5tfbBzeL5V9JXa+07WggAAACi2R0EdwAAAAAaMLKM2UlK/Dw7Xv6dd9baLa0EAAAAUewOgjsAAAAAkQ2s70GcW2vtU/B/PwR9AAAAAM6BnDsAAAAAEXHLr1aSHsLAjuO9jsmVl7QWAAAARLE/mLkDAAAAENG4MmYtaSLpV2vtS84xK0kzSW+ttXtaDQAAAM6yPwjuAAAAAEQyrIIkygXHkVwZAAAA4tkgBHcAAAAAIhlWxjxLerHW3pY4dippLenOWvtI6wEAAEBtG4TgDgAAAEAEo6ogiXLBOTtJI2vtG1oQAAAA6kJCZQAAAIAzKZFEOY87SQnJlQEAAOAsW4SZOwAAAABnGlQlkigXnLuUtBDJlQEAAKCuLUJwBwAAAOAMY6pkEuUT1ziI5MoAAABQE5ZlQdPGLgAAgIwxY7d06RJZS3qqG9hxvJc0cUmWAQAAACpBcAeaMOATt1vIiNYAAADHjaSdMeai3g3GmIV7370/5zput6ytpM+ICgAAAFSF4E73RuHYGLMyxuyMMQdjjHU/LzKO3fTdKHbP96+kR7Z1BQD0K6RYa7eSlrqgAI+bibRU9STKecxFcmUAAACowU8Zxu3OGLM0xkyMMaN0CrWbjTFyf1+kx9KE9Q1Cl3xxp+MXv4+S/k/SrY67bcydMzJ2x68lTQaQaHGjY86Ae3q5FTkaOYc1r4wbuu/E6YrUWR4XHFv0fBN6sVV5mZzoj+RC6nmp+nXwcuSWLX2RtLkQefss6UVSlHeek8FPkhYEGwEAAKAKPwe/j1wZ67hrQ2rI5Z1P0r96hvFY0t9pG7qvmT5Pkh6cw/G3MeaLpKn7e5/rtdZx2v0tvXzx8rvx/jTW8Us8u7wA+hVOYq2du6W76yHbEU7WpjoupfqjwFaqyv/cvyvsLAAAACjLzzXP20u6izQF+docj5GOX5OlE1ueWmvvjDFW0sz9aVtw3YWOU8Pr8OKu/VfdpVTGmJkzcu+qbgHblzoM1EnaG2PeSkokfXB90DTzgr9nfb1On2/uyfKQx3C6ZXFMHq21dy3Iy9aTl886BubQryf0KzQiR3c6BoUX1tpPA22KifdvE7MQf0PaAAAAoLQt7G+FXiIJ7ouk+zN3g7juBv/exqW2Sw0cydu8gJqb3v6bM7Z/D5zPR0l/uf7zSdyz/OkZ57UCd24L17219vaMtum0DhcgWxO9nlFTKDNn3GeT48gUBii8rYJ9smZW9L2dfTl9p9cBq619xr2OAAAgAElEQVSOX9vzApypvP6u14G4bdvbH+cEU9/UDc5esn6FZuTIzZ6aDl3uAAAAAPpA1syde+egpM6LnKPyFcP3bCN46RyPKtul/pP+UNT+zjDeuvvs9Tow8v6E4fzJzbxZueertMTG1SvRmTkHuqwDVCIvuLO5hsoHcvqi18GdeYVxM5L07H7tQrdelDPdpH6FxuToXsfgzmcdZ/IAAAAAQE1+ynFenqy1D9baT648YPhGIQ1WfKxwTuooVpnd4DveT2W+iDpnyF/OtCrpUCWuXvvIMzBaqwNUwy2hCPXB9kpn9PmzbfZVgonu2DQg+oxkDUa/Qjxdsne6ZNpU8ncAAACAa4Gt0FvCGOMvwagTKKsyK+JP7+e/Kpz3j/fzpOROJh/cv7EDKW3WAao7Zbc6fmn/pOMSuGtN+ukHIesECJ6CIAP0X79CXNJg3JymAAAAAKgPwZ328J3fbxXOu6nhOI5rOpy/BL+X2YY1XZISe9ZGm3WAGlhrH62199eUwNrHBQ59OV2fcTmCO8PRrxBZjwTvEgAAAACoAcGd9vCDDFV2wEicAVzqa7RLqusbzlW+YofT4l9K3CvRcTlKtPwdbdYB4AxCOa0TIEjHN8GdAehXaIwnp/sJ8AAAAADUhOBOe/hBhiqJh7c6biVdlnfBuVXwnaKXEg7nnW+YR6TNOgDEkNPCMWCMmeUsEbwRs3aGpF+hGb4G7xQAAAAAqAjBnfbwHbiJMWZVJh+MtbZqgMKfTVB6mYg3CyflY4V7xc5X0WYdamGMsSXK2h07LnHsJuMeu4LjZzWeOTHGLI0xG2PMwV3n2f2+KCOP3nlZZdLkADLGTN24eQ6e49kYs+7gq79f378KnnukY06qmxy9sIrcTmPXzzuvnQ7u93XMfjLGTDLuFcrV+IL0ayuyaowZFemL2OO6azny3iETAQAAAEDc4I4zTtcZRh3TpusROnAzSWmbLpwDeK5DEeYAqTLrxf/avXc7Ip26V/rMXyM6Ra3VIYIzmbfk68WVb8HvLwXHZjmYRblDvlVs14Wkg17nSNq6PpxIWkr6N4YcNuAoz4wxBx0DfTP3zF91TOb86IImU0krp6emLTyTL/+n5HSunFlk1tptLDl1AYGNpJ2OO0eNnZw8uLJ3fb0xxuwk3Z4Z1Hl2Tnl6r7RP/HstJe1coKHJIE/j+rWPstrEuG5TjrLGTx91EAAAAMAgsNb+V3TcjnfljLq1M+AS938jZyhad9zYP5dyuri2tQXl2bXxqOb1p961DnXPK3N//5zIbdRaHSI97ySjH1cFxy/LHptxziYdjxWeZeydv8w4ZxPK4IlnGbmSJcuTE+eOa5yzDo5f5xy3CI5bNNzvvrzZE+2V+9wRn2cW1P8gaVryWL8kFeSxUIZ1nEUXytdsqPq1xP2jyqqTsal7H9tQ3mKO6y7kKON6h6ZlhEKhUCgUCuWi4w2BcbU75XAFhj0BnvgOSG0nKLj2qoYxvytrlHsOynOD7dNoHSI+8yF0iEo4+7ZscKzMuCwKNBWdm3POpMQzjZsO7mQ4y5uKQYdxg32+znsuF9QYpbNHWghqTLOCejX64qRTntHG6wrym5bpEPVrxcBONFnNGaPT2OO6TTk6ISergbzLFyVlLUbZYD9RKBQKhUI5VX4OJvL8Jel90c4h1tp7N5V8JOlvY8yvMXdKuoKZUnNjzMot1fhDr3PEvFpmYIz5WnEXFz9fwaZo2r079t7144uke2ttle3M0ySksfu+zTrE4qNz1lISY8w0a4twa+3eGPPDUo6853ZLWcY6LuupsxvTzLVL3rlZy8HeqeOtoZ2OCZeszEv0w8L7fanXSY+bktNJmAelaNlJ5HZK9GNeqodTesNa+2SMecxo46J7TYL2lcolL/4YPOPaGPOmifdGw/q1T7L6Oea4blOOCkiXmg5lWdaTjkvtkobv86L4ee0AAADgAvk5MNTK5n54dIZpIumDqu1OcvU4g3kuae6CFFNJf+rHbbw/q2Q+g4wcIGtjTOg8JYHBuHUOwmONaowCgzyWo9pmHWLxoNfBHblx8ZjjCCrDEcwLSs09Z7CuvH0q4VDltXFXhO15MvGttfbFGPPkjaOJMSaJHURwY9Zvo7vAmb5xcjzX98DcvqV2kiInaC64175kvbY515o38ZBN6NceymoSeVy3KUdFQQxpIMEdF1jbCgAAAKAn1N0ty/+KtKAZzzIQ99baT9baWx1nw/hOwbjCTieTwEh+I+nXoLyR9MZaa6y1b6y1d2cERW4CgzwGbdchVh++6MdAzjgnMeiHjL+NC5KI+olS6/B4Rt92gputFLZH2eBImNz7twYecRI48o/W2ievbN1MrHRb5y8NNtcfOcGN2H0yygiO7CuMj5dTz91z/do3WY09rluRoxN864P+AQAAABgqdYM7+8DAZfvSSI6IfpyaX/Yr5p/ez1u3xW9mifS4SWCQx6DtOsQk6yv3PMdBftFx9xyf+wzHcea3RYyxOhCy9Mk3t+VzYckIIjSxQ5M/Rst8uW9kSYULLCQd9slZ+qOlLdJj6de+yep+oHJUBMu7AQAAAM7gp0jXGdOUmUZzUnVbV+eA+A5j2a+YpXLVRKTpmTuDyjHgpuiHbTELfk+DPQ/K3rpZOccvz3i0/w1w6LzNkY1DibJowWEsK6epXszLczI9c9vnNpev3J7pjH+L/fwt69e+yWrMcd2XZVBpnRIBAAAAQGV+dkbyWMdkijcql5T2WwkDF445HaTvyzPKss/5Oc/JCXOAtJEH4FtMI7yjOsTmVGLlNICzcomVt36gwD/Wn+VTM5HykMlyuJ9UPbfXt9hLSzJmOWxP1CNz1pWXwPad6s/CyGqnlxb7pOugQiv6daiy2lM5AgAAAICG+NkzklNDe2WM+cIOWFGYqH6uFEn/fWkuc5//jPIGk7dmkURsq67qEIusxMpzSY8ukXLinP20bqug3n4S5nvvmtfGtxznd9uTMV1KTl2QPK//ZjomJN5Gbqc2++RcXiL0RRv6daiy2kc5KuKXSHIBAAAAcJWkwZ2qX1DDL33PNOVrvJkoddom7Y+yDkLVHCAxHbNYX/S7qENU3A44W/24TfZI3xMpr7zjH91uYGmAbGyMGTmHM53l8/EKh89zCZ3TFbHk9EOEvs0KTCQNj/e697op+fx91K9DldU+ylERTeRxa/IdP9ExeN9GW20q7GYKAAAAV8rPnnGX5of4VGLWThgMYjvQH6mVgNQt15iEgYAK92orV00qM03M3NkMuN+XGX2/1PclVuEuNw96nXvj3hizS8fVlc6ge9SPM6DGPRzXm5pjfObGzbmzTp6MMW3V+y/9mCOmykeBJOP5t5H6oWn9OlRZ7aMcFdFEHrcmeSdp2uL9CO4AAABAIWlC5a0zUt9Ya8vkCvCN132HuQL6bvhJ1fMRpY7CU5ktvivmAInJPjDIa9NhHZpwlLISK6cOQJYzHzqYf+h7IuXVNQ4cN3PpKUdOysrUzBhjvR3HFElOdY6cuuDCUtJjpMDdY8Y9Jg30yVOGXI9qtluMMd6Kfh2qrPZVjk6QBO+Wvuupe2utaam8w6QCAACAU/zkOZFVvkD5W1afDAYZYyZn7gozRCaBY1/GyB/p+3Kc9xXvI7Wbq+a5ioPX0zqkshl7Wn3ejIxVjnO4DRycvFk+10SW/M8rBlAk6WsDY1o6BrXryOln18exlttl6d+ygYXk3HuVDABMSj53H/XrUGW1z3KUR/qhYIj51gAAAAA65yfPwXyQ9HcJY3TqGX2PpxxQY8yzjssXnjv+Mtkawc5PozL1dkZ+usxjXmE2VFe5alJHJIkQHOmkDp5sHpxcxyLLcd8WBAOyZuhcYyLl/3DyHzqcs1PBBG8XqkTSQ+RZhX+eI6fGmIULRjzFei4nU2E7fSj5LJOK93rQjzM8liX6I3ye+3Pq37J+Haqs9laOCkjtin8wzQAAAACq85Nn3M2do77Jc9adsbr2nNW7E4bfVK9ndiyvpF1TYzcNmq2cEZzXTmNJO9dW8xJb0Wfdq1WjOHBEfovUXq3VIUM2P0dsm5cM539VcPyjflzycpVLsoJ2+ZThcG7yxpLr052Tpyen02LJS6LXMxk2Fc4dGWPWnv5bNdBOfj6OxBizyauHMWZVoItn7nmTnHvd6XWAZ+zeGaMCveZf61OExLBt6tfByeoQ5Cinj1LI4QcAAABQx2ex1oYOzFrft5jdOAN6pONX63R2w30ZA90Fg3zj8Mlae3vxjXp05CaSbq21e2PMUsdkpC+uXZ+9dk2TMu4l3Z36euuM4JvUUQkczkevz/ZNL29yiX/HzmG7r3Be53XIkE1JehdrC+Pg+i/W2jcnjk9lRDoGTt+VvM/IOYlS/vKINHB0l9bPGHPwnbiCcz76Y907r+hee3+clzxH6XjJkZfP+nGZyJOOO+vcBP/3EMNZPiGnnwoCPIk7763TA+PAiTYNyfTUOdsjr12/6PsSyt89Hf7JPVferItCmXWzZZZBn+71fUnNSK+Dp0/uvbHts36NJDNny2rb47orOQrkaeV0x1sBAAAAQHWstT8UZ6itJR0kWffvzhnQSdY5ecUZidYZhuMq5w61uLYaB38bubbYBe26kTQted2JO69M2bRQz2XVe/WpDs6ZSGVzV7YfKlx/4/p4VuLYdFvnQ5Vx4uSqbHtOvfPKnrMM7lfmnOca51hJoxN1HWeMoVA/jSL1XRU5rVIWLYzLqZPt5wwdvkx1uNPxec95qHivvD5Zxtb7TenXyM94lqy2Pa57IEepLl5dg41AoVAoFAqF0kR5NXMHoOJX6pEz/Et9ne15XVaSdk0s2QAAgEL9++wCWrfsvgkAAABQj59oAqiLt9NT0sG2ubG5Ebu0AAC0ivtIMNJxSRaBHQAAAICaENyBc0mTw94NvB5jdbsVMQDANTIP3iUAAAAAUAOWZcH5QvR9Sv0bt1PU0J5/LOnzNST7BgDomf49SNLQl/YCAAAAdA0zdyAG6ZfX2UCf/4Okj3QjAEB7uF2yEknvaQ0AAACAM20rZu5AJCN9I+k3Sb8OafaOm7WzZvtdAIDW9e9Bx1w7zJoEAAAAOBNm7kAs5jp+gV0OyLFIdNzG947uAwBoVf8uxawdAAAAgHj2FTN3IKKxPtUxWPLOWrsdwPOuJG2stY/0HgBAa7p3LGknaW6tfaBFAAAAACLYWAR3ILLRvtQx986t2yodAAAgfUckkv6V9MVaO6dFAAAAACLZWQR3oAHjfSVpQh4bAAAI3g87HfPssBwWAAAAIKadRXAHGjLgF5J+sdbe0xoAAMB7AQAAAKBBW4vgDgAAAAAAAADAcGG3LAAAAAAAAACAAUNwBwAAAAAAAABgwBDcAQAAAAAAAAAYMAR3AAAAAAAAAAAGDMEdAAAAAAAAAIABQ3AHAAAAAAAAAGDAENwBCDDGjGkFAAAAAACAy/LzjDHJpdaP4A7A98GeGGOeJY1oDQAAAAAAgIviRtLOGHOR/h7BHaiFi3qujDE7Y8zBGGPdz4uMYzd9H0Du+f6V9GitfaSHAdBhQ9JhAIBOAQCAYqy1W0lLXWiAh+AOVDVeEmPMWtJOxxkuHyX9n6RbSStJc2fUjN3xa0kTa+2+51XbSPpqrb2/or6cOMMzNUDHNa8zNcasA4P22f0N4zW/3UaurfIKywPRYchsRV114vkmjIDW3zFF/ZGgU+BS5QhdFKUNFwVteOirXQz91w3W2gdJXyRtLm2J1s+IBlQYRGNJf7tf37nIp8+TpAdnuPxtjPkiaer+3ud6rXWcond7ZX258f401jGC/baswWmMWUryv0i+OEV54/p9JGlqjMmSFQB0GLSiqwDQKQDAuwZ8rLVzl45jLendpdSLmTtQVumNdPwqlUi6LXLWrbV37riZ+9O24LqLE1HXonJws0OmZ9Rr5gyt99bal5rX6LQONZlX/HtY541eB3burbVvrLVz1/c+6zNlb3lG++aVdeTxYY0xtuJLZS/prY5BRZYCDlSHXZkh1IXMVtVV6fM9XIjc9l7/FcjL1uuPJ3QKOuXK5OiidFFHPLh2fKfjB8Te2sUwWN1wJ2mStXx2qDBzB8qSRrPnJSPYnzzn/68TivvJGT2/BwGDR3duqNATHWeF/OkCM1NjzF7SnbW26uBeSno6M89O13Wow6ji332DdiHJn1L8aK395P3+W1hXY0xSN3im4xT3jWuzd55xnBrIq4KXftrOv7t29v8e08A/x1mWMWYVPB8MR4ddY4CnTZmtpKuC55tdQJP3Wv9VkJe/dPwSjk5Bp1yFHF2gLuqiDV+cftsbY7YNv3Nq28UwXN1grX0yxjxKWhpjHs7wVXoDwR0o47wunXJ7cmsUy/CPP3BOKO6tu88+CIycmk3zyc28Wbnnq7OsKJF0f6Zi6awOZxqlkwJjtYgPwe+r4PevwbX35yjLoH1fAiNpXqG/R5Ke3a8xA2i8+K9Yh0ErDnRdXXUpzk2f9V9ZXi6pX9ApnfFCE1wt33jXQEO64V7HwOFnHWfyDBqWZUEZ0mDFxwrnpAZnlanHvlJ9KhMQcEbVY0GgIc8wS1y99pHzwbRWhzMdhk8ZBv72lJHq2i3J6euUOx1nM+1dvWKuY/Wvta8SBHPHpoG854jPdIeKQIdBv3TVhdJH/YdOQacA8K6BIff93vX99BKSaDNzB3TCmfenQNb50lQl4v2n93OVKcv/6PtUzUnJJUDp7JPYgZQ263CuMrt1/fu7pH9KLk27yfjbt+C6L2pujbIfPKtjID8FRva548PPoQDoMOiPrrpEeqX/0CnoFADeNXAhfNQxR+hcA8+zRHAHTvEuz4kvGQSoYoCOaxquvwS/j0oYXKlDHjsi32YdYrzIHjWQZL4ukOK37zlJQWM5N0tUBDoMWjG6B6Orrkj/oVPQKQC8a+Ai+t0Yk/qHgw7usCwLTuHnE/mtwnmJGyylAhTGmEkwyKoENsIpdC8l7pXozFwwXdbhSgnbt46BnMrlPkJ/z8SsHXQYwBXqP3QKOgUA4MJ48uz7wUJwB07hBxmqJB5Ot6cry7vg3Cr4xtVLCcP1zh/EEWmzDtfIu1AB52GMmbkv3SE3OuOrtTEmMcZM3FbwK7oEHQZwLfoP0CkAABfM18BPHCQEd+AUviE4McascozGV1hrqwYo/K+Spaebe7NwUj5WuFfsde9t1qE2xpiDMcbmlEnW86X/r+xEnFnXa2KrXf/Z/iqo30jHwMtNjjyvarbbSNJB+TsqKK9dI/RZYoxZGmM2Xv89u98XddvbGDN1Y/o5kItnY8z61NcLY8yoQJZsG3XokQ5rcszaEmXtjh2XOHaTcY9dwfGzLmS2qq6K3OZnjY1L038F9xu7ft557XRwv69j9pN7F4X3CuWqjWSYvdIpl6DH25SjIYx/1yeLoJ39Nlm48bA2xjz3tV5N1aPEfTcn3oHTM+3iRcHxh6C910F7+3Uf9VmOr1A3bDLet8PDWkuh5BYdpx/bjLLTcbeIUYR7JMG1RxXO3XjnPVe81zhiO7VWhwjPesjpUytpknH8pOD4vJJEfuawfccFxy4lHRpot6RGO9ijmj157aw2Hrv/W7jf08DSMpCZ9P+qyNwsQw7Sa6+D/ztImlbUD6/q3UQdeqbDlu75dw3V4blg3B5cWXn1PeQc/+rYAj0UlmkXMltVVwXnjqueE3NsXJr+yxlXYZ8+u+BR2FY79/da7wkna885fbLKeI5NzPd7FzrlWvR4m3LUZpueo4vcvfx7L9xzzdzPmxo2Rut6LXY9Mvr+UHDs+oRdNjnTLl4UHH/I0FnPrr7PGcevG7CZ0Q01dEPwrh0N1ncngEEpIeyrE0ry2Q20Uc3rT8so61Pnlbm/f07kNmqtDpEM01FOv05qGLVtODfTMgaA93zrFp6psoFVNbjjGUfLEvd/Lnmv0OhZ5xwXGi+Lgr6ZupfrD+3RRB36pMMy+m7XoMxlycmqpHFdeGzGOZsiw6gNmT1TV41rnBN1bFyq/nOOgy3pHMzO+QhQVoadUR7K12yodtE16PE25aiLNq2jiwJ5H5+45qFkUKR1vdZQPUoHdzKO35x4jkrvGnfsNCeI4svzLKfOzxn6YoRu6F43eP05I7hDufYAT21jKrj2qsbA31X4Arhowolssw4Rn3k8oOCO/7LaZBj1o+AlO7uA4M7qhBE4ieC8bio6VuOKdZjGrkPfdFiWEdLyzLtDlfFa4vq7krLUisyeoauqfi1vbGxckv4LA01l6p7TFycN74w2XleQ38bfT03aRZeux9uUox606bhkwCCpGIiflgj4tq7XmqjHmTN3lg3bxeuc4G5y4t18qHIOuqEd3eC9Q1YEdyjXEOAZO+V6OGHIjCte97mMIeYZsM9FUfGSL4dd5LZprQ5XGtw5qNpSqNEFBHcKv5zl9MWy4gtzVMFIKzQUcupwiFmHPuow10aHNp6/YDp4kc4p7Wh6OuHQB5ltK7jT9Ni4FP2XszR1VdPpsDVmho1qBp+SodlFl6zH25SjnrRp2eDOpEog09fvfdJrsetRJbjjnn9X1z6t+a5Z1RnvOTNOVuiGbnWDZ9tvhuqvk1AZquRnerLWzq21b3Tc8eFe2bt2fK6SdFOvtxVdu0RZfvGT+S7dPe+stW+stQ8Vq5He61vEhGVt1+GqcAnn/ERsd5JuvfJO0tyTxYvZbcxa+6ngv7NkuChh3TL4/WQ7WWtfgjE+qZgUL4lch97pMNdGv7pr3Vlr7xsWiyx98SEvmWLGn+cF107/72NPZLYtuhgbQ9R/y4y/rVq6175kvbYln7u3OqWHspo0/C5qUo6GNP59O3JqjCkjt59c6VO9YtejrK4cS/rXBWheJN1aax87kqmXEroj610+OyPJMrohbt+NNFAI7kBdg2Zvrf1krb11Bo2vQMYVlMMkGFBvnKPklzeS3lhrjQuG3J2hsG/KKt4KtF2Ha2MSvKwenUGdlq17SaZbF365kHo/niHfWUZP+KIq6wB+DX7/rYs69FiHpbvgfGpjTDtjLLzPOMcgzAr6jAuMx1lBAGnQ/X3CIehibAxR//2RFdxooE9GzkGr3CdufLyceu6+65QL1+OtyNEAx39433RHpnS3oUlGu91nfVDouF7R6lGhH9OcMIkLVvzalUxV5OmEzkc3tN+P3/pgmxDcgc4DPTp+PfQpG/H80/t565ykzBLpcZNg8Mag7TpcG75sbUscv7mQesf8+p5lLHxzW1cWlgxHadxRHfqqw7og60vWPMdBftGPX0SznIGZr8N6ILNt0dXYGJT+c85D0mGfnPXeb2mL9KZ1yuD1eMtyNKjxb63d5rT1RG73IW976dUJme6sXpHrUUam0p2TFOEd1gc77x26oVMG76v9jN8IGQMskXRTZWq3tXZvjNl6CqZsxHPSslPe9MydDRLUqPFV1L7jIgfIfdl5GtCSrf9FvNbbnHY9NPzi+18XDdeyDmsda+3WGPMSGEKzIGiTBnseXDBoERw7zwkOLXsis23R1dgYmv5rM9h5e2bbfstwEkbK/ko+JJ1yCXp8xPgv5J2+z0ApasOZjkt4HiW9zwhmdF2vWPU4NS7XOuaa8VkYYzYuyNR39pHGCLohvu2daKAQ3IEs0rXhd2coqZMGUEYugTYU8beYA7ajOlwNGZH8ova9Uc4XG2eYr53Bsb/CpsxyKp6UMYPj1PgZyFTnVnRYx3zU60BMYoyZekvD0pk4qwwnU/6x/iyfgRjEVzE2eqb/bhpyZsveq2vHoQ865RL0eJtyNLg2dbr61o3XMjMopk62b/tUr4j1KCLRj4GdlLUx5nYAH/P+l1MvdEP3umGwENyBLCaqn3PhP8Ve8j7/DeCWlXASsa26qsO1yGKp9nV5J/LkdqZjQs5rDb59y3mJby9YbtrQYV3yoB9n2cwlPbpZGolz9tN6rILx9EHf18vfe9dkbPRnbPRJ/33ruE/O5eUCdMol6PFvjP9ScnLrgrsTHYOyvxXYrWNjzDLIWdN5vSLV4xTp8sexXi/NSgPatxoeL+iGTvkl0jujM8i5A6/wZqI81zg9/TJWVplUzSUQU2nG+jLYRR2uiVjt+0Ed7Mbh1jRvjDGrjtsxazzfXKLAtKzDOsPN0Aifc+LqnyZSXnnHPwbGip9YOZ3l81HXR5/HRp/0X1Zgoqlp6y9n3uum5PMPTadcgh5vU44G3aYuYfona+07bze2Ox2DjOEYWfS1XmfWo1CWrLVvXSLzR/0YfB33wPY6xdtIugrdEI8mcrO2CsEdCKmVyNBN+56EDkWFe7WVq2YfWWGQb6c9edzUlM2Z6++HDusw6bgds3Y0GF+BzDStw7pmmfO3dIlV2O/hGLiPlEh5yPR5bPRG/7U8Vf+vjL9VWVaVZDz/9gJ0yuD1eA+X9famTY0xE2PMwRizyGm7vdstb67jLqzb4PxRH+oVuR5FPAXXnevHvFozN5O1r2TtTLVBN3RKE7lZW4XgDoSkXwrf1nQynspsB1wxl0BM9sHgPecF1lUdroKMHRS2Na6RONl87Mhx7csXwH2G0aMqu1QYY2Zuh4sZOqw3xtA2wwBJDdksZz50MP/Q90TKK10hfR0bPdV/j1mOXENGfvi8o5rtFuPd3AudckF6vBU5GmCbpjPE5iWe+8Va+y7PAe24XtHqUYO7jGutKwSM2rRxk5wAzBd0Q6e6IQn8xcFBcAdCJoGDUEYhpBnvJel9xftI7eaqea5iKPa0DumXkeRKZFE6Tr+t076fnaJuYrlJGWOkTy+JrLE5LylvieeofEWH/Xi+M4y6cFDyZmSscgzAbSCfebN8rok+jo0+6r+sXBhlnYfk3HuVHF+Tks/da51y4Xq8TTkaYpuOKsw22Qf6vU/1ilWPqkGOrKTnbc+sLyOnWUGUT2cE4tENcbjpkd1eC4I7EBojiaeUZyUVQqo05xWm1XWVqyZVWkmE4EgndTDGPLs2P/R8uum5/PK4G+4AAAVFSURBVHlO+7opwen2v01M99xk3HOc4xR0Pt3UtUH44jwZkPB22kkkPfR5t6yWdZh//s4FUzYdjMksx31bYCBnzdC5xkTKfR8bvdN/TqbCdvpQ8lkmFe/1oB+/4i5L9Ef4PPfn1L8LnXLperxNORpwm34uaaOmNsdjT+t1dj1q9Oc24502ctumt0VhvZ1eCfXZU8Vk0uiGZnRDKov/DNmooVBkrZWOUWSr4+yWlft5UXD82B1rJc0q3st6ZdFyPdP7TiJdp7U6OGPdv+/hjGuNg2udbBMdZzyF50wbqGdS9x7uGdfeubOG+iKRdAiecxM8R/r/yYlrTTLadVGxjaykdYnnXpS9l5O3dIzv+lKHPuiwjHum5bkD3b2pMl4y5HZU455tymwdXVXnnEbGxqXpP+eUZOq9jHqsMtr0v7Z1z5sU3Gsd3itLXoOxnJblkOyiis81eD3ephx13KaldFHWu0TSuKBNNmV0eNt6rcF6rKrIWMZ77qROqPneyJPNzHq7MRY+2+5c+UU3nK8bgv5PBuvPE9SgBEbUIVWu3uA6uJ9nbnDPPIMrV2lnDJj03F040L1rj1qo566O4deHOuQo10nFaxxyXnrW6+9dzjmHgnMO5zi2J9p3qe+JicMydecsM86zDcvSOKNNngNjZVrghJXpi4PfxxX64pQDsss4d+eePfy/Vd/q0LYOqzImO9DdkyoB38Bw2lQMHLTW32fqqlPPN2pybFy6/gucgrRdV86YXgRBmWVGALL0RwpXvzw9u8kI6uzO/XjTpU6pKDOD1uNtylGbbVpHFwVBkUNw75Wr/ypogyo2eCt6LWY9vLFf9d1hS5TpOe+aE8GdRUa91xm66tDEx2F0Qz3d4AfzB+3PE9SgBEGPccbATo3GgzfANmW/JuYEJPLKpoV6Lms4Nb2pg/cieXb9Mq14fpk6PNc4p7YzUbF9q5S2ZlTN3Jg4eH2zLjK6cmZBlTFCyp6zLGkAhOP7P0Mm/erR5zq0ocMqjMn0HkkH+juVv1mJY9NtnQ9VnNC2+7thXTVqcmxci/5zBvjKkye/jZbpWMiYgVPH8E7vldcny9hBla50Sg1HbtB6vE05aqNN6+giTw8c9D0fWtgm/iyyaRf1qqDPzq5HziyUWO+O6TnvmhPBnXQ55yIIQB88+3CKbuiXbvD6cjVkf964ygBcDW6t67OOSUTfDLwuK/c14YGeBejFmHy21r6lJQAAAC7+nb/Sj8mR37a5yQrEs990DGjd9jm/5ClIqAxXh7djTNLV9psRudGAM7oDXCA3NAEAAADAMHAf/kc67k75NOS6ENyBayXdMeZu4PUYq/9bUwNck3FAsBUAAABgOMwD/3CwENyBq8Ra++icsFmELdG7ciTHOi4te6FHAXpjHPxFMwAAAAAMhpnzqT4NvSIEd+DaHbF0QA+RD5I+0o0AvWEqifxXAAAAAAPAGDPTMQH2+0uoD8EduFqstVsdc+98GNrsHTdrZ+xmIAFA92NyIWnLTDoAAACAwbCU9HQpPhW7ZcG1O2TpzlkP1tr5QJ450XELwLuhJ/0CuCA9spP0K8EdAACAi37nz1xAQDrO+Aj5zw4Y+q68V9CXSx23hL+9FJ+KmTtw1bids+50zL0zlJ2zlpLuCewA9IZ7HYOtBHYAAAAum8Qrdf4feoBbBbGQNL8kn4qZOwD6L3I70zFyy243AAAAAAAAl+f3JZL+lfRlKCs3SteN4A7AfwN9JWlirX1LawAAAAAAAFycz7eTtLfW3l1c3QjuALwa7AtJv1hr72kNAAAAAAAAfL0h8P82jmu1/RUWfwAAAABJRU5ErkJggg==" alt="\[\begin{mdMathprearray}%
1.\mdMathspace{2}&amp;\mdMathspace{1}\mathid{SP}(\mathid{P},\mdMathspace{1}\mathid{x}\mdMathspace{1}:=\mdMathspace{1}\mathid{E})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{1}\exists \mathid{y}\mdMathspace{1}.\mdMathspace{1}(\mathid{x}\mdMathspace{1}=\mdMathspace{1}\mathid{E}\mdMathspace{1}[\mdMathspace{1}\mathid{x}\mdMathspace{1}\rightarrow \mathid{y}\mdMathspace{1}])\mdMathspace{1}\wedge \mathid{P}\mdMathspace{1}[\mdMathspace{1}\mathid{x}\mdMathspace{1}\rightarrow \mathid{y}\mdMathspace{1}]\mdMathbr{}
2.\mdMathspace{2}&amp;\mdMathspace{1}\mathid{SP}(\mathid{P},\mdMathspace{1}\mathkw{skip})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{1}\mathid{P}\mdMathbr{}
3.\mdMathspace{2}&amp;\mdMathspace{1}\mathid{SP}(\mathid{P},\mathid{S}_{1};\mathid{S}_{2})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{1}\mathid{SP}(\mathid{SP}(\mathid{P},\mathid{S}_{1}),\mdMathspace{1}\mathid{S}_{2})\mdMathbr{}
4.\mdMathspace{2}&amp;\mdMathspace{1}\mathid{SP}(\mathid{P},\mathkw{if}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{S}_1\mdMathspace{1}\mathkw{else}\mdMathspace{1}\mathid{S}_2\mdMathspace{1}\mathkw{end})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathbr{}
\mdMathindent{4}&amp;\mdMathspace{7}\mathid{SP}(\mathid{P}\wedge \mathid{E},\mathid{S}_1)\mdMathspace{1}\vee  \mathid{SP}(\mathid{P}\mdMathspace{1}\wedge \neg \mathid{E},\mathid{S}_2)\mdMathbr{}
5.\mdMathspace{2}&amp;\mdMathspace{1}\mathid{SP}(\mathid{P},\mathkw{while}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{do}\mdMathspace{1}\mathid{S}\mdMathspace{1}\mathkw{end})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathbr{}
\mdMathindent{4}&amp;\mdMathspace{6}\mathid{SP}(\mathid{P},\mathkw{if}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{S};\mdMathspace{1}\mathkw{while}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{do}\mdMathspace{1}\mathid{S}\mdMathspace{1}\mathkw{end}\mdMathspace{1}\mathkw{else}\mdMathspace{1}\mathkw{skip}\mdMathspace{1}\mathkw{end})
\end{mdMathprearray}\]" class="math-display math" style="vertical-align:-0.000em;height:10.849em"></div>
<p>Rule (1) defines the strongest postcondition for 
the assignment statement. The assignment is modelled
logically by the equality <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAG8AAAAdCAYAAACkLzKqAAAC7ElEQVRo3u1a7ZGbMBB960kBzJXAdcBdCbgDSDrAHdiTCjKkA7sF3AG+DsJ1gEsIdLD5kVVOVvgQxiK+nHZGY2OJBfS0em8XEzPD2/u0lZ8Cd0ZEORGxo5aTjzyn4AUAQgAP8rk3hmwA/Bhw8QBA+fgCINL6Dh68ZcFsBAwAODJzOvH8CMCL+Nj5bXM54EINOAAop/pg5lcA3+Tw7MFbzmLj+HSlH3Ve68Fbztba95aZz1f6OfvI+7eRd5rrjJk9eO+F7wwF2vo87075joi2RJT0dAdq6/Tg3SffbTRu61KcaS94RBQTUUlEjbSKiDJzKyCigojqvjHepvOd5HKhgNTLd+rLRZMqQAUg1n7bAmAAhRxHABpjzF7GbE2fH7lJdYS1lo2MrwCUVr47gCt7nNbq4gJc1AEcA6hu8MBb44FdttIxeJlxvcjoV+WvRICzDoBP+lYpkfQ4kF+o+tzBCOvPHXnIHHsFcDQUmgtrZyq/qXwHABUR2Tz/uIpVtU2pu6XMfOrZi2sBDwAeddIloi2Ar/hdZE2ZufU0B31eA43vdh3SPxCQM6EysnIu4CUA6pHwV2Ffey5zxnflFNpZaVtdOqKAblYd8PmdVe1y1FYqdxiSpsZNlB4TZ/ldODS/kp5FF+BNvAkfeQ7rmX2aQ2yv6Y43tWl5E2cvRtzVMweUvqKuZ2ZeW4MnKcSiUSfX3CyQKkDyvO93wndDluPtRax15K1tVo9aaSPcOYUrkgUDxQV4t3p/p6Iu/ktUWsjdSpO6wci4xKcIf+aj0eatmOmr6vKhyjOFXCwfyFPqAecRgMaDdl1+Z1kqjLrA0+uSbHTmNjVLH3Wj9cxwpp+qpx9lV3jL6mk0B02Pg2LutvAfgqfPaXNl5Baaj6SvMF0IGR6YeaOpvb2qdRLRE4CMiHJm3mljckkfUnxgE0Gh1yh1pfnTUOxdFsj5TwCecfnn2paZj2O1zUoirZGVExqroWtM7KMMseNXVr18+QvNZp7UqIDyCwAAAABJRU5ErkJggg==" alt="$x = E$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> where any free occurrence of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABUAAAASCAYAAAC0EpUuAAABHklEQVQ4y6WUYY3DMAyFP08HoBh6DIohY7CjUAjlMAjDUAg5Cj0GHYVC8P04Z/KsrOl0liLV8fPTSxo/VJW4gARkYLO1AGPA9MAMrBFTI7wZILm9CVBgtnwwohT6FJhqhPmF+tWaRiMcKoQKLPHIa43Q6tk13kJtc7U5FtIO6eoa+1CbrD8DXdm87Kk0TCHcxakqJ/7iDnzxIkRkcOk3jfgAUNWfBi6579wiPXEszu8oFbuvfZBIAd1V9fPfSkUkvaPy6PHPR+5TRPrHD209DxvZ8py6Bu5SrrMzY9iAa8U0mu+zeIHLn+ZWA/jqZ/qIykLqZ3oOKjczEPVKAuHs+wrpGE2imEvxAneaa8AskfDhpzb7izPlXDGNGqZqQL/kpe0Z3roFswAAAABJRU5ErkJggg==" alt="$x$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> in <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAdCAYAAABSZrcyAAABm0lEQVRIx8VX7W3CMBB9z2KAiBEyQtoRYAOkbkA3oCNUjEA7AmxARiBsUEYo2eD651K5luOcQ6JasvLh+8j53jtfKCL4tyEivRPAHoDMNPdMRU6yAFACWOr1EIi8ArgkYlsC6Gy8AKi8tY9k5JGduHtffszRVf3Ks7Fz1vSQLDWKbpxHpPgK4F0fby5DdxU81yNh1um1Oc7X3n0rIreRzm+PRl5PwDKb8ynyHTCgBQA3R75J7khuepaL3603UuToUexukP8CUCXWSxHB5PxWLovFrpsh359WQLoR+b6EJZhkSXJDstHITYBcZPIbABqSQzpXE4uGjlSSd2/bawBvPYfHGsBWQcyHI4/k+6j1OTZOKr+0Et5Nye/c6ucy8m2p52UKbArMakzktbFmp+QO+oHpNkqF/LZnm9s8xBoJa5GZ6vzuxt5rJAYjz6rnlpILoPjzfq5+LbDVxGzMnm8AO7VRWZ1vA+flSMednSa63qN0fiTfunM+ZjYxuYWSvwpqtI/0b5KrASQXqv8E4Dn4OWhF5JSilMw4e/HyA0LLUfEX45grAAAAAElFTkSuQmCC" alt="$E$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em">
is replaced by the existentially quantified variable <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAaCAYAAAC3g3x9AAABcElEQVRIx5WV4W2EMAyFv9wEdAVGQB0h3QB1hOsG7MAI1xU6At2gohvQFdIN3D/OyWdCQiNFMth5+L28BESEPIEIrEACNmCy+dIEOl2zAZ1NTPqy1+cbIMDcAJy1ToDBdpaAzn1AgNQAXDOgiGBfRlf4YQsrgLm7VZ+JwFYoTFq4VcCiAZxFhAvwpnrdRwhhVLHxOTdeTLzkYLTaebo+V9PvrmHBBg+6VOyyq7sUaLyauEb32cSf96hGo0H3ZupikbKjsTTsspVs5SlHE38fcQ0hdEC/ows7wN7EXxX9YskuJUA7fk7676FDr8vVaNgfaNebmt2xrG3K9cB7W23jSh2M+ZYBBgN0VbDFAE5NQEPrQwGSzpsC22M5+LUhXzlnRwghL/gVkSefv/wTzNrlvVhkKK6tK9/ol46OpS88vFDNZgkwHn7Un8tSh7oZ6dRPy3S4nvDe3Pyt6qJBOxgd0GRsE1tgDz503svCL6Wua/MPz3MNm1mBZ2QAAAAASUVORK5CYII=" alt="$y$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em">, which represents
the value of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABUAAAASCAYAAAC0EpUuAAABHklEQVQ4y6WUYY3DMAyFP08HoBh6DIohY7CjUAjlMAjDUAg5Cj0GHYVC8P04Z/KsrOl0liLV8fPTSxo/VJW4gARkYLO1AGPA9MAMrBFTI7wZILm9CVBgtnwwohT6FJhqhPmF+tWaRiMcKoQKLPHIa43Q6tk13kJtc7U5FtIO6eoa+1CbrD8DXdm87Kk0TCHcxakqJ/7iDnzxIkRkcOk3jfgAUNWfBi6579wiPXEszu8oFbuvfZBIAd1V9fPfSkUkvaPy6PHPR+5TRPrHD209DxvZ8py6Bu5SrrMzY9iAa8U0mu+zeIHLn+ZWA/jqZ/qIykLqZ3oOKjczEPVKAuHs+wrpGE2imEvxAneaa8AskfDhpzb7izPlXDGNGqZqQL/kpe0Z3roFswAAAABJRU5ErkJggg==" alt="$x$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> in the pre-state. The same substitution (<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH0AAAArCAYAAABVV4fPAAAELUlEQVR42u1c/3HaMBh94hgAOoK7Ae0IZgNoJoizAVwnyMEGJhM0zgawQYs3wN0gZoOvf/B0VVQb22ADKnp3vuBYtqTv6fshfbIVgAGABP8iEZEVPJyEUqqU1z5/hAUXMy8651HIa884WYqIMo4nLzN3ISJ7k08AQ32t58Vzf/Cke9I9POkennQPT7qHJ93Dk/6fgCtbnvQ7IjwEkCulJp70+8Ev/n3wpN8JRGQPIAXgNV2bPqXUWimV89gqpSKrTKCUSpRSu7IyDiBmXy7Sbsp1S3ntlFKzOnEH79nVjUEGAATAQkRQ56AgtgBC438zPifh+QhAbpWJWWZWt65bONiP/AL1zADsAASWvBYV9y1YTgCMSsponuPGpPOmdcm1HZ8VUVCjAsIFwNYx0qOminFCHSFlNihQpLzi3q2W7ZEyp5HOhu2OXF8bxMYF2iKmNXCMeN23SUfP/2A5+b+kikyWq1Qmk/SmPj0BcCzPHhi/F9a1ZwB7ABsAjw7GP1McNpYkbU/hODUciMjGuqQ3QWQV92psWg3k2NH3goYVkZ6JSGZFwksRGYrImFGxi5H8F4P4uMXHP2mza8l7YAaTJRgbv9d1Kus3aFjG0V42KEZNR1wLK2WfrqTxCYCIWjYXkbczn/mjQGbm2sCxvYqhMTA3rZIuImlFkbDpiDuD8JjB1bURUOszEfl8hhV5KxjQ2oWkZZaR5bSypXXr67cogPEFNT1mfHAtTAxXlnYQo3yz1wlK8PUUmbdJemj4804JodVJr8E2F0sCurs2THuZj9d4rXA1ja1rvyVBhBfU8qtBKbXg3HkjIuMOYxVtsjcVCtTYn7e59l4rguSy7MhRwqOuCS+IjdKKwRGcomi9Dhq6qZjnBw4SHtC3ph0Tbq91/OwicO7VNTlMnOQ0cbZARlX+nBoedOQDu4YOpi69qJR1ETjX1fQFI9YBTVxZ0HHM/7zAwZU4DtYQwKrGtLUN7KvkSUWLGkynTyLdNDlvBZU/FZQzG5nQCrio5d+NgX8JvJaYcNOXr88JnOuSrt9+XInI1IjY1wCmfLt1BWBgmn+dG+ZonDoatE/oyy/yQifdo5bVQge+dLERDomZ7FR/rlEry8bOb8HcMisLapQJXcuoGf0Z4Ur5f1rNBId0tZZnjL+vlh/Nnx/Lsime5Di8tTqHh21KI1q4/Q21S7TPF5Fhg77kAFZ9T22lqV3e2EA0/fxJH43wGyNvaC2A+9zEnhZbmBuR/bMn3W3ExnrHpGRgTIyI/vFUl+NJvx0UTostn/zC0+U501/v028HGU12bH/giYRvGXSfHXB7Tb8dzKnt7ybZTOX+xmGX0LiNGZYn/XZmCikOe/Ae+NKCkOwxDnn7YZP0qTfv7hB/dB9iWzBJn1i5bv/xQLengGUfD/xAemBFkP7jge6j6OOB+ANqyxmslvgaQgAAAABJRU5ErkJggg==" alt="$[x \rightarrow y ]$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em">)
is applied to the pre-state predicate <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">. 
</p>
<p class="indent">Rules (2)-(5) define the strongest postcondition for the four control-flow
statements. The rules for the <strong>skip</strong> statement and sequencing (;) are
straightforward. 
Of particular interest, note that the rule for the <strong>if-then-else</strong> 
statement splits cases on the expression <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAdCAYAAABSZrcyAAABm0lEQVRIx8VX7W3CMBB9z2KAiBEyQtoRYAOkbkA3oCNUjEA7AmxARiBsUEYo2eD651K5luOcQ6JasvLh+8j53jtfKCL4tyEivRPAHoDMNPdMRU6yAFACWOr1EIi8ArgkYlsC6Gy8AKi8tY9k5JGduHtffszRVf3Ks7Fz1vSQLDWKbpxHpPgK4F0fby5DdxU81yNh1um1Oc7X3n0rIreRzm+PRl5PwDKb8ynyHTCgBQA3R75J7khuepaL3603UuToUexukP8CUCXWSxHB5PxWLovFrpsh359WQLoR+b6EJZhkSXJDstHITYBcZPIbABqSQzpXE4uGjlSSd2/bawBvPYfHGsBWQcyHI4/k+6j1OTZOKr+0Et5Nye/c6ucy8m2p52UKbArMakzktbFmp+QO+oHpNkqF/LZnm9s8xBoJa5GZ6vzuxt5rJAYjz6rnlpILoPjzfq5+LbDVxGzMnm8AO7VRWZ1vA+flSMednSa63qN0fiTfunM+ZjYxuYWSvwpqtI/0b5KrASQXqv8E4Dn4OWhF5JSilMw4e/HyA0LLUfEX45grAAAAAElFTkSuQmCC" alt="$E$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em">. 
It is here that DSE will choose one of the cases for us, as the concrete
execution will evaluate <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAdCAYAAABSZrcyAAABm0lEQVRIx8VX7W3CMBB9z2KAiBEyQtoRYAOkbkA3oCNUjEA7AmxARiBsUEYo2eD651K5luOcQ6JasvLh+8j53jtfKCL4tyEivRPAHoDMNPdMRU6yAFACWOr1EIi8ArgkYlsC6Gy8AKi8tY9k5JGduHtffszRVf3Ks7Fz1vSQLDWKbpxHpPgK4F0fby5DdxU81yNh1um1Oc7X3n0rIreRzm+PRl5PwDKb8ynyHTCgBQA3R75J7khuepaL3603UuToUexukP8CUCXWSxHB5PxWLovFrpsh359WQLoR+b6EJZhkSXJDstHITYBcZPIbABqSQzpXE4uGjlSSd2/bawBvPYfHGsBWQcyHI4/k+6j1OTZOKr+0Et5Nye/c6ucy8m2p52UKbArMakzktbFmp+QO+oHpNkqF/LZnm9s8xBoJa5GZ6vzuxt5rJAYjz6rnlpILoPjzfq5+LbDVxGzMnm8AO7VRWZ1vA+flSMednSa63qN0fiTfunM+ZjYxuYWSvwpqtI/0b5KrASQXqv8E4Dn4OWhF5JSilMw4e/HyA0LLUfEX45grAAAAAElFTkSuQmCC" alt="$E$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> either to be true or false. This gives rise
to the path-condition (either <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAG4AAAAeCAYAAADNeSs6AAADsElEQVRo3u1a623bMBD+TugAikfQCGoyQe0NFHQDZwMFncDQCPYGhbOBNEKVDeIRam1w/XMqWEaSedSLbUqAsE2L5OmO9/qOxMz43/6+Fg39SUQ5EfGIfiWikogKIko+EmPlnXmmXtCQxhFRDOAeQAxgA6CQ7217BnAB0FhTYwAJgAcAmTF+YuanDyK4lgcb+TxajzwB+DGwxMbg41cAqclHMLNzB1ADYOlnxzmxNa/U7PmvdABXLe+s+amxRh4pD5Ip9dJlAjM3AL4YQ1siKhY48Wci2gaifYllqUrtGsz8CuAgPy+RYnObCZVi0wbAqzG0n5lRmZjocyCW05t3PfMajcbtjO8NM1+Um5rPx0SUzsiob8Y+WQCCG8s7m4eXyPPU+JyYeCGzlIpJf7GEGIrGVWMXY2aV4NT+zWr3Axo4h7Y9AzgBSGfW7tn9mxVpNq30XCKarRERMYDEIyLiuSNLCZ1/R23275Wiyb2GdwByANkAH2tmdhZcYWx89SD+aBG/nYlJ7T6pMVb6HLYJaTpreAfgzaS/63BqBKfO36w8zhRaMROD2n3qHmtRhJ6/tZbJaV3HzU3G75WEl2MST8U+ueyR9ZxiXkFoiYZ3oiDlJILz9W9CtKmp+QIn+3rDz+Qr+7e0w0okknPWGhon9W9CyNay6+e5/Yu8+OBLDwl2If/m2p38P90q6xBRbaUCjUOeVomJfBmRbGpC7pbGO0FpOtF6MaePzPyyUCpwNfhSSYrSBSTvWjSJmck1mVMFFjLW2Vdy/m2qcfQJXgLyb6WGtk/KpPl734lesRXWZy9eSkQnAHsiSgW0DQ2fdEZVbiEnuw6EOqSaVyIMqhxNcrEgDKbFJ5MhVIWIEhMBihSnpkJ47dlF20yMT94jk0JnUPgkMw89dxThDvu4Dv+WB1aY9PJZSyTkWv/mWkQ1x6IFakhztbamd1Ai65UA3PlfUH8zTfzBKaq08cVArwJcRybG+xDwSceoOXZKwFuYCAHeE3FJuB0F/xbi/ZIOGOzdGlFPBBP/4QjH1ZDmrLmdRqxxApBMXSGfsv5GRLlo3MEpATdOdCfGtrK2OSXccwU3U9ffHNapnbHKkP3blPU1wxelM9DnW7tMLB+Z9WKVhnpvJHG0I64nicR+ArishZ4InW+ScO8mup9SC6b6OGKNd5ijcT3j1gXglu+fBalKrcT9buguiQa9LlbUtmLqCrqhIbHH3K0H+q/pe+/qQGAQVw7gwVc7BjTmDGC3RCVjqvYLfHMa6mzvdzcAAAAASUVORK5CYII=" alt="$P \wedge E$" class="math-inline math" style="vertical-align:-0.000em;height:0.781em"> or <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIoAAAAeCAYAAADzcIYxAAAEEUlEQVR42u1b7ZHaMBB9y6QA50pwOnDuKojpwJl0AB3AXAWM0wGkggx0YEoIdHAu4XAHmx+scxsN2JJtgcFoRmOQrQ+vVk+7+2RiZjzSI9WlUdVNIpoREbfIByLKiCglovAhbn9JZMyeckpViEJEAYBnAAGAJwCp/C7THEAOoDCqBgBCAC8AElW+YubpY1q9KEop8ye5Lo1HpgD+VDTxpObtB4BIzxuY2ToD2AFgyWvLOoFRL3Pp85GbZQAH17ky6keqjdnIUXG1lmU2FZi5APBNFcVElF5gha2JKB4ouoQG8meubTDzHsBC/uYjh85NoW8dOi0A7FXRxLOgEtny1gPdiRrP1Zl6hQuijNXvgplzx0718wERRR4F9ar6SQaoKG3nypyzfNRQS5toaHAh2I1ki9wYSjNURNm2bYyZnRTF2T4x0nMFwvhAkzmAFYDIM3rdnX1ieEJFbRylC/tErXI9+K3YLT6ElADYCNymA0QVp7mSWFlSsQvkJazYuEqpcrUODVytparPAGJPLmHZT6TKMikLB+IWr13mCsCblteJ+yEzw1v8xIijaCVJPQmo7GdnlMc++73l+ImYE2zVrmXneqInjgPP2gR+HPqZSR/JmVXDA1CS0GWuBACyThRFrUh2gXAZtEai2QVW0uHMvcklxtADRZkYcxWdQN3Sjtu5yORTlz654oamiuPZAJi38OVtA2yBeDqn3LuVRINfAfzsuO9Y3rfr9C5yczH6x8b/HRHV1dnb+sgu9gmXK/dE1s9kshWEF1pJ5RgDC4M86bjv1Hj3LnPSwj7JxAbROZYF/M+5sG7b1RCVspP5SnAbydiWTYzdnm4hiauiNLBPMhdZ1G09ZpDst4/4R8uUGtezfBMRrQBMiCgS0mvo/I51PGzksuf1TbgSYIslgJc7KNU9BuBc+Z2wKmpLRKGOaI8ctHTbQ+HMbdBEcxbyHokY3oPmd5i56rmlKFO1oogg2/I7PtEkEHdwX/PCd48qTfgdZv5SQ7k8M/PGBlG6OtPgK5VnWhaOTOhW+IvZwO2TusW0sLVRem2fCCIUWutdUYWIJneiKF2dPynRJMaReYcrovQKTVSAbdGkPjOvcKTP50O1TyrSLxzZ96JWUdSJ7l7aJ8q+WLVoYwUg7OkJuMK4dmqfVLQ1E7t0YRWZVQGfk5zBlYNRVgG2pmxzn3ibhvxO2JIn2llHZmGcH+mZADs7X4KPsxvRDROBmp0/NGSc13W0ATGzhq8nMYxMj2AqnsI7gPxa0VkZ55sE2MYdtBfhyBNtmPn7jbjCET4+1hrj/y8actQTlOU8f8Ux8h4ZhvDncxUjuBFV6RVXT0nAxR5WZHAD6BHDHwFZyQ/RLX2kLsbWS5erX1boGsDY51GIW09/AfwB2ACN+/NjAAAAAElFTkSuQmCC" alt="$P \wedge \neg E$" class="math-inline math" style="vertical-align:-0.000em;height:0.781em">). The
recursive rule for the <strong>while</strong> loop unfolds as many times as the
expression <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAdCAYAAABSZrcyAAABm0lEQVRIx8VX7W3CMBB9z2KAiBEyQtoRYAOkbkA3oCNUjEA7AmxARiBsUEYo2eD651K5luOcQ6JasvLh+8j53jtfKCL4tyEivRPAHoDMNPdMRU6yAFACWOr1EIi8ArgkYlsC6Gy8AKi8tY9k5JGduHtffszRVf3Ks7Fz1vSQLDWKbpxHpPgK4F0fby5DdxU81yNh1um1Oc7X3n0rIreRzm+PRl5PwDKb8ynyHTCgBQA3R75J7khuepaL3603UuToUexukP8CUCXWSxHB5PxWLovFrpsh359WQLoR+b6EJZhkSXJDstHITYBcZPIbABqSQzpXE4uGjlSSd2/bawBvPYfHGsBWQcyHI4/k+6j1OTZOKr+0Et5Nye/c6ucy8m2p52UKbArMakzktbFmp+QO+oHpNkqF/LZnm9s8xBoJa5GZ6vzuxt5rJAYjz6rnlpILoPjzfq5+LbDVxGzMnm8AO7VRWZ1vA+flSMednSa63qN0fiTfunM+ZjYxuYWSvwpqtI/0b5KrASQXqv8E4Dn4OWhF5JSilMw4e/HyA0LLUfEX45grAAAAAElFTkSuQmCC" alt="$E$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> evaluates true, adding to the path-condition.
</p><h3 id="sp-refined"   style="bookmark:3.2.&#8194;From $SP$ to DSE"><span class="heading-before"><span class="heading-label">3.2</span>.&#8194;</span>From <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADoAAAAcCAYAAAAwTqwDAAACsElEQVRYw81Z7Y3bMAx9DDqAcd3A3cC4m6C+DdyM4GzgzODbIO0ERW4DZ4NeskGyQWtvwP6hA0LnD4mycUdAsOyIkqhHik8KmBm+BUACoALQAGgBsDzP8j1x2hcADp59V9KftbQyrxpA6vZPMsikEFEiHZQAbgAOAC5ST6XsAGQAfjDzKxHlMvCemV88x3iUxXyQ8RLVZC/jdY5qIuM/ycL28pOZd/c3j5XOFHrlTNtC2ml0shCvUX2dVR/HAI/Tes39Nw8jgyasjGUArcVI6Ue7ZRkYXlq3njRUFHoki8BJXkOQGNDPncmmEd7QMjM2E2HzS4y9MPMrwuQkzwY2eVb1jplvgfq6fUJE2WZiY+gD+7dhop1jcKjkA4sWIon7YQzR7cjq+MpfADcDEr1kqm7xikcX4TFDv6n6k2Ggr1Y0JS3BiigRZQ6iJ2buNh66pWG+fyTXfkR87pz3ejSPOimCZRdLrali7fw5l1pG08uAQl+uglTh0r0FDTXlT9FtxhZpSqn04JdncY1sISNN+VMooPaE6l2bmQ58jO3LYQFDa19WJV6XAzhqFMcWJ/TEMmfsccH47E8kQ0W3aWR+k+hbJpPNGF4YjXy3kci3wRLcfyQCiWxOPHRiiIzPbMlNboMIYeZOznyaC6cL5E8w8wULykYzigFW4iuaHDx8EL/1M1QYhRWNtxhuLIeIWH7rbejWSOBdFE+RaK6HKBGlQ0cb40QPny0+NaJF5EayUxdSt88Wn3dSr3JiY0gLpeLByQL5s1qFQ0deRBWKwaTG/FmsmT/VOPdE3Sp06jl0FC+9xhzhXMKx1vHvi9oIvjPzhYjehBxXRHQSt+4vjhNpv5X6CzPvA1NJqi6pn92DPRH1l+T/5DqmWypMGwD5iEsd1dWlvvavjPGYBf7NUC+F6H8B5h8MFnk0iQAAAABJRU5ErkJggg==" alt="$SP$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> to DSE</h3>
<p>Assume that an execution begins with the assignment of initial values <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIUAAAAYCAYAAADUIj6hAAAC7ElEQVRo3u1a0W3bMBB9z8gASjaouoHaDaJsYKMbyBt4B42gZILC2UDxBKm6gTxCrQ2uP0eAZWibsSmpMHgAgYSUj5Te0/HuURQRnDKSJYA1gALAg3bvAfwE8CwiA5JNYlNhsTi1AJI9gFYnfhKRexG5B/AIYACwI5kluMYnw6RYiMiHBqABIAAOAHLPeKljAqD2+UgtTpsDizsPK1udaADw5UhIaq2/8/QujxYhZsFi4Sxiq4sAgJVvEZ4Q1QTcXKH7YbJwQkTBguSSZEeyJ3kgKWe3GSsMVRqCBEB7JqSVAGoAZUD4K0J8piajYAEgA7DUiCIADmfnt354sBZSRrixwtoPEynCn1t0LJzcZHvuWrN9VLoYABhE5O2KsNeRFAA7LZt+p83gUxYNC8dKTw5yMqdYW33PV07+KCLUkmmlJVSycIuJhXlRcysJPUuyhSYd+ZFs9pISN4lZl4MXFQtPlBhEZB8SKdwyJr3Z89lYWDyFRglDigfnTU+kmM/GwsKbT5DMSNZarvYkG0OKX9cwk2SRsIxm0bHQfCJzI4VeuwPwLiJfAbwCqEguF5oDXJQHqMCynnkfLvXG/ws/1/gaCYsP+QTJCsCLFgWvKixu/hGvVPwwdXEWWPduQ7QHvW4UnQJAb627mttPDF+xsbCef6P/b1ytQiNJZ/rtTnMzdYCC1ptJ5iKFqnRitcOcfmL5io2FJYRtNKfYBCma+uPcXozNUh2rdLz/jMo2IilKB4BuTj+R1xQFC73WXk+rxM2CSOHo7q0yzLQu9Kxj4u3DhNoeQDG3nxF8XYWFdYbSW2ckJnJsj5FjCi1/NFKkFvzsG6e/O3UOskhV4E3bsfOOxhk3FUxNMkukuF3J3KtPqGWuFqISeyUiQyLF7UeJvec8avAIZBX0AO5uArYale07yTzJ6JPZqfOON/usRdXNHyLyzcjcsYnQ6CdfJuvNrZDVmzH9/jDZePZHI0HtUU73hjT6lfgLgJUZ/wuKnTTsnTsflQAAAABJRU5ErkJggg==" alt="$c_1 \ldots c_k$" class="math-inline math" style="vertical-align:-0.161em;height:0.624em"> to the program <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">&#39;s inputs
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAagAAAArCAYAAAAt4RwCAAAJKUlEQVR42u1d7XHiyhI97XIArEPAGWDfCAwZ2OsIHmQAtRG8whngjeCunYF9I1jjDOBlYJRBvx/qWebKAkZi9GFxTpVqWawvelr9cWa6JaoKoj0QkVsAIwB9ANcAHlV1RskQBHFy9pAOqjWOaQrgB4AegGcAfwNYq+o7pUMQxBe2bUuza2vbnlT1lQ7q6wzgE4BbAAmAGzolgiA6aOcGFoQ7WzdT1cd9x5xRbK3InG7tvzM6J4IgughVfVfVOwB3llEtRGS+1z4CmAOYBl7jKsSAWko32LPLu6peccgAEdnYYCWq+o0SiS7fHoBNDZf6pqoJJU5Qn4N+xwLA+JBfOQfwXwAvZiQnAIaZfR4BLFFsPuQ/AO7tBnr2XQLgl12LWcIWTj5riqIS/PA+r5HO760AfJhOftjfLgDMMvo/M1319wHSBSwjL/MFnRNBfS4E30FNbMtNu/5slvWot839vxfdLDNT5wCPOVdXN0/WL5RHJfJdmXzHAfu+eOOxCtjfPS8bypob9bnQ7+iF2L7zLEcoInnRfVmMLPMaMfAhGqBDBhYdHpyMNfjR5nMIpy4iCYA3SpugPodDVZOMr8Euii+LxHNM/SOEOTQBXVK1iIZwj3S+8yHw4ffxEniNN9KzBPW5GuSt4vNvrn/EuZ8ATFSVDy/RFMbGdYdgmInwXgOPu0A6R0sQ1Oev4KBshcZbYBpKENHhIsgCOujT0EUW8fSYQRHU52pwfsBBQUT6RbIgo/bGILVHNIt7pKtGQ+FHnK8FjuuDc1AE9bk2B/U754aLeNQFSO0RzWMMIKjWrixfbzUpCZeYE9TnanCI4nMOKjR7WtgPJLVHNI2rAkFSKb7eHmQWnBPU5wYdVBBVZ157jLSNBVETRGQoIksR2YjIylon7Q0iREQtmGjT75jbb1iKSP/Y8xXM4Mvy9SBTQD2mPleIA8WjirTzbGgB2ZTFdPGL1fYcP0a64qZv/19gT4E10kpxf2wHLZHDMHNfy4aKpY8uTudWSv6d0GPqc/wmBbuaxRZayWcN/5KQ9fmRopOpRU91bC8V/pQL73NSUAYDpH0Ub7yoZ+Xx1YfGtRB9WzH6Td3XEfUiRDz5d0WPqc/H28F/4XyPAjihDgIEMkW9q/bekVZG9yq+TlLxAPuK+7vgsT8B3GUmNP+yf3s7suV3EZmZQSjsFCvEL7snd991zmGWrRch4qBLekx9LgbnZ/pFKb5FJk3skdqrJMV9CpHxDgphk/P9BgF9t4xOUUepBPTnGtZEd04B3NY8Bi+xqZi6ZNYB/a9Mj40GXJp92hR9xk5Zn+uSnWXI7l5zn5eQA3dyvBYlrPiwHdVIN6jxY45jm+7h5acHjp+nsUlw88iXDo9DVL7+FGQWOUCrRI/NQdx6BntzIjI9Wp/rlJ0XpG/yAo2QOahcDtWj9rhqryBHbPNac5PzqMSy/L9zaIN77/OhxpCrfat77B4X6HgLn5h8/anILDIq02NVTVT12bNlr6dgW2Loc52ysxcYTswprmz14x9/U9pBGXf8wDfABivPUkTUDNgQaUfiyzIcsao++5y9Fdi5d7m8BywVvcpTOu8e/7GJy66P7dF8/QnKLKZxqkSPd4zxKSx+iT3/VIvsLED/ZmM5NUelIjI/23HA3looq1HoqeqMj1nwIFzZIIwsMpxbvccgwum/e58XgYqXp3Q3qiqq+s0im67X+JSuFzlhmVWJWHrs7JQ/AX8Ki19i6HPtsrNV4BsbzwcAl/ZMzc73HOe/duM6c+NzsIK+VOpsg/0qIrdI+deliNxZSl0Wk0w0ckjxLvKiqxNs2VO2X9kpy6xKRNHjnPFNTqSg+mh9rlt2Nt0xNH/zqVvGPge1xnaJuU/xPaFhas8a0k5Q/TJzIJ3sjl7fparPIvKIdEHKk4hcHqEIgwJKOUGxppOdBOufWonYejw6leypAn2uXHbGxDlHeJdn/0IdVM87YRuovRG2XHUdqKoAeYFtMeLMjyBLKmaIUo4B3NAWsv6pxQY2lh7nzqHYXNcPz4a8quqE+ly77CZelpZ7v2d7Dv6dk7XMyxjRCrKPmXGUdWxVvq4+xsshr73P7weMwC3S93RxIj8iX09EQVQ9Ngqwl80CzBH+A+C3ql4inQ8e2zmpz/XKztm8j107HMqgfDwBeGSkGdXRJiJy7Gl8mvPjwL4/25o9WWT2HcC6Jh2LydfXKaehyWjdhvNEPFdsPf40hyIiYwuwb+zZGyJdNUZ9blZ26xgOCh1Ig7sIP1q62PPALCzAaF22YA/z/7Clkh+qpJG/6vyTiKxc1Ckik7KvtYl1nsjniq3HLqP4ZcdNAfxlq2kd3uy66yMXKXVNnxuTXRZnBRwUC3LbmYW9YtuL7G6HAk8BXLe4LOB7JoIeV3y9bKDV+jfiGo3i08DzJs8T+1wV6LHLAlau4bOVAfyLwVDVq+z31OdGZReWQWXoJ1J77cYN0gLgsYgsXRRrkdUPG882lwWsQ1P+ggbUcekX3r95C2x+2oP44RnJt5YtIU8iySiJKOsk8rhF0ePMHMocKeW1FpFeTWP6ZfW5BbL75IgONR5cocYmiyfYj6z0+6B2NKdcYdvbaomCff529Ml6qUEOc7vWCgFNbAu8o0xLbtO2ySwjo0HT54l9rlh6jG0v0ZVlA64QVG18etTn5mUXYvvEdiSao27cALxWvGKwzL09WXTWuntr8XhSZu0Zg0d/3lxElkhLZ56rpqYouzi274xDQhBEx7Crh9wi83dnKOe2sIFomezooAiC6FIGkFvDY3Dfr739e0jpw4Sya5/s6KAIguhiBrDOMZxJ1sginXN5pNjaKbtzjklrcNHCaMrVV1yLSP9EGm5SZl8b+3rIue9c3dYAwH3LV7ietOyYQTWPxB/4hg3swt7D8mf1kZfeu3e0qKuNICizFuLDovxPNVkWLIxs3FZIO1JwsUQDsvNfSojP5Qrb/biKr3EDN8e2ZciI9WYEQZyY3dv5uiE6qHYMllvC6V4BT1qIIIiu2rsB0to24MCydVJ8LYDxuI9I6aGliEwzKTBBEMSXd0zWS9E5p4dDNVXMoNo1gK4D8sicVQ/AoooXJhIEQdRk19zcbIKUJVoA+BXUeokOiiAIgqgy8C5bK/V/bQbzACM5Zs8AAAAASUVORK5CYII=" alt="$V = \{ v_1 : T_1 \ldots v_k : T_k \}$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em">.  To seed symbolic execution, some of the types <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACIAAAAjCAYAAADxG9hnAAACAklEQVRYw82X4Y3bMAyFPwYZwM0I7gaewbfBFdkg3SCHjpBukBuhyAbJCJds4IxwzgbsH6qQBSuWnNhXAkQMm6JeyCeKFFXlf5ClexCRAmhn2PObqt6iQIBf3vMVOAAN8Anc7BdgBbwBtWf/BlwCG4ASeAFenWEfCPcBS08DKLBx72IKHM1WgSbBvjLbNmoTGG6HnJq9erpLXNMCx9j3hQVmDVxU9fdQgkWkCl4dE7nxYSnvFQdkA+wTHdZBak+J61bAOQrE/UNVfU90+OI9XzJOSzEUkTXwJ8OhH5FTxrrS0hOVFigTCVcFRK0T1xX3TowrqkkgzHjrA0ldZ2vv7rNQ1WtGeMfyg6F9FpnleSw/BiUZyAP147lAHqgfTwcymh+RCG9EZG+3Pjmsz75f7viqwxKw/CJ+XJ3+S/HU9SNVF1/Bj0fIOln9SAYydf3IichT6oeIVCJyFpHGtO7tWRP70/PI41pZT1wG/XHR6Vmnrh+2cRX0r502YpL+I/Dx6jfNgc8i9fj+7GmAc2UF7Hp8nvwZR1QVESmti1p5v53ByORgnHFDF8BHdGjqJ62bcX+o6qFDVo88Y3SbkaZNbNBaGpjvM83aLi3v0ZFzag1IWnrv90CxYD5Zu7vK9a/GzVpVb3MCqXruqp07UXMCcbd2Y9HYdSbMuTji8aE1MHv/218dAVG6cjpvLQAAAABJRU5ErkJggg==" alt="$T_i$" class="math-inline math" style="vertical-align:-0.164em;height:0.911em"> are
replaced by symbolic counterparts <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACYAAAAqCAYAAADf/ynVAAACYElEQVRYw81Y0Y3bMAx9NDKAeyO4G3gGZ4O7doN0gxSdoPAIuRHabOCMkGQDe4RzNmB/qEJHUI7sxLIFCJYlUXyinihKxMxYSyKiAsAHM9+yFYGqALQAeiJ6XQ0wAD+98pbWsJRElAPovao3MDMEXA6AE+Tc6fR0v3rtLTNj46H85ZU7AEdZ8w8AN/kCwIuYvVLLcFV9AKAAsBXFAABmvhlG++6Va9fRoW4F8U7PyJhho2d4p38pfftAO+t2Lbi/p0QNxADqSJkeQGPUV9ZYrrEGcIlUUCpgVaRcA+Bg1B8s/vmz2UUq2PvAYmRE7mLpEN2sQTsL9CMU+Py6jJBrtXVlc7ixCr8tkx3xZ4Tb8XfjaYRcAeCs6txuPTFzpwV6jXYGfuXWqsjyMoDSaIsD9Qi/3LIZYIN0yCwTDqStV76OOXYMPd/k+9vqP/YQn8ovK3UAjsx8DM0Ec/Jras4mWgvMfJoz4shS8GtuYM/k13OAEVGpqpq1WCwpv8YAezq/iGhHRAcJq6e5iynx153xqntuZ7MQvzqXQ7TYLMEvOZ6+PsqxpP5rDLCk/isK2BL+K9ZiP9T/+QH3UBLRhYhaydVgf2Z2ryy5XFTd99NFVdJRrOYuwQBwDlxiteX/Atgyc0dErYTaX4Ky6rI7Je8jLyKlcTMKhk6YM6by3iWaQFyXPyMem5pe/r9HfObtaYgCyZ+hiMgpfAuG1RNi/ocPbinehkAlB+Yt43vMuZUkK9IX6lElX4L8+nHu6u6Y4j8raxOkBFYa522tduwiwFxk0oq1aqHS+6Ic8/jUC7jDUN9/9S5ciMJD1KkAAAAASUVORK5CYII=" alt="$T&#39;_i$" class="math-inline math" style="vertical-align:-0.281em;height:1.093em">, in which case
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAYCAYAAADtaU2/AAABkElEQVRIx7WW7W2DQAyGHzIB6giMwAyMELUb0A3YgRHICGUEOkIvG1xWuG5w/eOTLpf7AhVLVlDs+I3t1zZYa3EKDIACDKCBybeHCiyABZacX/S3XpBRQLsg6JwAvYrdab8bGOgly9YLPElAkwDuA+DrEWAFDEHg1QXNlHrygIddwNJXEzEYCagLAZT4dQW/UdrXOuA1JFHQvxLB5lxVPNI+VcaBtKkyV2aiCj6dTMn2wmrPqfVAVUWvlhTzc3rhVd6954WyDMDGXsmQxVZk26XG7UjGvXx+V/zvT+CLI5JZClNFxia1sSSWElLplz0RYWjVQpBp2DKg2lu/WmK2KeCpdvcWstW+zVtGQ6rHd+/5LdWepmkW4GatvUdsV+DhbE3T9DKiAD85VpvcqZOqqMJCGSKnc0v2OEKwMfh+BdadxyB6vVLOrWTmSGGEoeNO0DF1Wjky/DuAVepl4kzQPnZo3Gm8cJ58uEmx1j6E4Z0Q7/dM4NjqnUU5E9jNuJZsZxnfW3SO/7nPi/eq/LQX/gB89fXG+v9xaQAAAABJRU5ErkJggg==" alt="$v_i$" class="math-inline math" style="vertical-align:-0.161em;height:0.624em"> is initialized to the value <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAV8AAAArCAYAAADfcYviAAALwklEQVR42u1d/XHbuBL/wZMC+JwKju6AzlXwmA6kpIKjOqAnFdwwHVCp4J7cAXUVJFIH1FVwljrA+0MLG4L5gS9KpISd4ViWuASIXSz2E2CccwQIYAKMsRjAC+f84OFZCed8G0b15nhotHRnjCUAdrb8rYt/F9gggCFjpQBqAHvG2MzhORFjrAYQh1G9Kf6ZAt3vAWxIyRgMPwjfAKbwJH3+7KA5/wPgmXP+HIb0piym0dOdc74GUNgKYF18FtwOAUy0FgB76au5zSQizWfHOf8cRvWm+GdSdGeMlQBSAI82Log+/KD5TtNs42e4oobmU+nzzlLwrsgsmwdqvqNrzhirGGN7osGeMbah7yPl/hlNbh/tZoyxFbVVK20XLbwA+i27Vrpzzhf0cTUE/ofA9pODb7IABPCMow/2BcCB/oIY/UkRmE8Atso9wNH/9hnATGKcppX+q/S5sJjoGbUx9xGsuyJrogCQET1L+n9HdIkBLAAUjLE55/yZ/O4rxQVk2u6MnptKvLQmXtopfLFnjH3nnD/JghdADuDxyuk+J/dBzjn/7hWfcx6uCV00OTiATOPeiu7lAGqN+xO6d9/yO+/6XeP5ewCbQMeT8d7r0JOEFyeBJ+iQWLSZAthIzyj7nkP9rAGs6P9C4N8C3Wmh4wAin/hhEkxvsnIAueb9XLoKg4lStUxao2cp+GLCpoGWJ7TUFqKSALZaACUhwGlhjg1whb9fFtzVLdCdLAAuFh9f+EGoTYsJCl0NQpnc2sxPk7Js+L6UnhUZ9jvS1b5vhI6RpPHOLC2fleHkryX65Zb9ThWeym6F7tKik/jCDwG3aUFGQlAHUsW9tNbEuydGUeEL/V1a+O2En7oMJAQA/CDBtLUIWgo6Vpq+XeEyEClPc0vfpeChXUNfboHuf9LfhTf8oIlMyz9ocL/s790YalZpi9nETUxVxZVh7TO7Qq3XWgOVzPjYwvrJPPS/1HV7XBvdTfzcOvhB850OfAXwP4P7UwMNRYYYwC/lO5EFseac7wyj6ikJHOtyzSuDL0q2iin8S2O56xn3GMDf0ldLzvnSQ/83Ojx1pXTfStkbzvhB+E7L5aCV3kWmpgy6JmoE4NAwWb5KqWo2qTavjBcAD9Ln3y3wP2oupisSfiCaLjz1X6Qp/nWDdP+lvJsTfhC+04FHA63Tyt9LQvexQSAn5J+0mUipyQJwgwuqKfzs86GSZiUvwH947PO9pjV1jXSvmuaXLf5dlxZElTUbqnbZU/VLZbOhCmMspSqaWnpeY/VOgEbBaGKiflZNHYd2hJn8pwXNI7wFen75GIcr4KOf0ueI+h4b0Oe5axGkMZCF82GAfRS2Xa4EV7oTjTeSzMl77i+pKm/owN5aceu44XeklIicvhSSw5wGtYBmqgvhizSXAlKggMyijNqJQmDNb2AAljm5DfSzzW98zUv18E5XwUc4DbjJV01Cc+byDpAKIHzQ/9x0l+gYKwG+QiP32ToVzCJ4nLnid0VIVx05gyJnLdWNjKIhOisJ+UsxSd4yEYa4qjNmRRjn9w48vrWvCPsY+chSwPTxy4YEaWI5ua1ysi9Jd7xV/EUNz9pr8vvsTPm+pSv+hxZHfZefqJT8SVGHKVDRpDgA+K3FTJH9QZfY33OL494IQ5urhzP6vmzze4cMLllHuyfCR6YupCVjDD2+24SunDG21AmYSRkGr2buhTINbOn+A+/3f/i9S9ZwzreMsSe8BaOHft8XRz57w2+pYNn3rNr7Lk0Op2WMqab5lWpoC2VwTwyT3ztwXypL/KvmI+p7rtCs7VpZuBzyqdBdWC8dmnytqVHGQ9Jf4snaFb/LDE88mFSVxoAXGhMmHYMZfWv+Xo8m2irwkbbZ3SWMZwaL1cXe0Ybu1Pe8w5+b6yw8Q9MfBkUmffhdW0puGGNLGsC1pokY4TQXtegxv9bQy1ncievCZvSowTa/d0CIFFMLgY8632NLrrDvylaTAhbkJmuDeCQuJxu6/9VAQ3kL076MjVojs8cH/V3dGq/4aqqZ+oIZgIrSODo3VpbulxO7156Ycsc5fwgnH0zK3wu85YSaMuzN8xHnXBRGPBv4swfzd1Pq6WwoulMK3UFZgEV7W41Uy8e+BdgT/f/ti3fp4t+pnaOXOLQEAHIA/3TkuMlBgSUCnBus83s7Jl1GeZQ2zPZi2exV8RFjLKFgmA2UDUJNZ7x9B54yRRMdgu4yfGkZgy7FY1IFHXdNpg/n/D+SiXNoMCmqFlMxHpHJe+ua79qD0EiJ8TMAnzyYobouh2vjo4WDVvpLMZv7zOqh4BvMdyeLHMdMyKRlD8/EAO7PZOl9dFzcXvE/dKjoS6F10MstSPMFgJgxliovG5+REXxpJCm91zkqoyrbrfx0tSu1PQ+PdfWRHTQ1NkyZjzS1uJUl7r3BglpJC3DkkbcyQx6woXuTpa2rRCxgtumUC1jFMZrwP9Dg5mSylk2liOSOeGKM/ZSYKO5gEtNy2DZh8kPq7GKAle3k3LIzwPcBn+3d30s0fHAU3omhIJgiH/VpZZEnuvZpns+QgpMNCpJt/wtonNXmSPc2RUJHicgA/PdM9LeNYzTin1R5GaQyJR35lrVNmk3DmVGxsnt/yPGdQH5vQ97pxjD39Wr4SJpf2TkqqnCablZ6yEOuTftuQ/eONMO+9MEZWlIRh6C/NM9Wrvh3OHWibzX8ccAxAr1VNJSD7WpAx0rLQZYVjpUuO2W1+IQAZ/H3eoK6xUrq0rZHw0e0wYur+S6CoHOL9xG7k+2gv52nfF/W4I7SbTsiwV9Y7ANsTPcOX3Gfef+jY2yGkCP3ju6wE/wKVLGG/uqQomsVx2mFTWSwUldtKxlOa7eD5jvy/Rw6+hVZaE4X4yOcnnk281T0khngiQKDPQxPD8FpMYEN/ozw8nPS3bQYgtwwhY5G7EuOuPKEjC9U/I3BgJQaZkpvdRXedqkqG0yOtKEipAqCtrdqxgdzJaTx1Gg4UsiB2VILc/cifIT3O2XZVjOlkgAUpnTRRx9p8alhcWxTw2ZDex1hgbd0rRqOu4PBvZJs3yVvyJ2z6XFdeJUjHhaVE3yZ2DUatrMjggg/Uq7RgHxS6gmj0W+ZycTGmXYrmtAR1gnRZEZjqZaUcvouo3tSKNuC9jCHbx/ZBhalzpfkI7w/pddKiEhCNFHGVxzdnks0mpGA8LY7Gy1ipaIFl0q7Yq+DWiwSnkuMCw+CLlO+X5n6XD1ZMRnc9nU4wVdfVibCnj4LJoksGqqkZ4n9gQvoH2OeuWgeVyh8a9hvaZlrPj9p0D5Shz4XcNtc5yJ8JAmtmtqbWQZX0hbNeqXQc2871zSFcNbS5obeNfXcZuFB0xQbD9VKfzNLobf3ZGGWPvDHLmw2mMgerVcg2IfykcWXXkA9aGGlL43wxqy0UShOvuSItAgkPvBHe4YbRWkTNb/RodQ1QH8UtlAS1wHHPWEp0rzG8cicdKJ8dI/rKPY4G1ya7r7lCOU7xzgWm2wt+vEOf8wHaIoUuNdNNegF0nAE+SCTZakkn2eaif06UNqmW42EjxJ4OoPuxuCSdPctRxaO8+Ed/piFb1N5YQHN49MDOGkLQvB6OXyRnrGjvNNoSnxEmtMhLPiTo7tvOZIRH9hWqb7DH7PwFap9TZOgEBpaYOvBQazSywGemU2Mj77B4uTmABenuzc5QspIhPaj1azwGTmCx6qBlThuSvKCo+9xEXh58DEXeb4A8CCZaiWAJxcNkM5j+4T2s9hGxUc0FivO+UPgDKfxvwjdfckRxtgeR1/to2X7jfijFr4BLjJRChzTe7aCWchHVrkKIXpODWA59oVUKq+d2wRYAkyT7h3z4dEy0NaKfxdYI4ACg/naSYue4+gDTEc+DgVp+kHw3hbdVcsnx3EntK1v/CB8A6gwqK+dgjDfAaw6TkQZg8BY+Ag2BpgW3RXL52/S1pdD4Ae3Q4Amxhnc105tpMGfepO8NXq6M8Y2OPpp50PhB+Eb4JIMngP4yDl/CqMR6H4t/dPF/z/9C+Al1Wd3AQAAAABJRU5ErkJggg==" alt="$sc_i = T&#39;_i (c_i,SC(v_i))$" class="math-inline math" style="vertical-align:-0.288em;height:1.119em"> instead of the value <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAABdklEQVRIx7VW0XHDIAx9ygSkI3gEr1C6Qe66QbpBdvAIzgoZgXaEZAO6AtmA/jzfKaqpsRu402EM5kno6WHknPGXAfAALgAigES7AjgBcEvfW9uh0ETEi0gEEAB8A3jLOe9zznsArwDuAL5ExGFNK0Q1AsiMpitEnbhmWBPhHFhQYK7gUFZ22QzIXE0b+QKYM4B+gQNHnph7AOTEtEmoINJQAeatY9rrVOt19fEBHdkdHo6UFJ/A0jPAlsriQxH3jIZtxzrq1LvQFNCAgUXeFPDFCMG/AEWkF5GriESat2t0XcUNTOz1M1nZcRy5r7MsTVsAKRSjGkfjQLJlNk0MKkq3Aiyo8cGM+7k9deHHGjGmekQdmVIqP3MBhFktVaqQGbEzc0fOxxolUtEdlm6LI2sxmQt3qJU8pctp8Xp6koZeS+lpAabJ0pmcul0DMXlnf5tEREQ6puPeArBn/6neDTS0ALyxj4xuoGSeiz9RT8jjSHb/qtcfw40WpFd6w8wAAAAASUVORK5CYII=" alt="$c_i$" class="math-inline math" style="vertical-align:-0.161em;height:0.624em">,
where <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHkAAAArCAYAAABcvCe1AAAGMklEQVR42u1c63HbRhD+jpMCIKqCIB1ASgdQB5RdQcAOqEkFGbgD0BXEVAdkKojADoBUYIMdbH5oT16dANwD4EvizXBAQzzse29fsCIiXFb3UkolRLQ9VdwA1ES06/vd5CLGTgZGSqkKQHzCaE4BlEqp+CJkfwHHAP4D8EhEj6eKJxFtAOQ2QauLu24VcsVu8O5M8C0ApABu2lz3xPNhkVJqoZRaK6UapRTxteT7kfH7GSMwhuvMlFIrhlUZsHMTttibK6UyD1grdoP356KURDTnr6uuH1g/ACIABQACUAFYsObEfM0AlPz3Ge9J+d8LFxgdcGcA1vwcDbtg+DP+LMRvcmN/zvcTR3iZpOGcPgCSLn67bm74AZmDUIgZTz4MNp6TCqUhFmzigGcFYGUImDzgNgDKcxOwwH/FNEfOQhba4WMNM7GnGYAosYXGHnsjLSj5DMe9WinSMxZyzDSsnIQsGObtvtii3gBzQLASwlkEEpqKZ1i9j6CVAFTnKmBBS2kapYtFlQGAClcGt3iMwWeioSyxhxUv3oGQtScteoUsNDuIcMG0OEDA2QiEFj7HhfBY0bkLmel5FYt0pVCfxPc6IKr/znlm7VB0+EfcWhLRcoSsouTrxiFlSlmpreXBM1pbpi3ry5N/E99/DwBy7cJgPhJ0frsT+d7Q9YOvfzv89l4y5p2sJ0mbSzEkCwDyL7vMPgvK2FXr9cfINV04KlrK1/U7EvL6FW0OaRCx+4tHPDMi4/nNyGdS5hIwGngMyecbXSRyjBWKPZ/Jkq7YVQhmxWk2JEiRhYq2StURIlEKVSSt/EKAuaPhJHum7aWA5VLi6/uULLAkEAE6ZlQrKnNVQAmxkXiLZzWHSBM98uVi0lP0XgKwBUIJE1e6NiJENKvX5ohRrQ4wfeF/BXBv4K0D1KiDn1sAD+LWvmnWwWc8sXQ3lgCuGDlbEJNxB8e27jqChGOs2GCIq5LG3MttC+DqHn5+EVG8Lb3MlFJFV3fNYe2chMyI7YjoCxHdEZECcNMj9JlSaubIWJxA6jINsKo5gL/MlqqwYJtH2zBfa4siFXxk3g605Kn3ZAgRbbXQ2cqXLUxwFnKLRRxyRb6WzLm3SfNn8d02SVI5KHbNn80A/rwo7i8Dm9U7AHOl1JSjxzZLtVnymBMSEXeRHvdlyeazGaamfWur8rEn3Fhg1EZBKmR914o8Ecgm7CZCVtHCOJsb2UfwkRlWBQ9cQtenDj70FV8OGodMDDcbamVPHrXueo/0/OnI6C63HbLmRqBqq9VPD3REXWtDmhgaGSqAqRlYOJTchjK3rUxaezJw5+h9bGmkawl1DuDboeONidCwIQxPPVzWY0skOVTAMRdlfIfv6iHKxsPtPqlg1sUfPi71kGI1Al+mpiW7Bk02l7W0BR78dyno+4ECjpjBDw5BT5eQQy351jUV5DTrqe1tDFaWFRdYdMC1HpAjS8WtdQlMTzuuA2u4uq4dec4iDarjMiEVAgcNBO7NwLKolQY8l0GTnkmWpKXsm45Q1sxfTRLAczIDP4vuDTy7VHg9ixWyf8b7FiOMsQbVzw0aUkv3qa9xsR4LJ3M6RHvpVDA6e5G+BQB+dpIqBLYhGXYj4M8c96xN7R+BGenAbk/RY+2lxZukLe3I9VjKK4WVGPPLeiRWD7KnfC0EYflIvc/CsOrCgKsDlkor4x66NfkIDM2M+yt4TKyaFjiwn/7SXdPncdrhRlZ4PfnYCMFHe2h0Zx0wSxZyuoeWXD6C5UTMk8rAOTtkjNA1nPDhX3jj9KvC84zZ1ZFxKdkDfCGihwHP0a/c3hDR9sO/uspp1wZANEbOPkAwiSisFOK+V7uRlTbmwtDWLGt+5FWMkbMPXJ/NJgcLLPUcqpi/UZTL+8lvXNzVMSZVlFJrDjJfXDUPYax9ZtGVUg17qKu2BsVHX3NRejzG0pWwioWVuzQ9Wur3EYzx5oslv7WmWwC/HsmaC24U/cDzwMDcc3/DZ/HNRcj2SHs54tsch8I95zTuxqyPX9z120j7Hs9DiekZCVhPzc5bGyAXS+60ioytoj5xXCM8/09F37q8z0XI/edjKlp/p4pnyedwZ/p3EXI/AxcArodUn04Bv/8BMruIwkPnxQUAAAAASUVORK5CYII=" alt="$SC(v_i)$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em"> is the symbolic constant representing the initial value of variable <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAYCAYAAADtaU2/AAABkElEQVRIx7WW7W2DQAyGHzIB6giMwAyMELUb0A3YgRHICGUEOkIvG1xWuG5w/eOTLpf7AhVLVlDs+I3t1zZYa3EKDIACDKCBybeHCiyABZacX/S3XpBRQLsg6JwAvYrdab8bGOgly9YLPElAkwDuA+DrEWAFDEHg1QXNlHrygIddwNJXEzEYCagLAZT4dQW/UdrXOuA1JFHQvxLB5lxVPNI+VcaBtKkyV2aiCj6dTMn2wmrPqfVAVUWvlhTzc3rhVd6954WyDMDGXsmQxVZk26XG7UjGvXx+V/zvT+CLI5JZClNFxia1sSSWElLplz0RYWjVQpBp2DKg2lu/WmK2KeCpdvcWstW+zVtGQ6rHd+/5LdWepmkW4GatvUdsV+DhbE3T9DKiAD85VpvcqZOqqMJCGSKnc0v2OEKwMfh+BdadxyB6vVLOrWTmSGGEoeNO0DF1Wjky/DuAVepl4kzQPnZo3Gm8cJ58uEmx1j6E4Z0Q7/dM4NjqnUU5E9jNuJZsZxnfW3SO/7nPi/eq/LQX/gB89fXG+v9xaQAAAABJRU5ErkJggg==" alt="$v_i$" class="math-inline math" style="vertical-align:-0.161em;height:0.624em">.
The symbolic constant <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHkAAAArCAYAAABcvCe1AAAGMklEQVR42u1c63HbRhD+jpMCIKqCIB1ASgdQB5RdQcAOqEkFGbgD0BXEVAdkKojADoBUYIMdbH5oT16dANwD4EvizXBAQzzse29fsCIiXFb3UkolRLQ9VdwA1ES06/vd5CLGTgZGSqkKQHzCaE4BlEqp+CJkfwHHAP4D8EhEj6eKJxFtAOQ2QauLu24VcsVu8O5M8C0ApABu2lz3xPNhkVJqoZRaK6UapRTxteT7kfH7GSMwhuvMlFIrhlUZsHMTttibK6UyD1grdoP356KURDTnr6uuH1g/ACIABQACUAFYsObEfM0AlPz3Ge9J+d8LFxgdcGcA1vwcDbtg+DP+LMRvcmN/zvcTR3iZpOGcPgCSLn67bm74AZmDUIgZTz4MNp6TCqUhFmzigGcFYGUImDzgNgDKcxOwwH/FNEfOQhba4WMNM7GnGYAosYXGHnsjLSj5DMe9WinSMxZyzDSsnIQsGObtvtii3gBzQLASwlkEEpqKZ1i9j6CVAFTnKmBBS2kapYtFlQGAClcGt3iMwWeioSyxhxUv3oGQtScteoUsNDuIcMG0OEDA2QiEFj7HhfBY0bkLmel5FYt0pVCfxPc6IKr/znlm7VB0+EfcWhLRcoSsouTrxiFlSlmpreXBM1pbpi3ry5N/E99/DwBy7cJgPhJ0frsT+d7Q9YOvfzv89l4y5p2sJ0mbSzEkCwDyL7vMPgvK2FXr9cfINV04KlrK1/U7EvL6FW0OaRCx+4tHPDMi4/nNyGdS5hIwGngMyecbXSRyjBWKPZ/Jkq7YVQhmxWk2JEiRhYq2StURIlEKVSSt/EKAuaPhJHum7aWA5VLi6/uULLAkEAE6ZlQrKnNVQAmxkXiLZzWHSBM98uVi0lP0XgKwBUIJE1e6NiJENKvX5ohRrQ4wfeF/BXBv4K0D1KiDn1sAD+LWvmnWwWc8sXQ3lgCuGDlbEJNxB8e27jqChGOs2GCIq5LG3MttC+DqHn5+EVG8Lb3MlFJFV3fNYe2chMyI7YjoCxHdEZECcNMj9JlSaubIWJxA6jINsKo5gL/MlqqwYJtH2zBfa4siFXxk3g605Kn3ZAgRbbXQ2cqXLUxwFnKLRRxyRb6WzLm3SfNn8d02SVI5KHbNn80A/rwo7i8Dm9U7AHOl1JSjxzZLtVnymBMSEXeRHvdlyeazGaamfWur8rEn3Fhg1EZBKmR914o8Ecgm7CZCVtHCOJsb2UfwkRlWBQ9cQtenDj70FV8OGodMDDcbamVPHrXueo/0/OnI6C63HbLmRqBqq9VPD3REXWtDmhgaGSqAqRlYOJTchjK3rUxaezJw5+h9bGmkawl1DuDboeONidCwIQxPPVzWY0skOVTAMRdlfIfv6iHKxsPtPqlg1sUfPi71kGI1Al+mpiW7Bk02l7W0BR78dyno+4ECjpjBDw5BT5eQQy351jUV5DTrqe1tDFaWFRdYdMC1HpAjS8WtdQlMTzuuA2u4uq4dec4iDarjMiEVAgcNBO7NwLKolQY8l0GTnkmWpKXsm45Q1sxfTRLAczIDP4vuDTy7VHg9ixWyf8b7FiOMsQbVzw0aUkv3qa9xsR4LJ3M6RHvpVDA6e5G+BQB+dpIqBLYhGXYj4M8c96xN7R+BGenAbk/RY+2lxZukLe3I9VjKK4WVGPPLeiRWD7KnfC0EYflIvc/CsOrCgKsDlkor4x66NfkIDM2M+yt4TKyaFjiwn/7SXdPncdrhRlZ4PfnYCMFHe2h0Zx0wSxZyuoeWXD6C5UTMk8rAOTtkjNA1nPDhX3jj9KvC84zZ1ZFxKdkDfCGihwHP0a/c3hDR9sO/uspp1wZANEbOPkAwiSisFOK+V7uRlTbmwtDWLGt+5FWMkbMPXJ/NJgcLLPUcqpi/UZTL+8lvXNzVMSZVlFJrDjJfXDUPYax9ZtGVUg17qKu2BsVHX3NRejzG0pWwioWVuzQ9Wur3EYzx5oslv7WmWwC/HsmaC24U/cDzwMDcc3/DZ/HNRcj2SHs54tsch8I95zTuxqyPX9z120j7Hs9DiekZCVhPzc5bGyAXS+60ioytoj5xXCM8/09F37q8z0XI/edjKlp/p4pnyedwZ/p3EXI/AxcArodUn04Bv/8BMruIwkPnxQUAAAAASUVORK5CYII=" alt="$SC(v_i)$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em"> can be thought of as representing any value of
type <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACIAAAAjCAYAAADxG9hnAAACAklEQVRYw82X4Y3bMAyFPwYZwM0I7gaewbfBFdkg3SCHjpBukBuhyAbJCJds4IxwzgbsH6qQBSuWnNhXAkQMm6JeyCeKFFXlf5ClexCRAmhn2PObqt6iQIBf3vMVOAAN8Anc7BdgBbwBtWf/BlwCG4ASeAFenWEfCPcBS08DKLBx72IKHM1WgSbBvjLbNmoTGG6HnJq9erpLXNMCx9j3hQVmDVxU9fdQgkWkCl4dE7nxYSnvFQdkA+wTHdZBak+J61bAOQrE/UNVfU90+OI9XzJOSzEUkTXwJ8OhH5FTxrrS0hOVFigTCVcFRK0T1xX3TowrqkkgzHjrA0ldZ2vv7rNQ1WtGeMfyg6F9FpnleSw/BiUZyAP147lAHqgfTwcymh+RCG9EZG+3Pjmsz75f7viqwxKw/CJ+XJ3+S/HU9SNVF1/Bj0fIOln9SAYydf3IichT6oeIVCJyFpHGtO7tWRP70/PI41pZT1wG/XHR6Vmnrh+2cRX0r502YpL+I/Dx6jfNgc8i9fj+7GmAc2UF7Hp8nvwZR1QVESmti1p5v53ByORgnHFDF8BHdGjqJ62bcX+o6qFDVo88Y3SbkaZNbNBaGpjvM83aLi3v0ZFzag1IWnrv90CxYD5Zu7vK9a/GzVpVb3MCqXruqp07UXMCcbd2Y9HYdSbMuTji8aE1MHv/218dAVG6cjpvLQAAAABJRU5ErkJggg==" alt="$T_i$" class="math-inline math" style="vertical-align:-0.164em;height:0.911em">, which includes the value <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAABdklEQVRIx7VW0XHDIAx9ygSkI3gEr1C6Qe66QbpBdvAIzgoZgXaEZAO6AtmA/jzfKaqpsRu402EM5kno6WHknPGXAfAALgAigES7AjgBcEvfW9uh0ETEi0gEEAB8A3jLOe9zznsArwDuAL5ExGFNK0Q1AsiMpitEnbhmWBPhHFhQYK7gUFZ22QzIXE0b+QKYM4B+gQNHnph7AOTEtEmoINJQAeatY9rrVOt19fEBHdkdHo6UFJ/A0jPAlsriQxH3jIZtxzrq1LvQFNCAgUXeFPDFCMG/AEWkF5GriESat2t0XcUNTOz1M1nZcRy5r7MsTVsAKRSjGkfjQLJlNk0MKkq3Aiyo8cGM+7k9deHHGjGmekQdmVIqP3MBhFktVaqQGbEzc0fOxxolUtEdlm6LI2sxmQt3qJU8pctp8Xp6koZeS+lpAabJ0pmcul0DMXlnf5tEREQ6puPeArBn/6neDTS0ALyxj4xuoGSeiz9RT8jjSHb/qtcfw40WpFd6w8wAAAAASUVORK5CYII=" alt="$c_i$" class="math-inline math" style="vertical-align:-0.161em;height:0.624em">.  
</p>
<p class="indent para-continue">Let <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACQAAAAiCAYAAAA3WXuFAAACE0lEQVRYw8WY4ZHaMBCFv72hAKcFXwfMpQNfB+RK8HUANfg6ICnBJTgdJNABdJCYDvb+rBnjyLJkGaIZDWCz66d9T6tdA1SABs61qjI1gcOEn4PHlgwogA3QOIz3QAkUIWDM6doW2vb8tOZrA+Sjtg5HfTBVKIgRYFvz0wBZiM2K3lDVo4j0L2WkjVfgrKqvoQYrx7VLD0g+F4mIFCaF5xi7J8e1c+97nhCdGnhX1fN/ByQie+C3qn6PtV1NAEJE8phVGlVlLFW+CP0a/I6N0n4OVaGURQEyqi5zqAqmLDT0IrJOoWo0Qqp6mRmhGtjNpcpHWfROE5HKqPogdYyk/JszLeDcUt/5FDNDIoSIZPemaoqyQ4iOjCoWoSpCQ05Atqu2wDcWHLMBAT+AD1U93h2QQw/Pg+hsrb7ZsfTw7J7WVXJatILL2aV2mS8X1fegKiRC9TAXmYhPiWVtbgfwyWZrea/4p6YeqYe7WXSfCWA25qN0gDwBRYjxTdeQACYzH5XnWftQDXX0vieo481A/XHc+2qfzdSKbihbqCVS69nWw+d5NWR/ujaLqdu5ly6Gs+kvdspJY2LLlsgxtjFOI8BKVUW6fvqRw6qHFzsHO21dVPUL98i2DqpqYDNF5SRlCwE6BLzxaLv7jwDUZeTCo6vr2fj0AMlU9r7g71BHIlL2Wu4j8BhRWze7c9RVPy1zX5PwJ4jdAI1/VpUXAAAAAElFTkSuQmCC" alt="$V_s$" class="math-inline math" style="vertical-align:-0.159em;height:0.885em"> and <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACUAAAAiCAYAAADYmxC7AAACAklEQVRYw82Y/W3bQAzFfww8gGZQNvAM9gbqCs4GDjpBoWygdASNoBEaZwN7hMgbsP9QxUWQ7kMnpSFwsH0wiaf3yCNPADWgkWuvqoQWcAnEuQT8KYADUAHdRIAGOAGHGEAWdG8P2ztxeotVAaXXfyKYC6iOBTID7mxxOqCI9dvhmKq+i4i7VZBnR+CmqscUp93E3t0BUy5FIyIHS4vHVN+Hib2b873MYKkFnlT19i1AiUgDvKnq6xL/XQAUIlKmPK3Jdloim4+pP6PfqWw1S2WLlS8JlMl2XypbtHyxMojIPle2WaZU9b6QqRZ4zpHNJ19yBYpIbbK9sIbNtIdPPTCiz2mon6WsGKYQkeIrZAvJd4nJK5ON1WRLyKlJUFZtZ+AHK9tiUMBv4EVV378E1ER+PI5YOtt89MwW5qmqfmp8NdaiR+M1q893VrVbyRbDVDs+qyyxr5kjcmFxLsDVWfXkjD4zXw/rMHxmADoN6TCW3w7sNgSqGoHqgSYDUGNxWh8BIVDjm02fAWi4W14DqdKFQBVj+RYC2odiDHfPYE7Zn/9dSDNYalOZDgXsrDKKDFDJD7YLHBfHnONGREpPk0/ufWvZh6ef/h9QNlrfE5itRaTcmimAX857BR+gzirwxlZNdaYCq9F+aWfYpzYjw0uqrU1EKuCnAflw8qwDXt1b1F9WKM/MRl5dVAAAAABJRU5ErkJggg==" alt="$V_c$" class="math-inline math" style="vertical-align:-0.159em;height:0.885em"> partition the variables of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAcCAYAAAB2+A+pAAABh0lEQVRIx72W4W3CMBBG36EMkBnSDdIVwgbpCrABzBA2oB2hIzBCCxvACmGD44+pjGXHdhz1JEtgO/58z2ffAQyAJrZWVYk14BxZ5wxQAx3QAyfPpCOwAboUUSPcGodGa53RrNUDje8DW3RIFQtsYGfWOQG1PVZhmapeRMTuqimzNXBT1bU7UHkm3y3BZq6iiHTmCN+8EyKBcS3APAKb0PjKs5eb9buZ6e0R+FXVz9CcKiKMiDSqestEvAkiNubz+Mf5n+v1EdjGNhtDnSVsEN+nECejjiGzRNsUxEGPVfU+0+NvYJ8aD6tAf1Zki8hgEB+SIyFwB1/e7IR3WYEm556neIyI1EshjqE+p5yzQUwW4gjqzslS/QTids6TmoQ64PEXcFDVy6wsMhE0L8WAJ89ei3J1JLv8lSpWf1OCOEXYTo+j019UmUydsXvOtYninSlh9pRaQr30bM9I70q9jaHuHeHRDbL/QP2ks2UhyxH+YEmLJADvPV6iiREIpbuTubfvnjxdZA/1fp0Fw0tDIwAAAABJRU5ErkJggg==" alt="$V$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> into those variables
that are treated symbolically (<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACQAAAAiCAYAAAA3WXuFAAACE0lEQVRYw8WY4ZHaMBCFv72hAKcFXwfMpQNfB+RK8HUANfg6ICnBJTgdJNABdJCYDvb+rBnjyLJkGaIZDWCz66d9T6tdA1SABs61qjI1gcOEn4PHlgwogA3QOIz3QAkUIWDM6doW2vb8tOZrA+Sjtg5HfTBVKIgRYFvz0wBZiM2K3lDVo4j0L2WkjVfgrKqvoQYrx7VLD0g+F4mIFCaF5xi7J8e1c+97nhCdGnhX1fN/ByQie+C3qn6PtV1NAEJE8phVGlVlLFW+CP0a/I6N0n4OVaGURQEyqi5zqAqmLDT0IrJOoWo0Qqp6mRmhGtjNpcpHWfROE5HKqPogdYyk/JszLeDcUt/5FDNDIoSIZPemaoqyQ4iOjCoWoSpCQ05Atqu2wDcWHLMBAT+AD1U93h2QQw/Pg+hsrb7ZsfTw7J7WVXJatILL2aV2mS8X1fegKiRC9TAXmYhPiWVtbgfwyWZrea/4p6YeqYe7WXSfCWA25qN0gDwBRYjxTdeQACYzH5XnWftQDXX0vieo481A/XHc+2qfzdSKbihbqCVS69nWw+d5NWR/ujaLqdu5ly6Gs+kvdspJY2LLlsgxtjFOI8BKVUW6fvqRw6qHFzsHO21dVPUL98i2DqpqYDNF5SRlCwE6BLzxaLv7jwDUZeTCo6vr2fj0AMlU9r7g71BHIlL2Wu4j8BhRWze7c9RVPy1zX5PwJ4jdAI1/VpUXAAAAAElFTkSuQmCC" alt="$V_s$" class="math-inline math" style="vertical-align:-0.159em;height:0.885em">) and those that are treated concretely 
(<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACUAAAAiCAYAAADYmxC7AAACAklEQVRYw82Y/W3bQAzFfww8gGZQNvAM9gbqCs4GDjpBoWygdASNoBEaZwN7hMgbsP9QxUWQ7kMnpSFwsH0wiaf3yCNPADWgkWuvqoQWcAnEuQT8KYADUAHdRIAGOAGHGEAWdG8P2ztxeotVAaXXfyKYC6iOBTID7mxxOqCI9dvhmKq+i4i7VZBnR+CmqscUp93E3t0BUy5FIyIHS4vHVN+Hib2b873MYKkFnlT19i1AiUgDvKnq6xL/XQAUIlKmPK3Jdloim4+pP6PfqWw1S2WLlS8JlMl2XypbtHyxMojIPle2WaZU9b6QqRZ4zpHNJ19yBYpIbbK9sIbNtIdPPTCiz2mon6WsGKYQkeIrZAvJd4nJK5ON1WRLyKlJUFZtZ+AHK9tiUMBv4EVV378E1ER+PI5YOtt89MwW5qmqfmp8NdaiR+M1q893VrVbyRbDVDs+qyyxr5kjcmFxLsDVWfXkjD4zXw/rMHxmADoN6TCW3w7sNgSqGoHqgSYDUGNxWh8BIVDjm02fAWi4W14DqdKFQBVj+RYC2odiDHfPYE7Zn/9dSDNYalOZDgXsrDKKDFDJD7YLHBfHnONGREpPk0/ufWvZh6ef/h9QNlrfE5itRaTcmimAX857BR+gzirwxlZNdaYCq9F+aWfYpzYjw0uqrU1EKuCnAflw8qwDXt1b1F9WKM/MRl5dVAAAAABJRU5ErkJggg==" alt="$V_c$" class="math-inline math" style="vertical-align:-0.159em;height:0.885em">). The initial state of the program is characterized by the formula
</p>
<div class="equation align-center para-block" style="line-adjust:0"><span class="equation-before"><span class="equation-label">(1)</span></span>

<div class="math para-block input-math"   style="line-adjust:0"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAt8AAABdCAYAAAB97Qo+AAAWFElEQVR42u2d7XEayRaG33ZtANg3gkUZoN0IFmWA7AgWZSCVI3DhDJAjsFEGcCNYiQxgI7iGDPr+mG6p1Z5PNAMzzPNUUZIQzEd/vH3m9OnTxlorgL5gjBlKWkr6IOnaWruiVAAA0GmAo7VxjG/omagvJE3cn1tr7QWlAgCATgNgfAM0I+pxg7+01q4pGQAAdBrgGLyjCKBHgj5JefsTJQMAgE4DHK2d4/mGHon6UtI4entvrX1P6QAAoNMAGN8A9Qn6QNIu499MaQIAoNMAR4GwE+gLH3P+d0PxAACg0wAY3wD1cR38vpe0Lin4AACATgNgfMPpMcaMOnKdA72OIbyXNA/+HhhjxtQo9K3/ur4BaCo6DXBEXcX4hoNE0hizkTTsyCXHHpPvkn5E711Ts9AzPkh6chuaAJqKTgMcSVcxvqHqIDGU9K+kB2vtQ0cuO4wV3Fpr19bavaRw17QptQt9wu0aOMMAR1PRaYDj6irGN1RlKenRWnvXoYEtnMoNB7d59NkJ1Qs9GyjulXgXl4SgoKnoNMBxdPVdQYdYGGNshddtyzr01Bgzx6tTW3kulEypdGnqLxbqedBBYi8TGzlAHwcK73FcUBpoKjoN0Lyu5ub5dha7N1yHKQf56p7afypJgr9tkajN9TJF9WCtJVbsjQ8yThCvuzQ1GsVRrq21lymD3yToMIbahh7275GkJ0l31tqvlAiaik4DNKerlTbZMcbsJHkX+spae9Ximw6v9T54CinjiRg7QVzRfF6V5zYWxZZf81DSJnjr1w6QrJ5fBm/1fiCE3vZxb+C8d7G2gKai0wAN6Oq7CgcYBMas1P4pynv/kCDpruQ9jl0hDfQ6/qzvjWfmyqRrMYk3GW3imZQHLDZygL7i+/e3Lg5wXUpD12FNRacBatDV0p5vt8ghNLgv2hRmUqMg+rh1trLVq+1+t9bai45de+5UZvC5MERJwvMH/e3vT87x0Bn9C8amvbX2PZrauTaHTkPvdLVKtpMwxGR/boa3Yxw8aa9pMpKkz+7nvGONfaTXOXPzrj+exWEnNegrX9zPLnkWvUYNOpIJo5Oaik4D1KerVTzf4dPpWS5gNMb4wmh1PPuRy8THznfKyxDNYqjo+ru0ngHgGDrYhUVtwYKmByUhg+u2x1B3VVPRaYD6dPVdyS8NoqfT5RkWzPic7+8NZTJQMj3atUEinJ5clbj+cCe1MTmPocesXf/vwoYm3ot8pyRWeNTmLdo7rqnoNEBNulo27CReyHKOWUCuzvz+DuE6bDQdfGjwlJnejT/DlCb0lceo/7e1nw+VeLsfXBjkLDLI0VR0GqCVulrW+A6T2hPv3R98mXRtJuCV0VAmJZWr89Drwmp66CvLWBNbis8i8MX14a0Sx8mkxRurdVVT0WmAGnX1EM93Ja+wMWZkjHkyxuyMMZu0XTCNMUO3E+WT+8zO/T6pcJ5x0XmCz27i3TkVpBZM2bmzdwtjolCjx45dfugNqZILNkxxNerqzqhV+oL7/Lyv7bzO/mKMuQ3K3Zf98pBFgK4OF4Eeek28PcJU+yrU5hbr01RJjHfoLJm11SjruKai02j0uWj1qbT1ta5aa3NfTixs8JoWfSf4rk+pNHZ/z90x5sFn5koS7E+i7z3Fn805z9R9fhidZ5ZzT+PgNQvubx79byRpUPaez+WlZDrXJs6GTl33OGqvkwrfjdv6bQfrrWpfmET3POpbW6+pze1cuY9DvXBtaiZpUeFYG19nvh4DXfT1O2j4nnZV9f7IZX6b1b99+aGp6DQazatN2hrqatmGElb8sMKJ5mHHiBrR0Lnh5xnfHZVpbO5zu2jA88K8K3mds6YadnAtx3gtG7juTcc62CIskwO+vwm+37V7r9wXon5WaRDsc/9IKb9FjqHgHQnjEnppXR0Oc4z8zIG6xvsq7fw4UVvf5bTpaRuNsq5qKjrdb40+E51uhbaGuvpbCVf5W/J7f5T0e8b/npRs+561w9c2CnvJisP+pmSr2TAO7E/3s+wUwiSKKauTtZtSa3qqeK964wgvguN2icmBU5meeTB1PTTGDDu0xqFyX7DWro0xd8E9H7u+u9o/PD738N857WlUpEfGmKXTub2k3zOyPoTX3/RU+88jneeQaWO/C/FdRpu+dynsPkv62qJL76qmotP91uhO63TLtPVFVyu4yW3ZqdPAy73MePoofLqJppbmedMIKe+XfiJ2jamxJ64OeyaWXSuTlOm58QHHiKc0Zx2aUtvl9N9NySfyYYmZsHkfQ7Fyps53BeW1y+tHkRdwXEKnynjR31RPwTVtWljuvq0OSsxmTtBUdBqNZoalDdoa6uq7gieGYfSk872Chf9Jv+5IFS7cLFoQM4q85GncKEo9FOWmLbM4gfze6XzooJcmzspTOWWk856sMzw0beZGL7toxR7CMn1hFdx/lh6M3XGmkv6gi7x4tLNyS1tr762177M2A3F65dvYKqvNOm/NlfPkXuW17Zrq6WekA23xeo9cud8X5IT2faFNaQe7qKnoNBrdSVqqrc+6WhR28pb83t/1enVnuNJ7VWKK6M/g922Zc6QY9fclrpP83ukMosbS9o42iAT4xxsO9z0wrIbGmFEH0k+m9YVwkCua2t2oOPfw1r8OGTDPnCdjzL2bHVxVaLOz4K1ZgcGxKqlRddRTWw3EWcmy2rv6mLao/3ZKU9FpNLrj7ayN2vqsq0WpBkPDtNKOXNbah+jzVT3Mk6hgCs/hPPWjwMAvc73k9z4PL0282cJbUjLd5whkK0npC+Egty7xsHtZJD7W2q219oItnTMHy6mkpUsJ9mSMmRWkrpoGBtm+rsGypnr6X2QwtmFA9VmqViXje9u26Q6e7x7rNBp9VNqqrc+6WmR8H5zfu8CQX5UQ2WHJp8GQm7JPOkHjH9Z0f+dG17wz4YYN+7c8SDmBXEcducuDXNnwK8KuKgqxGxDTjKmRkgwB/+bkIa46S9d37spqe1A/ftOdNjxE/KQK0Wk0+ii0XlvfFRjAoWC9tdKreJjDaakqcebTik864cPFgvaayqDtF+gG1nHNnS0Uw8yY3i6Ij7X2vsTD7gdCSQ4yANbW2veuvB9SDPFBmnZGD/516Gvd/MdraYv6uN9Up0o7beOW84M+9hV0Go0+Yjtrq7Y+6+pvJQ1T6Q2e4QM8zGGjfCh5jnDhQtlO3Xi8twvQvzmS4C6ttXWl1vKD7ocO9Ld4KvN7Dcf8EQn7jbq1lfGoYn/7cYqL7HD/iI3we687bqC8UeL5lpJ41HE0cMbe8LalSWtbfLJ3rHypWC8rY8zW1cXdie+hS5qKTqPRXdXpNmvri66WTNGyeWO6l3CjnmnJTSt+STHoLnxckMbpl1Q8WefUS6L+vFRh8zfee7iBT5c22VmoI2mx9JKCqdbUaFGb2nVsI4fSu78pSXU1yjnWk+srGx2QFuzc+ocz5JYqSGOn1ynVpnk7/NVU57XVU9D/n9q+qU6F8WfakrRny56mfUOnO6jRXdPpNmtrqKtl83vPa8y1WJSjMswFPk5pALcFeRqf0v5X8J1Fjmj3VShnbRp8S+ZprzXfq2rIR3vC7YvL5iydZLVxJzobvWyD7B9WBz3OG3tbRdiVsXNu1G43hwwITdZTYNAsWlDmE71xx0o3nm3QVHQaje5VW2uVtoa6+i4nvqiJeO8yO2T6qam0VC5TpS/ADKezvqR8Jy0MJczR+E/GtcxaMFV5KjYZUzhtI15kM6/rwCkhT12Zzgz7blHYwLecNr5QshvbNpou73P+2DCjwrpgqjZcbb+O2tZeB8ZTG2MWUVtsop4+tGjK1sdrvyVG+N6F/5wyH3RXNBWdRqM7S8u19VlX3xUYy6oQk6QShvyqwmcfov9NlZ1i6iqnI35W+ur4Qd4g6rYn/tHj9IOPvpxakimglDHUwBbDYXvqyoY765TOntbf5ko2K0lr/xP3ALx2f4+CPvPYY+P7pxP2lV5nbsgzGu9yDEI5o7BUH3ODw8Bae9NwPY0KHBNHocKmOkW0YdOdrmgqOo1Gd522auuzrmYZ33E6oLeIXun83lGH3ASF4hOmZw1i2zQvjWu4PzI6+jqnEqZK4jlv+tpyo87eyqfoKK+7VM8CnpjvKYLX9rpbBU/+1xlldyvpD2vtXc4TevjQ6vvC6o160HUWTpCvSuw0d+sGzvscg3Bbxig0xoyNMRtJP6Mcs7XXU5Qx4tTZFUptqlOiT+ydgTY6VUaMLmgqOo1Gnwmt09ZfdDWIaxm7J8Yw5vp5sZD7/0gVY130Ot57UOLz/vyzIHh+o5zFTUqm8Z7P4V5zFcTWBdc2D2KF5kqC63sbM5WyQGbW8rj00u3rwPOE51h0cEHPNHp/UfU+gmNN6BeaeU2K25zTK68rZRZSDfUSRzgLj+f+N1WFhT511JNe4lFPHSPtdX1Zc59YoKnoNBp99u2uVdoa66oULSAq8VoccMKdKiyWCQa3nfOWjyqsSN25785s+QVUm+B7tzTcX0Rz2dLr2yhjoW1DWQpqWT195IUnt0E57VwfmR4oGjv6xSu9mQfa4fVj6cp8cEAZL4Nj+bqaqeQCsrrqKXCAzFuiP+Maj7nUCRektV1T0Wk0+gzbXyu0NdZV4y1wgIzpwo0LPXrfsmvzD1vPU0JFGxW84VzxzmLXZfPPn0k7eHLG5tecKVA4k3pyU7BDSZenXPPipt3/tNZe16wbC0lXDcQdd1pT0Wn6PjRXvrGuvqNYIScuzW/PPHDC1iY+RX//aLAcwvi8MParD6LjF7z5J3f//ryHi8bOvp6ccThUsNDohPrztU7D2x1zba29OIXh3QFNRafRaGigfNN0FeMbivCN7bpl1xWmrjrGApNw0Bj3SNT84PmcocAJyZhFPWdZTzfxIAO90VR0Go2GZsr3F13F+IYib8KDklXD07YIWZTy51iGQnyOjz1pAmlbIM/0xuwT0Np6mioJifhKkfZHU9Fp+j40Wr6/6CrGN1R5apu27HrCwazpAXOtfoae+NCDjRtQZ6487ukW51VPLsXqQNLfFGfvNBWdRqOhgfLN0lUWXELZgXmpJDft76eeyjLG7BRsxlR3XGjOeWdKVqZ73vdhWs/ly/+oZIOZVZ/z359zPbl+tbXWXlKa/dJUdBqNhmbKN0tXMb6hbAPyq/TvT9mxT7miPWXl/h3T83Am/dsbLJe2v7v69lJT0WmA4+sqxjdUaUgTvaTpWp3oGhYKtg+21pojn9+nC5KSBRh4CaHr/dobKzdMVfdPU9FpgOPrKjHfUBrnufgqaeG8Nqcg3Db4FDlcwwU9oxOWA0AdA8RA0n+VeF8xvPupqeg0wJF1FeMbqg4Wd0rSOS1P0KAnOQJ7LB5yBhmArvFfESPaW01FpwFOo6uEncChAnsr6T/H3E0rmso82Q5xwW5XUrKQ4oIWAfRhoD7QaaAfl+nHGN/QpUYdNtaTLVJynSvM8XmyHfMAANBpdBq6BWEn0BVBb8NU5vOAEv3NlD0AoNPoNADGN5wVoXDuT5kOzeWMDc9PPCEAADoNgPEN54FbOTwO3mpDVobQozN0aYUAANBpdBoA4xs6z8fo7+8tuKYf0d+fqCYAQKfRaQCMbzgHwlXq2zbswOemNMNNMfCoAAA6jU4DYHzDWTCXtHe/t2nRzF1wXTOqCQDQaXQaoAhSDQIAAAAAHAk83wAAAAAAGN8AAAAAABjfAAAAAACA8Q0AAAAAgPENAAAAAIDxTREAAAAAAGB8AwAAAABgfAMAAAAAAMY3AAAAAADGNwAAAAAAxjcAZGKMmRtjbM5rVPD9Ucb3dpQuAAA6DRjfABBgrb2RdCHpa/D2VtKlpPfW2nXB99fu+1v31oOkS2vte0oXAACdhh4+MFprKQWAoo5izECS94KsrLVXFb+/kbS21l5TmgAA6DRgfAOcsyCPJH2SNJI0zPjYXtJf1tp9znF2kgaS9lU8IsaYW0lXVQcCAAB0Gp2G8+M3igDOXMy/OTGXpJV7pbHJE3THo6SxpIExZlDi8zLGDCV9lvQ7NQIAgE4DYHzDuQr6raSZkhi+a2vtQw2H3Qa//5EzQIQsJP1dZgAAAECn0WnA+AbosqB/tdbe1Xjop+D3Ycnr+FnTgAIAgE6j03AGkO0EmhDVkTHmyRizca9xymcGwWcGNZ573JCgS8l0puey4Dr8NCYLdwAAnUanATC+oTlBVxK/d22tvXBvL1OE+6NeFtZ8rPES5kpWq9ct6IrSVf1R8HGmMQEAnUanATC+oXG8mPm4uw8ZIvhDL7F5tXhUnDdlKOmuwfvz1zzKuY6ZpC3TmACATqPTABjf0BjGmIkTs7X7exQI9mPkndhLuomEMlMkjTG7EtOe10rSS60avM11cF3DlGsdSZpK+psWAQDoNDoNgPENTfJBSRyfx4v2Km1aLxDfdcFxx0oWxBRNDQ7jwaMB/gl+T/OqMI0JAOg0Og2QCdlOoDastffRWx8DoVOK98FvhLAtOO5lyUsYShoaYw7ZOWov6fcSYryNzhfez0xJHCPTmACATqPTABjfcDxcXN8gQ+w9YyUxhXWxV+Kd+X7Ad7clvSCh9+fP4H79NCabNAAAOo1OA2B8w9HxqZvy4vo+q96Yu62kobX2a1M3Za3dGmP8n+F05kJJ5gCmMQEAnUanATIh5huawq+aT40TdItgBlFaqPD/E2PMwuWXXZQ851LSqM58tBn4ax66a50piZestIDI5dldGGOW7vVkjJnTdAAAnW6NTg+MMXOnz8tAs0c0H8D4hrbyT8b7c2WkmnKr8T9Za6+VLAaaGGOmJc7lp0Y/N3xPj8G13kqaWGtvKgr6WEme3b+ttVfW2itJf0kau2MCAKDTp9XpW0n/Snqy1l46rb5Wsmj1G80GML6hbTyGXodI0KZKFvBkLXiZ6WWa88r93Bad0E0l3km6bdgr8RRd680Bx7iT9D2a/hw6UV/TfAAAnT6dTjvDe6bEQXIfvD9UEsqypfnAoRhrLaUA9TesRKC8+F36lfJO0D7lrYw3xoyCHLQ7JemrLiqce6lkOvWvrOnSN97bKLi3+6reFHeMmaRbJbGWa0nLhvPeAgCg0+W+O1YSHrOukMUFoDR4vqERnIhfKplifHIxgU/uf5cF3/WCPlWyEn9W8fTXzivx1EQIRzBQbA8xvN0x7tx17iVNlGztbEtO2wIAoNPN6bT/PGtwoJkHXzzf0NrGacxGyap44z0ZVTwkbvHi1Bm4P5R4QbaSfqZ8vDCPbXTsqZLFO9sD7mss6TEMOXGLj6ZuAHvPanwAQKdPo9POKz9WMhtAGCBgfENvBN1PGd5ba2+ccfpUZVrTHWfovBgTpcQ1RjRu9LrBYC7pLi3VljHG+kEMAACdPolO+7DAy7xML8rYFRSgCPJ8Q1vxArx0P7+p+rSmn1a9c6/n1FkpH90fSUQvlHh17iMhHyjJQXtD1QMAOn1Snf6ixBv/WS+50MMHhTtJH9glEw5+wMPzDa1tnEne2JHcbmjnInQuvvFKyTSrH2D2kr4wxQkA6HQr7svHsfsHjA/u56OkBQvk4S38Hwe45X0U8fkEAAAAAElFTkSuQmCC" alt="\[Init = (\bigwedge_{v_i \in V_s} v_i = sc_i) ~\wedge~ (~\bigwedge_{v_i \in V_c} v_i = c_i)\]" class="math-display math" style="vertical-align:-0.000em;height:2.420em"></div></div>
<p>Thus, we see that the initial value of every input variable is characterized by 
a symbolic constant <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAC4AAAAYCAYAAACFms+HAAAB80lEQVRYw9WX623DMAyEv3QCz+ARPINGCNANPEJ28AjuCh5BXSHZQF3B3YD9UQpgBFmy8kDTAISDSCJP9PHIICLkDOiAE3AGVrUAeOC4da7gzwGL+oj+zhqja/ZXCBIdO+sY6IEJWBoAB0D0XJ8kZ9Q43V3AgUGDLBtAeg0kgKuAnnXfagFnEiTAdC/wmJ1uA4zXdSlRxuxbC77E2HIzcM2AAGsB0KhgfGHPYgC5Qg1JbV8Sd45JSBdPxtHQWjAmQPThd/B/2gHapRcsARe9oWsA3RnOSsvZit8+KtoWVfoEuLWzZqcrBLAXXx8BulVV1sIFsgqRFHazSjxExw1Xl41LhHuL7WnAMxSaSsCM/kfrnw5cuVlt5cDRABsLlS8PKMhB6yqopYm6VpIdDrNymVAl3AI0AR3iW8s1RUz7FuC8Q+42FcPUQ2gEvQBzUuRDxq+zwH3shDVeGp6PlXXZOzQpaJ/Q0W/UzlXGx1qmEw7PlTcS9sihmRrnjJq5zKDmc8U5qZNjmikzRwtwauhykjYsXRu3Cq5SU8esHOormZNBP/5xaB72FaA3vlbTfV3j3LPepON/ZUY4pn8DPCnKPuF898brft71eRGRL4DD4dArzb5fGfigz0/z26TGKwO/6DNotid+W/sH+uWVeT4bdbvS+x9fRZZDvlavGwAAAABJRU5ErkJggg==" alt="$sc_i$" class="math-inline math" style="vertical-align:-0.161em;height:0.624em"> or constant <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAABdklEQVRIx7VW0XHDIAx9ygSkI3gEr1C6Qe66QbpBdvAIzgoZgXaEZAO6AtmA/jzfKaqpsRu402EM5kno6WHknPGXAfAALgAigES7AjgBcEvfW9uh0ETEi0gEEAB8A3jLOe9zznsArwDuAL5ExGFNK0Q1AsiMpitEnbhmWBPhHFhQYK7gUFZ22QzIXE0b+QKYM4B+gQNHnph7AOTEtEmoINJQAeatY9rrVOt19fEBHdkdHo6UFJ/A0jPAlsriQxH3jIZtxzrq1LvQFNCAgUXeFPDFCMG/AEWkF5GriESat2t0XcUNTOz1M1nZcRy5r7MsTVsAKRSjGkfjQLJlNk0MKkq3Aiyo8cGM+7k9deHHGjGmekQdmVIqP3MBhFktVaqQGbEzc0fOxxolUtEdlm6LI2sxmQt3qJU8pctp8Xp6koZeS+lpAabJ0pmcul0DMXlnf5tEREQ6puPeArBn/6neDTS0ALyxj4xuoGSeiz9RT8jjSHb/qtcfw40WpFd6w8wAAAAASUVORK5CYII=" alt="$c_i$" class="math-inline math" style="vertical-align:-0.161em;height:0.624em">.  We assume that every non-input
variable in the program is initialized before being used.
</p>
<p class="indent">The strongest postcondition is formulated to deal with open programs,
programs in which some variables are used before being assigned to. 
This surfaces in Rule (1) for assignment, which uses existential quantification
to refer to the value of variable <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABUAAAASCAYAAAC0EpUuAAABHklEQVQ4y6WUYY3DMAyFP08HoBh6DIohY7CjUAjlMAjDUAg5Cj0GHYVC8P04Z/KsrOl0liLV8fPTSxo/VJW4gARkYLO1AGPA9MAMrBFTI7wZILm9CVBgtnwwohT6FJhqhPmF+tWaRiMcKoQKLPHIa43Q6tk13kJtc7U5FtIO6eoa+1CbrD8DXdm87Kk0TCHcxakqJ/7iDnzxIkRkcOk3jfgAUNWfBi6579wiPXEszu8oFbuvfZBIAd1V9fPfSkUkvaPy6PHPR+5TRPrHD209DxvZ8py6Bu5SrrMzY9iAa8U0mu+zeIHLn+ZWA/jqZ/qIykLqZ3oOKjczEPVKAuHs+wrpGE2imEvxAneaa8AskfDhpzb7izPlXDGNGqZqQL/kpe0Z3roFswAAAABJRU5ErkJggg==" alt="$x$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> in the pre-state.
</p>
<p class="indent para-continue">By construction,
we have that every variable is defined before being used.  This means
that the precondition <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAcCAYAAACZOmSXAAABZklEQVRIx72X4W2DMBCFP6MOYHUERkDpBmSDzkA2SEeo6AjdoEo3gBXSERihYYPLHwtZTnB8gHOSJdv4/Lh7vDNGRJhrwBGQFe0CdEALlOH+xoHcNWOMBXaABV7dJtZb8gEMwBi4WqAE3oB3b/5bRA7TKBb5nUycvahOiT428OumZ0pwP6WNws8Gvq0KHKiDDcoVWbuICAXptvf6o4gM6Mxfb40xlQa89vo9erPhhAa88vrdAvDdTSaexHcV+HcaztfyfQjGbbLOl+j7kcySpbZU3863m3vxbHy78upn7HizJmGTNiwOD1JcAyc/2rkXjh4s7nA5BzIbE3Tcu3T/xj7OlFPt4k19AZ9z60Vk1EjgRVkYfrQAMSsU+kZE/tjQisz1fBm443ttPV8ceR2M+2eCZ+VbE/nmUc+CO77LnHzHIs/Odww8O99ThTPGlN7FYA80AQ2N+wH8B4Ytq1ylvAK1mvM81q5/gv6vGpuAwgAAAABJRU5ErkJggg==" alt="$P$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> can be reformulated as a pair <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAKcAAAAkCAYAAADsMiqaAAAEQElEQVR42u1c7XGbQBB95wqwSyAdYKeC4A5QC3IHZFJBBncglxC5AzkdBHWASzDqYPPDS2Z9FhIHB3en3M7c2MY6cR9v995+gCIiRFlGlFIlgGrCVxwA/AGwB7AhoteLXq8IzkXBmQC4A5AAuGGgJuIj3wG8MgilJABSAF8BFOL6ExE9RHBGmQOsNYCM/3wmotVAgP8W/V6I6P4S1+cqQsSpZOL33ZAORHQA8E1cypVSVQRnFJtWM9cuvQztywDdi0vrCM4oNkUexYcRzo38fKKUyiI4DR0ApVR5xEpEAfIxVlNzklxZ/VQpVSml0uDAyaCsALTska4iFqfzTU3uTljSJRSrBNAopbazgZSIrDUOd2wAELcaQGHzHpfQeHNJtNSwf6b13zmYQwZgK8cAILd6D4sD3WkDzSIQe9erEmvVjui/0cCZO5zLbAbJhgWoxcC2plbA0gIl7LHumErQwNa6sOz6mo2Yq5xD5YnCJZrSNQDWi4OTgdCIgWwAJI4WpTQA47HmApzy/mvDvruxwF54T1phAMox+HByU4uaWmuaWrHilNomEl8vtJaFwjf5+JTzLQOgL7oRq0zw4sRcWwZm79HMi+Pb8TeYb/I8c83xcEKdJs65GEP/gvS8NauYnvlsM9bxWIBvdsp1rJHmYJahgbLn1BjsODsJEVjkmLmhpUo8sPikH3N97YKjFamGsaOG75znnXk2qcQ0tqeBOfXAckhwZv95SC3RTucPlLFDse55px57gUaxPW3yqUd8k2LM9wNIdWe7uGJt7tJPvldYP4hCiaH56FRkw1zPa2o+/SKFq6yeAfwSdQP3fTyz9olnCp5iHN+TR4ZnfLOMVrMXe8Unh+iIh9545KHnphs7ps/M4ZTINw0896GxzdaD2OZ6It907alvluCbgr/VbFy6VoUW8xyTFapcbLRmBVPDY7TyYFOauauIhALXn6zQu2XaOjYuRtmiqfn01BFnGxLf3I7lmqwISUh8U1jm7akohwde+OCUd1CVSIKjlAMtSDuiVrKxXRQyN98UFKw5o6i7BUE5OeVtu4YzX8hjbwcAsxkBTB1Ere98Uys8zk/l6EOr7Qyu+l0A6AOv0ry/ygKvHV3Iy2uS8fdVR75zzf/LptIHYRVbx+Eg64bK62LTAQrRiEKJ2kYJn1C0ZoyiHXmE4lyrJo73nw/gyEmdLeW9WCoq0FjcxnUIzSAxsV74vrM7x1dzpKKI6JGIrjnd+KY9ox2S3Cz8VKOpvDl8+vIG7+92uiaihzlSw/FdSacfcW4A3HLu19cxtl0u+ly9AT+uHczb6eIbP/o3MuMCk4PnQ/3JP+/PzKdzUoJ5bWIEZ7/8EBvvc0XPI1f0lEqpQgNk92aOBsCeiG6DMhDxWO+1mlsi+hLQmAtWqFRw0VcO6zwFcAJEcA7Y5O7huRUR7eOKRHD6BM4N3tN8z3E13MpfIvEmrbzkiOwAAAAASUVORK5CYII=" alt="$&lt;\sigma,P_c&gt;$" class="math-inline math" style="vertical-align:-0.207em;height:0.937em">,
where <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAaCAYAAACHD21cAAAA8klEQVQ4y52UYRGDMAxGX1CABiRMA7OCBDxMApMwJICFzQGTMCRkf9pdKG3g1rsegTQkjy8BVcXbwAisQLt5fhDUAhp2b30V/roae954DjI+Y8ad7yAwljmlvmKpItKa2yn1V3/xeYwe348RWAzPmT2IqiIiDdAkZfbBvocmiOsDvEtl3szbL8VSM4GLx5cNBGpPP09HVz9PR1+/ko5n+HaMZ/lyjJZv9Oat+osvZTR8q9PDw6ZUEalN282FUet+Z878X8yZNbagZayN/cpkuwEPVX2lGRuTsU0ydcDi6TjGeTO6DmGo66Mm78PXXcM1y/sF71cMZTYuzH0AAAAASUVORK5CYII=" alt="$t$" class="math-inline math" style="vertical-align:-0.000em;height:0.676em"> is a store mapping variables to values and <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACkAAAAiCAYAAADCp/A1AAACEUlEQVRYw8WY4W3bMBCFvwsyANsRNIKRbiBv4BnSDVx0gkDdIN2gUDeQV1A3sEawtQH75xxcGFkmRdE5gIAg6cTHu+N7POG959oA9oDPGGegAxqgmptrboiCmTQRccAT4ICvOpkzr/wABmAMXB1QAd+Anbn/23v/nVRLWRHQmyi1kT4u8OtSI5kK0qbyOcHPBb5NEZBAHUxUZWThnOL7kFAZW3M9eu+HxMqy7zsR2cQ6poCszfWBdHMstBSQduXdgrmeZiKbD1JE6uBWUiQ1tTaSB+/9uHYkc+sx5MZmdZ5cwo9r0U80BS3lR/Xtli4wGuRSflRZtBnYL9XumMmaWBLW1NZAa6OXc7i4ecDQndkH9DNG8OBB0/x3wSb7iCHiFHQ2t34BLzObcKSAPSYS8J9SQHJ4chtE6h+fYLdA5up1WZBaj7l6XTySWXp9L5B3qUcRcSKyF5FeRI5mNDe1Gzjm9CWRqvSs3++BzYSctlcVZ+JQsC8A8PWanttWeg7kLgC5WRngRWqPV563NoO3Vvm2mhUBbsy367kzwDvtFpHK/ADYarjDQ+sAnIAhR3VEpNVMjd77Lym9S8qvkyYzkpfvvMb6PCq1yD34TjN2sb5Et7iGnYp1i2uZ1vKYEPlGRKqHT1C5lylFmwDY6Q4fKKEkEZvnwoO7ib6oUbVrotuHgptoB/xUYCdTp53+x3wri/9wG9wkgrGsbwAAAABJRU5ErkJggg==" alt="$P_c$" class="math-inline math" style="vertical-align:-0.159em;height:0.885em"> is
the path-condition, a list of symbolic expressions (predicates) 
corresponding
to the expressions <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAdCAYAAABSZrcyAAABm0lEQVRIx8VX7W3CMBB9z2KAiBEyQtoRYAOkbkA3oCNUjEA7AmxARiBsUEYo2eD651K5luOcQ6JasvLh+8j53jtfKCL4tyEivRPAHoDMNPdMRU6yAFACWOr1EIi8ArgkYlsC6Gy8AKi8tY9k5JGduHtffszRVf3Ks7Fz1vSQLDWKbpxHpPgK4F0fby5DdxU81yNh1um1Oc7X3n0rIreRzm+PRl5PwDKb8ynyHTCgBQA3R75J7khuepaL3603UuToUexukP8CUCXWSxHB5PxWLovFrpsh359WQLoR+b6EJZhkSXJDstHITYBcZPIbABqSQzpXE4uGjlSSd2/bawBvPYfHGsBWQcyHI4/k+6j1OTZOKr+0Et5Nye/c6ucy8m2p52UKbArMakzktbFmp+QO+oHpNkqF/LZnm9s8xBoJa5GZ6vzuxt5rJAYjz6rnlpILoPjzfq5+LbDVxGzMnm8AO7VRWZ1vA+flSMednSa63qN0fiTfunM+ZjYxuYWSvwpqtI/0b5KrASQXqv8E4Dn4OWhF5JSilMw4e/HyA0LLUfEX45grAAAAAElFTkSuQmCC" alt="$E$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> evaluated in the context of an <strong>if-then-else</strong> 
statement. Initially, we have that :
</p>
<div class="equation align-center para-block" style="line-adjust:0"><span class="equation-before"><span class="equation-label">(2)</span></span>

<div class="math para-block input-math"   style="line-adjust:0"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAt4AAAArCAYAAABPVI/cAAAP9ElEQVR42u2d/XHbOBPGn824AMZXwdEdSLkKTu7AylUQuQN5roIbugM5FVzkDqRUcJE7kN4KYqkDvH9wEcM0KZEiQIHyszOcOLFCkYvFDx/7ATHGgNKdiMgNgGsAKYBPAB6MMXct7zkwxjxRu72ygwGAjTFm58mmnowxG2qWQiGnyVVylRKvfKAKOgPCVES2AOYALgHMAPzZBuYikojIWgcHSr/kEsBKRHy03RzALVVKqeDESkTWIrIQkZmIjKgVcppcJVcpp+EqJ97dNNAcQKZ/HRpjxsaYxza7HwqW/wF4NMY8Usv9EmPMUm2i1SAhIon+mFCrlApbGxpjrgDc6cRkISJbEZlQO+Q0uUquUrrlKife4WE+BXCjf73z6GpcAPjR1v1JOWnHfQDwTTssAU8JbW9PxpgxgLFOKGYiklEz5DS5SqF0x1VOvMPL3/rnToHgY5CwbtAx1dv7TmtdmXNqo1cTtUxETM1rUPOeqwP3WXmyuUcAlkXTus9HTpPT5CqFXG3PVU68w4tdcW88GeYE+c7MFx8JJJQoZAxgpLtulH7IP8iT78YAliW/f0AeH3rdYPf0C4B7AG6/3um9xp4ncDPnZ8axktPkKoVc7YirF2znzuTZ030y5JnWjBc8EzHGPInII4BMRB44UPeizXZ2YBCRDQB31+T+mNACHUieROSn9vMlgHEge3AnmEz6I6fJVQq52hFXuePdI9G4oQR5MD/lvMS26Veqon8DfOGf2saVXiMviXYdarIQehIiIhMRmXm+Z6IVBKIOjSGnyVUKubpPOPHuz6Q7ATBVw1lSI2cHmQ2AJwA3jLntpbjAbVNNYQRgpINEn2UM4LPne6aqm0/kNIVcJVf7ylWGmvRHbPLPjKo4W/kHL7VjGXfbDKwDBXMK4Lc9H137Sp4ryAbAoO0AYdv/TA7tSHp2X3KaXKWQq5x4U36JrQ35QFWcpxhjHkXEtjUHiHqDwt/IdzKSBv/vWwBXY+sBQkMzfgQawCjkNLlKrpKrnHhTahqO7QAbJoicvTwBGIjIhBOwyv6QIN/BGDk6WyKvmfyM1+7J4iAcasdjU3jGtMl3aR+fALhiC5PTFHKVXD1frnLi3Q8ZOx2Bct7yQ1f4Y3DXrAqkc53gPCI/7CQG9+F/hb+naFaabobzCTEhpynkKrlKrlYIkyv7IXYFuqAqzl4WhTanvB4crH6u9UjvWIC6KRkg6r7XDB4PbqGQ0xRylVyNl6sfDjx4omWh7Bn0dU8U2orIDU3aS6dIHGP7cUyn0pObtiKyPnSYgIjMtA1nfdKRiEyd97TvujjGDlVnc72Hvd9KvyN0YtfSeY40gK56aQ+qiwVyd+cwwooRxQHiquZ7DZC7Qnm6ITl97pwmV8lVcnXfxFsNZ4t8q75RkD3izjrvGsa+dlHQ4KQm+/0T5AXjx8aYjwqfTOvMln3+Bi/JQZM+lF/S1fr/APyFvGbr78aYj8aYK+SJNH/o0c114blWEG109f9Rdfenwul7yEFCY0N3IXZnem4Ptg3/jDEcoySmN23wXncMMSGnz5XT5Cq5Sq4emHjr7uFKDcmuOO51EnOHt8d43uLl2E17Dduc2KUrYNPRFdIteOn8fGyyTVqx8quz4ssKHWptO3vN1WXUJ9rpOy4ALI0xQ2PMsqSjjpDXcB0d2oHQe10CuDLGFDvtJ9WnzfjuYpU/9KyrXtqDDlQD5CeXxRw/2+g0SB2Yd8aY+xM/9+U7n3uT0+H6LrlKrpKrBbkoWfl/18bYAfhSMoG+1xWedZFcBYiheUIe4B9653yHsPF4rpH8d+Q9ro4cEL7i7bGof+ifScXq8klE7pxFV+yZ+Xa1/qXi9zO8lCJK9nTUhU7Qd8h3zMvee9EhKJ8DfE+f7cEOyP9Ebo8bp80GNQbsKU6bbW+f970fGU9Oh5nYkavkKrlaYQS/Lu0ERq/U/V3x0lWdAbDd97n3fOnE0OozOfIetk0WDf7PqKxdkIcOGeTF7vf9/1VNG7ALsOQEuh0dsj99vu0+3RXaaFTxmcT5TOXnfOnFeaZ1jc/aZ5udoz047zfvQX+fFewkOcDP6Ymfd1LXpo/llud7DvRZp+R03JwmV8lVcrXapj84K4UpXmKfrmvExtid8KSDxIjeierTJvbdtqjrennEqvi2uIpVt1Li7ATvk6UuyjZ73m+k95ngNEc4Dxz7G1QsKh80lvC64h0mThstqxJLtO2ukYdcXe9LQPGkl+dDrqqG0md76FOliNWendSiKxSndoWqp9JyfB4i6Yycfn+cJlfJVXJ1P1cv9IETx+2xrJnZ+rMAHR4YgFcxXyN1Ody2zBROCtCoI//ibSz+XyWLpipZ43At2o29IsiEXonIg67elzXbybV5FH4u60zLEp2G0ovvvtRne7DQevYxMQycbFMWu/lU4QodxsArY8zYCR1ci8i97vKddbInOR1Mr+QquUquHuKqbo1P0dDliNfb/ynDSn65jew19XRf67bKPLiVDIBVzbbNItd3WtC3e9nk4H0uKdfmt5G9269n8+ES7bM9aDsaz1fSkU1OKziRRdifErwONWzLnChDTcjp7thFrpKr5Go5Vy8clwmQZ4IuG66YYFgKC8aYoa72P6k+MxG5RZ540SZj+Bntk0w/Oz/XqRs6cmwiVn1vRGSIPBm4qJ+BXhMRGVbYp/t+7+3gkj7Zw0+njXzsWK1DHeetNun+01VhV2aqg9NdZLu/mU5KgNztf7Y73uR0cCFXyVVy9QBXL9TNYCfRTVwZowo3wHuefO9Uh0uN9ZojD4MYtymvWHBltoLhoQo0ag+XERbSL9P3E4CP6tK5xtt683a1Weyo7mEXdncuJvnNLoRDD449sAfLl4WHPtSF7Bwb/FTQY4ZIXKHOc7mVJ4bvYROFnA5mS+QquUqu1uDqBY4opVSoiTwL8NB2JdhF0uYiRDC+MeZR444nyAPsr44c1Cwk2iSEDBosrG4BfOvZQPpgd1e0I946K81UREYFwKUVEIpFjokXPVd7sLuQf+BwzGQMsnH069rZHJHVyy0k1Ps+JjrE5Cb13V/J6SDtQ66Sq+TqAa42LimF1/HdSU/ij6quRcD4noHzPbOWJZAWHp5hWjNWcbDnXivkSSFreC5B1iBObwHg5sDnbpz3nlSUIqwV71dTx9704rT5yncsYh/tQe+97Umux7xoW2qzaw9xjjNH11vtB6OWeg0Si+swPA1wzwE5HR+nyVVytYdcTfQ+rr7XaJercZCrxc6SNkwgyPrQaCcOrDctgZzVhUXbWr06WV3sgcHa2ohjXMmJEnfqJMiYsoG60C7rYwaEkHrBSzLGPMAA0Tt7cNp90oM+Py0s7EdoWSfbWUROSibjRw/MbfpAg0lYFvtEgZwOokdylVyNnau2zVYlc4QFjqxxXqcPfADwY4+rqEy+2q3/2ILZIwyB8JK00KBt9rnX6rjYvgKoatN5wW1yWYy3qhNC1LLm+18lrrKq77Lfsyu6obRdjmobEZnjdUJMa72UyGVAV2009tCgH92rLrIenBmwKdHTw7GxnPq+X9Wd+lDi2k4BjD0/s482W+p9pz7aTPM4UgRI2COn/XCaXCVXe8TVmXoQH40xQ3eO4ISK3ITi6gcn0cSNUdoHvxvtXNecWncidmF07EFFTyXgqTLEh7JYKU1A2tjfac3MpPB8hwx9ravIrd7vGHlW21vWmGzY43CrAGcH8LSuXnVwSIwxt770UiG2H/4XwJ6isIcjxOZ8fI98kNiUDHBtKhd81vf+WfI7ezR1rIdg2D66alMr2DlEZIN4j7cmp8lVcrUHXNVqIxPV9XgPV8MlvhbqJG5rbMv/coPwauR2WHi4x7EuZVtjdrbHjbM60Pajkhj/RUNXeav6rvocqwZu7tkBV6J142U17rcu3q+tXmrECia+XaIx2IMn12Dag/Cy1kex47WLNUNJ2NQp2dSgzbY4kJdxIIRjG7LNyWk/nCZXydWYuVqwg9Ge7xqFZElZp3sV76KdYwHGdJ8S6Ks2+i8Y26Tw73M0jGVy7nXTMN7TR8fJFNY3RYDq99gkjDoJLqk7SLj3099N0CDBpaleDi1wGwJp1hd78DRIeDv8JGCfn3m4V9VBUQsPk3rT0cA+ciYla52ApAc+7ybwrxA4Rpmc9sdpcpVcjZWrzvxge0qW7Muc3+q1UlAmnEifDOiZh3vY7N21s4O0QsPECncHq+H/mzkD76olRAcldmpdpI1tVd9p4dzL6iZD/Uo/Ex8d2tHTLNQAEYM9eKh24D73TBdiaQycUlta+3oWZ2ewbAI+iX3iXeDYtriripeKAsXfrbuYdJDTwThNrpKrUXHV56aIt4k3r2iBniKSI3jb7uo4EJycWTuvfHiFHPANQg4Qsb13i2ofKzQrH7rt6yaCdYFq/9m2ZULXE+/CQiJzBtKtM9GbH9oRJ6ffD6fJVXI10NHzk1Oy5IK5i/GLHpm6BDAqOQymM9FkD5ugMiskjNw1qA5wiTM68dSXXpxTZDcxHQjQgT0c2y8eATxqUtBn5CeUJth/iMkm9HN50q09ke1fe7Jc4cRFG3KV9K2/KL+WODMhp8lVcjVqed6XrNmlcOLdH5npTtH4hIOWLef3ZMsdKdRGDTvdAOGytPusl9sibN/Je7cdKHYIUGbuxDLHS7nAx4pJ3u6cFrDkNDlNrpKrId9HmVm32k6G3OPhnbEfyMneGM2jDrKTE5b9KTsSN9OryWp+14ddxy71ojJR3dy/s/emvJVE+/tdRT8a6We+UFXk9JlymlwlV32LLUd6fcD+bfJ6kI0NTry7k0sP97h1QHIKsW66tbMiRMnBHvvkb8Rbi/dketEa+X2bSPmwB0q5ZMhr1j8X7CRRW5kDuO2D65ycJqfJVXI1koXxPXIP4rRYp15EUhHJtJb9kzFmGOo5xJ4bTwmkYJGtdvydMeajh/stkJ9i9fspdiM0zuyzTgiWTYrY6y7K3BhzdYbtfLReHDvZNO3suqu2RX4ow23f3puyV7cj5DvexcNnlsiTrjYt7m1LvgH56W3jd65rcjpCTpOr5Gog/d7o4jJ1Njc2yBO+H47ts3W5yol3+AbOkGfpA8B124Qbp2Ef+tQZFWQr5Mfhcpeu3EaGTXVz6gGCchZcGtsETuqDnD4XTpOrlFi5ylCTwGKMucOL62jW5uhkvd8GeeLORHfE+iIZ8oxsTrpfd9SBdlSGDVC6tjkg35V5fO86IafPi9PkKiVmrnLi3Q3Uh8izg1MAKxGZtgG7Nug9gHnbAaJDHdxygH/TURMA35HvqjwcqdcdNUmpOzCoC3ul/3T/3kNMyOnz4zS5Somdqww16R4In5Fn1KbIYwpnx2Zba2OPzjFm+p3Ywwp5/OG45X3WyGN+mXxDqbKPFHmy5gZ5WbVvnFyQ0+QquUrpnqucePe/8acAflNXKYXtRqG8mUhyks3+Tj1TKHFw9f/VCTN7xUYvCwAAAABJRU5ErkJggg==" alt="\[\sigma = \{ (v_i,sc_i) | v_i \in V_s \} \cup \{ (v_i,c_i) | v_i \in V_c \}\]" class="math-display math" style="vertical-align:-0.000em;height:1.119em"></div></div>
<p class="para-continue">representing the initial condition <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEoAAAAcCAYAAADGBymbAAADBUlEQVRo3uVZ7W3bMBB9MjqAZmA3UFdQNlCQDZQN3BnUDdgNWmUDZQVnA3mEKBuwf07BieDHHWUHhkuAsEXx8/j4+O4E5xxiGcAIwCnyMdXfV2cAPQALwOztq6IOg6mqqhqAoUdDhuPpF4AJwDuAD+fcGTeSqqqyZCgAeHHOPe7qULlDC0PPdEvoyczVKtqN1Lbl5QfFDtUAalY04rbTb/p9BfBTuMYWQEfrbIoQRR1wPjK3jKhCFA5sfU0RogA8sP83xUcXTC0D0Bt/cSjphOB8j6mJre+g4CfDiqZ7sxDxU3R9hwI03SuiHlLrkxrq6X/mJ/Gt52mSUXmTNABO1MccUu90rC3Vm6nuCUCnGKfNjcPqzkqPw0omYLxGvWLyNRdvZIyNAKSymRuF2p2kYpEU+GmVLGycIbGmluVhY5TtuwZALfWXivQTDXqMaDFDpGkTSAxqmkC9BUDNyo7Ubtmrnz7rCCW90wzsHdk6YqgltuMMVVlnm5DUxuYsnOecq381fiKjTAGEiXxF78jbBC/NgfK13Sykh+ycDhltYTz/7o/iFnkK+INcZjwLxd+KmlB6JuPzOffs0Sqlz1QUPQjwU61EVK3duQhvtJIx2FEUz9dDeVN09Dx+mnc6nJ0mwCfhjcxxnS7FTxKn+JL+3YO0Lzryq8v0ohiDH+dB6Zq9FgXuAvqp24koMULY9e6UonNRyoJOqg+vwk+lN8vOY8cXPSh0nkgffhU/9eKd2wpNGzB4jNin2KJjY7INWVLGzBmqKOYsMLpR7HIbuAmPGcSeQu8ybcbEBk9RQ12Bn8TcwerOkXcmg9guwHc2IlaTtzCN16QMdUl+MlJl79UdAnMac4hVGLdL6TRC76eBv0Uuw0cv/vRxiThPLjLqnDtXVbU+zt41PgD4EWl69n75t72/kfjZW0I29ITM7xt5QAS6fqqxgXhMz0MOO/hJo5QH7s+ljr+HxPWzmvX5KjE3y3hrjYv5in+jWSR5LLjxFs3ndkLPGsCbUq5FIkAolQhHNlY04PcPs54FtOoTKVIAAAAASUVORK5CYII=" alt="$Init$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">, and <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHUAAAArCAYAAABGgMc7AAADAElEQVR42u1c0XHaQBB9j6EAkhKUDrBdQVAHeFKBoQMYV5CBDkwqcKADkRKgg1CCUQebD1aTyw0ggZBOIvtmNBYSN8A+777dvQWKCAzNA8kegOWRW0sRWZy73zXzNRqDI9d2efc7ZrfGYy4idI4xAIhI6l4H8ClbYKTeITo5cX1CUkoce5IJyRnJyMxdD/I0dQFgC6AH4DOAmZ5nmGqMT711PQARgCcAQ439E5KLLHwYApEqIimAteO5YwB9fbgSkXnBLO6XrhuRjEQkNtMHCr9H0HfOkyIL9B/jq5uxkZyZ6RtAKkk/fV4XXavEbp1LIzN9MzzVDZmpiOwufC33+T2SfTN/eFIH13iplzwZGkbqxXrq4fGM5xrqJrWMnur6vuepa9VZQ0BPLaunfm1q2W8DSB2U8NKel+3ORWRtpg9Pahk9dbeHViIyNbMHJvVaPSUZkdw4Xj4VkecQH/IGPexLjiQ0qUX2UwvrqYbaR9XQYeadSmjIbHer76Pqsiq9sjKondSB1zTYF6hD1zg0+1eByQQAqIb/NzreLZDkuHo6B/D9jPGsTGk6qUcaBu9GXPsTpdjzxK2ZrP2klu33GppE6hE9Tcxc7dfUUv3eJkFr7THq2SlKikyEhCK1Fj112ojfPKPfsvsUO3VzHQhKaieknpIcAdgroS8i8iU7APRJLm9Up0692dkqj+DzV90z3hNVqack39RDV377kOQEx6fPDSU8tVI91cGzEYDdiX7wk2Xctye1Mj3VDfOJPjw1A/wCILZR0hLhV6fns4HtGN60n2rfDsCHeleZrtKr/k1P7av688aGC0lVz9nkPO/Ny+zKZKVZFvrTzF8RqRpaWVO96CZfGzN//SVNFfhwzm2a8B5IVa1ML/Bs+7ZcCzwV+LsfG+cQmgAYNGGT3UjN99Y5DqMlE5JDX3PVO38D2IrIg1F0ZUkTgNhnJfSV5A9Ha3c4dK8ebDO+ZaQqsSv1WMMdaKrBSDW0JvwaCmPofZc378exjNQWIMK/26B5P46FP0rFmWZ8pP+iAAAAAElFTkSuQmCC" alt="$P_c = []$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em">, the empty list.
We use <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACEAAAAgCAYAAACcuBHKAAABqklEQVRYw8WW4W3CQAyFv2OCtCOEDegKYYPQbpBuQEeoMkK7AmxAO0EFG4QNSrKB+8eHrJCSg0S5k06YcDk/7OdnOxEhxnLOpcBJRJpZJAAZUAG1cy6PAgJ4M/bSTZ0O51wC1ObRKkYkMmMfRWQbA8SLsUuAGOnwDhsReQCYRagKvz69MXU6VsZ+jwXi2UdBRJpzhKbihCpkpV/nInKMEYlcP78sAABEZJIN7AEBFu3fJkmHUcmDiDxdHOhBnwAFsNNLJHDXQG7uKfR53unnCoD1DU67tgWRAZv/fF2kQ0P3DSy8vgNbZXYCLFv6/wqcWgE+isghOF8d4d93hbR1rjD/uBxM2tblO3N52sOXyoMdDUSLA1lAyZXmfDIExMzwoDRi8hWQyV9jPw4pYa+YRbvHB6z5aEJyb34tf0ZQU1KT280NL/p3qqEgZgrCr587hpOPodlogwgVmFXXhDR0+g3SBiNoowmV50Ryoz5sxuLCmRM6ZnldWPRwodDhpNEeMmqJpn0lavpFFZK2e2U7Vyd7O/0oZ3ZjcqCvgaVacpV20VpBrYf2h2v7D7qTVLcY/XchAAAAAElFTkSuQmCC" alt="$\sigma&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em"> to refer to the formula that the store <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAASCAYAAACw50UTAAABEUlEQVQ4y5WU623DMAyEPwUZwDOoG2QGdwN3BXcD76AR2hWSDYxOUCQbKCPUI6h/6JQV9GAEEDCE45l3pEhKiVoAAzADK7AByRgbMLWIlyfISjEdyY5zbgC+gJNc3YELEEXJKzCqlHfgJ6O5p5RuJRuuWlpF1awqDFX1WdKqknynH3EvokueeTy2iAUfFH6okosdO3DtEReKKao8SANm1YyA7bx0EVb/CpU/+tPA4JW88xPke06sYQ5Cvp9vix/OOT3nHzVcTn4z+v2mvj9bwNE624XJCh3sP7Blvs89r/M53zu/dIhntRq8ldx3n/IfcbQQ589/kuQrcFL3o1IWrKNaWlxeRiuK9E1+ttT2Ryt+AVgpvMAK6aihAAAAAElFTkSuQmCC" alt="$\sigma$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">
induces: 
</p>
<div class="equation align-center para-block" style="line-adjust:0"><span class="equation-before"><span class="equation-label">(3)</span></span>

<div class="math para-block input-math"   style="line-adjust:0"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAWEAAABiCAYAAACBHGLNAAAPl0lEQVR42u2d63EaSRSFT1MOAGkj8CgDJEewkAHIERgykMoRbKEMkCOwUAbgCCyRAWwEa5HB3R9z27Ta84QZGHrOV0WVHjyGnu7Tt08/rhEREFIHxpgIwALAJYCRiCxZKoR47YQiTGoU4TmAof66EZErlgohFGFyPBH2K9e1iKxYMoTs6LAISE0CPEz482eWDCGMhMlxRHgBoO/9eSsiFywdQijCpF4B7gJ4S/k3LQlCHDonbqyRNlgSFrcZ/5uweAhpgAgbY/oA1gDeUvxDcr6MnJ+3AFYFBZoQivARuXd+HvBWhIGObFwv+BHAzPm9qx0wSS6/HkshnHtZZKTfaUhDXfCWBYMf6X4H8JQRKRNtE8aYNYCIpREMlwBeddNS4yJhV4A3IvLM+xUME+/erkRkC8DdLTdmMb0T4AjAvwCe2RbCQXeITvOE+FQi7K4XnfJ2BSUm7nDaFZSZ91zOA7wfCb6IyD2LIjghftSR4CLNmjiVCNsGuNWLJGHgC+vMqYzPGR1xmzuuuQ5badFUW65TY4wUfPQKvudrzvu8pgixHR3OGyHC3qQMBThcK2IlIhvv/88Zgt1GoRhrOXxRy4ZUxz+IJ/xHeG+FudozATAosW79C4AHxCt+LFt9r1FORzoC0DfG3P1RD469WcMYM8POE7xg5QvKilg7f7oXkYeEDtidhB212QM1xrwh9s2vWYNqLeceADdKfTjE+lEhnaq4j4pqmHOg1TvdO4UdYWfPHynAwUbBiaOchKMsJy0WhimALt4v1SQ1kBDpHrpBbKCd56Ckhtl7/e1kdoRGS7YAOCEXFkPPikirnK4499u4Y1K/8502ZJ6xfBzc+hgdcO/6iFd3ld7boPbcCsDQ9aE7J2qoywS/kJz3cM+t2LOMp89TRkZt4muBciLVsqlChLX+Tg7Qr3/8UeBRPWGdPeyBh7iEOLR2JxwyvX71QrtOhzxoWXnZ7885keOVuZtgACJi9niPGYDo0Ppqz9m219A5YiF0VYBXFODgcDdfLAsIy1NbLQkdznbViqAAnyYSRt4utpT7NkY18xgrfc/xse2IWy8cJ2GJShErIu05bbIkRm5DJEfjp/d7WUtidqAN4fLi1oVjivAG3JYZsqjYYV7u/dWRkBsFtmmVhF0nz/NSThgJlxFhtSGq3Fi2cOtCJ89CMMaMjTELY8xbiR0ofxxPKSJLEeGuoPBwo9gyHaxboXtlh4dnOmroOo3/ZZ9Rh+7aejPGrJMW/vvioe2RE4B/ivBVwTLvqQ1RpXYtXVukk/Hhd4izI8xUscv4djyovZ1WxPeSwzuXNuyg63ujgTJlPUa8rHOkKaKWAKY6KZr0/CF2Xv247UdkJvjvRTv9OeKNR5uKr8VeT/9DSm/9A7uDWDYa4ay1wQ3w/hS0CYBffq9z7Mk3ZxfLMWjdjH4Kk7JWhPPcjTFm4zSGCeItoSETpURlRaKxKYCPjpjY3YljJG/4SBp+r1revtz6FhX4zlO1IR5qupYegOsPGQK8Rbyn3W9YD9or20jmqiGH8Ky0s6g7Ct+Cfl5S9LqP1z9zGnZkjIkCXz9+5dShMnzDn9tjP2WNOkVkZYy5d8p3y/b1ToR7BTq+u6K2xR78+t0ZiMjvh3550Ufk/s9/aE8sAN6ynsdHmA8VYHEe/T3eI/LeYxp4mdn2tSjxmn5SG1OrUACsc17/WqQ9t6TOzrz61s3Rt7sar2Vu71/HG25Ym2FQICKxkU+XyTpbiXsU5Xaf7bfONs62+MKXe0SlE3jLOtXv7TqjicyhvVPWbee1iC9sffaabAg/Er7sODbE1PFjijSo/xIqF2kBWl9cwXw64O3cybwo8AmkrtcAi5bPY0YHmGcDrcE1ya4dkSnCjg1R90quP05Rc3c8FTXfr3hPW8ttgre7L1kC0/pIWESeXS/Y6wBXBSLcaySfp0sRTo6EvyE+6rLujssGsd2OM+QpO6yMvGElaQ8jz4rYu8KqwLivDzn/3K8K3uO2ZOfnn+HcWhJ06sqLgu8Q+8RHPV60o4vkraCW6TH7Kb0LCd+KqDo7iism3RasaT1kDmXiiMpjzr2KAFzyuMxkGwDAjVdWUxwvzdRf9no+eCH5z4INsV/RULRKcehrBT3GJOGiZtP+nKyI7xW855NXjyYIcyvz1rMl9qFXImCa4DC/PsT2tXHK0NW++ZFsCL8j/uWLcNELGFUcCVXBAMedXW+rCP+R0r6CYeLWGLN0IuzbQEXYCsBeQuaNEIpYDGMAf7N9pYpw94Q2xO/5gY5nJ2wKVIQudr7dQ1OO4xORexExR3q0creccxyppcrDmHxLoh+oCB8SCd8UDZh0GdtLVZFdQO3rZ0KEPz1Bp2874k0H7w8SKbKf+psTBTE/VrsYZwjnoY38OSPiDoV1iXaW1XCB/Em+b2D+uqyO0LUhHk/gm1/+FmGNZO0F5G3lsym6t9gjxxI5e9zlY6saVsW4Qhzixo0XJ9Lfx5JYJTTipHY6U2Hh+uB8EYaInKLDt1r701+i9jVHgGf6Ja65LK11VkTkddLfa/iY7wlD6mDwRPFmj9cvsZvcG6XcpzsANxylFhbh0QnaktuOlh29uRu9mK6eV9pzXtA3xixUgB9E5IoC3EpyU9rXYEmEuHHDCvG+I0k70Ta26XFsw9Y8ap9E5JrVNbWOuXNYjydavmc74I2IbDteA7jSIdNcD45+Q2xaLxAnJWTv2l6KprSnJZFNIesvJ5q+QOz33tskCog94AUTJxS+BxuczjO/duvCUbMtk7O1Inp4f/jJpK7jS3W22l1+NQopJZbaOmvEOw0vWLta2Z7WiCdnr0Vk1WGRkAL4tsBTXR/k+Z5JNsi5D4c3GgGFugyP5HfCEZw19hRhUoSyKe0PxRX5foBHpdqlfbQO2sfEqwO0I0hpK6J2e+CY9kcDhqQXTdnwRI5y3990RPTbimIkTIr23HY4Xbs/q8O0YC0J7zuNWcVaI8BjxBtuvrz7OyNhUqDntnbA87Fm3zW7gZvSPbiIUZd+3uB9Ak8Sdlva+EsIGQmTrEpzSEr7Q/E/K8SI0Z5KNmVtC74tTZOiYEbCJK/izOGs1RURc+TPt74pEK9Nvg6wjIeIzy8Y8NzfYNuRneNInNtgJEyyODSl/aG4BwT1dHlPUKjH/oB4g1TEKhecAHcB/EC8Oy9xcpkiTLIitDRBPBbPGZ1CSEJ8j3hZHtMQhccPxMs6UyeXaUeQIlbEyXZ3GWNesdviuxGRq4DL/A7AXzweoF33kyJM0iqQWzEeT3Tcn63I7sQVD5AiQUE7gjTVivjdAXi/T3iHCEWYhI4rdNtTHg6u62fdzx/y9hCKMAk5Cq4jpf2huJF45B2KTQhFmARFHSntD8U/te0zbxOhCJNQcVcfbJqQp8zLgwjseSA6IRRhcg7MsDs8p0mTYPfOdXGbLwkGLlEjhBBGwoQQQhEmhBBCESaEEIowIYQQijAhhFCECSGEUIQJIYQiTAghhCJMCCEUYUIIIRTh8DDGjDW9UFu+7yLhIHlCWsEHFkHjBGkG4CbE9O4ZjAC8GmMiEXlgLSCMhMmpBHiK+ED1v5vQGRhjJOPRy3l9L+V1b/5z9ajKAYCvxpgxawKhCJNTiN4QwB2AiYrSSdHEnlcA3Mh0A+AawEXeOcP6/yt9DRCnr79Oy9qsyTu/AJgxcwZpVdvnUZaNEOAugH8BLEVk1MBrs9HrUkQGJV+/BrAq+r00xX035NT2hFCEm2lD3GmEuW3g9b0B6CJO+nlR4nV3AAZlhFuj4FcA9/v6w/oenxFn4IhSnrYF8HcTy5tQhMlpIs3npkXBzjUusEv+WaijMMZEKqYfywqdRs+XZQTfEd9v2KU/WmJnh/isOQlImgBXR5wem1hz1uBrdIXsBu/zvaUxB/Blz0hzBmBqjBmKyHOJqHuq1zoq+jpCTg0n5k7PAABEZNnga3x1fo4KCuKvA4Tw2S2bEgL8ICJXFGBCESZlGAIonNFYl369GmPW+ugnWRzOc7oVXOOL8/N1ARviK+K1v3uhKyW2zigh6/P6jgDfV31zjDGRMWaqZSkFHtx0QijC54IjoJuiAozY8xw5qwcWCUJ7i92k1O2h1+ktR7up0Ybwhb+rop5nXaxqEuA7AGvEk6ZRgZdsscsITQhF+AywDftnwedbgbOifZkijE+OsHcrulb7fr0M0ZoC2FRkBxT5vL6WYR0CPNcIewtgAuBKRIyOBKx1tBER4zwuGm4rEYow8eg6EVSeKAy10a+cqLibYBfYHWiTMlF2AVae5ZAUpY8Rb7iogrXX0SQxQrxsrlLh085kqGX3UUQebccnIitdcrcFEHFjCaEInzfWUvhV4LmXGplZrMguk4b+jjCtKrpWN1rv1WhDpJVR2kjipWIBjtR+AOI1ztsMuwTYLd0jZC+4RO20XBZ9oog8en+6dcQvSUzs5oqqIuFNgo3iRo6rilclbAvYKZFGo7Ln+yetYbYd3WNO2V2y+hKK8Pnza58GrV5oN0Wc4URoTxVeqxtRf0qwIT5WXDZFrJqtXtf3fTqVlCh3mNW5JXREG1ZjQhE+X9YFor0k7PKvLC/0K6rzZyEiG2NMkh0xR7xaoy4b4r+c6Lyy4y9dfzfLZ/b8eE7EkYOgJ3xarHD9VfJ1NwnRqSsSEeJDcFYVX+/KjQLVhljWtCLgskCkuQDQq2gtdNJ9ScP68c88e4JQhM+bF29oW5a0pW0z5CzbMsb095jZf3FefwdgqEde1kE3q6NRnpyov4poP7fT0g5urEL9hVWYUITPGG30W2SshS0r3noo+jZrkkwj2AXibBZldni525enTkRYB33kTCxqFHoP4K7CpWLPSNkkohG39Yp5AhuhCAfCEvEMf5lo2G4i+Oq+TqPTSYHT2HoJQ+tSkTDi1QO1+KGOoOa+v/rBSwA/KhLiL2qBzL2y7Wsn1EW8cWPFqksowmGwSBDGPOGxGS6eNJpd62HoKJibzoo4kL8NOWm4vqnRhrBRMFB81cNIhfNVO6JDRidb3RK+VCFe69Ga94jPOL6qcNkfITxPuBE3IT40/aVs1oqKPvu1TFJRtTuWdQrRvtk1NEmq9WufNHLdIHkzzJZiSijCxIqHzaxxfexhrjFm3qTD5HXYv0Bsqzzu8foIscUyRP6E5wV9XUIRJlY81jrMHxzxM/sAek3KMFHSVikqyl1GwoQiTIpGgINjncSlaYtGTYkGdaXGHPHEFwWStAJOzDUEFd4J4smgbt2fpxNYqwYJcA+73XcUYNIauG25WUL8qAL8aoy5rksgdYj+qSlesH7nH4h9YKYmIrQjSCOG5Z+bmn25hu87B/CdAkzayP8IHRbICY46ygAAAABJRU5ErkJggg==" alt="\[\sigma &#39; =  \bigwedge_{(v,V) \in \sigma} (v = V)\]" class="math-display math" style="vertical-align:-0.000em;height:2.550em"></div></div>
<p>Thus, the pair <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAKcAAAAkCAYAAADsMiqaAAAEQElEQVR42u1c7XGbQBB95wqwSyAdYKeC4A5QC3IHZFJBBncglxC5AzkdBHWASzDqYPPDS2Z9FhIHB3en3M7c2MY6cR9v995+gCIiRFlGlFIlgGrCVxwA/AGwB7AhoteLXq8IzkXBmQC4A5AAuGGgJuIj3wG8MgilJABSAF8BFOL6ExE9RHBGmQOsNYCM/3wmotVAgP8W/V6I6P4S1+cqQsSpZOL33ZAORHQA8E1cypVSVQRnFJtWM9cuvQztywDdi0vrCM4oNkUexYcRzo38fKKUyiI4DR0ApVR5xEpEAfIxVlNzklxZ/VQpVSml0uDAyaCsALTska4iFqfzTU3uTljSJRSrBNAopbazgZSIrDUOd2wAELcaQGHzHpfQeHNJtNSwf6b13zmYQwZgK8cAILd6D4sD3WkDzSIQe9erEmvVjui/0cCZO5zLbAbJhgWoxcC2plbA0gIl7LHumErQwNa6sOz6mo2Yq5xD5YnCJZrSNQDWi4OTgdCIgWwAJI4WpTQA47HmApzy/mvDvruxwF54T1phAMox+HByU4uaWmuaWrHilNomEl8vtJaFwjf5+JTzLQOgL7oRq0zw4sRcWwZm79HMi+Pb8TeYb/I8c83xcEKdJs65GEP/gvS8NauYnvlsM9bxWIBvdsp1rJHmYJahgbLn1BjsODsJEVjkmLmhpUo8sPikH3N97YKjFamGsaOG75znnXk2qcQ0tqeBOfXAckhwZv95SC3RTucPlLFDse55px57gUaxPW3yqUd8k2LM9wNIdWe7uGJt7tJPvldYP4hCiaH56FRkw1zPa2o+/SKFq6yeAfwSdQP3fTyz9olnCp5iHN+TR4ZnfLOMVrMXe8Unh+iIh9545KHnphs7ps/M4ZTINw0896GxzdaD2OZ6It907alvluCbgr/VbFy6VoUW8xyTFapcbLRmBVPDY7TyYFOauauIhALXn6zQu2XaOjYuRtmiqfn01BFnGxLf3I7lmqwISUh8U1jm7akohwde+OCUd1CVSIKjlAMtSDuiVrKxXRQyN98UFKw5o6i7BUE5OeVtu4YzX8hjbwcAsxkBTB1Ere98Uys8zk/l6EOr7Qyu+l0A6AOv0ry/ygKvHV3Iy2uS8fdVR75zzf/LptIHYRVbx+Eg64bK62LTAQrRiEKJ2kYJn1C0ZoyiHXmE4lyrJo73nw/gyEmdLeW9WCoq0FjcxnUIzSAxsV74vrM7x1dzpKKI6JGIrjnd+KY9ox2S3Cz8VKOpvDl8+vIG7+92uiaihzlSw/FdSacfcW4A3HLu19cxtl0u+ly9AT+uHczb6eIbP/o3MuMCk4PnQ/3JP+/PzKdzUoJ5bWIEZ7/8EBvvc0XPI1f0lEqpQgNk92aOBsCeiG6DMhDxWO+1mlsi+hLQmAtWqFRw0VcO6zwFcAJEcA7Y5O7huRUR7eOKRHD6BM4N3tN8z3E13MpfIvEmrbzkiOwAAAAASUVORK5CYII=" alt="$&lt;\sigma,P_c&gt;$" class="math-inline math" style="vertical-align:-0.207em;height:0.937em"> represents the predicate 
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAU4AAAAwCAYAAAB+DJNsAAALT0lEQVR42u1d/3HbOBN98KQA2lfBx3RA5yqI3IGcVBC6A3lcgUfpQL4KclIHVCr4IncgXQUXqQPcH1zYKwxFARRAUeTuDCdyJFEksXh4+xNKaw2R/olSKgXwW2u9G/AzyLTWr6INIj46A2BzbN5cyaPq5eCPAKwBbJVS4wHef6KUWgNIA56zUEpt6dmK9FduAKyIeAhwDkwe2eu7ATLtfwAstNaLgAvRCEACYCrq1V/RWi9pjGvBU4Czh2yLJrmRYmCPoADwS2v9GPCc9+x1doyNiFw8eL4A+BtAQfPJDziVUhOllD7h2JKJMxVla004aG5Csa4LWTTmZGrdBz51bv09FjXrPXg+0Mt5pa7VBYcIbT+RiXJDFDaxTMINANuRmqD0L/1pKdkLuyCReOBhnvkDrZ5DuO8cwAzAfcjFgnzE9uTZaK0/irb1XqcyACsAj1rr787AWXGiFYCM/lxore8dvpMA+Mm+t9Ra38mwRBtsM6A7rfX1gO57S4B2G3Eh4nIrEftBEZFrHmn39XFm7LWT74x+7DM3JZVS4mCPM8jcTH9pW8HOFXEmfUqwHxQLJRw0Oev4Kho3CDE69VcjxkmTgoPlR631piFbHRQbahFAZnj3x123lcPJzNnWx5Usmm0M89ky0xc0idaiw4ObVwa73qwMH8bJzeudD2iS8M8n5D8QCStfDNtsOfH9iY1r24ET89uzCOfm/vgZ6fyr6PDg5NnWBx/g5GbYssGPJ/L8o66KKXvG0xZ/N6PVeGEBWVuSx3BNWGldO8rvA4AfB4BVpKfCgo15E+D09m9a8qmGgYqcLobpLRtYAyEY3yOBV9YWEyP3UQKHErkT2DtQ5vShAqC/iNoNRl5J53Jn4Kxw+i89FTyzGOdyyDXUkeQrA7A2We4YZYbFhjHdtljnPVfqmGY6Yx87pv+JlGAORn5xnXNlnKf6N22TRqLq4c3KDMBryykyBqSfCVQ2BCrjlgoeRidYQMcWBB7ItJ/pXMz1wUnBde7KU0GbsM0E+5UX35m/aPCAp5TKWQMJn4qscYXJ+NwyWOcVYD1tA1Do91OLDYR2e9imeZXpLlVE3Z9nI0qXW9Pc2SqlVlQZ6Rp7WfKF1RU4T/Fv8tV5EbiG+JIHc4IyjWaG9wYSrmJ/doOATS0cJa8Ca1oUNwAmLbFNRGDZHPR/2G9a5jqG2IHqggBzTZi1AXCntb6mNLLPKCsef7qAJ4357k33tNa1BymoZkd67Dv0vRRluZL53sTle47nnljXFPMoQl03XXtiPZc1sbSc7quwfj8nVsOPLOQ1NbyPLYDtgffy0GNeowPrwOdN+djUfG4cS0fkCDKOMxqbbRVmEa5t6TNTx3OaeTv7ENK/yWrbH5gJs0BZ6xky0vtK542d4rQL6T+zyk93AL5VsMTvrO4aKAsNXjq2ko9RU6mjtX6hap4n7FfbhJSPbIxisc1FDQNZKKXe2K9SKpGAZ2f0syBg3AH434Fx4fPa1R//++3zHiirGYJXHXssjRhBKqvf3rMsXJk7MVF9iNWd+T6MTiQ1n5nSZ8aRn2URgUm7jtGcWwai453QTT4moxqrTx/7XM251y5mJf8BUxNcecjAObsXRg6fn7LPJx26j8yYK466s4oM3vMI9+Z03ZYbS8z18+tm7joeNHZTV9C0zf9jprqdtP5DzJHGJrqJNi8dswr+Za9vIpikTWVq/XvQma6UegGQR9r7J7HMp+hBoYp7XCqldnQtYq53Z4656OcS/hWQzt2R7qwfkzZap0Wgjw5ohQ+vS8qZ0krtWp0UMyH+JoKPk1cCufqV/z4wziLtz7GExWJipDwaMpMcA85T69NF9pmMz4CmbMHqSnnqow/4WwnxoQN5IZkmL98EytxUV0DmzUWk1dz555jPotdYro5Q31Pr08WEKFla2mDxMYvWpiP3wRPefe4jdhlmEmHiOXdaIivMgKzsR3Q+3UxbwKo/DAH64Mg2O8U4iR08oJ2OS4XdNt9T+ID+3+P+vCdxS+4Gr+ok8gOahPiQxQ87y2Q/VcYHzG8XecF7wv8Y8VKwzgVKW89x2aCs5pq2ZC3Zi1Ws33z3qztEkHSp/52KnvGIc6cT4LEf6Rt5Ru86E1FHTcK7xzPII6SdFAHOdVIyO/aj8eueRqwT7Kf6mFxefpgafz4/Zy1c26gNrGL3v3LJI5RUi3CDmjoq6Fv6V0fuwQDL5ETgXUdYPFeB82vHDc/B50vW8zzkrafeT1oA9cYLl+t4sfufX53ZZzAE+VVjUlSJ2dtk06G6/qcATvcXAGnAuu61xzM9Zoryuvem9f6dCRIppTLakrugxhZVx6pBwG7k6rZjPQu4nzuKWHXkvs9qDveGNMYttLm6NP/mpYnVECI7MoimLn0HKxXsnJOQrvvU7TieAweJzIKUnBix5ylIpzRJWVT4g88BmCuUxQETNnerDq+cbKs5ddHg2mIHzcyinrrqA4Fm4rFlefYWq7g0/+aFmjjpMROH+QHX6FCpKjNP0oA+oizQtXn5jh3M9FGgaqbWzXWwpieIUOaK/cq31HN8ovvqyVxfu7i4iBiuffyvlh874RM7w3sZkh0gyem9DFJaeaqfcMUnFT3Xoks+zQrALwKdzyjfPND5Vqc8N8s3pgODy+wMoDntgn/zXOWopK9v4Mmxit7L6f217yLJiY3ZGTjzjDJPBQhPGtgZDZxpjmLMqqSD1zsNwcQOTMAk4PUVXQA6C4i3Db8/IZ1Ys2PqAFDTyLqgfRY9tqht27agCOQK7DchWsGzNv2AFT7TWkMATY5jwDIPfM4slDvCxQXiYVqPArNgr3MyRrOyzXwCgXlNNH8VWQ84uco9QGbblwwDxmQzAU45+pQiM2oIukFb91l5u3NPNjOvY8U1bHPUkiug0r9JTDljprCme0p6ZCnupTpdQUTkssWkAd23WClUJ177EVHD55zSz6ru4c+azJZ7xGtowYVneKztPbCIWc7pemYArrXWDz3qFPVgp5wp4+gUEblUoX1lUpqwO8/vAMBtyM5frAM5ANwfyg2lFJ+VAacqADS7Khx4r6CUt7vIz9eAxKvW+naA+rWl53xt/k8Yp0ifGEHuOBEyBpqbCO0SZxXXViUmp/Uga9Ra1zHKFGUfUN3g2LrkO1r5m4PL56bc6gTAN/7/H2TOiVy6UCORJYAnpZRLoj6v7FlEuB7X/YjGJ7oKdij33/rR4LsbR3bOi2GGWEE4Jaa9EOAU6SvrNDuGHqsEyQ+ww5CyYMD4BVa5qlVJs2r4GxuUwZqY3Zju+AI1MLY5rWKbYqqL9Il1blAGJ3KrLV+V6Zkw1hWrBRkH5Kqgz28LAJtIgbIHaMz2iuZZBnFnKKUSpdSMauULpdSc/s06BpoZymyChypXjgCnSJ/Ac4GyF+a8pjb6awts07CzHTfXrfe9GlNQ0w77noyJ/xQRPIwsA5xvAuAflHmnt1rrO8okuMF7c5sugKbZxvvl0NbcApwifQPPRwIUF39c7C0Wjp3/2TaHD0zkAmWu5qYCfB8BTCIxtmD+TQLNKYBvHIxoMcjQkZ0OSH6i3FfroMtH0pFEeik0Uf+oas1Hre1e2+hOTlHZg5vbUYeeMay0JQKUB3pvUddikID1E4DPITIEWFvJOQKkbJHrpMAFpDPV6Y0Ap4hItybrmMztFO++zw2BzdEsAWZaZgAeTwkWUVu6Ovb64tGGzV4cHg6Zvhc3ZgKcIiK9AeAZyoyBHbkrVgTAVTuC7traPZUVBNzqnmwxLsApItIv8OQm/rHmwddtlEVSWs+kDjiJdS8vpUxTgFNEpP9AmpyZcSYoo+lLux6fru8RwM2BWn0BThERkcECeIIyqm5YsNm/5xfKrlAXlVz/Hy7yAU8G/lXbAAAAAElFTkSuQmCC" alt="$P = \sigma&#39; \wedge (\bigwedge_{c \in P_c} c)$" class="math-inline math" style="vertical-align:-0.434em;height:1.249em">.
A store <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAASCAYAAACw50UTAAABEUlEQVQ4y5WU623DMAyEPwUZwDOoG2QGdwN3BXcD76AR2hWSDYxOUCQbKCPUI6h/6JQV9GAEEDCE45l3pEhKiVoAAzADK7AByRgbMLWIlyfISjEdyY5zbgC+gJNc3YELEEXJKzCqlHfgJ6O5p5RuJRuuWlpF1awqDFX1WdKqknynH3EvokueeTy2iAUfFH6okosdO3DtEReKKao8SANm1YyA7bx0EVb/CpU/+tPA4JW88xPke06sYQ5Cvp9vix/OOT3nHzVcTn4z+v2mvj9bwNE624XJCh3sP7Blvs89r/M53zu/dIhntRq8ldx3n/IfcbQQ589/kuQrcFL3o1IWrKNaWlxeRiuK9E1+ttT2Ryt+AVgpvMAK6aihAAAAAElFTkSuQmCC" alt="$\sigma$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> supports two operations: <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEMAAAArCAYAAAAjbTVEAAACp0lEQVRo3u1a0ZGbMBB967kCSEogHbgG0oFTQkgHvhq4DnBKIB3gDhKuA9zBjdzB5me52WwACRus+9DOaMYgoV3erqR9a4iZ8UghogxAM9LVMPMppv4nxJFi5N4ltv4d4skLM5NqPx6hlJmvWi+AT0NfTDA+nCQwEhgJjARGAiOBkcBIYCQwEhgfCAwiyoioJKKWiBwRcWBzRHRYmW0Wyg5HRB0RlWZMTkQNEfVTY3zEZbQBOALgO9phYt5M+qsp3SPP1AA6AMWIfY1c7wE4M6aWMceZuQd76qnOTr1UD6ACUIoBrXnpEsDBtH2A8moBEO1EX69scFqvAoIBdIvBMEC4Ge+WSlGwh5eCIXWHfqZfO6Y2fU71NbeAoSfPPYYOXnEbgvFP2M/Y8J+9EsVO3ilbBIbZI4oAQys1PlsbDFluvWfM+1Je4pApMHaqLljJnnpm5nPA3vumfn/e4KS7APg2c7rs1eV5DYVDDVQfP1Xgs182Ls+9LqhjtmvmGUP98RoYFQCQK8MvEXKkr2tHxo6IcvViSyYtVDjHkHf9zHxdKzJydf07NBtUl/WjUTD6z2vNa8F4DXxOb2ynyEuknQEtNxutF4yL2cF9XsnUhvuyVojeuER8kdEYZ3vB+DO2Kc7IT7VWnzdaBpkQLkdElfW28JDZ/UIiImfmX8FgyGQDunuPkQMPuZpQXVsq0ZNJMqhF//N29Tjt+9LzfIiI2dRa8ZHel6rfm4EaWtCo+7mk2OWcvbI8mqUZqE1/WYja3pCl9hZSdgcYpSVfA2kbqIJipZUZ04UC4SNquSjpxQNOJj8u4R8rcpNO2dGOkLGxMcWt3IQifZ/h5CR6RmRR9pxSDTQVhBMYCYwERgIjgZHA2EqeIuo+mFpD7I9io4KRm5JB7I9i8RcFkOeJJZNGfQAAAABJRU5ErkJggg==" alt="$\sigma[x]$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em"> which denotes the
value that <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABUAAAASCAYAAAC0EpUuAAABHklEQVQ4y6WUYY3DMAyFP08HoBh6DIohY7CjUAjlMAjDUAg5Cj0GHYVC8P04Z/KsrOl0liLV8fPTSxo/VJW4gARkYLO1AGPA9MAMrBFTI7wZILm9CVBgtnwwohT6FJhqhPmF+tWaRiMcKoQKLPHIa43Q6tk13kJtc7U5FtIO6eoa+1CbrD8DXdm87Kk0TCHcxakqJ/7iDnzxIkRkcOk3jfgAUNWfBi6579wiPXEszu8oFbuvfZBIAd1V9fPfSkUkvaPy6PHPR+5TRPrHD209DxvZ8py6Bu5SrrMzY9iAa8U0mu+zeIHLn+ZWA/jqZ/qIykLqZ3oOKjczEPVKAuHs+wrpGE2imEvxAneaa8AskfDhpzb7izPlXDGNGqZqQL/kpe0Z3roFswAAAABJRU5ErkJggg==" alt="$x$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> maps to under <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAASCAYAAACw50UTAAABEUlEQVQ4y5WU623DMAyEPwUZwDOoG2QGdwN3BXcD76AR2hWSDYxOUCQbKCPUI6h/6JQV9GAEEDCE45l3pEhKiVoAAzADK7AByRgbMLWIlyfISjEdyY5zbgC+gJNc3YELEEXJKzCqlHfgJ6O5p5RuJRuuWlpF1awqDFX1WdKqknynH3EvokueeTy2iAUfFH6okosdO3DtEReKKao8SANm1YyA7bx0EVb/CpU/+tPA4JW88xPke06sYQ5Cvp9vix/OOT3nHzVcTn4z+v2mvj9bwNE624XJCh3sP7Blvs89r/M53zu/dIhntRq8ldx3n/IfcbQQ589/kuQrcFL3o1IWrKNaWlxeRiuK9E1+ttT2Ryt+AVgpvMAK6aihAAAAAElFTkSuQmCC" alt="$\sigma$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">; <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAKUAAAArCAYAAAAZkUhyAAAFMElEQVR42u1dO5LjNhB9PaUDcB06pDJHLq2PQMVONLUnWM4NNEdwcW5A7Q3MjZxKN9ghnTqRIqdrqvYC7UDNGgyHIsEPAGmEV8XSDEWiG8ADuoFukcTMsA0iCgBkDV9lzLyBx7tHGwdmDvWKGs4dfHfdFBo5cOdYqSdmJuV48P10G2Dmo9r3AD5U39355vG4NHhS3q5PlxARax4LzTLzjnJynXJmvntuFn8A2AIIADw0+HcbADmAAzMXmmV+BvAJQCzlAsARwJ8iq/Ck9Gj16QDsZIY7CAFVX/9xQJkFgIKIvgNIpPx7kaUNT0oPMHNBROqpYGSRS5lhl0Nu9qT0gGJmKzKGI3zVSFyBuV/oeIyFukccjignA/DAzAdPyvezKg6ulZRElAJ4HhuV86S8LEJGAEoiWjkmJYgoHKB7LCt5eFK+HzzL5ycHsr/V/u87W6ZjzbYn5WWugo847eU5nyn7kFLM9nGqZJq7Lv+GiGIi2hJR2SMCYMQEEVGk6FJKBCGumx0iyohof+6aIb6SbjRiAqQiM3ZMyrlm2yzEbN9POTobDwBrADziWLWUHcg1yblrGu5JcdrgjRp0zOT/BYCydk0q16x1ZTXI3gIoh94/QF5pU54iV+2/TPOe/Zi2beBEeu7LXFFuj9PufCwk2NaUj8XcqMdCU4GkByG3LY1S6VGqshVCMoB8JCnZIjnivoN2Irn7Pu0lvMgnkt1Myhohy3OzndJogxquDyllI3bfRZiqQg0zTq+RfwmkrNVr5UAmd9VXrBIDCE2TUlUq1BxVpWFSvjLHHaM7bHBBSqlXcGWkDJS6rSzJTGtWMDBttptIeac4rGu8ZIosNZb2X+UzMLXhK4ul/5h513JZtUo81HVm5idm/sDMy75JAReyEv8oC5BMVrimkeuswIkoqdrXhBIzJYqQyLldBwkqfFf+/gmn2KmJFeF9x8qvws50jxHRrwB+WObnPU6hu1g2qB+Z+avFbaGioc3XMmBgjJTiI1ZINO+dW5gtuvLv1BzArUFVfpHPvx1PoKHMmgdmnlsiZR1fcEptK0yTsgoNHTVnyVcKT7GLPxBLSzPlvwB+BvAXgH8c1HOltHeBUzKtiUngUEthm9dmybX4mY8mKzuTGGc4oGOjM6PLJiLFnzTpM/6QTvvddgWFCKG0s0nTXUFNYftNDUqIFf1ous6z2hT9TTeyUo9AOOisyKY/6aiOifhvu6EJswNN+KLBfGemzXaFu5pgXYHq4sPVwwOWOv6khB0XV0jI2AEh65YvsGm2VVIeWhzdpsYKlIXRk8OtFt2ZMsO4pFUXhAzFAhWWCfnGWopFSjBBSlofUj53rLaaVl+VH/dosGMCSawoq32xWqctuvxJmSFDC37Y1Khcos8OZB8aBvWmxwJ4PCnVX7UpHd1mUlbiDJsewYnICsSMqXioOeZtA2iKjj3aWtDJQIqECMUFkBLWn1wiIZ4QHSFDvMS79xgZ74RGmBGvQ56Zcj7EKXQYt+ksIzybMAS2sBTqyzBhTHlE31RHZFluqp5cyckcrzNtIoUgycQKJBqDIK0nZ1QNhZdYbVK7Jp+KkI7Sx/IL0OFNgot1UiqzUCodX8qRi/kMDCiQdFy3EvmVLlu8Tbpouia6UkJWmTdrx3pshQOBC1KSw+dTlhj4JIb3CmVnY3NtCSQTcmLjH0ZwQRAiPt16O/gfjnl4Unp4eFJ6eFJ6eHhSenhSenh4UnrcHFzvU65quY7+5U43gpaXOzknpfpTDMC/3OnW0PRyJ/wP0NOpPs39YDMAAAAASUVORK5CYII=" alt="$\sigma[x \mapsto V]$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em">, which 
produces a new store in which <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABUAAAASCAYAAAC0EpUuAAABHklEQVQ4y6WUYY3DMAyFP08HoBh6DIohY7CjUAjlMAjDUAg5Cj0GHYVC8P04Z/KsrOl0liLV8fPTSxo/VJW4gARkYLO1AGPA9MAMrBFTI7wZILm9CVBgtnwwohT6FJhqhPmF+tWaRiMcKoQKLPHIa43Q6tk13kJtc7U5FtIO6eoa+1CbrD8DXdm87Kk0TCHcxakqJ/7iDnzxIkRkcOk3jfgAUNWfBi6579wiPXEszu8oFbuvfZBIAd1V9fPfSkUkvaPy6PHPR+5TRPrHD209DxvZ8py6Bu5SrrMzY9iAa8U0mu+zeIHLn+ZWA/jqZ/qIykLqZ3oOKjczEPVKAuHs+wrpGE2imEvxAneaa8AskfDhpzb7izPlXDGNGqZqQL/kpe0Z3roFswAAAABJRU5ErkJggg==" alt="$x$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> maps to value <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAcCAYAAAB2+A+pAAABh0lEQVRIx72W4W3CMBBG36EMkBnSDdIVwgbpCrABzBA2oB2hIzBCCxvACmGD44+pjGXHdhz1JEtgO/58z2ffAQyAJrZWVYk14BxZ5wxQAx3QAyfPpCOwAboUUSPcGodGa53RrNUDje8DW3RIFQtsYGfWOQG1PVZhmapeRMTuqimzNXBT1bU7UHkm3y3BZq6iiHTmCN+8EyKBcS3APAKb0PjKs5eb9buZ6e0R+FXVz9CcKiKMiDSqestEvAkiNubz+Mf5n+v1EdjGNhtDnSVsEN+nECejjiGzRNsUxEGPVfU+0+NvYJ8aD6tAf1Zki8hgEB+SIyFwB1/e7IR3WYEm556neIyI1EshjqE+p5yzQUwW4gjqzslS/QTids6TmoQ64PEXcFDVy6wsMhE0L8WAJ89ei3J1JLv8lSpWf1OCOEXYTo+j019UmUydsXvOtYninSlh9pRaQr30bM9I70q9jaHuHeHRDbL/QP2ks2UhyxH+YEmLJADvPV6iiREIpbuTubfvnjxdZA/1fp0Fw0tDIwAAAABJRU5ErkJggg==" alt="$V$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> and is everywhere 
else the same as <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAASCAYAAACw50UTAAABEUlEQVQ4y5WU623DMAyEPwUZwDOoG2QGdwN3BXcD76AR2hWSDYxOUCQbKCPUI6h/6JQV9GAEEDCE45l3pEhKiVoAAzADK7AByRgbMLWIlyfISjEdyY5zbgC+gJNc3YELEEXJKzCqlHfgJ6O5p5RuJRuuWlpF1awqDFX1WdKqknynH3EvokueeTy2iAUfFH6okosdO3DtEReKKao8SANm1YyA7bx0EVb/CpU/+tPA4JW88xPke06sYQ5Cvp9vix/OOT3nHzVcTn4z+v2mvj9bwNE624XJCh3sP7Blvs89r/M53zu/dIhntRq8ldx3n/IfcbQQ589/kuQrcFL3o1IWrKNaWlxeRiuK9E1+ttT2Ryt+AVgpvMAK6aihAAAAAElFTkSuQmCC" alt="$\sigma$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">. 
</p>
<p class="indent para-continue">Now, we can redefine strongest postcondition for assignment to eliminate the
use of existential quantification and model the operation of an interpreter,
by separating out the notion of the store:
</p>
<div class="mathpre para-block input-mathpre"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABEQAAAA6CAYAAAC54oyBAAAXDUlEQVR42u2dT3LbyJLGv3T4ALB693ZN7WY1Qfmd4FHr2ZDtE5i6ARU+gYO6AeQTuKnVbMk+QZuc7Wyo3sy2m4p3gZoFElY1DBAFECiggO8XgbAkEwRQlZX/UJUlxhgQQgghhPhARGIAsTHmwNYghBBCSKd+CRMihBBCCPHidIgsAcQAno0x12wRQgghhHTJGzYBIYQQQtpGRCIAawAHABMRWbFVCCGEENIlTIgQQgghxAdrABGAfwF4BLAWkQmbhRBCCCFdwSUzhBBCCGnX2RCZAtgDuDPGPOpskT8AfDPG3LKFCCGEENKJj8KECCGEEEJadTZE9gAiu26IVU/k1hizYysRQgghxLuPwoQIIYQQQlpzNF4THzfZnWXyEiWEEEIIIb5gDRFCCCGEtIIujYkBPBZss/sRSYHVNVuLEEIIId59Fc4QIYQQQkgrTobIBsAMwM/GmJeCz8QAlgCujTHPbDVCCCGEePNVmBAhhBBCSOMORqaQ6pnPscAqIYQQQrrxV5gQIYQQQkjjDobIEcCLMebG4bNzABsAC2PME1uPEEIIIV78FSZECCGEENKoc3GmkOqZc/YAJsaYd2xBQgghhPiARVUJIYQQ0hgOhVSLWACIWGCVEEIIId78Fs4QIYQQQkhjjoVDIdUz564BrMACq4QQQgjx4bcwIUIIIYSQRpwKx0KqJd9xAgusEkIIIcSH78KEyDAd0orTlAkhhHjU0QCeq86eCOTZnAupnvkOFlgd9/iItP+zbOom2QihH08bS91DinjLJhicE7EHcA+AipQQQvrJFYCNiNwOaVmIiKwATADcXPI9xpgnEdkB+AKACZFxMsv5G5dQEfrxpG0bS90zQkZbVFVEpiISi8heRE4iYvTnVc5ntyIy6fnzTAD8AeCJb9QIIaS/GGN2ANYA9n23LRUd+TWqF1It4g4ssDp2HowxYh13bBIy4LiEfnzHNtYY82LrHADc8WwkjC4hIiKRFnzbI3mT9RnAv5C80YoB3GmCZKqf3wCYBfAWb4tkzfU9xZoQQnrvsD0C+BXAVpMJofMFwAuSN5tNtM8zgAcAq6EkjQghg4wrJvqSdSYicxFZiciMfjxtLAmHtyWDfK5Ozs9DWOusSY7f9NdbzSDaHAA8ahLkNxH5FcAcPZ+2pvd7hQunKRNCCPHqsN1pzY0NgGALiKptnQPYAfhFRJr66j/13zjk9iGEDBOdVZ43i+1R9SH9eNpYEgBvCwZmBOATkq3vgGQmRdBr2fQN015/PbudnzFmISIGwFL/tKuhDF140e/+Wnd6nIgs1RFdDLFA30gNqRfZIYT8MCbXlt1riidjzOLM/y+QTOtdGWMeAm26mfXvrIXvf0/pJIT0MOB+APCgMUZs6b8N/XjaWMYVAbWdMSZNgFwBmAL4oAPT5ib0aseaIZzAcSvAzKAtfH5tu/cAIgD/zAz0JwBfVchsIr2XD9rmQFKwZ1G1nXV7wudLKvqTzmSyU9khhJwdk7d4TYpDHYU4Z0xmx+Y/MzZ0V7Z9rL4dnAN4x8Q24TiUCMAJSQ0RLh8gocjt1kqIOOvyMfnxodlYSxc9hlDDiHHFBW2nAmJnMg8qkGttpOATIlZy4+CqcKxt/6CFdVzOmeJ1FoqTQtTMcGz96dq1Xon1XHnLf0hYMupVdgghpWNyhmRNdx3dPAFw1F9Lgzrr82VvughhQoSQfsqtSeOoCrHGaP34EGxsaAkRxhX1eYMkI3ejDy3GmJsB7rWcZsg+VzgnFYAqCsqeKnxwyUJqW9tTk+IKg3SFJKvMZEj4eJMdQogT9hun5ypOgX42ddCOjp8/AJinBb0JIYQEFXyiStxAP542lnFFf3ijWwwdhpoB0pke3wWixldsK3z2g/Xz1wrn/W4LsGM15E8MggeFT9khhFRzJuo4q6m9cbWtacKeW4sSQki49sI1bhi7H08by7iiN4xh2107A/lXhfOuagzSac3B/VPmd5ctBtN1d72YzaPbGdfdaoz4lZ025WAiImtuk0lCRh0Ae0xuLvg6J2fNKmK2ZA8Q2mTSkB4jnmONCrM9euXH08YyrhhzXDGGhIjdgFUq1Uc6gA6OHTbLDLxDTaEFigsK2deKkEwxe+lYUCNdA3lCUneG69+rt6E32fHADMkU0KOIbJgYIYGSHZN13l6lNqTK7MuD6gQmRQhtMrnUrzhlZkmT9m1GlZihF348bSzjCsYV40iI2B1ZpTjXDsB1hc/fZs6tgp2oeXEY3IsqirelwTYRkVidrpXeyyK0okM9wafstIquP7xBsgZxrgpsy7eUJOAxeSjRhcuCN7FXcJ/Km/Ito+MJoU0mdUh1yQc2Retjr86b+M79eNpYxhWMK14ZQ0LE7siZiMQu0wi1tkoVIbA7psr+42mWOOVzhWttfTemiEx1a7EjkmlnOyS7EN2Mcd/qhvApOz6U10GreF8jmQo6A7AVkT3fVpEAx+TXc0EokvXfVwW2p+ra8G3O9QmhTSZV7fCLBpq0uX7txbbiOVu2GW0s44oexBXGmNwDyVsGo8e06HN9P5AsmTE5xx7JW5RJA9eIMt89qXDu1jrvWPFaU4/tONM2S6+9aaLtarb1UtvtVNC3eccJwLyH8ulNdjp+xrV9rwCWoeqUkmed6zg56fG3caL6aGv9/7YL/ar9cdJ7nQyxLxock9Oydmzp2uwXHqO0ydY4WA9NB2sAt/d0raW247IH8jpVfXm0+n9f5pfpeWl/HQGsznx2lfZpxTbKyktky2IVX6yGnp+OzS8OycZan48D9mEYV7h859ATIpYBOqcUjtqwkwuCoO8Kpu55joNzXkXxNmRQj9Z9xi4GoqV7WVVQ9HnHvKcBtBfZ6cnzrizdkk7tjgYSoGzVsZpaCvuozxlpAPNdDvVve9/Br3Uf35PDDDALx5ZxSLZvGr7+qS9BDI9eyufgbXLdhEgIOjgNWj320cnn9Qr05NZK2s1yEjbrM7bqlJ5j+fJLh5efM4dEy9H+PpWHWP8+tb4rKvmu9HPbqjZmjH5xSDY20IQI44oaNnEUCRHHpIip64Rmvjuu4NTYs1WiisrvOJbANeO02Amspd7XNtuHOrDtYxqAXLYqOz136tchJ0ZUBrdn+mqbdT4ycrv03PbGxWA24GxVObY96ctN0T2pLppoG7aSuLB0XRyQMzIqGRl7Mrltm1wnIRKKDk6v2YG+X3ccmM3PzAAwBTJwyvTXuiiJb32+tD8z9zUtSlq5JEQyLxhWvvz4kP3ikGxsoAkRxhU14oq3I1pPeacFx+4A/JJZI2UTi8i3ihV5ndYP6lq4GZLirhMkBV/vtWCMK2mh18ar/mptlU+qTNP1eVXvr417+k2z9S8APuasi37QitHpWsLrLu+5jbWnDclOn8bjI4BHXfuXytxKRJ70uZ5DeRaVvfcAfi5Y45r28yEju3bhqm8eb/nX1FDo7+dk6ICkkFXb2ze+9GgttT0mZyJiSj6/a/j66fbwoezQNEYZ8Wn/aJOHp4O92loRWah9/d1XXRm17WntgsWZ6/6Z+jgZu78G8C1zXlq8NMp5zhd9zm1Gj+bVSLDvK8/Xjy07ULYLTJ3ilRf58QPwi2ljGVf0L64YywyRgqlYq0yGtfIUcvy4Vit9e2Mf2f/boOY0NSvru224LeJMdnDeozfvTuvgrMzgKRAZ9Co7AayHt/t6G4Lesd5KLR2y7sucZ45RMrW3xfteDVGWGq45NVenMz1meF1z3oqusd6eHdkno5bD0drkKjNEQtPBvmeIZJYOeVkigb8vN9k4vK0/FfT/rGBpysZB5iYls0j2jve/dpxtYHz58SH7xaHZ2NBmiDCuqB9XjDYhkjNAjxkhcV3Ckl1zFRUdDU/12jRktDYZYZn1qF/sqdgzh8+vq/Zfn9b5tS07AY3FTR8DgTPO9slx6mLEYC+IKZcuS4kmbTlJlsyc2Cejkz/a5OoJkaB0cBcJkZykSNzytfYuAbvVN7OyPs3o5nlZsOuwVGPmaAfKapFUXs53iR8ful8cmo0NMCHCuKJmXDGaJTMls2SeReRWjQWsqVQuy2bsPd53JVPrmiA6Nx3QcbrdTJVkOv3wCcDnisuEfEzLXVvt6jJl7k/r5yu0sKyoYXzLThBjEcDC6v8lgI2IPKtz3LepfN9wfj9712m3pB9Unf7cxhIOysnIoE0enw4Wkf8E8G/Pl11oYLBUmbtvegmNTldP5fhgT1PXKfpT1bO/qB97myNLeX26sPyEsns+5NzXFK9bEL+UyO+tda1dybitYwtq+fED8YtpYxlX9DKuGGRCRB/6qkodAk2K7CzjeeV46qzlgZvlqu6AVmO0xeu6uUcVhj7Wa1haP68dz7kOTFR9y05ICuwFwJ2I3KssfEJS32eN/PWyXd3noUQPTSoYfhLOmJye61cNCg41deufGaeZDDcRQps8Ph38H/rv/3R8H5M0KDDGNNlPdkA2EZFj5v+f9Si049k+1X6cWWMEJbo5r68/WT//6mgHyhKSdeqHXOLHD8Evpo1lXNHLuGKoM0S+6L+Liuc9F/x8zpmJairEuvx1wSCeWc7BAckUsL4Wr7xLDYZjFhzWs6HvRTk7kp0gFZgWRLpWBRapE/IUwO3bhmnD3ux9cDqtMCavUPD2RZ33jcrpM1uW0CZ3ZpP7qIP/D8A/APw3gP/t4PrzjMx9bOH7U24a6nc7ERCf0eFpAmxTcl8bR99s5ypfFWdz1fXjg/aLaWMZV/Q5rhhqQmSG8ixyWYM9O14HloLyOTCjGs/0KCLfkGTF5gD2InJAMm1y17NBXeetzvepsYEFyy8moF1VPBvPT5Yjc0AyjfwpkEdwmnZLwhuTaTXzM8778wV9/lN6D+ySwTtmtMnj08H/1vv5rw76caX9mO5W1PRymaiGH+3CB0svn0s8/JLX1+pLwFEWbDvwteS+phcGntEIxiBtLOOKIOKKtwN82DRDdqxxelVlU3e63CWkA/iqzslqTBbaTum0oa2upbrvSbBpb4X1u2O/24ogDilYBrO4eX15byn3ncrmIbBHcZ122/e+uIOfqaVbY8zDAMbkJwCfLzj/4jpRlJGgkiK0ydTBPsbpGklBzp0x5taDnBwauu/ISjyULXVZIH/26PsK93WbGZsu8l119lEdP34IfjFtLOOK3sYVQ5whMrtA6c4qKo4u1mo9q3G4yPnUzGG6lirdr3kjIn3Yh7qOUbWXRz0GJqdbD8pgokHLPCNLvUk0WHuH24UF70PMcru+zdE3do89Lnx1m5GZtnkIeUyKSDr98hIdVLtOFGUk6MQIbTJ1cFttsfSQDMnSVLBZRS/PMkFhNgB2CRRneZ8TkVUmGZsbfKZJiJLZC3X8+CH4xbSxjCt6G1e8GaDuT5VU1UJCaYGig8sbmYpr4ZpOiNgD+lIn7MUYc2+MESTZMyApMnMSkXV2CqTnZ8z+XNQXEV7XmD703bHxLTv6Zuio17wxxlxrEbUYyRTtSdfOmhZe26jSegDwzhizCHjKX6lhSneW6LO8prrB03Hb8ZjEJWPSqmD+dGGfRq66jzIyyMQIbTJ1cNNBS6y+7W2f5OSM/q2cCNBAuWgZhd2/R0ffbJuVkwL5yi5NiK3gq0k/Pmi/mDaWcUXf44o3Ld/QrINGSZXUvMJ9TizF8bHidfIUYpscc4xEU47YgzHmHZKM319I3iicRCT23I/fCoxhEWkR3WdjzH0NGY06ktHWZUdEttqP98aYu4wRucu5H1/KKhKRlYicVIFeqfP/ToOBlwZ0T+ThOZYapGTldOHgvNyjo+Kw2v7LzJTaMWO3w3PNMflFnYPPF97L1dCcNUKbTB3cGXFF3/YSeX1BxeUgGsjtzyRFfrK+/5xOXOM1gXgumfBXyXfkBZSLnGTMD/VDrFlJZcFoHT8+dL94NDaWcUWgcYUxJvcAcAJg9JgWfe7M+Ufr/GXV8+scqiRMlevitd5IpftEkj1Or7Px8Xx63al13ajla80A7O3nBDDx9Jxp+65KPrfUz52q3ltGRuce+9CL7KhCMEjW3Z8b4xOPz55m+NPnPzatH3z1qxqE9DpxkR46M7ZaH8Nn+sDW72vf99C3I6Pn4gtkYd/AvXjXSTyCkdNB2+SMjirVTSHqYO2zo2d/Mfb4fGmfnBzv73Suny15Kuwr9Sm2DvJU6OdnrmNyfKVlwfetM/dxbMuPD9kvDtXGWn0dM64YdlzhIjAGwKzizc0z5588NcrSaoy4THGoUjrWSdpknm/l2aDW6pcLjao92LZtX9tyaE6O/T0JQUZ9yU7G4E564MhPrDFp1DjOW7iOt37NjIllxuHdFxkGbYuTr0RxmePnU/Z7GmRGmfaYV5TrTVPJf58Jbx5By+zgbHLNhEhwOlifbeox+eLdB7DafeYQ4C4r6Od5QWLrVKYvrYBpU+A3nGwfJceniAqecZn526otPz5UvzhkG1slIcK4Iuy4wn7I9JhnhO97tkUVT/q5qOQthn3+3qPy/54RtRTgSX9On2FpPePRxTjpM6fn7jPPt7G+e+LhOfddvNn1FdTmKJe93UfazttL2iBHRltLMHUhO1b77MfkuHvu11XOm0l7XeU864BZjteqwz7pRD/3MKAsGpNr/b+8Y67nrHPOM00m9Rn48xiTTb5whkhQOthzkLTvSL/+YH/17yttf+fZTZkZD1NLRlb23yq8vZ9b3xFnvjf9zORc4sy6p7jK7JBL/fhQ/OKh2NiKCRHGFQHHFXmZO9ejLKu7rpJwaDBRMM1xGNaZtwUnbcD5BUqi6Nh6eM61r2t1tewhx+E7ar+dtC9Xl75BtRzJY4szFjqRna5mL5VM7falB1rv14xxTXVLOjMtymmHk+UETnvgKK+beJMb8LID08KxalB2Ywb8PMZmk6smRELWwR6TEqsOZTK2Egx2/0xryt0mI3dxVZmzEmbp/axz7ntjXWNVIntHK6aY+PDj++4XD8nG1lgyw7gi0LhCjDHIFn8pKjxif27IVbn7jhZuOmrhnHcd3kdaxfqTKo0XAB9ddunpYZvGmvV8HJB8AMDCZ3/otbdW0a9HdTie2a+ElMrrUcfOTV+2rSNByc8gbLI+xwnJ7hj37NmLZOGR/jr9ePpP9WyspYsejTF3jCuGG1e8SZMb9lH0YZfPkPZRIdgBiLrcJUJlIVsFP9RtEa8wzF0dfAdVM/y9svNdx1vnDrVfyTAd5AmSCvxMhpCx22TSjCzQX6cfT/+pGxvLuCKguOINSKikW6kteqLcH3Uf6rtA23OKv29rFrqhdTUQSxFZNiwH73rkiA2mX8ngucvodkLGbJMJoR9P/ylkG8u4IqC4ggmRcIXzCUnmcdnBfteDQkSmSKYtDulNyoOlkIuee6WG4Zn9SkjnLFVeH9gUhBBCP57+U5g2lnFFeHEFEyJhc2cNclKfTwA+D8zQ3iOZ1vZFFXOqrCIRmes6yjsk6yh37FdCOnU+l0hqPnxkaxBCCP14+k9B21jGFaHJSLrVDAl2kG8BvAfwM9+E12q/KZIt+a4H+nwrAB/UEKQckFTM3rFfCemFvJ6QrGu+YWsQjgcWVSX04+k/dW9j6xRVZVwRJm+pioLnDrp1GF4zzcRd0W3Q3/WbF6NTAx/Yr4T0Vl7X4OwQQgihH9+xHz9E/8mnjWVcES5cMhO+YD7rwFv2uFJ1X1kDuOeODuxXQjpy1KYAVgDuKK+EEEI/nv5T0DaW/meossIlM4NxrNdI1iDedLzNKSGEkHKdHQH4A8Cv3AmEkB/GBpfMEPrxpFMbW2fJDAkTLpkZCMaYex24WwCsm0AIIf3mNwA7OlmEFDK3i/chWZf/yGYh9ONJGzbWWvJCRgZniAytQ5NiNz/xrQohhFBPExLg+EjfymbhW1pC+0Baa0PqnvHy/0idb4YBqtRnAAAAAElFTkSuQmCC" alt="\[\begin{mdMathprearray}%
1.\mdMathspace{1}&amp;\mdMathspace{1}\mathid{SP}(&lt;\sigma,\mdMathspace{1}\mathid{P}_\mathid{c}&gt;,\mdMathspace{1}\mathid{x}\mdMathspace{1}:=\mdMathspace{1}\mathid{E})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{1}&lt;\sigma[\mathid{x}\mdMathspace{1}\mapsto \mathid{eval}(\sigma,\mathid{E})],\mdMathspace{1}\mathid{P}_\mathid{c}&gt;\\
\end{mdMathprearray}\]" class="math-display math" style="vertical-align:-0.000em;height:1.509em"></div>
<p>where <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALIAAAArCAYAAADc49LjAAAHgElEQVR42u1d4XGcOhD+5HEB5FLBIx3glEA6wEkFj+uATCrIkA5wKkguHXAdPHMdcKkgwR3o/bjlvNYIIQnwnc/SDBP7IoS0++1q9e1yFlJKhLZcE0IkUspdkIS//ADspZQPpn5XQVSLKSASQrQA4iCNSW0FoBFCxAHIzw/iGMBvAL+klL+CRPyblHILoBwDswihxSJAbmk7/BCkMZtMKwApgBtdmBE88qOgUiHERghRCyEaIUQrhJAkQJdxNrQd3l6wrEqSzRJXOeCZ1/TjRvf/1wHCxxbRFStxbeOg4BxABuB27HDywttXAD/IYGMAqrGvAdyPxL29rD8BSBQ9DLVbCjEKKeU3FenhUi4ANQBJV+xwXwegeYXy6pi8Nh73J2yMYqTvhvpF/PMQWuhb75EfpJR72+2WvMnnV3iw5V609jjQ7cjLA8CYvHv5fg8x8ghtxoC8dbinoAPe9pWJLFV+911/f9/DCOj3AHYAMuKYA5AH2kcP7/KF/q1eobw4M2O9g2na3tIjg3nvdaDfzKxDRr++s1GMEKKj7fXNhR/yTGsHDrz5rec4EYBOSiks+0vy0CJ4ZPNWubcEcUqK3L9CEE+OjxUmw0V+O8YUBSAbFGMb691ywYb42CjfQgiRDfx3ZBlW9O2eyz8AeVgxteM99SuUl2t8vB4CKzEXLmFJ/UT+FhxfjgN31+LA9XU0SDpyX4pDMqGje8f4wQoHfrDy4CArNr8WQKn0iTz448iif8T6JzPwsRHJu8ZTbnbs6gBk58wfk57kjM/mso9NHQsOQq5YOgx1Q+AkZTSgZAIDaTnQP1MUk1gupifHa7DEBT2vpsV2tmOy57eWzz/OewbFFA7A1V3ZM4M4Vp6fj/RvANQLGVI+NMFmzMp6JRqyNJFGSZ3JWm2VQnNsTR6cgNyyMVMbj+GyK7B1tRM9S8ONCIdqr5zGr1XAkOz5lZzAG+cm54PHFHTG1lfMPId+3EoHkM5lq4CSwqXB0wHPKS09Ujqi+H6O9UhoI21DBdvnD4RDzQwgHgwPFNCUZ5KW3njsGulCpQT1EEA6i0FKtR+BpzNsAa2lhcUWfYzgVGKoxiU+9hHk0jUdbHfpzrC+oibHxq+UvHE1V/hlMKZW511s4p1cZ2E0cGGIfwsL47D12pXFYdPai7mAXmNUm4kxcWrpOKwPomcWH9dYoJiKYba7ZvxpzqiNnxp+NSZL69OCHzR1BT80XOIn9vPY2xLtEB9LmR9eq7pxoIZ+WCQ1fGoFes75r0cWq1/L1rI+48+E5MFJ+WMPudq2owyu1Zw1tUYIocuF7wCshwSvvtZDCusJ8J0Fz3hjWHCucJZjgskUjtIW9C588EoVqGXjaykt73n3gvnj2LTOPhHl8ZLun6NDUeKvWU+WyiElt+jfDm2zyhxLB46xdggRpOP6Wp8DmE+86xPDn0v9scXZqPahD3l4ds0sBgukWtfMK95ZpIdXOk+rlFbaeE3rDB2NnUzc/iLHNHjs8byU7Ywvqr5CSvnOMF4C4L3n+41v+13hypDDnqO5AGStxubK1sQFs3XY+rZzgd4Qo60c7uFr+c8SPHyOpy4Vnav+mIdWXyc6kL9XGut5mMlyE0eA5AYlxUqsPtY+svhtx72JAgoj6PvKKkPbu3pkz92P1yDcvbD4eAwj6YQ1rVSPvPc8tKiA5e29rcKoIureEOzvbYGsbH33Gq+fDHkYBfSJ5hA8NC8Xj7x3MUoKfXqD+nYGpaK+DI+ufcehhtl3Tb2e91cK0CJHEG8MyuZj/bVY0GdDjLXTUS5jcbnGgHKN8Ifi1bWFolpd6DPS7odCJoNsgEO982dH/aRkCCeLjw1jFeRUvk6Y0uroEDTJg9Qhq2KbIk5HSO3SgVlwSUtnSkq9NbAbleZkHjvUZ0QeDERhyfqMzmWE5ckWqq+IJ47TTJzPcX26dN/GouKrhUVhDaNpKgN90jiUaw6Chs2LCzsZMxg2x1IZq3EUZuqRGesslN16gFitJuxmrm3wGpPWvZnDwFQ8DE20wtPqtT7z15q43pGH5crnGzimdhlvWPfzw+MXhDTssycer5+7jXfAY/Ve4pimLj3B1igGl7L5l55KVncmr4IdDNRMMANLR66MHeKbOY2LG7qUEkMC7gu7+6shmiTxrPAqeBKAxssnKKlW5pYP1Cb0xfY1zIVIfalh52KoSg1E7emh+EsB/XoKTKynYMBracxsBmOY88pnWl8lpQxvUc90AGqJinpzpnOsaMe5uyC591/ZeyOl3IV39iY24lG3ACINR30ubYUTZwQXcB4xMTk7ILx8OlerNImLc2oJ5s3YnrqtFbmH0GKBre6svqSFEjvfpZQ3FyTrjnbDYygXPPL8XiI/s3l9mZh0ODcQ50Qg/Pvk8+CRZxVyjUNq/p9z8MrkjTem6rMX6o336g4TPPL8Xll9k+VUCo9w4OpvLwjEpc4bB4+8jLAzAtCHU37FLFFu9aX8MR7aXRoc3lC6C0B+Ps+R48Bx7oNEZtldfgP4yf6WSADyM3rE9JLi0xPKsqG4eDBMCkBeVgEFgLeu5ZehucvwfwOU8r4xH6dnAAAAAElFTkSuQmCC" alt="$eval(\sigma,E)$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em"> evaluates expression <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAdCAYAAABSZrcyAAABm0lEQVRIx8VX7W3CMBB9z2KAiBEyQtoRYAOkbkA3oCNUjEA7AmxARiBsUEYo2eD651K5luOcQ6JasvLh+8j53jtfKCL4tyEivRPAHoDMNPdMRU6yAFACWOr1EIi8ArgkYlsC6Gy8AKi8tY9k5JGduHtffszRVf3Ks7Fz1vSQLDWKbpxHpPgK4F0fby5DdxU81yNh1um1Oc7X3n0rIreRzm+PRl5PwDKb8ynyHTCgBQA3R75J7khuepaL3603UuToUexukP8CUCXWSxHB5PxWLovFrpsh359WQLoR+b6EJZhkSXJDstHITYBcZPIbABqSQzpXE4uGjlSSd2/bawBvPYfHGsBWQcyHI4/k+6j1OTZOKr+0Et5Nye/c6ucy8m2p52UKbArMakzktbFmp+QO+oHpNkqF/LZnm9s8xBoJa5GZ6vzuxt5rJAYjz6rnlpILoPjzfq5+LbDVxGzMnm8AO7VRWZ1vA+flSMednSa63qN0fiTfunM+ZjYxuYWSvwpqtI/0b5KrASQXqv8E4Dn4OWhF5JSilMw4e/HyA0LLUfEX45grAAAAAElFTkSuQmCC" alt="$E$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> under the store <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAASCAYAAACw50UTAAABEUlEQVQ4y5WU623DMAyEPwUZwDOoG2QGdwN3BXcD76AR2hWSDYxOUCQbKCPUI6h/6JQV9GAEEDCE45l3pEhKiVoAAzADK7AByRgbMLWIlyfISjEdyY5zbgC+gJNc3YELEEXJKzCqlHfgJ6O5p5RuJRuuWlpF1awqDFX1WdKqknynH3EvokueeTy2iAUfFH6okosdO3DtEReKKao8SANm1YyA7bx0EVb/CpU/+tPA4JW88xPke06sYQ5Cvp9vix/OOT3nHzVcTn4z+v2mvj9bwNE624XJCh3sP7Blvs89r/M53zu/dIhntRq8ldx3n/IfcbQQ589/kuQrcFL3o1IWrKNaWlxeRiuK9E1+ttT2Ryt+AVgpvMAK6aihAAAAAElFTkSuQmCC" alt="$\sigma$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">
(where every occurrence of a free variable
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAASCAYAAAC5DOVpAAABG0lEQVQ4y42U4U3EMAyFv54YIGKEjlCxAR2hYoTeBl0B3QiFDegIMAJhgzICGcH8wD6ZqEkuUqQkfnp99nONiGAbGIEIJGAHFh/PN7ACAqwigg/MStRnwEuBaNK47cECg6oJDrwoKBXIhoxsskAExgy8GbCS5uLIRqtTOgAmBe2NukXF9SfgDDzjVtd1ExD0ulJfH/zJ/7ZChlKKZkhF2QzEf266YHBEsUbkXL+ICKcD2U/u3ErRav6O5loqqNygqvfmHSkbfGEb6wy8XW+VRlxuUJaAoaTswZ2/apK0fT5F5Iq7yzDBnX8aKb4Cj/4hV+bV3FdUrcCLV1VyM/mxUvgfD/uvNQ3m7H0DtqIhha8HVbDbGNL+m2vu/gKZZu4Djud7fwAAAABJRU5ErkJggg==" alt="$v$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> in <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAdCAYAAABSZrcyAAABm0lEQVRIx8VX7W3CMBB9z2KAiBEyQtoRYAOkbkA3oCNUjEA7AmxARiBsUEYo2eD651K5luOcQ6JasvLh+8j53jtfKCL4tyEivRPAHoDMNPdMRU6yAFACWOr1EIi8ArgkYlsC6Gy8AKi8tY9k5JGduHtffszRVf3Ks7Fz1vSQLDWKbpxHpPgK4F0fby5DdxU81yNh1um1Oc7X3n0rIreRzm+PRl5PwDKb8ynyHTCgBQA3R75J7khuepaL3603UuToUexukP8CUCXWSxHB5PxWLovFrpsh359WQLoR+b6EJZhkSXJDstHITYBcZPIbABqSQzpXE4uGjlSSd2/bawBvPYfHGsBWQcyHI4/k+6j1OTZOKr+0Et5Nye/c6ucy8m2p52UKbArMakzktbFmp+QO+oHpNkqF/LZnm9s8xBoJa5GZ6vzuxt5rJAYjz6rnlpILoPjzfq5+LbDVxGzMnm8AO7VRWZ1vA+flSMednSa63qN0fiTfunM+ZjYxuYWSvwpqtI/0b5KrASQXqv8E4Dn4OWhF5JSilMw4e/HyA0LLUfEX45grAAAAAElFTkSuQmCC" alt="$E$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> is replaced by the value <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEEAAAArCAYAAAAnmOV5AAACwUlEQVRo3u2a0ZGbMBCG//VQALkOQjog6eC4DkjSAXTgKyFjd4BTQWJ3cE4FOdwB10EOd7B5yGpmowEkbDD3oJ3RGAuEVt+upF3ZxMy4tRBRDGDfcWvPzLtb9xlhOck66l6W6HOFZWXLzKRKOVdHzHzWfQF4Z+4tDeFNSIAQIAQIAUKAECAECAFCgBAgXAGBiGIiKojoiYhaImLP0hJRPmEGmBFRLe9tiGjteL4SPSrfxKKzAFgD4CtKPvDuWJ7Z9D2jni0A1AAS+V4NtQWQW3qkDh2qqCfv/gUgVentAUAjDR+slLQE8Gqnp8x8msADUgAbAO+Z+SzVjXwWAB490vEEwMnbE2SQtRBq+6wpCrCvNS/1BNEls+r2pm9PL85cnmDfeFKNE4eCjYE1BwTxtrajvpW2jQfA3nFoCCvlemvl5g/M7DrlOchnLFNoaikBfLOmRy7Km7VhSI7i6c7TqkitAxvTmJmPHkr+Udd3AM4TQ/hhBqLka4cR+qRxrgUagsxxIxtPJT/MuXcz86FjwTbb7snDwh87IA7GCeZs7+zpBWbVha/LTSBf1LXP/p/JGueGQESJGtBxhFJZz5Y0l5QK+s6xtSYA7nwNutIWBfDbN4IbaZUpJB1hqBLAT98XRxYE3wDns7rezT16CZqM+Lh4AeB+TO7wMhBtoSeiNAvpVkVyc8onX0PJNvo8JmKNADxbi50LxHcVGj/eaCroOOTVQ7/7MS9fiSWP1rzro1zINnWWHOJWcrJikt7sEcBudN4iIWTiCoFVvtC4QuqpcoeecLkayBfqC3SoulLQWqefar+9KFmaEEKq8prCqt/j3y/auAqC8ohKrN1KqYVyPAWASyGodmudvIl+xRU6/H+eIJFfiTcqsn5tpYQzxgAhQAgQAoQAIUAIEGaXaOH+c+usYIk/cy4OIbEOdZb4Myf+AmvwBtGadeckAAAAAElFTkSuQmCC" alt="$\sigma[v]$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em">). 
This is the standard substitution rule of a standard operational semantics. 
</p>
<p class="indent para-continue">We also redefine the rule for the <strong>if-then-else</strong> statement so
that it chooses which branch to take and appends the appropriate
symbolic expression (predicate) to the path-condition <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACkAAAAiCAYAAADCp/A1AAACEUlEQVRYw8WY4W3bMBCFvwsyANsRNIKRbiBv4BnSDVx0gkDdIN2gUDeQV1A3sEawtQH75xxcGFkmRdE5gIAg6cTHu+N7POG959oA9oDPGGegAxqgmptrboiCmTQRccAT4ICvOpkzr/wABmAMXB1QAd+Anbn/23v/nVRLWRHQmyi1kT4u8OtSI5kK0qbyOcHPBb5NEZBAHUxUZWThnOL7kFAZW3M9eu+HxMqy7zsR2cQ6poCszfWBdHMstBSQduXdgrmeZiKbD1JE6uBWUiQ1tTaSB+/9uHYkc+sx5MZmdZ5cwo9r0U80BS3lR/Xtli4wGuRSflRZtBnYL9XumMmaWBLW1NZAa6OXc7i4ecDQndkH9DNG8OBB0/x3wSb7iCHiFHQ2t34BLzObcKSAPSYS8J9SQHJ4chtE6h+fYLdA5up1WZBaj7l6XTySWXp9L5B3qUcRcSKyF5FeRI5mNDe1Gzjm9CWRqvSs3++BzYSctlcVZ+JQsC8A8PWanttWeg7kLgC5WRngRWqPV563NoO3Vvm2mhUBbsy367kzwDvtFpHK/ADYarjDQ+sAnIAhR3VEpNVMjd77Lym9S8qvkyYzkpfvvMb6PCq1yD34TjN2sb5Et7iGnYp1i2uZ1vKYEPlGRKqHT1C5lylFmwDY6Q4fKKEkEZvnwoO7ib6oUbVrotuHgptoB/xUYCdTp53+x3wri/9wG9wkgrGsbwAAAABJRU5ErkJggg==" alt="$P_c$" class="math-inline math" style="vertical-align:-0.159em;height:0.885em">:
</p>
<div class="mathpre para-block input-mathpre"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA9AAAADPCAYAAAAdxjk7AAAgAElEQVR42u2d+3XbONPGH3znLYDxVrByB3K2gpfuQN5UELkD+aSCHLoDOhXsyh3IbwUbqQNpK9hQHeD7g8MEwfICULyA1PM7hyeOzQswGAxmcFVaaxBCCCGEEEII6R6lVAog1VofKI0ZlCcDaEIIIYQQQgjpJXheA0gBnLTWt5TI9Pk/ioAQQgghhBBCOg+eIwAJgAOAhVJqQ6kwgCaEEEIIIYQQ8m8SABGA/wJ4AZAopRYUy7ThFG5CCCGEEEII6TLIUmoJYA/gUWv9IqPRfwP4qrW+p4QYQBNCCCGEEEIIyQPoPYDIXPdsrIe+11q/UUoMoAkhhBBCCCHk2oPnIlC+s3feLgusybTgGmhCCCGEEEII6SZ4jiR4fqk4tuoj8g3FEkpromXMEWhCCCGEEEII6SSA3gKIAfyqtT5X3JMCWAO41VqfKDUG0IQQQgghhBBybcHzTxuH1dzHDcUYQBNCCCGEEELIVQfQRwBnrfWdw70rAFsAD1rrV0qPATQhhBBCCCGEXEvwXLlxWM0zewALrfU7SnA6cBMxQgghhBBCCGkfPDdtHFbFA4CIG4pNrLw5Ak0IIYQQQgghrQPoxo3Dap5NAGzADcUYQBNCCCGEEELIzINnp43DGt6RgRuKTQZO4SZVhoAQQgghhJBOfEuZ5jxHtgAObYNn4SOAWDYWIwygyYSMWyS7By4oDUIIIYQQ0hE3APZKqVn5mEqpjfjNHy95j+zC/QbgC1WFAfScg82lUipVSu2VUplSSsvPm5J7d6EbDEnf3wBeuZU+IYQQtqWEOkK6Qmv9BiCZUxAtI+oJ/DcOq+IR3FBsngG0UmohBiy+UkMeyUYBe+Q9Tp8B/BfAHfLd9x5FPku5fwsgnsCmADvkay+eWC0IGdSmxOIMFk7hsuV7VkqpreVkHuV3dCjr2zRdc3FJC9vSPvJfp3MxNYQ6EnibVae/UU0Q/QLgTwC7mUzn/gLgDKAT31l09xnAhu122PynxTMpgAhXOM1XjPT/5L/30ptmcgDwIkb8f0qpPwGs5Pch52uLfGrNHasEIYPblJ3xqyXy3nnnnTiN3TsLzuKg3Ij9WQBYKaXKbBYhbEsJdYQMhtb6UZYLbgHcT1xHV8inXf+ulOrq1f8Y8RY3FJtDAC0L26915HmBvBcUaNhmXmv9oJTSANbyq7ea926QT/9ow1ne/Ufbaddy6PsKwIPvtvtkdJ0cVXdIJzzW/P7JQQd2lk1+0lo/G38z2QJ4d4G+2YF6F7xqrR86rBNabLCzJ6O1PimlbpF3DH8Se0gm1pZOkELnHo38EerIFALgN8NmfkHe8evLA/LO4k3RZk2Q2Pi3j9joPbUtYDvleoyVTLX4WyoMcMFW7RM16MXmWk75tpzNu6q1ESLX9yLX3ywH9RXAHxLsmBQzAD4YhuskQfDBM18ZgJPWmqPP09PJUXWHdFKGu4qGtzGwLOlA+ekZqdv2FLl3bTvKLH27t5z+N+S95VXvLvTuNytAfevqyA5xuo++AbT1jhg/zwiotd8knLZ0wvJYGsFiwVXPFqGOTKqsyjryndoZmT2wuqRdImQsfEagkxJn7FoMRCLG3GeL+r+KH+qMuRiNN/nOyQqCPjYYlWcZQU4lfW2mfkboaO0GGZYxdYd0RlUAvXN49pP1/9T6/1fr3adLnBRL385WAP3oYXe+B7rodrol14tdcVtKqCPUkVG4JPB9kgD6C/IRaUImg9MmYtJD+juAlyuVUxGYfPZ4pnAmfXqRTWf34OLsSgPzWuNEV5VpJPk6cV3kLBhMd0innSDPJUHkW5PjKPU3qrA5BQ9is09Szl2upbq3AvOTR55P+NFpd+wwTXTA2JYS6giZTvt3kvZvxc0aySwDaORr5z5eo4CsA83b9GzuPO79YPz8h8dzf5mBlOPOhp8YNM2KIXWHdOtE3Enw94x8Kr1LoHtT8rtv1nvPWutHrfWt1vqh49kFZodNG6f1UBH0t7XTEbiOlG0poY6QqVF0lDxSFGRWAbSsbzhd8UZD91UOqqOD6+NcLls6pb9Y/3eZylg4m0HMKpDjKjY8vqM1Q+pOn3qwUEol13Z8g9b6VWv9NAU7K8GqqW/bC17XVVDPMzPZlhLqCHVkgm2f5ZMSMv0AWpzYT7juqXGmI++zI14kxsGpF9UOHD3X8dhTX84O34pw4ZrIDgPnBEAmTjCnYfrLcDDdGYAY+RQ+nl8cLra+tXFaC/t46kD/13S+2JYS6gh1ZLIcDFtOyPQDaOTTez9f+e54Zt59Ntt6Q35MhSv31rM+mA3N2cEpfTCN1khB30IplUrgvJG0PGitOY3HnyF1p1dk7e8d8jW7Kwmkd5yZEKy+HZqC24plATe4YPRZOt5i2cWcy1DYlhLqCHVkuny1fFNCphtAy1qUxYTPZ+sK08mLlVKpyzpRWX/o4yCaAYLzlEhjNLngs8e3Bl8vpJRaitN7RD5q9Ib82Ik7nkfcmiF1Z4gg+iDHMd0iX2IQA9gppfbWGrlJo5TKlFK64orLyqv4O8o33yp7X9Szvv1Rk7+FBLc3FXY1bSm3BfKOt6odzFEl1w7KLJIlBjuj/IpOnk1beSulVtK2HC29KGZirJtkUqNLeog8BNSWDlF3LyqvDr6/kLLaWd/PxE5uxF5s5UioSeRrLjoyh/osvloi+pRZ+rXtuFN7V9K2EBI2WuvSSxyUpfW7FICWa1317Jwu5FOKdMm1Rz5yuujgG5H17oXHszvjuaPnt5YDyjEWmRXf3nYhu5ayXovcsoqyLbsyAKsA9XMw3Rk5j4mZ1jnYnwb9iyvqkPa8op71bVlzbwIgG0DnnS9HO6XL8ij2XhvBe2LVoeJvPnVwXaIHxbu31t8qbVBNO/VTvvvIQ0ht6QB1tpPyst65dKn/Vr0yv72RdK3l510Lve88X9eoI3Ooz/Jt+x1H8f/tfOytuKBVu2PZ9MU1xBa8ZhAfVihzCiCt+P1VBdAl+S67jmJYFi3fvzKNXdvnXL5vPjNgg3I00pl27dR7pGXT1vGWK8QAejDdCSS/G6PxLqb/RxPunFtU2Je4haO5GljftEP6tgOkyTtg8A2gjaAlcfj+0fFbW+u5raPd2tSUzcrqqPwujz7yEFpb2rOedVpebQJoK3heNrwzc6kPfeXr2nRkDvVZ/DXtGOSvu+y4NfR1zeCM1yQD6MLwOhi2q1JyB6PeWi7Wu9MWhm7varAM4328lkBHejf3JQ1wVY/92mi8ims5Ab3sVXcC7Ok3O2aSCQfSywkF0KaTuCupZwtrFGY9gwA6bQhq4hblZzvbu4b7E4+R/7L0rLrOQ4ht6YDBUZfltXScgRL52HqXzvI+83VNOjKH+mx3jrqUb4Xutg2g9z5+TCCd+Xqga8eAdRoB9LGmx+lqA2jDWKQOU3+Xnu89ujjBhnN6NALTdcuGaX8NU22t4Nm1NzWZkE4OpjuB5n8VwtKAKwqgM8+GfzGDALp2tK2iLBJPR3XhOW1955mHrMs8hNqWDjHroofyWrZYwrF1THtlfeg7X9eiI3OozxXLYtKWnQdtA+jdlIJFKZetpLvPa8tR+QkE0MVonGOv4FUXqBioTdn0Gp/gtMJwZdZl/23b1lnuw0iVTEPdhzLd2XKuF47BaDYRHRxUdybQmO2sdWdLBtC9rk9cSdqLK5ZOmv2Q9WiIALpFPUwdO72c5VTS1kRj5SG0trTQvwE6KfsoL9cAeu3bwSEd2skY+QrR35qofgxhk9K2HRMdBtDb0Pdj4cXLvP7P3MkP+ZnPPEbIbfO1k9b6WWt9J7sFmztALj12PjR3HTwDeAfgV+t6B+Cd1lpprd9prR8u2LH6xvjWpTtNLpVSW/y8o/Z9KDtqK6U2hnzvHXbpLNIc9bgTbV+7IQ+hOyHXxzet9b3Uxddi07q57dwdkr5prV9lx/TiepNjyIqjSP6cSb7b1JebKpuJn8+6tXceruOr9f/3Y+QhtLZUZLqH37FHzm3cSOVVhv3djeyMXOy2HJfI9klr/RR4vnrREWt36qOxA3ZnO83PqD7/XiLzoY85/Tak3SHkUsxjrLbIz3w+USz+xh0/n42KEqNaxQfj5zc5jqH06ii5kWWs2jQasVJqL07LSoz5ndb6Xmv9FkKZSAOZGHJ1Sdc/QzuPFzK07kyiLsoRWO+QH4G1BLAV52kNcgm+543vZpLvLtvEsmNavomzX3vh352ey5HyEERbKh24qbRDfTFWeZXJ5q2iHGNp63bGEUapBHfB56sPHZHO8/9Jm57I/UVHQoL8yL8N6/P3ToAQBgyuxk8h8+A/UoF45vO/g68bn84ErfVJKfVmGFTXACwe2OFsPQIt56/ujMbqBfn0sBCdMzNYShyfuZ2Yqg6tO1MKpM8AHpVST6ILnwCkSqkEwEeeOd6rvi3rgmxpbw4T6qz9p8N33VbINevZ4fxnDMH10ZZK5+1S8v8G4NBjEDdWeVVxLx0GdQFPsd/FWin1KvbuHGq+utYRsS+/yWi1HXS+SkdqCiBRSv1SNkJ/ZfV5gTAo8jSF2X+E5AE0gC8A/ktxfOeL/Pvg+dyp4ue6gNQ0FkOM3n67wEDFhrE9IF9TE6oTXCxFOHuMii/MBjpkBR1JdyYZSIsTeStOZSROKANoP31beujbDWRGRIWzvJUyuMbZTmUdqwf4Tz/+NsIUy1Da0v+auiXLiJbXUF4SON5JHXLJ80ratbuA89W1jnxBvgxrLUtKbBm+KKUexJ/ZKKUu8WPmUJ9vuu4UIeQqAmiZAvUG4OS7LsS8f2bTRGPko6sXNXSO34ER6A3pUEYt8vSilPqKfDRvhXyN6QHAUyhTt43gctEisIxdOz8C0dGxdGdKQV+hq4Vj85mjz/3qmzitVfZzDeAUkr0YmG8VzvPbjPWm07Z0YF8juPISedyJfYuRd0a9r2nTl0qpxBppDSlfnemI+KSFHJ5q3psaNu0R7dfPz6E+fwskHb8weCeTCqDxY1TRd6OdVK7CWX2+cCpMSMFXhHxjLF98gzbfNYVdUBinVmt8pZf0QeRUTI/dKaVOEkiHEJyYU5L+ciz32NLt0BlDd6ZSh2PRzdiQz9NERuzmrm+fAHweQSeKke+T1nrMjTLL2pWbmdbDIdvSqysvsWcHAM+GvJdSV3+3AuqNFSQGka+udURmHBVT+uvacbNTJrry+lzWGTrGNOqL9+cZwc94HEhWOy6xDTOAfvCo8KlhtJ7x8zq4uYyAxRc4aLFnADbGGtaTNC4XVXrp8S3WmH6SBnqrlDpLsPIyYhmaAbRr0GROH3uZmJ72rjvi6Dzi5462U0iBqax9+4QfUxtfJX0cnQ9A32TtYTRi/YoDaKde8e89GZZXoDN9t6WzLy9x2IvNXp8r2uRine+T3BubNtywhaHkq3MdKVn7jIYg93jN9VlrfVBKhZCUzk6IGYh7+A88XgID6MD4P+P4kcbLevZo/X0uTmox0uK7oVRhRA8uo7Ceawq7DqCBjnpJZZfnJ621wo8e7lQplckREmP0ZPquRY/wY9Ox59CXIwytO7Lx1lG+eae1vtVa34rjspfgekx5rJVSR/xYF/iM/OiuBwbPnekbLtE3Y1f815HqVyijhieUdOo17Jhcpu96ArvKD9KWXlF5FaO1jw7pPsuxfufA8zWWjpgzag6sz//eE6TsWLSeiVx9tkBs+ZMcDzrEdU9PJMAAeiAHLB7byfagMBorj/wtjADso+d3gGHXsB6Nxrhrg/KstX4nDfw35KPSmRypMWT5f7WcjiaKTUxOvssQRLejkXS0d91RSu2kHJ+01o9W8PNYkp6hgrpIzvPMJJC/kQ6cd9KwXbozbDyRs8CH1rdTS337Ig5SH9O3Xco6JOesrI14dNV7I3j4yrb0Kstr4XG2/ckK9kLL11g6Ujz/1sF65TnU5zK/x7UToKt28mZKATQhvQfQMjK0AxD8OazWzsYLl/SKASymND56TGcdaw1rYaSjvgIErfWLjFDeI++dXUv5b4cIpCV4enNpBKSMV+KE37fU7czDoemCQXRHNhiMxckomz70fmj9lcA5QX5MSCIdNY9a63fSgXPu0GYNXa6h8uESfZPzVoujq/qY7r8r+eaywlEffbmByMB2WNdNIz7GOu4IwEvIa/oHbkuvsby+OLbf5nKWoPI1lo7Iru2RBGoPrM/fO1fsPHxytO1ddaAXuvoXCJkCWmvnC/nopZZr43D/yrhfA8h8vjf0JYGelnymTfmUCl/IZO35Le0jy47zWXw3Huh7S2n0iu/u+v428pHnWp2zynvh+f7RdHsI3ZEyK76xCKBuLow6qZGfhbrq4TuDl6sla6e6aei3efUhj6jtNySNW+PZdU/yi6RDxUznzkpH8feo4V1xiVw3njLSALYO6d64fkv0smhr9qHkIZC2dGuXeU961ld5OdV/Q6bakO2ypjx3Lja8r3yFpCNdtPnXUJ+lU7rUjpa8Py35xvf0id2NWrSBUchxAi9e3/XWwQEqjkpISoz3Wv6+LFP6koq/DzyA3oqjtbCMSTHatZY8rY1Gu7IRKzEQxbN727AZ714MkM/i+8kcg6CSYGhvlpHIeXeJDCoatbjHAGtQ3THksx+5Tg7a+TJwuWYlgd9Pwbstf+OZrOaZDPkeFX3oWyJ/K7tW8kxS8pweQE+ykjZq1xT8GwF2U1lkpi54lEVTULAveXYvabf/loaWh6Hb0rEC6C7Ly6P+mzJcW38zv52KXFNL5338k07yFaKOWP7Arq8gbQ712Qrui2dSCYo3VqdoYumbbtMBbXZsMDDjNZcA+lhTMexr3dCj1drwDeis7+00iiErHMLMMCg71+CvwimvuoZwApKhvlXTe5nYnTE9B+1Ho/HYS0MQXfju1Eh/XyOio+jOWLMjrHzvrY6C5UDf7r1cS2YSVF3HFs+0Dlg99c3n2gxUduti+r1RhrW6UzGaX3WtWpRF4uh42+2MtuzVIuQ8DNGWjh1Ad1VenrJfWHUzkzZ0abVt2hrRXY2Rr0B1ZNVV4D+EHAOxSasS/SrSnxT+kxVQtw2g0yHLhxevLi4lylu3RsNcV+r1dxL0+rQj8g2o3o2YjmL360/iEJwBfAzkLGnfvKQyWvgyI/0AgIchy0O+vcOPzd9epLE/sVwJISV1dCvO/ht3qyUl+rGWAO3RtuPS3iw62EiMXFZGR2nz70Le24EQk9pNxOQohHNVcNz0dxImEoy8Id9ILB4xHeeSnbun6gDdYJ67Rw7dmMX4eUftx5GPoppruRJCyDUEz4kEZmWdoKsJ+xxzKaOFBM8nBs9kNgE0mTWp/PsQQmKKnbu11o8TlecS4R8r41oWzgGjnGG57lgPOttRm+VKCCFXGzw/oX5U8wO46/PYPFo+KSGT4D8UwXWitX5VSp2QH7fwxFkEFzXUS+TT4eckw2fk67SWqBiBlSMsEsy0B3+m5UoIIXNvk4u26RnASill3/ILfqwj5wyjcVlLO/tMUZBJ2Zm6NdBk9o1MsRv1E43XRXLcAvhjimu3G/K1Rz616r9FD76sWy925QfyNdIHlishZIQ6au6ZcEY+2siAiMFz4nq/1lpRaqOVVbE+/YHtLGEATaZmwHYA3gP4lSNtreS3RH6+4u2MnZEPyHvrCw7Id8t8Y7kSQgaumynyUasmuKnY9emGuQGmC6NupMryUhnytc93lAZhAE2m2uC8THj98Viyi5Af6fDAzS9YroQQQghxamcT5MvEuPM2YQBNJmvIVsjP8rvncQ5eckuRnz3KqUcsV0IIIYQ0t7FL5J3UjzwikjCAJlM3aAnyaXFcQ0YIIYQQQrr2NSMAfwP4k7MeCQNoMhfDlgKIue6TEEIIIYR07Gfuka97fqA0CANoMifjtgHwi9b6idIghBBCCCH0LwlhAE0IIYQQQgghhHjxfxQBIYQQQgghhBDCAJoQQgghhBBCCGEATQghhBBCCCGEMIAmhBBCCCGEEEIYQBNCCCGEEEIIIQygCSGEEEIIIYQQBtCEEEJIHyillpTCZfJTSkWUBCGEEMIAmhBCyHwDv0gpdQSwoDQu4gbAXilFORJCCCEMoAkhhMwweF4A+BvAq9b6lRJpj9b6DUDCIJoQQgjp0XfRWlMK3TqDdQK9FweHtHe0I+SjLBHy0aoDZUrIdOujjDyftNb3lGpnZZMCiAHcaa3PPX0jlmB9CeAA4KPW+kDpE0IIYQBNGECHIdeNOGs2L1rrxwkEGtBan1iShPXxp/dsJdD7ta9A74rLqLeOCVmrvi/50y3tHCGEkLnDKdzdcwvgDsBLqAF+Q5AfJFrrZ621EvmanRC7wJ3YNYAjgKNSasXqQeZATX3cetaNFfKRy9kGz0qppLC7HV4ucn4AEEtnR9c8ev6eEEIImQ3/oQg6dyxP4jSlANaBOXKLOchXKWX+KvQR/Sfj5xvWEDI3e2fVx68ejyfIp3zPfd3zZ+QdfRGAe6tdeAOQAqjqQCimxv8mnQ3m75vK5qCUegWQKKVeOu6kWHj+nhBCCGEATSbJXJyb9/LvaQIjVymATwDetNYvVEEyQ2L59+BaH5VSiQSBT1fQyXCWQBlKqbMVQD+6TnmWDtBjIWvHzz9J4P0F+Yh0V+yMcrd/TwghhMwaTuG+Lh6mngFZe1eMvgS/nlymur7TWj9Q/cjcsM5tfnN8JgKwQd4Bdm17QpjrkU8+64Xl3qLD4ejxzAHAqssztrXWzyVBPDsJCSGEMIAms3J0IwQ2pbwl5qgHRzsImV59/CT/plcurzadB0XQ6rNR12f5t9P1yVrrO+Sdss8AHriLOiGEkKuJq7gLd28Ba9kupaPtwm2vyZYNgKYoV3Pq4Dvu3EtIGPXR1aYopTLks0iuqv5KJ2Z2SXsgR0ft4LnbdbFx5FTtPiGEEBISHIG+DsdtjXmMPgMt1lsSQvqvjx4BYIRp7F/Ql6wgwWybztRInvU9KupgtAWEEEIIYQBNShzVSCkVywhROpM8ea+3JIQEVR8ffALumXFvB7Q1sl3LiLXNDfymbxd8teRPCCGEEAbQs3NOV0qpVCl1VEplxvmfR6XUtm4kQXZrzVC9UyqqzhcNXCxc/0zItOtjfMX115TXHw32O0X5sXcntOsQ3ZWkoW3blNWcTx2X5afuTGvr3kjOzd4Z3znK/zcVnQqEEEIIA+grD5zXskZwi3za9QL56MEzgFdxqlYAUnEwViWv+RZw/hbiIO0l/Zn87DK10BzB+SrO1qblu3zTt3F8fmk4f0fX5zqWk52eRNKijfesWNsG0fdW8vfRI6kDmcw28bEzpm5tzeDEMVD5Xh9dpiPLO4uj9L52INtI8rFrCOrsKxta/628A/Uj9o8AzmXTtLXWb7IDti9vVoAeYl3ZIO/4LWzci6R7IYF/AuDvUNNPCCHkitBa8+rhArAEoK0rbnhma92/rbhvY923aXjvzk7LSDJJ5PtHUxYiq31Vfo37ivTv5ZkM+WjMUv4eGXndXJC+vZW+lfw+A7CoeT6We2L5fyrPrYeUk9y7MGSxtd6zlt8nrKu96Xpr+fvokXzHx8YsRa++v0/qTSq/N+1W5Fgfd44yWXVlf0psoO+1GlgfVi721yjPbQ9pyNrYo4o0Lgy9bNQ/yf9K7Ne/2iLD5iUO7deRNoYXL168eI3q51EIYQTQJcHzzjHIKq5lqAG0OFuF0542OJhxTVChjcAyK7u3jZPumL4i6NlX/D2y02+U0W4oOZU466s6/RlQBy4NeHyu3ch1v7X8RY8y8zmzY6fmft0UHFnpWlbYicwlgLbq48ZTB44XyDaygrCjyGct77dt3doI3oprOYJObKv0U/K0kLR2EuRWpGFfZ1sG6iSOyzozPGy/03d48eLFixevPq//cAw+iKlrhWNnT+Or47M4jAWJNcU5mCnb4rhFAF611o8l95hHbC0cpm8vUH0EzMmcBqu1PlyaPpmp8SLpXCql1lrrF+uWBMCblaZlQ546l5Po0lb++6C1fq345D/Fd1vs6NuGA/IlCH2vYTxjxPW1Hcg/AfDVeq7Qo6hEL89KqQcjz98q0hVb6SqrFyl+rJFt2iX73nE6ssmtUUZtp0H/T+RxBvCxRL7PssyhWCd8W1JXx8BcGxw77DfRxyaJ31zt0cB8AfBUswzgVKF/3EiSEELIKDCADoPEDgKaghpxnA+Gcx0rpaIAj4bZieN/1lpX7QBrruv96uCAPtc4WzcVPzel71STPtORW0jnxovl2K/NoEJ+53PEz8Vykl2RiyDptSZ4A4APLnrWFVJes3Z4L5V/mR5Zun+okq1SqtDNQ0XgWaTrUJMuUxdeXQPCpk4qg0VdkO/A1rB3d1W6K51dT/gxqvs0sl4srM6PB0vWN4ZdWfZYL8+BBtBRw7ruMn3hZmKEEEIYQF8r4nQvahzZOr4aDiUAvA8pSJER0yJvH2tufZKgYVvjjC+NzoUnBye9UY5W+hKHLN1UOKC/S7rerN8V/DGQnL5Y99Z9b4kAZyxMnEvl/y89sjaNq9OjA/L1+aeKdEVN6RL7UdA0il/URx97c2MFcj62ZGME7fcOAeYr8hk6UQAdi2bn37mqA0Mp9YZ8SvqfPaXjm1UOofDa4pkbmhtCCCEMoK+XsmNFvjnugnsucWqDCKBl1GXd5DQCgIw+PNe8y5RR03RMc2fgk0f6XKZ5FmViO+Vf8e/zVR9d8t6VnGTqcBHUHKyRzYURsP0ujvS9y87JxFnfu5B/mR49GOXfFGiUjT4v8WN5yLmhzJ121bbqo890+cgK5FxlG+FHB9ebo97+YwVbYwbQvtPd+1qCcA60+pxoQQghhDCAJj7cVgTV2cQdJHOk69IRFdMB/aPh3pWjo+qVPglEzGD2bPx8KAmKl44Bf1dy+mD8vFBKHUuc1BPK142Sy7lY/iV6ZC4DaNKjqs6zTx765brkoM365yKQbWOnzFH4xPGZ24B0w7XDoXZUXzppDhdM7/7H6sgIhX9oPsvGVKgAACAASURBVAghhDCAJj6UTUU7wH/d3jePtYhDYE5h3nblgNbl0Qpydx2n771HR4W5AVg6kJzMTejuhlrbTHqV/9pFj4wzhrcN6drWvMNcp/vWRX0ss1EtgzdzNodrwL4w0jhaXRCbFDl2ONwgH2E/V5TxVjovWLcJIYQQBtBXzbeKYHiy02ttp7GDvLiutzQD15eO02eOujWN5BWBz6FhGnkncrKn+zN4Hlzf+5L/ByNwrAtUfy/Tn5JZE28uQTGaZ3m0Wf9sEnnIdmEEwz7f+76b+MjqYa9/rkyPLCN5qbEppwtt6S9FOlhrCSGEEAbQU+ZY8rvBN0gxRjhOVUc5eWBusnW4MF0+6y2L0dy3hk2D2qTPTEfdSN7KCBA+DySnzuTdo37F0sExxPTRXcOuvl3TufylPhaBalOHzQPKN2J675Euc/3zwbE++s6YOLewb6Zs/2phM9KRVb/tdHebTw72xLXj4hsIIYQQwgB6wrzi3+v6liOlJUY3Izamg/x1CAdUnOaozGlWSm2sgMpMX2N+rXcfGkaBSjcPK3Zbt9a/diknBO4c3+PfZ533yfNI+fzWYV383iHgcO99TcDkErzFZfeV1J3S+lgErQ114yS2zacTpU3nhLkR29hnQLfdcM0sg7XI7NK8tN4FnRBCCCE/+D+KYFxkSl/V7rnODpZSSltH3lwS9F6KGZSePfJR5livDFkdHAJXWIFrXNJB8c0ngLaef2pIf+Ew/1nyjt96ktPJMz/eOtaBnj9prdVA19DHc/Uhf6fAUep81dReU6eODemI7CCvou4U+m1PRy6O5nKR001fsjXO0gby8+JHCxZLyvetxTuKHchfO8hL5KujhBBCCGEAHSof6wJCRwcLqB7FdHG8unSuvEdTZa3j3+b0S2NzJBfnswi07amsZdNbDx7pio3A4LlhhK100ycjsP6jDzmJY+01PVac+/2QQfRc6Un+vxjvPzV07jw5BJ/fGt5RFuQ9lNSVf61/NtYpN9XRY0nngI8tcXmuOIv71HBefGlddzw+0BVz9PnUcm18cYb35w7Sc8MAmhBCCGEAPRcHvGzX7bW1lq8qeN6Kg/VSM0K7q3Dgy5y9Qwf5ORtOWmOAJg74HsCfVoDquu7Y/MYflnzWtvMpjuypySk35Avk66qbHPJihNne9OkT8qnfh57kBCOPsWPw9j/pEDiwBnZC1/I/WnpY9p4EwNeaY8m+lgRP9jvWqN5V+3f8uyOoLDh/lACxSZeK9ESugarUkTeXOiJ5WUlnhtcsBDl2bAcgk30MuuBDRceEa5o2kp9DR/W0kN9frK6EEELIZcEOrx4ucVa0dcUNz2xKntlU3LsSJ1sD2De8N0J+rrT53p3x94Xx96ij/MfGtxY1963lnqTkb6njO6Ky+yT43TqkL6p4ZyHfrWOe0wrZagDLvuRk3JM16ZmhY2vW087rfGfyt3R6VaE3WVN9RT66XKrDYkMys55Zf/tX3TDyuLZ+t3GUkZMttJ4p6lDmUD+OdfWoxpaatjHrQBci650rz/xujWfXHbdH0YhtXOzaxtXI0tkm8+LFixcvXr34fBRCL050VtLgf3fO5FrUOCX7kuf2MkJi/y31cHbsdBWjLt5OnuM3Tac2ttKykfTsaoLLo6tDa8hlaQQOxzpn0UjfvigPcdbWRjmtWjiUO8MRPjo4iBfJqcKhrXrP1jfA4NUqoLhY/oZeZIZeR8a7lo7vOZr1W96RWu8t7lkYHWrrmjSlZj3zkNG+qSOoIcjdm/mWgGzX5p0NQV3csvxjkZFtpxP5W9m1kmeSMtvftS0eqI3bl3TQurSLccl3soZnNrQ/vHjx4sWLAfS0nWjteC0cnLHCocps50Sc6EVLR2pnvPMoTv2yJ3kUoymZkf6jOPBNAWHiGsRKULA1nKrUZaRF5Jwaci6C1XXL/BYzA4pyWvUtpxI5pGbnQ5v38Lpo5LEz+Rt6cfTV7ZK6dDTSkzTUn02DDTkadWXhmY6fZml4yiK1ZFHYwujCcksNe7j37UysCMK7uDYd6WXq0+HaQRt3LJlB4HKtWrSlCW0PL168ePEa8lLSUBFCCCG9Iuv4j8j3CXgXaBpTGUF9mZHcjxLI3nHfA0IIIeQyuIkYIYSQQZAN/N6QbyQWB5rMG8xop2pjl/QTg2dCCCGEATQhhJBpUezs/RBo+pZoccRcwDxacieEEELIBXAKNyGEkGEbnh9Tit/JUVWhpGsJ4IvW+m5Gss4AINQp84QQQsjU4Ag0IYSQoSlGRdeBpesTrHPjJx48r5FvEPeRKkcIIYR01L5yBJoQQsgIwd0OwHsAv4YwCi2jz1ut9e2MZJwhX/t8R40jhBBCuoEj0IQQQsbgEfnoaBJAoFkc4/UwF+EqpRJw9JkQQgjpvo3lCDQhhJCRgryVBK73Wuu3EdORIj+b+nUmcl0iP8/6cU7HcRFCCCEMoAkhhFx7EJ0gXwt9J8dckcvkGQH4G8CfWutHSoQQQghhAE0IIWReQV8KIJ7T+uMRZblHvu75gdIghBBCGEATQgiZZ+C3AfCL1vqJ0qAMCSGEEAbQhBBCCCGEEELIhOEu3IQQQgghhBBCCANoQgghhBBCCCGEATQhhBBCCCGEEMIAmhBCCCGEEEIIYQBNCCGEEEIIIYQwgCaEEEIIIYQQQhhAE0IIIRehlFpSCoQQ2i8SUrkqpSJKgnrgogcMoAkhhAzVMEVKqSOABaVBCKH9IgFxA2CvlGL5Ug8a9YABNCGEhOmsLZVSqVJqr5TKlFJaft6U3LsLvdGX9P0N4FVr/coSJoRMyB7Tfs0crfUbgIRB9HX7QK56oLTWLKV+Cj6WAlgCOAD4qLU+tHjPCsAH5D2eCwARgJO880lrfQqocYmQ99xEktaDKCKZprNwrLnlro0+EyfZRwC+AFgBeAOQSp0HgPcAnqSe/VdrfVBKbQGstNYq8HwdAZy01vcsZULIxOzyqPaLPtagsk4BxOLnnCmR6/SBmvSAAXRPvSYA9iV/unUNeJVSCQCzl+UM4E9RmpXx+/uxDaj0BiUlf3rRWj9OIFBEKB0RDKBpOwD8T/77UFW3pcGIxSasxZG6CzhfRXp/pUNCCJmYXR7VftHHur4OE/pAYfhAdXrAKdz98Oj5e7vAdlbw/KS1fieG0l7Yvh07s1rrZ+n5uUXeW1SwC7yiriVIPMpI/1wNklZKac8yPUl53gHgdLXhHI291PG7uo4xrfWD3LeWX73VOV+FDrS4MqXU9pL6IfVshXwWDoPnaenkqLpDSCB+wqj2iz7WKDwAiMumC5Np+UB96QFHoPtRgp30jNi8SqHXOiz4uafxp2eUUllJEP0uFMfUyvu7kB1mazOQR631y0wN0lEMjmr5jrikoeYIdH/66KSL1iyVyvKQ6VDvxW78hp87514B/IF8hotJMUXwA/JlKEA+herBt9zFZp1CHiEnlWU3qu4QEkAdCMp+0ccaNP1b6Tx5x87f6fpAfekBA+h+hF013aZRKUoC5J+maJcE5yet9W1gjU0UWrpqyukTgLemjo0J6+L34JcBdNDlVDQEztOQpEd/61O2JctLGh0DGUVIjV+1WYpyz7V6k9fRQXWHkIDscjD2iz7WoOkvBiBe5+ojXpsP1KUecAp3D2itn5Fv8mXy5hA8R/j36LLtbDwAeJHfvwK4D6gCLI30v02hnGRq/JwNI43+NCh6UT97PHNqUdfMzreDS6+62C1zGn/qaA8iydeJwfMsGEx3CAnAnwnOftHHGjz9xYa9K579PRsfqDM9YADdn8DvJHh5Rj51zSXQvSn53TfrvWet9aPW+lZr/RBYb77pYO2oBUE4AGtKIvhyMteGtRnV96lrH4yf//B47i+znotuNfGJQdOsGFJ3CBmbEO0XfazhKQK6R4piFj5QZ3rAALrfIPpVa/10RWcGmp0EHHEan4QimFy9+ebx3E2LurZsWUd/sf7vct5i0XkTxLo3pVQkm2LFVLlWDKk7hIxNUPaLPtZ4frylD2O0XQulVDLjs6mH9IE60wMG0KRLCsf0wA0XRg8W1uDo81QwG8X3Hs9FYtgPjjoRWw2CT0+vPX3t7PCtYp3eeeS6EMn6qgx5pxKXNfjLcDDdISQQfQ/CftHHCoKD4VeNVe4b5LuZb2cYSA/iA3WtBwygSVcNTtvRCdJtoBDLRnOcNjsdTEfoyeO5N+THmrhyyeiF2aidHZaOPJgNzkj1YaGUSiVw3khaHkI/NzVQhtQdQsZmdPtFHysovlp6MSiyl0RxpOhKAundjGZTDeUDdaoHDKC7N3JZzbmYccn9sXFO77HklWXvC3ENGdfmjKt3CwkUqo5QQ5VedhS4J2LQC30tDPymrb4qpVZKqVTeZdaDohd27RBAaZd895UHR8yAIpY8N35P9kM4tayjW49yKEZjCj57fGs3Ql1YSifSEfksjDfku8bfXdFymj7te9+6Q0go+r4LtA7SxxqWXUkZDB1EH2QztlvkywpiADul1H6CZ2yP5QN1qwdaa14dXhLE6IorLrk/rrm/6op6SvsC+RTHveQjk5/XDs/uzPTJtWnzrhbp2zg+v5R0ZuJcb4aWk5WWRNKhjXesWqYpaqFHOjcBje8u09Gl/G1jpH8nedpZ92YAFh55WZfUo+LdW+tvWZXMpJwa891HHlroU1ka95K2RQffsPXDpzxMWRw9v7Uc0PbGIrPi29u+yswh/2vD1rjWxaxt/R8gP4PoTmD5Tgy7vOj6/oHz0rq9kREvs637qV6J/doZf9/Z9V50aGvck5TYwK31jthBL+veWbT3R6PNT5v8pz7tF32safpYlk4sArLLiWlfLyn7kfPSuw/UQ1u4YNDbjyIsxFA3BtAOSrQa0FkoKmFsGaE9gG3D86bCL8VYpUagFRkNwOaC9O2t9K1cAhxxrrPiWaN81gPLaWHIYWu9Yy2/Tzooz51voOwbQBuySBy+f3T81tZ6bltx38a6b1Pj/K2swOq7PPrIQ0sZpw3B1VHSumj5/pUZqLV9zjGQWF2qc555WxtOknZxkntMy6ZtR9aQ9j5U3Qkoz7bN23d5/8D+SOv2Rp7dW+14EZBGRr5Xxt/3dqAh70mtOmL+P5P0RJY93DSkreqdid0hZaQ1G8N+0ceato9ldIauA7RXGyN9xZKlaGKxU68+UA+DpGsGvf32+AYfQMs3j2bjU9OgxA7Ow9E0opc2TI7pW9c5LUavUVxipHcDymnVVK5FuiYQQKceOuGq/3bwvHNsaBtHCyrSs+o6Dz03ILptA269O/UITE2nLfIMIo/X4jRYgYPZ2K8lXXZ9XBudO8W1nIBj06vuBJTntT07oMv7R+j48G5vRGd3NXnd2e+29HxtziiqsKup1JVFTcC4rJql1PDOqGZ24HIo+0Ufax4+lmHf08DtltmZnEzJ9vbpA3WYxu96wGD3igNo+V7WMNKXNiltSSATO8hk2UX6ShrbdUUedhUB5nEIObkYdqvxXgQeQDeNDpTpcuLo7DlNlSqZWrrzzEPWZR46tBupw9Tfped7j476t7Aa4azFCELa1yhciNPWrOC5bknBeig96jh/g+lOYNPWM9fy8r0/hOC5rr0xltFEDbZ03xSkSt1IK+pB5aim0YbtKpzYtKYDY1HTVmR1QUWX9os+1nx8rDp9DHTW0OjLmULygTpM33c9YLB73QH0sam33EVhrYqaOAYxsUf6jh737h16RqOmKcJdysnSha1D71bWYSXvLYBusSY7dXTSnUdwSqZmR2PloacOrk3Z9HMf564iH5l12X/bXrAev3NHo2RZzD6U6c5WXVtcaksCX//cq+4EmPeNa1587x/I9/Bub4zOgLVDR9C6xM6mxjTeRc3IZFOgsy2z0xXvTJt8EEl34lBHO7Nf9LHm42MZ+nickA2LrfZpF+pMp758INGNuMM0fdcDBrtXGkBbDU5Tb92ubiSh5TS3hUf6XDbYyMrSYE/1KknHqm85WZV/4fCteAIB9LaF4731qCv7FnrsOx27szwM1JAc22wmWLIWNaq6Op7itO3Ijm4tByAOyM5vPB3WpO/NIPtc/9y37vDqtP61am/K2swamxs5tPlZRfoyx6Dqp+9UvLOzjqmu7Bd9rHn5WMaz2QRtwsJqR/dT6+Rs4wMZvuWuh9gpY4NzhQG09Z2sgx4u12luW8eRv0WLkUhd0dguSxwE1wb8YjlZDui+5P0rY7rKsavgYIAAOukwgC7beGlX56wbV+K4mViveRhpp8qlZ4/pIOlvWsfmoXP2FLRlYDY+cl2vX6Hriwm0Y9sQdJ/XcO1N04iN56hlWfvrNJunakq2/U6rHqaB2C/6WDPzsQxfI5uwfYisDotJ7dzt6gMZ08B1DwH0dz34D493u0rMg8r/vPBd98bPfzTcW5xV99Zl+pRSS/tsOPPsPOvehVQuyFl6fcvpg/HzQil1LDn/7gTgo57WGbX/dPiu25LfFTt6+nIeKQ9eyBmHN9rjDEOt9Ukp9WacRXnj+OjQ54fetCgLs37upKEs6miihz3r0RXzHPLkAl0PGZ49Oy0ubm/sNrPEbi0c2/Gy9tdJn8QO/GT7atLXtY62tl/0sWbtYxX+QjRV4yDl9qiUepL26xOAVCmVDO2D9uEDKaWKHerPUgcOhi527ftGDKCvk9+Nn7ddOVgNDe/So5HzTd97jwDq0fg5HUBO5gH3d4EGAmNTFggerMbVhW91OhgYX+TfB8/nThU/1zmiZoP/NkDevl3gZMSGg35APgoUap0pbMlZa+0q10VZUBAiI+kOuYy+25v4wjbx3lGflh5t+n3HOnqJ/aKPRR9rEoG0UuoVeYfuWvT9HsCQgzh9+ED/NTt3lFLbHgLo7zCAvjLEyEZGRbq0wVk6NlymUX3pOH1mA9rUi1mMGh3qDG0XcpIeNkzFYR6RbxXB8Jwd9hjNvfNNjeDJ8TswAr0hdTBqkacXpdRX5D3jKwB7pdQBwFNI+iDBpfNIXEl5nCaio2PpDgmzvbm/0Hf4rv+mo3thm+76zt7tF32sWftYvzh2IEwhBvhkdDwcAHweYQZk5z5Qx/W/UQ/+j83O1WFOjTpcWBF9pk4VPY1vDUreJn1OveJKqZVhsD8PIKfOZN2Xw6WU2iml0pGTciz53c1cK6Axsne8QKdcnY2uR2dcOF9Shlrrg9b6AXnv+Is4kDul1FHqcGh29K8W9jKdgKqOoTskgLbdoa1t+37XYNBpZNJ3SvkQ9os+1mx9rCJf3ybqd8RKqR1kAzGpL3da67uhg+eBfaDe9IAB9PVhNgpfh3CwpBGIyhxHpdSmJn0uU1TNdx8aejHNKZevxjuWJY55l3IK2ejGVuM4Bq81jtYcaSVvcRZjzwBsjDWsJ6uhaYXW+qS1fgTwDsCzNJxbpVSmlFpPMFgxp6q9TExPe9cdpdRCKZVIR0lx7ez1l2Sc9sZ11oVSamOPDJYEg3VBmDkyeWpo07ucKt2V/aKPNU8fq4u18WMEzitZG7wTm/4K4FZrfT/ikrchfaDe9IAB9PVhGsyzp+LarAxn9+BgVGEZ1Rj/3nznm49xt55/cqx4f5a847ce5HTyzIvpQAzdmTIaMg3ncIkclFJrpZQOILDycYp8N5RKDCfm1VGPxljDeupSv7TWZ631k9ZaGXU8lUA6qbBNQ9rRk6NdKHTzeaCpZpc4XYPqjmxic5Rv3mmtb7XWt+Ik7e1NpcjlOtnCzjZ2qBRteoV+3zsGTJ9c2nTPdw5pv+hjzdPHiny/M7INX8uGasU64GcA77TWDwEsxxnEB+qJ73rAAPr6+NqiIi4A/G32IHtOnSoaAVvhH0p+d/BIV4wfI5XPDT2jZmCVlhj9P7qWkzgRXtPBxLDvOwiizz6GIAC9/FjnFDg0qEnHTlSfxLZz5Khb6xpZNTm8Q65hLaZldR70aK2ftdbvRDe+IT8WKlNKpQMHWaaeuXy32DDlpLV+8rQr8QidBIPpjkwr3CBf5/5oBV+PJekZygGNxAmN+7i/h7rRSXsjeUhK6tODQ7DyhOqNiGJDn841du67v+DgJMeGQ30OxH7Rx5qnj3UTegAtNmijlMqkDG6kTr6TTujzhe/vqi0aygfqgx96wLMTr/Ic6OKcw53juWsZrDMR8fPZe2tHOaxKzm5c1qRv23CeXeaRj+J8xKzkTLd9j3LawPHsQJFVhoazHh3LeF2iS8uKtCUtzoHedH2GMsrPg44dvlOceZ2OnYcW5xiuHc9uPLreX3EW+HYk2xf1/K2y86IXA+Vz56hHRV3MfNNmlHsvbcHYuoMfZ3XuKv5e2PjFCOelZvA7M975/h7TfVF7Y9ngtMpuNdjYyOcc4Yrzg49NtsNKUxKS/aKPNT8faww77GmvEvR4vnNXbdHAPtAW3Z8D/V0GDHavM4A2g4mFg+OX1Dg+Te+Iyu4Txd46pC9qqEzbto6aIe9lX3KynMDYwfFZ9+QAluU9c3EShgw+K4LoTcW9K0MP9qHkwTGYOho6uWmwI8c2uuGT1x5sjJPN69jemkHfru9vG/Yjcyxv3+B5ZZVhNkL59aY7Vhu5CKz9XvvI3vf+ntPeur2x6tDaaq/3VR0aRnuydrS/m5J7EtfguUTmcUj2iz7WvHysITuFW7RBpp7se4oZOmuLBvaBOg2gbT1gsNtP45WVON7aGIXYVzyT1TyTATj24CAcTaMjCrKR7+1qDN/Ro9dvbxpRaShrG0kjffvCsIpRXxvyWLVQ/J1heI4eo0et5FRS6are0fnImdHbqq2eyV1TB43hEDXpcmblyVWXmwzmvuTZYiMM+29paHloMOiZodOJ8c5E9C2Wf7dGmS0dy7t41pbR1nj3YgA7uB9jJG4oh6LEsdibZSRy3l0ig4pOn7jHYHZQ3THksw+wHbdlv+/y/gE7773aGyPISK3AtlifvrKDKvldk01Pfhq5MdImdXZr6Frk6RzrEO0Xfaz5+FhmGgMaoBusw7jLtqhPH2iAAPonPWDQ22/PfdV1bPFM5w2F0XBlhgIXvULLhmcTVwMrRnlrGOXUsYd5KffujWd3bUdpjRHLzMexvkROlgxSs1H0fceFlX5npP/7xhKesyGqrlULXU4cyz+xRj60UX6bhl7r0fNQ4egsS9Jp57PQ9dUFDVzVtRvADiZDfWusKW0lQfvRsFOFfkYXvjs10r8fYEbSYLoz1uyIFjrsNHvA9/4B9L9Ve2N0opjPRCXLJjIjMFk6Bnj7tu+oCPazPvSnK/tFH2sePpZhh9MAOvbsJUvLgb7dSVvUlw80UAD9kx4o+SUhhBDS1WYmxejDWTb9Gm1TFQkIPomDdQbwccQdPC/JSyoByMuM9AMAHqZYHsSrDmby32ffTfSu2X6RYPThKEHe3RhHP4k+7vBjU7kX6cA/jSSPSbRFSqmtdOq8aa3vu9YD7sJNCCGkU6RhfwMQjbUrsaTjXLJz9/1ExXqDiRyh4smBNWbWvDd+3k0hwaHYLxJEEFacf34a+dxkc0ftx5GPopprW+SlBwygCSGE9EFxlMlDIE7xi5wv/DhReS4xjWPaXAMUV8dlPZHz3Uk5fZzVfHX2i4zGo6UPY7Vd76Qz+ByATGbTFl2iBwygCSGE9NHovyLvpV6PcI7xrJAzS8+BOE9d8Ww4Y1X53ojDcqIWTJZiBPc0Jf2l/SLCWmzvM0Ux27aolR4wgCaEENIXj0bjQ9rzCcDnOWVI1sIeAHwRp6xw0CKl1ErWmz0iX2/2RhWYpLMd4UcHyRTLkPbruvV3jXzvjI+UxrTaIplyXdie9/L/TvWAm4gRQgjpsyHbIV8H+esV9lp3Ib8l8mODbmeavw2AD+KgFByQ73TKwHnaZbtCvhMuADxOcQM82q+r1t8M+cyJO0oj/LZINjdz6ezy2lSsSg8YQBNCCOmzUSt2tH2Z8PrjsWQXIT/a42HEDWwI8dXbGPmGO0/4eefgHfJpkG8Tygvt13XqcIL8qLQ72t7rbYvq9IABNCGEkL4boWIk6p6jil5yS5GfYcljnsiUguem3bYnFZTQfl2dDi8lWHycw7GBbIv60QMG0IQQQoZojBLk06vuRj6CgxBCaL9IWTlHAP4G8CdnHFAP6vSAATQhhJChGqUUQDzX9byEENovMuky3iNf78rjy6gHtXrAAJoQQsiQDdMGwC+yCzMhhNB+EZYtmZQeMIAmhBBCCCGEEEIc4DnQhBBCCCGEEEIIA2hCCCGEEEIIIYQBNCGEEEIIIYQQwgCaEEIIIYQQQghhAE0IIYQQQgghhDCAJoT0hVJqSSkQQgjt5bWXrVIqoiSoA5QEYQBNCKlqKCKl1BHAgtIghBDayyvnBsBeKcUypg5QBwgDaEI6cqCWSqlUKbVXSmVKKS0/b0ru3YVsgCVtfwN41Vq/snQJIYT28prRWr8BSBhAXa+/RR0go+q91ppSmIaBqiuoezEklFM+necLgBWANwApgJP8+T2AJ+S9lv/VWh+UUlsAK621CjhPRwAnrfU9S5gQQsK1l+LIR9LORMhHwQ9so3uTdwogBnCntT5TItfnb1EHCANowgD6MhktAfxP/vtQJRMx4jGAPwGsxbm5CzRPRVp/ZcNACCHh2ksZcUtK/vSitX4MXHYLANBanyZY7uxkvnJ/izpAhoZTuKfDLYA7AC8URWXjv0fe439X16GgtX6Q+9byq7c6h0imI7W5MqXUVim1apmnNfKe3Y8Mniepk6PpDiFXWN9Gt5da62cZXbu12pXdBGR3BHCcqM15ABCXTRkm0/G3qANkUvWAI9CTM1xLMVwmVz8CbWwY86i1fnG4PwFQGNo7rfWh4r4I+VSkCMBvxjMA8ArgDwC2s1ZM2/sAoNgF9oS8l/bgkacMeY/qHTV/kjo5mu4QcoX1LSh7qZTaIR95A4B3IXeCWhuuObWhAeZhi7wD5R07nKfpb1EHCANowgB6WJkUxtl5apD0sm8BwHU9TonsG4209Oynxq9u+xCoagAAE65JREFUXabIGXni9Px51tvedIeQK24DgrGXEtBHEtTfBi6/DYBPAN5kxHCKOrBAPor+OtU80N+iDpDpwCncZA4UPZufPZ4pAhEfZys2fj649HBK76y5E2zq0AhEkqcTg+fZMIjuEHKFDn1w9lI6zKIWbcwoyNTzd1MOOqRz8QBgxfO/Z+FvUQcIA2hCenRUzPVabaYF+axN+2D8/IfHc3+ZgZQ4fHV8YsA0O4bSHUKujRDtZdyyjSGXUQR1jxTF5P0t6gBhAE1Ij5g7Ln7zeO5G/vXpETV7NH2e+8X6f9N5hcVmG0GsQ1NKRbIhVkx1a81QukPItRGUvSxplziLaCCMc7/XI7aXC6VUMtNziYf0tyarA4QBNCFTwGyk3ns8F4mxdepFtYNHz00w7KlE54bvFOvmRt0EQwLnBECG/GgWrilqJ8dBdIeQK61bQdhLi6LOH7iZ0eAcRDfWI5b9BvmO5tuZBdKD+Fsz0AHCAJqQ4DGdkyeP596QHzXiyiUjCmZDc27YCOrBbABGckoXSqlUAueNpOUh9HNMA2Yo3SHk2hjdXpbYz+UF9Z1czldLNwZF9q64Q75/xUoC6d1MZnAN5W9NWgcIA2jSXYO6UkqlSqmjnO9anPVa9FCue/7+Qqbg7qzvZ0qpfTE9V9JynEq+BDOgiCU9jetEtda+wYjZ+G09ZFSMkBR8dvzObgQ9XcrRK0fk05/ekB85cWdMiyL+DKU7hFxr3doFWt+5/nl4diXlMHQQfZAN2W6RLy2IAezE31pNWLZD+VuT1wFyBWitefV0SRCSAdDGtUM+HXZr/S0DsHJ459J6nwYQ19yfWN/eSLrW8vPOft8Y+bpAxosSeWjkRwZtACw6+EZkvXvh8awp36PHd5YD6mks8iq+ve1Cbi3lvBaZZRXlWnb1qmNT0J0A811M/d+75Nn3/pm3G0uRx9HQ771j+7CSezO5fqrLYi93xt93tq0Rnd0a9yQlNndrvSN2qAd171zKe47y9yPyTcGiMeyl5DGxZLkHsPast5FcmzbvapG+jYeO7QxZb4aWUxf67qAXi4DaAdMXO15S/iPmo3d/q4d2d8F4hFcvekYh9FaBt5aB2Vbct7Hu23QVQFsGe9nwzswlgO4rXxfKOm0IsI4ii0XL96/MYK3tc03fN+8fsIPnaKSx1mHtOS0bj4C57Ao1gB5EdwLLc2w7V13eP+M2Y2EEX1vTrktd1XbgWRK47QtbL05kEZBGhpxXxt/3tpMp70mtemn+P5P0RJb93TSkreqdid0JZqQ1G9peGu3m0SqD4iz3bcPzZlBRtK2pVS67tu2ikb69lb6Vi70Q2WbFs0b5rQeW00X63vDurE2eBmzrMqOsNmO1uyH6Wx2mM1gd4MUAmpd7kLlzbIhcg93GANrqgUt9HPYx8jWAUddtjan17tQjODUdqcgjiDxeSwNuOfFm41s1Q2Itumpey4k4G73pToAzb7Rrx4Hv/TNtM1ZNnUGFPa0JUHc1st3Z77bq1tqcXVTRuZFK/VzUBI3LqhlLDe+MKpzfynaja3spAd2xrq4a5RQ7dAYdzUD10uDfMX3ruk4owy+IS9rp3YByukjfHdK497G5I9pJswM7mYqt79Pf6jCNwesALwbQvKobBqcpJCXTPHcdBNBx0yhxlRM0Rr46nPqYOkz/XXq+9+gy0imOxdqairZu0SjtewpUg5pCZgXPWY0jZQZYycTswSC6E+C09cy1zHzv72G0fNvD5TybwyWYsALGRcWSmqihHdg3BalSH9OKulc5smkE47sKRzat6TBZ1LQbWZUcu7SXUv+yhllVaVNgUNJpHDu048su0lfSmbGuyMOuouyOQ8jpUn33XP6ym4jPOPoSqlD8rQ7TNxkd4MUAmte/HWbn0RTLgOoap8E1gLadlMQhDUnVfX3nq6fpkJuS73s5XCWdANpY65WVNB7FusNVCAZf5JBaI5qrQOrKzqMz5ji10ckhdSfQvG9c8+J7fw/Tdfu4fPe02DrY0qyi82Ht0Pm0LgmuU2Mq76JmdLIp2NmWdcBWvDNtapck3UnDVOTO7KWLfXEJCqz2JnFcthB7pO/oce/eYfQ58ulov1ROl+p7i1mAxwnZzNhqE3chz67qw9/qaSbokbEJLwbQ0+iRa2U8SqbExBcG0HGFU1dsJBaHlK8BjPuxTSBfshY1qro6nHK07UgXt1a5xwHVlY2nA5kM3QnT9frnPnWHV5DlvvKo87ohWEzL6oo9PbrB/kYOU0qzivRljoHVT9+peGcnnWFd2UtLRk0joru6mSEtly0sPNLnsolZVpaGirJYu3b4dCGnS/W9RZlmE7QfC6vt3k+pU/USf6unaeYZ2yVefVz/4T7kvR1fUfDNZZt//Hy+XhEAtT5DUmv9ppQ64eeD74s0xgCglCqOJXiTKXaH0PPVUhYnpdS9GPWCBdzODv1g/PymtT73mNRCnt/avkCOPkpEzkB+FuXnmrIdHNGbxJCpiz78Y/x8U6JXITKk7pCJIcfZFPX0oI1jXpRSC/nbPYDfxSbcl9SVr6g/67Sw3ScH/St7V5G+PxueXVTUz5/eKXV/4fjOIexlsXQCyM9Zf61pR54BPDfY3oKXhk/fm+2TR/pePOQSKaUio9zLyvfRJe9dyKkjfXdlsrZW5PJgtJNrAFvx5xJHHRg1/S7+luTvk5R7YRMOAP4C8NJBe8n2lvQKA+huua1wYLKRKv+99F5GDY7PGsBaKfUK4GOJ4QoqX2J4b7THuYJi1N8Mh/KmRadI32d63rSVkTggO6MhepHG9hRgPTHPB08uqFuhw/NgiWsHy0IpdbT+fpLrY1XAUtcxZgWrjYGI/S4rINw12B6UBYQl6euyTrS2lwZPxs+XBvT3xs9/NNy7ciwXr/QppZZWWZxryndhBLQvA8jpYn334B+rM2GKgfQZwKNS6knazE8AUqVU0pGMRvO3lFIb0Yc/xAc4iS5+kP8nSqkn6Yy5Wh0gDKCvibKg7GA1Pi5862LEUIzYHfLpQEuHR1bicN2FnC8AX+TfB8/nThU/1zmGpvHte+T82wXGPsbPvbhpoMEz8POoh6tMF2UOeqiMoDtkeqyMn+960GszWN1eGBDW6a/Ztpw7emff9rLg9wtlVCrvho6NpUcngm/63nuUxaPxczqAnPrW91mitT7L4MatBNKR1KPXgZLQqb8lMxF+01rfldz/qpRaiz4mSqlftNZP1ALCAHr+fKsIGkdznqWRupNGOxbD+77G8VgqpRLLaIWWrxjNPeYucvFxQM8DNvhRi/y8KKW+Iu+lXgHYK6UOAJ7G1L+KwNJ5VKykLKbidI2lO2QC2MtfetIPc5rw2wU63DT92wyK/+zonb3aSyOQjS6UUVlHQtN7zMD1peP0+ZRFMRPo0DCN/GI5DaTvJr84diKEbieWRpsO5J3jn4cafe7J3/qCfHnBumw6uvgyD/LdjVKq7WDALHSAhMv/UQSdciz53U0ICdNaH7TWz1rre631O+S9mQ9iGG0Dswk1X8bI3rHF476BW5ejJS6cL5GtlPGDlO2LOHQ7pdRRen1DwJzu+ZdjmZvBaDoRWzC07pBpYdaDvvYniC98v2tA6DQ66TulvG972WUZuE53t+TVtC9Cm/TFjmWxMoLizwPIaQh9L+tU+TZF46CUipVSO8gGYlJf7rTWd0MGz137W2IDirKpG1k22/nHa9QBwgD62nitcULGMMCZrDUpC7ZOWutXrfUjgF9th8Za1xZMvlC+oZmLPCLj2bTFt4ZYw3qyDH/bzpKTlOs75Ju5LJBvQpLJ9KipBQ7m1LGXidgCrn8mrnTu4LnO9FBKbco2g7QCwrpAzBydPDWMTnY5XboLe2kG3l8vTItTh5nINSprh0ra6puSvMLx3YeGsijdPEwptSzpbO1STkMFNF2sjx/Db1sppfbSZsTie93KwMcYG4F26m9Jh9HBwQ87lQTCV6EDhAH0VSLTTA4VToar4VkrpXQHgU7Rc/jokO6z1vq+ytAElq/CUfHdVCoxHItXh/QuMfwa1lOJw3KJPp611k9aa4Ufvb2pBNKJ4y7qfeXR1SmM8GOq4fMUdrIeQ3eUUgsp06Nx7XzqKAm3HrSwuY0dOMWO/RV16t4xaPpk/Ny0VtH1nUPZS1PuZ48yKLObK8PuHhwCV1iBa4x/b6j4zVNHEpeysIKbP0ve8VsPcupb320i32+N3GasZVO1Yr+aZwDvtNYPIy//6dzfklF01bBBmFmnj9egA4QBNAE+1jWaDg1O0qGDAeS7XbpO3z1ZQXOI+Ypth8UluDCCsI8tHNCh1rAejc6Prjt3nmXq/qM4ZhsAmVIqtXfR7ZmvVidPE8UGJiffzURkFsYYnQSD6o7synoUh+FOa32rtb5F3sO/H7h8v9d5cQrjPu4PnHNTsCFBq9cUZAkm9mZQITJLSsr4wSFgeUL1RkSxob/nGrta2OFXh47J2HCqu+gIu9Refm2h1wsAf5t66jk1/bu8SsrL/t3BI10xfswKe24YfTY7sdOSwPqPruXUlb57cBN68CQ2b6OUyqQcbqROvpOO7/OF7++i/RvK36oK3L3qwdR0gEwcHobdywHuG/x8iLwGEDc8EyEfKdDId1Cuum/p8m4xYMXfMzgcZG/cvx06X45yXVjfXjs8U6zfcbrfeG7XJI8e9MYs26jnb8XI11d9zyOAxUD5LGS7abhvbejvwvMbRyNvq4Hr/2C6UydL42/rgfMfSZkVMki6vH8ibcDao53IHG1DZsrGssdplZ2sqf+Vdsays1X3FPbj2GSvrDQlodhLw07sHNufzG7HJLhobJOs9K4s/dcAljXp2zrWH5d8bMv0Tjq59z3K6SJ99yzXUWy/h31MjDQeu7bRXbR/Q/pbJe9x1ucp6gCvmcR6FMKgQfSm4t6VYXT2Hk6DawBdGOmlQ5Cr64KVvvLl6pQaeUmbgjCRVStj7pK/nvTGqWOi46DdLPtd3982GubMsax9g+eVVX7ZwHV/EN0x6sCuwQlZDB08+sjf9/6ZtRNZU303bO66pqNmbQVI+6ryNwKcdUNwrWs6ZxLX4LmkjONQ7KWV14VD+pOaetj0jqjsPimvrUP6ooaAZdvWbhg2edmXnC7V9xA7olu0e6au7PsI7rpq/4b0tyo6eI4XdIwFqQO8GEDz8qvE+5KAs9gkwv5b2uBoZSXvMkeZv4/UlYxAm99OxQFKLSesMsjuK18tDKuZx8TIXyJ5juXfbYs8Fc/a6d8a7170rDP7MUbhhmrcSxr5vVk+IuPdJTIoCQB67ZAYQ3csB2ERmN2z5b/v8v4ZthH/0lH5/UZsW+nsECPQSK3AtpjOv7IDK/ld1uAIm6NjKzNtYie2hm5Hnk6xDs1eWoFCVRnsaoLLo8fI6t4MVM3yckjf3mj7ir0hinZ/1ULndkaZHj1mBLWS06X63qY8A6rjg3VSd9X+9elv9dFxHrIO8GIAzesyA5pYowKFIdpLw7HwGNWquxaWEc2ksV1KgHS00lD0Lq7GyFcLZ2lZEvjZaSga8tUFDU7VtetZV5IhvjPm9LKSoP1oOIKF3kQXvjs10t9bZ8BYumM4ZPtAbV7i4wj53j+z9iEy6kFhvwq7vHRwFPfWM1HJUo3MCE6WjkHevu07KoL9rOsZGV3ZS6NjIGtRBolrECtlvTVkmTqO4Bftt1kOuwtGaVeG3d17tJWt5dSFvnva/jSAjkR7mdRyoG9f3P715W85dKrvOmz/U8YgvPq6lCgbISSMjUWK0YCzbPo12gYn4px/EofnDODjkGdQdpiXVIKBlxnpSWG4nxp2MyXEt95n8t9n3437rtVekqB04iiB3t0YRz+JTu7wY2O5F5khcRpJHsG3f7LR7RbAixzBOWkdINcBd+EmJCCkkX0DEI25I7EcgWXv3H0/UbHeYEY7cVo7LnOHUdIl742fgz+/PBR7SYKyjQvkpzaMFTjF+HlH7ceRj6IKuv2To023AB7t4FmOZ4wnqAOEATQhZASKo0UeAnFSX+RopMeJynOJ7o6FCw06CKRLuj6r+ersJRmVR0snxmov30kH9DkAmQTb/knwnCAfKS4bIV/Bv+N+dB0g1wGncBMSZsNSTEF6F0gjPFU5LgF80VrfzSxfheG+rRvdEAcFc5q+TnrVq7043Cc5S5z2kkxJfzOxd5zOH3j7J23TE4D7qjZM7NFnn6Vj1AEyFP+hCAgJkkfIJjEAuMa1PZ8AfJ5hvp6Rb8y0RMX0PKXUBnnv/j3VgDg4nsVmk0A+LZr2kkxJf9fI9+vgTITA2z+jbXoGsFJK2bf8gh+b356oAyRIm8MRaEKCdQh2yNck/spRlVbyWyI/wud2pvnbIx91+2+x1kuCoFicEwB44Dow4qhPxUY+QL4e8WVi6ae9vG79zZDPnLijNMJt/4zg2QmttaIOkBDhGmhCwuURP46VIn6NdHFczGx7osVJ+Azgi1LqKNNY9wA+SAB0y+CZONSV2FiLWHCnlFpNbGMu2svr1eFEyv4jpRFu+ycbfPnUzzN1gARbzzgCTUjQDWExKnSvtX6jRJzlliI/G/aV0iCkOnhG827bkzkKhvbyKnV4ibzj8JF7PVxn+0cdIAygCSFljUOCfG3f3cjHYRBCCO0lCaWsIwB/A/hzwqdEEOoAYQBNCOmpkUgBxHNdz0sIIbSXxLOc98jXvHLTKOoAdYAwgCaElDYUGwC/aK2fKA1CCKG9ZPmyfKkD1AEyPP8PCJU7xE5ZbfQAAAAASUVORK5CYII=" alt="\[\begin{mdMathprearray}%
4.\mdMathspace{1}&amp;\mdMathspace{1}\mathid{SP}(&lt;\sigma,\mdMathspace{1}\mathid{P}_\mathid{c}&gt;,\mdMathspace{1}\mathkw{if}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{S}_1\mdMathspace{1}\mathkw{else}\mdMathspace{1}\mathid{S}_2\mdMathspace{1}\mathkw{end})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{2}\mdMathbr{}
\mdMathindent{3}&amp;\mdMathspace{3}\mathkw{let}\mdMathspace{1}\mathid{choice}\mdMathspace{1}=\mdMathspace{1}\mathid{eval}(\sigma,\mathid{E})\mdMathspace{1}\mathkw{in}\mdMathbr{}
\mdMathindent{3}&amp;\mdMathspace{3}\mathkw{if}\mdMathspace{1}\mathid{choice}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{SP}(&lt;\sigma,\mdMathspace{1}\mathid{P}_\mathid{c}\mdMathspace{1}::\mdMathspace{1}\mathid{expr}(\mathid{choice})\mdMathspace{1}&gt;,\mathid{S}_1)\mdMathspace{1}\mdMathbr{}
\mdMathindent{3}&amp;\mdMathspace{3}\mathkw{else}\mdMathspace{1}\mathid{SP}(&lt;\sigma,\mdMathspace{1}\mathid{P}_\mathid{c}\mdMathspace{1}::\mdMathspace{1}\neg \mathid{expr}(\mathid{choice})\mdMathspace{1}&gt;,\mathid{S}_2)
\end{mdMathprearray}\]" class="math-display math" style="vertical-align:-0.000em;height:5.386em"></div>
<p>The other strongest postcondition rules remain unchanged.
</p><h3 id="sec-summing-it-up"   style="bookmark:3.3.&#8194;Summing it up"><span class="heading-before"><span class="heading-label">3.3</span>.&#8194;</span>Summing it up</h3>
<p>We have shown how the symbolic predicate transformer <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADoAAAAcCAYAAAAwTqwDAAACsElEQVRYw81Z7Y3bMAx9DDqAcd3A3cC4m6C+DdyM4GzgzODbIO0ERW4DZ4NeskGyQWtvwP6hA0LnD4mycUdAsOyIkqhHik8KmBm+BUACoALQAGgBsDzP8j1x2hcADp59V9KftbQyrxpA6vZPMsikEFEiHZQAbgAOAC5ST6XsAGQAfjDzKxHlMvCemV88x3iUxXyQ8RLVZC/jdY5qIuM/ycL28pOZd/c3j5XOFHrlTNtC2ml0shCvUX2dVR/HAI/Tes39Nw8jgyasjGUArcVI6Ue7ZRkYXlq3njRUFHoki8BJXkOQGNDPncmmEd7QMjM2E2HzS4y9MPMrwuQkzwY2eVb1jplvgfq6fUJE2WZiY+gD+7dhop1jcKjkA4sWIon7YQzR7cjq+MpfADcDEr1kqm7xikcX4TFDv6n6k2Ggr1Y0JS3BiigRZQ6iJ2buNh66pWG+fyTXfkR87pz3ejSPOimCZRdLrali7fw5l1pG08uAQl+uglTh0r0FDTXlT9FtxhZpSqn04JdncY1sISNN+VMooPaE6l2bmQ58jO3LYQFDa19WJV6XAzhqFMcWJ/TEMmfsccH47E8kQ0W3aWR+k+hbJpPNGF4YjXy3kci3wRLcfyQCiWxOPHRiiIzPbMlNboMIYeZOznyaC6cL5E8w8wULykYzigFW4iuaHDx8EL/1M1QYhRWNtxhuLIeIWH7rbejWSOBdFE+RaK6HKBGlQ0cb40QPny0+NaJF5EayUxdSt88Wn3dSr3JiY0gLpeLByQL5s1qFQ0deRBWKwaTG/FmsmT/VOPdE3Sp06jl0FC+9xhzhXMKx1vHvi9oIvjPzhYjehBxXRHQSt+4vjhNpv5X6CzPvA1NJqi6pn92DPRH1l+T/5DqmWypMGwD5iEsd1dWlvvavjPGYBf7NUC+F6H8B5h8MFnk0iQAAAABJRU5ErkJggg==" alt="$SP$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> can 
be refined into an symbolic interpreter operating over the
symbolic types defined in the previous section.
In the case when every input variable is symbolic and every
operator is redefined, the path-condition is equivalent to the
<em>strongest postcondition</em> of the execution path <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em">. 
This guarantees that the path-condition for <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> is <em>sound</em>.
In the case where a subset of the input variables are symbolic
and/or not all operators are redefined, the path-condition of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAaCAYAAABctMd+AAABhklEQVRIx62V4VHDMAyFv+QYIMcIYYMAG5gN2hUyQlfgygYZgSsbpBtw7QbOCM0I4o/Cqa7thBLf+ar4pOenV0tCRAg3UAM9MAIe2Ed8WuCkPqP611c+CXAPbNTeAwIczMUeOExgQKUXCdAmwRWsM9+NBomyHQEXiauMX50CH216gDNBAjSxbNV3Yt+LCCVmFUXhgEFEBnPcGPtDRM6k10V/HXANDmyBY3D2aux38uvREK3DtBxQRWQSwKfkiPgK4B7stSJyDGSq9Y8C+MpRLoqiMr4Al3ImTWfsfsb3Jfge5tI8TGkukKQzkpySRRTR8PRHvXdZ8KB49jPAthbG6bxcqPfnjN7b6HPNsOkNmyrjV4daZxuXBtmSdwtI+JsaWaC3n3pF5oX4WHYp8J1lrQ0p7JQT4y6Z1ZzeQSv2ZoB04XAId6GBYSlPh2cReebOVUaAbYs98o9Vzrzv77XB39ZifqO50XsQkafVmOuYW4X1b/nru92YAStqt7HptHSH1Zja7T3gP8Rp8Mdlgj+IAAAAAElFTkSuQmCC" alt="$p$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> 
is not guaranteed to be sound. We leave it as an exercise to the
reader to establish sufficient conditions under which the 
use of concrete values in place of symbolic expressions is 
guaranteed to result in sound path-conditions. 
</p>
<p class="indent">This section does not address the compilation of a symbolic
expression to the (logic) language of an underlying ATP, nor the
lifting of a satsifying assignment to a formula back to the
level of the source language. This is best done for a particular
source language and ATP, as detailed in the next section. 
</p><h2 id="sec-impl"   style="bookmark:4.&#8194;Architecture of PyExZ3"><span class="heading-before"><span class="heading-label">4</span>.&#8194;</span>Architecture of PyExZ3</h2>
<p>In this section we present the high-level architecture
of a simple DSE tool for the Python language, written in Python, called&nbsp;<a href="http://www.github.com/thomasjball/pyexz3">PyExZ3</a>. 
Figure&nbsp;<a href="#fig-arch" title="Classes in PyExZ3" class="localref" style="target-element:figure"><span class="figure-label">6</span></a>
shows the class diagram (dashed edges are &#8220;has-a&#8221; relationships; solid edges
are &#8220;is-a&#8221; relationships) of the tool. 
</p>
<figure id="fig-arch" class="figure align-center"    style="page-align:here">
<p data-line="1"><span data-line="1"></span><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABOgAAALACAYAAAApEE2IAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAP+lSURBVHhe7N0HfFNV3wfwX5rV3dINLXvvvUSWm0dRUBTB+Tgf9x64X/fePm59nIiiOHCiIiCy954FSinde6QZfc+59wTSkkJbOpL29+VzyD3nntwk996kuf+cYagQQERERERERERERE0iQN0SERERERERERFRE2CAjoiIiIiIiIiIqAkxQEdERERERERERNSEGKAjIiIiIiIiIiJqQgzQERERERERERERNSEG6IiIiIiIiIiIiJoQA3RERERERERERERNiAE6IiIiIiIiIiKiJsQAHRERERERERERURNigI6IiIiIiIiIiKgJMUBHRERERERERETUhBigIyIiIiIiIiIiakKGCkEtExERERERUTNXVlaG7du3IzU1FcXFxSgvL1drqD5YLBaEhIQgMTER3bp1Q2BgoFrj58p2AxmzgJwfgVKxXH5QrSBqRJYEIKgTEHUmEDcVCBTLzQQDdERERERERC1EcnIyVq1axaBcI5HBukGDBqFTJz8PIqS9Dey8DQg7SbyoroA5EQiIAAwGVYGoEcjwlSsfsKcC5TuAwj+ALi8Dra9VFfwbA3REREREREQtwI4dO7BixQqVo8Y0dOhQdO3aVeX8iD0T2HoFULYPCJsIWDqoFUQ+oHwPUPg9YG0H9PwQMMeqFf6JAToiIiIiIqJmbvfu3Vi6dKnKUVMYOXIkOnbsqHJ+YuMkoHg7EHObKiDyQVkvAsHdgb7fqgL/xEkiiIiIiIiImrHS0lKsXr1a5aipyK7F8lj4jQNvipMnmcE58n0xt+vjIh54QxX4JwboiIiIiIiImjHZtZVjzjU9eQzksfALckKIXbcDoRNVAZGPk12wd92pn7t+igE6IiIiIiKiZkzO1kq+wW+OxcHPgNDxgKWdyMhRsZiYfDxZ2uvnrJxp2E8xQEdERERERNSMFRcXqyVqan5zLHLm6rO1yiHrmZj8JclzNlucu36Kk0SQVyVl5cgvtKGw2Ib8ojItFRTqtzLlFZQiv6QcDocTDrsLDleFtlxmc8DuEHmnE06XuBXLMl9ul3knXLKe0wWnSJLRGACTSAEBBhgDjDCbjLCYRZkpQOTlOqO2HGQ1iVuxLOqZtPVGRARbEBkehIjQQC2Fh8lbq76sJSuCAy3a4xARERERtVSff/65WiJfMH36dLXkw5YkAFG3iQu2SFVA5AeceUDOy8DINFXgXxiga0EycoqQni1TITKyi5GWVYjsvBLk5JfqATiRCktsKBHJYAiA1WqG2SwDY2YEBJhQYTDCJZLTFQC7MwABog5EMhjEjbitkAswiGWZZONMfVlW0G9FXVmq7qepcKFCpkPLeuRbPy3lrSoTy+JkVXm9rksks9EFo8ElnosTBpcMAjrgdNhhtztgs9m1+sHBVoSJFB4SiIiwQLSKCEJMZAgSYkIQHx0mUijiovRlIiIiIqLmhgE63+IXAboF4nqtzRvatRyR35DBggM3AGP1BkH+hgG6ZiQnvwQpB/Ox/2AeUtLzkZyahz2puVpQrqCwFEGBFliDAmE0WuAymFHuEB+6ASYEGE1awEwG4WQyaEkF0PxchcslkgMulbTAntOBCqcdVrMLARUOOO022MrLUVpq01rhxUWFoUNiK3RKikTb+AgkJYjbhAhERQSrrRIRERER+Q8G6HyL3wToEv+rMkR+JPV6Buio8ciWb7v2ZWP3/hxs35OFrckZSM0okG3MEBIUBIPJCkeFWQvCBRgDYZQt4IwW/vpxLOKt4HKWay3wXM4yGFx2mALsqHDYUKJNh16BxNhwdO8Uix4dYtEpKQqd20WjdQxb3hERERGR72KAzrf4VQs6In/DFnTUUPYeyMWmXenYvDMDq7ccQHJqDgICjAgODoYrwAqb0wKzORABliCt9Rs1HK0VXnkp7PYymA3lMMKG0pISUe5Ex8QoDOrZBr26xKF353i0b9NK3YuIiIiIqGkxQOdbGKAjakAM0FF9kBMnrNqcitUirdiYii3J6TAaTQgMDoW9IhAVxmCYzUEwyC6p5DMqnA7Y7aWosJfAHFCK8tJicSwd6N4hDsP6JmFwr0QtyQkxiIiIiIgaGwN0vsV/AnSvqwyRHzlwIwN0VDerNu3Hso0p+GdNCjbvOojoqEiYLSEodgTBaA2G0WhWNcmfOJ12OG0lCDKWwlFehJzcPPTs3Boj+7fFyH5tMbh3kqpJRERERNSwGKDzLQzQETUgBuiopspsdixavQcLVuzGgpXJMFusgCkMzoAgmAPD9RlOqdmRs8naywpgcJbA4CiCo9yGE4d0wEnDOmP0oA4ItDIQS0REREQNgwE63+I/AbrXVIbIjxy4iQE6Orq/lu/Cd39t0W5jYqJhRygCrOEwmqyqBrUkTocNjrJ8mFxFyM3JwdhhnTFpfE+ME7dERERERPWJATrf4j8BuldVhsiPHLiZATo6kpzQYeZPG/Dr4m2wWAMBSyQqTJEwBBhVDSKgwuWEy5aHAGce7LZSnHpCD1x0Zl9t4gkiIiIiouPFAJ1v8ZsAXWsG6MgPpflvgI79KRvA5l3puOeln3HhXTPx24oMGMM7AaGdAUs0g3N0BHlOGIPEuSHOEWN4Z+2cmXrnTNz94s/auURERERE5P/64Yxp0zH9wtPRR5UQEdFhDNDVo/3p+bj92bm4+pE5WLqlBOEJ/WAOawOjOUjVIDo6ea5Yw9sgonU/LNtWiqvEuXTL0z9o5xYRERERkf8KgMEgbwJg0guOrfvJmDJtOqZNORndVRE1JtnZruWlPV+/CkP323DG99le19dLSl2Ck7rfhMArl2OPt/VMx5H8FwN09eT9b1bi7Bv/h+0HnAiO6wtLWIJsGqXWEtWSOHcsofEIEefStlSHdm69+eVytZKIiIiIqCUwIEAG9RpL1AhMlK38Jo1Ga1VE9c+ethvvPf5fdBl5Owzdb4Zh0IMYfuMP+GxjIeyqTlNyupzifweKbA3YTdJZgXJxYytxQD6aLgsfXir3yV24e8Xh0ppY/vp9+r6sQQp8bpe6F/kaRpCOk9Ppwk1PfY+Zv2xFZOvesBlj1Bqi+uG0xGnn1pfztuP6x7/TzjkiIiIiomZv2+/48vPPMXP2H9imihpUsAUmGRA0GMCBiQQ5XH09J3vyPzj9tJdx9SdbsSvHoT9OcT6Wz5uHi8+bh7+93Kfxk/60vK+rx6Q/iEeZHWXFsiwIIRbP8pokbWM14/X+zSj5MQbojkNWXjGm3T0Le9PtMIR1ZFdWajDy3DKFd0SyONfOv3Omdu4RERERERE1HBnsqM9UgG+e/wLzy4G2U67A9lUvoGLryyhf9QjWvnYmzmonwxPe7tcUSfJWXl/Jk7ssHtfNfl7sk0fwcL/a7YthNz6u7cvD6QbcKtYAY/FnpfKXUXZXJ+0+zTf5L87iehxuffoHLNuchdDYbqqEqOEVZm7H4O7ReOP+s1UJEREREVH1GmwWV0sbDB4zBO2jghFo0gMKTnspCtJ3YfXiDUiv1EtvACZM74VWyMXmWUtRNmoUercOg9VoQIWzFHn7N2Hx4u0oULU1rUdj0vi2CC5JwfxvFyFNFWvUY3eIDtG2ITYCe2kedi+fj1UHZOfByoytemDEiB5IjAiG9lRdDpSV5GDvyoWifmecOnUgYr01m3NmYs2sediisvXBb2ZxTXhJZerLDtzW4w28jI5497dbcFU7Vexjdn31Cro8mIxRjz2Av89voB5y+5bixNO+wOJBF2Ln5yPQWRXXH/e+lgG6yRivSluEg7dxFteW5pvfN2Jzci6Dc9TowsQ5t3VPLj6bu06VEBERERE1svABmDBpHLrHhargnGSA0RyMVkl9cdLEMWjntZ9oCDpPOgODksL1wJpgMAahVfshOOOMfmKtB7Feq1G1y6nHY7u3ITYCc3A0uo89G6f3q7QVGNuNwcQzBqF9KxWckwJMCAyNQ/fhI5CkiqihWREZJW8zsSfnaGOsHcSrZ98KQ49n8OpOVVSJe/1H+DpXL1n43J0iPwfzYUfyork4few9In8rAk94Hv/+KgUZsjetowgrf/gG406QdW9F+Ni3cN8/eUcd965s/xbcd+XDCBf1DT3uQZ+b5mFemvfnbs9OwWePv4UuavuyftIFH+DJeenIUXWORX8d9+C+NargEPm65uHccx9AoLbtOxF32lu4+Qf12mqsjvu23/dYCCcyNi7Fv93Pod8DGDRjKdZUM5+h3HdP3vQ84vrJ7clj8ThOf3ELkm2qAh2BAbo6mrtgG2wB0SpH1Lgcphj8vHi7yhERERERNaZwDB3TE61MgKs4A5sWfYtZn3+Oz2d9iz/W7kehAzAEJ4k6HVV9TxZYzTZkb1uEb2fp91m0Kx8yxmCK6oph3u5SSQiGjJaP7UJxxiYs+naW1kLw89k/YLHcjsGC6K7DcHgzcRgxMAnBBvEdOn8XFv8wW6s/69tF2JRWgHKHAyXYgnnyuSzcj1J5l9L9WCi3qb2m+m0951eqju113KkNJkyPFBsuwhNXvotXNxTC7rVePE6ZIqfpSMN7/6QduX7rZvxXXgqd3BcnRuplTrs8gwrw/XPPoOfVv+O3dD0KZMvZj/89+AJO+WA93vvPYxh610IsUGPfFaZvxVNXvIz7V4ij7rl9ZfvnH6LbKW/jqcX5KNRKbNg070ecdvqb+HCvR32R7MlLcPr4F3Dxpx5j64n6qevX4/6bnsKAJ3cgx6O+ljSVy/TXYUOpzbO8GPOffAKdrv4RczYXibWSA5n7tuK1u17AUys967qTVklXqbyO+7Y8F7+9/iLaTfkC/3M/h/IirJnzBQad8z0WFlbeTs7SOdq+u3/efmSqBq22nCz89s7b6Dlx7hH16zX5MQbo6mhLcjqM1sq/zBA1FnnubdlVqZE/EREREVHjSBqApHAD4MzF1t9/x7qUEn0mSmcJ0jcvxE+bsrS8NbojusjySgqx66dv8OuqFJTISuI+Kcv+wu58eWFtRUTSMeZPjeqPNhHisQuTMf/3dUjRNiKUF2Lvsl+wM08sWyPR1t0sLqkH4uRlmzMLm35Zhr2FerTAWZKCdfPnYvYP/9S4dRMdLyOGXXs9PjjRChRvxS3nP4joC7/Be8uzUaZquPUaOwajxO2Gt9ZhuV50yPLf/8Q2mHDlBT0Rr8p0a/Dy+3lImnYFtq98HhUbHsOKu7qIs0ps58UPcPXfwOn33YrUtS+hYu0D+OY8GSzMw3Nf7arctVrJ3JIOy1lTsWTBc6jY8hJKF9yK54abxLm2E9e9s+XwfRwH8MotszC/3ITO0y7BWlW/Yu0T2PLOSRhoAVI+fht3L6z6KmvGvvYvTP1YnNiWLnjui4dRsEFse8tzSJ1zBWb0j0FkLYfCr+u+feL1LAy85lpsWSZf3/Mo+OUKXJkgVh38EzfOOahXk4q24O5rFiAlpAee/Og+9XzF/ls2Q9vntn2/V65PhzBAV0elpeKD3eWOjBM1MnHucTZXIiIiImoSMSGQMYGK/FSs9TJ3mXNTCrQejJZgtDqiTYMDtiOiIcXYkqG3UQoKidVuq5UUrneDDeuMs6ZP18ZzO5ymooeMuchZMN1Dhx16rgexScXyqKZk0LSekykG/373QWx+7WSMjTKhcN0iXH3Z44g8/RO8t0WeTKpeux64boxYzPkb36+V193ubezFz58XiXNrMM4bJENv7nJd20uvwfKH+qBrSIB4rBAMufQ0XGeRa0wY/9jt+OGSdmhjFfWtUZh8zWlaoAob0rHn0HYOb6v77bdgy3PDMSJOdrCuQGBcO9z54ET0FTnbDzuwVtW3r1qGB2Srs0Hn4teHBqK/qg9rEHqMPgs/PN5T5B14/0cZCKz6OJ55d5nkzjvw98/zkSmWJjx+Ee7sH4Ewkyw3ok2PPnjyi/vwcD933apJ8lJex3079aX7sfC27ugRLl9fAMLa98GL/zdcD4D+sffQPkxftATvl4v6T1+MGcNi1PMV+y88FpMfuRDXy/q/JGPXoe3Xb9pf3lXc+icG6I5DSQGjvtQ0eO4RERERUVNJCg/UbuUkC94VwqY1VDMjqJVWcEzFdj16ZjAc4xI1QI1Ld1QO2LW+qjV5rlQ97wGQ409B6HnKv/DXgkex/aNJmN7OBNu+1bj6wv/hvT3ugFE4Jk4bLG6L8M6CfbCr+9rXbsQb4lBaLxyEU0I9t6k776TOiDpUJpIpEr37yDVtMX1YjDgjPda1i8ZQuSo5H9me5UpMK2vl+jJ17oxLZf/p8hTsStXL9qWkaF0+x5/XFZ2r1hcp8YQhmCSWKgcCPXnWd3Pnc7Fro9wnXXD+oHCP8pokt6rlddu3rVuFHLE/wgf1wQVy5bIDSFZl2zbpncJn3fQADD1vr5z6voX/ypWrD2Kfx3bqM/2Uexle/j0FJeX+F5FngK6ODOKvgq0oB04HRzikxiXPOXnuyXOQiIiIiKixpRXp10CBwdqI/16Ewaq1WrKhqIajsoSY9Wkganx9lbtZHyPOa/oSv2/Tqx37uVL1vAdA6i2ZLOg67ER89uMD+O3SSK3r6NXPr0e6Wh8+ZCCuFOdR5gdr8bdDljmwcsFSZCIUd07oUCVY5OZZ5rnOW7lMUm3KzYjUgs6yR5Netm9HsixA/0S5omp9kaJD0EEsITnPSyDQM+8uk9z5HGxaLfOt0SHRs15NkuStvB73bagZ+sj8h8v0cfSOISEEER73qc9kNJRj5Z5CvDgvBct2e+u87LsYoDsOwZGtUZSVjAp2daVGIs81ec4FR7ZRJUREREREjctZUAbZQM4QkYDelaZX1Rl7t0WULC8tQsYRjVhMsMqGQJWEo1d8mLZUWpyu3VYrvQgl8jY4Cl28PHZVh55raBy6Hau+s0K7xIchgBfKjckUilOnnYxhcvmPvdisFQqhXXHlFaFA+RJ89k8Z4EjGlx8UAVEn4OwBNTj4DaIcedrspqEIU923Ezu2027XpVbTSjO7CHvkbb84JGoFtRGB7v3kbRr2pGoF9aO+9m1RObLlbVRQ5RmYhVv/97w2Vp3XNP9kDFL16pvRoA8FtTWtBB8tOYhv12ShyOYfren4uXMcgiPawBQYhryDW+Fwt6EmaiDyHJPnmskaKs69YwyeS0RERETUUHYmI1s2TDPGoPe/xqBXfDC0S3pjMNr2PwVn9Y0R+QoU7F+L/bK8kjB0PmMixvdvi2B5J2Mr9BgzFh3lpBMVhcjYeoyuqGnbkCmHKrMmYJDnY4v/g+O7YPD4szDlnNE49G3Z/VwtcRhwxnC0D9Oa9omnGo9eY0Tdsz3qphXqs1MGtkLnDrKeBTHt2+CIeGKLcWTrpAZLNhvyxRI6RiD6UHkAhowdjljI8dt2I2fVJrxZDvT9Tz8M87yvltyqlh9tnacjy7NySw91/3Qn+7Zt+Fg2mItqg47RellCgj5u4vxfk5Fapb5Mqf+sxLdiyTogFh0rrZM88+4yyZ0PRZLW/G4nfvUco++YyZO39bXft2mFRz5+zsp1+FIsYWAc2quyjt07yxL8senAEfuvMVKAPmWNpqDUgdmrMvDxPwexI10L7fs0BuiOU0hkIgJDY5Gbugkl+RwXjBpGSUE68g5s1s61kFbuKamIiIiIiJpCMhau2I8ScT1sCkvCgJMnYaqcpGHqJIzuHQc5Pr8jd4uo46V7WXE+8hGG1r1HY9JUeZ8JGJQUBpO4sC5JXYcVxxwqLgNL16Sg2FXlsadPxaSTh6F763BYKg0Fk4xVu3Ih+zyZIjpj1MQp2oQSUyedjAFJoq7RoAJ80gEUaJNeBKH1CbLeFJw2qj86aetaoApxgOszrZiLuIkf4cl5B7An367K7TiwdQPunvELZK/kvtO6o5/Hfcz9B+CBbmLF939iyptLYEMCrhoZd2j9oeRWtdxznQzgVLeuUrletO3F1zH8uQ1Yl64/17KUrbhfPM8NYl3bS3timKofPri/1l0UC7/CxOe2Yqv7tZXlY90P32DsA1vFygQ8Prk9zOo+lbjLPMsPlVkx5sxh2kQMs+74GM+vzUWhXZbbkbtrK+679HHct8Jdt0py87ZOpNru21k3PYkz3t6JHUXi3SSP29q/MOWWVeJ+ctbXbohX9TucMAwTRP0Nz32Ai7/aixStvlhnL0PK1m149a6nccY34o3u3n49J88Ands/u/Lx0T8HsXC7nObZdzFAVw+CwuPRqk0vOMoKkZu2BeUlWuyf6LjJc0meU47SAkS27qmda0RERERETc25byF++GU19uaWwK6NxSW5xDVRETK2/YVvf16LyuE5l379bEvBj7+sFPcrlT1KhQo4beI+W//EDwv3ebm0PpJz3yLM/VV/7HKH3p1N2469BAVp27Dot3/gOfRdwdqf8cs/u5BdYlePKWo77SgpSMOuNZ6t/DKwdOlWUc8hnq1Q4YQtNxMHtHUtkdxZ9ZnEsdi5Efff/BI6jrgPhl53i3QfEid/jOe2OGAdfh5mXxjnUV+mOJwyJUHc7sH8ZQ5g9Dic19lzvTu51WWdt7JYXHJee2z+4GMMGKc/16DT3teeJxJOxEdT5ZBDqn5odzz79oloCwfWfPA+erpf28DHMeDuJdhVbsL4Ry/BLd1l+KXq43jm3WXS4bLwkWPx+nCTuDjchbumPYnwfvp+izrrfTy1Ih+laiy8I5Pkrdydardv27YNxV8vv41uQ2fox23aj5hfDnHczsHdIz1mfY3vi5ef6IYw5OHLh15HO62+eM79HkS7ye/hlrnZKK+0/fpNAaqLa1V7ssu0Lq9fLE9HdrF4vT6IAbp6YrIEIzy+K4LCYlGctx95aVth40xBVEfy3JHdWeW5JM8peW7Jc4yIiIiIyFc4c7di8c/f4qtZM9XkDF/gy2++x++rDmjjvlW2Hr/M/Bwzf1kPFGwX95uDWSL/+eczMetrcZ/V6TUKzrm5H3v2l1+oxxbb+epbzJ2/CiklR26pYM8y/PrtV+oxxfOY9RW+nTsfy/ZUDiM601eLel/iC7nNmbPw9c8rkaHWtTzeAyB1TgNGY9WrE3HZqFh0jjKJMsmKxL69MePZG7Hv3aHoZjryfr1OPQmT9J7JmDCxExKrrJfJaJLbM8FsrLrOAKNZ3MAIY8CR68xyuyFm8SwOlxuNsk1lOMb/5wrseO90TO4ig09CSDhOu2gqVs85C+MjPLdTgajhZ2H7b1fgiVPaItE9GJslBJ1HnYBPv7wXv06JrjzxQoAB8qGtwSatO7i7XH8dVgRZPOqaonHVu3dh0X2DMSxePRf3fnv0P7h9sEfdQ8mIIPk8LAGVtl811WTfup336G1Y/coJGKuOnTWqDSbfeiV2HHHcAtBt8mXY+eVU3CSOdeX9MRgvv3MnvpsYKQo871N/yVsLOjeb3YW567Px0eID2JiqNZf1KYYKQS1TLQyc8jJi2muTMntVXpyD0sIMOJ0OBIZEwxoaLd5s6swn8sLpKIetKAtl4twxGk0IDIuDNaT62aay9q7Amtm3qhwRERERkXcyIOV/LIgZeRpO7RgOg5yx9ee1qtz/yS62Pm9BABD3lMo0Mcc+PDDuv3iiaCh++vs8TAhV5XT8arBv5z99L076GLj1w6fx0nBV6MO+3HwQ3+derXLVax1hxam9WuHU3lGo1Cu+CbEFXQOxhEQhIqEHwmI6wOUqR96BjcjP2I6yomxUOH2zOSU1PnkuyHNCnhvyHHG57No5I8+dowXniIiIiIiaq35nTNPHf5PBOVSgMHefWkON68jWSU2RCpYsx/M5gHVib4wK9V6HqW6pZvvWzds630smg13cHltavg0Ltuchq7Bm9RsDA3QNzGwNRWhUe0S3G6S1pCsvyUXW/nXIT9+GkoKDnP21BZLHXB57eQ7Ic0GeE4EhMdo5Is8Vec4QEREREbVUNrs+9yNcDpRkrMeCpRw6qGkcGfxo/JSPHz5dCRtCcOd5nRHutQ5T3VJN962bt3U+mGrQHK5fUiiuGdMGD5/dEbFhWh9on8AAXSOyhkQjPK4LYtsPRmB4PFzlNuQf3I6c1A0oyt6jtaRyOrSJvakZkcdUHlt5jOWxlsdcHnt5DshzQZ4TbC1HRERERKTb9sdszJRjwH3xJb79fVOVySao8XgJfjR2St6MlxeJa+k+J2P6ABm+8FKHqW6phvvW67h4vpzkTTXiwy24YXwi7j6jHcZ0i9RmcfYlHIOujo41Bl1tOMpLYC8rgt1WKG4LYQgIgNkaBpMlBCZrMMziFgbfOnGoGuLtZC8vhsNWIo5rsXZMK1wumAPDYAkMF8czVBzXIFX5+HAMOiIiIiKqCf8cg6758p8x6B5TGSL/8c2WNHyTc73K6SKCTNps029e3A3GAN+NrbAFnQ+Qs3MGhcchPLYzotsOELddtW6ODnsJinP2ImvvKuSmbUFR9l5t4gkZ9JFjlVHTcrkc2rGQx0QeG3mM5LGSx0weO3kMw2O7qGPaGYFhsfUWnCMiIiIiIiKi6snA3L9HJeDVaV0RYg3AzgzfHmKMLejqqD5b0B2LPEROrTVWsTZ+maO8FE5xGxBghNEcpCWTORABIsmZYo0m99TLVB9kF1U5w6rLXib2f5m272VyuZz6vrfI/R8EszUERksIDI3U2pEt6IiIiIioJtiCzrf4TQu62EdVhsh/fLP1IP4ovRkT+0fj5J5RMKturOv3F2ldXGXyVQzQ1VFjBuiqowWODgWMVPDIUY4Kpx0BJiuMZpHEbYBRBu3M4lYum0W5PCHZZVZXIfZdOVxin7mcMhAnb8vVvrXBJW4Ncp+ZLFoQ1KglGRSVwdCmDYQyQEdERERENcEAnW9hgI6o4RxI/RCxJ+08FJjzJwzQ1ZEvBOiqI8c8k8Emh8MGlxZkKofTWa7dykCUXA4wmrSAnSHAqC8H6AkGd94oFvUyeWuQt2r7vkqeyBUuByqcDq11m1yW3VBlvkLk5bKW3Hmxj+Sy0WjRApcBsvWhXBa3AWYrTFpwU+4j3+wJzgAdEREREdUEA3S+xX8CdI+oDJEfyRTn7ViXyvgXBujqyJcDdDUhW4m5tNZiMlilAlcymCUDW1qA63B5hVMGu5wwGI0wGERyB/MCDHp3TkMADHI4Q7koluWCLJf/9Dp6mVhQ60R9uSjIs6+iQr55tAXtVsu7xK227FEmq0DeuvRyUUd7fhV6ME4+TxlwlM9TCyyq56kHGPUyd7lMRrNsVei7zVuPhQE6IiIiIqoJBuh8CwN0RA3oKAG62asycULncLSJ9M1hwRigqyN/D9DVhTuY526NBnHqaKePDJhpgTNZJN8Iern8pwXatDJ9vb5OBtjksh6zOxzAkyUyeCfyMrCnBfMOB/X0KvJW1tHuqAJuKmholNM/txwM0BERERFRTcyePRvl5eUqR03JYrFgypQpKufDZIAu5iHtmovIb8hAQ9aj1QboPl5yEImRFm1sOl/EAF0dtcQAHfkWBuiIiIiIqCZ+/vln5Obmqhw1pVatWmHChAkq58P+iQPCLgGMYaqAyA84C4GiT4GR6aqgssU787ElrQRXjW6tSnyLbLpEREREREREzVRiYqJaoqbmN8fC2h5wZagMkZ+Q52xgZ5U5UvvoQCRnlaqc72GAjoiIiIiIqBnr2rWr1rWSmpY8BvJY+IXoswD7PrEgO9wxMflJcqQAUeLcrUZSKysuHhGvcr6HATpqXN17YOYLo/DLA90xWBUREREREVHDCQoKwuDB/Pbd1AYNGqQdC7+QcAlQuhxwpIqMl0AIE5OvJccBoGQpEH+hyFevZ+sQteR7GKBriUb3xfcvjMK8SukEzH1iCN6/phOGBat6DcGsTfMAozEAvjlvChERERFR89OxY0cMHcoxtJuK3PedOnVSOT8QKJ5rp2eB0sXQBt5nYvL1VLpIP2flueunGKBricKNOPJ3GwOsgVa0694aj97XH1fGqeJaC8VdM07AvBeG4uHuqoiIiIiIiJqc7F45YsQIdndtRHJfjxw50n+6tnpKvAkI7gIUfCoyFUxMvpvkORokztXEm0X+6NbsK8S3azJVzrcwQNeSpe7HqXcs1tO9K3Dnjzk4YAOMQaGYfGFSHVu4WRBm0afiNpq1GyIiIiIi8hGyFdeZZ56JPn36aDOKtoRgXWBAHowGu8o1PLlP5b6V+1jua9l60W/1+AAI7g4UzQYcaaqQNCX/AMV/AGVrAXsq4CpRK6jRyG6tRV+Jc7Qb0PNDVXh0EUEmbEgtVjnfYqgQ1DLVwsApLyOmvZ82ET9zAOadFKIH6F7cqwp11hP74IvJEQi1F+DdezfgS1Vec1F49OGeGBlejiUfrsBDG1WxW5+emPXvKEQV5ODh/9sC8ZFGdZS1dwXWzL5V5YiIiIiIWqAKB1C2R0+2/SKJ6xv3svtW1hmZBphj1J2o1g68BewS1x7W/oClM2AU+9IQKpLeOKNFKlsBFM1TGcXYCgiI1G+1JJYD1K2BLVePm9adtQhwZgHlu8T7ex3Q+SWgzXWqwrGV2V248fPteO+yHqrEdzBAV0fNNUB3KICGYnxxx1rsu2Y47u5uQsG2HTjvnSOn2T5VrT+wYg1+jOmPqzt6a5Tpwqa5S3DrfLHoGaB77iAGXN0ZZyRaEWSsgK24DKt/24KH/vYy7bE5BOdN7YrzegYhKjAARlHksNmRmZqD/321E39WemqRePih3jjRIB7jyX1oLe53fp9gRJsNcNrtSN2egkc+SEOKqu2vGKAjIiIiohalZCtw8P3KAbjyg2rlUcgZSfv8oDJUZ2W7gfSZ4kJkjtj/+wB7llrRktUlnNKCg5r1wRwNWNsBMZOB+Ol1GnPutlk7cO+E9ogP962gKQN0ddRcA3RxYt0HYp3V3cJtSG98PS0S4cV5ePahTaj8+0A8nn28CwYGleGPl1dh9zkjax6gKy1HVoAFMVX70brKseTTVXhonUsVCOYYPDqjG0ZGVPNBZivGFy+vxfuHgnSqFV9AMbbbg9GtVdX7VSBr03Zc/kEWbKrEHzFAR0REREQtSoUT2PMgsO8pVVBD3d4FWl+lMkT1aMNZQM6PKlMDrU4B2j8ERIxWBdQU0gvKERVihtnoW8FSjkFHuuAgjJ/UD6+PDYEVFUjbkap3P12Zhk0F4jYkHGeOlwUexsehVxDgTM/FBynAl68vwal3bMESWR+yi6sa3+4OFZzzFGRBjMmGVT+ux7mizlkvJmNNfoU4Iy0YNj5JVZIC8K8rO2vBOWdpCebP1uufescyXP5pGrYXiftYQ3D+5Z1wxLwWoSHo1grI2LYXtz4ox9lbi7d2lMMJA2J6JuLoky8TEREREZFPMRiBdg8ASberghoI6qwHRYgaQuQYtVADUWcAHR5lcM4HyJZzvhackxiga8kSkzDvhVF6emwQ7hsdhlbib15pejpe/EqLsgk5+GqXbGcWgC59K08ccUHvUC2Yt39HKo7s/HoMsqXcZ6tx75+FKBRZW+oBPLi4SGvRZowIwQlaJcHcFhM7m8RCOZZ/sQZPLtHrAw6krtmNGz7K1h7bGB+Jaa20FR70lnJXvLMfm+R4nfZifP1+GrbL8WEDLOjcR6tERERERET+whisB+kSb1QFxxB5MhDYQWWI6lnMuWrhGIJ7AN0/BMJHqgKiIzFARzqXC8V5xVjyx2Zc9OwurPWY5GjDj7naeG3WNlE41z0zqzkJJyaJ08dVgiVz69BRtKgIv3h2YxVs28uQo5YP6R6MKHmW5hfiu6oTTki7U7EhWy6YkdhdK/Fgx47lVbqx2vNwwB17JCIiIiIi/2NupQ8MHztFFRxFYEdok0QQ1Sc5/l7ae8COGkxOEDoA6D8fsCSoAmpqB/JsePrnKuPx+wAG6FoyOQad1l1UpLuWYNJja/HQT7mqhZqH3P1YnV4h/hCGYsxp+iljHROFTmbAlpKFT+trxvIUG46Y7Li9FVHytqgUq7SCqoqQWSZvTQiL1gqOwV2fiIiIiIj8lsEE9JwJRI5TBV7IWVszZwHLOgK77xKXAmvVCqI6kJOS7H8ZWDtaP6fyFwBtbgDa3asqeBFxIjBgEYNzPkaOP7fbBwMDDNBRDdjw7irZ/dSAjr07IE6cNhf3l91bXdi5YX/DTrSwvxx58jY0CIO1gqpCERsob+3I3q8VEBERERFRSyCDdHJ2VhkE8Sb+YmDwGqDvz3rdjROBVQOBlOfFJQ4vHqgG5MzBex/Xz5s1I0V+E9D+YWBULtDjEyBmEhB3kapchTwv5blnDFUF5CsCzQHaGHSFZU5V4hsYoKMasS3MwW67Gustri2GtDYAxQX4serkD3DBqc0LbECAUSs4Pvtseou+iFCc7m325E6J6CtbzrnKkbxZLyIiIiIiohZCBj9kECRsiCrwEH+ZfhvSB+j4FDAiRVw/PKcHWVb2BdafCqR/CjiL9HpEUsFSfbbg5V31oK4jG+jyGjAyTZ8RWE46IgO+bvL8CuqiMgqDcz4vNsysdXX1JQzQUc3Y9+OH3XLshiCc8J84dBRnTsH+TMzT13rIw37t75sZXYfHIkwshXWIxbAjplitIXf3Wlgx5rL+uH5gkLZN2aW198jueOeKaG321oJdafXX1ZaIiIiIiPyHDILIlnRyIH43uSzH/qpKBlfkYP0y2CIDeBmfAUvbAlsvEdcev3O8upZIHnN57Hfdpp8L7nHlen0FDNuhj3dYXStNt7gL1YIgu10zOOfz7j6jHbonBKucb2CAjmps3uoiyPkVoiIsMMKGVb97n7t1eYYehY7q3g3fvDAK39zUDf8eqhXVgQ2v/y8VO8UmjaGhmHzxIG2b814YjpenxKBjkAHO/By88n56w3a1JSIiIiIi3yXH+JID8buDdNV1O3QLCNS7wMpAigzChA4GkmdwvLqWwlUGZH0LbL8aWNIa2Pt/gDleP4dkt+gOj3kP8FYn6kz9Vk5c0m8eg3N+INhSH13+6hcDdC2RswKyp7XTpfVFrbmVKViRre6TW4gfduuLVW2YtQOz99lQqnXnroCtuBibt2irAHsFtLlbK0S5VuBJrJMrq67L2IvrHt+MObvLkGtzP2dRp8yGXWuSceNTW7CwUus5dzdb8Rq9tKpzqNftbR0REREREfkpGaSTLenkrQy+1ZScTCLpVmDQCj24IoN3HK+u+ZFdmWWX5i3T9KDcgTeAkP56QE5O5CAne6jaVbWmwkfo55CcuMSz+ytRLRgqBLVMtTBwysuIaV/nZmF+KgDTbh6OK9obsPfvVbhqDtusNaWsvSuwZrb4I0BERERERIeVH6yfWTPz/tK7wGbO1se4k11i5aQAbB3lP+xZeku5rK/1seVk99Poc0Q6Sw/MUouVWWjHq3/ux2PndFQlTY8t6KjmWnXAyW3FKeMqxdq/GJwjIiIiIiIfVB/BOUkGc+SkAHK8uoQrxRX9LL3llRyvLucXcLw6HyVbPO5/GVg3Xp/oIX+BfvzkJCG954jlyxmcI0QGm5DGSSLIX/U9MwrtxRljS8nEu7mqkIiIiIiIqDmTXV7lJACy++zwZH28OjnLp5xQQE4swPHqml7pTmDv48DqoXrXZDlTb7v79eBqj0/0seHY8pE8mI0GbRy6/FLfCbQzQEc1FIMLu1oBlx3r/tnPCRmIiIiIiKjl8RyvTk4oIIM+cry6lX2BfU9zvLrGVLhSD5TKVnLrTwUc2fqMqydk6i0f5Yy9MrhKVI3YMDMO5perXNPjGHR11DLHoCNfwjHoiIiIiIh8hHu8uowv9AkD5CyybLVVv2SX4vy/gezv9HEB5b6V+zjmvNrNuErko9iCjoiIiIiIiOh4uMerk6235HhnMojE8eqOn6tM7Mu5wPar9f2ZPAMwReutF4duATo8xuAcNRsM0BERERERERHVB/d4dXIyAjleXdhwYO//cby62nAW6S0RZXBTBuVSXwGCewOD1wADlwDtHwCCuqjKRMenzO5SS02PAToiIiIiIiKi+ibHq0u8UQ8qDVikd8ncNJnj1XljzwLS3tP3jwxmyhlzI8YCw3YA/ebp4/5Zk1RlovqxM6MUL/yWonJNjwE6IiIiIiIiooYkW3zJ7piyVV3XN4GyXXqgTk5uIANTstVYSyMDlPtf1veBnOghfwEQOxUYkaK3QGx9lR7kJGogcpKIrCLfmSSCAToiIiIiIiKixhJxoj5e3cg0oPW1QM6PelfOLdP08daa83h1pTuBvY8Da0YCqwYCJZuApDv0fdHjE717MCfWoEYSEWRCTrEDTpdvzJ3KAB0RERERERFRY5Pj1clZSN3j1YWPAvY9oQfr5Hh1hStVRT8nx93b8yCwoiewbjzgyAY6PqUH5WSgMuoMfV8QNYHWERbkl/pGUNxQIahlqoWBU15GTPuhKkfU+LL2rsCa2beqHBERERERNQuylVn6RyJ9qgeu4i4CEi73rzHY8v8WFyxfA5mz1Wu4EIg+BwgboioQUVVsQUdERERERETkKzzHq5MtzGx79fHqZOszXx2vzlUG5P4ObL8a+CdWbwFoigb6z9cnepCvh8E5oqNigI6IiIiIiIjIF3mOV5d4iz5enZzl1BfGq5OBQtlCbuslerdc2T03uDcweA0waAXQ/gE92Ejk4wrLnGqpabGLax35fBfXtl3x0c1xaFMlBOuw2ZGZno/vZu/A16kuVUr+iF1ciYiIiIhaIHuWHhjL+Awo2QrEX6x3g22MFmrysWVgMPs7IO8vPYAou67GTOKMq+SXluzKx9qUIlw3LlGVNB22oGuuIkwI9HJ0TVYzWreLwX9uGYSH+/PwExERERER+RUZCGvzH2DAImDgEnGRF6m3qJOTMMgZUm37VcV6IreX+jqw/lRgeVcg91cg5jxgRArQ5weg9VUMzpHfig+3IKvIrnJNixGa5q4gBw/fsRinamkZLv80DduLKgCjFSdO7Iq+qhoRERERERH5GdmFtP3D+jhvsitseSqwaiCwdrQ+Xp0jT1WsJTlRhQz2ye3I7RWvA9rcoHe17TlTb7VnDFWVifxXdKgZmYUM0FGjcyB1zW7c8EYGxMc20CoUZ7bVVhAREREREZE/k91Nu76pt2xLukMfr25ZR2Dz+UDWt8cer65oLbDnQT0gJyekcGTrwT8ZlJPBP9mNVc7IStSMRASZYPSRyBjHoKsjnx+Drk9PzPp3FKJkC7r/24J/VLGuPd58IQldUI4lH67AQxtlWTu88VxbdEvbj1M/LcfTV3fAgChxltpL8esbq/GS+IyXwnp2wv9NjkGXSDOCjKLA5UJxQSnWL0vGE7/lw6ZXO8TapSOeuiAW3VqZYfVy0qetWodLP5ezEB3r8QPQZVgnXH9KFDqFmxBiNhx67OXzt+HJv0v1DSqX3XoCLm5bgi/u2IgNk3rh1mGhiLUa4LTbkbp9P5765AB2IgTnTe2K8/sEI1psz2GzYefSHbjz+yNfhy/iGHRERERERHRUVceri7tQH68ufIS+Pv9vcWHxtT6unCTXR515eD0RNRoG6OrIrwN07nWuYnxx31q8r7XmVEG7rGLsDAtBF6tWUzgcxGt75gC8cVIIgtSayiqQtWk7Lv8g63Bwq08PzLwsGjFHiUYfDtAd/fFf7zoQH58YDBkTPJIDa75agbuXHp704srbR+HCxFLsTDGjY1vTEfcr2JWOTVFxGNnKoErcnNg+bw1u+MX3Q3QM0BERERFRi+HIBdI/ATK/A0q3AvYMcQniGzMv+h93CEBeC8nlqtdEVGMGcaVpjgOCugOxk4D4SwBTK7WSqHYYoKsjvwzQmS3oP7ozbjmpFdoGGVCavAfnv56qAmruVnWCqxxrftiMBxeWIrxzGCL25WNnq8744K4EtA2oQMbuVLz5aQr+znfBGhGBSed1wUW9AxEEB1bNXIZ7V8qNBODK20fgwkQDCvfux4Pv7cWmEhN6n9QdD0yIRIy9AO8+vAFfHurqffTHLzh7ED7q68KK5al4+69MpJZAe+wrr+yJyYlG2MRrOUu8Fjc9QCeXKlCUloEX3t2Nv0uCcN6VvXB1V4sK2InXsm0fnvx0PzahFW6/sTsmxIs1GQdx0TO7IP7k+zQG6IiIiMhXlZWVYfv27UhNTUVxcTHKy8vVGqovFosFISEhSExMRLdu3RAY2Iy7HmZ+Cey8BQjsJV54D5HaicuNCHE1a1IVqNZsO8XlkLgYC+ypCqhOZLdhVz5Qvk/s0y0ibQa6vArEXqAqkD8oLHPCbDQg0Ny0fV2b9tGp4YVH4f9eGIV5Mj09FM+fGaUF55z5eXj/S3dwzlM5ln26CncvLBbrXMjclY+d4nP7hLPE/cTZYhNfsm57Y68WnJNs+fmY9cEazNwr8yZ0HxKvlQORaB8mf4kpxq9vyuCcLHNg059b8Fe6WLQGY8hgWVaV98fP+Ho1JjyyFg/9pAfnJPnY//0tHzli2RpowaFGdx5KxfO9+fmd+vO1F+Pr9zOQrD11vcXfFe/s159bSS5e/EnfFsIC0QgTlBMRERE1S8nJyZg7dy42btyI3NxcBucaiNyvcv/K/Sz39+7du9WaZkQGP7ZeBuy+V1xeTAcipgFBAwFjNINzx8vahcG5+iDPQ3k+yvPSfY7K83Xrpfr5S37hu7VZ+GOLFg1oUgzQtSgVKC0sw4ZlO3DjU5vwndcmYnYkrzvcVdStZ6RF/F+BvZv3emlZ5sLMDUVasC80IhRxemEdeX98yZrYBvfdMhhfPjESv7iDjrKVoFwZEghv8b7UbXuhhs/T2QuRKXvUisfZsdyjO660sUQP0AWZ0VorICIiIqLa2LFjB5YsWcKgXCOT+3vp0qXa/m9Wtl8L5C4EYu7VW87Jzl9MTL6crL3081Wet9uvUScy+bqYUBMKypq+yzwDdM2d7OJ6x2KcqqV/cPYjq3D7lxlaq7Sai0L7MHlrR/Z+reBImQ4Uy9tAi95NVeQySsUHFIIx7sok9A6WZbKLa0+Mk43sXOXYt02W1Yy1f0/879aOGN8uEK0CA6oZi46IiIiImopswbVixQqVo6Yg979swdgsyG6tefOBuBkiwzHSyJ+I8zXuPiD3LyBjliojXxYTakFeSdO3eGSAjmogD6la9M2M6CSt4EixJoTI2+IyrNIKbHh3bTHKxYdTTNf2ePkx2eJtOF4+MxIxARXI2pKCd3O1ijUQitvOjNLul5+ShiefX4Gz3EHHD3P0Vm9ERERE1GRKS0uxevVqlaOmtGrVKu14+DU5IcTOm4GwSSLD4Bz5I3Hehp+jn8fyfCafFhlsgku2L2piDNBRDbiQUiSjyQa075bkZay3AEzrG6qV5+Tkq26jrfHUuFBYbGXYmmpDqdZatAK24jJsWLQF13jO9npMUWirTYRTgnlv7Mb8tPLD9zUaeBITERERNTHZtZLdWn2DPA5+39VVztYquwpae4iMvGpmYvLDZO2pj/Mnz2fyaV3ignDDeG2WySbF2AbVyE8ri1Agbq3tk/DOFUnoH6GfOtaIaFxxwyBc2l7kXaX4Z65qz9Y2DDEyYldYiLfeWomz79a72J710Crc/m0uCvVaNVSADO0OwRh3WTxizWLRbMGJ/+qNj6a2QqRcRURERERNRs7WSr7D749H5nfi+353eB3ji4nJn5K5pzif56gTm+joGKCjmlm5Ba9sKocTRrTp3R7PPzRSm6Rh7kM9MK2TFSaxZudfoo57BomUnXhvVSlKYmJV91Y9/fL0CMx5fBg+vqU7zkus6emXh292lolHMCCmZxd8/rTY1tND8fDJkWhjrhDlRERERNSUiou18VDIR/j98SjdCljaqgyRH7O0A0pqMfg6NZkDeTbYnRUq1zQYoGuu7BXQ5kKtqKhhV1JRX97B6UKZXlCFCws/WIUbv8vCrjwnbO6JVp1O5GYXYM57K3Hdjx5jXZijcEqXQGhzQ3gwmo0IlbOktovBf27oi8u0rqvS0R9/w+fr8NCiQmTa1BtGPm56Dt56ORW75P3sTmTpazQOrQO52OYR0TsX3O855xETZRxrHxARERGRN+ze6lv8/njYM8SVarhY0L/TMzH5bQoIExenmWKZfN0b81ORktO0kQBDhaCWqRYGTnkZMe2HqhxV1W36YLwxOBC2jAw8/dYu/J3vjugFILZzG9x7cXv0E39zd/65GNf9qFZRrWTtXYE1s29VOSIiIqKm8/nnn6sl8hXTp09XS35oQQCQ+F+VIfJzqdcDY93Xw+SrXvgtBWO7RWJIhzBV0vjYgo4aREygfmrZ7A6YzR6nmdmEsPBARGgzTTiQn66VEhERERERERE1iagQE3KKj+hm16gYoKMG8c/yQmS5gPDENrhvxvBDY9DJsePevjge7a1AaepBvLFS3YGIiIiIiMjNc6B9JiZ/TuQXWkdYEOjZuKgJMEBHDWPjVlzzwX4sSbWhyD1unOR0oiivGEv+2IyLXtyLFFVMRERERER0mLyGYGJqDon8wRl9ojGmW6TKNQ2OQVdHHIOOmhrHoCMiIiJfwTHofI/fj0HX5nWVIfJzB27kGHRUI2xBR0RERERERD6maiskJiZ/TeQPyuwu7MwoVbmmwQBdHQUFWuB0Nu0AgtRyyXPParWoHBERERERERHVVWGZE2/M369yTYMBujrq3jEeTluxyhE1LnnudW4Xq3JERERERM1M1YH2mZj8NZFf0Gdxdahc02CAro7OHN0NFleWyhE1LqM9C6eP7KJyRERERERERFRXxgADrKYArSVdU2GAro6mnNYXPTtEoTBzhyohahz56dvQvV0ELj17oCohIiIiImpuZMujZppSl+Ck7jch8Mrl2ONtfb2kbHx46U0w9P0vPk31tr4pki8+p8ZI5C/6tw2FqwlbPTJAdxweuu4kJEVbYLGnqRKihmUoO4DEGCseu/lUVUJERERE1TOi3xkXYvr0aZg0OkmVUfNXgi3zfsO55z+I8O43w9D9dsSd+l9c/vEWJNtUlabkrEC5uLGVONBwbXVc0IZML7fBs0HQrq9fQ6DYJ+HP7cJxjajuKMSmeX/h8isfRVxfuY9lugtJZ/wXN3+1o5r97P05HVXWBlw0SGx70Mf4jh3YqIHdMD4REUEmlWt8DNAdh5jIEMx6/kJ0iDPDUZAsPmyadsYPar7kuVWWuwudEyyY/cI07dwjIiIiomMJhEld8bicMiRyHKJGYOK06Zg+aTRaqyJqQFXH8apxKsb8J59GrxvnYs76fBRqG3Mgc99WfPTEm7jku0wv92mCpPFSXp/JzaPMZtMjZ5GBxkrltUn2rK24e8LD6HPjN/jo7yxkHnpr2ZCavBWvPfAaOo38L17dVHzk/d2qlleX4IRDiyTK5SrrGiSl4MlxN8PQ9zss9Lq+DomohhigO05GYwDeeOAcXHhaN+SlbYKxPEOtIaofFaXp2rk19dTuePPBc7RzjoiIiIhqohirf/oCn38+E9//c5zf04MtMBnErcEAo15Cvmj9Qkz9KA+wdMVzsx5F6dZXULH1eeT8dBPevbgDQlW1lqrXtDtQJvbJvhvbw6zKasWxF09O+S+e2+eAtd1gvPLxfchZJ/exSOueQvKsS/CfXibx1tuKWy78BnPz1f3qKro/Zq0X2151Kc6JVmUNqhSZsoNcubMBWzeSr8ostGupqfBKv55ce/4wfP/65eieaEJx+gaUFaYDFS61lqiWxLlTVnAQRQc3oEeSWTu3bpw2XK0kIiIiImruZMuj2qdd27YiUyxh2mm4s384ArVyE1p16oyrHrgVv5wvozxH3q9xkydv6+srSd7K6552zZmDR2QAa9C5WP3DJbh5WBxaWdV6axA69B+MN7+8B28OEkXlK3D9FymH7qsnyTPvi0nyVl7XRP5izb5CLNqRp3KNjwG6epQUH4FX7p2I9/5vMkZ0D0R+2nqU5R9g11eqMa0rqzhn8g+sx7DuQXj/0cl4/b6J2rlFRERERLXXevQkbQy6c0Z5dkzthzNkd9UJAwBLGww+5WxMuVDkp0/HhRdMwumD4j1ayfXEqVPFujFJCJLZoCSMEfVk3elTTxVryZeEhqg2cskFSNWXvNr8yTMw9LgV/T45qEoqc6+f+luxXrDiewSK/G3LgLL9W3DflQ8jXOQN/R7AoBlLsTJbtrdyImPjKtx8yQNaXcPgh3H6i9uQ4tA34ZUtG7+8+BaSBov64j7hZ32AJ//J8z4+nKMIK3/4BqefprYv6499Eee+vR5batpSTb2O8BeTVcFh8nU9edPziOunbzvwhMdx+uOr1GuTDmDOB/J+obj/7lHoZdVLj2CKxZV3n4pYsZjy0UYs10ursCN50VycPvYe7bEMg58Wr8PbvtqFu+Xz6fc9FqqSQ9z7w72NHvcg6YLP8d7GIu/7T+7rtz/AoBPu1OuLY9flym/wmVa/ELNulNt4Ay9rlRfgJG2bMr2PWdlaITVzgeYAZBWxBV2z0qtzPJ6741+Y9fw0nDokFo78XXAV7oSjJBMVLjaUpcrkOVFWmAlnwQ7tXDl5cAxmvTANL9z5L+1cIiIiIqK6Mxq0fqkIMHp2TA2QPVUBU2uccfZYdI8LhUVdGQWYghHdYyxOGxCuF1DT8DaWVw1S/KCBmGQR9184E2P/bz2Sy7zX6zVyBPqKahu+2obNR6xPxU+fy2ZifXHuoGC9zOmEHL0t7Y/v0edfb+OpxWp8u/IirJnzBYb+ez7mfPUuukz5BK+tKNLqojgfv73zJka9tBMFVR9D2rMI55/+GCa8sxWpKg5YuHM97r/icZz+dZWx8uwZeO/KRzD0roX4bZ/avqyfvg9zXvoAvc6Zg/l5HvVlcvMsU6+jsMxRqTxn6Rx0O+Vt3D9v/6Ex5Ww5Wfjt008w9O3der39KfhJxucsw3Baf/GG8bh/1WTu3Rnny43k7MSm/R7rNJn47y1PoNPVv+O3dPVKig+K1/Emul65DLs8tiN7Ftnl85FdTj3LPfeHextyDLz1y3H1lMcwsepYg3k7cJvc1y+tx5ocFQUUx27X4oW4eMo8/K3V04u98txWbRP5jagQs3hvNF3MhgG6BtQxMQoP/WccFn50LR686kT0bWdE9r41sOfvRmlhBpwO9wcJtTTy2JcWpmsTP8hzon8HIx66erR2rjxy3Xjt3CEiIiKiBhbWClFmO/J2LcK3sz7H57P/wq58efFuQqsO/dVkEFswT65buB9av5jS/Vj4ucjLNGueWEs+JX4g3n/nJHS2OLBr5gfoNOwJTHx7AzYdagWmdO6Fm2U3zO3z8NV6veiQ9RvwbDJgPW8kJlQZ92zWx39if8IofPPL0yjf8jzSvzob42VAcPtcnPvgVuDEyViy4DlUbHkOu18bgbZiVcr7S7GwSLt7ZTmp2GwZhHe/eASlW15CxdpHsOSuLrDCgfn/9wd+PnQfJ9Z//CGuXibHfRuFz+ao+uIxcn68Fnf1NAEHF2DCc1tQoO5RK449ePH2BUgR5/34u27FvpXPi22/hNIFd+Gba9qjc7h8gUJ2LjbK2z6xSNQKjsIUjYFy/4rn7jwi3lGENbtMmP7YrUhdq7+O1C/0/Whb9hWeWlim6lVv80y5P8RhnHYJ1mr7W2xnw9PYp23Hhl8frLz/lvzvI7x8UBzT4WdjyXx57PT9vfa1UzCiXRBCEIapr8vncgNu1e4zFn9q+1imKzC1Uca/o6YWFmhEvPt8bwIM0DWSccM649UZE7Hk8+tx/5UjMKpnIMqzt8OWsw0leakoL8lHBcesa7bksZXHuDh3P8qyt8Em0sjuQXjo6pHaOSG7scpzhIiIiIgakwO5W37DT8tSUCKDCOUHsGxFKrTGTMGhYF+GpiRbHtUtRQ0/C1t+vQmvTE5AWHkW5r78AfqceD9GviS7ULrrRWPChbKDchHemJ8Mu8f9ly/6G5kw4eLTOiDco1yTMAY/f3keJre3wCwup+P6jMaDF5q0VdbhF2Dlm6MxIk621jSi4ykn4yEtSLUPW1M9t6O21fFMLPnxYlzlHivPGo4RV5yHZ7uJdeUrMX+rquvYjQ9fkS36OuL1d8/D9B6qvniMVp2649k3p2KCyNm+Xo2FReo+lbjLPNcdzttXrcHzOWJxzFR8ckU7tA2RYYIKBMa1xuTbbsHOG2SYUdQtLdHH9/O4b/XJU9WyODz1xT34bEo7tNHGrzOiTf9xeP1OGRJ34NPl+8Wt+z7u+3nm9+Krt8T+6Hg6vrpvIPpr+1uUmyxoK7bz1ox2Yv8txW+bVH2x/778QEbreuL9Z8ZhRII8dqJc7O/+p/wLS349DcMObVsmyTN/vIn8RfvoQFw8ouk++Rmga2SBVjNOHdkVz9w2AX9/+h+8dOdpOHdsIhJCC5GTshqOvB1wFB3QgjlOZ9P1fabjI4+dPIa2glTYxTHN2bcacSEFmDSmDV6+6zQs/vQ6PHfHBO1ckOcEERERETWFQqStrdLmKCNHD9aRXzMndMTNT96NjAV3aq3AwmDD0nfewqjndkLGoqTE8aNwibjN/HIzVrrHPnPswfefFwGWE3DRCYGq0MNpfTC+0vDQRrTrKgNYwJCzuqKbHqtTotG5j7zNQKq3cedbhSC8Un0pHuPOiRO3Dqzcp57pgSyskN08hw/HKe30okriu+Gyk+WCDARqJbWyLyVF6/Y6/vSOx24ZVy9CEBNy5FzIvYYNQXdxa9uYjT16kXepB7FA7prkHzGo7+0w9Kycuv/fPq3aihQ1cNyh/dcfo5og9pJtDMdXO+7BkrRPkF2mPzcibxiga2KDeyfhjktHYdZzU7Hii5vwzK0n49yxSWgbUYySzM0oTt8IW14ySvIPorysEBXOI0bNpCYmj4k8NvIYlebu1o6ZPHaJ4UWYMi4Jz4pjumLWTfjq+Qtx9+WjtWNORERERL6qEDY1Bhc1JW8tkWqf9FZgNyNj7nlaF8qUjz/Ga+vV+tCOmHaeCcj5C1+uktdZFbBv3Ix3coDYK/rjRJPnttw8y+q6zpNnuZ5CwkPELVDukj2sRFnaQSyWBd1boUOVunoKRZwWWZOBQM9yt6OX7duhTxjRP7HVoTKvqXUCRokl7MlHtrf1nsmRhTWrxSKikBDluc7Ns0yloCDEiCXYXXBWWuem8k4Xjv0WNYnrMdkQQtQ/5v6rmty8rat9auUsxKg2l8NgMGLOrgdxoJgd433ZzoxS2J3y2DU+Buh8iNEYgGF92+Km6SPx6dPnY+ln12Pmsxfg3suH4F/DohBnzUFRxiYUHdwAW+5OFOemoLQwE46yQrhcDNw1NLmP5b6W+7woZx/Kcndox0IeE3lsJgyNwn3/HqodM3nsPn/mAtx80QnaMZXHloiIiIiIaurIQMfxpMDOwzDjPLGIIszbnqXKrThlyjjEwoE3f9iOAnH7989/IROhuGF8e70bZKUkVS1zJ6m6cslbedUyPRUX6IOnxYaoAFN8LIbJgm052FOlrp4KkKG1nGuH7vGe5ZJn3nt5Yke9Wd66VNnizLNeldQuBifI4blyVmPhNi/rPVLBP2vwvljCoE7oGeq5TvLMe6TSEsgjg1YWcQQ810meeVU26Hzs3CLHy/OWnsas0+SMvqLuMfdf1SR5K69bChCpTUhPjEiYjn91uBdBxjBRTr7qw8VpOJDXNPMFMGrg49q3aYV/je6B+68Zj69enI6ln1+Pb165CE/eOBbXnNMVw7tZER6QiaL0jShIW6eNaWfL34vivFTYirNgLyuCS05Gwdljjk3sI7mv5D6T+07uw7K8Pdp4cXLfFh3ciDCxr4d1tYp93w1P3ThOOxbymMhj88C147VjJY8ZERERETUzzgrtchuGAF5ENYrKQY7jT+XiO764ETrFBIv/9XJznx64JkqO37YGC/OT8f0XDqDbyTi/X9X7e6puXdXyo60TcotRcGhMPJUcB/CbnIEUIRiQqAJMMRFa108sW4fF6VXqy5S+HR/9IRYt7dE9yXOdm7cySS9LSIjVcvP/TkVOpbpVUztMvkK27svEA08txfaqz92d8nfi4YeXwwYTJl3cHZ0rrZeKkVWst1g8nBxYv3gVtoml2J5RiK9U302VuQOFG3djS7673lHSof23FWuOWd8AszZHgBOO6l5frdNhMlDXKpA9qnyZnCiipLxpxjng3xY/1DomDCcO6oDLzxmMF+6cgO9euwTLPr8BP795OV67dwLuuWQgLjq1LYZ0tiDakg2H+IDM3rdab3knA3h5u1GSuw+l+WkoK8pCeWkeyssK4CgvgctRjgqtKXXzIF+LfE3ytcnXKF+rfM3ytRflpGj7Qu6TooPrtX0k95XcZ4M7mTHt5CTce+kgvDZjgrZvl828Ad+Lff3iXRPw70mDtWMgjwURERERtQBphdo4XQhshc4d5BW8BTHt2yBcllH9kw0Map1y8OHVj2Dc48vw164iFNr1cntRJv76ZDau/15s1zIM0wZbD9/H2A7T/5MgVqzC07fMw5vlQN8pXdDr0DbdSXtWQtVymdyrqpa7VwjeypJ/wsgL5mLO1nyUyfKybPzy0iw8sF2sSxiNiX1V/ZAOeldcbMWV183FL7tK9PoVdhzYuhrXX/IVfhZr+94yBCca1X08H6fSc1ZFHmXhg/vjSnlK//wZpnywFylFDq28LD9dPJ83kfTSLlU3ACMnn6lmW52NIRf/JJ577qH9jLISbF22CBed/56aMXUSnjlFvEPU42hJk4kZF76Gu+cdwIEyWW5H8qKfcbk2EUYkbh2X5OU+wqGydpj87xCgfBWm/Ntzf+jPedkPYr+OmouF7vqH9t86TLvlLyxNK4Ndlsvnu+gnjBv30+G6FeHopo0buA7fLikU9Rwo3JOJFPdrrEvywlXhxILUd2Fzqqgx+YyoEDPySpqmh6KhQlDL1Mxl5BQhPdudCrHnQD5yC0qRk1+KgqIyFJXYtFRaVg6D+GexWhAQYESA0aT1l7eLD2Q5CGpAgPhwEynAIPIiGQziRtxWyAV5T3Er8+5lWUG/FXVlqbqfpsIlPrNEOrSsf4jpp6W8VWViWZysKq/XdYkEl0Pv3is+4MwBoszlFKtEmdOJ8vJyuQUEBVoQGmxFSJAVEWGBaBUehKiIYHRoHY74mFDER4eJFIq4KPkLFRERERHV1ueff66WfE/SmMkYkxSE0v0LMWehnB1SGoAJ03uhFXKx+fOfsVaV6pIwZvIYJAVVXReHUeecgvb68GCKt/v7hunTp6slP7RAXCvEPaMytZGLD//9FK5YprJHiMStH96Kl4bLFnQedv2NfhO/xwYt0wOfzr8CF1WdTGDZDzD8exFw6bWouLezKtTtmv1fdHloD0Y9eg/+nhKtSnXzn74bJ30M8bjPisdVhSnLceLps5F19jC0+WU55h8xoJqX55m/C7dNflsLfHljHT4F698d5jFJRTbeu/gZXL26A9799Xpcpc9jUc3rcGL77PfQ76FdehC6qiqvOWftPJxy+TysOcpAcNaep2L+B6diZKUJNdRzyh2EK+PW4/1lRwZB2orHWiseK0rlxd7Fbb3E68Zo/Ll5IsarUrk/7r7gfTyXUk0gxTIWC9aeiTEqa9+zHKdPmu1lX0ue23ZiySuP44S3PQNnVfZhbWXcA4w9shGMDNAV2bNxZod7VQn5gh/WZWmzufZLavz4AAN05FVJWTkKimxa4C5fS2K5UF8+kFWkLReU2OFwyqa/TjlOp3ZrK3fA7nCJvCyrgFOut1fALm6dopIMqt0WuxCnRezAs2kn4veCbjAaDVqwT47TZjIaYTYbxLIRxgBxG2CEyRSAQItJ3MoyaLeyXniwGeFhgWgTE4qI0EBtWd7KFBYig3FWBAdq7ZOJiIiIqAH5coCu9ehJGN82CMV7/8J3i2ULHakfzpjWB1HIwcaZv2C9KtW1xuhJ49E26Mh1xvhBOGVkF7QKNiGgQnz3zduFRT+vRIZa70v8P0D3tMrUTtn+3fh09mK8Oy8FW5LzUSjKrFHRGDvmBNx2/QickXQoguUhH7NuehYX/uEARl+I/W8PPHI205U/IfDSBcAV/0HZnR1VoW7PnHfQ8f5dGP/EvfhzcuXhbhY+fz/GfmDEjM8exZMDVWHqSpx06leAqP/ryCw89+QPePr3dPFcrUgcNQTP3H4KLupZJYgo2XLwy0c/4uGZO7A8XYbSTIht2wkX3nQ6HjgjCXGVXpoMVj6NK9Z0wyc/XomL3S9IvQ7LNdej4Nb2qlByImX1Ujz0zAJ8vUHfb2HxbXHKOcNw+4WDcWJC5VlX7TnpmPvjArz16VYsSCnWA3uWEHQe2gM3XXYSrhgRg7AjdrV6Tjgfye92wY4PfsBt727EpmL5WN1w+R0T8MhZbTyCc5IM0L2Dl3Fi5QCd5N4fXydjnXoO+nMehbun98WIyjsE9oN78OZrc/HsbylIlfG3kAgMGzkIV18+ApcNioQc8U+TfwDvPfsV7vvxADLL5TGZgJ/eHIl+3k6dmsi412uAzukqx2fbb8VJSdcjKVRrtkctHAN01OiKv3kItrVzEXLuo7AOOEuVEhEREZG/8uUAXUvl/wG6p1SmMchWU0/ihLdtuPLtB/HeaKsqp6YnA3TvqgDdWZUDdP4iY4bXAJ20JedP5NhSMKr1ZaqEWjLVz5Co8chuqpLeDZaIiIiIiKgJFe3E+x8WA5aBOG8gg3O+w4nCjSmQ819gUDz0uWabl55RJzE452PkBBF7s8tUrnExQkKNzqDabFbIAemIiIiIiIiOIH/Ub5yU+tdivF8OxP57ME4J9V6HqXGT7DZs6HU/wi/4RRsbsO2Y1ujspZ5/JPInMjj36dJ0lWtcDNBRo2MLOiIiIiIi8g1Z+P7j7YAlEf93VrvD45BRkwqKCEOYXLCEYODkC/H7FW208uZqb8FqZJTsVDlqSmGBJuSXNs0sroyQUBNwD3vIJnREREREROSNvGZojBSN6758AhVrr8d1nb2tZ2qKFH/SBSjYLI/LfVj9RF90M3mv5x/p2LLL9mFN5ncqR03JagpAmb1pWj4yQEeNzuD+kGILOiIiIiIi8qpqkIOJyV/Tscmx6PYWrkGpo0CVUFOJDTMjPtyico2LERJqdBUu9SHFBnRERERERETUwgWZwtEpYrg2qys1vfvPbK+WGhcDdNQE3L8iMEJHREREREReVIhrBiam5pBqaFj8VHSJPEHlqCVigI4an5okgl1ciYiIiIjIOxnYYGJqDqlmwi1xWqKmtzOjtEkmimCEhBpfLX5FICIiIiKilqhqkIOJyV8T+Zu567Ow7WCJyjUeBuio0VWoAJ0hgKcfERERERERkSQnifhoy7VwVThVCTWFYIuxSWZyZYSEGp17FtcKjkFHRERE1CxYLE0z4x155/fHw2AUFwuye5lnKyQmJj9M8jyW53MNyckirMYQpBZtVCXUFKJCzMgqsqtc42GAjhpdhRqDzsAx6IiIiIiahZCQELVEvsDvj4cpVlw0FIoFLwEPJiZ/Sq4CcT7HiOWa6xIxCjvyF6scNYUO0YFoFxWoco2HERJqfPKzSt6wAR0RERFRs5CYmKiWyBf4/fEI7g7Y01SGyI85DgJB3VSmZnpEjUN26V6Vo6YwpEOYlhobA3TU+NiCjoiIiKhZ6dq1K7u5+gh5HOTx8GuxkwHnHrEgrxuYmPw4OXaL8/lcsVxzoeZonN/1GZWjloQREmoCqgkdx6AjIiIiahaCgoIwePBglaOmNGjQIO14+LX4S4Dy3YBdJCJ/Jc9f+x4g4VJVQP4iv9SB9fuLVK7xMEBHjc8lf00Q2IKOiIiIqNno2LEjhg4dqnLUFOT+79Spk8r5MVMroMtrQOkioKKCick/U8lCoPNL+vlcS3IW1wPFW1SOGlthmROzVmSoXONhhISaDhvQERERETUrsmvliBEj2N21kcn9PXLkSP/v2uopbirQ6iQg7wORqWBi8q+U+544f8cB8ReJfN3MTX4CNmexylFjCrYEoKTcqXKNhwE6agLyQ4tj0BERERE1R7IF15lnnok+ffqgVatWDNY1ELlf5f6V+1nub9mCsdnp9i7QagxQ8DG7ux5N2WqgfBfgzBUZ1VuJmoY8Tws+AqLGAt1lcLluAgxGJAR3Q0rhOlVCjSkqxIy8EofKNR5DhaCWiRpF4f+uFZ9bKxB2+dswd2I3CCIiIiLyE+UHxQV4lp7K9qjl9MP5rm8CwT1UZao3mV8CO24CTG0BcwfAmAAEhIqrWaOq0MIVzBTnZrLKCMZWKkWJ/RSpbiP0MoNJVaJ6UeEUqUifrVWON+fYJz4HXgdiL1AV6m5t5g/Is6ViXNJ/VAk1pncWHsA1Y9qoXONggI4aXeGH18KevAJh/34b5o4M0BERERGRDynZCmR8Btj2HxmQO5qgLsCwHSpD9c6RCxz8GMicDZSK/ezI1oMjpNTlsp5jDh03GSQ2RYv3f1cgdoo+IUQdxpzzJrdsP3bkL8aw+KmqhJo7Buio0RV8cDUce1Yh/Ip3YerA2b6IiIiIyIdU2IHd9wH7n1cFNdTxcaDd/SpD1IhKNgNrxwP2Wgxqn3AZ0P4RILCDKiCipsZBwKjRGdSvOxX8xYaIiIiIfI3BDLS/D2hTi25l5hgg6gyVIWpkwb2AyHEqUwPxl4pz/GEG54iOYv3+IuSXNu44dAzQUaOrcOkDlxoCePoRERERkQ+SXdTazgDiL1YFx9DqdCCUPUOoCbU6VS0cQ8SJQNc3gMBmOKlIMyS7ue7OX6Zy1Jh+2ZiD3ZmlKtc4GCEhIiIiIiKqKrCdPulD6ABVcBRxF6oFoiZQulOkbSpzFDI41/dnwBiqCsjX2ZzFWJ4+S+WoMUUGm1BY1rjjXDJAR42vQk39beDpR0REREQ+TAYyZEDjaDOzBgQC268Gdt+lTzBB1BhkUG7v48CqgcC68eIay6EH4KrD4Jxfig3qiDxbGuyuMlVCjcVsNKDMrmIXjYQREmoC7nlJOAYdEREREfk4SwLQe45+603SrcDAJeKrrQlYfyqwdjRw8H8AL6ipvsmZhfe/fDgoJ2ey7fIaMCIF6PwS0PpaVbEKBuf8ljHAgrjgLkgv2alKqLH0TQxFVIhZ5RoHZ3GlRpf/9qVwpm5E+LUfw5TYR5USEREREfmworV68M1ZpAqUYTuAoC76smzFlPMLcPB9IO8vvetrwpVA2BB9PVFtyaBc5mwg62u9hWbMJHFeXeR9Ugh5bv4TWzk4zOCc39tbsBoR1taIFImaN7ago0bnnsWVLeiIiIiIyG/IsehkoEO2lHOTQRJ3cE6S66LP0lvcDd0CWNsDWy8BVvYFUl8H7FmqItFRyPNEtpSTAWHZWq5kkz7r6sg0oNu71c/YKoNwnrMJMzjXLLQPH8TgXAvBAB01ugo1Bp2BY9ARERERkT+RAY+eMw8H6WTruOrILrHt7tUDdbIbYtEqYHlXYMs0IPd3VYlIkUG5tPf0btLyPKkalGt1SuXgcHViztNvGZwjOi45xXas31+lxXQDY4SEGp1B9aquYAs6IiIiIvI3sVP08b5MkfpyTcgWT90/BIYnAxFjgeQZwLKO+iD/sgsjtUxVg3L5C4A2N9Q+KOdJdoGV92NwrllZnPaRNlkENZ70gnL8sC5b5RoHA3TUZAwBDNARERERkR9KvBHoP19cTQWqghqSQb02/wEGrdC7wdrT9S6MGyfq44zJMeyoeZPjxKV/CmyafGRQrscneoCttueVJxmUY3Cu2Skoz8DBku0qR43BbAxAmYOzuFIz5+7iCragIyIiIiJ/JcekOx7y/u4ZOOWg/wfeAJa2BXbfpU8GQM2HZ1BOHmM54YPsilpfQbmqatvqjnxeTGAHZJbuUjlqDBFBJhSVNe6PJgzQUaNzTxLBLq5ERERE1OLJwIyc7VW2yBu4RA+uyC6PcoKAg/+rPCMn+Q953GSryKpBORmQla0n4y+u36AcNWsxQR2RXbZP5agxBJoDMKxjuMo1DkOFoJaJGkX+6+fDmbELETd+CWOcx6xXRERERESkd3XN+QU4+D6Q95cewJMTUoQNURXIJ8mgnDxuMhiXPVc/XvGX6S3k2OWUjoNdnFvpJTuRFNpHlVBzxAAdNbrDAbqvYIzrrEqJiIiIiOgI5Qf1lnQyWCdbXLW+Vg/YmWNUBWpS3oJysVP1oByPERHVAru4UuNzj0Fn4OlHRERERHRUlgSg3b3AsB36mHWFy/TJBbZMA3J/V5WoUckWjnLfb79a774qxw+Us/PKY9RvHtD6KgbniJqB5ckFKLM33kQRjJBQ4zvUaJNj0BERERER1VjkOH1SgeHJQPgoIHkGsKwjsPdxwLZfVaIG4RmUW9Ja7PP/A4J7A4PXMChHjWJT9jyszfxB5agxfLM6E1lFdpVreAzQUaNz96o2BDBAR0RERERUa6ZIIPFGYNAKoNdXgD0dWDUQ2DhRn5hABpOofuT/Dey86cig3IBFQNKtgDVJVSRqWOaAQKSXbFc5agxhgSYUNuJMrgzQUaPjLK5ERERERPVEjnkmu77K2UHl2Geyu6Xsdrn7LqBkq6pEtSKDcrtu0/ejDM5ZEhmUoybXKjAJubZUlaPGIGdyZRdXatYq1Bh0Bo5BR0RERERUP+QEEvEXA/3n64EkgwlYNx5YO1qfZEJOZkDVK1xZOShnitb3pQzMyTEAGZSjJhYd2A4F5RkqR41hUPtQBFuMKtfwOIsrNZjybYtQ8uMzKneYqyBd/OdEQHi8+CJR+WS3Dj0PQaP/rXJERERERFRnsqurnGE07W29VZic/TXhSr3VHQFFa/XZVzO+0AOacRfp+yioi6pA5Fuyy/ZpgTpqnhigo4bjciL/1XPhzElRBUdnMFkQcfuPCAiNViVERERERFQvyg/qLekOvq+3tmt9rR6MamkTG3gG5SS5D2LOA0IH6HkioibCAB01qLKlM1Hy03Mqd3SBJ1yM4DNuVzkiIiIiImoQeX/pgbrsuUDUGXqrulanqJXNUOlOPSCX8ZneqpBBOSKqgfSCcuSVONA9IViVNCwOAkYNytL7FJja9Ve56gVEtoalz2kqR0REREREDSZyHNDjE2B4MhA+CkieASzrCOx9HLDtV5X8nAzKydcjZ7eVY/E5soHuHwLDdgAdHmNwjvzSzrx/sCD1XZWjhrbtYAkWbM9TuYbHAB01qICwWFh6HfvXOGuf02BK6qNyRERERETU4EyRQOKNwKAVQK+vgPJUPaC1cSKQOVtvbeZPZHBx39OVg3LuGW47vwSEj1AVifxTuCUOacVbVI4aGmdxpWZHa0V3lOBbQKtEWPqcqnJERERERNTo5MQRXd/Ug1my++eBN/QZTXffBZRsVZV8kAzK7X9Zn61WBuZkkNEzKBdxoqpI5P8irK2RU9ZMWrn6gbBAIwrLnCrX8BigowYXEBGvBemqI4Nzxja9VI6IiIiIiJqMnEAi4XKg/3w9ydlNZWs0GQCTk0y4ylTFJlQ1KFeyCWj/MDAyTQ/OMShHzZTVGAKLMQhF9mxVQg0pIsiEfkkhKtfwOEkENQpX3gEUzbobjtTNqkRnjGqLkAuegalND1VCREREREQ+RXZ1lRNKyIkl8v/WJ1mQE0vIVneNxZ4FZH0LZM4CijcC0WcBsVP18fRkEJGohSix5yLY3ErlqDlhgI4aTdnf/0PJb6+qnC5ozJUIOuUGlSMiIiIiIp8mW6+lfwqkvQ0YQ4HW1+oBO3OMqlCPPINyhSv1oJzsfitnnpUt/YiImhEG6KjROLNTtFZ0zoPbtHxAdHuEXvA0TK27a3kiIiIiIvIjeX/pgbqcX/SgmWxV1+rYE8QdlbNID8qlf8SgHBE1uYXb8zCmW6TKNSyOQUeNxhjdttJYdNY+pzI4R0RERETkr2T30p4zgeHJQPgofUKJZR2BvY/rLe1qSgblZKu8TZP1iSmyvtZb5skx5Xp8AsRMYnCOSNmZ9w/m7XtZ5aihvbPwgFpqeAzQUaMKHH4BDIFhWgocdYkqJSIiIiIiv2WKBBJvBAavAXp9pc+kKidv2DgRyJytj2FXlZxsompQTraUk7Ov9p4DxE5hUI7ICzn+XJ4tTeWooQWaA1Bmd6lcw2KAjhqVFpgbOV1LcpmIiIiIiJoROXFE1zf1QJsMuB14Qw/AydZ1Rev07qtbLwGWtNbHlvMMysVfrI9rR0TVirQkIL/8oMpRQwsLNKKwzKlyDcvvx6BbsyMNizftw4qtqcgpLEFJmU2tIV8VYtCPUXGFVbsl3xYcaEVUWDCG9kjEqN7tMLCr+DJF1IAKS8sxb+UOLFi/FynpeSgsscFV0Ti/WhG1FAGGAISFWJEUG4lx/dvj1CFdERZkUWuJWhBHLpD+CZD5HVC6FbBnABWNcyHW8nhedhrULdUrgxEwxwFB3YHYSUD8JYCJs302R29tmIZ/93oPVmOIKqGGMnN5Os7qF6MF6hqa3wbo5AXca3OWYNXODBgCI1FhtMIaEoEAk1nVIKL64HLYUVaSL76w2oCyPAzuEoebzx3JCzlqEH+tTcbL3yyFOTgCFdYwmANDxee6BQYDv8gT1Sf59c/lKIe9rEh8thfCXpKH284biXEDOqoaRC1A5pfAzluAwF6ApYdI7YCACHGFZFIViPyM7ErslN/b9wG2LSJtBrq8CsReoCoQkS/zywDdX2t34+WvlyA8Og6u0ERVSkSNoaIgFUW5Gbj13BMwfiAv5Kh+OF0uPPH5IqzdmQ5zVFstQEdEjcdWlA9HXgr6dYrHQxePhjGAo6BQMyaDGNuuBPIXAeGTAWtPtYKomSnbBBR8B0SeCHT/gMFnIh/ndwE62bri8U//QqukHrCG8gKOqCnIC7nc/VvxwMVjMW5AJ1VKVHfPfLEIizYdQGT7vqqEiJpCzp71GNWrDe6fPkaVEDVDMjiX8ycQN0Nk2EKbmjtxuZ/xFBA1Xg/SEVGtbDtYgshgE+LDG74HmV/9PCq7tb789T+Ibc/gHFFTku8/GSR/cfYS7X1JdDzkDy/LtqYxOEfkA6I69MPK7Qfxx+rdqoSomZHdWvPmMzhHLYg4z+X5nvMXkDFLlZG/W53xLRanfaRy1JAWbM/D5rRilWtYfhWge/7LxVq3VmMQg3NETU0G6YIjYvHUF3+rEqLakwHel75eonVrJSLfYIpsi1e+WcofYKj5kRNC7LwZCJskMgzOUUsizvfwc/TzX74PyO+FmqNR6ihQOWpIMaFm5BY7VK5h+U2ATs7WunFvFsecI/IhplZJ2LwnS3t/EtWFnK3VEhLJMeeIfIj8AUb+GPrriu2qhKiZkLO1WnuJ1ENk5Cg/TEwtKAX21JN8H5DfC7XEoKA8Q+WoufCbAN389XsQGBqlckTkK4whrfDrKnaForpZsH6vNlsrEfkWY3A4/ly7V+WImonM7wBzd0AOwc3E1BKTuad4H8xRbwjyZ7IFXYmdrSEbQ7uoQC01Br8J0K3bkYZSmFWOiHyG0YoNuw+qDFHtpGTkwRwYonJE5CvMgaFIzcxXOaJmonQrYOGQCtSCWdoBJdtUhvxZuCUOF/d4XeWoIQ3pEKalxuA3AbqcwhIEsgsUkc+xhkQgr6hE5Yhqp7DYhgCTVeWIyFcEmCwoLrWpHFEzYc8QJ3e4WKhgYmqZKSAMcGSKZSLyRX4ToCsRXxIDTGxBR+Rr5PuyzMaBxKluXC4XDAYO1E3ka+T7sqLCpXJEzUSFU5zcJpUhaoHk+S/fB0RUY/mlDqzfX6RyDctvAnRERERERERERAR8s+tB7C/aqHLUUArLnPhhXbbKNSwG6IiIiIiIqGXwNnA+E1NLStRsyHHoCjmTa4OzmgJQUt44LU8ZoCMiIiIiohZCBiiYmFpyIqLaYoCOiIiIiIiIiIiOoLWgs3PSj4YWYg3A6b2jVK5hMUBHREREREQthLcWRUxMLSlRczEsfqqWqGEFW4w4o0+0yjUsBuiIiIiIiIiIiIiaEAN0RERERETUMngbNJ+JqSUlIqq1H9dnoczuUrmGwwAdEREREREREZEfOVi8DV/tuEflqCH9viUXhWUNP1EEA3RERERERNRCyBZELSXtxN19b4Jh0Pf4x+v6+kkLn7sNhu534r413tcz+Vqi5iLY3AoljjyVo+aAAToiIqoXe7PL1JIPiWmDF67ohU+vqiZNS0JfVdWvmGLxmHxdV3TDLe1VWaMJxS3T5P4Tj52oikhjGdwR/xPn1UfivBqsyoio6cjuSBtTi7WuSR8uTsNvedOxuzBMra0PTqSsWoKbr3wUcX1vhqH7zQgf8wLOfXElVmY3fEuLY3PBXi5uiu2w6QUNwml3iP9tKJWPpdhXfIdwsT8CL12KXaqsVsT9A+X9n6vTvYlahCBTuHh756ocNaSIIJNaalgM0JHP6ntKN+0C+rVTQlUJEfmy++fsxsu/p/hWoC7ECKuf/qXrOKYLPqruMzAwAPrXBBfKG/KqyysDjAZ9ydg431V8SBCuuaBntcHJMJM62VwVKNKXiKiJ/L0jH8/8shdP/7wXM5dn4I8tufg48z48tGYY/rulN7bmRsDr+Fw1Tg5s//K/6Dp9Jl77OwuZKjhVmL4Xc97+GEPf3uXlPk2Q3Lytq6/k5lFWalN/nMIsCPQor3FyOrWgos3u9L6+Fmn1Ww/B0P123L3c+/oWl6jZMAcEwhRgUTlqSCf1aIWQRrioYICuhZoySV5g9MRjPvwTv0VdABoMaoGIfFa5Q//Ct3JPIR76LhlvzE/Fst0FvvM9sKQQL723GRdXTTP3Y4Oq4muixJcAo7j1+hlYlI4ZH4jn/8FOvHlQlVEjMCHUpB8Pb8HJ7GW7cLk4ry6blYptqoyIGt8P67Lw1oJU7EgvVSWV/ZOZgOc3Dzy+1nTZ63HPgztgQySufO0BFGx8BRVbX0TB/LvxzW290bnF/YBRWfio81Gw9RWUvT4QTd3YOj9HdgF0oBHGdydqdNf0+VQtUUMa0y0SwRb5zbxhMUDXQhm1Cz4DDDwDiKgeeMaQnK4KLNmVj9f+3K+1qFu8Mx/lTv5iS0REDW/V3kL8sjFH5apX5jRi9t4uyLJZRU7+japl2pmMb8USBp2BGafGIMwkywMQ1roNJl97NXbe1eVw3SZNkrfy+kxu3tYdT5K8ldc2uXlb1xITEfkqQ4Wgln3aybe/j9a9RqocHa+pk3thYjSwZ91mPLBCFfqYwad2w23tTcjbm4Ib5xWqUvJFaVuW4I8XrlQ5aolc4i/Jpe9vVrkj9U8KxdCO4RgmUrDl8C8DDf7Z3r4tXj81DJGyBd3nKVilir3pOK4LHutiQe6efbjp9yodFBOT8NqEcIRnZeKybzNVod4aeVKMDT+8txfbRrbFpV2CEGc1iB3iQnZWLt7+KR2b5dA8lRjQoU8iru4bisQQvauqw+5ATnYBPp53EGu7d8AHw4LhrcNCeXo6rvghWyzJceDaYWiQHUt/3YHXU/X1OiMGyOfSKRBRQfr2nQ4X8vKLsWDpfnyTVvnPfu1fQxhun94Wg4IdWD1vO17cq4ohx8WLRcfcLFz8UwkuOTUBJ8ZZIF6ieH127N16AE8sK4bWCywoAc9cFIVElw3zvtyFj6r2Bw0V6y8Q650l+OSjPfhVKzy831qL16WdRuI55heXYc3KA3hvl8fgR27WUO15nBBjFhfP8jVVoKTUhnUbDuDdjWX6czEFYszIBExqF4hIq75dfX8VYe6f+zEvX9sSzpzYE9PiPSLRh1Rg+/IteHS9WHSfJ0UFeP6LKq0z1XMZEW1GhFlupwLl5Q6kpeXhs/mZVfZxLfZlA+JnO/mjR75Pxs4M7y3nvJnaYQcmtt2jcrWw/hfEXfALMqNOxT8Lz8TIalrMlSz8AiHXLIV1yrXIeLwnwlW5W4FYHyfWx912J/ZdmwSkLsNJJ89E+WMPYP5Jpfjo+Vm478f9yCy3InHUaLz3f6fjjCQzyvZvwYvPfIenxd+NQksoBp55Ft6/dwQGRqgNa3bgth5v4GWMxZ8bT0XYnO9xzUursSbHAWtUF1wzYxIemZiEKFX7MDuSF/2FO177G7+vz4f8Fm6NisHYf52CB68cihNbV25FMv+pW3HSR8CtH72Ml4arQvU6/jnxYmx9bwg6qGLJnp2CL9/8EffM2YrUYlEQEoFhJ5yI/7tnnPbaNMvmwHDZAuCyG1Axo6teJuz55g10vM+Bd3+7EWcXrMXjz8zBOyuKYPOyD9J/eh8Jt3tvJz/pxccw51/uFpROZGwU23rpe/xvsf56w+Lb4bwbz8czk9siruqxzd+Pz16be/j5VxF74+3IuLGdytVi257H/sR03Hn1x3h1pw1hXSbjr7ljMUhVO24HbwPGsjlhc1Fiz4XVGAIju7o2KNlLKDbMjPbRgaqkYRy+SiIiIqqjAAPEFwNvwQvduv1FeG/RAa1FnZymPK/kiKhVk4sy638SvXYpNRkgS/XWx4fp+QD0ndQFt/UO1gNbUkAAouOicfvEOLTWSxQDhp/aFf83IhztVXBOMplNiEuIwlVjatrdSo0DJ/a5pdKFgwVTJ3fFnfK5qOCcZDSJ5xMdhnMndMXtHY/3NVRHtco2heKxqW1xeoIeUJJMZjM6922Lh4aqL4+l2dgqexyJL5O9+qmLMQ8dh4QiUdy3PKfwUHDOc78divGK5xgRFoxx4zvhcfe23SLi8PiF7bTnoQXnJLG/gkMCMXJEG0zWCsy4bFJHXNNd31/u7er7KxyXnd0e46temB2N+zyRx0Uv0Xk8Fz04J4k6FvFFr30s7jm/LYZXepxa7EsiOkT+bUnLq13oOrkoHEeM0VWT1LMnbkgQG8iZh9P/swArs8TfNS/1ggf2w5Xi7Wr7fh0WF1ZdX4qFc5fChlBcOSJRL3O4tOC7ffM/mHjaC7h6jgzOyWdqQ+ri3zHhX7Pw8bzv0edfb+N+GZyTq8qLsGbOFxh58zLsqrR9uVLajjvOfwRDH1yuBeckW85OvHbX8xjw3E4UVLpPMeY/+QQ6Xf0j5qjgnF4/C799+gVGn/4m3kuu+lpVJc8y9TpsJXY4PcrtyUtw+vgXcPGnHsGt4nwsn/cjJty90uP5q3Xy1uP+Tqd8/k6smfUuukz5BK/J4Jysd2gfLMF2u6p/VO5tOrD9qzfRTm5LBdCkwvR9+N+DL6DLf1ZU3qeFO3H3Oc9Xfv5HqOO2Dx37RTj99He14JxWf2cO8j3rHW+iZuX3lNewr0j+SkgNafW+wkYZZ5st6FqoWrWgq9Wv/kBo2zhcMyQC3cNNCFH1y0rt2LMzDc96+cXfEh2Nq8dEYWArMwIDxLbLyrFxbSoWt26Hm6ppQVf5PqJAtqIoKMbc+fvxc7bnKa1amRgK8dKXOeg3MQljo40wuZzYsGwbntmkqtFxYSuL41dY5tRmm6tOWKARgSqA5GnbwRKkF1R9Vx3WPSEY8eFHXsjLX4H25Rz+I1Nkq/z4Y7tFavetSo7rs36/92+kW9Kq/aZ6BPkL1Om9o/D8h98joaf75/YG4G5Bp7JVebaWO2qrXfd2srNw8ZwMVXj4s1R+zpXk5OPdX9OwojgAA0Z3wI3drQiEAyt+3o5X3C3cEpLwylnhiIYLqdvS8NLyfBy0GRDVIRZXD22FuMx9uOMvveXH0VsRe2/F1npUZzzd0wqjy46t69Px37UFyHGI7beOxuWjYzAoXJxDtiK89ck+/K3fpfavodoWdHF4/KoYvZWE+IxN2ZGG55aIxzeG4irx2TsuUjx2cQGeUeP+RZ/QGS/2soor6hzcPvsgZLtAXRCum9oRo8LE5/QC8Tm9Q3zm92iPV08MQajcbnIGPvgnFzvEdUtoRAQmj0/AKTFG8Zo9W+MZcPbZPXBBnAHO4mLM/usAfk2zo9wajJOGxeO8jhX46eM9+BFm/HtKFwxxFmGB2F8/7SpHkbhvVOt43H5aFDqYPVrHaap77YrXFpsW8RidcXKkAY6iEvy0NBXf7hHPxWRGz94JuGpAGOLN4j2Ymor//Kya69VyXzYVOZGTN3J8x6Ph/bzj/byr6/1qKspqw6tDF6hc7dj3LMfEKTPxq/bnz4oRF0/CU5cNwbgkz4i7E/OfuhcnfezApBcfxZwJHj/EZK/B5BM/xrfdJmPTd2OgvdJ9S3Hi6bOwWC6H9MAr71+Ia/pHAPs34MZLPsD7atxRa7tRmPnORJwl/k7kblyICy/6HvPL4/DctzNwZ3e9DrATt/WULeiEkPaY8dJFmDEyVnyS2bDjr29x8k1LkYLWeGXu3bi5s3YH5Pz1GdpctxI28dhP/vdc3DhI1Dc5UXhwP2Y9+z9c/XMe4Pl8hflP3SZeH3Dr/1463ILO/ToGTcXOz0ZA33w+Prv2EVy8EGh73hX47e6e6CGuF+zFmVj8zS+4ak0fLH5xIOJl1WXfwnC5OC6XyhZ0sruwbtfsV9HlwWRtOezEyfjtiRMwQnzWZxzaBybc9clzeHaIVkXj9fm57VqIfmfNwXaxPz945VSc2yNC/N3TX+/b976Ou5YBV779GN4bo7eacT9+7MnT8Mczg9E3RHyH27sZt10ujk1OX3zx2xWYqr0AWbl226507BNG4JtPzsPkJPFdJbUYFYkRXlo61lH67WxB14zIAF1iSG/0jDpJlVBD+HjJQSSIa6rTxPVLQzryao/IU21/9e/aDs+fLi4Co80qOCcZEBhkQY++7fD4qCNbODx0VjxGivpaoE1uO9CKQSM64soqzefdLB3b4oVzPO8jyFYUkWG46JwuuLG9KtOoViYGMyaf3w4ny+CcLA4wIuzI2AM1AhmIyiy0H0q7M0u1wI475ZdWifgqMhC1cHtetam6IJUMRH2zOvNQkh+u7yw8cCjJ7XojA1FP/Li32rR+v/c5GuU25UVDdUk+V29mLk/HbbN2VJuWJxeompUtENvzfD1VU3WvT/4K5LlfftuUU6P9mZZfXul4eabaOFow0h+VZWfj4W8OYEWx/IHAibWL0rBGO0VMiG0jb3WD+wZDxsLKM7Lw4CIZnJOlFcjZk4Fnvtp2KDhXN2GY1t4Ko9jeng178PhKGZyT5WL7aVl48Zss7JR5axBG95DlldX0NRybSzx+MmYsUo9vK8J7fxfpAbgQy6ELuuzlhUgRp4ExMgRne05UmxCNHvL61VaKxTtkgQGTewZDVslLOYAZ8/XgnFSUn49Pvk3Bcvk8A6zo3V+1xjPFYliM/PC3Y/n8vfhBBudkua0Efy5Kxg1acE6y48PZW3DDnBR8qQXnJLm/DmLOAfnk5d8v99+yOmofj8GRYhuOMvw8dw++lME5We6wY8u6FMxYV6rlQ2MjMV6WV1KzfUlEdWd3yfe4/NyrfTJ3GIpf/rgH31zTGbEWG5Z+OgvjT52BLnctwZp8d70AnDhhHGLF0rffbkOqx/3Tl6/RxrHrO6WbeD8fLtdYuuDd2Vfi5v7hCBRlgUl9MOOGjvq6hDH4+cvzMLm9BWax/bg+o/HghfIbbgbWp8m/I1W2hQH45o9b8ORoNVaeyYKup5yNt8+T90nDt+vkp4qsm4Vv3l2ptei79Y1LMWOYx9h6Ce1w1bOX4n55bbp9MX7a5t6+TG6eZe5yj/y+zXhzoViMOgWzHumDHuHyu77YjyExGHfJxdj54gDEe9bXeObdZeJP2fALsPLN0RgRJ7eh74MnrpB/KRz4Z0+WuD3yPpXL9LT8l3nYgDg88vIkTO+h72v3673zkUkYJrb3/uKUQ/X37ZDBwXZ49M6h6Ks1bRZ12/fB3de2E3/cN+DHLYf3f223rSchahR++/YCTE6Sr82IVonhiKpU53gTNSdBpnAU23NVjhpKqNWoNWhoaGxB10LVrAVdHX7179Eebw2zYH9yFr5enYct8kLPasEp4zrgkrYmGAvz8eCsVOi/e3m0cCgrwY/zxAVSuhOh8TG4Zkw0+kcYtRkMK7ceicA9lySir7lyKwpLSAhOH5uIKW3EF41KrTHcrR3ksmyxsh+PLRKXYBGhaC0uxXa4GytQvbtmTBtttpuqZNCouiCV1FLvJwN01QXhpGnD4rXx26qav028B6qZpU6qriVc1RZ08o+OZwu96lreHcizVRtElYHLY5GzH53RJ0pLctmXxqA7nhZ03j5L3WOWea7T61cgec0WPHi0JyPUvgWdanXlKsW3HyRjtlavMvdzOrBlB+5ebNfKavsaqm9F5m71VYYf3tuNWapUF42HLo9HN5PnusN/AzJ2JuN2FZzsPr4rHuxsRvauPbhlvgwwH368yi35DnOPH1hyIA3X/CS+pLqPV41amelj2/27dzBaBxkR7O4Oq1Te/3VoQTe0Ez7tHwhnlfELD3PvGxv++GIXPtSihLXdlw2DraPJ3+QU23HP7F0orcWPQEOiM3BrzzUqV3d6K7BfcdXzqyGHxJQBpPXvjRDvVbn2AJ7/1/O4K7knPv3ralyktbCSrcn+Dxcv7Ih3f70JV7mHLNNaUX2JxYMu8Gh5pmityhYCl15fqVWZtGv2a1rLrlGP3Y+/p2jNogXZgu6/eBlj8OeWSUf8CFDw1+eIuG4lrFfegLI75SOp+pbxWLBuorjXkZa/8RCGv16ES958Eh+P01t+zX/qdtVC7cUqLeiqvA71/A8/3lFU81q9v05d+s8famPOVV3n9flpcvDh5Y/jimUqWx2P16Bvqx3e/PlW/MdjYL3tX7yM7v+3z2O/1H7bRz329Sn9Draga0bWZv6g3Q6InajdUsNwN0bo2TpEu20obEFH1avLr/5b9+I/H+/A44ty9eCcZCvH77/mQf4+BJNRXHa4xWCo1sLBgXWLxPbT9Yh0UXoWXvxqOz5N8xKh7tcK3a1ASXomHvZoRVFeXIwffjqIDeL6zhgZjFP0Yg8V2LdhN+5ZVKS1kCjKZ3CuqciumrJ7ozt1jA3SPujcKTJY+yZ7hK7xQVpgq7rkLZgkDWoXhnMHxR5Kl45M0IJk7uQteCWd1S8a95/ZvtrUv61nk5/D5DZld5zqknyu3sgA3EtTu1abvAXnpPHdW1V6PVVTda9vSIfK+0U2167J/mwTaa10vDzT0aYeNxsNmDQwFi9f2EV7vMaYprypHSyr+hkWhsQgeetErvxxv761t+pdecsc6keQI7mfU3BwzQa4PfI11FU5irQ/IJ4q8P0e/e9IXEI09B5Z4vNb/vIDO7Zvcbf+DEKUdho7cNBLcE5KLtYvNIKtqgVdnFnti/JjBufcY9t1DjMdEZyrD4Mj9c+0wuLqxi1x7xsjWlW+1qyGt31JRFJUiBkJ4u9UbXQIkT+quVsW1T3prcAuwpY/r8WtCeLr77Ivcc88+cObXN8a/5omR/PcgjcXqdZd6TvxmWxNNuYETGjnuS1PnuWe66qWH22dW9XyCoQH6d8RbFpAU5Tty4L2W0yfWCRWqetO0fGyLSCwO0t+o3aXu3nW9aSX7UrRrgbEdxA5i4NnXW/JrablFYiPaiVuparr3KqWu+DUf6s6Kqv4Dhqq7hOfJI/jPjz53nrsKJY/WDpQuHc9nn17n1hujSFt3bMC137blbnLGiJRcyIDcwzONTz39U5DY4COqqcucJx5hZil9/uppHxtAfbIv0sWEzp4xirkmHUTOuOVS3rgf4cCE2osnSBRV6sktA9EK3kGlpZh8RENbyqQU37kH5C+cRZt4O3g1gn4wCPooackDNAufk1IrNTNVXIi6yCvaBqKbGVR+VjUPBD12DkdKwW++iV5D3z5UiBKpghxLlNlRi9/UaLFxdK/+kbjwbM6YMpg3w7M5agWFwFHmezi+BQhXYvRGNEqRiuoX6nl0NpgBpqgOkEdISFQ3/8FBV4+1JvC+lxskz+0hAbhFDnYevto9JQfAYUl+EmNswSUIU9rXGdCQqJWcISOagaFghIVBMtyqH1hQV+toBoxbTC1vQlGlxPJm1Jx38wth7qjv7TXe0vR2tpQoG8nLKS6oKgFodrHkAPp1QQgiajm5A9sslV4TfSKyMbw2DSxVDWAUfdkju6K667Vm8N9u1Z+kOnlvU4bjwliafEnm7FZ5HctWoyfRX7SpC5egmFS1TJ3kryVyyTVpExPBaV6i5DYcPnjhihrE4n+smBjRqWuuJ4pO11vCdy/jWeQza1yXd3hfLs2+pRDK/fUNCgq1aZcJslbmVS13L2uA9799XlUbPGeyl7se6jrba9Tx+I0sZTy9f/QbcjdMPS8G+Fn/E8bG7Dtpefg4s513/bh+3jmGyIRka9igI6qVadf/d1j1iVaEW09PIPgUVVUiMuSmrHU5LrZ5UJR7YbDIqJ64DmLqwxgykkgbjwpEdOHx6NTrBY992nuVljhYSHaOHGeWkebKs/KWScVOKC1SDMgPiHqmNtz/0ZR44ChoxyF8jM5IBB9Bni5jykGQ6NluQNZB33lC3o+FmfJfWJGt57BGNwtCJFiP6WmZHi0AixFttZa2oRO3bwF4oPxrwS5NyuQk6O6omba9fHkQgIxXF5DVqe9RT/WeXl4bEk+9rlbfgsmr9+QKuA8dFz022Mpz3dCtgU0RobibC9/FC0DwtFBlpfYsbV+YoJELdrwjuE4pdexB/E2Bzgxud0OtA6SXxrlG7v+UlmJ6rIfLz+zVHl8J1wk+4xq47dlYf6cPeIDYBiuGS1/lah8f13VMne5W3XrvJUVIO/QmHjuVIyFP68Tt8CoTvJHVVFmCkVH+QtP+Qr8tlZ+IFW5j2MPvv9cfrp2wMAk+SHoXufmUfdQ+eG8OTpKay1t+3MP1jg863lLnryVe5YdfZ3RrH/4lmszwHqui0K3gXLdfizcXZPzoABfPzsbv1k64z/X9MHAKH27YfHdcNOzt2DlXZ09xoqr7bbdSfJWXp+JmhOnq1x8hchVOWoocgZXOURQQ2OAjqpVl1/9zxwTjQ5moKygELN+3Yn/HBocPwvia4h3BkPNAnke5JhA7lYOR6QPduKdhug+RkRHJbuxyiCdbJn40MQOuGRkArpqFyd+IsMObfTAyAjcLS6Y5CWTJSQcF0zogscGBaE+Xsn8HaVa4Ci4dRweGx2BBK0nlpw1NAa3T+mOl0453IJ0Q77+GRweHYlRsp41GCPbHi2sl4tFmXoAsEv/zri9fwj0awc5S2wcHpgSiy4iL1tFzzz2cIGN5u/NJdp+j27dGhckiCcovmhuXu/ZL8iO7w/YIF9ZdMe2eGyke78BofGtcMO5bTFM7jZbCf5Yoy48irKwKU8uWzD6X+0xsbVZD4haLRg5siNeu6wjpsj8Qbve0k4c85u763Xcx/zqtt7+MhXhoPablQkdukdo50hofAQGHC0IuDUPu2SA0RSEs8VzPfRcTGYMHdIBz4lzyyIumA7sTT/qGIlEVHPnDYrBv0e1RocY799hh0QfxG09VqNneDbkD8V1SQufewR9bvoDc7bmILdMlZflY928ubj8FdnKLAHXj0nwuE84Jl40DFZk4tmnvsKrq8VH0sQ+GBXiXq+SJ89yLalyuVDduqrlmnU4d9KneHVZJgrtosxeiJVffYPrvxd/Zyz9cfFQ8Wmm1U/Av6bJ5szFeOK2mXhvba5ev8KBwj078dR17+KJHPG8zx6Pc9uq7R96DMGd9yyT3GXduuP6biKf/BPOeWQDtuaLz3pRbi/KxdKvZqHP9Suwx1330Cbc+Srllcrcyfu6xPZJWvFXv+8Qf+rl42ViR5p47WLdyJPHIlZcy3xyyzu4e1G6x7EswdZ1q3HfhY/g7hXubeVi4zJxv8TOuOzqi7D67ydRsflZFMy/Cq+elYg4o7uenmq3bZE8ucsaIlGzklayHb/se1HlqKHsz7VhxZ7qxwuvLwzQUbVq/6t/KLqE6q0ztq5IwQ8p7hnxBJPhyJPN3R0ryIoh8rtAJUbEWY9sAbIqx65dpIVpkzwQkS8Z2C4Mj57TUetyXF3XYZ8mAyRaUCcAid3b4a2reuGDaUk4O9EMV44N9RL333EQ87NlSz35GIl4/hLZJbwnXj0zDoMijTAbPD73xGeoNtlNcCiuk/Uu6YAbhnjvOu7297w0rJatwMwWDBraHq9errZ/Sgx6yM9nexl+EnVkhy6fsTcbW7SopRWJVvG3JysfMw/98dBl/5OCn+R+CzCiY2/3fuuFtya2xsgoI4wuh7hQ2of5ekxTsGPmqiLkirsYQ0Iw9cyu+rAIl3TBDb2D0MpsEH9lhNQcbC4U+yvAhAGj9Tr6MbfA7PJ+EbM2Tw8eRiYlaufIWxMTMUVecFYrHy/9Xag9l8DwsMPP5fKuuGVAMKLFH0c5g+5LizkMA1F9MYjP0pN7tsI9Z7THzScnYWL/GO3Ho2kxz+Pe3stwU/fV6Nfq8IQ/dWPDpt9/wbmTn0LUwLth6CXSwMcx4OYFWFNuwvhHL8F1VUb5Dx/YBxeLP4+Zy3ZhA0Jw53ld4X2E2Xo2dhiuxDrccvmzCO8nnme/RzH0oXVIgXieD5yGsz2ajfe68BK8O1x8wT+4DldPe1Kv32sGwie8jfv+tgEJo/HzjJ44dhtFb+Jx8YzRaCuWUr7+GD1H3KftN8vQJzHyoZXYlO/SvufXt3ZdOmuz6GbOfB/x4vVYhj6Lf/+t/SQH84DRmHVFNKzlqXjumuc9juXD6HnhTDy1Tg14rWmLm145DUOyfsPIoTP0ejINfQI9znwOp9/3N37Zf+gPUS23TVR3FRUN8c4hT1EhJuRo4042LAboqHq1/tW/CKml8oLGhB4DEtBVa+FgRNcebfDYhVFwT051iCMH27SLYTOGjW+PifHyckm1JDm/Cy5M8DJ+yLpCJIv3hTEyEg9OSsDICHcdIxI6x+CGs7vhg0n64LVE1LjkBBzto2s2+UCjcVToP6hXVGiTERxdOT78IQW/ZthRpvV2FfcpK8fWTSm4/ZsCFIoyZ5VfnvW8eAytfmV6F9Wq68oxa85u/HdbKbJFBf3rlHiccjsOpObh8+UeTecPpuLtDaKebL0gOB1O7E13R65UV0uXuK/ndwVHAV78Khmf7Srz2L4otjuQcTAHz3+xG7OqTJBT+9dwuJun1lvoEFVPPKcjvyYefr5HrivBT/vLoW/KhT17sr0cK7nfduD5TSXIKHWpuvLxXcjOLsBn3+3Ai8nqSSnlySm44+dMbMhzqOMpuFzILyzF6tXpmKMVlODNbz2Pub6v5N+1hzeUac+1XOQ9bVt0AD9XOkfKsEMf9/zQ+eaUx0Uv0WjP5bt0LMm2o0Tr1iVVoKxUnl/7cOucjCpB07ruSyLyJCemkpMsTR0ap/14dGar/6FPZCaMBvkGk2+kuqeRV9yMb2YMxmkdoxHr/k0qJALDThmPT7+cgV+nxIhvuFXuF9oF11ytfmiJGo4z+8hLsSp1Agz6923th4Qq64wB0BpUaxPaVF5nNMrvxCaEaj9wu8sN8vcaWDsPwntzbsGnF3VSz9WE2J598MR7dx35PE0xuOrdGVjx7Cic1jZEezwpLL4tJt96BXb/fBbGR3jUF8lokr/YWxFk8ShXr8MabKr0OqKGn4W1cy/BjFGH95s1KhqnTZqIbx7tjc7uutW8Vv11AhbjkfvAfZ+q68wDTsSvjw6p1CV1Wl/3GHpBGH/n7djyzumY3NfLsZx5Dx4d4t5WMdbNW46VVXu5FedjW3Imfvv2e0w46318mOKuX5tti1TNPqv/RM1JuCUORXbtJ11qBgwVglr2aSff/j5a9xqpcnS8pk7uhYnVzhbnwIqft+OVVPEHrmNbvDA+TJ/MwYuy7Cw86HFhYenXAf8dFowjL9HFhYRLdn8rww/viQtEVVr99l1IL3AhPtykdWe9cd7hv4Sth3bE//UNQnA1z8mZlYnLvtUHsBV/gnH79LYYFOzA6nnb8aIPdetqTuQkEX+8cKXKEdUcP9uJfBc/26nZWSC+PMY9pTJNI3Xuh0i6exv63nc71l8cp0rJL2z4HXFTf0fmoDOw5MUTMSLucBejsoJM/PDkW7jg+2KMevQu/D2l2gutppcxAxjr/uWK/J0Mzv269wWc1+VJVUINIbPQji1pxVpr7IZUTYiDmrs8NVvhsdT2V//y9Xvx+NJCHChTv+y7KlBSXIpff03FajlersN1uNurILc/Y14OdhW7W0SIbWv1d+COTeWQQ/1UjSGnrUjG7eI+WwsdRzynXbsy8PjP7uCcdLilQaVWJkREREREjSoDX7+3Tdwm4KqRDM75nZIyyKsMa1QQglxOHB4t1YHSwlLsTde6HqFH/OHxZIkaWqg5msG5RhAbZm7w4JzEFnREdNzYyoLqip/tRL6Ln+3U7Ggt6J5QmcZnXzsPidPnI3P0Bdj/9gAkqnLyE0XJuPvsd/HcQZX3wjp8Mta/OxTdDjeu8z0Z97MFHZGPYgs6IiIiIiKiBmXH/O8XIRNWXHdpTwbn/FFoRzwx+xZ8c2tvDPMYnw+WEHTu2xtPvHoL9vl6cI6aHVeFEwXlxzvpDR2LHF/42zWePfUaBgN0RERERETUQsjOQ02RTDjtof9DxeaH8N9RcioAb3WYfD2Zo+Iw+ZrpWPbrfSjb/IQ4niKtvQ87Z03HfafEIc7k/X6+lag5CTAY8dGWa1WOGooxwIDZqxigIyIiIiIiqifeAhZMTC0pEZGvYoCOiIiIiIiIiIioCTFAR0RERERELYOcH4+JqSUnanbCLZwVujGcOyhWLTUcBuiIiIiIiKiFkAEKJqaWnKi5uazn22qJGhIDdERERERERPXGW8CCiaklJSLyVQzQERERERERERH5oSJ7NlwVTpWjhjJ/Wy4yC+0q1zAYoCMioiYTEBCACo6HQuRz5PvSYODXRGpmDEZxcjvEQtUWRUxMLSTJ81++D6hZ+XrnfVqQjhrWPzsLkFVUrnINg9+8iIioyYQGW+FyNOwfOiKqPfm+DBHvT6JmxRQLVBSKBS+BCyamlpDk+W+KEcvU3LAFXfPAAB0RETWZtnGRsJcVqRwR+Qr5vkyMiVA5omYiuLs4udNUhqgFkud/UDeVoeYizBLHFnTNBAN0RETUZMb1bw+UydYMRORLnCUFOGmAeH8SNSexk8XJvUcsuJiYWmZy7Bbvg3PFMjUnIaZImAxmlaOGMrprBGJCLSrXMPwmQBccJLtBNeyAfERUe/J9GWht2A8qar5OHdIV9pI82IryVQkRNTX5fnSW5uP0oWxlQc1M/CVA+W49EbU0dnHe2/cACZeqAmouTm9/BxJCuqscNZQx3SIRG9awgVC/CdBFhQXDVswLOCJfU1aSj8jQYJUjqp2wIAtuOXcEHHkpqoSImlp57j7ccM5w7f1J1KyYWgFdXgNKFwFygiImppaUihcCnV/S3wdE5JP8JkDXv0trWA1sQUfkc+w29O6UoDJEtXfSwE4Y1r01cvasVyVE1FSyk9djcNcEnD60syohambipgJRJwH5H4hMBRNTy0j574vzfhwQf5HIU3NTYs+F08VJ1xrayj2F2JtdpnINw28CdOP7d0BZYY7KEZGvcJTkYsLgTipHVDd3Tx2lBQWKUjawuytRE5Dvu0Lx/hvUJQH3Tx+tSomaqW7vApFjgPyP9W5/RM2VPRkoEOe5PN+7y6A0NUe/7HsRaSXbVY4aytqUIuzOKlW5huE3AbqBXVujd/sYVOSnqhIiamrluSno1S5ae38SHQ9jQAAeu2wcbp08DOXZyShOT0ZZYTac9jJUyG4ZRFSv5PvKabdp7zP5frNlJeOWSUPxxL/Hae9HombNYAJ6zQS6Pg+U/AEU/yK+1GwFXHnizeEQFaq0PmJi8pckz195HsvzWZ7XJfOALuI87/WFft5TsyRb0MmJIqhhRYWYkFss/0Y0HIP4gibfzX6hsLQcFz/5FSzRnWAN5dT/RE1JtrawZe3GZ/efz3GKqF7Jz/pfV2zHn2v3IjUrH8UlNlRUyNnHyJdZgsO12/KSAu2WfJvBEICQICsSYyO02VrlhBD8LKcWyZELHPwYyJwNlO4Q+WygwqlWEvkZgxEwRQNBXYHYKfqEEBxzrtn7aMu1mNz5MYRb4lQJNYRvVmdqt+cOitVuG4JfBeikv9buxuOfLkCrpB4M0hE1ERmcy03divumj9XGDyMieuLHvdrt/We2126JiIiIqOF9vfM+bSbXUHO0KqGGsCWtWLvt2TpEu20Ifhegk+at2o3X5ixBcGQsTJFJqpSIGkN57n6U5WfiunOGY8LQLqqUiFqyVXsL8crvKXCJbxTXj0/CCZ311nRERERERFQzfhmgk2QXqJdm/4NVOzNgCIpEgCUQgcERCDCZVQ0iqg8uhx224nxtLDBXaR4GdY7FHeePYlcoIjrkzb9SsXinPrnHoHZhuOnkJJiNBi1PRERERETH5rcBOrc1O9Iwf90erNp+AHlFJSizcXphovoUaLUgMjQYg7q2wUkDOnBCCCKqZM2+Qrz6x37YnYe/TvxnbCJO7MphKIiIiIgakqvCiRJHHru3NoK92WXILLRjSIcwVVL//D5AR0RERE3nnYUHsHB7nsrp+rcNxU0nJSHQzNlAiYiIiBpKQXkG5ux6EJf1fFuVUENZnlyAtSlFuGZMG1VS//jNmYiIiOpk/f4i7ctKVevEl5dlXsqJiIiIqP6UOQpgNTbcpAV0WFigsVKPkYbAAB0RERHVyfLkQpTZXSpX2dJd+Sgpd6ocEREREdW3clcZLAzQNZq8EodaahgM0BEREVGtbUwt9tp6zm2DWL90N1vRERERETUU2YIuOrCdylFDigm1YHQDj7HMMeiIiIio1j74Ow1/bs1VOe96tQnRxqKTXQKIiIj+n737gI+qSvs4/k/vndB7byIg2EXsFbtrQ9+19967a9/F3rCurquCq2LvDbELAiIgvYYaCKT35L3nzgmZNAiQSWYyv+/9HGbOc+/cuTPMTOY+cwoAoGG0oAMAANvlrzX5mrps263j5q7OZyw6AAAAoBFI0AEAgO1iurbmFjVufDkzFl12oW/H6wAAAAhGm4vX2GvwNfPd97PZG23NN0jQAQCARluXU6Jv5m22tW2bt7bAndUVAAAATaeislwTF1xja/A1MzHa53OybM03GIMOAAA0WsamYi3JLLS1ahN+W+f+snja7m2VEB1uox6pcREa3IkZxgAAAJpKZuFSfb3ySZ3a9xEbgS9l5pbq/k+W6dFT+thI06MFHQAAaLTOKVEa1Te5TomO8Hyl2L1HUp11JOcAAACa1qaiDKVEdbI1tAa0oAMAAAAAAAggczZ+qdKKIg1NH2Mj8KWCknJNWbBZhw9Os5GmR4IOAAAAAAAAaEF0cQUAAAAAAABaEAk6AAAAAACAAGG6tq4vWGRraC6Tpmfaa75Bgg4AAAAAACBAZOTN1m/r3rQ1NBcSdAAAAAAAAHAtz5mmrgnDbA3NJToi1J0swldI0AEAgJ1267tLNPbFuVq+schGAAAA4Asr8mapS/wQW0NzSYgOU35xha01PRJ0AABgp4WGeC4rmBseAADAZ8orStQtYZhSojvbCJrLYYNSFRfluzQaCToAALDTQmyCrrKSDB0AAICvhIVGav9O59samtPhg9MUGxlma02PBB0AANhpIc5ikJ4DAAAAth8JOgAAsNPo4goAAOBbFZXlzN7agr6dv0mZuaW21vRI0AEAgJ0WYvu40sUVAADAN1bn/6VFm3+yNTS3nxblaENeia01PRJ0AABgp1WPQee5BAAAQNNanT9HPRJH2BpaGxJ0AABgp1Ul6OjiCgAA4BvLc6arS8IwW0NrE1JJXxQAAAAAAAC/Zrq39kzaQ6EhvptJFA2bsmCzBnSIU3pChI00LRJ0AAAAAAAAQAuiiysAAAAAAADQgkjQAQAAAAAA+KmVuX/o0+XjbA0t5belOcrMLbW1pkeCDgAAAAAAwE/N2/StOsT2tzW0lJkr8/TXmnxba3ok6AAAAAAAAPxQaUWRluZMU7+U/W0ErRUJOgAAsNPu/3i5xr44V3N9+KsiAABAsFmbP1+d4gcrJjzRRtBakaADAAA7LSTEc8nc8AAAAE2nS8KuOqr7TbaGljS8a4K6pUXbWtMjQQcAAHYaCToAAAC0ZiO6k6ADAAB+LtRm6CrI0AEAADSJ1fl/qbAsx9bQ2pGgAwAAO40WdAAAAE2nvKJEny77l/JKN9oIWtrsVfnM4goAAPybzc+J/BwAAMDO+3Pj52of10/pMT1sBC1twboC/bWmwNaaHgk6AACw0+jiCgAA0DRM67nf10/S7u1OsREEAxJ0AABgp9HFFQAAoOkc0PkiWs8FmZBKh70OAAAAAAAAoJaq8ecGdIhzL5saCToAAAAAAAA/YLq3hoVG2hqCCV1cAQAAAAAA/MBbi27S2vz5toZgQoIOAAAAAACghS3J/tW9NLO3wv8sySzUtGW5ttb0SNABAAAAAAC0sBmZ7zNzqx/L2FSs6StI0AEAAAAAALRKpRVFSonurJ5Je9gIgg0JOgAAsNOen7JaY1+cq+8WbLYRAAAANFZEaLQO7HyJrSEYkaADAAA7LTTEc8nk8AAAAGiNuqVFa3jXBFtreiToAADATgsJ8WToyM8BAAA0Xl7pRk1ccI0qKsttBP7KJOhGdCdBBwAA/JjNz5GgAwAA2A4/rn5FvZL2UmhImI0gWJGgAwAAOy1UngxdhcjQAQAANMbq/L+0rnCxhqcfayPwZ+tySjTFh+Mtk6ADAAA7jRZ0AAAA22dD4VLt3/E8hYVG2gj8WVZ+qb5fmG1rTY8EHQAA2Gkk6AAAALbPkDZHqlvicFtDsCNBBwAAdlrVJBEVZOgAAACA7RZS6bDXAQAAAAAA4EOTM55Vt8QR6uEUBI7M3FL9tSZfo/om20jTogUdAAAAAABAM1iS/atW5M1S5/jBNoJAkZ4Q4bPknEGCDgAAAAAAwMfySjfq24xndXjXaxQRGm2jgAcJOgAAAAAAAB/LK9mg3dudoraxvW0EgcR0cZ2yYLOtNT0SdAAAAAAAAD7WPq6fdmlzuK0h0BSUlOvzOVm21vRI0AEAAAAAAPhIQekmew1oGAk6AACw017/dZ3GvjhXn8323a+KAAAAgaa0okiTFt+ulbl/2AhQPxJ0AABgp4XYy0p7CQAAAOnH1a+oY/xAdUnY1UYQqGIjw3TYoFRba3ok6AAAwE4LCfGk6CorSdEBAAAYS7J/1Yq8Wdqv4zk2gkCWnhChUX2Tba3pkaADAAA7LdQ2oasgPwcAAOAys7Ue1f0mRYRG2wjQMBJ0AACgCXgyczSgAwAA8IiPSFNadFdbQ6DLzC3VlAWbba3pkaADAAA7jS6uAAAApjdBuX5c8x93cgi0LgUl5fp8ju8mRCNBBwAAdlrVF4oKewkAABCMJq96ThsLlyssJMJGgMYhQQcAAHaabUBHF1cAABC0ZmZ+qNV5c3VE9xsUGhJmo0DjhFTSFwUAAAAAAGCnfL78Ye3R/nQlR3WwEbQmZgy6v9bk+2wmVxJ0AAAAAAAAQAuiiysAAAAAAMAOKCzLUV7pRlsDdhwJOgAAAAAAgO1kZmr9ZNmDmpc12UbQmplZXD+b7btkLAk6AAAAAACA7WCScx8suVuxESka3vY4G0Vrll9coc/nZNla0yNBBwAAAAAAsB1mZL7vJucO63oNM7aiSZCgAwAAO+3z2Vka++Jc/feXtTYCAADQeo1oexLJOTQpEnQAAGCnhYR4LpkbHgAAtFYVleXKKVnvXjeJOZJzwSUuKlSHDUq1taZHgg4AAOw0EnQAAKA1M8m5z1c8ounrJ9kIgk1sZJgOH5xma02PBB0AANhpITZDV0mGDgAAtDJVyTljVKfz3UugqZGgAwAAOy3UtqCrID8HAABamfmbvnMvGXMuuBWUlOuz2RttremFVPJTNwAA2Enfztukl35YowP6p+jcfTvYKAA0r8LSPE1d/rX+XPOT1udkKK9ksyorK+xaAPUJCQlVfGSy0hM7a0iHvTWy20GKiYi3a1HFtKIjORfcMnNLdf8ny/ToKX1spGmRoAMAADtt8vzNevH71RrdL1nn7dfRRgGg+czMmKJ3Zo1XWmx7JcW0U2J0G0WFx7jJBwANM0ns4rJC5RRtUHbhOm3MX6sTd71YQzuPslsEp4LSTe6EEO3j+tkIgp2vE3T8tQIAADuNLq4AWkpFRblemzpOH8x+SX3TR6pP+u5qG99N0eFxCjGnO+ZziUKhNFjM+8S8X8z7xrx/+qbvpvdnv+i8r/7lvr+CUWbhUr216CatL1xsI4Dv0YIOABAwlixZojfffFMffvihFi1apA0bNtg1ALamTZs26t27t8aMGaNTTjlFPXv2tGuAwDfh90c0f910jex2hFOzvxYA2EmV+m3ZJ+rffrhO2+1aGwsOS7J/1bcZz+rALpeqR+IIGwU8Y9BNWbDZZzO5kqADAASE5557TldccYUSEhK0caPvBmcFWrO0tDTl5ubqiSee0IUXXmijQOAy3Vo/mP2ihnc5zKmRnAOaVqV+X/m5jhl0roZ12d/GWr8/N3ymjvEDlRbd1UaA5kGCDgDg1zIzM90WP3PnztW6detsFMDOSE9P14ABA/T222+714FAZCaEuP+L89S33UilxDA5DeALWQVrtHD9VN1y6ItMHAH4GAk6AIBfO+qoo/Tll1+qtLTURgA0hbCwMI0ePVpfffWVjQCBZcqi9/V7xmT1bkMXNMCXFq7/VSO6HqRRvY+1kdbFTAbx2YpHtGf709UxboCNAnX5uosrk0QAAPzWM888o99//53kHOAD5eXlmjlzpsaNG2cjQGD5c81PSow2LUBNewMKheKrkhTbXn+s/tG53vqszP1Dby68Xh1i+5KcwzblF1fo8zlZttb0SNABAPySmRDi6quvplsr4ENmPMdbb73Vfb8BgWZ9zkolRvmmFQOAauZ9lpmbYWutR17pRn2T8YxGd75Ie3U400aBhpkWdLGRYbbW9EjQAQD8kpmtNTU11dYA+EpUVJQ7CQsQaPJKshUZHq1KFhYWny7mfZbvvN9am/iINJ3Z/xlmakWjkaADAASlDz/8UGvXrrU1AL6Sl5enjz76yNaAwFFZWaEQczpTf688CoXSRMW8z8z7rTWYteETTV33lq1JoSG+S7ag9WkTH6n9+iTZWtMjQQcA8EsLFy601wD42qpVq+w1AABan5yS9Zq0+HbN3/Sd+qXsb6PA9klPiNCovsm21vRI0AEA/JIZGwtA88jJybHXgMDi3Q2PhYXFd0sgq6gs16fLx6lr/FCd2Pt+JUa2tWsA/0KCDgAAIMhVVgb2yReCmVc/PAqF4sMSeExizjDdWE/u/aBGtDuRLq3YKcs3Fmnaslxba3ok6AAAAAAEJJNbplAovi+BpLg8X5MzntUnyx60EU+SDthZJkE3fQUJOgAAAACoxWQOKBSK70tg+HPDZ/rvvEvc64d0vcq9BAIFCToAAAAAABDwTOu543vdo9GdL1JUWJyNAoGBBB0AAACAgOQ9iD0LC4vvFn9lZmddmjPN1uSOM5cW3dXWgKbVLS1aw7sm2FrTI0EHAAAAIDDV7oVHoVB8U/zMxqIV+mrlk/rfwuuVW7LeRgHfMgm6Ed1J0AEAAABADd4tfFr18vv/dMrQc3TGkwu9oywszbb4EzM766fL/qXEyLY6ve9jGtLmSLsGCGwhlcyrDwDwQ6GhoeJPFNB8eL+hpWQXlrmXSTHh7mVjXTPpCO3b62RbawYbf9fDRzyjn0ps3Ypp20NDxhysE88YqV6pPpopcupEnXj+l9IZ1+ud6/vbYANmf6Czx76vHFvdqsjDdc9vJ2ugrW6fcmUv/kNfPf2JPvt1qbLyTSxaqd17acjJo3XcEbuqi6+ej0BQtkCv7v9PvV/aX5e+c70O7GLjAeqHxW/pkRM+tbVtm7PxS/VIHKHYiBQb2XEmIbdo809Kj+mhlOjONgo0v2nLcpWeEOG2pPMFWtABAAAAaDGrNxfrqokL9eL3a7Qup1b2a5tMYrmZSkG+suo5vML1S/XrSy/ohjGP65vlJtlYz223WZbpncPP1Ym7v6W59a6vUt+6+sr2qO/22yp5mv/svbrwxKf1xjdVyTmjSFnL5mjyuKd11TU/am29t23Jkq1fbrhQJw4dp29W17e+CUtxifNsGDGKiqpn/XaUzV89q1OHnqs738+sd33zlMbZVJShSYtv1zcZzyi/bLON7hgz4cO0de/oP39dqIXZP6rCWYCWNH1FrpZv9LyzfYEEHQAALeZuTS2tVGXxL7rNRgAg2ISFhqi0vFKT52/SPz5Ypn//sEazV23J+GyVafjZbMXep4b+n56a8aLedst4/efdq3Rs/3Apf46e/tdUbax9u0aVQuWsdfZdUi7nqahnveeujfrW1SiDjtG/txyfp9x1hue2Rz9fM/72rydpQH372Gop17L/jNMtz65QaWS69rvjFj37w3Oe/U19Sv9+9xZdedkQtY8NVUi9t2/JUqy89SaJWqaK8vrWN2GJHaTzfzDP8aXaO72e9dtRCnM2qdQctfPiqG99c5RtMa3cpq57SxMWXKNVebPdWF7pRvdyR63O/8vZR6Y7K+tR3W9i8ge0uALnMzo20nctg0nQAQCCzoiXF6rU+bZpuvTVWzLe0aF2W9+KUJjp0RUZqThPIAAcq3cySp3nqVhT746xseZzxXe5df+/vErp1Lvtlr4Xc/dUFZv7dF4vx9oYgO1nEnRVcorK9M28TXrsq5V6fspqzViRZ9c0xGQOmrMY3vVwxXUfpDOfvUD7mFU//q6/TIauxjaNLUZ98api1BdvTKlS37rtLBk/6oVHM5zrnXTGf/6hK4/voTZx5rTSWRcepcTuPbTfuZfrqaf3Vtvat/WLUqW+df5aqtS3rrlKw9bmz9fEBdfol7VvqLzSpBI9Cko32WtbV1iW43aJ/XjZg3pz4fU2KreL7OjOFyk5qoONAC0rv7hCcVG+S6ORoAMABJ1OqXHOKRUadMV3ym0w2ZWk6EhzWaLiXDfQrDokxNtrLS89LspzpbhAWZ5rAHaAV35ui6LSCk1ZsFmPf7VST3+7Sr8tzdlGiqCFJcXIM9JWrooK3StSWa5WfvOJxp15i87Z43ydNOx8nXbgLbrnn79qabbdRjn68Rqz7mF95Na/0l3Odmbbk4Y9ox/raYBUnrVMX995j93n5brgknf1x9pyu3bHlK6arUnX3q8L9rX3vcc1uuySCfp6RpZq73n5N19onnOZeN6ZOqZ/hCfYGM7zsfiTCbpnzDU6zT7GMw+7X+NemqGMLc9HlY369gJnm7O/11p7uzsOvNi9zWkH3qOn312huqnbcm34xXm+T6vav+e5mbHKkzBa9Nw1TuwWjZ/p1jR+jH2sw67R/zwNvqTVP7rP/23vZqp87Sz9+6TL3W3OPOkrLXE3KNX6ad/r35fcXv1c7Xu9brr2k3r+D+xj2OMxTVltQ8b0t93je2Vq1fN+p850j6Oe/8vZH+ocZ91ldy9yq/PuvsUe8/k657mlbqwllVYU6btVL+idxbe6s6rWll+27b+O5RUlemP+lVqdP0e9kvbSCb3usWsA/7NfnyS1iXe/CPsECToAQNBa88FxCgkJqVs6n6gv7DZBqUOCTBosPKy+E69XdVTbCOd5StC+46rOQpvfjAfr+X9zSsTIO+wWvrfi2iGKMvfZ60x9b2MAtp93C7rayioq9fPibD3xdYae+CpDPy7KdrvDVqls1sWbd9xZMjLlplAiu6ttexMp1PT7btDV176rX2dnqmpovdJNmfpj4ou6/vzPtazMc9uGmXWebbZsNecj3XPEfRr/wQq7zyJl/fyJ7jn7bf2ZXbVtfYuHd6RqyZ36pi47+vGaY8mV5Grtz99o/Dm36p5316psy9YbtPgH0xc3QYfv39M5mayKb2MpW6uvLrlBN976jf7IyHW7axru+H1PPaOrTn2z1vGXq9zt07lCX1x5i3u7uZs8k4mUblqhb+9+QA/VOC7zON7WrRc7z/e8qv17npv7bvvFHQtva8/0lmemosLZp3O3877RPcc+qU8We8aaKly8UfnO+pUT7tMl57+qT35eW/1c5W/Wom/edbZ/RdPqewwlxSpxXsdblvJy9/iyvntbV51gnvfVzqvFqP//smHV2zTHUtvSnGl6bd5lmrXhE7d7a328u7ia7qozMz90x6YzreQ2F69x42GhkTp30Ms6pOtV6p+yvyJCfTP4PtAURvVNdieJ8BUSdAAAAEArkplbWqM05K81+TWKabHmXRoyaXrmVktD7vt4eb3FjDnXGFOX5Wj85FW664Ol7kx6LpM3aM5SpapeWqSNs37Q4xe/4bYqSzt7pAaY4YmcdRWl4ep76lm6a9JjemP683pr+ni9+umVOqqds37h5/rtL7NdovZ+2Ky7Vkc5Velg3elua8ol2jvVbGOLMXO+5rfdX9e/94QmOtu88eHFOtDsb+1Xemfyxupt6ytG7djmWXr5sq+0UdEaetm1euL78e59T/z+Qd13+wilqUyz735Wny+uus0GLZ/qXGqQenavim2rlGv568/q2alliui8v66c+C/7fDytVyZdqWPM+H3O8d//2GwVet/OmD1ZH/wkDb3+Jj3/i3Ob3x7Wg1f1U4Q5rgd/0Pwt2+do1gTzODrpxOft/n97Qk88dYT6JoUo1Nmm9wUPO/d5ny4aanbcWxd9UPU8P6yTB1Xtx6yTFv3vK81O2VfXf/i05zg/OlTdnXXlJVK7/Y7T9RMf1Ku/eW7/xuTbdf5I5zGU/KJvfsmp3o/dl8s7ZuM/vf65srb1fzlojF5y1j11e2/3Nv1vv88e8/N66YIedffry2KZbqufLh+nj5bet80x5vJKNthrzkt+8w/KLlmrdjF9dGDnS5QY2dauAVCFBB0AAA0Z9LzmmUkcSjP0/sk1x1uLOf8rbTDdQBe+rBE2dvfUUmfbqbpbMRp29fuam1ngGeuutECZc9/XZf3sho0RM0xXT5ihFZvtPpxSnLtWi797UafX2c+heifD2Wb1+zo25gCNn5Hljo1WWZylz6/wbJF65H16f8YKZeUW2/HaipW7drG+e/gA52itEf/VYrPupmGe+rCbtoztVrn4vzUfp3P7X+rMbGEe9wTNWLHZ+QJvb1ecq7WLv9OLdQ9ah76T4WyzWu8fa2+3aieer/oc+o4ynP2tfv9Y5+m8WhNmrLLHVaqCzLl6v4E76HeZeQy5nuewTinQD1XD49j9ly6fWGPMQs/zM10PKFVHPv6dFmfZ59x5Llb88rAOaGDovtQjH9d3izO3PHelBZud7R/XkeYEHTuldiKqdmlI7YRVYxNRZuy0rZWGXP3mwq2Whox9cW6N0tjb1U6UNfY4az8PtUtD6nvuTVm0fvta45rur2ag7srKRrffasLFMfNVXTb8Ap1syu5X6KL/e1U/ZJQpYuSJuuHU7rZVWZSG3/O47r1hHw3sHqNwNxaq6HYDdfgFvZyd5Co7z7v9V1UGxJMNqW9xtTtIt/z3dI3sGuXeT3inofrb5YPdVbMXZG7ZtvZSzTtaqbXffKopJVLi6Zfo6nP6qn2c5+hD41LU5/hzdPW5Cc5tVunzH1baW1TtK05RcVWRbSxlC/XtM6uc2/TSOc+crn36JtnnI1yx3Qdq7GNnyfzVKX3vN83J33IrZzHCNej2W3TjaT2UHOnEwuPV8/TjNMb0Jy5ZpNXmb1+N7aWo+FjP/sOj1H7v43Tvo3urzZZtzGJ412svjpTRum3imRrZyezJOc6OSc4jrlTXs+7Qk48foZF9UxQd7tk6PLGzDjlvf3evWTkFbqx6MbzrnsW1nf+Xhne9uRfDjBP32vzLtWjzT259Wwq8ZnHdv9P5bhmUdojSY3ooNMR3A+0DvrK1v3FNgQQdAAANmXOBbvxglcrCO+nIR1+rnggg5nx9+MBBStMafX7LJZpmwxFmxofwJB3yw3L99sgxGtDGnJQ5wmPUZsAxenLaVN3dmAnIYk7W+wt/0yOnDlWXJLsPR2R8O/Ucda5enzZdD9TILTnbmL/oYd1158IvdNHQFLmjY0SmKN2Mq3zW51rw8S06ZmgXpWwZNyNS8e16atQ1X2j6+O3LhLmP07l9ZI2ZLWJ08vsLncd9qoZ2SVJM9UGrXc9ROvf1aZpe86CdbdyDVvfb5ukXc7uONZ+vR79+X7XyotvHOQjP03Kb5v3yiE4d2tEeV7hi2gzQMY9+XSfx2vXuqZr2pHkM8Z7ncGvs/sMjYqqTnA7P8xOvw6Yu1vtXjFLPFLsn57nossc1+uDHB1T7Ge/3wHQt//gKjerZZstzFx6T5Gx/hd5f/EvjXjc7oadzEls7GeVdGlI7MdPYBE/txFBjE0q1E1G1S0Nq31/t0pDaj6f2421Ifc+hd2lI7ZZvtUtjme433qUhAzrE1Sim6453acgJw9O3Whpy61Hd6i2XHtDJbrF1qXERumBUR/3rpF7u8YWEVNg1LSlaqYOH6bSH79QzTx+qHkk27CpX9txfNeHaB3T5QZfqb8MvdMvl95jmaNKyNTsweuVBu2pQjftwnpeuPZRor2+vDYvNsYRr9IH9anyOeYSp7/6j3X2vXphlu2FWKVe5p8fptq3N1CLTHXfkvhrS2ROqoe0A7X+AubJUq+t8bHTTviPbOUfiJbyNurqt4Lwlasip5u/yKr3x93/ony/N0PJ1Rc5R7qBuXdSu1vNcpXTVHH1y5+O66vArt/yf/u3Cr911i5Y1/P6uo4n/L30tPDxEawrmNdidtT47O4sr4E/M8AqfzfbtqMMk6AAAQavDMe95WjZ5F7cFXLX3T7xUH6wqU3inY/TIf/dzIjE6+a1/6KA0ac3HVzrXa7f86KM990nSxl+f0Ol905wTyFh1OfElzTWjWceP0CUvnOXZrEExOv/D8TqmU7jKNv+piRftozR3fLU09T39CU3LdM6I4ofpuklPqk7Opu0QDetUpLkvHeXeJq3vkbrsFSce5ZzabF6uKS9dpAO6xDr7cvaX1leXfLxKziNT/0Nv87SOm3amepl1D84wNTPQm2dbU3qduSURWZ+Y8z/U+GM6Kbxss/6ceJH2SfPcLq3v6XpiWqZzP/Eadt0kPVn3oDVkhBNc8YVu2sfzfA2/5ms5T7nznB+pG262m9Uy7KZa/2+mNDD7btshI5znaoW+uMnzXMYOv0Zfe+5AR9a4g2P15HkjnCMt1JK3z1eXWOcxxHbRiS/NdQcjL1vymkY5x7fvOM/WW9dHw0bEK+/Pl3Si+5yn6Si7n/hhZ+p+7wPt+qQmXTdM8SUrNOX+Ez33a5+7l5wXTnjyHo143eycvc6+r04yyrs0pHbCqrGJqNotqHY0EdVYtRNRtUtDaiesGpuIMkmkrZWGPHpKn62Whrx23sAapbG3q50oa+xx1n4eapeG1Pfcm9K7bazdon5JMeEau2c7Pfy33u7/g/eYdc47v1kX19CxemL6s3rTLY9p/KsX6rgDOijRtqjyLGVa/e7jumTsv/Xut8u0zo6fVpP39mapP+pZqnjH7JKcJM8cl16xOouHd6RS67XWzWt3U4e23nGvpWrfq7KV7UbilGK6tuovLVu6ZautL2tWa765SZ/UWi3ZqpYEJbp3sk4bN1dHq1XHPEvV9kZ1NG7kCXrgtbEa3SVXvz/9rK4/4kqd839mkogSr622tl/PsrV1uVP/pyvGPKFXPpyr1es949PV5L11Q/dVxTtmlwb/L6t4x5p3KSur1MFdLtepfR/R6M4XqmfSHgoPtZMlNaCkolDF5XWn8wAC0eaCMp/O4GqQoAMAYKve19irP9cahavnqc9r/GWv6dHDnK/PG7/WnSe/VatFgcfCV/dUjz2v1ISF5le2QmVMOk9HvDLXOV2T0gYdW28SaYuYO3Tx/mnOlTX65O9DdNpzP9kZQrO0cMKVGnni2zLzpIUPPFg310l2FWrWIyM06LxP3NtkLfxUP5mzohcOVhvnjGr/857T5Ax7xFkLNf7o/+pPcz0+RT3c4I6K0R0X7y/3qD/5u4ac9px+sj8wZi2coCtHnqi3PQetg+setMpWfaCx/Q/TP90bFWrGo2P0zDRznOHqtOuWdos7rmyVPhjbX4f90/NcFs54VGOemeb+34V32rW6ZaT2VBdzZrT+G9108otyn6rCDE067y59t97ZtucInV738BuUN+Mh7TnkPE1yd5SlT867SB+5k9x1Ug+3tYjHiPuO1MBw53Xz30O1/62TPPfrMM/deSOe1yznetouJ3odZ9Nb8tN7dZJR3qUhtRMzjU3w1E4MNTahVDsRVbs0pPb91S4Nqf14aj/ehtT3HHqXhtRu+Va7BJvYyDCdMrKtHju1jw4fnKaIsIYnk/A7G2fo9XvmqzSyi4556i698P3TNqH3rJ643XRx9QepatPXXC7XGuczrl6bNzt/jRx909TGDbRXz71NM991mjKtcWMHqm07uSOoLdyo+tud5ijb3VV3ddypYcnClDRwX1381sN65dPbdO05zl+2Pz/TAye+pJ8aenzbZZk+u+lrbVSK9rr9Rj01+ckt/6dvPneQ3ab1S47qoF3SDtdR3W/SsT3v1O7tT1H7WPeFVEd5RanyS7ejVSHg58zfJV8iQQcACFr1zuIaMVK15wEtfOtkXfmxc/YQ3l8XPXmCOoVv1Nc3j9ELNpFSW97qGXUSdyvGTfHM8Neph7xyM3UdOlDtzbnPqp/19PueUA3fP6wpS8yV9upzmBvxslnLprjtFOpKPVKPfz5XK7K8x1a7yR33R207ari70Y46VAM9B62f6z9oPew5aLWve9DK/P3fqtkQsVBfLNr6iV+9s7g2NPtu5u/6d62WjoVfLPKcdPrQws9v9rQa2eJ7TV9Z90VzTH9P1q/PufNqtgg0peAaDTErO3TRnu5WvvHzy7fWSUZ5l4bUTlg1NhFVuwVVsCeigl14rfOdDkmROn5Yuu4c011jdm2z1cRcZWVFMxbbjsl9f9a33qssW66ZZttjj9Mpe7VVQmzIlnXlZVVdBL1vE6Iwtzd8qcpLveO2OItHffe9tXW22C1q32dSRzMrQZkm/7xIZd7bu6VU87+brBxni379UhVqb9PvkIPdbpgrHp+gr5eZMTdr365WSbOtwqb+rnnr6lm/bq6++9ZZH9lTHTp6rzM3auD/2LOq/nXOMUY7f9dGXnqNbj43XiqZqZ9mbLbrpBDz50rlKiurfTtTttxprbhTVq3S3E3OukGH62/HdVObhLAt68rc6VqN2rezUe9Y9dHXjLul/nUhoZ43iXnteMebs9SnY9wA7dHuVDdRd0S36zU47dA6kz8UlJknDQh80RGhOmyQbwcGJkEHAMA2Feqt27+UJ8XkWP+LnmsoO9eQFZvrJO3qtWcXz4nM+gX1J5s0TRnZ5jJZqT3dwLb1e0DTl3+sKw4doC4pjRhbbbvZlmdarwX1H7SmeQ5ayY086KrtfWZahurew1/KNMPltN1fd714gjqbAZliOuuEF+/S/uZ8Y+MK/ey2gNtxCzbWbUngGbNuG/JyfZ5QBFpKVb7KJOJMS7k7xvTQibulq1PK1rvP+bX27eW2KXr/c32zyDMWWnnBes2d+JLufWCZWVNLkjoMMJfTNfW3XDPCmwpXrNfG+nrGNqGu+4xyh0vIeeklPfXeUm0s8PxnuMf68ng98FKeFLmHjj2wusVo2JBROnu087lVskDPj31EE7/N2HI7k2DMX52hqf9+Xtcd+7Hnh6m4PtrnOPM5N0fPXfWu/lhW4GxllGrTgql66fzX3GRm10v2kpnQdccs0OvHjtd7P61VvhnvzlGas0bL//B0Q01JqurKnqZ09z9mmX74eY17HKWZa7XeZCG3pWO6epo/oHM+05c/ZXseQ0m2ln/7rm69aoqp+Ux6R8/gfYs+masM8/ic+129quEJbppbZFiseifvrQM6X6zT+z3uztJqkndGAS3o0EokRIdt9cfHpkCCDgCAbernnKScoJ4qVF6ec7bU9jA96I5Htx26JnsG4C4ssF1WGzB9tdyeOG37NtAVdoQ6u4NKr9fq6W5gm65/6UoNi5fyFn2gm47sa8e0M+VB2dHmdtJ0rfYctPo20H93hOegtb6xB90iXtWD36x0LuM18Nx3tLKgUpUFK/XOuQOdSJ5mvHCFs4Xv1NsqsKok7K8n7HZAaxPmnJGYxJzpymrGmjMnQY1lWiM131LNO1rv0rG/DrJJrJdOuUZn7HaJztjvLt097nflRFZnoapvkaLOI5wPauez5ovLb3S2v1xnH/+q/lhbvYVHdb16qeIdq700sEXP/XTV7X0VoU36+Z5xunS/y3Vq1bE+Ndf5q5eiI548UcMSvW6jJO1551U6qZ/zOAqW6r3r7t9yu1N3u1LnjrlfDz89Uxlu/shsH6Vdr7xUR7STSud/qQdOvE5n2m0vPu1lfWlmwB1xhq46raNzclp1H1XMtaqY91J3XVnGn5p4+d06dy+z70t05gH366Vpzt/sdkdp1G7Ve24/cJB76/nj7nGP48zD79anC6rWVquKVC/dtcfZZvrYTfrk8ps9j2Gvm3XjdV9qmcKd57D2rarUfQwe3pGqpYp3zFm6dpU7L8Yf/9N15vE593vNxAzvLXy+NFZEaLQ7U+uJve/Xmf2fcWdsBdA4JOgAANiGfg9M0GXD4lU27z8aMfYDrSqz49E1MPlpfHrdFf1uHu0Zg2fNUpmePA36daUngddphM6uLwe437UaZRqhla3Snx95Qlt3qPbsblKD6/XdLcfqn58urE4QxkTWnBmvSmm5O16e6W9Vd1a/+vyqlZ6D1oj6D1rXeg5aqxp30C1jxMt6/vguzlP7p35bskGF7pNQoryVMzXxmlHa5+YGug/vpG+XrnIvu448v5HPN9C6mNlZTWLOTAbh10JD5B5hREgjTqKStdcDd+imswco1c6BEdO2u/Y3Y5c9OdpN5iTEercQDFOfsZfpgjFdlOg2c45W6p4j1Ku9u9K57zD3NhHu7Ne12OOqd50VERXt/BvumfG7hjB1OO4yPfXfv+uwPdvY+3bEJqvXAcfopg/u1Fkj6plIJbGHTnz1Xo176BiNHOR1OzNzd7cBGnXdBXpwwiHaMtpeYl+d9d7duunSXdWrrTkWI1yJnQfosHud5+TpvdWhxn9/iELcjFe4Qup7yOFmY+91vXRcrccQkdJGQ86+QA9NPFK9vPadeshpumXL/4tzDP1Ga0jV+KJVz2WsZ5bumsLU65wbdd/te6p7imeHnvu4VI9PPNVtMZmYUPVEGPYxREYpwntnO/J/2Xa4znvmMA2xz11EShfnse7UgH3NwoxXlxJd39S9QOAxk1ot31jf5DBNJ6SyuqM7AAB+IzQ0VL76E3Xs+6v13jEd3DHoOh5b35hpXrreralzbteI6CV67cBeOvP7GJ380WL976gOKpv3rAYPuHjLOGMPTK/UTe6gbiVaMeUhXX3GvZqUEaO9b/yf/nfvQeoUXqa5T/XSoMur+kk+oOnuOHAz9GDIcHnmE+2qJ+cs1mUDw1WWOU3PXHm6/jHBJNVStfeFT+vZB0/SLsnh2vj1Bepy8Au22+yxen/1ezqmwxp9cFxH5/G5wS3unlqq20eEK2/GEzrs4Cv1U5bZ17/0+D3/pxHp5lTA+/4dzg5Wv3eMOhTO0hP77Kkr56XphCP66NNJ37r3V/U4TYuv4fZGXZ+co8WXDVR4WaamPXOlTv/HBJk5MlL3vlBPP/ugTtolWeEbv9YFXQ7eMnbfVv8fHpiuSudOaq+r774bVPU41nyg4zo6z5ENe9jn3nvd9T+o4F/7qPj7m7TLYf/cMllDgxrY/9aOseox11i33wQtn3Kq8z+fp0Uf3KvzL33CM5lHTGeNPus63Xz1/6n/nFPU7cQG+g83Eb4SItBcM+kIjex+tK0B8KWpyz7SIyd8amtA8DGz2g/qGKd9ent6hfhCPWl7AACCQ4dj3nOTEnXKhs91lrtFV939ztUyvY7WfHKNzvzexAr11sl36uuNUnj//9P/Hq7bWi5vc4E6jrpF76wscPa3UT8+aJJzptHbJ7rrhm0NYrZCl5/wkGbkOftPH6Er3ligje5xOft59lQ3OWdmPb14TFVybtse+N+vcnan+GFX6MeNVfs6VyPSnWNyW4nV8sWvWm52HjNEV0x3HoPp5vnUVVudfXbF5SfoIc9Ba8QVb2iBez+V2vjjszrVJOfMTKoXNzyxxvYadpP9v6pVSuc86Y6ntEPGnat//ZCpmP0e9HRvtfsszs1SVtYKzf38cR3pi7GBvz9H101aoRLFq/cxD+pb93Xj3LfzvH/77JU6tF9y/S0dAThMYplCofi+AMEtK79UqXGe1rO+QoIOABB0VmXle7pwNiQsTG7Howtf0eUj4lWW+YXuPNWr/VXhCxrzzx+VpxgNOWe8LrThKguf7aWz/z1Tqz19JFVWuEFLpjyiQ/scW2u20lKVm01KSlRjqOf5N2t4t6P0xJQlWpdnR7t2jrgwe6VmTrxGu9fZT6HKzARrZaUqrCcBVjjuEI265gP9tcHZzgTKCpW98lc9cdTp+mCd2aDWuHiF9+vvN3htX5KnlTM/3jJpRannoFVS86B18/BuOuqJKVqyLs9Z61FWmO3cdqKu2b2Pjq09k6p70FKFczx12G62tdetyTWpxoaFh3p9cXKef/ceKpznzg14s8+997p+f9cxQ9M9//deIuNTlJLSRQMOvULvz3pHx9p41f7LSgtr7N/z/JRpy6R+XjyPufa6Qr11Yn/tec1EzVy5SdX/5eb/6S998cSJ2nOsb1vPAYGqkoWFpVkWINhl5Ze5QzL4El1cAQB+yZddXH1lu7pfwu9c/0OB/rVPjNZ8d5NOOuGf+mlL1jJVfU57VB+8dJb6x9Tfjbg14CshAo3p4jqi25G2BsCXpi3/hC6uCGofz9qgA/qnKDbSd/0aaEEHAADgSI01UzSUqTB3syLd61Zqmnp37aQE86Np2SataJqpbwE0Ae8WPiwsLL5bgGB31JA2Pk3OGSToAAAAHOM/mqY8havn0c9WjwNnysYF+sQdR7BMqz65S9scRhBAMzKJAwqF4vsCwNdI0AEA0ETqH5sNgWLFHaM06pyXNGXJOmXb8QMNM47euiVT9NI5u6vPsW/VM54dgJZSXxqBQqE0fQGC2erNxfr6rxojNvsEY9ABAPxSII5BBwQy3m8INGYMuuHdDrM1AL40ffnnjEGHoDVlwWbNW1ugC0Z1tBHfoAUdAAAAgIBUNT4WCwuLbxcgmOUW+X4GV4MEHQAAAICA5J1AYGFh8d0CBLO84gqlxPp2ggiDBB0AAACAwGTyBhQKxfcFCGKDOsapd9tYW/MdEnQAAAAAAk5IiBmrtMK5Vl82gUKhNFUx77MQUgcIYoM7xalbWrSt+Q7vMgAAAAABJy4yUaXlxfWkEygUSlMW8z6Li0p0rgHwJRJ0AAAAQS4kJMReAwJHemIX5ZdmO9fqSylQKJSmKuZ91ibBt7NXAv4qt6hcb05db2u+RYIOAOCXUlNT7TUAvpaYSMsIBJ5dO+yjwpJsVQ9jz8LC4ouloGiT837bz77zgOCyLqdEyzcW2ZpvkaADAPilvn372msAfK1jR1pGIPCM7HaQ8oo2K7dwg1cqgYWFpSkX8/7KK87W7t0Ptu88ILiYBF37pEhb8y0SdAAAvzRmzBi1a9fO1gD4SlxcnI466ihbAwJHTES8ThxyiTbkZTg10xUPQNOqVGbuSh0/5EL3/QYEozXZJWqbEGFrvhVS6bDXAQDwG0uWLFH//v1VWlpqIwB8ISIiQvPmzVPPnj1tBAgsb0x7SHPW/Kbe7Yc7NcZTBJpGpRau/V0D24/U2JE32BgQfOavLVBybLjaJfq+FV3YXQ57HQAAv5GSkuKOi/X777+roKDARgE0peTkZN1yyy069thjbQQIPIPa76GM7EVatmG2wsIiFBkeY9cA2BF5RVlavWmheqfvorEjblBICB3vELzaxEcoPirM1nyLFnQAAL925JFH6vPPP1dFRYWNAGgKZubW0aNH65tvvrERILDNzJiit/94WrGRCYqJSlJMRIIiwqKYpRjYBpMSKCsvUUFpjgqLs1VQkquTdr1UQzuPslsAaA4k6AAAfi0zM1PHH3+82wVv48aNNgpgZ5iWc/369dOHH36o9PR0GwUCX2Fpnn5b9pVmrp6iDbmr3URDpfiBx1+sz3rYvWybeq17Cf8QolA3sd0moaOGdhzlTgjBmHOAlF1YpknTM3X2Ph1sxLdI0AEAAsL48eN15ZVXui3pysvLbRTA9ggLC1NoaKgeeeQRXXbZZTYKAM1j7Itz3cvXzhvoXgKAPzPjz/1v2nrdfnR3G/EtEnQAgIBhJo54/fXXNXHiRK1atUo5OTl2DfzB6c/Pdi/fuGCwewn/kZCQoE6dOumUU07RmWeeyYQQAFoECToAgeTHRdlasK6AFnQAACCwcOIFANga/k4ACCQTflunxOgwHTWkjY34FtOxAAAAAAAAAF7265OsEd0Tbc33SNABAAAAAAAAXjqnRKldYqSt+R4JOgAAAAAAAKAFkaADAAAAAAAArL/W5OvVn9faWvMgQQcAAAAA8DkzOQQTRAAIBEsyC+215kOCDgAAAAAAALBWZBWrS2qUrTWPkEqHvQ4AAAAAAAAEtZveWawLRnVUz/QYG/E9EnQAAAAAAACAtXpzsdITIhURFmIjvkeCDgAAAAAAAGhBjEEHAAAAAAAAtCASdAAAAAAAnxv74ly3AIA/e/v3TH0xJ8vWmg8JOgAAAAAAAMCRsalIqXERttZ8SNABAIAmceZLnpYRDG8LAACAQLV8Y5F6pkfbWvMhQQcAAJpEaIhnlqsK8nMAAAAIQNmFZSqvEC3oAABA4KqahJ4GdAAAAAhESTHh+tdJvWyteZGgAwAATcI2oFOlswAAAACBKDqiZVJlJOgAAECTCKGLKwAAAAJYUWmFvdb8SNABAIAmEVrVgo4EHQAAAAJMaXmlLn5tfosl6UjQAQCAJlHVgo5ZXAEA9XntvIFuAQB/tGh9gTomR9HFFQAABLYtk0TYSwAAACBQLFpfqH7tY22t+YVU8jM3AAAAAAAAgthrv6xTjzbR2qd3ko00LxJ0AAAAAAAAQAuiiysAAAAAAADQgkjQAQAAAAAAIGhlF5a5pSWRoAMAAAAA+NwFr87X2BfnqqCk3EYAwD988udGTVmw2dZaBgk6AAAAAAAABK35aws0oEOcrbUMEnQAAKBJ0DICAAAAgaaotEKrN5e4M7i2JBJ0AAAAAAAACEpZ+aU6oH+ywkJDbKRlkKADAAAAAABAUOqYHKXTdm9nay2HBB0AAAAAAADQgkjQAQAAAAAAIOjkFpXrt6U5ttaySNABAAAAAAAg6MxelaefFmfbWssiQQcAAAAA8Lnnz+qn184bqNjIMBsBgJY1b22BdukUZ2stiwQdAAAAAAAAgs5fawo0oIN/JOhCKh32OgAAAAAAANDqlVdU6su5WTp8cJqNtCwSdAAAAAAAAEALoosrAAAAAAAA0IJI0AEAAAAAACCoPD9ltUrL/adTKQk6AAAAAIDPXfDqfI19ca4KSsptBABaRsamYi1aX6iIsBAbaXkk6AAAAAAAABA0pi3L0bCu8bbmH0jQAQCAJkHLCAAAAASCP1fla2gXEnQAAAAAAABAi/jbiLbq2y7W1vwDCToAAAAAAAAEjX7tYxUW6j/jzxkk6AAAAAAAAIAWRIIOAAAAAAAArV5peaUufX2BikorbMR/kKADAAAAAABAqzd/bYFS4yMUHeF/6TASdAAAAAAAn3v+rH567byBio0MsxEAaF5/rsrTbl39a/bWKiToAAAAAAAA0OrNXVOgEd0Tbc2/hFQ67HUAAAAAAAAAzYwWdAAAAAAAAEALIkEHAAAAAACAVi1jU7HKK/y3EykJOgAAAAAAALRauUXluvvDZfLj/BwJOgAAAACA713w6nyNfXGuCkrKbQQAmse05Tka1jVeEWEhNuJ/SNABAAAAAACg1fp1SY5G+unsrVVI0AEAgCZBywgAAAD4GzPuXJv4SO3aJd5G/BMJOgAAAAAAALRKYaEhOm+/Dn7dvdUgQQcAAAAAAAC0IBJ0AAAAAAAAaHXM7K2Tpmfamn8jQQcAAAAAAIBWx8zeui6nxNb8W0ilw14HAADYph8XZevt39fbWrXM3FL3Mj0hwr30dvCAFB01pI2tAQBaM9Nipai0wtaqXf3mQvfy0VP6uJfeoiNClRAdZmsA0DQe/HS58z00VSO6J9iI/yJBBwAAtktpeaWumrhQ2YVlNrJ1ZkDex07to6SYcBsBALRm3y/M1nPfrbK1xvn7Ph3cH3MAoKmYHwuu/d8iPX1GX7+fIMKgiysAANgu5gvOYYNTbW3bjhicRnIOAILIHj0SNLRLvK1tW/8Osdo9AFq3AAgspmXuTUd0DYjknEGCDgAAbLc9eiSqW1q0rTWsXWKkdu+ZaGsAgGAQGR6qPbbjs3+PHklK5IccAE3MJOZ6psfYmv8jQQcAALabSbyZJN227N4jQd0bkcgDALQue/RM0rCu224V1799rPu3AgCaUnlF4I3mRoIOAADskD17Jqp7m4aTb54kXpKtAQCCSWRYiHZvxA85pqUdwyAAaGof/rFBk6Zn2lpgIEEHAAB2SNtttKIzJ2ZbS+ABAFo3Mxbd8G4Nt47r3yGuUUk8ANhePy3O0aCOcbYWGEjQAQCAHWa6MPVoU3dsj7YJEXRZAoAgZ8ai21oCzkwMQes5AE1t0fpCt4trv/axNhIYSNABAIAd1lAirqHEHQAguJiW1sO61p3R1Zw4b89EEgDQWCs3FWm/PoE3zAoJOgAAsFPMyZf3DFnpbtKOky4AgGcWxT171j1RNn8naD0HwBcO6Jei44al21rgIEEHAAB2ihmLzjshZxJ2PRh7DgBgmb8Lw71mdHVbz/FDDgDUQIIOAADstMMGpbotIUxLiSN2SbNRAACkcOdvg3d3VvOjTnIsrecANL2fF2eroKTc1gILCToAALDTTGJuzK5pOmiAJ1EHAIC3fXonqVtatNolRurgASk2CgBNJyu/VC//uNb5XhqYqa6QSoe9DgAAsMNKyyvdXyxJ0AEA6jNtWa77d2JU32QbAYCm8+EfG7Qhr1Rn79PBRgILCToAQMAozc/Wih/e1ZpfP1HumiUqztss/owBWxcSEqKo+GQldOihDnscpa77Hq+IuMCb2QxojMLSPE1d/rX+XPOT1udkKK/E/J2osGvhDyorQ53PJf5P/ElISKjiI5OVnthZQzrsrZHdDlJMRN2ZdwF/d+3/Funi0Z3Uu2315GWBhAQdACAgrPrlY836zx1KjZJSQosVHx2uyLBQhYbYDQDUq8L5pldSXqG8ojJtKo9UVrE05O/3qNOeR9ktgNZhZsYUvTNrvNJi2ysppp0So9soKjzGTT4AaJhJYheXFSqnaIOyC9dpY/5anbjrxRraeZTdAvB/pifHD4s2uzO4BioSdAgotJ5BU6FFSeCoKC/TzPFXaeNfP6tnfLlSojjRAnbGpsIyLckPV1r/PTT00icVGkaXZAS2iopyvfH7I1qycbZ6pO2q1NjA7NoE+Ius/FVakjVLvdIG6/TdrlVoaJhdA8CXSNAhYNB6Bk2JFiWBY8bz12vDtE+1W/tIGwHQFH5fXai03Q7T8IsfsxEgME34/RHNXzddI7sd4dT4Ygg0jUr9tuwT9W8/XKftdq2NAfAlEnTwe7SeQXOgRYl/Mon5ua/eod3a8KcK8IXfMys1YOyd6rzPcTYCBBbTrfWD2S9qeJfDnBrJOaBpVer3lZ/rmEHnaliX/W0M8D9fzMnSpoIynTKyrY0EJjId8Ht/vHSzNs6arN3SKknOwWdSYsK1Wxsp68/Jmvn8dTaKlmS6tM965Tb1Sii3EQBNzfzw9eerd7nvNyDQmAkh3vnjGfVos6tTIzkHNL0Qt9v4pFnj3fcb4K+++muTBnSItbXAFXaXw14H/I5pPbP8839rt7aMe4Dm0SEhQouWLlNUSnsldu1vo2gJy76dqMplU9UpjpMuwFdiIkJVUFKusugkpfYeZqNAYPh56afaXLRRHRP72giApmZmcy0o2exe75bKd2P4n1kZeU7J19g929tI4KI5EvwWrWfQUnrRosQvmMlgzHiTAHwrNbJCa376wNaAwPHnmp+UGJ3uXDPDIFAoFF+VpNj2+mP1j851wP/8taZABw8I3JlbvZGgg98ys7WmRocqmW6taGamu2tKRIVWfP+OjaAlmJma46IYCxDwNTPpUu665bYGBI71OSuVGJVmawB8xbzPMnMzbA3wL2bcuUMHpdpaYCPzAb9F6xm0JFqUtLzivM2KCufPFOBrZkb04oJcWwMCR15JtiLDo1XJwsLi08W8z/Kd9xsA3+LMB36L1jNoSbQoaXlmkvFQhp8DfM68z5jUH4GosrJCIeZ0pm6PPAqF0oTFvM/M+w3wJ+UVlZqywDM+YmtBgg5+i9YzaEm0KAEAAAAA//T78lz9siTH1loHsh/wW7SeQUuiRQkAAP7PuxseCwuL7xbA33w5d5MO7N86JoeoQoIOAAAAQIDy6odHoVB8WAD/kbGpWOtySjSsa7yNtA4k6AAAAAAEJNPYnUKh+L4A/iQpJlwXj+6osFbW5Y4EHQAAAIAAZTIHFArF9wXwHwnRYRrQIc7WWg8SdAAAAAAAAPB7RaWtd0ZhEnQAAAAAApL3IPYsLCy+WwB/UFBSrmv/t0i5ReU20rqQoAMAAAAQmGr3wqNQKL4pgB/4+q9N6tMuxu3i2hqRoAMAAAAQkLxb+LCwsPhuAVpaaXmlPpudpeOHpdtI60OCDgCAZjdQ8VdPV+rd2ygXXmy3d0S0U+SRLyr5hh+q198+RcmXPKDoNnYbK/oczzYpZx1tI7WNVvz1Zh9TlXT8QBurbaDirprqbPODEve0IQDwE1n5pSovT1VxaYSNBJtyZS+erneuuVfn73OuThxqyqU6/7hH9OTr07Uyq3V2/2q0sgV61Twvu4/TNyttDEBAW5dTol27xKtbWrSNtD4k6AAA8Feh4fbKQMVd/IHi9xyu0PhYG3NExCu0/WGKvejfivY6Ry1eucK9DGl3kCLda7V0OljhCeZKmMK6HFf/l4GIwxWeGiZVrFDZ7zYGAC2ovKJSvy3N0T0fLdMVExZqY/at+njmbpr81yCt3JgqZ7XDu09eay15mv/svbrwxKf1xjdLlZXvhFxFylo2R5PHPa2rrvlRa+u9bUuWbP1yw4U6ceg4fbO6vvVNWIpLnGfDiFFUVD3rt6Ns/upZnTr0XN35fma964OnAC2rc0qULhjV0dZap5BKh70O+JV3x/bS/j2TbG0HdbpXyRceuY1MdLnKJo9UzjeeWkjigYo56WpFdmyr0EhzxluuyqINqlj4ivLeetOp1WRaqsR29zphrm3VC8p6brytBKMoxVw4RTGdQlUx93ptnjjZxv3fd0uydfxri21t25ZvLFJsZJjSE4L11/ym1SSfAQFptOKvG6fIRKnijwu0+Z0ZNvYPhWd9rcJvn1PJ0nWqjGiniD3/obiDdleo8yFXPvVIZX+41rOLpBuVdPUpCgtdpZLnxihvlSdcJXTMJCWP7O6pVMxT0X2nq6DUU91i338r5dChCtnwtjY/cb9a73xZMLb38w5obqbF3Nu/Z2rKgs02Ule3Npnq12Gl4qKKbaQ1KtfyV+/RtY9mSJHp2u+m83XGod3UJi5MKitSTsZq/fH1R3pz+m664+l91Nbeyj9k6uuzb9b4mb118Yc36aDONuzn1r77oC67e5H63/GA7j2+9Xat25Yfl7ytR0741NYA+AIt6ACFKaRqjMlOtynx6ocU3b2TTc4Zzvrodgrb5UYlnvd/CrHRKqFRW0nOwZGikKpGQKXZ9krrYppbP/F1hm59d4k25JXYKLAjohR5+k2KTHQ+lDa8q1w3OWdMVt5D+2vzv+9WsUnOmVDpOpV+f5GKMjwnoiEJ/d1LV/Z/VJZlrnRyPrui3JC3yHYdnH+zVVngXIT2UPgebriGqN693M+7ilXvkZwD0OJe+2XdVpNzxvIN6ZqT0a11t6TL+FEvmOSc8/l+xn/+oSuP76E2ceaUzlkXHqXE7j2037mX66mn91bb2rf1i1KlvnX+WqrUty6YCtByJvy2TtmFZbbWetGCDn7L561n+j+k5FMPVKhWqeTlMcpbbmKPKvmEvqqY+28VfvORSnOKFZI4QlEn3KvYnuY3yGUqfvgE5XvlmWIvnq5o51y3/Pvhyv7SBtEqbKtFycJ1BfplSY5+Wpy9Zarv247urv7tSdo2hWBsQRcy6FElnby/87nkfNY85XzWbLArGtRdcVdOUlRaufMZtK/zGVTdaiT8xA+VuGsnVa54XJte/I+NGico4ZbbFKHfVDS/k6LNNkvu1aZXJtn1hhmj7hFFJqxVyUtHej4ftZfir3takSHfKe+xNxRx/jhFtU90PvxyVPr5aOX+4hx/30sVd/DRikhNVYj7I0epKvPWq3zW3cr9bGqNr/cRp36mhIFSyauHKz/0eiWMOVbhSea949wme76KJ52vgqXerWDs/esb5T50j3Tkk4ob3s/zY0p5gSrWTFL+y4+otHZLQEUpbO+7FL/Xfgpz9+8o2ajyJaZV9Osq996+t/N34awDpXnXKPvnvZV46rEKi3H2X/izCh641HaXap1oQQd/Zv7OPvNtrabAW7Fb90Xq2ma9rbUuy1+9Xdc+ulaJ592kFy7tpUbPY1iWq8VffKQ3xk/V3Ixc55NWimnbQ0P+doROO2mYOtf4c7tR315wk54uPUtPvTBU+c7t/vPQFM3dVKaIlK7a9/L/0/8d31XxdmuPcm345XO9/PhXmj7P7D9aqXsdqItvPVrDOkVo0XPX6KZnc+223hL0t/8+or8Ndq6u/lF3HfWKyu64X//Ya43+c9kL+mRxkWJ6naJ/vH2wejp7XT/tF3307y/0y6y1nq69ccnqvccBOu36w7Rre+9nwz6GPwbpinev0pZecdPf1mnnfq7Dnn9BZ3ScrQ8feUvvfrNahfZ4L73jmOr9zP5Q55z5gXI8tRoSL7pF/76wh60Fhx+XvEMLOrSIv9bka/zk1Xr0lN4KC63dXKZ1oQUdglPEIYo/2jkJDnVOan+/3J58OuZdrc33H6Wc995xk3NGZc40Fb0yQWXuSVy8QkzDEwS1FVnFenPqOj0zeZU+n5O1JTlnlJXzmwd2kPlcOtJ8LhWr/JdrtpGci1Jou8MVe+FLikpzqjk/qHByzS5dZXMWuS3fQtru5Wztpf9+Cot2PtvW/6yCqm3S96s5Vl3VGHW581VS9flo9mK+E4V2VMyVz3iSc0ZYokLNtkOfVvLYcxXZvp1NzhkRConvpPC9n1HiGNul1gox/XIVrrDR7zu3O80m5wznNkmDFf1/7yveq1HglvsP66KYqz5Wwp6Dq1s6h8UqtPNYJVz5UK0x90yLxPeVdPhh1ck5IzJNYf2vVdIVD9bcPtyelKVcoKT/O8mTnDNiUvjCBLSgmSvz7LXGWZ2dIu/ZJ1vPskGLfzBDGSTo8P17Op9L3uu2spSt1VeX3KAbb/1Gf9jknFG4fql+feoZXXXqm/oz22t7Od+PzUZlK/TFlbe4tzPJOaN00wp9e/cDeujdtSrzukXu1Ld168Xv6lc3OWcUKevnT3Tfbb+4Y+Ft/duR3UtFhbNP527nfaN7jn3STc4ZhYs3Kt9Zv3LCfbrk/Ff1yc82OWfkb9aib951tn9F0+p7DCXFKqnwipeXu8eX9d3buuqEx/WGm5wzPMd7z9lv13guGla9TbAsQEv55M8sHblLaqtPzhl830QQck7YTr52SxeyvA+X2fhWtOmmEHOeVrFBFTvawGDkc0oxsy7e9oZia824GDZmkmfGxXNOsxHTUsTZ9rqHnFPVJEUc+aqSb/vVM2vjnT8o+YJrFFF1/lvFtPxw1iefPlohPW5R0s12+5ufVvU8N6YlyQNKutZrFsjbvlTS6WcorPb+nG0jDn9RyTf9bLf9VSnXvqrYvjVbNIX0uEaJV3+jlLuq9vepEo/ct0ZXYNNSxswWmfy3vWykWkjf653bf6mUO+3t7/rZuZ8Jij9gZJ3uxDrwNXebpEOqbjfZc5uqY+tRtytfUzJTe0+anql7P1qmD//YqMzcqq+41cIC9FPVPDbzeGqX+WsL3F+tzPh69THbmOekdnnx+zV6fspq53mqP8tk9nffx8vdctM7i3X1mwtrlKe3o6VE6+B8Lp1yvSISnK/8695S3mf1fy7FXGhmVTWv+Z+VfOn9im4XqvJFzyn38atVUvvlOO9r07BMiu6pCK9EV2ifbu4f/4qMic4275tGFc65Xm9FdnJXu0KHD3S3qcz8XnU6bcf1UVhiscqnX6FNdwzXpscvV77piRvmfKYWrVHZ9PuU+9BeynLWZT1wnPIXmFYsYQrrfZ6qertXc75sde3ofBZ/p4KXj/Ds78UnVJpT7hxEW0UecmPdLyrO/YcnOyde856w93OAcr78Tc55nZS4v2KOau/Zzhj6iOL6t3WOa5FKPjzb3X/WHXtp88v2PpIOqrm9Fdquv0LLlqj4tQPc/Wf/95+qmf4E0Jx+WrR9Q2Ss2ZRm8ietsGzQ8qnOpQapp/nNo95tapdyLX/9WT07tUwRnffXlRP/pTemP6+3pj+tVyZdqWP6O5/Ma7/S/Y/NVqH37YzZk/XBT85H6fU36flfnNv89rAevKqf8920TLMf/EHzt2yfo1kTvtJGddKJz9v9//aEnnjqCPVNClGos03vCx527vM+XTTU7Li3LvrAHIMpD+vkQVX7MeukRf/7SrNT9tX1Hz7tOc6PDlV3Z1258wep3X7H6fqJD+rV3zy3f2Py7Tp/pPMYSn7RN7/kVO/H7svlHbPxn17/XFlt99f17z2hiWY/H16sA9s5K5zn4p3JGz3bDRqjl5x1T93e271N/9vvs8f8vF66oEfd/bb2ArQAc66xJLNQBw1ItZHWjQQdgk7IoH8p1pywlS5U0Rv315n0oYYIM/bc9Uo8d4xzelmuigUvq7BuTqZxpt6polXO2XJkf0WdeHH1m6/NLYrfzfmW5RxP8QcTbHAHWopss+XH9rUkCTvkZcXvPVyhsVVJL9uq5di7qrdrc7kSzxir8JRkhVQ9oMh2Ct/zDuek2NYdnpYyzvGF10yghR3yhqflTEpa9TiAoVHO/fRT5AHPKOn0Q2om6aqyX71fU/Lp5na2BU/VsZ3xcp3kZ1Mws8Z9Nnujrpq40E0+FZQ0/Koxia6GmJZ23skvUxoaS8HEzVg7pnw8a0OdBFhD4/B4J75MueuDpY1KfC1aX1Bju6piZsoz+zFj/9THjLlX+9hMmTx/k3uMszK2TC1Xg3kOTeLPlIxNxXWel80FrX+MCW8huz2uuL7Oi7dknorffGTrn0vewpMU1vscxZ1dT9JeH6lkrcm+tVH4oIGekPM5EN25i3O5SuV/mpTTZJVmmm06KWx4daLKM0ZdscoXeXd7reLEfxqr7Pd+8Hxn3/ijykwe9veLtKlWC2QVrlDxax97Hk9kQr1fOiqXP6bNT1ytIju2XuWKV5T71W+ec4G0XcynYS25KvviGGW/8Yq9n2yVfX+RCpeYE/gwhXU+3t3KiB4x3PkMcbb/+kzlTf3Dnl8Uq2Kpcx+f/qQKs33Xk91oDebvw7MnKX+B2We2yhf+0fj/EwB+wbvlT2taPOIUFecd3cpStlDfPmP+9vfSOc+crn36JincXROu2O4DNfaxszTMWVv63m+ak7/lVs5ihGvQ7bfoxtN6KDnSiYXHq+fpx2lMirOqZJFWZ1RvXXVkUfGxnv073/na732c7n10b+evUPVWnu2867UXR8po3TbxTI3sZPbkHGfHJOcRV6rrWXfoyceP0Mi+KYoO92wdnthZh5y3v7vXrJwCN1a9GN51z+Jqd5Bu+e/pGtk1yvnb5Oyn01D97XLTz1aavSBzy7ZVi+FdD8YFaAlm8r1xJ/dSRFjrbz1n1PddGWi93C5k+zkvfOcEc+qNKqi3cc/FSqxqDXb7p0o6+TSFhyxX6beXOCeEXzb45ylsP3sb7+K2gKuyVoUTX1dZiXMy3ukMxe9rTju7K/aUMQozXdrqO57taSliNdjyY7takgxUzOD+zomtc+I7xW57zxHK+2W2KsrKtzwH4fsfqrBI5wvLypeU84Dd38QJKstz7nFb+RWTmNzH3EepKpa9pDzb4mbTQxeoYN5K5z7CFNrf2cb9pbWmsA4DFeJ8MSyeaFvcvPae+6uqSX5GHly3ld7OMEmmG95e7CaoGjMwae3EkklAjX1xrlsufm1+nQTYU9/UnzBbvbnYbYFmyoTf1tdJgH2/sP7WBN6JL1MWrS9sVOIrIizU/QNYu/RrH6sBHeLULa26Haa3NvGROmF4ep1y7n4d3GnQx+xq+l/WZfZ361HddNcxPfToKX22lKfP6KvXzhvorgsaESco/pDdnfdCgcp/vaWBzyWPwudGuu8Tz3vlFOVN+dl57Ue4Sfv4c7wS/1bxosXu+zW003F23akKbxMm5TqfA/alV7VNWOeTbUL8BEW0dT6fSv9SyQ9uoJZclS9roOVxzL6KPesdJd/s1Ur37rNNet75PEt3TrPqqixcVfdzdebXZjJC58DbKqxGN1ejWBVZdV//xXPme/aT2Nf+iLCX8/lpPmcTFH5UVUtgr3KK+VvgiO9Z88cOo2i1J+kIoMUFw6Dg28/5btjYp2VtphaZ70gj99WQ+mZNbTtA+x9grizV6tVuxEs37TuyneczvEp4G3Wt890sUUNOPUhpWqU3/v4P/fOlGVq+rmjHf9jo1kXtGhiCtnTVHH1y5+O66vAr9bfhF3rKhV+76xYt2/okIjUctKsG1bqP1K49nEcCwN/ERtb4FGrVSNAhiEQp6oxbPF3I1rzRYBeyesX2VMSo+5VweD3dLrdH9njlT1vonETGKnzfxxVzyL2KauecQG74sIHjaXxLkS0aaPmxwy1Jcpd5ti1dp5JPztLmR6/bMnbJFuUbVO4O4OHsb+445fxrjPIWuWsaFHnoaLdBXOWa15Tz76dV4j3m3xt/U9FKU09S+NAT3HgNJfNU9PzflD/XtrhZcLfy55sxWZwPtZQR7mVTmNv9NL30wxp3ltamYP641E6AJcfWl7JwHnlMuEb1TXbL4YPT6iTA9utT/zfXqsRXVamdALvsQK9+jF56t42psV1Vuf3o7u5+xu5p+n3UZR5D7WMz5YB+Ke6xD+lccwjpKua5MIk/c7/ez4d53MElStH/d40iYs174U3lfdn4z6XKnIUq+epS5bz7vWccuU6HKKb2y+LXGZ6EfupgRZtfCwYNV6hzWaPratU2bYZ5WqvZMeq0YYYnud9YbS5X0rVPKLp3D4XGeLXS3SFZqtze1sr5hfZzrYrzaBrzgV2a7T5/APxHVn71B0BoSIg6p7ifTo2WEpfjfB60xiVOKe5wnn9p2VLv+FaWNas139ykT2qtlmxVS4IS3fGV12nj5upoteqYZ6na3qiOxo08QQ+8Nlaju+Tq96ef1fVHXKlz/u9dzVhV4rXV1vbrWba2Lnfq/3TFmCf0yodztXp9fUNveG/d0H1V8Y7ZJTlJnofmFXOXKt6x4FuA5mYaSpieTMGEBB2ChulCFmtmhDRdyN56ciu/6o1Xzl2eFipui7Cnb1HhopWqDEtT+N6PKuHAuq3WDDOLa1XLli3lobrJrPLPblTxOue0N3Z3xew3UCEVy1TcYFfbxrYU8VJvy4/tbUkyV4Wz5zn3kaTwIz5Q8jl3KKpHuzrnumXffeG2XAvpfp2Sr3nR+XI2wj35b4zwJNMXtVzl85+s5+S4WIV//eU+xpDE/nU/qDb+XKeVUdkaMwRx0xq4bIJuPLyrDh2UqtS4Rj6wWkwSyrQIM+X5s/rVSYBdekD9CbOOzv+XaYFmikmO1U6AmeRXfaoSX1WFBJh/C9l3vGK6xjqfS3NV9MbWPpcaVjnnXc84cvVNYlP6vErXOXsN7aHwPZz3XX8zqHi5KlZ9bDdwlL6lsiznMqKXInZzthnU233PlWe8tV3vqejjTve0qM36TgX/Pc620jXl5R14XKmecT9NirC+Sf/qExfj+Ywqy6/1mbJBJW94fS7XLo/dtc0GvwCahxkm4s2p63XTO0u2JOkSosOcv4P1f/dqSM+2dZqCtRLt1XNv83d8naZMW+MJbUvbdnJHUFu4UZluoLYcZbu76q6Obd3ADgpT0sB9dfFbD+uVT2/Ttef0kP78TA+c+JJ+apIJdZfps5u+1kalaK/bb9RTk5/Um9Of9ZTnDrLbAGgtpi3L1fszg687Awk6BIeI/1PCEY3rQlZTsSrWfabCV/+m/AXmRrEKH3zOTr5xlqlwxtzqE9/MH1S4vZ89dVqKbMv2tyQp//Js5Xz2ncqLoxXa/TjFnf2pUm6oNUnEhieV89LDKsnMV0jycEWNeV7Jt3xZZ5KIukYr1G1YtUkVDX2H3pDteYxR9XeLq6Nq+yY2sGOcztqrva48uLPG7NpGHZLqpERrYBZXNFrSxUoYPdT9XCr76ToV1t9redvajFKYmUVVeaqsc75WrKKMlc5llDtWXVQnkxBeqbLfvNvGrVXxKtPfNUFh/U6w2yxT2RRPq9TGqfoRIEtlX16tooUrqt+PdQfHqyEkum7yP2S3QxVuWvGVZqqsTi/wKIUm1W5NE6WoXfq5+6nMXWgTbpNVbrrvOydzYX1qziALwP+YSYnMpEFmXNL7ju9Z44exwZ3itHuPxnU+TIvPVvvk9aqsrGiFJUT9DjnY7Ya54vEJ+npZaT3b1CpptlXY1N81b10969fN1XffOusje6pDR+915kbOZ6r3tlXFs6r+dc4xRrftqJGXXqObz3W+7JXM1E8zNtt1zue7+6WuXGVltW9nypY7rRV3ivN3au4mZ92gw/W347qpTULYlnVl7nStRu3b2ah3rProa8bdUv+6kFBP97pyM8yLVzzYCtCc3p2RqdN2bxcUM7d6I0GHIGC6kJ2vcNOyY9Xryt2OLmTVilUybY4nedXYhFFDIg5R3N5D3JPyStPHrN0Jdjy67dBgS5Ft2Z6WJGYg+KuV/cAobX75PhVnbJTiByv69NcU7zU8WOWa15X35Gh37Lj86bOd40lT+J6PKulEM+RwQ35WhZld0jlxDu3oBupqk+R5jAUr63apbQG90mN0ysi2uuqQLjppt3R1b2BMtrIga4aNHdVeMaee4flcWvGCcr/ZRjLswNeUcsM7SjjuREU4J1seSV6T2Dgyf603yVcxfa77ORGS/jdFmAmwNs1Vca3tyuYscrcJ7XB2g9ts3c8qzzXJsFSFj7pe4TEmlqTwkXco8ZrTao5fVIvbAvfSBxTV1TyuKIUOdG7j/qDiPDfLJ6luJ6YEhR/xhZJOPtFzPxHtFHnc654W0mYYgGn/cbcyiv4yP4aEKWy3l5R45OEKc4/LEdNVkfs9oMQbflbigTYGoEWZlnLm7+y1h3ZxW3zXZlqcbytJZ5Jzu/f6U6EhrfdvcdiQUTp7tPNNtGSBnh/7iCZ+m6GNBVXtlEuVvzpDU//9vK479mO5o43E9dE+x5lvrnP03FXv6o9lBfZ7Vak2LZiql85/TTOdWtdL9pKZ0HXHLNDrx47Xez+tVb4dP6E0Z42W/+H5BE9JinMvnf8hpfc1l8v0w89r3OMozVyr9Tkmtg0d09XT/EY65zN9+VO25zGUZGv5t+/q1qummJrPpHf0DN636JO5yjCPz7nf1avqnwQLwM77bannQ2FEd/cX6KBCgg6tXuiBL1V3IZs4fjsTWtXC+vfwvGGKM3eiO1SUIk++VpGJYapc8ohyfjInj57x6KLqbWTS2JYi27IzLUnMOHXvKP/5o1VoxoUL7aTwEVUzQlYzY8cVv3eWsr/90z0hDu3qnDzbdXUVqzzf9FtzTpx7netJxNUQpZgBA9x4xabpzv78R6fkKB03LN1N1JkuN/07VH3p9KABHRrnZEV28ozTFtL1SqXU7nZeVe56TW5OqcA5yYnvoYjhtyrhym/t+m89k9jEhTmfb/NUNOGf9X++rfrK0wU2oa3MhMqVznuqzufGvO9Vbs6jkjq521Ssc27jWdNoRXPMe995PB1OU+LNnuNLHHOcc3xOcCsfvJVFBQppd5jizjOP62cln3qc21XWHY7gk488G9VQrMqSaIXtcqvnfm7/VPHDe3o+E9dMUoE507Qqp9yp4lXOgw9NUfie9yvJPS6n3Pye4g85TOHxO/VzC4AmUDW+kBnaYWsJONOKwiTpTAJvWNeEGq0q0uI3a7cec7RHn5kKCytzPota85KkPe+8Sif1cz6/Cpbqvevu16X7Xa5Td7vEKVfq3DH36+GnZ8ozibrZPkq7Xnmpjmgnlc7/Ug+ceJ3OtNtefNrL+jKjTBEjztBVp3V0vudW3UcVc60q5r3UXVeW8acmXn63zt3L7PsSnXnA/XppmvOXpN1RGrVb9Z7bDxzk3nr+uHvc4zjz8Lv16YKqtdWqItVLd+1xtpk+dpM+ufxmz2PY62bdeN2XWuZ84/R8jfbevkrdx+DhHalaqnjHnKVrV7nzYvzxP11nHp9zv9dMzPDeIigWoLmYVtMNDQPU2pGgQ+uWdLHi9x7onLgVqGzyudvsQhZzoXNyePnTihu5T82WFke+psShXZ1KucoX/3uHk3zqf59i+7Z1TjxnqvD1SSr/5rYt49HFnnFCPYmqxrcU2Zbta0lyuRJv+bjGdiFpxyg8yXMyW5m/2L2MvfA7JZ9zvSKrWvSYfXW13dVKsrY67lTxzNnun/qQLmcr8fS/KyLRk4gMcQ4i5px3FdPFqVcsU+kXk924v2kTH6HDB6fq5iO6un9AqmY5LSzZ2qMGqmzwtKBtrF8uVfbEl1Sydp1zu6o2peWqLFqn8nkvKffh07fSdX+ySlbaAYAqclU2b5Lneg2TVLrGDvZWsUnlc+t73zmfVeZNW+GccNWTvav84WJPt/gC2322oliV2bNV9NotKslz6qVF9X52Vi67V9nf/qyKQvu4ygtUsfZzFTzb0GPKVen7/6fCRatUWfV2K3Gehz//qZzxtcfxW6aC545R7i/TVZGXpy09dMx9bJqtki/PU+43NmaU2VubY/dcA+BDZob07RljyCTlTHLOJOn+c84AtU29VkcPn6y9+s5Uh5TMVt1yrobEHjrx1Xs17qFjNHJQGyVWjb4RGa923QZo1HUX6MEJh6iXDZsxi896727ddOmu6tW2qgdAuBI7D9Bh996op57eWx1q/F4RYscBDVdIPWeLoeFmY+91vXTcf/+uw/asPpaIlDYacvYFemjikerlte/UQ07TLWcPUKr7G5VzDP1Ga4j5im04/79m04jY8HpOUsPU65wbdd/te6p7imeHnvu4VI9PPFWmYV5iQtUTYdjHEBmlCO+dhYa5ybyI8PoemL3/2uvaDtd5zxymIfa5i0jp4jzWnRqwD8BWmDG1zY82wSiksrqzPeBX3h3bS/u7iaidcMgbSt2vv61sxaoXlPXceEWf84Niu3tatdSncs3LdU4AYy+erujaA7N7y3xTm580LVtGK/66cYpMLFP598cr+0vbpa3NLUq67CTnS+cGlb45RrlzzMmts+31jygywTlJLApViDv9Yk11jqX/o0o+fX+F5n6nvHFXV8/QuEV3xV74H0V3aqipcLnKJo9UjnuyermS7j7b+SpUj5KZKvjnOSpyzqUbfuwFKvviIOX84DlRjzz9C8X3b6OKeddo8xtVJ/5RTvx9J97QF5wC53ka6zxPXl2Sq/4/ncee5Tz2Gqoef33rdtB3S7J1/GueZGRjzMrIU0lZZVA2x/aFJvkMgN+q/3Nha6o+F01X/UOVN8+G0SS29/MO2FkmObd0Q6GuP6yromtkUBrvmklHaGT3o20NgC9NXfaRHjnhU1sDmp6ZKMhMENRuy68OwWfH/hoCgSK3YLtaQRT990TlTflO5dk51S0z3FYg81Uy5QptrtM6w6x2B1NrWIgnzRV27BVu11Zlvqe8quScseF+5f9pRkFvo4iDrq+VFNuOliLbbPmxPS1JnlfeZ587z4PXdqV5qshwjv1ZT3LOKHzvYU+LnlKv+86ereK3x25JzhmVFWYnzjZl1THTGqfkjWOVXft+3OOZrqLXjqqZnDPK7UamBU9tWx5/PeuayZDO8STnAADYhh8XZWvGily3JdyOJueqmW89FArF9wXwra//ytKE39bZWnCiBR38VnC3nqGliD+gRUnLogVd60YLOv/C5x2ak2khUVRasdNdmEwLuhHdj7Q1AL40bdkntKCDz5jWc1dNXKgbDu+6ZeigYEQLOgAA0Ozqb1m7Nc525ifFBsbAAxA4UuMimm58Ie8GPhQKxXcF8CHTes5MDhHMyTmDBB0AAGh2pRMPV9YdI7X5fz/byLb8rLyHhivrriOVt8iGAASUL+ZkKbfIDknRRLxnmWRhYfHdAvhSUky4ThiebmvBiwQd4JdoKQIAAFqPResL3Rlbd37Mudq8m/hQKBTfFcB39uqVFNSTQ1QhQQf4JVqKAACA1sMM/H3KyLaKCAuxkaZRXxqBQqE0fQF8wYxHimok6AAAAAD4zKyMPPckbJ/evpj4p75UAoVCafoCNL1Xf17rDn8ADxJ0AAAAAHxmUMc4XXtoF4WFNm3rOcN7jCwWFhbfLUBTW5dTohkrcrVvH1/8eBOYSNABAAAA8BmTmDMzt/qCdwKBhYXFdwvQ1My4pIcMTFVsZJiNgAQdAAAAAJ/IzC1VeYUPT+6ret9RKBTfFsAHDh+caq/BIEEHAPBLISEh8uU5HQAP8z4z7zfAFx77aqU7g6svhISEqrLSDDDunUWgUChNXcz7LITUAZrYBaM60nquFt5lAAC/FBWfrJJyZnYCfM28z6JiE2wNaDpmfKHconL1ax9rI00rLjJRpeXF9aQTKBRKUxbzPouLSnSuAfAlEnTwW7SeQUuiRUnLS+jQQ3lFZbYGwFfM+yyhXTdbA5rO7FV5GtHdd8nf9MQuyi/Ndq55pxIoFEpTF/M+a5PQ0bkO7DzTsnr15mJbgzcSdPBbtJ5BS6JFScvrsMdR2lQeaWsAfCWrJFQd9j7G1oCmExoaou5p0bbW9HbtsI8KS7JVPYw9CwuLL5aCok3O+20/+84Ddty0ZbnamF+mdol8x68PCTr4LVrPoCXRoqTldd33eGUVVWpTIZ8DgK+Y99em0lB13e9EGwGazgH9UjSqb7KtNb2R3Q5y/l5vVm7hBq9UAgsLS1Mu5v2VV5yt3bsfbN95wI4pKq3Q67+u1f/t1d6d3Rt1kaCD36L1DFoSLUpaXkRckob8/W4tyQ+3EQBNbUluqHY54zb3/QYEmpiIeJ045BJtyMtwaqYrHoCmVanM3JU6fsiF7vsN2BnLNxZpWNcE9W4bYyOojQQd/BatZ9BSaFHiPzrtNUZpQw7Q76t9MwMgEMx+X1WgtMH7qvOok2wEaFqmK5OvDeuyv/qlD9OiNb9LZkbXykoKhdIkpUIL10xT3/ShGtH1IPuOA3acmTDorL3a2xrqE3aXw14H/EpYZLRi23TS/GlT1NE3k38B9ZqzSRp8xm1K6TPcRtCS2g07SNnL5mjJilWKCS1XTAS/LQE7w/wIMdf5nEsdsIeGXfa0QkJ5T8E37vpgmQ4akKKIMN++xga130MZ2Yu0bMNshYVFKDKc1hnAzsgrytLqTQvVO30XjR1xg0JC+DsBNIeQSoe9Dvil6c9eq6zfP9HwDnzZgu/9npGntOGHavhlT9kI/MWqXz7WrFduV0p4mVIjKxQXFa6o8FAxhAWwdWZWajPxjRlb03TfNy2Eh/z9HreFKuBLd32w1G0t0TO9eb7DzcyYorf/eFqxkQmKiUpSTESCIsKimJXdzxSWxComssDW4A9MSqCsvEQFpTkqLM5WQUmuTtr1Ug3tPMpuAew405p6cWahThnZ1kbQEBJ08HsV5WWa8eSl2jj/N/WKL1dKDONRoeltKijTkvxQpfbZTcOufE6hYbzO/FFpfrZWfP+O1vz0gXLXLVdxQa77pRL+Y0GX49V35bu2Bn9gkhNmVmoz8Y0ZW9N032fMOTSHl39co7YJETpqSBsb8b3C0jz9tuwrzVw9RRtyV7uJhkpV2LVoaeuzHnYv26Ze617CP4Qo1E1st0noqKEdR7kTQjDmHJpCaXmlbnh7kc7dt6MGd4qzUTSEBB0CBq1n0JRoUQL4xtVvLtRDJ/dmdi4A7oDgi9YX6KABqTaCYDf2xbnu5WvnDXQvAbRub/+eqYxNRbrq4C42gq0hQYeAQuuZxkttW6yo6HJtyoxSUWGYjaIKLUoA3zAJuluO7K70hAgbAQDAw5Ogq9Rr5w3yBAC0WuUVlXr4i5X6v73bq11ipI1ia0jQAa1F6QYp6zNp0+eeS1Mf/IE05wSp7alS52ul+KF2YwDwDRJ0AOpjujlFhNGyNpiZk/W/v/yXO0EoLegAoC6mYwECVXmetOlLafnd0qwjpN/6SPPOlNa95knOpZ8kJe4lRbbzxKbvLs092bn+X+e2OXYnANC0DhuUqrgovl4AqDZ/bYE7YURRKWPBBTMz9AFNQwCgYXyDBgJJwTxp3SvSggulGXtLsw6Vlt0pbfpMKttsN7JSnHURbapbzVWWSplvS/POkmYfK2U8JhUu8awDgCZy+OA0xUbSrR5AtX7tYzWgQ5zGfb6CJF2QKigpt9cAtHbm/X7PR8vcltPYPiTogECw5kVp5n7StF2keWc79eel/D/tynqEJ0vtzvRcj9vVc+lt82Rp8dXSnOOkpbdJuVPtCgAAgKY3ds926tEmRk98nWEjCBbvzcjUo1/y/w4Eizenrle3tGiGNdgBJOiAQBDdVSovkirLbGAb2p3lvLujPdfj60nQVTFJvhX3eVrULbxYyvrUrgCAHfPb0hytyymxNQCoZpJ0ZrBwBAcz5tyL36/Rn6vydcVBnW0UQGv215p8zViRp5N2S7cRbA8miQACxYb3pKW3SgWe6em3avBHUtpRnuum6+uPKZ7rjZF2tDToXefTIdwGAKDxXvtlnTqlROqAftvxuQMgKJmE/u49Em0Nrc238zfpz4x8XTy6Ey1pgCDx8awN6pgcpWFdE2wE24MWdECgaHOc1O1WKbq7DTQg+UAp9TBbcZjurol72so2JI+WOlxIcg7ADkuKCdPGvEa29gUQtMwYRR/O2qh/fbaCVret1Kg+yW7LOZJzQPA4akgbknM7gQQdEEjani71HLf1BFrqEXXX1zcOXW1tT3P2/ZCnBR0A7KCkmHBl5nKyDWDrzGQyd43prt5tY3T7e0vd1nQIbCbRahKuSzIL3bqZtRVAcDBd2rHzSNABgSZusKdVXH1MYq7dWFvxkjDCXmlAh/Ok/q862+1mAwCwY8xMjYM6xtkaADTMJHBOGJ6uB0/s6SbqEJhMa0gzvMFdHyx1/gbEuoPDAwgeJjl31wfLtiTnseNI0AGBJPsHadYhnlZ0vR61QS+m9VtkPYMvb62La9tTpb4v0K0VQJNIT4jQqL4N/IgAAPVIjYtwi2GSPaZF3ZQFm2mRESCWbyxyLx/+W2+N2bUNLeeAIPP+zA2KjghVz3R+aNlZJOiAQLHpK2nuyZ7EXPu/S52vkrpcZ1da7f7PXqmlvlZ3pt5nvJT1mSfxBwAA0MJM18wAwC8AAEUhSURBVNfT92ir7xdm64a3F9P11Q+Zrqyv/rxWpeWeBKppOW1m6DX/dwCCy+rNxfpybpYuGNXRRrAzmMUVCASZb0sLzpcGfygl7WuD1sKLnU/GZz0t5/Zc2XBLuNljpI0fea7H9vfsK6a3J2b2MfT7bU9AAQCNYGbwOqB/CidrAHbKX2vytbmgTHv1SnLrJiHEhAMtZ1ZGnnMivkmL1hdodL8Ujdk1bbs/58e+ONe9fO28ge4lgMBmPqez8su0T2/P5zR2Di3oAH+X8Zi0+Gpp12/rJueM3k9K6Sd5xp7bWjfVhD08l6mHS8OnepJzhukW2/FSac7xUnmeJwYAO2H6ijytzWaiCAA7x7TMqkrOGc9PWa37Pl6uHxdlb2m9Bd/y7mZsWsqM7J6gJ07rq1NGtuVHGADu5zTJuaZDCzrAny2/V1r3H09rN9PqrSGVZVLphvrHn6uyebK06XOp+z31J/LmnelJ0A161wYAYMeYwcI7JEXooAGpNgIAO88ki35fnut2f52/tkD3Hd/THfcSTSsrv9QdA3DqslwN6RzvJuOaCi3ogNYhu7DMnbkfTYsWdIC/Mq3m1r/u6Xq6teScYRJuW0vOGcmjpR4PNNzKzkwUUbJWWna7DQDAjumUEqlVm2lBB6BpmckHdu+RqGsP7aJxJ/fakpwzrelM67qfF2e7k0xgxy1aX6hb312iDXllOm33djppt3S7BgA8ikor3NbMs1fl2wiaCi3oAH9jWsP9dZonWbbLp8630Xi7ohmY+/x9mGciCjO7KwDsgMzcUmVsKtKwrgk2AgC+Y04Wf16SralLc7VgXYF265agi0d3smtRH9NK7o+MPM1dXeB2XTWtEY2qLq2+momVFnRA4Hv5xzXOZ4V03n4dbARNhQQd4E9MF1MzU2totNT/v82bnKuSO80zoYTpVpswwgYBAAD8n0nWmYRTz/QYt24GMP/wj43q3TZmSwm2sdPMc2Jaxg3uFOfWTRLuigkL1a99rAZ1jNWQzgnN1lWYBB0Q2KYty9WE39a5Sf3oCDpkNjUSdIC/MGPImYkaojp7knNbm/DB19ZPlJZc75lMYltdZwEAAPxUVXLKzDy6OLNI7RIjNXbPdu4609q3uKxCnVOi3Hpr8+bU9e7Mq+tyStQtLVpXHdxFCdEtm5wkQQcENtP6tqCk9X5utjQSdIA/MF1L/zjAM8Oq6V7qD8xYdJu+8swea1r0AcB2+PqvLKUnRLoDjAOAPzJj1v1v2nrlF1e4Cawjd0nd0jW/aiw7f29tN2NFrpZvLHLHjDNDC5y9Twf3sRgmOWcGcTcn0r7qsrq9SNABQMNI0AEtrWCe8w3qEKnjpVLXm2zQT5gWfaabrWnRBwDb4bPZG90TxqqWKgDgr0xLOtPKzHTzNC3sjA//2KBP/tzojrNk4mYm06ofHEwX2oiw6q5dplVaU3T1Mq39cos8iUHvfZofPOatLXSOs8Q9VpOEG9Hdk0j8eNYGFZdVKiUuXO2dY+/dNtY5Nv9IxgFoPUzX1j7tYpi51cdI0AEtyYz3ZpJgXW+VOl5kg37EjIk3Yy+p7Rn+lzwE4NdMi47xk1fpwRN72QgABB7Tkm5tdonS4iO2nJi+NyNT3y3Y7F43zGynZnZZw4zN9NvSHPd6m/hIjdk1bUtiz9xuzuoC9/qGvJIat6uahTY51nMf3utMKznTpayNcwwmWZga1zzjxQGAYb7TPfjpcnfcOT5/fIsEHdBSsn/wTMbQ9wUp/SQb9ENFy6SZ+0l9xktpR9sgAGzbpa8v0P0n9OTXVgBBI7uwTCVlntMrk4TrmBy15TPQtLwz6w2TvGuqlncA4CumZe8d7y/V0UPSNKpvso3CV0jQAS0h821pwfmemVKT9rVBP1aVTBz2sxTb3wYBYOvMwOxmLCS6WwEAAAQe041+1eYSXTCqo43Al0jQAc1t9bPSivukgW9JiXvaYABY86K08p+eJF1EGxsEAAAAALRG5RWedJG/TDTT2pGgA5rTigel1U9LQ74MzJZoi6+W8mZ6jj+ELmsAAAAAADQFBj0AmotJbq37jzR8auB2E+05zpOYW3S5DQDA1j321Up3cGEAAC54db7GvjjXnXwDgH8ys0nf89Ey3qctgAQd4GuVZdK8Mz0ztg79Xopsb1cEIJOcM11zN0/2dNUFgG0wA6HPysizNQAAAPgr06XVzMLft12sYiPDbBTNhQQd4Evlzknp3JOl0g3SLp+2jrHbwpOlQe9Ky273JOoAYCuGdonXL0tybA0AAAD+6v2ZG1RaXqmTdku3ETQnEnSAr5jk3J9HeFqdmdlaw+LtilbAdNHt/1/pr9OkwkU2CAB1DegQq80FZcrKL7URAAAA+CMz8/5lB3ZiUogWQoIO8IWStdL0kVLCCE+X0NY4oULq4VKXG6XZYzzJSACoh/mC99ipfZQaF2EjAAAA8Edjdm2jpBgmA2wpJOiAplYwT5q5n9T2VKnXozbYSnW+Skrc09OSzoy1BwD1ML/GAgAAwP+YLq2L1hfaGloSCTqgKeXPlmYdInW8VOp2pw22cn1fkMo2e8akA4AGmC6uzAYGAADgX178frW+mbfJ1tCSSNABTSX7B0/LOdNqzrQsCxZVM7uunyitfcUGAaCmSdM3aMqCzbYGAACAlvbejEytyynRWXu1txG0pJBKh70OYEdlvi0tutwzcULKwTYYZPJmeloPmgkxTLdXAPAye1W+3v59ve46poeNAAAAoKWYxNy/PluhO8Z0Z9w5P0ELOmBnmVZji6/2tCIL1uScET/U0911zvFScYYNAoCHmc01K79MSzIZ4wQAAKCltUuM1IMn9iI550dI0AE7I+MxaenN0pAvpaR9bTCItTnOM/6eSdIxsysAL2Y211NGtnUHIgYAAEDLKK+o/i7GRF7+hS6uwI4yreayPvMk56I62yBcZlZXY8AEzyUAAAAAoEUVlVbowU+X6+x9OqhbWrSNwl/Qgg7YXpVl0vyzpZxfpF2/JTlXH9PVtXCRtPwfNgAAAAAAaEkv/bBGnVOiSc75KRJ0wPaoKPK0Dita5mk5F8lsN/UKi5cGvSutflba8J4NAoCUXVimJ75mnEoAAIDmNGl6pjYXlOnsfTiH9Vck6IDGMmOqmVlKDZOcM0koNMy0LDRJugXne2Z4BQCHGYh49eZizcpgnEoACDYXvDpfY1+cq4KSchsB0FzMhF1XHNTZHRcY/okEHdAYJWulmft5Zio146qFMNNNoyTuKfV61DNphHkOAcBxYP8UfTl3k60BAADA1wZ0iFNCdJitwR+RoAO2xYyl9scBUtrRUu8nSc5tr3ZjpbanSnNP9ozfByDo7dsnSYvWFygrv9RGAAAA0NRMr4UP/9hga/B3JOiArSmY52k51+FCqfs9NojtZp678GRPd1cAQS82MkyPntJHqXERNgIAAICmZJJzD366ggkhAggJOqAh2T9IM/bydNHsfJUNYoeYVoema7CZ+TbjMRsEEMyiI/gKAgAA4AtmUq6Hv1ipU0a21ZDOjJ0eKPh2DNRn40eeLpn9/+vpnomdZybVGPyhtPKfUtZnNgggmJlBwpksAgAAoGll5pbqsEGp2qd3ko0gEJCgA2pbP1Gaf7Y08C3PuHNoOjG9PS3p5p3p6T4MIKiVllfqqW9Wub/yAgAAoGn0bhujQwel2hoCBQk6wJvpfrn4amno91LSvjaIJpU82jMmnZnZtWyzDQIIRkkx4RrVN1kf/rHRRgAAALAjyisq9dnsje4lAlNIpcNeB4Lb0pulDe9Ju3wqRXe3QfjMwos9M+Sa55uZcYGgZVrPXf/WYo07uZebsAMAAMD2e/H7Ne4M+dce2kVhoSE2ikBCCzqgssyTLDLjou36Lcm55tL7Sc9zv+R6GwAQjExS7oJRHRUVzlcSAACAHfHaL+u0JrtYVxzUmeRcAOPbMIKbSRD9dZqUP9vTrTWyvV0BnzOt5sw4f2ZCjjUv2iCAYDSiewKzugIAAOwA0xvBtJy7/rCufJ8KcHRxRfAqz5P+PMKTlDOztYZG2xVoVmayiBl7eWZ4Zdw/IKiZL5epcRG2BgAAAAQP0qsITiVrpVmHSLH9PbOKkpxrOeb/wCRITUvGomU2CCDYmAGNH/x0hf5ak28jAAAAaMiUBZuZEKKVIUGH4FOcIf1xgKe1Vt8XmKDAH6QdLXW8VJo9xtOyEUDQMeOlHD0kTW9OXW8jAAAAqI8Zc+67BZtVWk6CrjUhQYfgYrpTTh8pdbhQ6jnOBuEXut4kxQ+V5p1pAwCCzai+ye4XzWnLcm0EANCaXPDqfI19ca4KSsptBMD2Msm5pRsKGXOuFeJ/E8Ej+wdPy7keD0idr7JB+BXTotF0P152uw0ACDZj92ynuCi+ngAAANRmktumkJxrnfgfRXDI+kyae7LU+0mp/d9tEH7HjAU46F1p7SvS+ok2CCCYDOgQ5xYAAADUFBsZpgtGdSQ510rxv4rWL/NtzwQEA9+S0k+yQfgtM6uuSdItvlrKnWaDAIKNGfQ4t4guUAAAILiZ70STpmeqqLTCRtBakaBD65bxmCfRM/R7z6QQCAwJI6Rej3omjTBdXgEEnd+W5uiJrzNsDQAAIPiYpNyT32Ro6YYiG0FrRoIOrdfyf0hrnpOGfCnFDbZBBIy2p0odzpPmHC9V8AcJCDZ79UpSaXmFpizYbCMAAADBw4w1N+7zFW631qsO7ky31iDA/zBan8oyT6s507V112+l2P52BQJO93s8XV4XnG8DAIKJGWPlzanrme0PAAAEndCQEO3RI9H9PhQWGmKjaM1CKh32OhD4THLOjDdnukXu8qkUFm9XIGCV50kz95PST5G63mSDAIKF6erar32skmLCbQQA4O/MGKL1jZd19ZsL3ctHT+njXnozrYMSosNsDQCCDwk6tB4mkWO6Q5qkXP//kpxrTYqWeZJ0fcZLaUfbIAAAAPzR9wuz9dx3q2ytcf6+TwcdPCDF1oDgNH9tgSb8tk63H92dVnNBiC6uaB1KN0h/HuHpDmlmayU517pEd5cGTJDmnSnlz7ZBAMEkK79U2YVltgYA8Gd79EjQ0C6N/z7ev0Osdu+eYGtAcKqaIOuE4ekk54IUCToEPtOd1bSuMjN/mpZzIXSDapXMLLw9x3laSZqELICg8uOibL34/RpbAwD4s8jwUO3RM9HWtm2PHklKZCgDBLG/1uTrtV/W6YqDOmtIZxqbBCsSdAhsBfOk6SOl9udKvR61QbRaZlZX08V17sme8QYBBI0jd0lTblGZvpiTZSMAAH+2R88kDeu67VZx/dvHavcetJ5DcOvbLtbt1mrG3UXwIkGHwJXzizTrEKnbnVKX62wQrZ5pRRcaLS263AYABAPT1ePSAzrr/ZkbtC6nxEYBAP4qMixEu/fYdis609KOiYAQjMxkKhmbit3r5ntOekKEex3BiwQdAtPmyZ4x50yrOdOqCsHDdGE249GZ18DqZ20QQDAwX1xvOLyr2sTzBRYAAoEZi254t4Zbx/XvENeoJB7Q2pjE3F0fLNW0ZTk2ApCgQyDKfNszDtngD52ztZNsEEElPFka9K607HZp01c2CCAYdEuLZuBkAAgQZiy6rSXgzMQQtJ5DsJmxIld3f7hMxw5to+OGpdsoQIIOgWbVU9Liq6UhX3omDUDwiu3vmRTEzOxauMgGAQSLWRl5mr0q39YAAP5qjx6JGta17qD3Zqyt7ZlIAmgtlm4ocnsEjOqbbCOABwk6BI4VD0oZD3uSc2bGViD1cKnLjdLsMVJ5ng0CCAZR4aEaP3mVMnNLbQQA4I8iwkK0Z88kW6tmWtbReg7B6ITh6erdNsbWgGok6BAYTKu5df+Rhv3saTkFVOl8lac15V+nMbMrEERMy4sxu6bpiW8yVFpeaaMAAH9kWtEN95rR1W09x9hzCBJZ+aW656NlTHKFbSJBB/9mEi4m8ZI7zZOci2xvVwBe+oyXyjZ7xqQDEDQOH5ym9PgIzV5FC1oA8GfhYSE1urOa1nPJsbSeQ+v38+Js3f7eUu3dK1HtEiNtFKhfSKXDXgf8i+myWNUqauBbUljdsSuALUrWSjP2krrdKbX/uw0CAADAX9z67hIVlVboXyf1YsIftHpLMgv19LerdMVBnd1JroBtIUEH/2RaQ5lxxUyLuQETnFcqv7ChEfJmSrMO8czwm7inDQIIFqarqxnrCADgn6Yty1VBSTmD4yNolFdUkoxGo5Ggg/8xLaH+OMAzAUCvR20QaKQN70kLL5aGT5WiOtsggNZu+cYiPfF1hu4Y051Bx4EgtjF/rWZkfKe5637Vhry1yivaZNfAX1RWhiokpMLW4C/io1PUJr69BrbbQ8M676+0OIYW2hFfzMlSWKh00IBUGwEajwQd/EvBPE/LuXb/J3W7zQaB7bT8Xucb+vvSrt/SNRoIIq/9sk6L1hfopiO6KTqCYXaBYPPT0k/03h/PqmvaQCXFpCsuIllR4THOGQ+tV4CtqqxUcVmh8ks3K7swUys2ztVxu16kvXscaTfAtuQWleulH1a7lxft30npCRF2DdB4JOjgP0z3RJOc63Kj1OkyGwR2kBm/0DBdpAEEBdONxIz1YpJzF4zqaKMAWru8kmy9MfVhZRWuU7eUwUqMbmPXANgROcUbtXzjLKXEttMZI69TfGSSXYP6mO8fd32wTIM7xemk3dLp0oodRoIO/iH7B09yru8LUvpJNgjsBDPJiOkqnXa0Z+IIAEHBDD6+enOxeqbH2AiA1u7Fn/6hNTnLNbzLwTYCoClMX/mlOiR203l732UjaIgZWzE2MszWgB1Dgg4tL/Ntz5hhZqbW5NE2CDQBM57h78OkPuOlNsfZIAAAaC1+XPKxvl/ygQZ32N9GADSlP1dP1r49j9Z+vY6xERi/Lc3R78tzdfHoTjYC7DwGaEHLWvOitPhqadC7JOfQ9MwswOa1teB8TxdqAEFl0vRMzV9bYGsAWhszIcT7s55T19TBNgKgqXVL3UUf/vmC+36DlJVf6k5KZb5jHDKQiSDQtMLuctjrQPPKeExacY+069dSwnAbBJqYmck1sqO04Fyp7elMGgEEmcedL9F79EhSXBTdToDW5qelH6usslxt47vbCICm5k60ogqVVZSoZxuS4S98v0adU6J0yQGd1CaeiSDQtOjiipZhWs1lfeaZZdO0cgJ8benNnrEOzWsuJNwGAbR2387fpE//zNKtR3VTUgzvfaA1efy7q5UW11VJ0ek2AsAXNhWuVVb+Sl01+nEbCS6l5ZWKCGPiB/geXVzRvCrLpPlnS7nTSM6heXW/RwpP9nR3BRA0DuiXosMGpSi/uNxGALQWpstddDgt4wFfi41I0saC9bYWPMzED2//nqm7PlhqI4BvkaBD8zGzav51mlScIe3yKck5NC/Tam7ABE9y2HSvBhA0DhqQqo7JUbYGoLXIK9qsyLAoVbKwsPh0Me+zfOf9FkymLNism95Z4o45d+2hXWwU8C0SdGgeJjn35xGe6yY5xzhgaAnmdWcmjVj5T08XawBBZ8Jv65RdWGZrAAJfiGQG7KFQKL4r5n0WhExi7oJRHZUax1hzaB4k6OB7JWulGXtJ8UM9LZgY/wstKaa353VoWnMWzLNBAMEiJTZc9328nCQd0Ep4t/JhYWHx3dLarcsp0RdzsmxNGtU3Wd3Som0NaB4k6OBbJgHyxwFSm+Ok3k+SnIN/SB4t9XhAmnO8VBZczfWBYHf44DQd2D+ZJB0AAHDHmXvtl3XuOHOl5RU2CrQMEnTwnarkXIcLPQP0A/6k40WeRN3ck+VOXgIgaJgk3dFD0mwNQGCr3RePQqH4prROD3+x0nP5t946akgb9zrQUkIqHfY60HSyf5Bmj5H6viCln2SDgJ8xiTkzNmLcYKnXozYIAAACwTWTjtCo3qfaGgBfmrJooh454VNbC1ymK6uZ2b1neoxbL6+oVFhocI6xB/9DCzo0vQ3veVolmXG+SM7Bn1XN7LrxI2nNizYIIJiUlle6XVuKSunWAgSm2q18KBSKb0pgM4m556es1u3vLdWCdQU2KpJz8Csk6NC01r0mLThfGviWlHq4DQJ+LKKNNPhDacn10ubJNgggWESEeb6Yj/t8BUk6AABaoaz8Unfs2TbxEXrs1N7uUBeAPyJBh6aT8ZgnyTH0eylpXxsEAkBsf6n/f6V5Z0pFy2wQQLAYu2c79WgTQ5IOCEDes0yysLD4bgkkptvqjBW5W/6mp8ZF6NFTeuuE4emKjQxzY4A/IkGHpmESc2uek4b97El2AIEm7Wip46WesRPL82wQQLAwSbo9eiTaGoCAUbsXHoVC8U0JAKYb65tT1+uKCQv1/swNbsu5KnRlRSAgQYedYwbZX3ixp2vgrt9K0d3tCiAAdb1JShjhaUkHIOgcOihV0RF8NQICiXcLHxb/W9a9/y+dMPQc3fF+pleUJRCXQGBazVVUVurWo7rprmN6qGNylF0DBAa+hWLHmeTcX6dJ+bM9ybnI9nYFEMD6jJdK1krLbrcBAMHGdI154usMrd5cbCMA4L+WvHi9Thx6bs2y+1W69OKX9PGPG1Tdhqj5VZQ75wuOsnKv4QPKFujVfcwxjtM3K20M2E6L1hdqwm/r9OL3a2xE7thyp+3ejsQcAhYJOuwY0wXwjwM8101yLizecx0IdKHR0qB3pbWveCY9ARB0TDeY3boluANKz19bPdMbAH9Uux9e8JWCTVnOZS0luVr780/696W36qpH/1JePbdrnuLNxopLVOTWYxQV5b2tL0q2frnhQp04dJy+WV3fekrji38w3VYvfm2+OyNrVHioThjexq4BAh8JOmw/07rIJOfiBksDJkgh4XYF0EqY1qAmSWfGVsydZoMAgsk+vZN02YGd9PAXKzV7Vb6NAvA3lZWVFPtcHP38C3p7hqe8+cM/df8dI9RGZVr7n+f0wR9l9d/W18Uem0nwbInFDtT5PzjH+esl2jvdK+6TUqS89aYVX5kqyutbT2lsaQm5ReX6dv4mPf3tKpU6/3+GmfDh7mN76l8n9XInfTB1oLUgQYftY2a4NMm55NGeroAk59BambHoej3qmTTCJKUBBJ0BHeJ0z3E91LttjI0AQGAIi0tV3+PP041XmCFocvXlzys8K4AAYYaauOHtRZq3pkDDu8bLe46H9ASScmidSNCh8QrmSTP2kjpcKPUcZ4NAK9b2VKnjRdKc46UKT2cMAMGlXWLklokjMnNL3fHpAPgP846keNSNhykm2TMMTU5u8Zb4+vcf1knD/qmvMsq1YcpEXb3v+U79cl39+orq25blatEnE3TPYZc76zzrLzjzZX01N1emPdqW7Wwpy1qmKf98TBe4+7pY55zm2dZr5Dmv7Tfqmwuc7fZ4TN+t9o47pd77fUbv/LRBJVu2K9W6ad/rpUtut/fnlH2v103XfqI/1pZv2dfC565x1t2i8TOdihZp/Bi77bBr9L/ZVfuy+/vpE/3rtGt0mrveOf4xj+n1GvdJ8QXzd/Xnxdl67Zd1uv39pfprTXWL9ZN2S9dTp/fVxaM7aa9eSczCiqAQUtlS7VX9QGl+tlb88K7W/PqJctcsUXHe5hZrvhsI+u+2SfnZEVq5iPHmagsJCVFUfLISOvRQhz2OUtd9j1dEXJJd6594/Tfe0H03aPHsJOVu5te6+gTi6x/YEW9OXa8F6wp01cFdlBAdZqMAWso1k47Q3j1PsLXgNfuhC/SP16Wjnn9efx9pg64iZ92tzrpc9b/jPt1zfLobXffuv3TZ3eU67IxIffP6/OpJJM64Vm9d108qW6evL/mHnp3qmeChpmgNvfd23XqUZ1+u7Pl65dSH9XGdDgfRatc5Qusyat6/lKmvz75Vz87srYs+vEEHdbbhrd5v9bYZE/6hq/+1ysZridxTN31xjnZzvoYseu5a3fxsrl3hLUF/++/DOnmwuZ7vPEf3OM9RPeP4KVztzrla4y7vI9pRSz8tmaRHTvjU1raP6aqamVuiDXml6pbmvC4SI934pOmZWpNdoj5tY9Svfaw6p0SRiENQC9oE3apfPtas/9yh1CgpJbRY8dHhigwLrdF0Fmgs06CipLxCeUVl2lQeqaxiacjf71GnPY+yW/gXXv9oSoH2+gd2hknS/b48V1cd3JlZ4oAW5iboepCgcxN0b0hHPVedoCvNWas5r76iR/69RIWRQ3X1B5do77aedW6C7p5F7vW04y7W3TcNU1sVKDO7UunpcZ4E2Lh1anfy33XdecPUPT1CKivSxr+m6Knz39Zs7atbvj5Lw+LMHsq14OkbdOtLuYroP0a3Pn64Bjnbl2Yu0ZTHXtJLn2a6CcD+t9dK0J1jE3QfVCfosj55QhfeNltqt6+uH3+ShnWPVYRzv2tm/qT/3b1II1++QHunSctf/YfG/T5SZ126p3bpmaqYcPN4V+rb6x/QC1PLtPuDD+n6QxM9O23gvqoU/viqzr38B4XvdbxuvPEA9e8arTDniPOXzdarF4/XN+s66ey379SRPe0NgthPSxtO0JmWcBvySlRUWqF1OSVuEs4ME2G8/XumvpiT5XZLNWX/vska1jXBXQegpqDr4mqm+p7+1GWa+9871DexXH0SK9UmPlLR4SQnsOPMa8e8hsxrqU+S1DehTHNfvV3Tn7h4y/Ty/oDXP3whUF7/QFM4ZWRbHTYoRV/9tclGALSkShb7TEgfX3iBTh7uKaePvkP3meScUnTguFO1e1vvW3huk/i3qzTujqFKj3QikTFqkx7rrFmqn15cJXUfo2uuH6lu6eGeW4RHKXWXQ3T+dd2lkh/0x1zPfiq1WL/+17RS66Vz/nW0Btrtw9N76MD7/qF7L2/n3lfV1tVL7eh6TX97thNL0An/PF0ju8fI3ZNzv+1HHKArPjhfe6V5tux61h168vEjNLJvivP9wxMLT+ysQ87b391rVk6BG6teDO961ZKt6ZN+UKlG6NL7D9fArlHOybGJhyu2+1Cdf+do53ar9NMf6+32wb0UFO2nKyYs1NgX57rFtH6rYrqmTpq+Qd/M26z1uVvaZLpMV9Xnz+qn+47v6bZAJzkHNCzoEnR/vHSzNs6arN2cD/iUKIbgg2+kxIRrtzbOF4Q/J2vm89fZaMvj9Y/m4K+vf6CpHDQgVWftZQZeB9DSvBMIwbvUFZGSriGnjtWdH96tC/dLtomnmtt36JemOK+ou6xepbnm94dl7+rG3S/U34bXLFfev8y97aIMm7TKWKv5ZqC2wXtoQGe7jy1L6JYx8Gr/T1WrimzUSjNWXOReGjKk5tHWt5Ssmq2P73xcVx1+ZfXxXfi1u8dFyzZ5bVnffVUta7XkRxOfpocOqPk4TTntksnureYv3uh1m+BdYqKm6q5juuu18wa6xcygWmVU32TdelQ3XXtoF/fvY1XrOQDbJ6jO0E23vg0zv9Fu7T193gFfG94hRhtmfaeMH9+zkZbD6x/NzZ9e/4CvLN9YpPdmVLciAICWcuRzz+rN6Z7y2tf36NYb9tXATts5fm5FhTsJxNaFKzWxVhd/0xvDXt0hGZlabC4HtlWqG2hY3tS3dOWYJ/WfD+dq9fqdmcTLeawmubgNaSmMQGeEhBQpNY7xmAFfCpoEnRkQf9Yrt6lXQrmNAM2jV3y5/nz1Lvc12FJ4/aOl+MPrH/Cl5Nhw/bkqX098neGOvQOgeXm38AnepYp3bGtLFe9Y1WINHavHp4/XxHrLk7ryoISa25eVy8yfWnep4h0zS61o+1R1M4G567T19mpL9elNXzvbpGiv22/Qk5OfqD6u5w5092l436LOfW1Zqhyo22s8vprl6XO7eN0meBcAvhc0CTozW2VqdKiS6daHZma6+6VEVGjF9+/YSPPj9Y+W4g+vf8CXkpzX+E1HdHMTdTdPWqyCEn4IAZqVme8u2MsW9ayrr2xRz7pObdXXdLaYu1CrsutZX7u0S/Ek1mbP0uJ1tdeXKH9DnlnrqL2uKmzrYQlqa3ZUMksL5pV5bVerrFotdwjQQYfrb8d1V3pC+JZ15VvGvfW+TYhCnU3MZBblZd5xU1LVdYRZN09LF2zlPimeAsDnguZsfc2vn7izVQItITWyQmt++sDWmh+vf7Skln79A74WERbijrlz+YGdFRsZZqMAEIh6aOSZ8VLJr3r0onf1x7ICdxZWw8wMu+iz93X7we/qLxtTeA8NP85kwOboudu/0sJMs3W5Ctct1Te33qs7x69zN9u2Thr6t47O5TpNuHqCplbdr5k99s8fNf5vz2ryaqfeMV09TQJxzmf68qdszzYl2Vr+7bu69aopplZLmtL7mstl+uHnNe72pZlrtT7Hs27IcYOcy9V67cpX9M2fm1Roc3zlBZu0/Odv9eSxT3nuFwCaQdAk6HLXLFFclPvzCdDs4qPDlbtuua01P17/aEkt/foHmkvP9OpxiqYty1VWftVpLQBf8e6CF7zL9j8XVbxjniVUfcaeqzGdw1U6/0s9cOJ1OnO3S3SqU8484G7dduvnWpjvvX2UBp91igZFSqXTJun2w690tr1cZx85Ts9/VqbdDulp78n7vqqYa9XRTkeerCPMpK/rftLDVfe7xzW69O+v67vFeaqoMFt11x5npzgbbdInl9/s2Wavm3XjdV9qmcLlGSGtep9maT/QJOGk+ePucbc/8/C79ekCz7qUQ07ShXtFO/f5u57/+606ew/PYz1jv1t142Vv6ceMMrsXFgC+FzQJuuK8zYoKp3sfWkZkWKiKC8wU9C2D1z9aUku//oGWsCKrSLe/t1QzVvDaB3zJO4EQrEtouPkRNlxhod7RhpcQt89nuKIiG3j+EvvotLdu142X7qpeneNt0kuKbttNI8/+P939wVHq77V9aLe9dMPbl+jYPZMV7dlSqXseqhs/uENX/H2Q0pyI81XA6xZSiNlpZJTCvY/Zud8zJ96mq88eoHYp9oflyHi123MPnfXQ6RrhzhIbqp7n3KB7b99T3e02ESltNOTsS/T4xFPVx6knJkRW79NZUg45VTc7+0yNNVuHK7Hf/tqlq10bnq79H7tT9967v4Z0qzp+u8+jT9KN716gfTvabYN8AeB7IZUOe71Ve3dsL+3fM8nWgOb33ZJsHf+aOz9Vs+P1j5bWkq9/oKX8tSZf4yev/v/27gS+6fr+4/g7SZO26c1ZxAFyDRGV4YkKXlMBxRPnUKbzmI4//+HEY86p869/p9s85vVQ5/Aa6rx1eP1l3gyYByJeKMglyFFoaZu2adIk/9/3l1/SFtLSQttU+nr28Xs0+SZNk/b7TZt3Pt/vV2OHFmrSfj2dVgBtZcZz43XAgOOdcwDa0wcrX9Ztp77qnAPQHiipAQAAaAd79snRjacM1LBiu2wDQDuIT5Lk4OBo7wNA+yOgAwAAaCd5WR6N6JvjnJM+W1vlnALQNlJFCRwcHG1/AGhvBHQAAAAdoDIY0RPvb9Bf3/1OwXDUaQWwM8xqPRwcHO1/AGh/BHQAAAAdwFTTXXfiHvL7PPrd88u1pqzWuQTAjtu6yoeDg6N9DgDtjYAOAACgg3g9Lk05uLfOOaTYPg1g56SKETg4ONr+AND+COgAAAA62D6756p3vs8+baa7frW+2j4NoLVSRQkcHBxtfwBobwR0AAAAaWSmuv7lX9/qb++ts9epA9ByqWIEDg6Otj8AtD8COgAAgDQa3Ctbt/5ksDzWf2VXPLNMqzYHnUsAbE+MDz746JAPAO2PgA4AACDNzMYR5x7aR1eO76/dCjOdVgDbZXaX5ODgaP8DQLtzxbrInsnPTxmkwwcWOOfSabhyL5klX5FztilrH1Dp/ffGT3t7y3fMjfKPGCZ3rj/eFg4ouvnfCj71WwU3xZuSjpqlbkcMb3wbSLt3lpfrlFnfOOc6Vnv3/4zTZit/377OuSZEv1DNdVNUY5/JlHv4dOUed6w8+d3l8pjLaxWrXKnw3N8q8J+V9rXqTVb+1ZcrI75cU73E18z/H1XNW9LovT2XNQ6KzDioeFOBWy5TyGlv2q9UcP258kTXKvTQRAVWOc0puI9/RoUHDWSMtUI6+z/wfbW8pEYLVwd00sgebCgBpDDjufEa+YOjrT/6jA+gXcViWvTtG7rt1FedBgDtgQq6zsqd4ZwYrpyp/1TuwaPqwznDmyt38XHy//JBZXmdtgQzR8ZI3saOyzpvrrpd/4Hyj3IagB3ldivx73PGSU+o8KeTlVHkhHOGO1Ough/Kd/ws5R+2dfVID7m2DueMxNeMe0T5p/zIaYxz+ZwviAQVjZ+KO/hvKrp+obpdNNVpSHha4ZKIdZt9lXFg49tqrFhZA/tbnyOKrHk+3tROGH9A19Yzz6fSqrCufPYbLV4TcFoBJORkFSoUDdlv0HFwcLTfYcZZTmZnKHYBdm0EdB3uCwVuH6XSa1MdMxSqMItDRxTdODd+dfWSyxdUdOULqnpovMrM9W4Yr8o57ytqUgffSGWOK45ftR24M00o6KkPUYAU6p6dmKI/x4/AFxvjVypbnqxic+f4FduyULWzL9SWG8z1RmvLQ3cqbPd/vzJGXdrEk9MSBRvcdtkdV6m2xOx86JVnxK+UFb+SLfraT+LXu/1q1Tlttjx/PCjcJsBer+DyeNmce8DZSpUH2grOkbe7NSCiSxV+fb3T2D4Yf0DXlpfl0YVjd7Onvj4yb729mQSAet39vRWOmNr8VJECBwdHWx3BcEDdcnpZpwG0JwK6TiNTvjOvlC/feiW+6XlVPvux0/62Arccri0PXq/aFRvsp0iFNyj83i8VXBP/R92VN8z+DHQ2rr1ul3+Y9cc8ulK1f68PykKPj1PZbReo6oMPFQ2bllpFVzysygWfxvt4Zk+1pP4ztvk1VT36iuw9D71ZO/2EFn39VdWZ+5O3l3xNDCv32IPsItXY2jdUY993AGhfI/rm6E+TBmn3onh1cSQasw+gqxvRZ7RqQhXW/w588MFHe34EwxUaUXyIM/IAtBfWoOskTJBRcPrhcmulau8+VVVbryu3jQHKufg5ZXaPKPLeYSqf0+Bd9WMeV7cxw6R1D6n03rucRsn709eUN9yt0OMTVdPtOuUeeoQ8edY/+2Ydr80LVPPEJcn17JpbUyz6yRRtefYL51yBvBNuVc4+e8ntNy8cIopZNxJZdKMqX5lrPZ035tpjhvJOPkGegkK5UqQpjW87U55DrPs5eox1fWd6b2izIssfVuDpxxRpGI4MvkWFZx8lLZmh8vmHKP+nJ8mT7ZVq5qv6pmnqDPvh7cpr0KXkPUa5F/9BvnyrV3xwuspnb72u3LY8J7+gglH97L5bZvXd+v7jrA9nV9CdKVMzl1RwlQounSRPeJGqbziv/nft9Al3+euqvPVKhfv+rwovmpA6xCt7RRV2pV2msn/xtrJ/kKnYsmtV9uhLzhUSipUz/RVl9qhV3b+OUMW7iXHXir5qSz1uoktnKfDCY3Kd2Mrxt836lB+p9tUrVbOicbVN9kUfKLvvUutneJWiZ9+l7IF95VKtIh+fr/IXE7fZPliDDmg7/15WrtmfbNIFY3azd4AFuqrNVet185xfaECvkfL78pxWAG2pJlypFRsW6cpjHlD3nPabuQWACrrOwQQZEw6X2229UF4wYzvhXKbcvcfJf9FMZXa3zlbMVc3bLZvy4nKbX7dbnsOfV8G44+LhnGHW8ep5uPw/v12+rdeza9YA+ae+rDyzPp4dMhgeubJ6K+Pg21V44dTGHWzYLSo4Z4oyilKHc42ZisIX4/czEXgYvu7yDLtUBdNvbjwFMcOZA1h0ofU9JsXDOSO7iE6eFtbv74zL7YrQ2IYnFNhOOOfKHyLfhFnKH9lPim5U6N2/bhPupuLq93PlnjvB6nURRZc+2jiITfQJ07/jp1qgVjVffml/b9du461HsZWC85TRw/oc/tK6j/XhXKv6ajPjxrP3pco9wmnarga3s836lIcr+5wXlbtX40fgcpufiV/eqbPkH9w3Pg7Nz4cpC8D3yqGDCzRpv1665601+uu736m8ptFEfqDLMGHBiXv/QmWBtU4LgLa2ueJbnbD3+YRzQAeggi7trBf3U2Yrd2gPxTbMUsU9t8Wn620lXvnSYCGqunJFVv5D1U/cr/DW1TlNVND5znxducNMumApn6/qp69ScHVQnkPuUN6xB8rtjqju7QPMppdJ/qkLldVHirw3SuVznEZHcifL8oWqefV3Cn5hpuAWyLP3xco96WR5fOUKP3ekKheZa2datzXXui2PYt8+qMpZd6uupkAZY/6o3KOt7123SNV/PE/BxGMZeY+KTh0tV3CZQnNuVNUHn1i3nSn3HpOVc9o0eU1V1n8mqvxlZw2wYber8ExTgWgJLVftU+er6mvJM2SAtPSTlD/TjtaVKuhce92hgjPGyB1equC9Z6g6Veic2G04KaRYyUcKvjRjm8qv+gq61KLLfq+KR2c33gwi0Scq31Hgz5fU7+LaxPiod6ryrrpa3qyG/TfOPfE5FR4woHF1XSv7qmvsIyr88d5yRTcq/MbVqlpgpvlaY+GAi+U/8mhp3uEmd7c1N/481n0psO6LIutV9+9bFHjnTet24t/Xf9IF8nXzS9XzVXXzNCV+monbs75I0eV/UeVjjymavb8ycj5VeF3Lgv4dRQUd0PbCkZje+LJUY4cWyu9r6hkS2PU9MO/3Wl22VAN77eu0AGgLyzcu0u6Fg3XRoTc4LQDaE8VFaeba7w7lDO0hhZao9snU4VxKGQXyDD5POefOkLdVVW+WincUuHOagqvLrTO1isy7WLVrzYtzj9zFLS3fGS7/0IHW59WqfeQC1djhnFGuyKfXq+LDpdZp6z4OT9zeaLlzzYuHpap92IRzpq1cde9drFCJddI3SN59TFtc1v6j5FKl6t74mQJ24GE465S9Ok9R6756+p1utzZiAqH7Jqnqa/PYrPvSScK5LsV7qnInjrGeXKoVWfCb1OFcSj65eo5W9ukPyL/HNrVrzXIPvlYF0/+3lRWgTXlOoTWm/xQoY+Sp8SZbsbL3GGB9tvrt4vqpr63rq5nK3mu4XdEX/fy3qnwvsQafdZsfWOPmT/XhXPOOUPYwc1/M+D1PFf8y4Zxpj3/fwD0PxdfS84+Qbz/T3lj066tU/nB86m2s4sN2D+cAtA+vx6VxI7onw7kNFSHNWrCBijp0OZP3n6E++f21pvRLVYdZk44PPnb2oypUoW9Lv1CxNa7OOuAyZ6QBaG8EdOlkgoxjDrRerFcr8p+rmg0yau4/oH7nylvOUODd+YqEvHLvPkW55201lXQ7ot+9qFCiUs1Wq3Bpi1MUx+Fy2wVZ/ZQ5faG6Xd/4KDpkiH0td8He9ufWGa2MQhPQ5Cnj+Pnb3HY3U5llrpY7cNudNoPfqa61DwVtKFOZZ/1KXr8UW/ekAnOamdr65pRknzY7E5c/PdPqh9XW73WEss6aqeyUBX+Nd3EtvelkZyx45OoxQTmTT3Cut3NqF39h/WsiuXY71npEjsT01spFqk1W1bW2ryaC6o2q+zixEcyO2Fses9RO9BuF5qTYSTY8UyE7dMuTe7dtpyPENsyxHx+AXYvZ9dXvc+uq55YT1KFLyfUV6L/G3KSjhpyulRsXa335NwrUlikcCVl/9PiLB2yXNU7MeDHjxoyfVSWf2ONp2pib7fEFoGMwxTVtMpV1wRvy9/Mrtu4hVdx7V6srvZLTCM3GEreeqipT9GNsZ4prdMkMbXn8bafV4XzN1pc1PcWu+SmHCbGVf1bZg09Yp4rl/9VsZfWUosvvUeDJhxtPcdVyBW+fpGr7MRyh3Mtv03bX+i39pyr+cl18Z9CmpjN2Il1hiqvrsAdVeOxIuUJLFLzvzFZUzzm8xyjv13+U1/rdRz6YoPLZifCpmU0iLMlpo8H3VfWHX8quB9vhKa5Gog/Wqu710XZVW2LjlOin52vL04lwrbV9tfnHsbUmx18L+nuq8d7clNn2xhRXoONUhyJ67bNS9SnwafQgXlihazEbR3z07Vta/N1clVWXqCZU6VwCoDnZ1j+0Rf4e2rvPYdq/31GsOQekAQFdmtQHGV+o5q4pqkmEa62SCAc2KfT4sQoscZo7NKBrWdBguI58VIVHjkixYH/E+r5XqfzxRFVPE4+rOQR0zeqQ/u89R/m/uVgZvmrVvT1JFW+mqOxqgdT9dDv9zTtDBddMaXz5TgV0Usbpryh/72LFVt+hsr99oNxLZslXtF6hmRMUWOVcqdV99Rjl/eaP8uZsVOjRcQosc5qb0OT4SzzeqPX8cZ31/OE0N5R1wXz5+2UqMm+0yl+LT2EloAO6LrNWnQnrWKsOQEcya2Vuqa7TpkDI/mwqe/t3z9KefXKcawAAEpjimg4FU5V3xEh7amvdvMt2MJyz9Bgbn+amgGLr7JY2F4s6dX2erdcE+1CRCvO5jzz7tWS9sMnKO3SEXKFvVbd+g2L2zUYUq16rugWXNAjnjLet2zZXKIpv8oDvgWJln/cLZfisPrP2MQV2MJwzO5N6e8Y3MolVtiSZjXON2jP+ZBas2H4lasTZSsLtTREW16t7/xN70wlXn6OU3f9MZRRZZ8oWKpgM54zW9tVPFbXTtF7yjNj+9Zscf+GVipota92D5B2bYvx5z5evj2nfpMhK1pcDurpgOKpvSoK69Kllem5hiV1hBwA7IxKNqaQyrK/WV+v9FRV6/fNSPfnBRntn6RtfXqUrnvlGFz76lc596Etd8uRSu+2et9bqmY9K1Dt/m0VqAAAWAroOV6zsn54VDzJWP6DK7QUZR81S0RXPKu/k0+TtnqiAMjulXq788yfKfh+85D87HvJtR6SyzP7sHjRdHq/kyj9KPnsB//kKrjL3vUDe8U8pd8z+Ju+wufL3V+b4e1Rw1SvKHRxvU9+95DZ/iys/U/VD41X2P2YNsQNUdvNEVbwyd5v1sIJfmjXAPPLsN1P5E8bJk+1ckN1PvjE3Kf+K+bLuCjoJ91G3KKuvXwotUs2D9zbeTXUbU5V/zRwVnH2tMof0S4Zkru7j5L9opjK7W2eiyxV+tyUhn9n91OoPx+xn305s/Tvx6a3N+a4kfv+6HaRsE2J5e8s3/IBtw7pVdyhspuh6h8p30ij7yTKy7O74lOoGWtdX16vmm+X2Kc/I+5SXHDfOmL58bqN+3fT4S2xkkamMsQ3HX6bcw6cpf/qFyjDnN72tmpbnnAB2UVlety4cu5uuO3EPbQqE9ci8HX0TBQDiPG6X7ntnrW54aaXufGONHp2/XrM/2aR3v96iL9dV6bsttSnfDDhpZA91y3FeNAAAGmGKa4dr2dptSkxdO/hvKppgdolsQqq1vtpwimtybS/nvJG8jvcY5ZqdMwua+iPbcBpfpnynPamcfesDGVs4oFhdrWKbP1Rw9nUKJneTHCD/RY8oq29Ti3tFVPf2Aap40znLFNdmtXf/T0ydbF7idzZZ+VdfbofUqVUr8t4UlTfaYKIF46ZivqoemKbaRFjdVJ/wnq/8K6fFA6yEJvqN+/hnVHiQ2a3YEm24TmJDreyrZtxc/Af58lM/mobTT7c7/pq5nVTPDUxxBbA180J6t8JMFWRnOC0A0DImhPvd88vtaawtYZ5rbjp1oB3uAQC2RQVdh9ukWGvSowXTVP6PmQqZaaHJrVcjigU3KLJkpipv3SqcMxJT+KKNa31i0UR7ihqj5Nc0viz27u9Vs2SFYmHnHbCQ9X2/nh8/HZ6jwJ3nqPrTrxStabAqWDigaMl8Bf9xjqoSa2x5x8q3R99tg0ZvrlzZ3eXe/Tj5z2+4c+dKVd9/oioXLFQ0ELDuu9McqVa07DOF5lygykTgYdQ598+6/10ice5korUtWYUw4QlV3nmZ1a9S9Jv176hm1vFbhXNGU+PGGQuf3qryOxqEc0ZTfSI8U1Wvv2N1Jaevmz61/j012tjYEZ07T5HEm78l8xRMWanayr5qxs0d/6WaZSsUTY7psGKBtapbcr+qG2Tn2x1/d/wsPv6CDcZtaLOiK62fcYrnhviUWet7dcYEG0BafP5dtT311Uw9W7Yx1YqWAJCaCdwm7htfmqQlzh5dTDgHAM2ggg4dIrEDZmzTS6p6+EaFKhKBQqbce0xW7qTpyjA7d6ahsqej7PKbRADNoIIO6LzMNDQzLe29peW65oQB9pRYAGgJsxadqaJbU5aiAKABs0nNtCP7OucAAKnwHxg6hDvTWcg+XCF5s+KnDW+hXLn95LIvLle0xG4FAAAdxOzsOm5Ed914ysBkOLdqc9BeU8pMYQOAppiKuAvG7NZsZZx5Xpl8YC/nHACgKQR06BChhYtlZti6+pyp3IvfUrfrF8aPa15Vwekny2M2zVj3nKoXOV8AAADSxizinpnhtheA/9Nrq5n+CmAbZodoU0E3uFe2jt7TbHefGhtDAEDLENChYyy5TOWPb72WniVSrVj5Vwq9O11b7r1LieW+AABA+uRleXTGAb105+ShOnRwgcKJtWotLV0QHsCuZ3lJjZ5bWGKH99OfWKp15fGFbX+yf6+UIZxZp27C3maLfgDA9rAGHdBBWIMOXRlr0AG7DvPC3Oz6eszwIu3ZJ8dpBbCrMdVxKzYF7cC+d358+/2XF29SoDaqfXbP0dDe/kZTWz9eXalbX//WORd35fj+GtGX5wkAaAkq6AAAANBilx/XT8OK/Xro3+vtxeGpqAN2Le+vqNA1L67Q1Flfa9aCxmtRHr9PD7u61oTzW68796N+efZmEAnmNOEcALQcAR0AAABazCz4fuxe3fSnSYN0/mF95PXEX6SXVoXt6poNFfEpbwA6LzNeTRD3xPsbdPOrq/TMR/U7te1elKkpB/XWPWcN1XUn7mEHby119uhie+MZNoYAgNYjoAMAAMAOGdgz2zllpsNJ68rDuu6fK3Tls9/ora/KnEsApEt1KKKv1lfr9c9LG41JE6R/tKpSRf4MnfKjnjphn/p14sy6cT8s9ifD99Yw02GnHNybjSEAYAcQ0AEAAGCn9czz6oIxfXT3mUOtF+jF6pkbX7PKMAHBqs1B5xyAtmamoZo14ExVXIIZd5c//Y1eXLRJGyvDKszOcC6RPUV16hF9NW5EdzuMMxVvbWXs0EI2hgCAHUBABwAAgDZj1qUy6041XHvKhHNm8fhLn1pmT6Urr6lzLgHQUpXBiL2LqgniEsxU1XMf+lJ//r/VmvNFmdaU1a8XZ4I3M031inH97Kq21kxV3Vlbr08HANg+dnEFOgi7uKIrYxdXAIYJFxauDuioYYXJ6W+m8sdMqQO6OrPhipl6ur48pMraOh35wyK73UxTnf7EUmVmuFVc4LPXiDv30D72ZWanVfN1bVkBBwBIjy4T0L3ws8E6bEC+eDMH6WD976S5Kyt08t+XOS0di/6PdEp3/wfQuZk160qr6uyKO7M7rJkeB+yqTDWpqXozR3lNRKeO6mm3m6DN7Jpqpoqbo0euz656SwiGo4RwALCL6zIB3atT99e+RXXKyuAPGzpesC6qTza7NP7+j52WjkX/Rzqlu/8D6PxM1dBnawNaXVqbrAwyVUMfrqy018oygQXwffHu11u0rjzkBHF19hTTxIYLN7y00q6EMxWk3XIykgEdAABdJqCbe/3p6rXlS/vdKKCjbQqEtDF3sA67/gWnpWPR/5FO6e7/AL6fTLhh1qv7bG2VfX70oHxNPrC+oghob2bq6JbqOrsvmvXfTJVnoort0fnr9W1prb2eYmWwTtefNDAZJJt+a94TNSGcaRvca8d2RAUAdC1dJqD75v8e1qZX7tQQluFCGnxdWqeeJ/xag8ad57R0LPo/0ind/R/A959Zp84EJGbRe8Mskv/S4s0a3CtbQ3r5NaR3tgoa7FAJNMX0I7/PndzEwOx6avpXXTQeCpsQOC/LY19mNjWJWi+VTNBm2s4/bLfkZaYPmrDOvPlpKuHYFAEAsLO6TEAXrirXv2YcoaH5ERXxDxw6UFlNnb6ucOvHt70jb056EjL6P9KlM/R/ALseM/11eUlQqzbXaOnGGg3qma2J+/awL/tqfbVd1WQ2nuhT4CM46SLM2m7mMGu1BWojGjOkMFnRducba5L9wu/z6NqJA+yNFozZn2yyK+UKsj3yetw6cI981noDAKRFlwnojLXzZ+vzv/9e+8f/fwM6xIcboxp+5tXafewkpyU96P9Ih87S/wF0HWZK7JtLyuyqqE0BUxHVS0fv2c2+bE1Zrb0Yf//uWfZ5pJepWItEpUJ/RnIK6OI1ATtoM6GZCdSO26tbcpdfE7St2FRjr+tmfo+/O76/vUahMWvBBju4NeFabqanUUBnbsdcP7FzMAAAnVGXCuiMhfddqtKPXtGoPtlOC9B+PrL+yew+6liN+u+7nZb0ov+jI3W2/g+ga2q4++Xrn5fqna+32JtSmIX6zzmk2K6YMsyUxepQVL3zfXaww5TZOBNuherqXy40DNNMkGZ+luZnbK538MCCZChmKtNWbAraU0oNsyNpIhi98eVV9tfmZMZ/L7/+8Q+Sl5mvM78H8z1MVdv+A/KTv4vEfWl4HwAA2FV0uYAuGqnTx3dN0+av3tegXKb7oX2UVddpeZVb3Ybspx9dfL/cns7Rz+j/6Aidtf8DQEMmODIhTyK8M2uRLfo2oJLKsL25zaT9eunQwfGp+SY0Wrymyg6fzPUPH1qYDJRM0GQqtxJMu5lGaWwv3Grq60wVmdmcIGHfH+QmQ6rmLjO7h5qqwYSGVWTmMZidRRNO2Kd7sjLtnrfWatnGavu0Me3I3e31/YzmLnvh4xJttH5eRo9cb6PvZ+6nCe4Sa7Y1fHwAAGBbXS6gS1i74GUtfvgaFWXUqZsvqpzMDPudVJYpwY6IWqMoFIkqEKxTacitsrBb+/z8BvUdPdG5RudC/0db+r71fwBoLTM1NrGbpwnV9uufnwyizNRKE7YlNKwUay7cau7rmgvTmrusuYCuYbBnQjOz4UZLgkQAANAxumxAZ5iF81e/96zWzfunKjesUm11pbrwjwM7weVyKdOfp7ze/dXnkBPVb8xpnX5BfPo/2sr3sf8DAAAAQGfSpQM6AAAAAAAAIN3YQxwAAAAAAABIIwI6AAAAAAAAII0I6AAAAAAAAIA0IqADAAAAAAAA0oiADgAAAAAAAEgjAjoAAAAAAAAgjQjoAAAAAAAAgDQioAMAAAAAAADSiIAOAAAAAAAASCMCOgAAAAAAACCNCOgAAAAAAACANCKgAwAAAAAAANKIgA4AAAAAAABIIwI6AAAAAAAAII0I6DpIZWWlIpGIc67jxWIx5xQAAAAAAAA6E1eM5AYAAAAAAABIGyroAAAAAAAAgDQioAMAAAAAAADSiIAOAAAAAAAASCMCOgAAAAAAACCNCOgAAAAAAACANCKgAwAAAAAAANKIgA4AAAAAAABIoy4Z0EWjUecUAAAAAAAAkF5dMqBzu90qKSlxzgEAAAAAAADp02WnuObk5Gjp0qXOOXRGpaWlzikAAAAAAIBdlytmcU4DAAAAAAAA6GBsEgEAAAAAAACkEQEdAAAAAAAAkEYEdAAAAAAAAEAaEdABAAAAAAAAaURABwAAAAAAAKQRAR0AAAAAAACQRgR033OrVq1yTrVcKBRyTgEAAAAAACDdXDGLcxpdhAnofD6fcw4AAAAAAADpI/0/MC5ymiP2XboAAAAASUVORK5CYII=" title="arch" alt="arch" style="width:100%"><span data-line="1"></span>
</p>
<hr  class="figureline madoko" data-line="2">

<div data-line="3"><span data-line="3"></span><fig-caption class="figure-caption"><span class="caption-before"><strong>Figure&#160;<span class="figure-label">6</span>.</strong> </span>Classes in PyExZ3</fig-caption><span data-line="3"></span>
</div></figure><h3 id="sec-loadingtesting-the-code-under-test"   style="bookmark:4.1.&#8194;Loading/testing the code under test"><span class="heading-before"><span class="heading-label">4.1</span>.&#8194;</span>Loading/testing the code under test</h3>
<p>The <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Loader</span></code> class takes as input the name of a Python file (e.g., <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>foo</span><span class='token delimiter python'>.</span><span class='token identifier python'>py</span></code>) 
to import. The loader expects to find a function named
<code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>foo</span></code> inside the file <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>foo</span><span class='token delimiter python'>.</span><span class='token identifier python'>py</span></code>, which will serve as the starting point
for symbolic execution. Thc <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>FunctionInvocation</span></code> class
wraps this starting point. By default, each parameter to <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>foo</span></code> is
a <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicInteger</span></code> unless there is decorator <code class="code code1 language-python lang-python python highlighted" ><span class='token delimiter python'>@</span><span class='token identifier python'>symbolic</span></code> specifying
the type to use for a particular argument.
</p>
<p class="indent">The loader provides the capability to reload the
file/module <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>foo</span><span class='token delimiter python'>.</span><span class='token identifier python'>py</span></code> so that the function <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>foo</span></code> can be 
reexecuted within the same process from the same initial
state with different inputs (see the class <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>ExplorationEngine</span></code>)
via the <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>FunctionInvocation</span></code> class. 
</p>
<p class="indent">Finally, the loader looks for specially named functions <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>expected_result</span></code>
(<code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>expected_result_set</span></code>) in file <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>foo</span><span class='token delimiter python'>.</span><span class='token identifier python'>py</span></code> to use as a test oracle after
the path exploration (by <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>ExplorationEngine</span></code>) has completed. These
functions are expected to return a list of values to check
against the list of return values collected from the executions of 
the <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>foo</span></code> function.
The presence of the function <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>expected_result</span></code> (<code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>expected_result_set</span></code>) 
yields a comparison of the two lists as bags (sets). We use such weaker
tests, rather than list equality, because the order in which paths
are explored by the <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>ExplorationEngine</span></code> can easily change due to small
differences in the input programs. 
</p><h3 id="sec-symbolic-types"   style="bookmark:4.2.&#8194;Symbolic types"><span class="heading-before"><span class="heading-label">4.2</span>.&#8194;</span>Symbolic types</h3>
<p>Python supports multiple inheritance and, more importantly,
allows user-defined classes to inherit 
from its built-in types (such as <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>object</span></code> and <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>int</span></code>).
We use these two features two implement
symbolic versions of Python objects and integers, 
following the instrumented type approach defined in Section&nbsp;<a href="#sec-semantics" title="2.&#8194;Instrumented Types" class="localref" style="target-element:h1"><span class="heading-label">2</span></a>. 
</p>
<p class="indent">The abstract class <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicType</span></code> contains the 
symbolic expression tree and provides basic functions for constructing 
and accessing the tree.  This class does double duty, as it is used
to represent the (typed) symbolic constants associated with the parameters to the 
function, as well as the expression trees (per Section&nbsp;<a href="#sec-semantics" title="2.&#8194;Instrumented Types" class="localref" style="target-element:h1"><span class="heading-label">2</span></a>). Recall
that the symbolic constants only appear as leaves of expression trees.
This means that the expression tree stored in a <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicType</span></code> will
have instances of a <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicType</span></code> as some of its leaves, namely
those leaves representing the symbolic constants.
<!-- Need to say why this is important -->
The abstract class provides an <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>unwrap</span></code> method which returns
the pair of concrete value and expression tree associated with
the <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicType</span></code>, as well as a <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>wrap</span></code> method that takes a 
pair of concrete value and expression tree and creates a <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicType</span></code>
encapsulating them. 
</p>
<p class="indent">The class <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicObject</span></code> inherits from both <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>object</span></code> and <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicType</span></code> and
overrides the basic comparison operations (<code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__eq__</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__neq__</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__lt__</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__le__</span></code>,
<code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__gt__</span></code>, and <code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__ge__</span></code>).
The class <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicInteger</span></code> inherits from both <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>int</span></code> and <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicObject</span></code>
and overrides a number of <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>int</span></code>&#39;s arithmetic methods
(<code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__add__</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__sub__</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__mul__</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__mod__</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__floordiv_</span></code>)
and bitwise methods
(<code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__and__</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__or__</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__xor__</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__lshift__</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__rshift__</span></code>).
</p><h3 id="sec-tracing-control-flow"   style="bookmark:4.3.&#8194;Tracing control-flow"><span class="heading-before"><span class="heading-label">4.3</span>.&#8194;</span>Tracing control-flow</h3>
<p>As Python interprets a program, it will evaluate expressions, 
substituting the value of a variable in its place in an 
expression, applying operators (methods) to 
parameter values and assigning the return values of methods
to variables. Value of type <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicInteger</span></code> will simply flow
through this interpretation, without necessitating any change 
to the program or the interpreter. This takes care
of the case of the strongest-postcondition rule for assignment,
as elaborated in Section&nbsp;<a href="#sp-refined" title="3.2.&#8194;From  to DSE" class="localref" style="target-element:h2"><span class="heading-label">3.2</span></a>.
</p>
<p class="indent">The strong-postcondition rule for a conditional test requires
a little more work. In Python, any object can be tested in
an <code class="code code1 language-python lang-python python highlighted" ><span class='token keyword python'>if</span></code> or <code class="code code1 language-python lang-python python highlighted" ><span class='token keyword python'>while</span></code> condition or as the operand of a boolean operation
(<code class="code code1 language-python lang-python python highlighted" ><span class='token keyword python'>and</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token keyword python'>or</span></code>, <code class="code code1 language-python lang-python python highlighted" ><span class='token keyword python'>not</span></code>)
The Python base class <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>object</span></code> provides a method named <code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__bool__</span></code> that
the Python runtime calls whenever it needs to perform such a conditional test.
This hook provides us what we need to trace the conditional
control-flow of a Python execution.  We override this method in the class
<code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicObject</span></code> in order to inform the <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>PathToConstraint</span></code> object (defined
later) of the symbolic expression for the conditional (as captured by
the <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicInteger</span></code> subclass). 
</p>
<p class="indent">Note that the use of this hook in combination with the
tainted types will only trace those conditionals
in a Python execution whose values inherit from <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicObject</span></code>; 
by definition, &#8220;untainted&#8221; conditionals do not depend on symbolic 
inputs so there is no value in adding them to the path-condition.
</p><h3 id="sec-recording-path-conditions"   style="bookmark:4.4.&#8194;Recording path-conditions"><span class="heading-before"><span class="heading-label">4.4</span>.&#8194;</span>Recording path-conditions</h3>
<p>A <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Predicate</span></code> records a conditional (more precisly the symbolic expression
found in <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicInteger</span></code>) and
which way it evaluated in an execution.  A <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Constraint</span></code>
has a <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Predicate</span></code>, a parent <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Constraint</span></code> and a set
of <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Constraint</span></code> children. <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Constraints</span></code> form a tree, where
each path starting from the root of the tree represents
a path-condition. The tree represents all path-conditions that have
been explored so far.
</p>
<p class="indent">The class <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>PathToConstraint</span></code> has a reference to the root of 
the tree of <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Constraint</span></code>s
and is responsible for installing a new <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Constraint</span></code> in the tree
when notified by the overrided <code class="code code1 language-python lang-python python highlighted" ><span class='token predefined python'>__bool__</span></code> method of <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicObject</span></code>.
<code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>PathToConstraint</span></code> also tracks whether or not the current execution
is following an existing path in the tree and grows the
tree as needed. In fact, it actually
tracks whether or not the current execution follows a particular
<em>expected path</em> in the tree.
</p>
<p class="indent">The expected path is the result
of the <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>ExplorationEngine</span></code> picking a constraint <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA30lEQVQ4y52UURHCMAyGv3AI6CFhEtAwLZMwD5UwDZUwDUgoEigOwksHIUdhJXd52d98f65NhqryLYERSEAGSs0LMANBVflVnAEFIjAYLQBThYUWYKnFxRY7g/I0+HBgNYDQMFGTyYvJiGMDEBxktOJkhHXHZcfNyNLLry6a0AqZDaD0ACwkG0jshRxEJAADr1jpjIMDAFz/gZzsB1Xthvh3z92XCuejqt5F5F5hXSEiCbhttGi6CTs7SNtQ2mHLe57YbPfyNidVHNzqB6dNVc9+oj85TXVWivsJxdY6PAB/ne4jt7G24QAAAABJRU5ErkJggg==" alt="$c$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> in the tree,
and asking the ATP if the path-condition consisting of the prefix
of predicates up to but not including <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA30lEQVQ4y52UURHCMAyGv3AI6CFhEtAwLZMwD5UwDZUwDUgoEigOwksHIUdhJXd52d98f65NhqryLYERSEAGSs0LMANBVflVnAEFIjAYLQBThYUWYKnFxRY7g/I0+HBgNYDQMFGTyYvJiGMDEBxktOJkhHXHZcfNyNLLry6a0AqZDaD0ACwkG0jshRxEJAADr1jpjIMDAFz/gZzsB1Xthvh3z92XCuejqt5F5F5hXSEiCbhttGi6CTs7SNtQ2mHLe57YbPfyNidVHNzqB6dNVc9+oj85TXVWivsJxdY6PAB/ne4jt7G24QAAAABJRU5ErkJggg==" alt="$c$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> in the tree, 
followed by the negation of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA30lEQVQ4y52UURHCMAyGv3AI6CFhEtAwLZMwD5UwDZUwDUgoEigOwksHIUdhJXd52d98f65NhqryLYERSEAGSs0LMANBVflVnAEFIjAYLQBThYUWYKnFxRY7g/I0+HBgNYDQMFGTyYvJiGMDEBxktOJkhHXHZcfNyNLLry6a0AqZDaD0ACwkG0jshRxEJAADr1jpjIMDAFz/gZzsB1Xthvh3z92XCuejqt5F5F5hXSEiCbhttGi6CTs7SNtQ2mHLe57YbPfyNidVHNzqB6dNVc9+oj85TXVWivsJxdY6PAB/ne4jt7G24QAAAABJRU5ErkJggg==" alt="$c$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">&#39;s predicate is satisfiable. If the 
ATP returns &#8220;satisfiable&#8221; (with a new input <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAwAAAAcCAYAAABVo158AAABDUlEQVQ4y92U23GDQAxFj7aCrYES4hYowZMSSAduIeMSNiXEJVAD6cCkg5AOlB+tLQSG5Dea0cCuXlfSBVSVLQU6oACNqrLnXAA1vagqiW15du9fwG6Fs2XvgayqiBl+LYk/yr8LEJFWRAYRmUTkKiKnRUSgwHCjwH3L59luzPgETHU5dneygGktYADasOVL5VG4pwWuK7SopJvZEvBieH3znTuW2PfRY3cQa4W86CE4N865X9g3KK1xEI8CprVx+qZ9s0cg2/FtlRshe+/gNPFnMINkmavzEJxzXWB68MG/BiDdDeIeFdwgmlhhDM86iAK8q+oYK/iFZdMS+0luWiNwAD6AT6PHt6oefMUfyjONtCS7Ic0AAAAASUVORK5CYII=" alt="$i$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">), then the assumption
is that path-condition prefix is sound (that is, the execution of
the program on input <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAwAAAAcCAYAAABVo158AAABDUlEQVQ4y92U23GDQAxFj7aCrYES4hYowZMSSAduIeMSNiXEJVAD6cCkg5AOlB+tLQSG5Dea0cCuXlfSBVSVLQU6oACNqrLnXAA1vagqiW15du9fwG6Fs2XvgayqiBl+LYk/yr8LEJFWRAYRmUTkKiKnRUSgwHCjwH3L59luzPgETHU5dneygGktYADasOVL5VG4pwWuK7SopJvZEvBieH3znTuW2PfRY3cQa4W86CE4N865X9g3KK1xEI8CprVx+qZ9s0cg2/FtlRshe+/gNPFnMINkmavzEJxzXWB68MG/BiDdDeIeFdwgmlhhDM86iAK8q+oYK/iFZdMS+0luWiNwAD6AT6PHt6oefMUfyjONtCS7Ic0AAAAASUVORK5CYII=" alt="$i$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> will follow the prefix). 
</p>
<p class="indent">However, it is possible 
for the path-condition to be unsound and for 
the executed path to diverge early 
from the expected path, due to the fact that not every operation
has a symbolic encoding.  The tool simply reports the divergence
and continues to process the execution as usual (as a diverging
path may lead to some other interesting part of the code). 
</p><h3 id="sec-from-symbolic-types-to-z3"   style="bookmark:4.5.&#8194;From symbolic types to Z3"><span class="heading-before"><span class="heading-label">4.5</span>.&#8194;</span>From symbolic types to Z3</h3>
<p>As we have explained DSE, the symbolic expressions are 
represented at the level of the source language. As detailed later
in Section&nbsp;<a href="#sec-int2z3" title="5.&#8194;From Python Integers to Z3 Arithmetic" class="localref" style="target-element:h1"><span class="heading-label">5</span></a>, we must translate 
from the source language to the input language of an
automated theorem prover (ATP), in this case&nbsp;<a href="http://z3.codeplex.org/">Z3</a>.  This
separation of languages is quite useful, as we may have
the need to translate a given symbolic expression
to the ATP&#39;s language multiple times, to make use of different
features of the underlying ATP. 
Furthermore, this separation
of concerns allows us to easily retarget the DSE tool to a
different ATP. 
</p>
<p class="indent">The base class <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Z3Expression</span></code> represents a Z3 formula. The two 
subclasses <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Z3Integer</span></code> and <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Z3BitVector</span></code> represent different ways 
to model arithmetic reasoning about integers in Z3. We will describe
the details of these encodings in Section&nbsp;<a href="#sec-int2z3" title="5.&#8194;From Python Integers to Z3 Arithmetic" class="localref" style="target-element:h1"><span class="heading-label">5</span></a>.
</p>
<p class="indent">The class <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Z3Wrapper</span></code> is responsible for performing the
translation from the source language (Python) to Z3&#39;s input language, 
invoking Z3, and lifting a Z3 answer back to the level of Python. 
The <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>findCounterexample</span></code> method does all the work, taking as
input a list of <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Predicate</span></code>s (called <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>assertions</span></code>) 
as well as a single <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Predicate</span></code> (called
the <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>query</span></code>). The <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>assertions</span></code> represent a path-condition
prefix derived from the <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Constraint</span></code> tree that we wish the next
execution to follow, while <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>query</span></code> represents the predicate
following the prefix in the tree that we will negate.
</p>
<p class="indent para-continue">The method constructs the formula
</p>
<div class="equation align-center para-block" style="line-adjust:0"><span class="equation-before"><span class="equation-label">(4)</span></span>

<div class="math para-block input-math"   style="line-adjust:0"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAYEAAABaCAYAAABe1+p8AAARMElEQVR42u2d/XXaSBfGn8nZApSkgiUdkHcrWNwBzlYQuQN8UkGO3AFOBTHuQGwFG+gAtoINdHDfP7gTXw/6GAkJY3h+5+gkBn3NHel+zczFiQhI9zjnBgByAO8AXIvInFIhhJycrqIR6M0IzACM9c+1iHygVAghNAKXYwRCwX4UkSUlQwg5Jd5QBL0YgHHBx39RMoQQRgKXYQRyAKPg462IvKV0CCE0AudtABIAm5KvmRIihJwUTAd1z6eK724oHkIIjcB5c23+vwWwjDQQhBBymkbAOTekqKLklOD5WMA9gKn5O3HOjSipk+u3ofYdITQCoVJzzq0ADCiqKEJP/zuAh4pIgZwG7wAsdIEfITQCagAGAP4F8CgijxRVFDbnvxaRpYhsAdjVwinFdFroau6MhoDQCDwnB/BDRG4ppqiUwgCATZtZwzkN9h1TYidnCO41asuZGiIXbwS05ME7MHXRhFCxT42CCSMpLhw7TUPgI7kZpUEu1gg451JVaJ81lUHisKmgpYisg+8fKwwGOR2uAYyccxOKglxqJJCpEuM4QCSaCrK55O8FuzEl9DqigaUa7IxpIXJxRsA5lwFIAHAcoH0UAOymhobKZV5zDDkd/PP/7QUdixmnE5OjPGu+bIQpd8Cyx81fWDuNdikiH0v2m+L57KC3TLmdbJ8usBvoP3qpD40SZ2C9KXLkSOCL/julWBq9sEM8TwVVyS8ccOQK4tPl6wtGbP5dTJg2JMeMBDbYpYLonTYzAhmASax3b+QMAHMRuaIUT7ZvBQBExB3ZqVhgNy4xroosCeksEtDcY4JdKogGoBk2vTOPkJ9dQTzi4ONJs9T345gL/HwUcIvd2NKQZVtI70YAT+sBWOa4mdc2Ml49EJdKC/dhSuh0+RG8H30/TwP1/h91inEWGAZCejMCfhZCTpE04plyiJlWq4OMNlrgLKHTJQ/ej77xs5K+6rOyxq7kyJjlLEhvRkDTEYPA8yFxWC++yboKO4V0yBf8YA966JybOudWzrmN/psF+7RJu80DL73PNiTYpRaXwWyk7BKcBefcwPThqqQPU51htxeRO+cWpu8nMfI2xyQt7jfVabz+mds45/Kqab3axtL71HvKgn2mVfd3YNtX/txjALJzPATc4jb1DsVs4wbHDoJjJ5Rp636YqQxzAAPz+VQ/81OfBcCwxfn9sWnP7ZiUPUcAVuf8fmpfifblXh8G8pkUyG3l+9acK4uUtwAYNeynjV5zAiAx3431u0nBcf45HAX3OdW/h/5Yf06jm/OKe1l5mTVoe2baPrTCWFGptFI+rQyof7Ep+9byHxgZTkv2yQM5j1pcZ1F1jQ7bswGwKfkuPUdnIejDrKIPp1ZpBY7YJlDEXp9taq6dN3l39V79szCr2G9cdE5twyTczxt+bcegoM+l5HyHtH1hz/sbAL8wjLOCmjFumQryTE2oP3DODQrqDZHy1MlCvau5KfwWkgXjXG3SnT99H/XYnjEqVuqLyL2mRr4AuOv42qOeUk0/AdyWzZYL+vCxolrxsz4sSJWFNc7+0H/rUjw+bbOMkNEguNeqiQJrf0zwPn8C8HvJMTMAV8H+1+E5C+Ry3bLtw7DteVXIwa3c2h/oYYYpoYyybeydi/WESkJwv9/iwIhvdYT2JBEh/Ljja2fBc9jlNu6gD+17koeecMH+tdG1KkGJifCCdOImUp6bAn2Rl6TACt994+kvbIRgvltVpC5XkWnsTETwBruS0YwEmmFLQW8L6gLVolZ/WRJZkHKvbGI8mfuadRn/KxrkbRkJvOtrUFvbU9cWv4K50+miInIrIq7LDTVTaoM+vKtptx1otVHdjZGJjahspB1zzrqy4ZnxrG/rBos1JXNdoC9mZfdQFAWJyFxE3orIx4IMwQ2KC1ImEW2/KpLn6hg5zzPyQpPA25l2MBgobQcuL1z2oyYDYAd6ypue2uQj8UGDAdThK4mUxxF9OGww9jYMrpGU5flroos2UYgUXG+gytwP0K6KnsnwXgMZ5C3lm1TIKYkdD2Ak0I5PBbn9ttxXRBhkn7RhBDYuySU34b/IPGuraZGqROaR40HnsHjM9uE6ol9GRX0oIo82gtAxBr9v3cr9Xznxmv3CsZKFncKqRucWwHsANyLyoeiZDO+1IrqJjd6K2j6ua5Putzce8JuGuyxdEM91oIhar7IWka1zbmk6JgXLeCPypbyvUbB2/cv8RNtzGyj32hSic84vHkteaYkX24ePEUYyiezDTzEpnmAef7QTgd0gd1eD8lcdpCnL2j5tmh61VURpCOo9tySw4vcdnNZ2WsI6MVFKPcaDOsjbMrzvI1IOFoc1UQSvNhrouQ9vjLG8b5oTL8Hea5cldUYdRKhlhvUh0oHNrRHwD/c7qppGFhco/gWxpjzUhKBk/4VEhOLsytvyztHPntIiXxtGj3PspgxOLqAPr2P6MEhz1J1z1OD6lk6qKXQdoYZtjx1kt21/g6c5qIwEmlncdRdWXDttXmFoyL4Cicmfezk+S9np0v0mtYD6GjP7ovfWZo1Jpm1Jz7wPYz3mJhHDsMiz19Ijw5r3tGtHsotabaOYaKXK+FgjwEgg3uIC7RaIlRGmhPizgvusYxVIkEv+UWDIm6TckgZKK/ZZ8tP5vrY5XtMdW7y+8aMmfThsEMlFpW1qxgO+YH9B4LqtA1BhUK461iH2nv9pYyjfYDetCehxReSZkFYo7kOjgceKiIPse4J1L+VNhVJIG4bh77o2AnjK5x8ypnSP3UrzU1xfsi3qp4Z9+FdLj7mqn64qFOa44LlYtsmSOOdmFe/wyESoXVcIiG37XiTww3igTAnFPZTLHjrwMXggyT61L6V6e5Oil129s58N03jDCC+rqYcYszisjl4Wj3VksOfYTZmcd9SHdUZ7HSH3QXDOZRCZFeXTpyVRRJ0BSIpKmTSc7dTU4JYaVr1uWmKMES61HnFR0stU/cR+KYoxZV+53D8pkeEKz4tvDYPFVllX1+t7cViDkhbDM+vDDRoUZ8TzxVdpyfcrlCwm08/TGhnPIt7fFSoWjwbPZdrDAsqqtpcuTgtXkbF+TVx9laSn69hrzCj7ylXWOZ5K7g5UwS/MZ7k12PoCrhpey7+0q46dibxjhTo7gz4cqsLN8by+Td7Qidpgf2XxxitIoxBT827nkYZ7GhgP72GXrhZus6r3AAfyV9tV+acFxm9SZgQysIhcbNnnRY/XOag89YX9lkOuD70vspWWGO+V7pM39b4R1Hzv0JkY9VB2InmFUd3M9M/CKOa0TdStSnlmnosV9n+jINF+9fvMYmSnitY+c/6es9hITNu16SmTMAjkufFGCyWlN/zmRMTnjFY6WPGWqee9HO7CDjrWLEY55FqjYBDsuuUUQtJNf6z05frYxXRgLZz2R00p4jbPZ1Ep4tcs95kZF/vY0YKqS36OxQxG7+l3p1YEzjkfhl21qYp5xgLMggGlt30u13fObezgkYhcsRdepN+9Y7QWkQ+UyFFl798BOqXdOpZ3RRVL3xSMhF9TdM+wU0PnR6jXYlcQjzhj68W4CWeIkKMZ37I1HsTISX8nWMLfYg7wSn+LknUpv4yAph3WAFIqnmehdlJgKPskvAZXEL+c8d92WDSMxNFVzadzZ4qn6cvjEv01NvL8XObAvinxflLK+Jk8rKHsFc1/bsvugRzF+Kdq/D9TGken6xW158qgSk7qyH/TP++qdNevMQFzcI5dydHfX2mp2i6Vgc3PP3Y5oFdz3aOOQ5DCfl+LyEdK4+XeOf2VMlIspxy71ezTcKKK+f3mAUrGAaoiAe95JoiscX7GQh7heSro+xEv/70gNUGOZ4AZBRxP3olzbuScS/1qWxuR6XcsabPPrSr5n4EsJwD+VQNxVWcACiMBPdkYT9PO5hf6cNppakf3Ssz0RGBXpoJeaf8y99OBe5sGTKrfsxL4/BfLbqDO+lB1xRa7wfRZk+e30AgYjyjFbp7u+gIFbAVztFSQuf4kiMY+XGI/HNMjVQ/qoajuCyHnypuyLzSMeMAFjtAXVGZ8iWmC4UAOi8r1y9/YTQGmASCXpe/KIoHAI30fk1s60xD1xRasOOcWeJoGxkVL/UZdF/WMExJtBC5UKVih3L+Ud8iUECGkb95QBHuK9xRSQb8MUPA3UxWEEBqBnrGKdvuSxat0bYC9PscFCCE0Aj1GAQmeL1s/hWmCNhIZVP0YNiGE0AgcRlin5/sJ3NND8Pdf7CZCCI1AP9jZN+tTqGOuKSG7YI+RACGERqAnpngq3nZKg7C35r4ydhMhpCs4RZQQQhgJEEIIoREghBBCI0AIIYRGgBBCCI0AIYQQGgFCCCE0AoQQQmgECCGE0AgQQgihESAXg3Mucc6lWnGVEEIjQC6Mb9jVWEopCkJeP7+duNc5xK508hDAoGS3LYA/tdom6R//wzZLioIQGoE+lf83PJVNnuN5OWXLigbgaP1if3DnByVCCI1AH4rG/7j6GsC1iDyym06GKx8F0PASQiPQpwG4E5Fbds/JMTKRGSHkDOhsYNg5N3LOzZxzK91y59xAvxvXzSbRVENvBuDQ+zPnGTjnpuY8Gz3X6IjHZ3rMQs+xcM6lFcdMzX4T83lqzrFS+STm+5lzTvyGp/TcxHy+6bvNhJAeEZGDNwAzAAJgYj4bAlgByMPvSs6xArDo4n76uD89Zqz7psHnAz3XqOfjp3r8DMAgOH4Tnle/ywBkwfGptnsGINHvRv7cwfGJbv7exXyW9C0zbty49bt1oWAXRS+5fjcximNccQ6vgEY9GICD788ow41XqCWKbtrH8XrsospYqYKfFXy+KWnvrEROi5LzZ1Xf9yEzbty49b8dlA5yzk3Vo56LyH3BLvOS/4dcA9iKSKe55g7vDwA+qVL7r+C7P/TfvKfjZ9qORxG5q8jX/xO0Pw3a5a+zFpHr4Pjv2E37/NzheMChMiOEnGo6SJWSVHnwxvNc1ZwrB5B3HAF0dn8FXnQGYBh6vX0cH6RhBgUplYl620VRQGrbrumXqNRXwbmkabR2qMy4ceN2wukgk0vfROwzjRgPkJbbpkiZdHl/RuEWXT+PUYxtjzf3KJqysdtMFe0wMjXjzzNsa1AbHneQzLhx49b/5vRlbZNq8Qfei8hNzT6V8/2dcwuTkmjKuujcXd5fMINpiuLVyzclKaeDjo9pR2R/jdVobEXkbcNj/dTdpYh8bDor6xCZEUL6pdU6AT+1UlmU7DNskG9fa6rjrqOxgK7vz6fO5gA+6DTK/+lYhs97ZwDuezx+daBYrlrk9A8+9lCZEUL6pYt1AuuagcS1X12qc/WL5rPnAIY9VaY86P50jvtMPWmv2LYiMlfP3HvGSZlBOuR47GojVbUjlpGRdSfH+rb10GZCyCkbARFZRyhZn7pYBp/9LNj3Qf/90kWjOr6/GXaDs18qrrVFeUG1Q4/3NXoGERHQNIhw/OeJOb6RNx9EVWG9oKzEqBzaZkLIK4gEHsuUk3MuM5/baYujoty7euK32K1EHXbUtq7uL1FDcluiJEe6T9nUykOPvw1SMkXnSHRcZSAiywpPfhsYyBgSc+zWXHOs17vvoc2EkFdgBD6rN5f5NI6mAfJAeb03ivdrhfd+p17q3x0Zgq7uL9Pz/CxQvKl6vTclyvfg4/XzOwAjW/LBtCfDbtxjLiJlhuKQnP5S7z8xcpyol/9nH20mhByRA+fiJ/pCr/BUgmEUzBP332WR56tcGfsS96eedG729dsUwdz9Po4351hgNyXWtiem3EWmxw1bynGg1/LXnh6jzdy4cTvhKaJ9oit9U/UmH1T5rVE8ntAmxUEIIQQ4TSPgUx3YDdSOUT8o+pb17Qkh5IyMQIlRSBgJEEJId/wf7fohM4sTVSUAAAAASUVORK5CYII=" alt="\[(\bigwedge_{a \in asserts} a) \wedge \neg query\]" class="math-display math" style="vertical-align:-0.000em;height:2.342em"></div></div>
<p>and asks Z3 if it is satisfiable. The method performs
a standard syntactic &#8220;cone of influence&#8221; (CIF)
reduction on the <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>asserts</span></code> with respect to the 
<code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>query</span></code> to shrink the size of the formula. For example,
if <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>asserts</span></code> is the set of predicates <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAdQAAAArCAYAAADBlHkUAAANSElEQVR42u2d7ZXiuBKGXxEBzUZwIQN6bgQXMoDdCBYygLMR7KEzMBPBDJ0BbAQ77gzMRrBABro/XJpWa/wp25LlKZ3D6e4Z29jS4/pSqSSklKjahBArAEsAUwCfAByllHs0aEKIuZTyDdx63YQQcwBXKeUjtPtmvpgpZoqZctFGFW9yJ4S4AzgBmACIAPyviTIVQoyFEAkpZ279bxMAsRBiGsiLxXwxU8wUM2UzzrEQIhFCnIUQkRBi0ZpCFUKcABzoz2cp5VpK+drEQqOH/QfAq5TylRnof5NSXoiD3gtA5ouZYqaYKVumpJTPUsoZgD0p6LMQ4i6E2JRyUhTyFULsNGW6lVIeW4IzIbd8yQiE1YQQEYAFGVePnt4j8+Wmn1cAtuSxTQDcAFwARHUMbmaKW5+Zons60Z8vRZHZMg/1D/r5aFGZqrDxmvEJ0gLc0q+nnr6QzJcDb40UzGcAZxJaT0jzK1TILWKmuA2BKYpIKP23o3na3INzPwAkfeKi46p+AGzoeqs2rscfPx8AcxrHXc/ui/lyN/Z3AOOcY3Z0TJJ3DDPFn5CY0q4lyVvOPK4s5Kv+89JGqIMSm65Syme2yYK3KE8AVgCe+hKmY76chT6nANZFc4kaH69SyjUzxS1kpoQQY1L4hfpw5LDTDgDGSCd6uYXf1Dh+7slLyXy56eMpKZiyxJw/6eeqRpYkM8VM9ZKpqsrYiYeqafcrZU9xG8bLEFMo5Nnnujzmy1k/K3lw1Oaoyry7cR35wUwxU31lqoo+dOWhquSmiBEaVFMW49bzfTBf3Qu+lfZnXPG0b/RzQQqKmeI2aKZcKVS1fufIGGVbw1Q8YxHSfWshmo3nW2G+uufqN+33a8Vz9DDZgplyMuZTIcQhkGIZg2Nq5GCAF+SiB1dizJHAOyANLR0QZlr+Gz3LxlMfMl9uuNKF163iObqQXDJTTtoCaUZsIoQ49VyxDo4pFx7qWn8gbt+tyIgE3o76Zl1lDqGH7Zsxzq4b89UxVxRaG+d4CUXtX+33T8xU943qBTwDeEWa3apK6C16xuogmXKhUNVAnlngibkQ4ox0LdUGaQWQZyp1FWo5s3OGtenDyj0zV51xNTH+rupN6EJyzEw5U6pvtKxkhjRkvUBaPi825i19tkEyNer4RR/jvZD0twbXWZCVdadPbLruZJ2fqKhx5jEeBd6CMs1iGtBXADMp5dJVJiMJ3Ujrn4TCguZ41W0XfQw8WLmN+XLQR6Fz1cYzT34GptSYaPzsqnynVpC9Nb6klFeKTjwBeEGa6apkpG/ZOEymCipDjPFeGeJsWV1ipa7RoEJFpARGRtWMk1bF4m4cE8Fz5RXyFhKtHyNUrPLR8n2c1DgCmBp9dKaxvtMxc4vrq3M3jp+rMV+u+ihkrkhZS+0zrlllqPYYhcgUyaVE8aPJoEPJeQetn+YdP99O61s1NeBDJgXHVBV9OKqo/W0n5pUlcLW0FiOC85l2EVBGwAtdc0WW1l9It5O7aOcpC+w3D56D2u4uon7cI63UsXWZ5KDVx1whXee1lFJetX5Uc2uxZjFOLL5KXdN1NZlGfDnuo5C5svUmbg2+MyimaI7yDwq1q3MT+lnmDS70cG3H4eAXqpG7pfE5ALhTZrDL6EvITE1sQr66W/y35RfPbBUyAbooWLyrOicC8NUA8deM4zoPFRGUkiC9Id2h54kgdpotSC9HTON4KUhMORhj/a0B5K4zCq358tBHg+CqBSaHytQBaQKYft5/KyoPVWzdWRKUlPJIBSvW9L07UqynUPan9cDUtez8IoWqCxfbtVjTBlbFCcULcacGzHr7k16IC4DfHXiBWZmVs7Z26LFsf2kvclFmm64c3iwF9MOT8GvCl+s+GgpX1pZ8zX4Lhim1zEaPohme57XkXNUurgeI9rZ+RroE5YKPmcFzZuoHowkAxnlZ06O80BJ1LMgafjR8+EdNYbICcMsANDM0o4fo9LAGhe86EX6UwHLCx8zKZR8ydmn81MtwLOmDTy280LeyUEjHL9cjgD4KmSsfXnBITG1hVFQiGaaMtaJqS3oEzltWsZRSldObIU1uWyDdMq2rzODgmCJDVr2DmZ78KONlPpMmvtKL3MQaHlt6ENcij8GwnJxadUZm5Yo6+JmU9wWeG4VADoanj4ov9JeAXg5rvjz1Uchc3Vq4xmPATH3Bj1E8PXejSIbq86fe5QdlBq+RZgYf0V1mcJBMUd9siZPErEo1opc5pjkalX6/p9BS0wG28iBoHdVbFQhdWXVa8sqZIDsiXaKw9lnEO6Pp0D8qjOFK73fL7/zXEEZ991B99FHIXD1y+r1LARoMUxQ2fRgGm2Imd4qAjnM+f1rxmR7akps99UtEy4FWPzNT5GQ+kTOnqlJJIcRhRAc80wFLsowPZJE0jaHfOhrvpQcPdYH3MPMb0k1mr+hfqzz3bay5uyC8dhtAH4XA1S3Hiytrsx54nD5klp4UWRTudTaV0ESxkk74qo398mdmSivruUC6vncmpRRSyv3IsEgu5NKu6SVvK37etpX5fbLfVZajUdJrjvf5hd6U9DKEfxXvvS1P/xfPQnMcQB8FyxW9Yw8Lb0Ifl29DZarEYPtacNy6S7ZakCfmfH5rJVJDZYqmRHd0jZmUcq8bwKO8EIZmuTdJo340cOfzHshbVlxGSa850pJeSU9Kek2N+y3rn7Y8fdu58qbNhi9ffRQyV6bwmlr0dTxgpkyDTUX2LiUGf6/mT3UZS4pDzed3VSI1KKYokVGN2TorklS0bEYPVdjuWH/twEOtlBVHc1OdpH1nlPSakuFx91zSa5rR90VNhaYe+nwd9V0dD8k627Zhs+HLVx+FzBXwMXFrXJMLG2MkJKbyIhpvFSMlvVCmQogVJcad4aZEamhMbTVZkPndowpg1bEe8q7RZup7VQ/1hI7XsFGYfC+lFJrRoSbuDx7qvl6rKguKOoxzQidbzcquY/ldPT3vJIA+Cpkr4GPosuoc2veEG4t54ZCYyjPY/q4ox7yGe4UQG0qMO9GYvSCtwLXueD4/NKZK1yiPil7qFjosqauQqTKMssoPGQJOdei1IHtujrRkobN1exklvVTlkchV5RHDiiwbv22BJb2paf1N6oBKIaWxD7489lGwXGny4JihDHK9He1PmwhXMExVNN7M5iOx0pSzeaUs9y5yU/rOlNW4Ni0GXHL+HPWLH0fIKX6Mj0Wk44JrxABWnguYL+g+1P2eoBVd7/B747Ixw4+FqVfGmCWWRaNXFY5N6hzfNl+++ih0rrQNMyoVGCev6/sGFg0KkQfBVE7x9mnOMVNYFnhvaQx1OZrA8QYEITBlqw87VajGNRYVjz/rwsKA8K4Bey/YNeTkU5lmvKD6M52r9kUXAgFUWsx48eeGQXPoQgBB28mjaAy75MtHHw2BqxxDY16wo4kS1uMulVpfmMrZpWuT8/9JG7K15n1NDWfFu9PRV6b6rlCVNX2oaeFFRocnCnBkbIukWe69Uaa+gNbgOyt4tO+PtX9TAnmnbwtmaZEnFls2yaZKoC5fPvpoaIJSeeiqX4z+O5n92sDLC4qpDCV/VwqCFKnadk83hHZDNLxCZqrvCvVQ9xoEZExA3mHsUVlwzKKPytRHyIUEzVnrnzjHYj7QPWT2c40QfVTz+KQN4W/Dl+s+Gmooj4RUjI/7a55aUGjBMmUYOieNGzVXOdYURGf7n+ZMDcwDkI+9YKrPCnXaVihmSB96sczNflcBPkcC+43Jo6ZCn/kaHldDZ6rN8HTOvZubz0/5vbBnqq0NxtvK5LpSFtu4T9VffDdaGmFmcC5DegbKMp1SxrXNOrVJ04w75mtYXA2dKeN6XWzDt8CPm89ff+Z3ogWmKreRo2dSRSLWrEozX+AjbUawDezWt8b41m1ztLNZN/M1HK6CZIoKfcSqSHrBoWq5xwPpvs1djHlwm8/3nKnqyptc2TxI1H+qvfKaWAkJWQlPPNCDsfzu9BI/WZw7B/CZNmZo416YL2bKG1NUqk+vMT7LOGaF9+pAa9/7JjNTta9Tqg+reqhtVDpSVsKGh3gQkG6Qztf9bnmJP1q20JkvZsonU3ohiNeMZxsD+Ex/vrAyDYapVj3UO93Mo6l216y4TwD+w17EIKy+q403QJ7EKcuKZ76YqRCZouMmSLNIjxnKNCal+yKl3PNo958p4zoq2QsAXmkzi9oeqgKjrcl5tdP5gYc6aEgPtlYfCZcTupnvZL6YKV9M7Ulh3vT7oh1K/iFlu2RlGgZTBdEKAPiSe1SNRc4JWki/xvui5wUvcwgy/VxVHNk0WA+26vD+mC9mygtT+Lj2VC1ZOsNjaT9mqnnf42OVpcLCQYUhX03TRzSPoDLTXpukYpPlsEG6x96VbalgLL4xWdtf+5w5ynwxU8wUM9WUKZpG2OJ9Dr00XF9JoWo3+SvSNW1qW6tISvliebMRWXwzRiAYUGOk8xHrAO6V+WKmmClmyuZ8ld39QLqmOSLlXJqXUVmhdvTgOwC/8LxCEJAGN1bMF48P3zMzZePh2iY1/h91yI6Gqn8CUQAAAABJRU5ErkJggg==" alt="$\{ (x&lt;a), (a&lt;0), (y&gt;0) \}$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em"> and
the query is <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHwAAAArCAYAAAC6lezxAAAE2ElEQVR42u1c/3HbOgz+oPMAijtBlQ2UjmBv4LxO8OwNnOsEPXcDpRO8KhsoI0TZwHoTNMoG6B8BU0TWD1KSHTsm7nTy2SAp8wNAAARFzIwuIqKYmR/h6WiJiGIABTM/t/EFHZ2ERLQFEPkpPXqaAsiJKOoFuDT8H8AdM9/5+TxuYuZ7AJsu0KnJpItmF8w899N5EJO8ALASazoF8ATgHkDispwSUQJgBuCqzrwHDY1SGfTaQ7F3oCNRrp8AMgHqAsBcmenEQdNX8jFtYnhzAVgCYACL6m/+GvcCEMtclwDCBp618GybeFr6Xe/8VsNcAsg9IAcBfGujXKKtDCB16Nu0CRsBl0WfAcw8IHsH28z11kFjrbERX2BHSDRDaPsA/hoFcANgYslfCn/mMEYubWLznXbavsk98a7UQTxyQ7llswe5z4gotGzzXe6rOi99KfdbD8ne6av6XFi20SHWzNJjv6tg+wI4Ec3EpHem5jyNQhqwJ8s2WjBcciOPgvFSa/i1/tHTXs15KMpVp7lt9Ft9/uIw5IPGOKhIXOYhOUjOGz00XAtG6DBepjEOROKiijT0kdwZEWVEVMqVGzNSySqlRLRt4jkDCvcgNG10r+c/0OtJ3y1QSf1tAGyY+UJSg/8BSCRNa7bvcglDLoXnQXjWZ6zhexUa8cmetZavh8TfEsZlHZmkpcSRcaWdiUXzEeLatepv31c24DkXlb7CPu0cxzTxeDIBcOnoPLwx45L5uWzxLCMB97ZiQf7pEZp0eaN3I5nMrrX03X0dIgodIirjJ0QTtX4/9Rg3RfuOmt6X3dQkBb6JWf936ATIfvD9uSwFjuGz4Y0C1dGzo4QtADzJRHcBXjBzUXngH7Lez88s9n+P/2qUeRooE+iq4UWbdouTtuMpeuplSYcKzSv/pK+GW3j0s5pY0NPuPE97AOgqNCZpEwYjSVwdzb2GW4Fl62RejrEsBCMnBOo03Ofnm+Nil7hc4+OaIPtkBGWiBp+O9ackXDuodsuYqwOEZZA4/MeA9g9KIWxLwDVf7jjeq582EecrHnmi5jbrt5TThiMdcphLcuJQNATwVAFuO+/TAUr06qcFKukxHXEybDU8xUiHHJj5hpnpQNfQ0u1fDcrRRibqeayGuA4aXgR4SX+6mBZzIiWVDZBNjdbGXeu3hG3ROR5ykDm5rVGOtpyHoZsBSZvCSI5rXlfnwbmhOK81Ry7r0OKMa9pC/K1TW3bwZnCsWm2on1tUv7CtiMxUm7RSKVnib2172VJCm/pCRszUPMZj1aW3VLyG1d2UjWUnBtCk8vBbIzTKCmwqPLkHewcQs6u4NqCK8pja8qwP2BWstq9lysoMZ47bfLlodCkPFVnw+Jr3ZmByZeZL480P7DfRyknMbBytLYBnKUzw9EFIHfe+YubHQLzGQsKnsJI08XTaYEcCdmFyHTq1ag4g+BOjH4dWFWzfng9X6n/h898fQsNLseAXdZsnWiKWfrpOHuylxPpvqol23gBBRBleCt0/ey0/ee0umPlKfx802P0QuzVonk4H7E2ddtcCLh77NYCl99hPEuxYEjirul3Itpf6bGQtv+qxO+PpfcAO8fLmrV/qXS92gEsHCdrrzj0dF+C5rNvNxaVdb2KUY0CfmPnGT+lRg22F0x/K5fRP4uuVwgAAAABJRU5ErkJggg==" alt="$(x=0)$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em">, then the CIF yields the
set  <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAT8AAAArCAYAAAAOlo+SAAAKQklEQVR42u2d/3XquBLHv8PZAghbwZoOyO3gQQewr4KFDsjZCu5xOoCtYK/TAengXdKB2QoW6GDeH4xuFF//ki3LFpHO4SQkxsijj+eHNCMTM6NuI6IlgAWACMAXAHtmfkKLRkQzZn5DaINuRDQDcGLmq2/9DnwFpvLaqGYnt0R0AZAAmADYAfhPG8VHRGMiSkWRhjb8NgFwJKLIkxsr8PUJmCKiIxGlRHQgoh0Rza0pPyJKAMTy9pGZV8z80saaysX+A+CFmV8CA8NvzPwqHAxeAQa+Pg9TzPzIzFMAT6JMD0R0IaJ1JSdlYS8RbTXFt2HmvSU4U3F3FwEB70KVHYC5GMLrQPsY+HIj5yWAjXjXEwBnAK8AdibOkU2mpE+JvH0ui06rlN8FwBjAlZkfLAkskQv9zbf5o9CGr1wCX84864MovK+4zf1f5e8xgKX8bdMHU6JM11q0+lbkNha+ALC8jmXH1X1JhxjA0sb5wqufF4CZjON2YP0KfLkb+wuAccExWzkmLTqmS6a0c7F4obnHVXl+6p+vljTyRbT7Y7Cf3lv/RCz8w1A8rMCXM68/ArAqm0/V+Hhh5pVLpohoLMq5VHeNHAotlhD6KSB0F02N418DuSkDX25kHImBqVpI+io/lwYrsFaYqqs4R46ENhZX+CQrPKF53pj5BOBN4J71fFMGvty0rfKmavDxBuCaUWqDYsqV5/en/NwFfu6qKeu+6bkfga/uDcxSe3us+bHv8nMuBmpQTLlSfmrlZR8wyvdcJJF87lO/tdBn3XNXAl/dc/Vf7fdTzc/o4ed8aEyNHAzAHLe5mFNIPciFM8ZtcjYGsPLwMt7kWtY9yTDw5YYrXXmda35GV5KLoTHlwvNb6RcU2i1PSnKRLrjNo7zhtnq28fByvmfG2XULfHXMlYSs4wKPrqz9q/3+ZWhMuVB+ymIcApw0I6IDbvlPa9wmjh+lRMfXMqyDSVgT+PKSq0nmfV3PT1eS46ExNep4UMZ4Lyz/3ia0kcLli7yOWZdYrF4iRc65x/QI55yIjrhNFM8BvACYMvPC1Y4jcoPsNPmkEhplx8u0vepj4Dq8s8GXAxn5zpWNa54MjqmSLOkx3rOkDw0zrZfqHC2ytXdqcHMyyBMto/uSOWaHnqsQxAqnmhx3qJnxbrkfiRpHAFFGRgcZ64scM2twfvXZtePras2XKxn5zJUoVtZeY8OKG+MxastUHd1V9uFIO0HSsAM/ylxaKL5Dwf/U4K9FULMcxWetNK/BdavBU/MvfSi9SJPTruCYQ+ZGmjf4niMqSok6lHNjvlzKyGeudCNjqPyWLZRfK6bq3P9lYa/ubv6voWM5NZwg/eDSC2SLipWkHYBvGTf/94IVp05DMCKKpSQwlnmRDTM/MPOz65VICc+OMo6vJZPecWasm4SP5xxmXLTGfPUgo7vgygKTrpg6VX6+RhhQW9MXWMxGYXM2jC3x/FgPUzIW8tC1ZRThfvA0MYDCes1ylo5fZnrj2DJkTB1fY2O+XMvIZ65aeH5twt5WTGW+e17b85N9/FRG96aFdZk0scySTX6uKFVSGv0kZTG6Qn8Wy7joyjLK5HiSWWFbDGHlVsZPlQftK2TwJW+iuaHnN3F8qY346klGPnPVh3fZiinZe1TJK8lbOBkVLJnH4jYuWm5gOjZcGtdd1lUZIK5grFhhW4qAH0XR9l5XKqGFvkKZVHxEn1b426ObozFfPcnIZ67OFs5xdc2U7CazEU5SmT74oQR/EcEfNSsIAE/M/NyXZa6xTK/n/xwcKRW1gaMS3h5AnPU6B9D09J5rjRtnaSD3ovZvRhkN3fPrQ0Y+c3XNkbupzM99MMXMeyL6JgZuC2BLRADwPJIDHgE8iIV7ARBLjlPbnRXOHQ3GogfPb64B+obbKtTQFB/wsSB8X8MDivrwoHv2SIYkIx+4Ohd43FVt2nd0oJX5zQE845YHScz8NNI05JWZX8VVXMmAHDO7ObQNT2wCAzis55Tw/1GMw0xkcxzSZgSZG7WOV2zLg/51IOHvkGXkLVdyj11zPG6TcfnumimZwtvKOabM/KQbllHBxb5oFjFpkWV9NRRWrbmRHry+HyGPGIepyGeG29OiUktGom2LMv2tko8tD7rp3K6tcGzigYx85iqrvKIGsj66ZEoWtJSuWOV502V5fvreaE13xz114Pkt6lhiKXebdQTrSXLCHsSVjsRIXHouqYtyZF/WVD7kVZ/LEtmZeB6NV11btiZ89SUjn7kCPi4KjQ25aGI42jK10cYt97tHNcAy0fRF57CZAlHX80vQcdKtTBU8MTNpBmInsMY91IGe6t7Y4s2PC0KSDT4ugNW10qeernfigYx85goAvhU4IGVNyeetwTxmW6aiKs9xVBHnt22pqfKUjHZl7eIcGJVAC+f7xOOLXOZFqdxCuSnOMtdwkUL5yFEf3nJCwirLCPy8HdTa0FJPTECVtI5xH3z1KCNvudL0wT7HASka42XLyNGIqZrG7qeLalUcbPAIubFBPW9uVjhuuVmVmfYYQJWFAKJXECTIVKJ0XNlxMChUX2bGLG1YR7mscWxqcrxtvvqSke9caZUutTYcwHv1TdKyNnfpfGMDG8ovc465YcnSB8GJdb/gvWzlUlIWk/RdXpa5UfRrOqDDwvgqhYBbzlqKj+U/2U0h4i4UEH4uk7pYuF7jzQZcy+geuCowCjNbz+21YdSGqPyUlYoNa/J2GYGnanA17zDOsYiDUXx91Wpq8P2obda+/6j9Td08W32rpIY1lKnhjWNlhxRTvvqQ0b3VACvPV8klI78kK9cWdbmpBaPYq/KLTc8hlvconp7aoCCqccx8iIovJ3TQw/cUHeyDJ4rmoMnnmPc90pe0SM4G0xQ7w+NTGzdqE75cy+ieuMpRUkd83GYrsWDQjJgasvKLbIU49/QSWLP7sy09vI4UzTdB3bW9QQNf98dVG6ZMdNfIwSrRSVbFxr49mtFBmkx2JW/h0zXIamMkK+9Nal4nbVfzAl/3xZUFpmo3V8/tVQnTK4SWB+yemacePr1tkxlf0zaDnY1BA1/3w1VbpuorWnERi7Sw+udryY7KdTV6Khr9ITxf9T4aEV3kJnto8NkZgL9kUw0bfQl8fXKmTHVXXc/PRoWG0ujrMMR3Aekat/mlPxqe4k8AXzvwGAJfn5cpq57fRTpzbauJ5XwH3HbF/S1Y57uw0Kcmnpt4fQkzTy33KfD1SZnKnEc9lAoAXmTTCGPPT5Wz2JpMVruqxmGovYY0bmqhpawtQTfzc4GvT8hUSRQAlO28bZBEmsJCfhPes/znITXBy1QKlX2/bpHDteywf4GvT8ZUSXVIacGDadKhelZoZCEx9YIBJouGV63azt3A+xn4+mRMidLTK10qK35K5/xywpXfccsZUlv97Jo+64OIdmKdp8Hp9yY0OcqczMqDvga+PgFT2ir/FbecUfUc78o539rKr6ML3wL4lZmfAgaDh9S7sQp83f/4ENG46eLW/wFYC6S3eQ2cTgAAAABJRU5ErkJggg==" alt="$\{ (x&lt;a), (a&lt;0) \}$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em">, which does not include the predicate <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHsAAAArCAYAAABYSfeIAAAFwUlEQVR42u1c7XHiSBB9rQhkNgM5A9jLQM4AbiNYyADXRXCFM4CNYC0yEBncQgbiIjiLDPp+uMduj5E0IyQkajVVFAJmNINef7zuaYmYGVWNiMbMfMDQetmIaAzgyMynsn5BxUlCIsoARMMl7XUbAdgTUVQLbBn4L4AtM2+H69nfxsw7AKsqwKnIjItGH5n5YbicrZvhKYCFWNARgBcAOwBrH/dJRGsAMYDJOZMeFAxKZNLZAEWrIEeiVD8ApALSHYAHZZrXHhq+kMOkqMOHF4A5AAYwtX8bXs29AIzlOucAwoI+S+mTFfUpOe/y029nOucA9gMgrYOduSiVaCkDSDzObcaEhWCLk2cA8QBIq0Cb65x5aKozLuL7PwmI7hC6LmB4XQy2AW/t2D+X/qnHHHsZMzbfaYL2l7yvB+rUOvM2be847Je8x0QUOo75W94X59j4XN43N8pqV1VJhZ60b+r46DhGh1GxIzPfWri+gk1EsZjxypRbT1sszDUjoqTnoGuwXhzHaKHwyXscBN+51uyZ/vEGM0gbABMAWwBTAT0VIe6TBQpFqc5pbFn7Tx1/9Zjyl8Y3sKQtveGU4YGZZwDuxRXFAFIi2lt+suscNmpothaK0GO+VOMbiLRFliT4SGssFzQnooyIli4SLmMyD8LhCvpRMkl3AJ4kdElkrnnHYIctCExZ21l7HZiaUKBGCLGU5EAkn9dyrpVjnPkhNGgx1Fmq8CWXz2EHIVes/jd7ZMXmepznnOZ/zwOl1UdfjZZwbcLMZmxmM8AqknKNfXJmfpKc80JM5wpALgw+vAHNfrlgToPNJBAf50MWTFsBmFns/Q/HPzXughAy84aZ74WwHIzG3wCDP0f0fAUl0pr94qnVoeyjntPYY8XYTz7lyqBvmXkiYczOYvDjHuI7stbvo5gnDfaohmYv7EybMN7QIQv3cIYtdsXgd7Jffy9hW4zXbcW2GHwXOQyjxKNAAeTjF36eybTpzNDG0V/v+qA2wuBnwuA3LTL4lw4E5qQzaN6aLWbwZPkQowmHIjMj/Trx147/66TCtke5NmsJK6ctADW6gsCYhEwYNCRtf6rjMhP+tWt/7Qq6mPVnRTgfWtBsV6J134QrCBoK+Bfq+Lmk36wv/rqEQI6lLCuTEPIgUceiISE61dBsjY1v4uuLEZJATT6qeXG0ad5VMMXe+WsrE5jiddtxKpZnwsyThqtrNViu4Z7ut/ec742TBSpMqqvZOpQ6VAhF1DcTTkRTItqLpYnFfN8z80NLCZ+khjUdXeD+Rlqzj5dotiV1/zgKRdoDkOdS2ZmIZXoCcMfMM5URbKM9F4ShTkmoGmszAnUM8J7ibCKDdHSMr3cdARwS0ZKIciGSI2Hdd8z8eI29fJljc0YBCi2P+vh4QULmaKTGKzFfkqSPKgrgam24NLABEeLj5ksGYN5hDVoItUFR0TeFZ3VpQb3b1P4irrlwLlq4/J6pPukVL2qE9504NuSrJ0WHegds3FTdeEllamhXIq5qLtxsk+Zm4QLyXBaaqkmXVyrA13Om6GF5tKzTKMLbtqsIaaLWHtY8v7G62VspsTJx6YVaZOLTXF5rAT3BFfavTW5bzZXgCvvlDax7LuvWe+7JpQKqrNpag218at5ynXTeornWrmJdxB9+07tOxm9140LndwDCpov0rPO1VaYcW8x60XL41Psm+/MRXiuGDyYUsP3u2kObKn298p05OigFGm4xeudIRWofOpxME6CsgrgNd4VeH+zcdptBwYaGyx6uTsJsC9KjP+Tj0/D0hutmB4UYf7czOuc0ttLkSr+9Q2y9GjStE63eu9yfHbn4bokRc22eBeSlCr2GW3+789XjSrAtXxt7xNaGhKVdpiKHpzkUp2DLHqCzEt89+d3DmBvx0yFen271XFRoQWUPvTNP35Fa66H1G+y9xNSFDz2iqiccyr1bX5j5cbikvQXaCaP/ARkKmH4kBGSOAAAAAElFTkSuQmCC" alt="$(y&gt;0)$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em">,
as the variable <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAaCAYAAAC3g3x9AAABcElEQVRIx5WV4W2EMAyFv9wEdAVGQB0h3QB1hOsG7MAI1xU6At2gohvQFdIN3D/OyWdCQiNFMth5+L28BESEPIEIrEACNmCy+dIEOl2zAZ1NTPqy1+cbIMDcAJy1ToDBdpaAzn1AgNQAXDOgiGBfRlf4YQsrgLm7VZ+JwFYoTFq4VcCiAZxFhAvwpnrdRwhhVLHxOTdeTLzkYLTaebo+V9PvrmHBBg+6VOyyq7sUaLyauEb32cSf96hGo0H3ZupikbKjsTTsspVs5SlHE38fcQ0hdEC/ows7wN7EXxX9YskuJUA7fk7676FDr8vVaNgfaNebmt2xrG3K9cB7W23jSh2M+ZYBBgN0VbDFAE5NQEPrQwGSzpsC22M5+LUhXzlnRwghL/gVkSefv/wTzNrlvVhkKK6tK9/ol46OpS88vFDNZgkwHn7Un8tSh7oZ6dRPy3S4nvDe3Pyt6qJBOxgd0GRsE1tgDz503svCL6Wua/MPz3MNm1mBZ2QAAAAASUVORK5CYII=" alt="$y$" class="math-inline math" style="vertical-align:-0.210em;height:0.676em"> is not in the set of variables (transitively)
related to variable <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABUAAAASCAYAAAC0EpUuAAABHklEQVQ4y6WUYY3DMAyFP08HoBh6DIohY7CjUAjlMAjDUAg5Cj0GHYVC8P04Z/KsrOl0liLV8fPTSxo/VJW4gARkYLO1AGPA9MAMrBFTI7wZILm9CVBgtnwwohT6FJhqhPmF+tWaRiMcKoQKLPHIa43Q6tk13kJtc7U5FtIO6eoa+1CbrD8DXdm87Kk0TCHcxakqJ/7iDnzxIkRkcOk3jfgAUNWfBi6579wiPXEszu8oFbuvfZBIAd1V9fPfSkUkvaPy6PHPR+5TRPrHD209DxvZ8py6Bu5SrrMzY9iAa8U0mu+zeIHLn+ZWA/jqZ/qIykLqZ3oOKjczEPVKAuHs+wrpGE2imEvxAneaa8AskfDhpzb7izPlXDGNGqZqQL/kpe0Z3roFswAAAABJRU5ErkJggg==" alt="$x$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">.
</p>
<p class="indent">If the formula is satisfiable a model is requested
from Z3 and lifted back to Python&#39;s type universe.  Note that
because of the CIF reduction, the model may not mention certain
input variables, in which case we simply keep their values from
the execution from which the <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>asserts</span></code> and <code class="code code1 language-python lang-python python highlighted" ><span class='token identifier python'>query</span></code> were derived. 
</p><h3 id="sec-putting-it-all-together"   style="bookmark:4.6.&#8194;Putting it all together"><span class="heading-before"><span class="heading-label">4.6</span>.&#8194;</span>Putting it all together</h3>
<p>The class <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>ExplorationEngine</span></code> ties everything together. It kicks off
an execution of the Python code under test using <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>FunctionInvocation</span></code>.
As the Python code executes, building symbolic expressions via <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>SymbolicType</span></code>
and its subclasses, callbacks to <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>PathToConstraint</span></code> create
a path-condition, represented by <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Constraint</span></code> and <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Predicate</span></code>. 
Newly discovered <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Constraints</span></code> are added to the end of a deque maintained by
<code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>ExplorationEngine</span></code>.
</p>
<p class="indent">Given the first seed execution, <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>ExplorationEngine</span></code> starts the work of 
exploring paths in a breadth-first fashion. It removes a <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Constraint</span></code> <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA30lEQVQ4y52UURHCMAyGv3AI6CFhEtAwLZMwD5UwDZUwDUgoEigOwksHIUdhJXd52d98f65NhqryLYERSEAGSs0LMANBVflVnAEFIjAYLQBThYUWYKnFxRY7g/I0+HBgNYDQMFGTyYvJiGMDEBxktOJkhHXHZcfNyNLLry6a0AqZDaD0ACwkG0jshRxEJAADr1jpjIMDAFz/gZzsB1Xthvh3z92XCuejqt5F5F5hXSEiCbhttGi6CTs7SNtQ2mHLe57YbPfyNidVHNzqB6dNVc9+oj85TXVWivsJxdY6PAB/ne4jt7G24QAAAABJRU5ErkJggg==" alt="$c$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">
from the front of its deque and, if <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA30lEQVQ4y52UURHCMAyGv3AI6CFhEtAwLZMwD5UwDZUwDUgoEigOwksHIUdhJXd52d98f65NhqryLYERSEAGSs0LMANBVflVnAEFIjAYLQBThYUWYKnFxRY7g/I0+HBgNYDQMFGTyYvJiGMDEBxktOJkhHXHZcfNyNLLry6a0AqZDaD0ACwkG0jshRxEJAADr1jpjIMDAFz/gZzsB1Xthvh3z92XCuejqt5F5F5hXSEiCbhttGi6CTs7SNtQ2mHLe57YbPfyNidVHNzqB6dNVc9+oj85TXVWivsJxdY6PAB/ne4jt7G24QAAAABJRU5ErkJggg==" alt="$c$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> has not been already &#8220;processed&#8221;, 
uses <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Z3Wrapper</span></code> to find a new input (as discussed in the previous section)
where <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA30lEQVQ4y52UURHCMAyGv3AI6CFhEtAwLZMwD5UwDZUwDUgoEigOwksHIUdhJXd52d98f65NhqryLYERSEAGSs0LMANBVflVnAEFIjAYLQBThYUWYKnFxRY7g/I0+HBgNYDQMFGTyYvJiGMDEBxktOJkhHXHZcfNyNLLry6a0AqZDaD0ACwkG0jshRxEJAADr1jpjIMDAFz/gZzsB1Xthvh3z92XCuejqt5F5F5hXSEiCbhttGi6CTs7SNtQ2mHLe57YbPfyNidVHNzqB6dNVc9+oj85TXVWivsJxdY6PAB/ne4jt7G24QAAAABJRU5ErkJggg==" alt="$c$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> is the query (to be negated) and the path to <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA30lEQVQ4y52UURHCMAyGv3AI6CFhEtAwLZMwD5UwDZUwDUgoEigOwksHIUdhJXd52d98f65NhqryLYERSEAGSs0LMANBVflVnAEFIjAYLQBThYUWYKnFxRY7g/I0+HBgNYDQMFGTyYvJiGMDEBxktOJkhHXHZcfNyNLLry6a0AqZDaD0ACwkG0jshRxEJAADr1jpjIMDAFz/gZzsB1Xthvh3z92XCuejqt5F5F5hXSEiCbhttGi6CTs7SNtQ2mHLe57YbPfyNidVHNzqB6dNVc9+oj85TXVWivsJxdY6PAB/ne4jt7G24QAAAABJRU5ErkJggg==" alt="$c$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> in the 
<code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Constraint</span></code> tree forms the assertions. 
</p>
<p class="indent">A <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Constraint</span></code> <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA30lEQVQ4y52UURHCMAyGv3AI6CFhEtAwLZMwD5UwDZUwDUgoEigOwksHIUdhJXd52d98f65NhqryLYERSEAGSs0LMANBVflVnAEFIjAYLQBThYUWYKnFxRY7g/I0+HBgNYDQMFGTyYvJiGMDEBxktOJkhHXHZcfNyNLLry6a0AqZDaD0ACwkG0jshRxEJAADr1jpjIMDAFz/gZzsB1Xthvh3z92XCuejqt5F5F5hXSEiCbhttGi6CTs7SNtQ2mHLe57YbPfyNidVHNzqB6dNVc9+oj85TXVWivsJxdY6PAB/ne4jt7G24QAAAABJRU5ErkJggg==" alt="$c$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> in the tree is considered &#8220;processed&#8221; if an execution 
has covered <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABoAAAAgCAYAAAAMq2gFAAABfklEQVRIx7VW7XGDMAx9LxPQjsAIuY5AN0jaDegG6Qg9RqArMAIZoYxARqjZQP0j5xQHwkdt3fnwWaCnjycZighSCckcwK+IDLuEIAWAHoAjeUgGBODT7F+ZInUkMwDOHB0hItEXgAMA0dWLCFKl7t3sKwBIlTpvdBCRJwDxI1K2efm+7hLUpzb1ya7nCYCcgtQ355FBchNNbnWxa3TQ51lELjeayBF1Gs3+ThcRJFOQbky/W0JXkg3JnqTT1ZE86ajx8qbPr1FDDzz001e0u/PA+1JTlZn3m0l7M73gQvYYo57G1aLUjhhpDUg24YiY1awGAtAYA8VM0R++NwmkOfcftzMMK7RuxWJWGi/dWi9X0V+BTgbEpbgMfR99jI72iLLTpsvNWZsEKAABgEsqoOdgUiQD+vlPNCT3i4BEZAAwbPw/aAIiTYvSuxq752eatplr7KmG7ZcMSTPV69UNa+57ey1kga5Ufb9lctz9QJIsARwBvAQkOWuqzlvq+QfHcTb99odbjAAAAABJRU5ErkJggg==" alt="$c&#39;$" class="math-inline math" style="vertical-align:-0.000em;height:0.833em">, a sibling of <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA30lEQVQ4y52UURHCMAyGv3AI6CFhEtAwLZMwD5UwDZUwDUgoEigOwksHIUdhJXd52d98f65NhqryLYERSEAGSs0LMANBVflVnAEFIjAYLQBThYUWYKnFxRY7g/I0+HBgNYDQMFGTyYvJiGMDEBxktOJkhHXHZcfNyNLLry6a0AqZDaD0ACwkG0jshRxEJAADr1jpjIMDAFz/gZzsB1Xthvh3z92XCuejqt5F5F5hXSEiCbhttGi6CTs7SNtQ2mHLe57YbPfyNidVHNzqB6dNVc9+oj85TXVWivsJxdY6PAB/ne4jt7G24QAAAABJRU5ErkJggg==" alt="$c$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em"> in the tree that represents
the negation of the predicate associated with <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA30lEQVQ4y52UURHCMAyGv3AI6CFhEtAwLZMwD5UwDZUwDUgoEigOwksHIUdhJXd52d98f65NhqryLYERSEAGSs0LMANBVflVnAEFIjAYLQBThYUWYKnFxRY7g/I0+HBgNYDQMFGTyYvJiGMDEBxktOJkhHXHZcfNyNLLry6a0AqZDaD0ACwkG0jshRxEJAADr1jpjIMDAFz/gZzsB1Xthvh3z92XCuejqt5F5F5hXSEiCbhttGi6CTs7SNtQ2mHLe57YbPfyNidVHNzqB6dNVc9+oj85TXVWivsJxdY6PAB/ne4jt7G24QAAAABJRU5ErkJggg==" alt="$c$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">, or if constraint <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABEAAAASCAYAAAC9+TVUAAAA30lEQVQ4y52UURHCMAyGv3AI6CFhEtAwLZMwD5UwDZUwDUgoEigOwksHIUdhJXd52d98f65NhqryLYERSEAGSs0LMANBVflVnAEFIjAYLQBThYUWYKnFxRY7g/I0+HBgNYDQMFGTyYvJiGMDEBxktOJkhHXHZcfNyNLLry6a0AqZDaD0ACwkG0jshRxEJAADr1jpjIMDAFz/gZzsB1Xthvh3z92XCuejqt5F5F5hXSEiCbhttGi6CTs7SNtQ2mHLe57YbPfyNidVHNzqB6dNVc9+oj85TXVWivsJxdY6PAB/ne4jt7G24QAAAABJRU5ErkJggg==" alt="$c$" class="math-inline math" style="vertical-align:-0.000em;height:0.468em">
has been removed from the deque. 
</p><h2 id="sec-int2z3"   style="bookmark:5.&#8194;From Python Integers to Z3 Arithmetic"><span class="heading-before"><span class="heading-label">5</span>.&#8194;</span>From Python Integers to Z3 Arithmetic</h2>
<p>In languages such as C and Java, integers are finite-precision,
generally limited to the size of a machine word (32 or 64 bits, for example).
For such languages, satisfiability of finite-precision integer arithmetic
is decidable and can be reduced to Z3&#39;s theory of bit-vectors, where
each arithmetic operation is encoded by a circuit. This translation permits 
reasoning about non-linear arithmetic problems, such as 
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAhkAAAArCAYAAADVN5oEAAAM2UlEQVR42u1d7XHjNhN+kLkCaKeC0B3I6eCVO5AvFZzUgTRXwQ3dgZQKEqoDKRXEUgdSOjipg31/cGHDsD5Ikfgguc+M5ny2RECLZ4HFYrGriAgCgUAg6CeUUgMi2ook3uUBYE9ER5FGffwiIhAIBIJeLqaJUmoHIG1BX8dKqcRTc/cANkqpVFgiRoZAIBAIqi/aKYD/ACyJaBl5X0cA5gCGPtojojWATAyNhsYPwBjApIFn/YidrAKBQCAA2IOxJ6KnFvR1xQbGnc8jDKWUNmwe+350wmNwD2ANYAVgD+AnER3Zw3SPwiM2APAE4J6IHrWRMWUj475GHxIA6zYQViAQCHq+YOS8eP4W++LJC9gBhcflWYyxoEZpFa/OE3uE8IWIXgC81OzAQVRXIBAIol8sxgBGAJ5bsjsf87/zQO0/ozg2mfJaKbiMPXPrLZBYYjIEAoEg8G5dKTVXShF7GVwiA7Bt0dH2BMBR74p9gxfLJYDMY+BpG3EEMCGiB/um0heRjUAgqLooyvW+RuSY8qI/MnaBPxy2l6E42p61RD4DFC760B6EGY/Rnyg8G33VvxmKmIzfmUfauHi9dAVajAyBQFBlgtPBcA8ijVqLZ4b32xJbADOXu3XehU9RxBesWyIqfSFhHrITRLRXSm0BjELnFAmtf/zdK31/OS4RCARVkKIFeRUiNS6GHKW/4YVijeLmwqOHhf97DAt2RYxRHO3sI+jLD8vwEf0TI0MgEAiiMC5GSqkNiqt/QxRn/I9E9ORxV6wDKBdtkVlMRpERwzIWRouRIRAIBDEslGO++pejyB+wAPBARM8+Xe5KqSGKM/Q2pcrWHoO/I+rTVo+rsFuMDIGg6YlaIssFZbky5Wv9c7wHLt4R0SSQ6//ZXCRbomtDFLkxYjKKXi15CsTIEAgamfQyAAfeEQoEJxdGw7jI+NczNi5mgRdLzdtVS8QZOjfGOawseQpiMzJ04JNS6sCvje16UkqlSqlcKbU79x4Pfdxw2zul1LTkBLPh9yeeZTrnvl68Y89yHzSx4BrjkvaEK1puaVfHtQWLeJR6yW1kKLJSvhkXRHRHRC+hd+L8vVNrJx47LyvnxvDEj7U59/TYoB7xvKt5cHnuJaLaL1aw1ZX3zMFR1cbvpgAIQM7/H/CzhtbnCMC0ib5e6eMUwA5AarWdXflcxu8jAAPX/eQ2E+4rWa/NGdmvGmhzeK2thr5bVFwxnjvq4rhW7N+qmDa8thmdXvLCPTeevwMw9imXkv0c6T62gZes11fHNhQ/eM6hUGMdQv+43Z0xL+u09ImhC5mhBx9kaSvNra+LRsYl0hnEHfNzBicmd2cLmrWAHrTgrIXtcOWzmyYUuWJ/N9YEdzBlZSicVsCkgTbH1gRzcGRgBOHKORkZCjQo+5k2jWvMk1xsesmLYG6NySg24+KErHZt4KWhx2mM/DA+M++ZkaG/97Cq0aYtVGrgtbpAgt01oZ0aOIvIuQchDq3f5WVI6MsQOrHYj07sNsYsU1N2aYO7bPO5mYMFJQhX2Fgm2ztiyTs9M4Fv2jyukRsZ0eil6RU41a9IjYx5XRn45CU/ZxMrP4w5aNUzI2NaxttjbATfDL8vXKp1gnoZxC6df+W4HI1rnm1l1t9+oEgi8wrgm8vzXhbI+kzA1P7KZz+d2TnGM4oiNEvr6OuI4prcgs8MV/y+RiLamSu/8cSyd1D/ICRXfqJIkZsAWCmlXohoZvwNWo58fpuX4UcbxjXmOIzI9HLPr7eS1kqp18ivhaYmh2PmJefGSMoGfAbix9F3fFYMqFAcbsn2QMLz8cxpTAZb/ruS1uQuoLWf2+f41q5lWtJFNIxk95KeOhuLfMcVBVeMo5g3N7CORbHcs953szGMq8+dVKx6qblqetVCeJUqurnz2HlpeAmSWPlheIYOffJk3Bq3R0TOb5fsL+1MrejjkPn0/8LnTHh/GD9fypI3NKy94DUBWKZ6R7FtkbEcBVeIaEFEdxzhroPdngAcuW7Aivv65CkddNvHtXN6SURLInpgXmzZMN1xxH1sO9ykAU+Gc17emBsjBD+kMOD1efyjx8jX7ZIrQUleIvcrxh5cPa8r+z7P3oBNrLuqhgLYvHKFZWp6LgZdGVdLpq5fq67qJR+dmPFCq1i8iAZ3s5h5aXBxGDM/TJ3pm/5VjG178yaFrsL6FIknw8ZX4+dL54O/x9J/vhf+B4D/dbQMt3eu8Lntd2M3OAAwUUplvuIhHI/rls9Qq+SQ0GWeq47Bqqt6yTv4J97Vf9eLL1funAX2cP6sOL6heFk5N0YH5u3o9Y85nQO4Zy4vSvDNxENoT0bweIwS17WSEudzQeMxmAR517wXobhi7ND0rlTHYQyMs/jctccoxnENeSbcFr3E6Rwao0Ay03ydx8pL3JAbIxQ/jFiOXsRkWDK9Gi+Dz7dV58HSige6lVH2bFCf/6+vWOnB4zG4dPSeiDqbT98XVziTnVnQakJE2oOSENGWz+KXbIjsOLNhKuMqemm0uSeiCYA7FHVLUgA6M63v4lpaTvcR83JixFjEzg+nMS4RourcZvNsF7J2yVMZVw6njvaZNnloubMukToNZSTplLi8Q5mVcG125ajECVcMt2CKInjpwXANJsaYgyfYZ4MvGxlX0csTxsaRx/AORR2TewA6Lbevsdtbi2OMvPwKYFszoNkXP+4t463rMI+Fy6TJt42S9S+RTBqXBjuH3zvJZlv/luy/18JDrCgbFGdkyyvvHRs7hS4sME64whPckhXpwYq5SG0rneWuvRo/ZFxFL68YGy/GraWfADKu+5A5rne0r+vJcMlLowz9Xy3hR3Ji8e0y1jzH3V0zLhnmJm9PRFtnRgZbvrqISmbvOI3O7M9ZR7y7TMskfeICOYkjBb22u1776h8/4x8Urvz1lffqnPJZw+M6brIiqW+uXFgMns8o0q+nrHR2iz9XSFQT7bi2eHdVSy8DGBwLPnJ75u8xRVHhd+7o+uvuzA4zFl5qg2TREn7c98zImKM4Gi4L8wrxTJPeSeAnPgbX0IVEKJsrQSejCsFNta834mN9jrTMNR3P/dOBOAe8F60ZXvgeu4av9jaeVtwnV2oEujm9OhtyXFuS1rhxvYwoeZEZXDd1cL22VNCeb17iPUhw1RZ+IHDKBYQpUDhHiau++JgILf9UIM2BkbE62eB7QTVNikOdCGbri9WO+sXH6NhxiWqEK1/9Y5maxYiG+FyoyI4GHjia6BuLsPbFlQb6N3b4/GDj2hIjo1G9jNDY0DFBU3J3M2sYEy9xpiZKrPyoa7B1oArrCueLSA7PyVb/Ma/5OvVgTaC5XQBLkx0nSvIaln1eYSdgJx4Z1hToyLDeB1YxoJ21KE599I939JszxD+caOOA5stbOyn17osrNb937mJiiWFcW3SFtTG97NPLMASymHjJ/Tq0hR+hvYgRGPlafvoIZcD/5pfkaruj67ymF/INHLS3A58rWZ56z/AGd46+j75pyDJOWXg7o29zFnZexXKv2z/DCk8u9HVjtJG5srQNvuzQYJ4IX1yJbPKPZlzbUjuhSb3skZGRVdm9++ClcXQxbws/jHl83mP90xuug2HQbTi26CQHlLY0ugKuL7EpkZmsThtaaEeOGI+qfwKBQ+5rw05F2Leb9bLjY6YLmEUjFw7wngJ49FWLpy4/OIdO6rPPbdK/c/ilgzp17zLy17pVsYitfwJBTxfSunrZWfB17DWApMlbYTUxBl9xbAM/2FBLffa5K+iikTEA8HoLiZRSG313/cJb9RXHI27Lj3BT/wSCvu7CPell16FreTxHMKY6N8a8RfyYWHIU9NHI4FwJxxsL9szxno9hdOb5I7wnc/lWtZ2a/RMIYsAWFzIqOlocneplT7wZSxQe1LHj5F9VFuxFi/gx5rn7pWf6J0aGhe81djFmsprlCaImAP7k/77cmPSpTv8EghgWqxkRPXps0odelt0kjHnH7PLlcqc8MRbMUBvBhI2BdUPGoHN+cBbTBMC3HupfbXxBR8BegkGNwj17FK60uR2UaaTVTZioswD9Ewj6CKd6WRGvpxayhuEsFToRrZVSawDflVKLQB6fr4YHoi38yFDUVlmKOvbUyGAy5ah33jhDkT73p/XcMXsgAODplqqODfVPIOgjnOnlDYv0tgM6PMH7tdNJoPaPDS7YTvnBcR5ReDFauz534QoruxhXdYlr5N4foHDDHXn3kte5ctpU/wSCXk5SjvSyx/LUCZS8GGfWOO4ALIhoEjs/2Pu8QVG3RXjWZyNDIBAIBJV36GMUOR/2Htv0mhujRl8TAP8B+LtJg6iP+CIiEAgEgn6BiGa8kK4APHhset2SPBP/cF/FwKhrsIknQyAQCHq6ACg1BfCrh6BZkUlP8X9RJ8ZGetBbbQAAAABJRU5ErkJggg==" alt="$\exists x,y,z : x*z + y \leq (z/y)+5$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em">.
</p>
<p class="indent">Python (3.0) integers, however, are not finite-precision. They are only
limited by the size of machine memory. This means, for example, that
Python integers don&#39;t overflow or underflow. It also means that
we can&#39;t hope to decide algorithmically whether or not a given
equation over integer variables has a solution in general. Hibert&#39;s famous
10th problem and its solution by Matiyasevich tells us that it is
undecidable whether or not a polynomial
equation of the form <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAATgAAAArCAYAAADsSpTrAAAIlklEQVR42u1d7XHbOBB98KQAWqng6A7oXAWRO5AuFYTqwJ5UkJE7YFLBRe5A6uBMdSClgkjqYO+HFjYM8wMkQYki981oLEsgCS0WD7tYLKCICF2CUioiojUEgh5DKRUB2BLRQaTRHq461OCBUmoDIJRmEQwAIwCpUkr0ve8Ex438G8ATET1Jswj6DiJaAZgLybXMLV1wUdly2xLRnTSJYGCuagJgDOBW3NVSWU0AzNjLGwHYAVgBSPKmta46UOkFV3YqTSgYoCU347cLkUa+h8dG0E8ASx4MrgHcGa5+0jkLTikVA0gATMU1FQy4A0cAUgAPRPQoEsmUzQHAX1lWrlLqnt39rW0Jn5vg9uya3kpTCgbekRcAJgCuxVV9IxcdeCw0ggz5PRHR9OwuqlJqDiAA8CDNKBC89IOfIoo3HBGyEVTm4X3nvxOl1PisFpxSKgCgrbcbaUqBAFBKpQAidrPWIg+lyemHMVdZ5hEGAFY6YHkuC+4b/01ErQWCd1bIbOiC4IipRup42TP/HbMRdTaCizUzi04LBEcYblgs0sAX4/3W8Rpz7nJ8FoJj/ziApKkIBFlYcz8ZOsmNjfc7x2tMIjybizo1G1IgEGS6WYNdF8ruZZBjmRXhj/H+07kITjPzUnRZIHiHZYYFMzSMrP9dLTiTCPPn4Hjl8FIptVdKbThca5eJlVIpl9lz+dCBmUNrpKrl5hr123M94ozfsOD6Z5YR9HL0v3TdWJn1HGgzBt5IkojevQBsAEz4/RwAAVjw/yF/vwAQ8mcBjpEOAhBn3ZPLTbgM5ZUpe+EYeU0BjI3P7q06RjguQxlb1xGA+7rPlle3X33RDa5fYV/qeTuONU/wK3C8LjavIyJkFZrjmLwKQyH0RbGtHEa5wCgX5lRAK9umgQIvC0jZrGOUocAEIBUy6C259UI3DGMh8XjPe4s02nwtG9Z1UpPgJjbBfcgw7WIAtzn+cIKcRYhEdFBKrZkQEx3FsHBTcdLwjevBxHpTEEEJ+dk/rDr+kxNpEfTELe2Zbug5J58u6hrAkyf3r2webNkRvQg+ZCjKlojMho6M948lK6x3JROkYcVJQxOLksiSqQz2nOF3HBcXPwP4WkFAEYAR790l6C5OrhsnIAmvBMc63Hc9HtlGlx1kmGYI4W9LGZwekDNBOqpjwfGq5l0J0ejn2QQNInokomsiunNde2fu8CD80Wnr7eS6cUILbjTQZvXWDlcZI6FNYmNDOcoeHOa8t6MjVS24bdEIzWT0LgpVs8NEvLdUKvRxETiZblxiB79Q7HzJ8EOGGQvLCtOk9FTm71r+/c6XBeeQeGy6xLX8fyPR+cAdYW2554IO4hS6cQb8sQyCoVtwoxqkv8uy4Joox6eMkbUNZs7CnYdR+jMRKXZXppBgRF/gQzcE57XgXIn+xibJK1flcJhoN92EdYk763tkquJG51kCkhfbTzTWjTPg45BdVW6nQ4bnVwaTV57fuagFyuGSN2qG2/8tMT29TZ6am9vJCC3oiW7Unasuk8XsRG7v0sPW688G/7hGk81yaSHB8eRs4KIcxg4hAHAo+HFbHOe1fAr5zsWN1vOJspHgYN3T2rphnHwFHBffPvLnAY7rRr+wTo+4rzzY0dqKqDVX7SCLyQll35TgFobMg4pye+GsKwfrrcgiy3JPi5aSbH1bcFY9VyUCk/Mnh+me1tYNzsM+8CLiFYA552G/HIZCRLf8/S2TSKo3XGxowXmbByaiB55jPsXLx/Gfv3IGqiLooOD6ZYApSHtYwiFVghXDKdUFr7li+wppGwEr4B7AvODZm4J7RFWeydcs0DDthDtY4Ck3L/SY5xd2sE5Bjeta1w3zOxiphvwKC9KsJh5SteaSfueWu463aVqvecYFF1DWBQVEuClTUrzNaw2q/kj7h+J1I4BCcmWFmZyS4PCa/9hU2c37xA0Vxsu9WqzTpG4HaEM3eEBeZOhEbp8wyOm+gUwa601PCE6f3VKqZwYPLd587kBEG+QnMSeu5JbReGPH8qYlubBG6H2ZVchKuagh3NoEh/fJwntPScd7jwnMF1+ntnWDrx9nkHHisBPIpKZMKhsBA9pZJCrbxMOWmcvOA2MelewdRpaoseNBVfPbUNLE+tEbrXwG0c6tMmkdcvNAcPZ2L86EXnKf1JOi1L5Xy3WqJKdT6gbe7pYTtUVOxm/akOwSY8pVDy73WrY8kL300yyZl46Mlsm/4RFqw4oT1qjsvCpx6Ilbfvae6xc6lBk3EGpTF9W0btMGI/rcuE/UUFG83MtznRrJ6VS6YVibewe5pB7kkQi5ZZJ/aljJex1tzbsm81xU4zzCte9T5zkkv+Ho03WH11Dpk7JXTaNCOreViOQUsQuVE9cthnVyulVGn8s5q/sbjJPc5WxUD7jKWf/mElqvG67e8n0DayFmnzGCpH5dupwKzxKx1o3+sgbKKoO/PsldyK0NgrPWDv3X0nOTjPVzfUaEBmdQDAidlJN1lkjeoK/P8VzplDAmvSobNsys/iFogeBaT07mA263AOKGCyIvwe2K2B2XXNfLlZMe9A8FGQq6jGmxzVFtP8EYxZlAAo8WXNvJyTOjUbvW2UJj5P3U8HSjbyjfKFTQbTnd2a5nBrTluWMdmnMfenLUuZhd3K+iCi0R3CmTk40tlL91wYpTSiVKKeIAy8ZwSQIAG/2dUmpZ4Z4RjlHGJ1G1i5aT3t0iKdDnGY57Jv7kQIH+zBVzHIN6ois+dYuItIKFPIq+5HNxg24BPLdhzRkR1R8VleESOq0+SnEqE8YipxIZzHFc3yWRU9+yZUIr25571lbonvfUXwC469PhLrysYCkjssjJwXpN2+xjg7fgOjKCxTyCyXIKwZCs198AfvXNgxGCyx7Ji862FAj6RnApjoGIqUij5wTHDX4P4CMRyVF9gr6Tm+j6CfA/fLYVC04z/bwAAAAASUVORK5CYII=" alt="$p(x_1, \ldots, x_n) = 0$" class="math-inline math" style="vertical-align:-0.280em;height:1.119em"> with integer coefficients
has an solution in the integers.
</p>
<p class="indent">This means that we will resort to heuristic approaches in our use
of the&nbsp;<a href="http://z3.codeplex.org/">Z3</a> ATP.  The special case of linear integer arithmetic (LIA)
is decidable and supported by Z3. In order to deal with non-linear operations,
we use uninterpreted functions (UF). Thus, if Z3 returns
&#8220;unsatisfiable&#8221; we know that there is no solution, but if the
Z3 &#8220;satisfiable&#8221;, we must treat the answer as a &#8220;don&#39;t know&#8221;. 
The class <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Z3Integer</span></code> is used to translate a symbolic expression
into the theory LIA+UF and check for unsatisfiability. We leave it as an
implementation exercise to check if a symbolic expression can
be converted to LIA (without the use of UF) in order to make
use of &#8220;satisfiable&#8221; answers from the LIA solver.
</p>
<p class="indent">If the translation to <code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Z3Integer</span></code> does not return &#8220;unsatisfiable&#8221;, we
use Z3&#39;s bit vector decision procedure (via the class
<code class="code code1 language-python lang-python python highlighted" ><span class='token namespace identifier python'>Z3BitVector</span></code>) to heuristically
try to find satisfiable answers, even in the presence of non-linear 
arithmetic. We start with bitvectors of size <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIUAAAAdCAYAAACE768SAAAEg0lEQVRo3u1b7XHjNhB98KQA3pVAd0AnFYTqgE4qOLkDaVzBjdyB1EGO7oC+Cu6kDsjr4MQOXn54aSMw8UVKSibGzmDGIkGQwC7e7r6FFUkk+W+IUioDcA+gBJDL5e8AOgA1yadLfMeV5yNXSik6WhkxYQa05Ts2iA2AHwAyAJ8B3AD4HUAD4A8AjVJqH7PmMm6plKqVUkdtnY9yrRp9xoUUSqkcQCE/c7HiTOtyIHkT+HGVjLGQnTDIk0y8B/CFZP8ODWIvaPBpbP6ih1a7dEvyMQB1alnrHYDhHTmAO02vvYz3ikIkg5t82BEAtVbEjCHj7OXZMvbZ/1sDsJF1LTz9Vsa65wG62gPILPeXxnjVy72Ij88GRRqD1RMWogawfe8GIWuhb7Kto19hrPvGs76tzSAMg3yzwWM+vgJwlL8bY7BswkIklHjdaC8tou/eYzzFhPfvSboDTUMW4v8HC9NlGeE/czGiJ7xziYmfRvr+tHS9kzjhV4krfGPutEuFUiqPMYpSEAKi0E67dx85ziEloG+U2AO49WwmXQ6O9c0AbAH88BmGxB26VFeBuzuTqFXf3TpaZLb0xoM4SGjBHckP0lwZhWkU3yz9Pup6MTK9Mflu/L6+itjdPclOn4zR5z4WcZJEya1BBTwGKrk7KXmlyZ+W3f1g+KMixRNnEz1u++RxR4NreSDpc9UmAvUxSPHXyPVtJFqkeGIauVXr7telaJIdyRuSiuQ6YPjfjN9NSNqUu9LOmPRU8udN4ieCU9Zc1owSEBZneEer6a4N4ikEtlrHfZPMWv1b/MQI63fO1lyAzHohCGO5oMB3lWOspvJVSQW6fpK8c/RpNd/Uk/xg4+9JqjPCbCk+NTszovdiFLszzCHTMoghexhqTjsA61PVh6TmMsSBjyRvg2ofYrlVAJqM8uhGn31yC5OZzwFBToK2wlCPot6seMIBe3tLPLFKSj6JEjknvjCM7I2urgKyhS4Qrnae9LRMpNUskutR3NYg9YzhvophdHg+sxHFU8Swj9uRfNnkJ1I6Ok++6PzClENJSqmtxBEHADdjGz4EKZpAS+4A6CzbUuPdq4QSJ5HWtvECDWIlsd2TcBl9FKM57O5IZW4tLNwiUdvj2ZIcsWsDd33nYSNd76rwXK/akVw4+9pSUvnINcnryIm+SU+VUhSoOpx7kS+UkkIi9oeZqefRuHyt15csitVjidH037IujdDeax8Q/HKieEKXjYYYmRxIxYXiiYW4qkvJw4xnx3Z5AXcB66MHOWyK9hqEyBpAO4ufiGDlmpRWWtP94BNsstmC2GMj9dxEnJ2tZvMTgWf/Ej/hPgi9RdjxOb1OcQwwojbCIIajebnNfVQR/MSYfJY6xCAp87DDdS0E0iEgLtBdjpPuVko14l6agP8VGf714jmLtKDE0VUEizix7TyMmto/ingbj6s5RriNemKR77VKKnzEcsRnNXK9nDDZIsUTcSflNVdSyfqVhiv21j1mVoqbIRstAx/IJ0y2AbBMio8yjnokdqhDg35L6T20bUjibwTlFx931uXYAAAAAElFTkSuQmCC" alt="$N=32$" class="math-inline math" style="vertical-align:-0.000em;height:0.754em"> and <em>bound</em> the values
of the symbolic constants to fit within 8 bits in order to find 
satisfiable solutions
with small values. Also, because Python integers do not overflow/underflow, 
the bound helps us reserve space in the bitvector to allow the
results of operations to exceed the bound while not overflowing
the bitvector. As long as Z3 returns &#8220;unsatisfiable&#8221; we increase
the bound. If the bound reaches <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACQAAAAcCAYAAAAJKR1YAAABtklEQVRIx6WXYY3DMAyFvxZBMQxCj0LGYBgKYdJBKIQdhBuEjsLGYEehY+D740lR1iR2GilSUyeO/fr80iAi5DpwBqTQQ2l94ksMfep08mbruu4AjDo8AN/AEE15iMgXhtZ13Ul9HIEQmW7AAryAX6wZauBPYE2yGj0+1M89h7DHyfB2kgR0bQjoClw2bQ4nJ2DV5yUJanAGtOb412NvR/3eAHNim6xOlJeDiNw2Jzj5MyXjN0Krw88E3HP23pjVoBUSZxWjNGgVeZFuQyjmT0Fb7nv5Yya1VsV14/3skQBFWYpzHFmdchtYJaDGH1NA0aZDxm6WAEV6Lu1nIXUA/kTklbF7JCBoAjSTuqSqHgmw8MeD0FKZY5GAADyqu+3hzwbxsxKgSJ+rfgxV8TRWYlECNOBxb0BV/hQk4OLljyWgTf2pJPAhAfrnuVh89LVTuXjufLZLRgKOhsIok9rDn5oEeP4s++ZT2S4Bsyb+2IuQiz8FCRArf7IINfInbj/JeDGvLNzHni3oJBcC980kpyfrnoBSCXCt08VBq+qSfnt9HxoCGr38eV9ag/Gae2gIaokvBpb+D1pS7NRC4Yx8AAAAAElFTkSuQmCC" alt="$N$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">, we increase <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACQAAAAcCAYAAAAJKR1YAAABtklEQVRIx6WXYY3DMAyFvxZBMQxCj0LGYBgKYdJBKIQdhBuEjsLGYEehY+D740lR1iR2GilSUyeO/fr80iAi5DpwBqTQQ2l94ksMfep08mbruu4AjDo8AN/AEE15iMgXhtZ13Ul9HIEQmW7AAryAX6wZauBPYE2yGj0+1M89h7DHyfB2kgR0bQjoClw2bQ4nJ2DV5yUJanAGtOb412NvR/3eAHNim6xOlJeDiNw2Jzj5MyXjN0Krw88E3HP23pjVoBUSZxWjNGgVeZFuQyjmT0Fb7nv5Yya1VsV14/3skQBFWYpzHFmdchtYJaDGH1NA0aZDxm6WAEV6Lu1nIXUA/kTklbF7JCBoAjSTuqSqHgmw8MeD0FKZY5GAADyqu+3hzwbxsxKgSJ+rfgxV8TRWYlECNOBxb0BV/hQk4OLljyWgTf2pJPAhAfrnuVh89LVTuXjufLZLRgKOhsIok9rDn5oEeP4s++ZT2S4Bsyb+2IuQiz8FCRArf7IINfInbj/JeDGvLNzHni3oJBcC980kpyfrnoBSCXCt08VBq+qSfnt9HxoCGr38eV9ag/Gae2gIaokvBpb+D1pS7NRC4Yx8AAAAAElFTkSuQmCC" alt="$N$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> by 8 bits,
leaving the bound where it is and continue. 
</p>
<p class="indent">If Z3 returns
&#8220;satisfiable&#8221;, it may be the case that Z3 found a solution
that involved overflow in the bitvector world of arithemetic
(modulo <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHcAAAAkCAYAAACzI6XTAAADf0lEQVR42u1b7XHaQBB9y1CA7HSAO5CdCow7wJMOoAM8qcBjOoBUkIEOcDoIdADpwKKDzQ8/OecbiTuJIGS8b0YDJ+l0sO/2806iqjg2RKQHYFNwaaKqDzX6AcBaVa9hKJd7E+SSqATAJYAnAAPn0oWq7gIEpwDmPPUA4FlV10ZfS8h1yFoB2DoEz1R1FNnvp6pOjLYWkkvtzQBcAFgB6MVoL/sqgCtV3Rptceg0PN4NgC2JdH3t9wCxKYCdEdtucu8APAOAqi5ongFgTK0uQz/vZ2gvuX0AS6cdq713Xj9DDFT13UEC5vSNyiPjuYF/f5WDz0q8c5t8jEC/3iFjn+PBoDTzZfp23bkxoXYogCmAIYkeMvhxie7X+CF9AJuC80Pn2eOC6+k+4j8pqQlTylxuaYjcDUlMSh7okqBVtZg/ZlpyLSvTXgBjAHMjEz1q6tzjYT+57LApI9YjKPjQkr6rsglBAgu1l9Zk+MlNryvzFRUtC5JLsxdFFGfQu4EO8bcx2vvZ/S1lnvoyiCG3A2AEYAfgJpCOgPnpzDmVsjwYKl70nfy2DI/8TERkaPntP5mr6rqODDoMdBIGUX9CBNMsuBhUyW/3/IkJJ1lu/i2//Q957qXTTijQffjtta9q5LdlmHnaa/ntgeT6ZB3DBKaRGvjoFThMcw8kdwQgXz6bRCyl+T42VPCP8beuT58441g9+QB0Kbwqi95fvXbIbN47kweR2jvmd9PahmvLbgC1VdXnAm1NRCQVkXFe6WI7idTeWeTEMVSpLUeUEINVKi8He3dUyO0yqyfvlVEwz+1WnAtPzvcFl+2KJszFobkdXhf0DU2YZREZMOoFXvcw3Zv4zoBc+sofbK5V9c5E9wGi5cj7ftEPbgHcnpMAnF2Zx8BLTAp4MnJFZEpzvAZwe8ofewRix14ccYwxFqdyYd2IPz+kjz1HU5wHhF+OOMbJ0rnSra0MoOaI3FdsaNzqZHSVAHBdVFnslHTM91FN9hErIj0uyxk+QrTM9dklAu/xEHlx39B2chk5riKJBbjJ3MT4MTR3RR8bJJYTIY+iDW3Oc0VkSS1c0ufuQw+vC+mwJbmWkysic8d3VvGhRuzp4K6wFRZhusxlBzUHMHKbSXtSz2p+826ZisgT+XjJuRHwdYSa48YGXob6xObLn1Uxavzla0Ntgt9QVgJ271PV3V8RnjZqQFOgSQAAAABJRU5ErkJggg==" alt="$2^N-1$" class="math-inline math" style="vertical-align:-0.084em;height:0.937em">). Therefore,
the solution is validated back in the
Python world by evaluating the formula under that solution
using Python semantics. 
If the formula does not evaluate to the same
value in both worlds, then we increase <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACQAAAAcCAYAAAAJKR1YAAABtklEQVRIx6WXYY3DMAyFvxZBMQxCj0LGYBgKYdJBKIQdhBuEjsLGYEehY+D740lR1iR2GilSUyeO/fr80iAi5DpwBqTQQ2l94ksMfep08mbruu4AjDo8AN/AEE15iMgXhtZ13Ul9HIEQmW7AAryAX6wZauBPYE2yGj0+1M89h7DHyfB2kgR0bQjoClw2bQ4nJ2DV5yUJanAGtOb412NvR/3eAHNim6xOlJeDiNw2Jzj5MyXjN0Krw88E3HP23pjVoBUSZxWjNGgVeZFuQyjmT0Fb7nv5Yya1VsV14/3skQBFWYpzHFmdchtYJaDGH1NA0aZDxm6WAEV6Lu1nIXUA/kTklbF7JCBoAjSTuqSqHgmw8MeD0FKZY5GAADyqu+3hzwbxsxKgSJ+rfgxV8TRWYlECNOBxb0BV/hQk4OLljyWgTf2pJPAhAfrnuVh89LVTuXjufLZLRgKOhsIok9rDn5oEeP4s++ZT2S4Bsyb+2IuQiz8FCRArf7IINfInbj/JeDGvLNzHni3oJBcC980kpyfrnoBSCXCt08VBq+qSfnt9HxoCGr38eV9ag/Gae2gIaokvBpb+D1pS7NRC4Yx8AAAAAElFTkSuQmCC" alt="$N$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em"> by 8 bits (to 
create a gap between the bound and <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACQAAAAcCAYAAAAJKR1YAAABtklEQVRIx6WXYY3DMAyFvxZBMQxCj0LGYBgKYdJBKIQdhBuEjsLGYEehY+D740lR1iR2GilSUyeO/fr80iAi5DpwBqTQQ2l94ksMfep08mbruu4AjDo8AN/AEE15iMgXhtZ13Ul9HIEQmW7AAryAX6wZauBPYE2yGj0+1M89h7DHyfB2kgR0bQjoClw2bQ4nJ2DV5yUJanAGtOb412NvR/3eAHNim6xOlJeDiNw2Jzj5MyXjN0Krw88E3HP23pjVoBUSZxWjNGgVeZFuQyjmT0Fb7nv5Yya1VsV14/3skQBFWYpzHFmdchtYJaDGH1NA0aZDxm6WAEV6Lu1nIXUA/kTklbF7JCBoAjSTuqSqHgmw8MeD0FKZY5GAADyqu+3hzwbxsxKgSJ+rfgxV8TRWYlECNOBxb0BV/hQk4OLljyWgTf2pJPAhAfrnuVh89LVTuXjufLZLRgKOhsIok9rDn5oEeP4s++ZT2S4Bsyb+2IuQiz8FCRArf7IINfInbj/JeDGvLNzHni3oJBcC980kpyfrnoBSCXCt08VBq+qSfnt9HxoCGr38eV9ag/Gae2gIaokvBpb+D1pS7NRC4Yx8AAAAAElFTkSuQmCC" alt="$N$" class="math-inline math" style="vertical-align:-0.000em;height:0.728em">) and continue to search
for a solution.
</p>
<p class="indent">The process terminates when we find a valid satisfying solution 
or <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIYAAAAeCAYAAADpTGa/AAAEUElEQVRo3u1b7XHaQBB9y7gA4lQQpQOcDiJ3IJIKLHcAQwUe6ABSgWM6EKkgRh2gEgwdbH6wsk+H7nQnCSZj387cDOJ036t3b99JxMwI9v8ZEY0A3AP4BiACUEh6YOa8pzYiAFsAY2beqHmDhoITImJLij06wQ4pDQ5BERFtZcGuASwBfAcwBfAXwB8imvfU3BLAUByvasxsTFIgkTQBsAfAStraymt1lXVkWh2Z/J8CGLrW9x6TzEE5L7FlTfamfM/1KNtKT/I9K9vVOMeoRae2tsEHp6ifUwCxrAEDeOrQ1lBbxxPHGHhAXAk5Yy1r1gLCCgArfV/74HxiKZcLC4eYK7A/6tDkXJzDaAOPymIAB1lMdUETcRp41vUUXOLVnpStfepY5tDBCX8AWPXlGLeKQ+jkJ/XoWCRcIqDFcT5SBQVWDbffAcgl3XVwwsayvoiRiVdvZDtos53EMrBgR5tqUYLRmDln5htJeQsnnAAomHndi2Mo/GKj7VOlDYkoaYE8Hx0tYjVU7EufsCD1rIYjdkKMkl8UyiBWLUnoK/IEw61GyM9pSxHHDn06xk/DU75Qfo+E2AR+4betlnZOtEgARMy8cC3jgxiPBi/0QY3AL6qmPkgvKhcgoq2owXv5PenQzi/XLcTZMcqnvA4xZGvxCV0Dv6jytpPwU+TwzzieXxCAL/IAzsVJEs92lgB+e/MXR0VuZ8mPUVVCJ5Z7O0u5DX2daH05Z8o69jXS5024V2K4fwSLUmkpszfkLW31XXWNIph5Q0SFwq5nGve4JL/IAaybVL0e7NADgR7WzPPBFEoyc05EC3GgJREVDnPppFm0RYy9yYsNOj/X3S/3bMO5SC0CWA/ODCizc0DPzJJvRYxBW36hOddKk2hnBuR5DOyiyinU6yYEUOUCAJGJbwh/meH4PkcrayKfsShlLrHvqiF0jQPxrNiLdv3sWK4w6CD6FvKgOVKvjuETReih630Nvwih6tvTf7AseBsdpLVm0RYxMseBFkL8SkuVkCwJaOG0nfiWue5Ds/ByDFd+0YAaqYI8QQY/tec+KxPNYgOgIKKhLdXxEjWPTC8Dy3HwlJm/enZup4SuB2b+REQM4ObcW4kcSt1fIFyFMP5Fx/7OJXoAgDUzjz3nN2fmG0NeF1tcnUGlnCvIMSxfXL0Qv7iVbetStuhYfqk4RtQD4owN24up7UgZR1bhO130i4ayvamE71zPKN/h3Dve76x7OLbrrmO05Bem0BWBX1htqqBr0+m0mp+fU0U2kc/EQ7+oswftOkQk5mhujbcT56bTafXlqLtz9mtgQItZx8Ee1NA16BeN9l3C0MR0vC7/l7rFuOc5HdYtYqlXpKjq5+XHQGmbvQxvZwGBX7iftm61eR8Jepcfae3Q4jsepf6RrPVcW+ed0t6odBT92NyUohadyeB4RBxS5QuxTCHw+z7mUSObTSml8FHzxzBV1Krjjnr+Pz9ib5DloRiDAAAAAElFTkSuQmCC" alt="$N=64$" class="math-inline math" style="vertical-align:-0.000em;height:0.781em"> and the bound reaches 64 (in which case, we return &#8220;don&#39;t know&#8221;).
</p><h2 id="sec-extensions"   style="bookmark:6.&#8194;Extensions"><span class="heading-before"><span class="heading-label">6</span>.&#8194;</span>Extensions</h2>
<p>We have presented the basics of dynamic symbolic execution 
(for Python).
A more thorough treatment would deal with other data types besides
integers, such as Python dictionaries, strings and lists, each
of which presents their own challenges for symbolic reasoning. 
There are many other interesting challenges in DSE, such
as dealing with user-defined classes (rather than built-in types
as done here) and multi-threaded execution. 
</p><h2 id="sec-acknowledgements"   style="bookmark:7.&#8194;Acknowledgements"><span class="heading-before"><span class="heading-label">7</span>.&#8194;</span>Acknowledgements</h2>
<p>Many thanks to the students of the 2014 Marktoberdorf Summer School
on Dependable Software Systems Engineering
for their questions and feedback about the first author&#39;s lectures on dynamic
symbolic execution. The following students of the summer school
helpfully provided tests for the&nbsp;<a href="http://www.github.com/thomasjball/pyexz3">PyExZ3</a> tool: Daniel Darvas,
Damien Rusinek, Christian Dehnert and Thomas Pani. Thanks also to Peter
Chapman for his contributions. 
</p><!-- 
# From Python Dictionaries to Z3 Maps { #sec-dict2z3 }

Python dictionaries, which map keys to values,
introduce mutation into the picture. The methods are:

- Length:     `__length__(self)` - will be maintained concretely, as cardinality constraints
are beyond the scope of what we can handle
- Get:     `__getitem__(self,key)` - Select
- Set:     `__setitem__(self,key,value)` - Update
- Lookup:     `__contains__(self,key)` - 
- Delete:     `__delitem__(self,key)` - Update 


A dictionary can be mutated via the `__setitem__` and '__delitem__` methods.
The keys stored  in Python dictionary must be hashable values. 
All of Python's immutable
built-in objects (such as integers, tuples and strings) are hashable. 
User-defined classes give rise to hashable mutable objects, where
the hash value is the object id (an immutable field of the object).

Ideally, symbolic expression trees should contain only
immutable values, as they are a pure function of the initial
(immutable) state of a program.  However, the reality is that
the values associated with keys in a dictionary can be mutable.
For example, a dictionary itself can be a value in another
dictionary.    

As we will see, for the purposes of modelling a dictionary symbolically, 
however, the object id of the value in a (key,value) pair is all that
needs to be recorded. The object id is immutable, as mentioned before. 
Thus, we can represent the state of the dictionary via an append-only log 
of updates where the parameters 
to each update are immutable values (set and delete are the update
operations).  Each lookup/get/length operation hangs off of a particular
prefix of the log. 

We model the dictionary as initially
empty, containing no mapping (rejects all lookups and get, length is zero).



The essential axioms

* Initially empty
* Select
* Update

Inverting select means that we need disequality on values in
the dictionary (SymbolicObject)

Equality of dictionaries (extensional arrays)

-->

<h2 id="sec-references" >References</h2>
<div class="tex input-tex">
<div class="bibliography bib-numeric"   data-line="1" style="bibstyle:plainnat">

<div id="cadare05" class="bibitem"   data-line="4" style="searchterm:Cristian+Cadar+Dawson+Engler+Execution+generated+test+cases+make+systems+code+crash+itself+_Proceedings+International+SPIN+Workshop_+pages++"><span data-line="5"></span><span class="bibitem-before">[<span class="bibitem-label">1</span>]&#160;&#160;</span><span data-line="5"></span>Cristian Cadar and Dawson<span data-line="5"></span>&#160;<span data-line="5"></span>R. Engler.
<span data-line="6"></span><span class="newblock"></span><span data-line="6"></span> Execution generated test cases: How to make systems code crash
  itself.
<span data-line="8"></span><span class="newblock"></span><span data-line="8"></span> In <span data-line="8"></span><em>Proceedings of 12th International SPIN Workshop</em><span data-line="8"></span>, pages
  2<span data-line="9"></span>&#8211;<span data-line="9"></span>23, 2005.<span data-line="9"></span>&nbsp;<a href="http://www.bing.com/search?q=Cristian+Cadar+Dawson+Engler+Execution+generated+test+cases+make+systems+code+crash+itself+_Proceedings+International+SPIN+Workshop_+pages++" class="bibsearch">&#128270;</a></div>
<div id="cadars13" class="bibitem"   data-line="12" style="searchterm:Symbolic+execution+software+testing+three+decades+later++Cristian+Cadar+Koushik+"><span data-line="13"></span><span class="bibitem-before">[<span class="bibitem-label">2</span>]&#160;&#160;</span><span data-line="13"></span>Cristian Cadar and Koushik Sen.
<span data-line="14"></span><span class="newblock"></span><span data-line="14"></span> Symbolic execution for software testing: three decades later.
<span data-line="15"></span><span class="newblock"></span><span data-line="15"></span> <span data-line="15"></span><em>Communications of the ACM</em><span data-line="15"></span>, 56<span data-line="15"></span><span style="penalty:0"></span><span data-line="15"></span> (2):<span data-line="15"></span><span style="penalty:0"></span><span data-line="15"></span> 82<span data-line="15"></span>&#8211;<span data-line="15"></span>90,
  2013.<span data-line="16"></span>&nbsp;<a href="http://www.bing.com/search?q=Symbolic+execution+software+testing+three+decades+later++Cristian+Cadar+Koushik+" class="bibsearch">&#128270;</a></div>
<div id="cadargpde06" class="bibitem"   data-line="19" style="searchterm:Cristian+Cadar+Vijay+Ganesh+Peter+Pawlowski+David+Dill+Dawson+Engler+automatically+generating+inputs+death+_Proceedings+Conference+Computer+Communications+Security_+pages++"><span data-line="20"></span><span class="bibitem-before">[<span class="bibitem-label">3</span>]&#160;&#160;</span><span data-line="20"></span>Cristian Cadar, Vijay Ganesh, Peter<span data-line="20"></span>&#160;<span data-line="20"></span>M. Pawlowski, David<span data-line="20"></span>&#160;<span data-line="20"></span>L. Dill, and Dawson<span data-line="20"></span>&#160;<span data-line="20"></span>R.
  Engler.
<span data-line="22"></span><span class="newblock"></span><span data-line="22"></span> EXE: automatically generating inputs of death.
<span data-line="23"></span><span class="newblock"></span><span data-line="23"></span> In <span data-line="23"></span><em>Proceedings of the 13th ACM Conference on Computer and
  Communications Security</em><span data-line="24"></span>, pages 322<span data-line="24"></span>&#8211;<span data-line="24"></span>335, 2006.<span data-line="24"></span>&nbsp;<a href="http://www.bing.com/search?q=Cristian+Cadar+Vijay+Ganesh+Peter+Pawlowski+David+Dill+Dawson+Engler+automatically+generating+inputs+death+_Proceedings+Conference+Computer+Communications+Security_+pages++" class="bibsearch">&#128270;</a></div>
<div id="clarke76" class="bibitem"   data-line="27" style="searchterm:+system+generate+test+data+symbolically+execute+programs++Lori+Clarke+"><span data-line="28"></span><span class="bibitem-before">[<span class="bibitem-label">4</span>]&#160;&#160;</span><span data-line="28"></span>Lori<span data-line="28"></span>&#160;<span data-line="28"></span>A. Clarke.
<span data-line="29"></span><span class="newblock"></span><span data-line="29"></span> A system to generate test data and symbolically execute programs.
<span data-line="30"></span><span class="newblock"></span><span data-line="30"></span> <span data-line="30"></span><em>IEEE Transactions on Software Engineering</em><span data-line="30"></span>, 2<span data-line="30"></span><span style="penalty:0"></span><span data-line="30"></span>
  (3):<span data-line="31"></span><span style="penalty:0"></span><span data-line="31"></span> 215<span data-line="31"></span>&#8211;<span data-line="31"></span>222, 1976.<span data-line="31"></span>&nbsp;<a href="http://www.bing.com/search?q=+system+generate+test+data+symbolically+execute+programs++Lori+Clarke+" class="bibsearch">&#128270;</a></div>
<div id="demourab08" class="bibitem"   data-line="34" style="searchterm:+efficient+solver++Leonardo+Mendon+Moura+Nikolaj+rner+"><span data-line="35"></span><span class="bibitem-before">[<span class="bibitem-label">5</span>]&#160;&#160;</span><span data-line="35"></span>Leonardo<span data-line="35"></span>&#160;<span data-line="35"></span>Mendon<span data-line="35"></span>&#231;<span data-line="35"></span>a de<span data-line="35"></span>&#160;<span data-line="35"></span>Moura and Nikolaj Bj<span data-line="35"></span>&#248;<span data-line="35"></span>rner.
<span data-line="36"></span><span class="newblock"></span><span data-line="36"></span> Z3: an efficient SMT solver.
<span data-line="37"></span><span class="newblock"></span><span data-line="37"></span> In <span data-line="37"></span><em>Proceedings of the 14th International Conference of Tools
  and Algorithms for the Construction and Analysis of Systems</em><span data-line="38"></span>, pages 337<span data-line="38"></span>&#8211;<span data-line="38"></span>340,
  2008.<span data-line="39"></span>&nbsp;<a href="http://www.bing.com/search?q=+efficient+solver++Leonardo+Mendon+Moura+Nikolaj+rner+" class="bibsearch">&#128270;</a></div>
<div id="dijkstra76" class="bibitem"   data-line="42" style="searchterm:+Discipline+Programming_++Edsger+Dijkstra+"><span data-line="43"></span><span class="bibitem-before">[<span class="bibitem-label">6</span>]&#160;&#160;</span><span data-line="43"></span>Edsger<span data-line="43"></span>&#160;<span data-line="43"></span>W. Dijkstra.
<span data-line="44"></span><span class="newblock"></span><span data-line="44"></span> <span data-line="44"></span><em>A Discipline of Programming</em><span data-line="44"></span>.
<span data-line="45"></span><span class="newblock"></span><span data-line="45"></span> Prentice-Hall, 1976.<span data-line="45"></span>&nbsp;<a href="http://www.bing.com/search?q=+Discipline+Programming_++Edsger+Dijkstra+" class="bibsearch">&#128270;</a></div>
<div id="godefroid11" class="bibitem"   data-line="48" style="searchterm:Higher+order+test+generation++Patrice+Godefroid+"><span data-line="49"></span><span class="bibitem-before">[<span class="bibitem-label">7</span>]&#160;&#160;</span><span data-line="49"></span>Patrice Godefroid.
<span data-line="50"></span><span class="newblock"></span><span data-line="50"></span> Higher-order test generation.
<span data-line="51"></span><span class="newblock"></span><span data-line="51"></span> In <span data-line="51"></span><em>Proceedings of the ACM SIGPLAN Conference on Programming
  Language Design and Implementation</em><span data-line="52"></span>, pages 258<span data-line="52"></span>&#8211;<span data-line="52"></span>269, 2011.<span data-line="52"></span>&nbsp;<a href="http://www.bing.com/search?q=Higher+order+test+generation++Patrice+Godefroid+" class="bibsearch">&#128270;</a></div>
<div id="godefroidks05" class="bibitem"   data-line="55" style="searchterm:DART+directed+automated+random+testing++Patrice+Godefroid+Nils+Klarlund+Koushik+"><span data-line="56"></span><span class="bibitem-before">[<span class="bibitem-label">8</span>]&#160;&#160;</span><span data-line="56"></span>Patrice Godefroid, Nils Klarlund, and Koushik Sen.
<span data-line="57"></span><span class="newblock"></span><span data-line="57"></span> DART: directed automated random testing.
<span data-line="58"></span><span class="newblock"></span><span data-line="58"></span> In <span data-line="58"></span><em>Proceedings of the ACM SIGPLAN Conference on Programming
  Language Design and Implementation</em><span data-line="59"></span>, pages 213<span data-line="59"></span>&#8211;<span data-line="59"></span>223, 2005.<span data-line="59"></span>&nbsp;<a href="http://www.bing.com/search?q=DART+directed+automated+random+testing++Patrice+Godefroid+Nils+Klarlund+Koushik+" class="bibsearch">&#128270;</a></div>
<div id="godefroidlm12" class="bibitem"   data-line="62" style="searchterm:SAGE+whitebox+fuzzing+security+testing++Patrice+Godefroid+Michael+Levin+David+Molnar+"><span data-line="63"></span><span class="bibitem-before">[<span class="bibitem-label">9</span>]&#160;&#160;</span><span data-line="63"></span>Patrice Godefroid, Michael<span data-line="63"></span>&#160;<span data-line="63"></span>Y. Levin, and David<span data-line="63"></span>&#160;<span data-line="63"></span>A. Molnar.
<span data-line="64"></span><span class="newblock"></span><span data-line="64"></span> SAGE: whitebox fuzzing for security testing.
<span data-line="65"></span><span class="newblock"></span><span data-line="65"></span> <span data-line="65"></span><em>Communications of the ACM</em><span data-line="65"></span>, 55<span data-line="65"></span><span style="penalty:0"></span><span data-line="65"></span> (3):<span data-line="65"></span><span style="penalty:0"></span><span data-line="65"></span> 40<span data-line="65"></span>&#8211;<span data-line="65"></span>44,
  2012.<span data-line="66"></span>&nbsp;<a href="http://www.bing.com/search?q=SAGE+whitebox+fuzzing+security+testing++Patrice+Godefroid+Michael+Levin+David+Molnar+" class="bibsearch">&#128270;</a></div>
<div id="gupta00" class="bibitem"   data-line="69" style="searchterm:Generating+test+data+branch+coverage++Neelam+Gupta+Aditya+Mathur+Mary+Soffa+"><span data-line="70"></span><span class="bibitem-before">[<span class="bibitem-label">10</span>]&#160;&#160;</span><span data-line="70"></span>Neelam Gupta, Aditya<span data-line="70"></span>&#160;<span data-line="70"></span>P. Mathur, and Mary<span data-line="70"></span>&#160;<span data-line="70"></span>Lou Soffa.
<span data-line="71"></span><span class="newblock"></span><span data-line="71"></span> Generating test data for branch coverage.
<span data-line="72"></span><span class="newblock"></span><span data-line="72"></span> In <span data-line="72"></span><em>Proceedings of the Automate Software Engineering
  Conference</em><span data-line="73"></span>, pages 219<span data-line="73"></span>&#8211;<span data-line="73"></span>228, 2000.<span data-line="73"></span>&nbsp;<a href="http://www.bing.com/search?q=Generating+test+data+branch+coverage++Neelam+Gupta+Aditya+Mathur+Mary+Soffa+" class="bibsearch">&#128270;</a></div>
<div id="king76" class="bibitem"   data-line="76" style="searchterm:Symbolic+execution+program+testing++James+King+"><span data-line="77"></span><span class="bibitem-before">[<span class="bibitem-label">11</span>]&#160;&#160;</span><span data-line="77"></span>James<span data-line="77"></span>&#160;<span data-line="77"></span>C. King.
<span data-line="78"></span><span class="newblock"></span><span data-line="78"></span> Symbolic execution and program testing.
<span data-line="79"></span><span class="newblock"></span><span data-line="79"></span> <span data-line="79"></span><em>Communications of the ACM</em><span data-line="79"></span>, 19<span data-line="79"></span><span style="penalty:0"></span><span data-line="79"></span> (7):<span data-line="79"></span><span style="penalty:0"></span><span data-line="79"></span>
  385–394, 1976.<span data-line="80"></span>&nbsp;<a href="http://www.bing.com/search?q=Symbolic+execution+program+testing++James+King+" class="bibsearch">&#128270;</a></div>
<div id="korel90" class="bibitem"   data-line="83" style="searchterm:Automated+software+test+data+generation++Bogdan+Korel+"><span data-line="84"></span><span class="bibitem-before">[<span class="bibitem-label">12</span>]&#160;&#160;</span><span data-line="84"></span>Bogdan Korel.
<span data-line="85"></span><span class="newblock"></span><span data-line="85"></span> Automated software test data generation.
<span data-line="86"></span><span class="newblock"></span><span data-line="86"></span> <span data-line="86"></span><em>IEEE Transactions on Software Engineering</em><span data-line="86"></span>, 16<span data-line="86"></span><span style="penalty:0"></span><span data-line="86"></span>
  (8):<span data-line="87"></span><span style="penalty:0"></span><span data-line="87"></span> 870<span data-line="87"></span>&#8211;<span data-line="87"></span>879, 1990.<span data-line="87"></span>&nbsp;<a href="http://www.bing.com/search?q=Automated+software+test+data+generation++Bogdan+Korel+" class="bibsearch">&#128270;</a></div>
<div id="korel92" class="bibitem"   data-line="90" style="searchterm:Dynamic+method+software+test+data+generation++Bogdan+Korel+"><span data-line="91"></span><span class="bibitem-before">[<span class="bibitem-label">13</span>]&#160;&#160;</span><span data-line="91"></span>Bogdan Korel.
<span data-line="92"></span><span class="newblock"></span><span data-line="92"></span> Dynamic method of software test data generation.
<span data-line="93"></span><span class="newblock"></span><span data-line="93"></span> <span data-line="93"></span><em>Journal of Software Testing, Verification and Reliability</em><span data-line="93"></span>,
  2<span data-line="94"></span><span style="penalty:0"></span><span data-line="94"></span> (4):<span data-line="94"></span><span style="penalty:0"></span><span data-line="94"></span> 203<span data-line="94"></span>&#8211;<span data-line="94"></span>213, 1992.<span data-line="94"></span>&nbsp;<a href="http://www.bing.com/search?q=Dynamic+method+software+test+data+generation++Bogdan+Korel+" class="bibsearch">&#128270;</a></div>
<div id="senacav06" class="bibitem"   data-line="97" style="searchterm:Koushik+Agha+CUTE+jcute+Concolic+unit+testing+explicit+path+model+checking+tools+_Proceedings+Computer+Aided+Verification+Conference_+pages++"><span data-line="98"></span><span class="bibitem-before">[<span class="bibitem-label">14</span>]&#160;&#160;</span><span data-line="98"></span>Koushik Sen and Gul Agha.
<span data-line="99"></span><span class="newblock"></span><span data-line="99"></span> CUTE and jcute: Concolic unit testing and explicit path
  model-checking tools.
<span data-line="101"></span><span class="newblock"></span><span data-line="101"></span> In <span data-line="101"></span><em>Proceedings of 18th Computer Aided Verification Conference</em><span data-line="101"></span>,
  pages 419<span data-line="102"></span>&#8211;<span data-line="102"></span>423, 2006.<span data-line="102"></span>&nbsp;<a href="http://www.bing.com/search?q=Koushik+Agha+CUTE+jcute+Concolic+unit+testing+explicit+path+model+checking+tools+_Proceedings+Computer+Aided+Verification+Conference_+pages++" class="bibsearch">&#128270;</a></div></div></div>
<div class="madokologo block" style="text-align:right;font-size:xx-small;margin-top:4em"><span data-line="1"></span>Created with&nbsp;<a href="https://www.madoko.net">Madoko.net</a>.</div>
</body>

</html>


================================================
FILE: marktoberdorf_paper/forPublisher/IOS-Book-Article.cls
================================================
%% This is file `IOSarticle.cls'
%%
%% Generic LaTeX 2e class file for the IOS Press publications
%%
%% Macros written by Vytas Statulevicius, VTeX, Lithuania
%% for IOS Press, The Netherlands
%% Please submit bugs or your comments to vytas@vtex.lt
%%
%% You are free to use this class file as you see fit, provided 
%% that you do not make changes to the file. 
%% If you DO make changes, you are required to rename this file.
%%
%% It may be distributed under the terms of the LaTeX Project Public
%% License, as described in lppl.txt in the base LaTeX distribution.
%% Either version 1.0 or, at your option, any later version.
%%
%% \CharacterTable
%%  {Upper-case    \A\B\C\D\E\F\G\H\I\J\K\L\M\N\O\P\Q\R\S\T\U\V\W\X\Y\Z
%%   Lower-case    \a\b\c\d\e\f\g\h\i\j\k\l\m\n\o\p\q\r\s\t\u\v\w\x\y\z
%%   Digits        \0\1\2\3\4\5\6\7\8\9
%%   Exclamation   \!     Double quote  \"     Hash (number) \#
%%   Dollar        \$     Percent       \%     Ampersand     \&
%%   Acute accent  \'     Left paren    \(     Right paren   \)
%%   Asterisk      \*     Plus          \+     Comma         \,
%%   Minus         \-     Point         \.     Solidus       \/
%%   Colon         \:     Semicolon     \;     Less than     \<
%%   Equals        \=     Greater than  \>     Question mark \?
%%   Commercial at \@     Left bracket  \[     Backslash     \\
%%   Right bracket \]     Circumflex    \^     Underscore    \_
%%   Grave accent  \`     Left brace    \{     Vertical bar  \|
%%   Right brace   \}     Tilde         \~}
%%
%%
%% Bug fixes and changes:
%% 2004.05.19 - small change o layout
%% 2004.09.14 - \parindent changed
%% 2006.03.27 - centering on A4, no running heads, \snm makes uppercase
%% 2006.04.20 - changed: \thebibliography size, indent, \parindent

\NeedsTeXFormat{LaTeX2e}[1995/12/01]
\ProvidesClass{IOS-Book-Article}
              [2006/04/20 v1.0, IOS Press]

\newif\if@restonecol \@restonecolfalse
\newif\if@openright
\newif\if@mainmatter \@mainmattertrue

\DeclareOption{draft}{\setlength\overfullrule{5pt}}
\DeclareOption{final}{\setlength\overfullrule{0pt}}
\DeclareOption{openright}{\@openrighttrue}
\DeclareOption{openany}{\@openrightfalse}
\DeclareOption{onecolumn}{\@twocolumnfalse\@restonecoltrue}
\DeclareOption{twocolumn}{\@twocolumntrue}
\DeclareOption{leqno}{\input{leqno.clo}}
\DeclareOption{fleqn}{\input{fleqn.clo}}%
%
% Numbering switches:
\newif\if@seceqn   \@seceqnfalse   \DeclareOption{seceqn}{\@seceqntrue}
\newif\if@secfloat \@secfloatfalse \DeclareOption{secfloat}{\@secfloattrue}
\newif\if@secthm                   \DeclareOption{secthm}{\@secthmtrue}
%
% 
% Selection of font size and page dimensions
% If 12pt option is used, page will be reduced by 80% at printing time
\newif\if@ten@point \@ten@pointfalse

\DeclareOption{10pt}{\@ten@pointtrue}
\DeclareOption{12pt}{\@ten@pointfalse}

% Information about the publication
\def\booktitle#1{\gdef\book@title{#1}}
\def\bookeditors#1{\gdef\book@editors{#1}}
\def\publisher#1{\gdef\@publisher{#1}}

\booktitle{Book Title}
\bookeditors{Book Editors}
\publisher{IOS Press}

\ExecuteOptions{10pt,onecolumn,twoside,final,openright,fleqn}
\ProcessOptions
%

%************************* FONTS
%\def\@xivpt{14}
%\def\@xviipt{17}
%\def\@xviiipt{18}
%\def\@xxpt{20}
%\def\@xxivpt{24}

% Fonts:
\typeout{Ten point}
%
\renewcommand\normalsize{%
   \@setfontsize\normalsize\@xpt{12pt plus .5\p@ minus .1\p@}%
   \abovedisplayskip 12\p@ \@plus3pt \@minus3pt%
   \abovedisplayshortskip\abovedisplayskip%
   \belowdisplayshortskip\abovedisplayskip%
   \belowdisplayskip \abovedisplayskip%
   \let\@listi\@listI}

\newcommand\small{%
   \@setfontsize\small\@ixpt\@xipt%
   \abovedisplayskip 5.5\p@ \@plus3pt%
   \abovedisplayshortskip 5.5\p@ \@plus1pt \@minus1pt%
   \belowdisplayshortskip 5.5\p@ \@plus1pt \@minus1pt%
   \def\@listi{\leftmargin\leftmargini
               \topsep 5\p@ \@plus2\p@ \@minus2\p@
               \parsep \z@ \itemsep \parsep}%
   \belowdisplayskip \abovedisplayskip%
}
\newcommand\footnotesize{%
   \@setfontsize\footnotesize\@viiipt\@xpt%
   \abovedisplayskip 5.5\p@ \@plus3pt%
   \abovedisplayshortskip 5.5\p@ \@plus1pt \@minus1pt%
   \belowdisplayshortskip 5.5\p@ \@plus1pt \@minus1pt%
   \def\@listi{\leftmargin\leftmargini
               \topsep 4\p@ \@plus2\p@ \@minus2\p@
               \parsep \z@ \itemsep \parsep}%
   \belowdisplayskip \abovedisplayskip%
}
\newcommand\scriptsize{\@setfontsize\scriptsize\@viiipt{9.5}}
\newcommand\tiny{\@setfontsize\tiny\@vipt\@viipt}
\newcommand\large{\@setfontsize\large\@xiipt{14}}
\newcommand\Large{\@setfontsize\Large\@xivpt{18}}
\newcommand\LARGE{\@setfontsize\LARGE\@xviipt{22}}
\newcommand\huge{\@setfontsize\huge\@xxpt{25}}
\newcommand\Huge{\@setfontsize\Huge\@xxvpt{30}}

\normalsize

% Customization of fonts
\renewcommand\sldefault{it}
\renewcommand\bfdefault{b}
\let\slshape\itshape
%

% ********************* DIMENSIONS:
% TEXT DIMENSIONS
\setlength\parindent{18\p@}
\@settopoint\parindent
\setlength\textwidth{124mm}
\@settopoint\textwidth
\setlength\textheight{200mm}
\@settopoint\textheight
\setlength\columnsep{10mm}
\@settopoint\columnsep
\setlength\columnwidth{95mm}
\@settopoint\columnwidth
\setlength\columnseprule{0\p@}
\hoffset -0.5cm
\voffset -1cm

% HEADS:
\setlength\headheight{12\p@}
\setlength\headsep   {15\p@}
\setlength\topskip   {10\p@}
\setlength\footskip  {25\p@}
\setlength\maxdepth  {.5\topskip}
% SIDE MARGINS
\setlength\oddsidemargin   {0mm}
\setlength\evensidemargin  {0mm}
\setlength\topmargin       {10mm}
\@settopoint\topmargin
% TEXT PARAMETERS
\setlength\lineskip{1\p@}
\setlength\normallineskip{1\p@}
\renewcommand\baselinestretch{}
\setlength\parskip{0\p@}

% Center on A4:

\def\paper@width {210mm}
\def\paper@height{297mm}

\hoffset=-1in
\voffset=-1in

\@tempdima=\paper@width
\advance\@tempdima by-\textwidth
\divide\@tempdima by2
\setlength\evensidemargin  {\@tempdima}%
\setlength\oddsidemargin   {\@tempdima}%

\@tempdima=\paper@height
\advance\@tempdima by-\textheight
\advance\@tempdima by-\headsep
\advance\@tempdima by-\headheight
\divide\@tempdima by2
\setlength\topmargin  {\@tempdima}%




% BREAKS
\setlength\smallskipamount{6\p@ \@plus 1\p@ \@minus 1\p@}
\setlength\medskipamount{12\p@ \@plus 3\p@ \@minus 3\p@} 
\setlength\bigskipamount{24pt \@plus 3\p@ \@minus 3\p@}  
% PAGE-BREAKING PENALTIES
\clubpenalty=4000
\widowpenalty=4000
\displaywidowpenalty=50
\predisplaypenalty=0   % Breaking before a math display.
% \postdisplaypenalty  % Breaking after a math display.
% \interlinepenalty    % Breaking at a line within a paragraph.
% \brokenpenalty       % Breaking after a hyphenated line.
\pretolerance=100    % Badness tolerance for the first pass (before hyphenation)
\tolerance=800       % Badness tolerance after hyphenation
\hbadness=800        % Badness above which bad hboxes will be shown
\emergencystretch=3\p@
\hfuzz=1\p@           % do not be to critical about boxes

%
\doublehyphendemerits=0
\adjdemerits=0
\brokenpenalty=0
\interlinepenalty=0
%
\if@twocolumn
 \setlength\marginparsep {10\p@}
\else
  \setlength\marginparsep{7\p@}
\fi
\setlength\marginparpush{5\p@}

% FOOTNOTES
\setlength\footnotesep{6.65\p@}
\setlength{\skip\footins}{12\p@ \@plus 6\p@}
% FLOATS
\setlength\floatsep    {15\p@ \@plus 10\p@ \@minus 4\p@}
\setlength\textfloatsep{12\p@ \@plus 6\p@ \@minus 4\p@}
\setlength\intextsep   {12\p@ \@plus 6\p@ \@minus 4\p@}
\setlength\dblfloatsep    {15\p@ \@plus 10\p@ \@minus 4\p@}
\setlength\dbltextfloatsep{12\p@ \@plus 12\p@ \@minus 4\p@}
%  For floats on a separate float page or column:
\setlength\@fptop{0\p@ \@plus 1fil}
\setlength\@fpsep{8\p@ \@plus 1000fil}
\setlength\@fpbot{0\p@ \@plus 1fil}
\setlength\@dblfptop{0\p@ \@plus 1fil}
\setlength\@dblfpsep{8\p@ \@plus 1000fil}
\setlength\@dblfpbot{0\p@ \@plus 1fil}
%
\setcounter{topnumber}{5}
\renewcommand\topfraction{.90}
\setcounter{bottomnumber}{5}
\renewcommand\bottomfraction{.90}
\setcounter{totalnumber}{10}
\renewcommand\textfraction{.10}
\renewcommand\floatpagefraction{.9}
\setcounter{dbltopnumber}{5}
\renewcommand\dbltopfraction{.99}
\renewcommand\dblfloatpagefraction{.8}
%
% PENALTIES
\@lowpenalty   51
\@medpenalty  151
\@highpenalty 301
\@beginparpenalty -\@lowpenalty
\@endparpenalty   -\@lowpenalty
\@itempenalty     -\@lowpenalty
% LISTS
\setlength\partopsep{0\p@}
\def\@listI{\leftmargin\leftmargini
            \parsep 0\p@ \@plus2\p@ \@minus\p@
            \topsep 9\p@ \@plus2\p@ \@minus2\p@
            \partopsep\p@
            \itemsep 1\p@ \@plus.5\p@ \@minus1\p@}
\let\@listi\@listI
\@listi
\def\@listii {\leftmargin\leftmarginii
              \labelwidth\leftmarginii
              \advance\labelwidth-\labelsep
              \topsep    4\p@ \@plus2\p@ \@minus\p@
              \parsep    0\p@ \@plus1\p@  \@minus\p@
              \itemsep   \parsep}
\def\@listiii{\leftmargin\leftmarginiii
              \labelwidth\leftmarginiii
              \advance\labelwidth-\labelsep
              \topsep    2\p@ \@plus\p@\@minus\p@
              \parsep    \z@
              \partopsep \p@ \@plus\z@ \@minus\p@
              \itemsep   \topsep}
\def\@listiv {\leftmargin\leftmarginiv
              \labelwidth\leftmarginiv
              \advance\labelwidth-\labelsep}
\def\@listv  {\leftmargin\leftmarginv
              \labelwidth\leftmarginv
              \advance\labelwidth-\labelsep}
\def\@listvi {\leftmargin\leftmarginvi
              \labelwidth\leftmarginvi
              \advance\labelwidth-\labelsep}
%
\DeclareMathSizes{\@xivpt}{\@xivpt}{\@xpt}{\@viiipt}
\DeclareMathSizes{12}{12}{\@viiipt}{\@viipt}
%
% ******************** HEADINGS
%
% normal heading
\def\ps@headings{%
      \let\@oddfoot\@empty\let\@evenfoot\@empty
      \def\@evenhead{\footnotesize\rlap{\thepage}\hfill\textit{\leftmark}\hfill}%
      \def\@oddhead{\footnotesize\hfill\textit{\rightmark}\hfill\llap{\thepage}}%
}%
% empty RH
\def\ps@empty{\let\@mkboth\@gobbletwo
     \def\@oddhead{\hfill}\def\@oddfoot{}
\let\@evenhead\@oddhead\let\@evenfoot\@oddfoot}
%
% RH  with pagenumber at bottom
\def\ps@plain{\let\@mkboth\@gobbletwo
     \def\@oddhead{\hfill}\def\@oddfoot{}
\let\@evenhead\@oddhead
  \def\@oddfoot{\hfill\footnotesize\thepage\hfill}
  \let\@evenfoot\@oddfoot
}
% First page RH
\def\ps@copyright{\let\@mkboth\@gobbletwo
  \def\@evenhead{\parbox[t]{.75\textwidth}{\footnotesize\raggedright\itshape\titleheadline}\hfill\footnotesize\thepage}%
  \def\@oddhead {\parbox[t]{.75\textwidth}{\footnotesize\raggedright\itshape\titleheadline}\hfill\footnotesize\thepage}%
  \let\@oddfoot\relax%
  \let\@evenfoot\@oddfoot%
}
%
% HEADLINE: Book Title  
%           Book Editors
%           IOS Press, 0000
%
\def\titleheadline{%
   \book@title\\
   \book@editors\\
   \@publisher, \the\@pubyear}
%
\def\@copyright{\@issn/\the@copyear/\$\@price\ \copyright@sign\
\the\@pubyear\@copyrightowner}%
%

% ************************ FOOTNOTE
%
\newcommand\@makefntext[1]{%
    \parindent1em\@makefnmark #1}
\def\@makefnmark{\@textsuperscript{\normalfont\@thefnmark}}%
%
% ************************ Counters
\setcounter{secnumdepth}{3}
\newcounter {section}
\newcounter {subsection}[section]
\newcounter {subsubsection}[subsection]
\newcounter {paragraph}[subsubsection]
\newcounter {subparagraph}[paragraph]
\renewcommand \thesection {\@arabic\c@section}
\renewcommand\thesubsection   {\thesection.\@arabic\c@subsection}
\renewcommand\thesubsubsection{\thesubsection .\@arabic\c@subsubsection}
\renewcommand\theparagraph    {\thesubsubsection.\@arabic\c@paragraph}
\renewcommand\thesubparagraph {\theparagraph.\@arabic\c@subparagraph}
%
% ******************** Sectioning commands
\def\no@harm{\let\thanks=\@gobble \let\\=\@empty}
%**************** Section commands
\def\nohyphen{\pretolerance=10000 \tolerance=10000
\hyphenpenalty=10000 \exhyphenpenalty=10000}
\newcommand\section{\@startsection {section}{1}{\z@}%
                                   {-\bigskipamount}%
                                   {\medskipamount}%
                                   {\normalsize\bfseries\nohyphen\raggedright}}
\newcommand\subsection{\@startsection {subsection}{2}{\z@}%
                                   {-\medskipamount}%
                                   {\medskipamount}%
                                   {\normalsize\itshape\nohyphen\raggedright}}
\newcommand\subsubsection{\@startsection{subsubsection}{3}{\z@}%
                                     {-\medskipamount}%
                                     {\smallskipamount}%
                                     {\normalsize\itshape\nohyphen\raggedright}}
\newcommand\paragraph{\@startsection{paragraph}{4}{\z@}%
                                    {\smallskipamount}%
                                    {-1em}%
                                    {\normalsize\itshape}}
\newcommand\subparagraph{\@startsection{subparagraph}{5}{\z@}%
                                       {0.1pt}%
                                       {-1em}%
                                       {\normalsize\itshape}}
% Format for the counter:
\def\@seccntformat#1{\csname the#1\endcsname.\enspace}
%
\def\appendix{\par
   \setcounter{section}{0}%
   \setcounter{subsection}{0}%
   \gdef\thesection{\Alph{section}}}
%
\def\acknowledgements{\section*{\acknowledgementsname}%
  \typeout{\acknowledgementsname}}
%
\def\notes{\section*{Notes}\footnotesize}
\def\endnotes{\par \vskip 6pt plus12pt minus2pt\relax}
%****************** LISTS
\if@twocolumn
  \setlength\leftmargini  {2em}
\else
  \setlength\leftmargini  {2.5em}
\fi
\leftmargin  \leftmargini
\setlength\leftmarginii  {2.2em}
\setlength\leftmarginiii {1.87em}
\setlength\leftmarginiv  {1.7em}
\if@twocolumn
  \setlength\leftmarginv  {.5em}
  \setlength\leftmarginvi {.5em}
\else
  \setlength\leftmarginv  {1em}
  \setlength\leftmarginvi {1em}
\fi
\setlength  \labelsep  {.4em}
\setlength  \labelwidth{\leftmargini}
\addtolength\labelwidth{-\labelsep}
%
\renewcommand\theenumi{\@arabic\c@enumi}
\renewcommand\theenumii{\@alph\c@enumii}
\renewcommand\theenumiii{\@roman\c@enumiii}
\renewcommand\theenumiv{\@Alph\c@enumiv}
\newcommand\labelenumi{\theenumi.}
\newcommand\labelenumii{(\theenumii)}
\newcommand\labelenumiii{\theenumiii.}
\newcommand\labelenumiv{\theenumiv.}
\renewcommand\p@enumii{\theenumi}
\renewcommand\p@enumiii{\theenumi(\theenumii)}
\renewcommand\p@enumiv{\p@enumiii\theenumiii}
%
\def\setenumlabel#1{\gdef\max@enumlabel{#1}}
\setenumlabel{1.}
%
\def\enumerate{\@ifnextchar[{\enumerate@}{\enumerate@[\max@enumlabel]}}
%
\def\enumerate@[#1]{\ifnum \@enumdepth >4 \@toodeep\else
 \advance\@enumdepth \@ne
 \edef\@enumctr{enum\romannumeral\the\@enumdepth}%
 \list {\csname label\@enumctr\endcsname}%
 {\usecounter{\@enumctr}\def\makelabel##1{{\hfill\rm ##1}}
\settowidth{\labelwidth}{#1}
\advance\labelwidth by\parindent \labelsep=0.5em
 \leftmargin\z@ \rightmargin\z@ \itemindent=\labelwidth
        \advance\itemindent\labelsep
        \leftmargin=\the\itemindent\itemindent=\z@
        \partopsep\z@ \topsep\smallskipamount \parsep\z@ \itemsep\z@ %\@rightskip\z@ plus 1fil
 \listparindent\z@}\fi\setenumlabel{1.}}

%%%%%%%%%%%%%%%%%%%%%% ITEMIZE
\newcommand\labelitemi{\normalfont\bfseries \textbullet}
\newcommand\labelitemii{\textasteriskcentered}
\newcommand\labelitemiii{\textasteriskcentered}
\newcommand\labelitemiv{\textperiodcentered}

\let\@itemize@indent\parindent
%
\def\itemize{\@ifnextchar[{\itemize@}{\itemize@[]}}
\def\itemize@[#1]{\ifnum \@itemdepth >4 \@toodeep\else
  \advance\@itemdepth \@ne
  \edef\@itemitem{labelitem\romannumeral\the\@itemdepth}%
  \if.#1. \else\def\@@tempa{#1}\edef\@itemitem{@@tempa}\fi\list
{\csname\@itemitem\endcsname}{\settowidth{\labelwidth}
                {\csname\@itemitem\endcsname}
                \def\makelabel##1{##1}\labelsep=0.5em%ST
		\itemindent=\labelwidth \advance\itemindent\labelsep
                \advance\itemindent\@itemize@indent
		\leftmargin\the\itemindent \itemindent=\z@
                \partopsep\z@ \topsep\smallskipamount \parsep\z@ %\@rightskip\z@ plus 1fil
		\itemsep\z@ \listparindent\z@} \fi}
%
\newenvironment{description}
               {\list{}{\labelwidth\z@ \itemindent-\leftmargin
                        \let\makelabel\descriptionlabel}}
               {\endlist}
\newcommand*\descriptionlabel[1]{\hspace\labelsep
                                \normalfont\bfseries #1}
\newenvironment{verse}
               {\let\\\@centercr
                \list{}{\itemsep      \z@
                        \itemindent   -1.5em%
                        \listparindent\itemindent
                        \rightmargin  \leftmargin
                        \advance\leftmargin 1.5em}%
                \item\relax}
               {\endlist}

\newenvironment{quotation}
               {\list{}{\small\listparindent2mm%
                        \itemindent\z@   %
                        \rightmargin\z@   \leftmargin\parindent%
                        \partopsep\z@ \topsep\smallskipamount \parsep\z@%
                        }%
                \item[\Q@strut]\relax}
               {\endlist}
\def\Q@strut{\leavevmode\hbox{\vrule height9pt depth1pt width0pt}}

\newenvironment{quote}
               {\list{}{\listparindent\z@%
                        \itemindent    \listparindent%
                        \rightmargin\z@   \leftmargin 1.5em%
                        \partopsep\z@ \topsep6pt \parsep\z@%
                        }%
                \item[\Q@strut]\relax}
               {\endlist}
%
%************************** TABULAR
\let\savehline\hline
   \def\thline{\noalign{\vskip3pt}\savehline\noalign{\vskip3pt}}%
   \def\fhline{\noalign{\vskip1pt}\savehline\noalign{\vskip7pt}}%
   \def\bhline{\noalign{\vskip3pt}\noalign{\global\arrayrulewidth=1\p@}\savehline\noalign{\global\arrayrulewidth=.5\p@}\noalign{\vskip3pt}}%
   \def\lhline{\noalign{\vskip3pt}\noalign{\global\arrayrulewidth=.3\p@}\savehline\noalign{\global\arrayrulewidth=.5\p@}\noalign{\vskip3pt}}
%
%************************** MATH SETTINGS
\setlength\mathindent{2em}
\setlength\arraycolsep{1.2\p@}
\setlength\tabcolsep{6\p@}
\setlength\arrayrulewidth{.4\p@}
\setlength\doublerulesep{2\p@}
\setlength\tabbingsep{\labelsep}
\setlength\jot{6\p@}
\skip\@mpfootins = \skip\footins
\setlength\fboxsep{3\p@}
\setlength\fboxrule{.4\p@}
\if@seceqn
\@addtoreset {equation}{section}
\renewcommand\theequation{\thesection.\@arabic\c@equation}
\else
\renewcommand\theequation{\@arabic\c@equation}
\fi
%******* TABLES, FIGURES, ALGORITHM
\newcounter{figure}
\if@secfloat
 \@addtoreset{figure}{section}
 \renewcommand \thefigure {\thesection.\@arabic\c@figure}
\else
 \renewcommand \thefigure {\@arabic\c@figure}
\fi
\def\fps@figure{tbp}
\def\ftype@figure{1}
\def\ext@figure{lof}
\def\fnum@figure{\figurename~\thefigure.}
\newenvironment{figure}
               {\let\@makecaption\@makefigurecaption\let\@floatboxreset\@figureboxreset\@float{figure}}
               {\end@float}
\newenvironment{figure*}
               {\let\@makecaption\@makefigurecaption\let\@floatboxreset\@figureboxreset\@dblfloat{figure}}
               {\end@dblfloat}

\def\@figureboxreset{%
        \reset@font%
        \centering%
        \@setnobreak%
        \@setminipage%
}


\long\def\@makefigurecaption#1#2{\footnotesize%
 \vskip\abovecaptionskip
\setbox\@tempboxa\hbox{\textbf{#1}\enspace #2}%
  \ifdim \wd\@tempboxa >\hsize
    \unhbox\@tempboxa\par
  \else
    \hbox to\hsize{\hfil\box\@tempboxa\hfil}%
  \fi}
%
% TABLE
\newcounter{table}
\if@secfloat
  \@addtoreset{table}{section}
\renewcommand \thetable{\thesection.\@arabic\c@table}
\else
  \renewcommand \thetable{\@arabic\c@table}
\fi
\def\fps@table{tbp}
\def\ftype@table{2}
\def\ext@table{lot}
\def\fnum@table{\tablename~\thetable.}
%
\newenvironment{table}
               {\let\@makecaption\@maketablecaption%
               \let\@floatboxreset\@tableboxreset\@float{table}}
               {\end@float}
\newenvironment{table*}
               {\let\@makecaption\@maketablecaption%
               \let\@floatboxreset\@tableboxreset\@dblfloat{table}}
               {\end@dblfloat}
%
\def\@tableboxreset{%
        \reset@font%
        \centering\footnotesize%
        \def\arraystretch{1.2}
        \@setnobreak%
        \@setminipage%
}

\newlength\abovecaptionskip
\newlength\belowcaptionskip
\setlength\abovecaptionskip{8\p@}
\setlength\belowcaptionskip{3\p@}
%
\newdimen\tablewidth \tablewidth\textwidth
\newdimen\saved@tablewidth \saved@tablewidth\textwidth
%
\long\def\@maketablecaption#1#2{%
 \begingroup%
    \footnotesize%
    \global\setbox\@tempboxa\hbox{\textbf{#1}\enspace #2}%
 \endgroup%
 \centering%
 \ifdim \wd\@tempboxa>\tablewidth %
    \parbox[t]{\tablewidth}{\footnotesize\textbf{#1}\enspace #2\vphantom{Ay}\par}%
 \else
    \hbox to\hsize{\hfill\box\@tempboxa\vphantom{Ay}\hfill}%
 \fi%
 \global\saved@tablewidth\tablewidth%
 \global\tablewidth\hsize\vskip\belowcaptionskip}
%
%
%%****************** Algorithm
\newcounter{algorithm}
\if@secfloat
  \@addtoreset{algorithm}{section}
\renewcommand \thealgorithm{\thesection.\@arabic\c@algorithm}
\else
  \renewcommand \thealgorithm{\@arabic\c@algorithm}
\fi
\def\fps@algorithm{tbp}
\def\ftype@algorithm{4}
\def\ext@algorithm{loa}
\def\fnum@algorithm{\algorithmname~\thealgorithm.}
%
\newenvironment{algorithm}
               {\let\@makecaption\@makealgorithmcaption%
               \let\@floatboxreset\@algorithmboxreset\@float{algorithm}}
               {\end@float}
\newenvironment{algorithm*}
               {\let\@makecaption\@makealgorithmcaption%
               \let\@floatboxreset\@algorithmboxreset\@dblfloat{algorithm}}
               {\end@dblfloat}

\def\@algorithmboxreset{%
        \reset@font%
        \centering
        \@setnobreak%
        \@setminipage%
}
\long\def\@makealgorithmcaption#1#2{\vskip 2ex \small
  \hbox to \hsize{\parbox[t]{\hsize}{{\bf #1} #2}}}
%
%%%% Program Code:
\def\programcode{%
\let\@makealgorithmcaption\@makefigurecaption
\def\algorithmname{Program Code}}


%********************* COMPATIBILITY WITH OLD LATEX:
\DeclareOldFontCommand{\rm}{\normalfont\rmfamily}{\mathrm}
\DeclareOldFontCommand{\sf}{\normalfont\sffamily}{\mathsf}
\DeclareOldFontCommand{\tt}{\normalfont\ttfamily}{\mathtt}
\DeclareOldFontCommand{\bf}{\normalfont\bfseries}{\mathbf}
\DeclareOldFontCommand{\it}{\normalfont\itshape}{\mathit}
\let\sl\it
\DeclareOldFontCommand{\sc}{\normalfont\scshape}{\@nomath\sc}
\DeclareRobustCommand*\cal{\@fontswitch\relax\mathcal}
\DeclareRobustCommand*\mit{\@fontswitch\relax\mathnormal}
%
% *********** MATH
%
\if@secthm
 \@addtoreset{thm}{section}
 \def\thethm{\thesection.\arabic{thm}}
\else
 \def\thethm{\arabic{thm}}
\fi
%
%***************************** BIBLIOGRAPHY

\newenvironment{thebibliography}[1]
     {\section*{\refname}\footnotesize\rmfamily\upshape%
      \list{\@biblabel{\@arabic\c@enumiv}}%
           {\settowidth\labelwidth{\@biblabel{#1}}%
            \leftmargin\labelwidth
            \setlength\labelsep{8\p@}
            \advance\leftmargin\labelsep
            \usecounter{enumiv}%
            \let\p@enumiv\@empty
            \renewcommand\theenumiv{\@arabic\c@enumiv}}%
      \sloppy
      \clubpenalty4000
      \@clubpenalty \clubpenalty
      \widowpenalty4000%
      \sfcode`\.\@m}
     {\def\@noitemerr
       {\@latex@warning{Empty `thebibliography' environment}}%
      \endlist}
%
\newcommand\newblock{\hskip .11em\@plus.33em\@minus.07em}
%
\def\@citex[#1]#2{%
  \let\@citea\@empty
  \@cite{\@for\@citeb:=#2\do
    {\@citea\def\@citea{,\penalty\@m\hskip.1pt}%
     \edef\@citeb{\expandafter\@firstofone\@citeb}%
     \if@filesw\immediate\write\@auxout{\string\citation{\@citeb}}\fi
     \@ifundefined{b@\@citeb}{\mbox{\reset@font\bfseries ?}%
       \G@refundefinedtrue
       \@latex@warning
         {Citation `\@citeb' on page \thepage \space undefined}}%
       {\hbox{\csname b@\@citeb\endcsname}}}}{#1}}

%****************************** FRONTMATTER *
%
\newtoks\t@glob@notes
\newtoks\t@loc@notes
\newcount\note@cnt
\newcounter{author}
\newcount\n@author
\def\n@author@{}
\newcounter{address}
%
\newcount\sv@hyphenpenalty
%
\newcount\prev@elem \prev@elem=0
\newcount\cur@elem  \cur@elem=0
\chardef\e@pretitle=1
\chardef\e@title=1
\chardef\e@subtitle=1
\chardef\e@author=2
\chardef\e@address=3
%
\newif\if@newelem
\newif\if@firstauthor
\newif\if@preface
\newif\if@hasabstract
\newif\if@haskeywords
%
\newbox\fm@box
\newdimen\fm@size
\newbox\t@abstract
\newbox\t@keywords
%
\def\add@tok#1#2{\global#1\expandafter{\the#1#2}}
\def\add@xtok#1#2{\begingroup
  \no@harm
  \xdef\@act{\global\noexpand#1{\the#1#2}}\@act
\endgroup}
%
\def\tailthanksref[#1]#2{\noexpand\pthanksref{#1}}
\def\pthanksref#1{\global\advance\note@cnt\@ne\ifnum\note@cnt>\@ne
\global\t@loc@notes\expandafter{\the\t@loc@notes\note@sep}\fi
\global\t@loc@notes\expandafter{\the\t@loc@notes#1}}
%
\def\beg@elem{\global\t@loc@notes={}\global\note@cnt\z@}
\def\@xnamedef#1{\expandafter\xdef\csname #1\endcsname}
\def\no@harm{%
  \let\\=\relax  \let\rm\relax
  \let\ss=\relax \let\ae=\relax \let\oe=\relax
  \let\AE=\relax \let\OE=\relax
  \let\o=\relax  \let\O=\relax
  \let\i=\relax  \let\j=\relax
  \let\aa=\relax \let\AA=\relax
  \let\l=\relax  \let\L=\relax
  \let\d=\relax  \let\b=\relax \let\c=\relax
  \let\bar=\relax
  \def\protect{\noexpand\protect\noexpand}}
%
\def\proc@elem#1#2{\begingroup
    \no@harm
    \def\thanks##1##{\@gobble}%
    \def\thanksref##1##{\@gobble}%
    \@xnamedef{@#1}{#2}%
  \endgroup
  \prev@elem=\cur@elem
  \cur@elem=\csname e@#1\endcsname
  \expandafter\elem@nothanksref#2\thanksref\relax%
  \expandafter\elem@nothanks#2\thanks\relax}
%
\def\elem@nothanksref#1\thanksref{\futurelet\@peektok\elem@thanksref}
\def\elem@thanksref{\ifx\@peektok\relax
  \else \expandafter\elem@morethanksref \fi}
\def\elem@morethanksref[#1]#2{\add@thanks{#1}\elem@nothanksref}
%
\def\elem@nothanks#1\thanks{\futurelet\@peektok\elem@thanks}
\def\elem@thanks{\ifx\@peektok\relax
  \else \ifx\@peektok[ \expandafter\expandafter\expandafter\elem@morethankse
  \else \expandafter\expandafter\expandafter\elem@morethanks \fi\fi}
%
\def\elem@morethankse[#1]#2{\thanks@optarg[#1]{#2}\add@thanks{#1}\elem@nothanks}
\def\elem@morethanks#1{\thanks@optarg[]{#1}\add@thanks{}\elem@nothanks}
%
\def\add@thanks#1{%
  \global\advance\note@cnt\@ne
    \ifnum\note@cnt>\@ne \add@xtok\t@loc@notes{\note@sep}\fi
    \ifx.#1.\add@xtok\t@loc@notes{\thefootnote}\else
        \add@xtok\t@loc@notes{#1}\fi%
}
\def\add@addressref#1{%
  \global\advance\note@cnt\@ne
    \ifnum\note@cnt>\@ne \add@xtok\t@loc@notes{\note@sep}\fi
    \add@tok\t@loc@notes{\ref{#1}}%
}
\def\note@sep{,}
%
\def\thanks@optarg[#1]#2{%
    \ifx.#1.\add@tok\t@glob@notes{\footnotetext}%
    \else\add@tok\t@glob@notes{\freefootnotetext}\fi%
    \refstepcounter{footnote}%
    \ifx.#1.\add@xtok\t@glob@notes{[\the\c@footnote]}%
    \else\add@xtok\t@glob@notes{[#1]}\fi%
    \add@tok\t@glob@notes{{#2}}%
        \ignorespaces}%
%
% FRONTMATTER
%
\def\artty#1{}
%
\newdimen\a@title@skip   \a@title@skip=12\p@
\newskip\b@section@skip  \b@section@skip=12\p@ plus6\p@ minus6\p@%
\newskip\b@pretitle@skip \b@pretitle@skip=6\p@
%
\def\frontmatter{%
  \let\@corresp@note\relax
  \global\t@glob@notes={}\global\c@author\z@
  \global\c@address\z@
  \global\n@author=0\n@author@\relax
  \global\advance\n@author\m@ne
  \global\@firstauthortrue
  \global\@hasabstractfalse
  \global\@prefacefalse
  \parindent\z@
  \open@fm \ignorespaces}
%
\def\preface{\@prefacetrue}
%
% ENDFRONTMATTER
%
\def\endfrontmatter{%
  \global\n@author=\c@author \@writecount
  \global\@topnum\z@
  \ifx\@firstpage\@lastpage
    \gdef\@pagerange{\@firstpage}
  \else
    \gdef\@pagerange{\@firstpage--\@lastpage}
  \fi
%  \thispagestyle{copyright}%
  \if@twocolumn\else\output@glob@notes\fi
  \if@preface
    \@hasabstractfalse
  \fi
  \if@hasabstract
    \normal@text
    \vskip 18\p@
    \centering
    \leavevmode\box\t@abstract\par
  \fi
  \if@haskeywords
    \normal@text
    \if@hasabstract \vskip6pt\else\vskip18pt\fi    
    \centering
    \leavevmode\box\t@keywords\par
  \fi
  \close@fm
  \if@twocolumn\output@glob@notes\fi
  \markboth{\@runauthor\@runtitle}{\@runauthor\@runtitle}%
  \global\@prefacefalse
  \global\leftskip\z@
  \global\@rightskip\z@
  \global\rightskip\@rightskip
%  \global\c@footnote=0
  \let\title\relax       \let\author\relax
  \let\address\relax
  \let\frontmatter\relax \let\endfrontmatter\relax
  \let\@maketitle\relax  \let\@@maketitle\relax
  \normal@text}
%
% Dvieju koloneliu zurnale per visa lapo ploti eina
% tik pretitle, title ir subtitle. Tam ivedame komanda
% \maketitle, kuri uzdaro box'a

  \def\two@c@maketitle{%
    \global\let\close@fm\relax%
    \vskip\b@section@skip%
    \par \egroup
    \emergencystretch=1pc \twocolumn[\unvbox\fm@box]}
%
\if@restonecol
  \let\maketitle\relax
\else
  \let\maketitle\two@c@maketitle
\fi
%

%
\newdimen\t@xtheight
\def\init@settings{
\splittopskip=\topskip \splitmaxdepth=\maxdepth
\t@xtheight\textheight \advance\t@xtheight-\splittopskip}
%
\def\open@fm{
  \global\setbox\fm@box=\vbox\bgroup
  \hsize=\textwidth
  \centering
  \sv@hyphenpenalty\hyphenpenalty
  \hyphenpenalty\@M}
%

\def\close@fm{%
  \vskip\b@section@skip%
  \par \egroup
  \if@twocolumn\else%
    \fm@size=\dp\fm@box \advance\fm@size by \ht\fm@box
    \@whiledim\fm@size>\t@xtheight \do{%
      \global\setbox\@tempboxa=\vsplit\fm@box to \t@xtheight
      \unvbox\@tempboxa \newpage
      \fm@size=\dp\fm@box \advance\fm@size by \ht\fm@box}
  \fi%
  \if@twocolumn
    \emergencystretch=1pc \twocolumn[\unvbox\fm@box]
  \else
    \unvbox\fm@box
  \fi}
%
\def\output@glob@notes{\bgroup
  \the\t@glob@notes
  \egroup}
%
\def\justify@off{\let\\=\@normalcr
  \leftskip\z@ \@rightskip\@flushglue \rightskip\@rightskip}
\def\justify@on{\let\\=\@normalcr
  \parfillskip\@flushglue%
  \leftskip\z@ \@rightskip\z@ \rightskip\@rightskip}
%
\def\normal@text{\global\let\\=\@normalcr
  \global\leftskip\z@ \global\@rightskip\z@ \global\rightskip\@rightskip
  \global\parfillskip\@flushglue}
%
\def\@writecount{\write\@mainaux{\string\global
  \string\@namedef{n@author@}{\the\n@author}}%
}
%
% TITLE
\def\pretitle#1{%
\vspace*{\b@pretitle@skip}\pretitle@size#1\par\vskip6\p@\hrule
\vskip12\p@}
%
\def\title#1{%
  \beg@elem
  \title@note@fmt
  \add@tok\t@glob@notes
    {\title@note@fmt}%
  \proc@elem{title}{#1}%
  \def\title@notes{\the\t@loc@notes}%
  \title@fmt{\@title}{\title@notes}%
  \ignorespaces}
%
\newdimen\@@topskip \@@topskip=24\p@
%
\def\title@fmt#1#2{%
  \vspace*{\@@topskip}
  {\title@size #1\hbox{$^{#2}$}\par}%
  \vskip\a@title@skip%
  }

%
\def\subtitle#1{%
  \beg@elem
  \proc@elem{subtitle}{#1}%
  \def\title@notes{\the\t@loc@notes}%
  \subtitle@fmt{\@subtitle}{\title@notes}%
  \ignorespaces}
%
%
\def\subtitle@fmt#1#2{%
  {\subtitle@size #1\,\hbox{$^{\mathrm{#2}}$}\par}%
  \vskip\a@title@skip%
  }
%
\def\title@note@fmt{\def\thefootnote{\arabic{footnote}}}
%
% AUTHOR
%
\newdimen\b@author@skip
\b@author@skip 12\p@
%
\def\author{\@ifnextchar[{\author@optarg}{\author@optarg[]}}
%
\def\author@optarg[#1]#2{\stepcounter{author}%
  \beg@elem\def\degs##1{##1}\def\fnms##1{##1}\def\inits##1{##1}%
        \def\snm##1{\MakeUppercase{##1}}\def\roles##1{##1}%
  \if@firstauthor%
  \first@author \global\@firstauthorfalse \fi%
  \@for\@tempa:=#1\do{\expandafter\add@addressref\expandafter{\@tempa}}%
  \proc@elem{author}{#2}%
  \author@fmt{\the\c@author}{\the\t@loc@notes}{\@author}}%
%
%\newbox\author@box

%
\def\author@fmt#1#2#3{\@newelemtrue
  \ifnum\prev@elem=\e@author \global\@newelemfalse \fi
  \if@newelem \author@fmt@init \fi
  \edef\@tempb{#2}\ifx\@tempb\@empty
    \hbox{#3}\else
    \hbox{#3\,$^{\mathrm{#2}}$}%
  \fi}
%
\def\first@author{\author@note@fmt%
  \add@tok\t@glob@notes%
    {\author@note@fmt}}%
%
\def\author@fmt@init{%
  \par
  \vskip \b@author@skip
  \authors@size\centering
  \leavevmode}
%
\def\and{\unskip~and~}
%
\def\author@note@fmt{%
  \def\thefootnote{\arabic{footnote}}}
%
\def\sxarabic#1{%
        \expandafter\ifcase\value{#1} \or *\or **\or *** \or **** \or *****\fi
}
%
% ADDRESS
%
\def\email#1{{e-mail:\ #1}}
%
\def\address{\@ifstar{\address@star}%
  {\@ifnextchar[{\address@optarg}{\address@noptarg}}}
%
\def\address@optarg[#1]#2{\refstepcounter{address}%
  \beg@elem
  \proc@elem{address}{#2}%
  \address@fmt{\the\c@address}{\the\t@loc@notes}{\@address}\label{#1}%
  \ignorespaces}
%
\def\address@noptarg#1{\refstepcounter{address}%
  \beg@elem
  \proc@elem{address}{#1}%
  \address@fmt{\z@}{\the\t@loc@notes}{\@address}%
  \ignorespaces}
%
\def\address@star#1{%
  \beg@elem
  \proc@elem{address}{#1}%
  \address@fmt{\m@ne}{\the\t@loc@notes}{\@address}%
  \ignorespaces}
%
\def\theaddress{\alph{address}}
%
\def\address@fmt#1#2#3{\@newelemtrue
  \ifnum\prev@elem=\e@address \@newelemfalse \fi
  \if@newelem \address@fmt@init \fi
  \bgroup\parskip\z@\noindent\centering \address@size
  \ifnum#1=\z@
    #3\,$^{\mathrm{#2}}$\space%
  \else
    \ifnum#1=\m@ne
      $^{\phantom{\mathrm{\theaddress}}\,}$#3\,$^{\mathrm{#2}}$%
    \else
      $^{\mathrm{\theaddress}\,}$#3\,$^{\mathrm{#2}}$%
    \fi
  \fi
  \par\egroup}
%
\def\address@fmt@init{%
        \def\@currentlabel{\theaddress}
  \par
  \vskip 2\p@ plus 1\p@ minus 1\p@}
%
% ABSTRACT
%
\def\abstract{\@ifnextchar[{\@abstract}{\@abstract[]}}
\def\@abstract[#1]{%
  \global\@hasabstracttrue
  \hyphenpenalty\sv@hyphenpenalty
  \global\setbox\t@abstract=\vbox\bgroup
  \linewidth\abstract@width
  \hsize\abstract@width
  \justify@on\abstract@size\parindent 1em
  \abstract@indent\textbf{\abstractname}\ignorespaces}
\def\endabstract{\par\egroup}
%
% KEYWORDS
\def\sep{\unskip, }
\global\@haskeywordsfalse
\newdimen\dp@t@keywords
\def\keyword{\global\@haskeywordstrue%
  \global\setbox\t@keywords=\vbox\bgroup%
  \hsize\abstract@width%
  \justify@on\abstract@size\parindent 0\p@
  \textbf{\keywordsname}\ignorespaces
  }
\def\endkeyword{\par\egroup\global\dp@t@keywords=\dp\t@keywords}
\def\keywords#1{\begin{keyword}#1\end{keyword}}
%
% 
%
% Running title
\def\runningtitle#1{\gdef\@runtitle{#1}}   \def\@runtitle{}
\def\runningauthor#1{{\def\etal{et al.}\gdef\@runauthor{#1\@runsep}}} \def\@runauthor{}
\def\runningsep#1{\gdef\@runsep{#1}}
\def\@runsep{\ /\ }
%
\def\journal#1{\gdef\@journal{#1}}     \@ifundefined{@journal}{\gdef\@journal{Journal not defined}}{}
\def\volume#1{\gdef\@volume{#1}}       \def\@volume{0}
\def\issue#1{\gdef\@issue{#1}}         \def\@issue{0}
%
%
\newcount\@pubyear
\newcount\@copyear
\@pubyear=\number\year
\@copyear\@pubyear 
\advance\@copyear-2000

\def\pubyear#1{\global\@pubyear#1
  \global\@copyear\@pubyear 
  \global\advance\@copyear-2000%
  \ignorespaces}
%
\def\the@copyear{\ifnum\@copyear<10 0\fi\the\@copyear}

%
\pubyear{2003}
%
\def\firstpage#1{\def\@tempa{#1}\ifx\@tempa\@empty\else
  \gdef\@firstpage{#1}\gdef\@lastpage{#1}%
  \global\c@page=#1 \ignorespaces\fi
  }
\def\@firstpage{1}
\def\lastpage#1{\def\@tempa{#1}\ifx\@tempa\@empty\else
  \gdef\@lastpage{#1}\ignorespaces\fi}
\def\@lastpage{0}
\def\@pagerange{1--0}

% Write the last page:
\def\write@last@page{%
\write\@mainaux{\string\global\string\@namedef{@lastpage}{\the\c@page}}}

\AtEndDocument{\write@last@page}
% SGML
\long\def\convertas#1#2{#2}
\def\sday#1{#1}\def\smonth#1{#1}\def\syear#1{#1}
\def\aid#1{\gdef\@aid{#1}}
%
\def\SSDI#1{\gdef\@ssdi{#1}} \def\@ssdi{000000-00}
\def\issn#1{\gdef\@issn{#1}}
\def\price#1{\gdef\@price{#1}}
%
\def\date#1{\gdef\@date{#1}}    \def\@date{\today}
%

\def\empty@data{\@nil}
%

%***************** BACKMATTER
\newcommand\backmatter{\goodbreak}

%**************** INICIALIZATION
\newcommand\refname{References}
\newcommand\figurename{Figure}
\newcommand\tablename{Table}
\newcommand\algorithmname{Algorithm}
\newcommand\appendixname{Appendix}
\newcommand\abstractname{Abstract. }
\newcommand\keywordsname{Keywords. }
\def\acknowledgementsname{Acknowledgements}
%
\def\copyright@sign{\copyright}
%
% DIMENSIONS
\def\@articletypesize{\large}
\def\pretitle@size{\LARGE}
\def\title@size{\huge}
\def\subtitle@size{\large\itshape}
\def\authors@size{\normalsize}
\def\abstract@size{\footnotesize}
\def\abstract@width{22pc}
\def\abstract@indent{\noindent}
\def\address@size{\normalsize\itshape}
% Block preparation of contents:
\def\addcontentsline#1#2#3{}
\long\def\addtocontents#1#2{}
%
\newcommand\today{}
\edef\today{\ifcase\month\or
  January\or February\or March\or April\or May\or June\or
  July\or August\or September\or October\or November\or December\fi
  \space\number\day, \number\year}
%
\@twosidetrue
\pagenumbering{arabic}
\frenchspacing
\init@settings

\if@twocolumn\setlength\tablewidth{\columnwidth}
\else\setlength\tablewidth{\textwidth}\fi
%\pagestyle{headings}
\pagestyle{empty}

\endinput
%%
%% End of file `IOS-Book-Article.cls'.


================================================
FILE: marktoberdorf_paper/forPublisher/css.sty
================================================
%---------------------------------------------------------------------------
%  Copyright 2013 Microsoft Corporation.
% 
%  This is free software; you can redistribute it and/or modify it under the
%  terms of the Apache License, Version 2.0. A copy of the License can be
%  found in the file "license.txt" at the root of this distribution.
%---------------------------------------------------------------------------
\NeedsTeXFormat{LaTeX2e}[1995/12/01]

\RequirePackage{iftex}
\RequirePackage{etoolbox}
\RequirePackage{xkeyval}
\RequirePackage[table]{xcolor}
\RequirePackage{mdframed}
\RequirePackage{graphicx}
\RequirePackage{tablefootnote}

% font selection
\ifXeTeX\RequirePackage{fontspec}\else
\ifLuaTeX\RequirePackage{fontspec}\else
\providecommand{\fontspec}[2][]{}
\fi\fi


% Define CSS 17 standard colors
\definecolor{Red}{HTML}{FF0000}
\definecolor{Lime}{HTML}{00FF00}
\definecolor{Blue}{HTML}{0000FF}

\definecolor{Yellow}{HTML}{FFFF00}
\definecolor{Cyan}{HTML}{00FFFF}
\definecolor{Magenta}{HTML}{FF00FF}

\definecolor{Navy}{HTML}{000080}
\definecolor{Maroon}{HTML}{800000}
\definecolor{Green}{HTML}{008000}

\definecolor{Teal}{HTML}{008080}
\definecolor{Purple}{HTML}{800080}
\definecolor{Olive}{HTML}{808000}

\definecolor{Black}{HTML}{000000}
\definecolor{Dimgray}{HTML}{696969}
\definecolor{Gray}{HTML}{808080}
\definecolor{Darkgray}{HTML}{A9A9A9}
\definecolor{Silver}{HTML}{C0C0C0}
\definecolor{Lightgray}{HTML}{D3D3D3}
\definecolor{Gainsboro}{HTML}{DCDCDC}
\definecolor{Floralwhite}{HTML}{FFFAF0}
\definecolor{Ivory}{HTML}{FFFFF0}
\definecolor{White}{HTML}{FFFFFF}

\definecolor{Orange}{HTML}{FFA500}
\definecolor{Aqua}{HTML}{00FFFF}
\definecolor{Fuchsia}{HTML}{FF00FF}

% ---------------------------------------------
% Basic LaTeX helpers
% ---------------------------------------------

% use '\defcommand' to define a command no matter if it is predefined or not
\def\defcommand{\@ifstar\defcommand@S\defcommand@N}
\def\defcommand@S#1{\let#1\outer\renewcommand*#1}
\def\defcommand@N#1{\let#1\outer\renewcommand#1} 

\def\providecsgdef#1{\ifcsdef{#1}{\providecommand\@foo}{\csgdef{#1}}}

\providecommand\@swap[2]{#2#1}
\providecommand\@swaparg[2]{#2{#1}}
\providecommand\expandnext[2]{\expandafter\@swaparg\expandafter{#2}{#1}}
\newcommand\@expandafter\expandnext %legacy
\newcommand\expandnextii[3]{\expandnext{\expandnext{#1}{#2}}{#3}}
\newcommand\expandnextiii[4]{\expandnext{\expandnextii{#1}{#2}{#3}}{#4}}
\newcommand\expandnextiv[5]{\expandnext{\expandnextiii{#1}{#2}{#3}{#4}}{#5}}   

\newcommand{\eifstrequal}{\expandafter\ifstrequal\expandafter}
\newcommand{\eeifstrequal}[2]{\expandnext{\eifstrequal{#1}}{#2}}

\providecommand\providelength[1]{%
  \begingroup
    \escapechar\m@ne
    \xdef\@gtempa{\string#1}%
  \endgroup
  \@ifundefined{\@gtempa}%
    {\newskip#1}%
    {}%
}

% is a string an element of a list of (comma separated) strings
\newcommand{\eifstrelement}[4]{%
  \def\@found{}%
  \@for\@ii:=#2\do{%
    \eeifstrequal{\@ii}{#1}{\def\@found{true}}{}%
  }%
  \ifdefvoid{\@found}{#4}{#3}%
}

% do two lists of strings intersect?
\newcommand{\ifintersect}[4]{%
  \def\@intersect{}%
  \@for\@sname:=#1\do{%
  	\ifdefvoid{\@intersect}{%
    	\eifstrelement{\@sname}{#2}{\def\@intersect{true}}{}%
    }{}%
  }%
  \ifdefvoid{\@intersect}{#4}{#3}%
}

% get string head and tail
\def\strsplit#1{\expandafter\strsplitx#1\empty\empty\empty}
\def\strsplitx#1#2\empty{%
	\edef\strhead{#1}%
	\edef\strtail{#2}%
}

% normalize colors: to lowercase and then capitalize
\newcommand{\cssDefNormalizeColor}[2]{%
	\expandafter\@cssNormColor#2\empty{#1}\empty%
}
\def\@cssNormColor#1#2\empty#3\empty{%
	\uppercase{\def\@hd{#1}}\lowercase{\def\@tl{#2}}%
	\expandafter\global\expandafter\edef\csname #3\endcsname{\@hd\@tl}%
}


% ---------------------------------------------------
% Some TeX stuff to compose functions
% ---------------------------------------------------
\newcommand{\apptox}[2]{%  apptox{\cmd1}{\cmd2} == newcommand{\cmd1'}[1]{\cmd1{\cmd2{#1}}}
  \providecommand{#1}[1]{##1}% define it if necessary (as identity)
  \protected@edef#1##1{#1{\protect #2{##1}}}%
}

\newcommand{\pretox}[2]{%  pretox{\cmd1}{\cmd2} == newcommand{\cmd1'}[1]{\cmd2{\cmd1{#1}}}
  \providecommand{#1}[1]{##1}%
  \protected@edef#1##1{\protect #2{#1{##1}}}%
}

%-------------------------------------------------------------
% Save footnotes inside mdframed and minipage environments
%-------------------------------------------------------------
\newif\if@saveFootnotes
\newcommand{\cssSaveFootnotes}%
	{\if@saveFootnotes\else%
		\let\footnote\tablefootnote%
	 \fi%
	 \@saveFootnotestrue}%
\newcommand{\cssRestoreFootnotes}%	 
	{\if@saveFootnotes\else%
 		\tfn@tablefootnoteprintout% 
 		\gdef\tfn@fnt{0}%
 	 \fi}% 

%-------------------------------------------------------------
% Setup mdframed with default values
%-------------------------------------------------------------
\newlength{\cssPixel}\setlength{\cssPixel}{0.4pt}% assume 180 dpi
\mdfsetup{%
	leftmargin=0pt,%
	rightmargin=0pt,%
	skipabove=0pt,%
	skipbelow=0pt,%
	innertopmargin=0pt,%
	innerbottommargin=0pt,%
	innerleftmargin=0pt,%
	innerrightmargin=0pt,%
	middlelinewidth=0pt,%
	linewidth=0pt,%
	outerlinewidth=0pt,innerlinewidth=0pt%
}


% ---------------------------------------------------
% Basic command to process attributes passed to TeX
% ---------------------------------------------------
\newif\if@usewrap
\newcommand{\@doBefore}{}
\newcommand{\@doAfter}{}
\newcommand{\@wrapCmd}[1]{#1}

\newcommand{\@cssUseCmd}{\renewcommand{\@wrapCmd}[1]{##1}\renewcommand{\@doAfter}{}\@usewraptrue}
\newcommand{\@cssUseEnv}{\renewcommand{\@doBefore}{}\renewcommand{\@doAfter}{}\@usewrapfalse}

\newcommand{\@cssApplyCmd}[1]{{\@wrapCmd{#1}}}
\newcommand{\@cssApplyBefore}{\@doBefore{}}
\newcommand{\@cssApplyAfter}{\@doAfter{}}

\newcommand{\@cssProcessAttrs}[2]{%
  \setkeys*{cssx}{#1}\setrmkeys*{csspre}\setrmkeys*{css}\setrmkeys*{csspost}% defaults
  \@cssApplyRulesFor{parentclass}{css}{\cssParentClass}%
  \setkeys*{cssx}{#2}\setrmkeys*{csspre}\setrmkeys*{css}\setrmkeys*{csspost}% regular
  \protected@edef\cssParentClass{\cssClass}%
}


\newcommand{\@cmdBefore}[2]{#1#2}
\newcommand{\@cmdAfter}[2]{#2#1}

\newcommand{\cssWrapCmd}[1]{\apptox{\@wrapCmd}{#1}}
\newcommand{\cssDoBeforeX}[1]{#1}
\newcommand{\cssDoAfterX}[1]{\preto\@doAfter{#1}}
\newcommand{\cssDoBefore}[1]{\if@usewrap\cssWrapCmd{\@cmdBefore{#1}}\else #1\fi}
\newcommand{\cssDoAfter}[1]{\if@usewrap\cssWrapCmd{\@cmdAfter{#1}}\else\preto\@doAfter{#1}\fi}
%\newcommand{\cssDoBeforeX}[1]{\if@usewrap\cssWrapCmd{\@cmdBefore{#1}}\else #1\fi}
%\newcommand{\cssDoAfterX}[1]{\if@usewrap\cssWrapCmd{\@cmdAfter{#1}}\else\preto\@doAfter{#1}\fi}

\newcommand{\cssDoEnv}[1]{\cssDoBefore{\protect\begin{#1}}\cssDoAfter{\protect\end{#1}}}
\newcommand{\cssDoEnvOpt}[2]{\cssDoBefore{\begin{#1}[#2]}\cssDoAfter{\end{#1}}}
\newcommand{\cssDoEnvArg}[2]{\cssDoBefore{\begin{#1}{#2}}\cssDoAfter{\end{#1}}}
\newcommand{\cssDoEnvArgII}[3]{\cssDoBefore{\begin{#1}{#2}{#3}}\cssDoAfter{\end{#1}}}

\newcommand{\newKey}[4][]{\define@key{#2}{#3}[#1]{#4}}
\newcommand{\newLength}[2]{\providelength{#1}\setlength{#1}{#2}}


\newcommand{\@cssReset}{}
\newcommand{\cssAddReset}[1]{\appto{\@cssReset}{#1}}
\newcommand{\cssNewResetCommand}[2]{\newcommand{#1}{#2}\cssAddReset{\renewcommand{#1}{#2}}}

\newlength{\cssFill}
\setlength{\cssFill}{2sp plus 1fill minus 2sp} % make \fill unequal to 0pt, and detectable as 2sp

\newcommand{\cssNewLengthKey}[4][0pt]{%
	\newLength{#4}{#1}%
	\newKey{#2}{#3}{%
		\ifstrequal{##1}{auto}{\setlength{#4}{\cssFill}}{\setlength{#4}{##1}}%
	}%
	\cssAddReset{\setlength{#4}{#1}}%
}


\newcommand{\cssNewKeyNoReset}[4]{%
	\newcommand{#3}{#4}%
	\newKey{#1}{#2}{\renewcommand{#3}{##1}}%
}

\newcommand{\cssNewKey}[4]{%
	\cssNewResetCommand{#3}{#4}%
	\newKey{#1}{#2}{%(#2=##1)%debug key setting
		\renewcommand{#3}{##1}}%
}
\newcommand{\cssNewKeyX}[5]{%
	\cssNewResetCommand{#3}{#4}%
	\newKey{#1}{#2}{\renewcommand{#3}{##1}#5{##1}}%
}
\newcommand{\cssNewListKey}[4]{%
	\cssNewResetCommand{#3}{#4}%
	\newKey{#1}{#2}{\appto{#3}{,##1}}%
}
\newcommand{\cssNewListKeyX}[5]{%
	\cssNewResetCommand{#3}{#4}%
	\newKey{#1}{#2}{\appto{#3}{,##1}#5{##1}}%
}
\newcommand{\cssNewPseudoKey}[3]{%
	\newKey{#1}{#2}{\setkeys{#1}{#3}}%
}

%-------------------------------------------------------------
% css: display
%-------------------------------------------------------------
\cssNewKey{css}{display}{\cssDisplay}{block}

%-------------------------------------------------------------
% css: width, height, and margins
%-------------------------------------------------------------

\cssNewLengthKey{css}{margin-left}{\cssMarginLeft}
\cssNewLengthKey{css}{margin-right}{\cssMarginRight}
\cssNewLengthKey{css}{margin-top}{\cssMarginTop}
\cssNewLengthKey{css}{margin-bottom}{\cssMarginBottom}
\cssNewLengthKey[1sp]{css}{width}{\cssWidth}
\cssNewLengthKey[1sp]{css}{height}{\cssHeight}
\cssNewKey{css}{vertical-align}{\cssVerticalAlign}{}

\cssNewPseudoKey{css}{margin}{margin-top=#1,margin-bottom=#1,margin-left=#1,margin-right=#1}


\newcommand{\@cssProcessMargins}{%
	\eifstrequal{\cssDisplay}{block}%
		{\@cssBlockEndPar\@cssBlockMargins}%
	{\eifstrequal{\cssDisplay}{inline-block}%
		{\@cssBlockMargins}%
		{\@cssInlineMargins}%
	}%
}

\newcommand{\@cssBlockEndPar}{%
	\cssIfHasClass{para-continue,para-block}{}{\cssDoAfterX{\leavevmode\par\global\hangindent=0pt\relax}}%
}

\newif\if@hasdim

\newlength{\cssHeightFull} % height including padding and border
\newlength{\cssWidthFull}  % width including padding and border
\newLength{\@cssMarginAfter}{0pt}
\newLength{\@cssParSkip}{\parskip}
\newLength{\@cssParIndent}{\parindent}
\newcommand{\@cssFixMathSpacing}{\strut\vspace{-\baselineskip}} % fixes weird abovedisplay skip spacing
\newcommand{\@cssBlockMargins}{%
	\@hasdimfalse
	\ifdim\cssWidth=1sp\setlength{\cssWidthFull}{1sp}\else\@hasdimtrue\fi
	\ifdim\cssHeight=1sp\setlength{\cssHeightFull}{1sp}\else\@hasdimtrue\fi
	\if@hasdim%
		% set full height and width
		\setlength{\cssWidthFull}{\dimexpr\cssWidth+\cssPaddingLeft+\cssPaddingRight\relax}%
		\eifstrequal{\cssBorderLeftStyle}{none}{}{\addtolength{\cssWidthFull}{\cssBorderWidth}}%
		\eifstrequal{\cssBorderRightStyle}{none}{}{\addtolength{\cssWidthFull}{\cssBorderWidth}}%
		\setlength{\cssHeightFull}{\dimexpr\cssHeight+\cssPaddingTop+\cssPaddingBottom\relax}%
		\eifstrequal{\cssBorderTopStyle}{none}{}{\addtolength{\cssHeightFull}{\cssBorderWidth}}%
		\eifstrequal{\cssBorderBottomStyle}{none}{}{\addtolength{\cssHeightFull}{\cssBorderWidth}}%		
		% set default width?
		\ifdim\cssWidth=1sp% in this case, cssWidthFull is just padding and borders
			\setlength{\cssWidth}{\dimexpr\linewidth-\cssWidthFull-\cssMarginLeft-\cssMarginRight}%
			\addtolength{\cssWidthFull}{\cssWidth}%
		\fi%
		%minipage				
		\ifdim\cssMarginTop=0pt\else\cssDoBeforeX{\vspace{\cssMarginTop}}\fi
		\ifdim\cssMarginLeft=0pt\else\cssDoBeforeX{\hspace*{\cssMarginLeft}}\fi
		\setlength{\@cssParIndent}{\parindent}% save parskip and parindent since minipage resets it
		\setlength{\@cssParSkip}{\parskip}%
		\eifstrequal{\cssVerticalAlign}{bottom}{\def\@cssValign{b}}%
		{\eifstrequal{\cssVerticalAlign}{center}{\def\@cssValign{c}}%
		{\eifstrequal{\cssVerticalAlign}{top}{\def\@cssValign{t}}%
		{\def\@cssValign{c}}}}% including `middle`
		\ifdim\cssHeight=1sp%
	   		\cssDoBeforeX{\begin{minipage}[\@cssValign]{\cssWidthFull}}%
		\else
			\cssDoBeforeX{\begin{minipage}[\@cssValign][\cssHeightFull]{\cssWidthFull}}%
		\fi
		\cssDoBeforeX{\cssSaveFootnotes\setlength{\parskip}{\@cssParSkip}\setlength{\parindent}{\@cssParIndent}}%
		%note: DoAfter prepends, so in opposite order
		\ifdim\cssMarginBottom=0pt\else\cssDoAfterX{\vspace{\cssMarginBottom}}\fi
		\ifdim\cssMarginRight=0pt\else\cssDoAfterX{\hspace*{\cssMarginRight}}\fi
		\cssDoAfterX{\end{minipage}\cssRestoreFootnotes}%
	\else
		% no height/width: trivlist
		\@hasdimfalse
		\ifdim\cssMarginLeft=0pt\else\@hasdimtrue\fi
		\ifdim\cssMarginRight=0pt\else\@hasdimtrue\fi
		\ifdim\cssMarginTop=0pt\else\@hasdimtrue\fi
		\ifdim\cssMarginBottom=0pt\else\@hasdimtrue\fi
	  \if@hasdim
			\setlength{\@cssMarginAfter}{\dimexpr\cssMarginBottom-\cssMarginTop\relax}%
			\list{}{%
				\leftmargin=\cssMarginLeft%
				\rightmargin=\cssMarginRight%
				\topsep=\cssMarginTop%
				\itemsep=0pt%
				\parsep=0pt%
				\parskip=0pt%
				\partopsep=0pt%	
				\listparindent=\parindent%	
			}%
			\cssDoAfterX{\endlist}%
			\ifdim\@cssMarginAfter=0pt\else\cssDoAfter{\vspace{\@cssMarginAfter}}\fi%
			\eifstrequal{\cssTextAlign}{left}% we need to do alignment here for inline cmds' with a display=block
				{\raggedright}%
			{\eifstrequal{\cssTextAlign}{right}%
				{\raggedleft}%
			{\eifstrequal{\cssTextAlign}{center}%
				{\centering}%
			{}}}%
			\cssIfHasClass{math-display}%
				{\item\@cssFixMathSpacing}%
				{\item\relax}%	
		\fi
	\fi
}

\newcommand{\@cssHide}[1]{}
\newcommand{\@cssInlineMargins}{%
	\ifdim\cssMarginLeft=0pt\else\cssDoBefore{\hspace*{\cssMarginLeft}}\fi
	\ifdim\cssMarginRight=0pt\else\cssDoAfter{\hspace*{\cssMarginRight}}\fi
	\ifdim\cssMarginBottom=0pt\else\cssDoBefore{\rule[-\cssMarginBottom]{0pt}{\cssMarginBottom}}\fi
	\ifdim\cssMarginTop=0pt\else\cssDoBefore{\rule{0pt}{\dimexpr\baselineskip*0.7+\cssMarginTop\relax}}\fi
	\eifstrequal{\cssDisplay}{hidden}{%
		\cssWrapCmd{\@cssHide}%
	}{}%
}

%-------------------------------------------------------------
% css: Borders and padding 
%-------------------------------------------------------------

\cssNewLengthKey{css}{padding-left}{\cssPaddingLeft}
\cssNewLengthKey{css}{padding-right}{\cssPaddingRight}
\cssNewLengthKey{css}{padding-top}{\cssPaddingTop}
\cssNewLengthKey{css}{padding-bottom}{\cssPaddingBottom}

\newlength{\cssBorderWidthTotal}
\cssNewLengthKey[\cssPixel]{css}{border-width}{\cssBorderWidth}
\cssNewKey{css}{border-color}{\cssBorderColor}{black}
\cssNewKey{css}{border-top-style}{\cssBorderTopStyle}{none}
\cssNewKey{css}{border-bottom-style}{\cssBorderBottomStyle}{none}
\cssNewKey{css}{border-left-style}{\cssBorderLeftStyle}{none}
\cssNewKey{css}{border-right-style}{\cssBorderRightStyle}{none}
\cssNewKey{css}{background-color}{\cssBackgroundColor}{white}

\cssNewPseudoKey{css}{padding}{padding-top=#1,padding-bottom=#1,padding-right=#1,padding-left=#1}

\cssNewPseudoKey{css}{border-style}%
	{border-top-style=#1,border-bottom-style=#1,border-left-style=#1,border-right-style=#1}

\newcommand{\@cssProcessPadding}{%
	\eifstrequal{\cssDisplay}{block}%
		{\@cssBlockPadding}%
	{\eifstrequal{\cssDisplay}{block-inline}%
		{\@cssBlockPadding}%
		{\@cssInlinePadding}%
	}}

% Special math-framed environment that fixes vertical spacing around math display
\newenvironment{mdmathframed}[1][]%
	{\begin{mdframed}[#1]\@cssFixMathSpacing}%
	{\@cssFixMathSpacing\end{mdframed}}


\newif\if@needframe
\newLength{\@cssPaddingLength}{0pt}
\newcommand{\@cssFramedArgs}{}
\newcommand{\@cssBorderStyleAll}{}
\newcommand{\@cssBlockPadding}{%
	\@needframefalse%
	\eifstrequal{\cssBorderTopStyle}{none}{}{\@needframetrue}%
	\eifstrequal{\cssBorderBottomStyle}{none}{}{\@needframetrue}%
	\eifstrequal{\cssBorderLeftStyle}{none}{}{\@needframetrue}%
	\eifstrequal{\cssBorderRightStyle}{none}{}{\@needframetrue}%
	\eifstrequal{\cssBackgroundColor}{white}{}{\@needframetrue}%
	\ifdim\cssPaddingTop=0pt\else\@needframetrue\fi
	\ifdim\cssPaddingBottom=0pt\else\@needframetrue\fi
	\ifdim\cssPaddingLeft=0pt\else\@needframetrue\fi
	\ifdim\cssPaddingRight=0pt\else\@needframetrue\fi
	\strsplit{\cssBackgroundColor}%			
	  \eifstrequal{\strhead}{\#}%
	  {\definecolor{Temp}{HTML}{\strtail}\edef\@@bcolor{Temp}}%
	  {\cssDefNormalizeColor{@bcolor}{\cssBackgroundColor}\edef\@@bcolor{\@bcolor}}%		
	%\expandafter\lowercase\expandafter{\expandafter\def\expandafter\bcolor\expandafter{\cssBackgroundColor}}%	
	\if@needframe%		
		\cssDoAfter{\cssRestoreFootnotes}% first, because post commands are pre-pended
		\renewcommand{\@cssFramedArgs}{%
			innertopmargin=\the\cssPaddingTop,%
			innerbottommargin=\the\cssPaddingBottom,%
			innerleftmargin=\the\cssPaddingLeft,%
			innerrightmargin=\the\cssPaddingRight,%
			linewidth=\the\cssBorderWidth,%
			linecolor=\cssBorderColor,%
			backgroundcolor=\@@bcolor%
		}%
		\setlength{\cssBorderWidthTotal}{0pt}%
		\eifstrequal{\cssBorderTopStyle}{none}{\appto{\@cssFramedArgs}{,topline=false}}{}%	
		\eifstrequal{\cssBorderBottomStyle}{none}{\appto{\@cssFramedArgs}{,bottomline=false}}{}%	
		\eifstrequal{\cssBorderLeftStyle}{none}{\appto{\@cssFramedArgs}{,leftline=false}}%
			{\addtolength{\cssBorderWidthTotal}{\cssBorderWidth}}%	
		\eifstrequal{\cssBorderRightStyle}{none}{\appto{\@cssFramedArgs}{,rightline=false}}%		
			{\addtolength{\cssBorderWidthTotal}{\cssBorderWidth}}%	
		\cssIfHasClass{math-display}%
			{\expandnext{\cssDoEnvOpt{mdmathframed}}{\@cssFramedArgs}}%
			{\expandnext{\cssDoEnvOpt{mdframed}}{\@cssFramedArgs}}%
		% insert a minipage if height or width was set so the frame is as large
		\@hasdimfalse
		\ifdim\cssWidth=1sp\else\@hasdimtrue\fi
		\ifdim\cssHeight=1sp\else\@hasdimtrue\fi
		\if@hasdim%
			\ifdim\cssHeight=1sp%					
		   		\cssDoBefore{\begin{minipage}{\cssWidth}}%
			\else
				\cssDoBefore{\begin{minipage}[t][\cssHeight]{\cssWidth}}%
		    \fi
		    \cssDoBefore{\setlength{\parskip}{\@cssParSkip}\setlength{\parindent}{\@cssParIndent}}%
			%note: DoAfter prepends, so in opposite order
			\cssDoAfter{\end{minipage}}%
		\fi    
		\cssDoBefore{\cssSaveFootnotes}%
	\fi
}

\newcommand{\@robustFramebox}[2]{%
	\eifstrequal{\cssTextAlign}{center}{\framebox[#1][c]{#2}}%
	{\eifstrequal{\cssTextAlign}{right}{\framebox[#1][r]{#2}}%
	{\framebox[#1][l]{#2}}}%
}

\newcommand{\@robustMakebox}[2]{%
	\eifstrequal{\cssDisplay}{table-cell}%
		{\@robustTableParbox{#1}{#2}}%
		{\eifstrequal{\cssTextAlign}{center}{\makebox[#1][c]{#2}}%
		 {\eifstrequal{\cssTextAlign}{right}{\makebox[#1][r]{#2}}%
		 {\makebox[#1][l]{#2}}}}%
}

\newcommand{\@robustRaisebox}[2]{%
	\raisebox{#1}{#2}%
}

\newcommand{\@robustHeight}[1]{%
	\eifstrequal{\cssVerticalAlign}{top}%
		{\raisebox{0pt}[0pt][\cssHeight]{#1}}%
	{\eifstrequal{\cssVerticalAlign}{middle}%
		{\raisebox{0pt}[0.5\cssHeight][0.5\cssHeight]{#1}}%
	{\eifstrequal{\cssVerticalAlign}{baseline}%
		{\raisebox{0pt}[\dimexpr\cssHeight-\depth\relax][\depth]{#1}}%
		{\raisebox{0pt}[\cssHeight][0pt]{#1}}% bottom
	}}%
}

\newcommand{\@robustTableParbox}[2]{%
	\eifstrequal{\cssVerticalAlign}{top}{\def\@cssValign{t}}%
	{\eifstrequal{\cssVerticalAlign}{center}{\def\@cssValign{c}}%
	{\eifstrequal{\cssVerticalAlign}{middle}{\def\@cssValign{c}}}%
	{\def\@cssValign{b}}}%
	\ifdim\cssHeight=1sp%
		\parbox[\@cssValign]{#1}{#2}%
	\else%
		\parbox[\@cssValign][\cssHeight]{#1}{#2}%
	\fi%
}

\newcommand{\@cssInlinePadding}{%
	\eifstrequal{\cssBackgroundColor}{}{}%
	  {\eifstrequal{\cssBackgroundColor}{white}{}%
		{\strsplit{\cssBackgroundColor}%			
		 \eifstrequal{\strhead}{\#}%
		 	{\cssWrapCmd{\protect\colorbox[HTML]{\strtail}}}%
		 	{\cssWrapCmd{\@robustColorbox{\cssBackgroundColor}}}%
		}%
	  }%
	\@needframefalse%
	\eifstrequal{\cssBorderTopStyle}{none}{}{\@needframetrue}%
	\eifstrequal{\cssBorderBottomStyle}{none}{}{\@needframetrue}%
	\eifstrequal{\cssBorderLeftStyle}{none}{}{\@needframetrue}%
	\eifstrequal{\cssBorderRightStyle}{none}{}{\@needframetrue}%		
	\if@needframe%
		\setlength{\fboxrule}{\cssBorderWidth}%
		\ifdim\cssWidth=1sp%
			\cssWrapCmd{\fbox}%
		\else
		    \cssWrapCmd{\@robustFramebox{\cssWidth}}%
		\fi
	\else
		\ifdim\cssWidth=1sp\else
			\cssWrapCmd{\@robustMakebox{\cssWidth}}%
		\fi
	\fi
	% height?
	\ifdim\cssHeight=1sp\else\cssWrapCmd{\@robustHeight}\fi
	% raisebox?
	\eifstrequal{\cssDisplay}{inline}{%
		\eifstrequal{\cssVerticalAlign}{}{}%
		{\eifstrequal{\cssVerticalAlign}{top}{}%
		{\eifstrequal{\cssVerticalAlign}{bottom}{}%
		{\eifstrequal{\cssVerticalAlign}{middle}{}%
		{\eifstrequal{\cssVerticalAlign}{baseline}{}%
		{\cssWrapCmd{\@robustRaisebox{\cssVerticalAlign}}%
		}}}}}%
	}{}%
	% padding
	\if@needframe
		\setlength{\fboxsep}{\cssPaddingTop}%  todo: define our own box so we can set paddingtop/bot separately
		\ifdim\cssPaddingBottom>\fboxsep\setlength{\fboxsep}{\cssPaddingBottom}\fi	
		\ifdim\cssPaddingLeft=\fboxsep\else\hspace*{\dimexpr\cssPaddingLeft-\fboxsep\relax}\fi
		\ifdim\cssPaddingRight=\fboxsep\else\hspace*{\dimexpr\cssPaddingRight-\fboxsep\relax}\fi
	\else
		\ifdim\cssPaddingLeft=0pt\else\cssDoBefore{\hspace*{\cssPaddingLeft}}\fi
		\ifdim\cssPaddingRight=0pt\else\cssDoAfter{\hspace*{\cssPaddingRight}}\fi
		\ifdim\cssPaddingBottom=0pt\else\cssDoBefore{\protect\rule[-\cssPaddingBottom]{0pt}{\cssPaddingBottom}}\fi
		\ifdim\cssPaddingTop=0pt\else\cssDoBefore{\protect\rule{0pt}{\dimexpr\cssPaddingTop+0.8em\relax}}\fi
	\fi
}	

%-------------------------------------------------------------
% css: Textalign, textindent etc 
%-------------------------------------------------------------

\cssNewLengthKey[1sp]{css}{text-indent}{\cssTextIndent}
\cssNewKey{css}{text-align}{\cssTextAlign}{justify}
\cssNewLengthKey{css}{line-height}{\cssLineHeight}
\cssNewKey{css}{float}{\cssFloat}{}

\DeclareRobustCommand{\@robustColor}[1]{%
	\cssDefNormalizeColor{@fcolor}{#1}\color{\@fcolor}%
}
\DeclareRobustCommand{\@robustColorbox}[2]{%
	\cssDefNormalizeColor{@bcolor}{#1}\colorbox{\@bcolor}{#2}%
}


\newcommand{\@cssProcessText}{%
	\eifstrequal{\cssDisplay}{block}%
		{\@cssBlockText}%
	{\eifstrequal{\cssDisplay}{block-inline}%
		{\@cssBlockText}%
	{\eifstrequal{\cssDisplay}{table-cell}%
		{\@cssBlockText}%
		{\@cssInlineText}%
	}}}

\newcommand{\@cssBlockText}{%
	\eifstrequal{\cssId}{}{}{\label{\cssId}}% set label
	\eifstrequal{\cssTextAlign}{left}%
		{\cssDoBefore{\protect\raggedright}}%
	{\eifstrequal{\cssTextAlign}{right}%
		{\cssDoBefore{\protect\raggedleft}}%
	{\eifstrequal{\cssTextAlign}{center}%
		{\cssDoBefore{\protect\centering}}%
	{}}}%
	\ifdim\cssLineHeight=0pt\else\setlength{\baselineskip}{\cssLineHeight}\fi
	\ifdim\cssTextIndent=1sp\else\noindent\hspace*{\cssTextIndent}\fi	
}

\newcommand{\@cssInlineText}{%
	\eifstrequal{\cssId}{}{}{\label{\cssId}}% set label
	\eifstrequal{\cssFloat}{left}%
		{\cssDoAfter{\hspace*{\fill}}}%
	{\eifstrequal{\cssFloat}{right}%
		{\cssDoBefore{\hspace*{\fill}}}%
	{\eifstrequal{\cssFloat}{center}%
		{\cssDoAfter{\hspace*{\fill}}\cssDoBefore{\hspace*{\fill}}}%
	{}}}%
	\ifdim\cssLineHeight=0pt\else\cssDoBefore{\rule{0pt}{\cssLineHeight}}\fi
}

%-------------------------------------------------------------
% css: Font attributes 
%-------------------------------------------------------------

\cssNewKey{css}{font-weight}{\cssFontWeight}{}
\cssNewKey{css}{font-variant}{\cssFontVariant}{}
\cssNewKey{css}{font-style}{\cssFontStyle}{}
\cssNewKey{css}{font-size}{\cssFontSize}{}
\cssNewKey{css}{font-family}{\cssFontFamily}{}
\cssNewKey{css}{color}{\cssColor}{}
\cssNewKey{css}{penalty}{\cssPenalty}{}

\newcommand{\@cssProcessFont}{%
	% font family
	\edef\@fontFamily{\cssFontFamily}%
	\@for\@ii:=\cssFontFamily\do{%  find the last argument in a comma separated list
		\edef\@fontFamily{\@ii}%
	}%
	\eifstrequal{\@fontFamily}{}{}% quick test
	{\eifstrequal{\@fontFamily}{monospace}%
		{\cssDoBefore\ttfamily}%
	{\eifstrequal{\@fontFamily}{serif}%
		{\cssDoBefore\rmfamily}%
	{\eifstrequal{\@fontFamily}{sans-serif}%
		{\cssDoBefore\sffamily}%
	{\eifstrequal{\@fontFamily}{normal}%
		{\cssDoBefore\rmfamily}%
		{\cssDoBefore{\fontspec{\@fontFamily}}}%
	}}}}%
	%
  	\eifstrequal{\cssFontWeight}{bold}%
    	{\cssDoBefore\bfseries}%
    {\eifstrequal{\cssFontWeight}{normal}%
      	{\cssDoBefore\mdseries}%
    {}}%
  	\eifstrequal{\cssFontVariant}{small-caps}%
    	{\cssDoBefore\scshape}%
    {\eifstrequal{\cssFontVariant}{normal}%
      	{\cssDoBefore\upshape}%
      	{}}%
  	\eifstrequal{\cssFontStyle}{italic}%
    	{\cssDoBefore\itshape}%
    {\eifstrequal{\cssFontStyle}{oblique}%
   		{\cssDoBefore\slshape}%
    {\eifstrequal{\cssFontStyle}{normal}%
        {\cssDoBefore\upshape}%
        {}}}%
    \eifstrequal{\cssFontSize}{}{}% quick test
	{\eifstrequal{\cssFontSize}{xx-small}%
		{\cssDoBefore\tiny}%
	{\eifstrequal{\cssFontSize}{x-small}%
		{\cssDoBefore\scriptsize}%
	{\eifstrequal{\cssFontSize}{small}%
		{\cssDoBefore\small}%
	{\eifstrequal{\cssFontSize}{medium}%
		{\cssDoBefore\normalsize}%
	{\eifstrequal{\cssFontSize}{large}%
		{\cssDoBefore\large}%
	{\eifstrequal{\cssFontSize}{x-large}%
		{\cssDoBefore\Large}%
	{\eifstrequal{\cssFontSize}{xx-large}%
		{\cssDoBefore\LARGE}%
		{\cssDoBefore{\fontsize{\cssFontSize}{1em}\selectfont}%
	}}}}}}}}%
	%
	\eifstrequal{\cssColor}{}{}%
		{\strsplit{\cssColor}%			
		 \eifstrequal{\strhead}{\#}%
		 	{\cssDoBefore{\protect\color[HTML]{\strtail}}}%
		 	{\cssDoBefore{\@robustColor{\cssColor}}}%
		}%
	%
	\eifstrequal{\cssPenalty}{}{}%
		{\penalty \cssPenalty\relax}%
}




%-------------------------------------------------------------
% Generic css rules for certain classes, ids, or elements
%-------------------------------------------------------------
\newcommand{\cssRule}[3]{%
  \@for\@ii:=#2\do{%
	\csappto{@rule@#1@\@ii}{,#3}%
  }%	
}%

\newcommand{\cssRuleDo}[3]{%
  \@for\@ii:=#2\do{%
	\csappto{@ruleDo@#1@\@ii}{#3}%
  }%	
}%


\newcommand{\@cssApplyRulesFor}[3]{%
  \@for\@ii:=#3\do{%
    \ifcsmacro{@rule@#1@\@ii}{%
      \edef\@args{\csname @rule@#1@\@ii\endcsname}%
      \expandnext{\setkeys{#2}}{\@args}%
    }{}%
  }%	
}

\newcommand{\@cssApplyDoRulesFor}[3]{%
  \@for\@ii:=#3\do{%
    \ifcsmacro{@ruleDo@#1@\@ii}{%
      \csname @ruleDo@#1@\@ii\endcsname%
    }{}%
  }%	
}

\newcommand{\cssIfHasClass}[3]{%
  \def\@found{}%
  \@for\@ii:=\cssClass\do{%
    \@for\@cname:=#1\do{%
	 	\eeifstrequal{\@ii}{\@cname}{%
       		\def\@found{true}%       		
    	}{}%
    }%
  }%
  \ifdefvoid{\@found}{#3}{#2}%
}


\newcommand{\cssClassRule}[2]{\cssRule{class}{#1}{#2}}
\newcommand{\cssElemRule}[2]{\cssRule{elem}{#1}{#2}}
\newcommand{\cssIdRule}[2]{\cssRule{id}{#1}{#2}}

\cssNewListKeyX{cssx}{class}{\cssClass}{}{\@cssApplyRulesFor{class}{css}}
\cssNewKeyX{cssx}{elem}{\cssElem}{}{\@cssApplyRulesFor{elem}{css}}
\cssNewKeyX{cssx}{id}{\cssId}{}{\@cssApplyRulesFor{id}{css}}


\newcommand{\cssClassRuleDo}[2]{\cssRuleDo{class}{#1}{#2}}
\newcommand{\cssClassRuleCmd}[2]{\cssClassRuleDo{#1}{\cssWrapCmd{#2}}}
\newcommand{\cssClassRuleDoBefore}[2]{\cssClassRuleDo{#1}{\cssDoBefore{#2}}}
\newcommand{\cssClassRuleDoAfter}[2]{\cssClassRuleDo{#1}{\cssDoAfter{#2}}}
\newcommand{\cssClassRuleEnv}[2]{\cssClassRuleDoBefore{#1}{\begin{#2}}\cssClassRuleDoAfter{#1}{#2}}

\newcommand{\cssElemRuleDo}[2]{\cssRuleDo{class}{#1}{#2}}
\newcommand{\cssElemRuleCmd}[2]{\cssElemRuleDo{#1}{\cssWrapCmd{#2}}}
\newcommand{\cssElemRuleDoBefore}[2]{\cssElemRuleDo{#1}{\cssDoBefore{#2}}}
\newcommand{\cssElemRuleDoAfter}[2]{\cssElemRuleDo{#1}{\cssDoAfter{#2}}}
\newcommand{\cssElemRuleEnv}[2]{\cssElemRuleDo{#1}{\cssDoEnv{#2}}}

\newcommand{\@cssClassDoRules}{\@cssApplyDoRulesFor{class}{css}{\cssClass}}
\newcommand{\@cssElemDoRules}{%
	\@cssApplyDoRulesFor{elem}{css}{\cssElem}%
	\@cssApplyDoRulesFor{id}{css}{\cssId}%
}

\newcommand{\cssParentClass}{}
\newcommand{\cssParentClassRule}[2]{\cssRule{parentclass}{#1}{#2}}


%-------------------------------------------------------------
% 
%-------------------------------------------------------------

\newenvironment{cssBlockX}[2]%
	{\@cssReset\@cssUseEnv\@cssProcessAttrs{#1}{#2}%
	 \@cssElemDoRules%
	 \@cssProcessMargins\@cssProcessPadding%
	 \@cssClassDoRules%
	 \@cssProcessText%
	 \@cssProcessFont%
	 \@cssApplyBefore}%
	{\@cssApplyAfter}%

\newenvironment{cssBlock}[1][]%
	{\begin{cssBlockX}{}{#1}}{\end{cssBlockX}}

\newcommand{\cssInlineX}[4]%
	{\begingroup\@cssReset\@cssUseCmd\@cssProcessAttrs{display=inline,#1}{#2}%
	 \@cssElemDoRules%
	 \@cssProcessMargins\@cssProcessPadding%
	 \@cssClassDoRules%
	 #3%
	 \@cssProcessText\@cssProcessFont%
	 \@cssApplyCmd{#4}\@cssApplyAfter\endgroup%
	}%	 

\newcommand{\cssInline}[2][]{\cssInlineX{}{#1}{}{#2}}
\newcommand{\cssInlineCmd}[3][]{\cssInlineX{}{#1}{\cssWrapCmd{#2}}{#3}}

\newcommand{\cssNewBlockElem}[3]{%
	\newenvironment{#1}[1][]{\begin{cssBlockX}{elem=#2,#3}{##1}}{\end{cssBlockX}}}

\newcommand{\cssNewInlineElem}[3]{%
	\newcommand{#1}[2][]{\cssInlineX{elem=#2,#3}{##1}{}{##2}}}


\newcommand{\cssNewInlineElemCmd}[4]{%
	\newcommand{#1}[2][]{\cssInlineX{elem=#2,#3}{##1}{\cssWrapCmd{#4}}{##2}}}

\newcommand{\cssInitKeys}[1]{%
  \@cssReset\@cssUseCmd\@cssProcessAttrs{display=inline}{#1}%
}

% cssText is just for font attributes; no padding or margins
\newcommand{\cssTextX}[2]%
	{\@cssReset\@cssUseCmd\@cssProcessAttrs{display=inline}{#1}%
	 \@cssElemDoRules%
	 %\@cssProcessMargins\@cssProcessPadding%
	 \@cssClassDoRules%
	 \@cssProcessText\@cssProcessFont%
	 \@cssApplyCmd{#2}%
	}%


\newcommand{\cssText}[2][]{\cssTextX{#1}{#2}}


================================================
FILE: marktoberdorf_paper/forPublisher/dse.tex
================================================
\documentclass{IOS-Book-Article}
% generated by Madoko, version 0.9.3-beta
%mdk-data-line={1}


\usepackage[heading-base=2]{madoko}


\begin{document}

%mdk-begin-texraw
%mdk-data-line={25}
\begin{frontmatter}              % The preamble begins here.
%\pretitle{Pretitle}
\title{Deconstructing Dynamic Symbolic Execution}
%\runningtitle{IOS Press Style Sample}
%\subtitle{Subtitle}
\author[A]{\fnms{Thomas} \snm{Ball}}
and 
\author[B]{\fnms{Jakub} \snm{Daniel}}

\runningauthor{Thomas Ball et al.}
\address[A]{Microsoft Research}
\address[B]{Charles University}
\begin{mdDiv}[class={abstract},elem={abstract},data-line={39}]%
\begin{mdP}[data-line={40}]%
%mdk-data-line={40}
{}Dynamic symbolic execution (DSE) is a well-known technique
for automatically generating tests to achieve higher levels
of coverage in a program. Two keys ideas of DSE are
to: (1) seed symbolic execution by executing a program on an
initial input; (2) use concrete values from the program
execution in place of symbolic expressions whenever symbolic
reasoning is hard or not desired. We describe
DSE for a simple core language and then present
a minimalist implementation of DSE for Python (in Python) 
that follows this basic recipe. The code is available 
at https://www.github.com/thomasjball/PyExZ3/ (tagged %mdk-data-line={50}
{}{\textquotedblleft}v1.0{\textquotedblright}%mdk-data-line={50}
{}) 
and has been designed to make it easy to experiment with and
extend.%
\end{mdP}%%
\end{mdDiv}%
%mdk-begin-texraw
%mdk-data-line={56}
\begin{keyword}
Symbolic Execution, Automatic Test Generation, White-box Testing, Automated 
Theorem Provers
\end{keyword}
\end{frontmatter}
\thispagestyle{empty}
\pagestyle{empty}
\mdHxx[id=sec-intro,label={[1]\{.heading-label\}},toc={},data-line={70},caption={[[1]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Introduction},bookmark={1.{\hspace{0.5em}}Introduction}]{%mdk-data-line={70}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{1}.{\hspace{0.5em}}}%mdk-data-line={70}
{}Introduction}%mdk-data-line={73}
\defcommand{\mathkw}[1]{\textbf{#1}}
\begin{mdP}[data-line={78}]%
%mdk-data-line={78}
{}Static, path-based symbolic execution explores one control-flow path
at a time through a (sequential) program %mdk-data-line={79}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={79}
{}, using an automated theorem
prover (ATP) to determine if the current path %mdk-data-line={80}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={80}
{} is feasible%mdk-data-line={80}
{}{\mdNbsp}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{clarke76}{}{\mdSpan[class={bibitem-label}]{4}}, \mdA[class={bibref,localref},target-element={bibitem}]{king76}{}{\mdSpan[class={bibitem-label}]{11}}]}%mdk-data-line={80}
{}. 
Ideally, symbolic execution of a path %mdk-data-line={81}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={81}
{} through program
%mdk-data-line={82}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={82}
{} yields a logic formula %mdk-data-line={82}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\phi_p$}%mdk-data-line={82}
{} that describes the set of inputs %mdk-data-line={82}
{}\mdSpan[class={math-inline},elem={math-inline}]{$I$}%mdk-data-line={82}
{} (possibly empty)
to program %mdk-data-line={83}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={83}
{} such that for any %mdk-data-line={83}
{}\mdSpan[class={math-inline},elem={math-inline}]{$i \in I$}%mdk-data-line={83}
{}, the execution %mdk-data-line={83}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P(i)$}%mdk-data-line={83}
{} follows path %mdk-data-line={83}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={83}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={85}]%
%mdk-data-line={85}
{}If the formula %mdk-data-line={85}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\phi_p$}%mdk-data-line={85}
{} is unsatisfiable then %mdk-data-line={85}
{}\mdSpan[class={math-inline},elem={math-inline}]{$I$}%mdk-data-line={85}
{} is empty and so path %mdk-data-line={85}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={85}
{} is not feasible; 
if the formula is satisfiable then %mdk-data-line={86}
{}\mdSpan[class={math-inline},elem={math-inline}]{$I$}%mdk-data-line={86}
{} is not empty and so path %mdk-data-line={86}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={86}
{} is feasible.
In this case, a model of %mdk-data-line={87}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\phi_p$}%mdk-data-line={87}
{} provides a witness %mdk-data-line={87}
{}\mdSpan[class={math-inline},elem={math-inline}]{$i \in I$}%mdk-data-line={87}
{}.  Thus, a model-generating ATP
can be used in conjunction with
symbolic execution to automatically generate tests to cover paths
in a program. Combined with a search strategy, one gets, in the limit,
an exhaustive white-box testing procedure, for which there are many
applications%mdk-data-line={92}
{}{\mdNbsp}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{cadars13}{}{\mdSpan[class={bibitem-label}]{2}}, \mdA[class={bibref,localref},target-element={bibitem}]{cadargpde06}{}{\mdSpan[class={bibitem-label}]{3}}, \mdA[class={bibref,localref},target-element={bibitem}]{godefroidlm12}{}{\mdSpan[class={bibitem-label}]{9}}]}%mdk-data-line={92}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={94}]%
%mdk-data-line={94}
{}The formula %mdk-data-line={94}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\phi_p$}%mdk-data-line={94}
{} is called a %mdk-data-line={94}
{}\mdEm{path-condition}%mdk-data-line={94}
{} of the path %mdk-data-line={94}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={94}
{}. 
We will see that a given path %mdk-data-line={95}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={95}
{} can induce many different path-conditions.
A path-condition %mdk-data-line={96}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\psi_p$}%mdk-data-line={96}
{} for path %mdk-data-line={96}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={96}
{} is %mdk-data-line={96}
{}\mdEm{sound}%mdk-data-line={96}
{} if 
every input assignment satisfying %mdk-data-line={97}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\psi_p$}%mdk-data-line={97}
{} defines an
execution of program %mdk-data-line={98}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={98}
{} that follows path %mdk-data-line={98}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={98}
{}{\mdNbsp}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{godefroid11}{}{\mdSpan[class={bibitem-label}]{7}}]}%mdk-data-line={98}
{}. 
By its definition, the formula  %mdk-data-line={99}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\phi_p$}%mdk-data-line={99}
{} is sound and the best representation of %mdk-data-line={99}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={99}
{}
(as for all sound path-conditions %mdk-data-line={100}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\psi_p$}%mdk-data-line={100}
{}, we have that %mdk-data-line={100}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\psi_p \implies \phi_p$}%mdk-data-line={100}
{}).
In practice, we attempt to compute sound under-approximations of %mdk-data-line={101}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\phi_p$}%mdk-data-line={101}
{} 
such as %mdk-data-line={102}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\psi_p$}%mdk-data-line={102}
{}. However, we also find it necessary (and useful) to 
compute unsound path-conditions.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={105}]%
%mdk-data-line={105}
{}A path-condition can be translated into the input
language of an ATP, such as%mdk-data-line={106}
{}{\mdNbsp}\mdA[data-linkid={z3}]{http://z3.codeplex.org/}{}{Z3}%mdk-data-line={106}
{}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{demourab08}{}{\mdSpan[class={bibitem-label}]{5}}]}%mdk-data-line={106}
{}, which provides an answer
of %mdk-data-line={107}
{}{\textquotedblleft}unsatisfiable{\textquotedblright}%mdk-data-line={107}
{}, %mdk-data-line={107}
{}{\textquotedblleft}satisfiable{\textquotedblright}%mdk-data-line={107}
{} or %mdk-data-line={107}
{}{\textquotedblleft}unknown{\textquotedblright}%mdk-data-line={107}
{}, due to theoretical or practical
limitations in automatically deciding satisfiability of various logics.
In the case that the ATP is able to prove %mdk-data-line={109}
{}{\textquotedblleft}satisfiable{\textquotedblright}%mdk-data-line={109}
{} we can query it for 
satisfying model in order to generate test inputs. A path-condition 
for %mdk-data-line={111}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={111}
{} can be thought of as function from a
program%mdk-data-line={112}
{}{'}%mdk-data-line={112}
{}s primary inputs to a Boolean output representing whether
or not %mdk-data-line={113}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={113}
{} is executed under a given input. Thus, we are asking
the ATP to invert a function when we ask it to decide
the satisfiability/unsatisfiability of a path-condition.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={117}]%
%mdk-data-line={117}
{}The static translation of a path %mdk-data-line={117}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={117}
{} through a program %mdk-data-line={117}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={117}
{} into 
the most precise path-condition %mdk-data-line={118}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\phi_p$}%mdk-data-line={118}
{} is not a simple task, as 
programming languages and their semantics are very complex.
Completely characterizing the set of inputs %mdk-data-line={120}
{}\mdSpan[class={math-inline},elem={math-inline}]{$I$}%mdk-data-line={120}
{} that follow
path %mdk-data-line={121}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={121}
{} means providing a symbolic interpretation of 
every operation in the language so that the
ATP can reason about it. For example, consider a method call in Python. 
Python%mdk-data-line={124}
{}{'}%mdk-data-line={124}
{}s algorithm for method resolution order (see%mdk-data-line={124}
{}{\mdNbsp}\mdA[data-linkid={mro}]{https://www.python.org/download/releases/2.3/mro/}{}{MRO}%mdk-data-line={124}
{})
depends on the inheritance hierarchy of the program, a directed, 
acyclic graph that can evolve during program execution. Symbolically
encoding Python%mdk-data-line={127}
{}{'}%mdk-data-line={127}
{}s method resolution order is possible but non-trivial.
There are other reasons it is hard or undesirable to symbolically 
execute various operations, as will be explained in detail later.%
\end{mdP}%
\mdHxxx[id=sec-dynamic-symbolic-execution,label={[1.1]\{.heading-label\}},toc={},data-line={131},caption={[[1.1]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Dynamic symbolic execution},bookmark={1.1.{\hspace{0.5em}}Dynamic symbolic execution}]{%mdk-data-line={131}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{1.1}.{\hspace{0.5em}}}%mdk-data-line={131}
{}Dynamic symbolic execution}\begin{mdP}[data-line={133}]%
%mdk-data-line={133}
{}\mdEm{Dynamic}%mdk-data-line={133}
{} symbolic execution (DSE) is a form of path-based
symbolic execution based on two insights. First, the approach 
starts by executing program %mdk-data-line={135}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={135}
{} on
some input %mdk-data-line={136}
{}\mdSpan[class={math-inline},elem={math-inline}]{$i$}%mdk-data-line={136}
{}, seeding the symbolic execution process
with a feasible path%mdk-data-line={137}
{}{\mdNbsp}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{gupta00}{}{\mdSpan[class={bibitem-label}]{10}}, \mdA[class={bibref,localref},target-element={bibitem}]{korel90}{}{\mdSpan[class={bibitem-label}]{12}}, \mdA[class={bibref,localref},target-element={bibitem}]{korel92}{}{\mdSpan[class={bibitem-label}]{13}}]}%mdk-data-line={137}
{}. 
Second,  DSE
uses concrete values from the execution %mdk-data-line={139}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P(i)$}%mdk-data-line={139}
{} in place of symbolic expressions 
whenever symbolic reasoning is not possible or desired%mdk-data-line={140}
{}{\mdNbsp}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{cadare05}{}{\mdSpan[class={bibitem-label}]{1}}, \mdA[class={bibref,localref},target-element={bibitem}]{godefroidks05}{}{\mdSpan[class={bibitem-label}]{8}}]}%mdk-data-line={140}
{}.
The major benefit of DSE is to
simplify the construction of a symbolic execution tool by
leveraging concrete execution behavior (given by
actually running the program).
As DSE combines both 
concrete and symbolic reasoning, it also has been called %mdk-data-line={146}
{}{\textquotedblleft}concolic{\textquotedblright}%mdk-data-line={146}
{} 
execution%mdk-data-line={147}
{}{\mdNbsp}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{senacav06}{}{\mdSpan[class={bibitem-label}]{14}}]}%mdk-data-line={147}
{}.%
\end{mdP}%
\begin{mdDiv}[class={figure,floating,align-center},id=fig-dse,label={[1]\{.figure-label\}},elem={figure},toc-line={[1]\{.figure-label\}. Pseudo-code for dynamic symbolic execution},toc={tof},float-env={figure},float-name={Figure},caption={Pseudo-code for dynamic symbolic execution},data-line={149}]%
\begin{mdPre}[class={para-block,pre-fenced,pre-fenced3,language-python,lang-python,python,highlighted},language={python},data-line={150},data-line-code={151}]%
\mdPrecode[data-line={151}]{{\preindent{2}}\mdToken{Identifier,Python}{i}{\prespace{1}}\mdToken{Keyword,Python}{=}{\prespace{1}}\mdToken{Identifier,Python}{an}{\prespace{1}}\mdToken{Identifier,Python}{input}{\prespace{1}}\mdToken{Identifier,Python}{to}{\prespace{1}}\mdToken{Identifier,Python}{program}{\prespace{1}}\mdToken{Constructor,Identifier,Python}{P}\prebr{}
{\preindent{2}}\mdToken{Keyword,Python}{while}{\prespace{1}}\mdToken{Identifier,Python}{defined}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{i}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{5}}\mdToken{Identifier,Python}{p}{\prespace{1}}\mdToken{Keyword,Python}{=}{\prespace{1}}\mdToken{Identifier,Python}{path}{\prespace{1}}\mdToken{Identifier,Python}{covered}{\prespace{1}}\mdToken{Identifier,Python}{by}{\prespace{1}}\mdToken{Identifier,Python}{execution}{\prespace{1}}\mdToken{Constructor,Identifier,Python}{P}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{i}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\prebr{}
{\preindent{5}}\mdToken{Identifier,Python}{cond}{\prespace{1}}\mdToken{Keyword,Python}{=}{\prespace{1}}\mdToken{Identifier,Python}{pathCondition}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{p}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\prebr{}
{\preindent{5}}\mdToken{Identifier,Python}{s}{\prespace{1}}\mdToken{Keyword,Python}{=}{\prespace{1}}\mdToken{Constructor,Identifier,Python}{ATP}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Namespace,Identifier,Python}{Not}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{cond}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\prebr{}
{\preindent{5}}\mdToken{Identifier,Python}{i}{\prespace{1}}\mdToken{Keyword,Python}{=}{\prespace{1}}\mdToken{Identifier,Python}{s}\mdToken{Delimiter,Python}{.}\mdToken{Identifier,Python}{model}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%
\end{mdPre}%
\mdHr[class={figureline,madoko},data-line={158}]{}\begin{mdDiv}[data-line={159}]%
%mdk-data-line={159}
{}\mdSpan[class={figure-caption}]{\mdSpan[class={caption-before}]{\mdStrong{Figure{\mdNbsp}\mdSpan[class={figure-label}]{1}.} }Pseudo-code for dynamic symbolic execution}%mdk-data-line={159}
{}%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[class={indent},data-line={160}]%
%mdk-data-line={160}
{}The pseudo-code of Figure%mdk-data-line={160}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-dse}{}{\mdSpan[class={figure-label}]{1}}%mdk-data-line={160}
{} shows the high level process
of DSE. The variable %mdk-data-line={161}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{i}}%mdk-data-line={161}
{} represents an input
to program %mdk-data-line={162}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Constructor,Identifier,Python}{P}}%mdk-data-line={162}
{}. Execution of program %mdk-data-line={162}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Constructor,Identifier,Python}{P}}%mdk-data-line={162}
{} on the input %mdk-data-line={162}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{i}}%mdk-data-line={162}
{}
traces  a path %mdk-data-line={163}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{p}}%mdk-data-line={163}
{}, from which
a logical formula %mdk-data-line={164}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{pathCondition}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{p}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={164}
{} is constructed.
Finally, the ATP is called with the negation of the path-condition
to find a new input (that hopefully will cover a new path).  This
pseudo-code elides a number of details that we will deal with later.%
\end{mdP}%
\begin{mdDiv}[class={figure,floating,align-center},id=fig-easy-dse,label={[2]\{.figure-label\}},elem={figure},toc-line={[2]\{.figure-label\}. Easy example: computing the maximum of four numbers in Python.},toc={tof},float-env={figure},float-name={Figure},caption={Easy example: computing the maximum of four numbers in Python.},data-line={169}]%
\begin{mdPre}[class={para-block,pre-fenced,pre-fenced3,language-python,lang-python,python,highlighted},language={python},data-line={170},data-line-code={171}]%
\mdPrecode[data-line={171}]{\mdToken{Keyword,Python}{def}{\prespace{1}}\mdToken{Identifier,Python}{max2}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{s}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{t}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{4}}\mdToken{Keyword,Python}{if}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{s}{\prespace{1}}\mdToken{Operator,Python}{{\textless}}{\prespace{1}}\mdToken{Identifier,Python}{t}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{8}}\mdToken{Keyword,Python}{return}{\prespace{1}}\mdToken{Identifier,Python}{t}\prebr{}
{\preindent{4}}\mdToken{Keyword,Python}{else}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{8}}\mdToken{Keyword,Python}{return}{\prespace{1}}\mdToken{Identifier,Python}{s}\prebr{}
\prebr{}
\mdToken{Keyword,Python}{def}{\prespace{1}}\mdToken{Identifier,Python}{max4}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{4}}\mdToken{Keyword,Python}{return}{\prespace{1}}\mdToken{Identifier,Python}{max2}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{max2}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{max2}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%
\end{mdPre}%
\mdHr[class={figureline,madoko},data-line={180}]{}\begin{mdDiv}[data-line={181}]%
%mdk-data-line={181}
{}\mdSpan[class={figure-caption}]{\mdSpan[class={caption-before}]{\mdStrong{Figure{\mdNbsp}\mdSpan[class={figure-label}]{2}.} }Easy example: computing the maximum of four numbers in Python.}%mdk-data-line={181}
{}%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[class={indent,para-continue},data-line={182}]%
%mdk-data-line={182}
{}Consider the  Python function %mdk-data-line={182}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{max4}}%mdk-data-line={182}
{} in Figure%mdk-data-line={182}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-easy-dse}{}{\mdSpan[class={figure-label}]{2}}%mdk-data-line={182}
{},
which computes the maximum of four numbers via three calls to
the function %mdk-data-line={184}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{max2}}%mdk-data-line={184}
{}. Suppose we execute %mdk-data-line={184}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{max4}}%mdk-data-line={184}
{} with values
of zero for all four arguments.  In this case, the 
execution path %mdk-data-line={186}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={186}
{} contains three comparisons (in the order %mdk-data-line={186}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}{\prespace{1}}\mdToken{Operator,Python}{{\textless}}{\prespace{1}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={186}
{}, 
%mdk-data-line={187}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}{\prespace{1}}\mdToken{Operator,Python}{{\textless}}{\prespace{1}}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={187}
{}, %mdk-data-line={187}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}{\prespace{1}}\mdToken{Operator,Python}{{\textless}}{\prespace{1}}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={187}
{}), all of which evaluate false.
Thus, the path-condition for path %mdk-data-line={188}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={188}
{} is %mdk-data-line={188}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Keyword,Python}{not}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Keyword,Python}{not}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Keyword,Python}{not}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}{\prespace{1}}\mdToken{Operator,Python}{{\textless}}{\prespace{1}}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={188}
{}.
Negating this condition yields %mdk-data-line={189}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{or}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{or}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={189}
{}.
Taking the execution ordering of the three comparisons into account, we
derive three expressions from the negated path-condition to generate
new inputs that will explore execution prefixes of path %mdk-data-line={192}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={192}
{} of increasing length:%
\end{mdP}%
\begin{mdUl}[class={ul,list-star,compact},elem={ul},data-line={194}]%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(1)]\{.ul-li-label\}},elem={li},data-line={194}]%
%mdk-data-line={194}
{}\mdEm{length 0}%mdk-data-line={194}
{}: %mdk-data-line={194}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={194}
{}%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(2)]\{.ul-li-label\}},elem={li},data-line={195}]%
%mdk-data-line={195}
{}\mdEm{length 1}%mdk-data-line={195}
{}: %mdk-data-line={195}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Keyword,Python}{not}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={195}
{}%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(3)]\{.ul-li-label\}},elem={li},data-line={196}]%
%mdk-data-line={196}
{}\mdEm{length 2}%mdk-data-line={196}
{}: %mdk-data-line={196}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Keyword,Python}{not}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Keyword,Python}{not}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={196}
{}%
\end{mdLi}%%
\end{mdUl}%
\begin{mdP}[class={para-continue},data-line={198}]%
%mdk-data-line={198}
{}The purpose of taking execution order into account should be clear, as the
comparison %mdk-data-line={199}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={199}
{} only executes in the case where %mdk-data-line={199}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Keyword,Python}{not}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Keyword,Python}{not}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={199}
{}
holds. Integer solutions to the above three systems of constraints are:%
\end{mdP}%
\begin{mdUl}[class={ul,list-star,compact},elem={ul},data-line={202}]%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(1)]\{.ul-li-label\}},elem={li},data-line={202}]%
%mdk-data-line={202}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{a}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{b}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{2}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{c}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{d}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}}%mdk-data-line={202}
{}%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(2)]\{.ul-li-label\}},elem={li},data-line={203}]%
%mdk-data-line={203}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{a}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{b}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{c}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{d}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{3}}%mdk-data-line={203}
{}%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(3)]\{.ul-li-label\}},elem={li},data-line={204}]%
%mdk-data-line={204}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{a}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{b}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{c}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{2}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{d}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{0}}%mdk-data-line={204}
{}%
\end{mdLi}%%
\end{mdUl}%
\begin{mdP}[data-line={206}]%
%mdk-data-line={206}
{}In the three cases above, we sought solutions that kept as many of
the variables as possible equal to the original input (in which 
all variables are equal to 0). Execution of the %mdk-data-line={208}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{max4}}%mdk-data-line={208}
{} function 
on the input corresponding to the first solution produces the path-condition
%mdk-data-line={210}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{a}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{b}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Keyword,Python}{not}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{c}\mdToken{Operator,Python}{{\textless}}\mdToken{Identifier,Python}{d}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Keyword,Python}{not}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{b}{\prespace{1}}\mdToken{Operator,Python}{{\textless}}{\prespace{1}}\mdToken{Identifier,Python}{c}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={210}
{}, from which we can produce more
inputs.   For this (loop-free function), there are a finite number
of path-conditions. We leave it as an exercise to the reader to 
enumerate them all.%
\end{mdP}%
\mdHxxx[id=sec-leveraging-concrete-values-in-dse,label={[1.2]\{.heading-label\}},toc={},data-line={215},caption={[[1.2]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Leveraging concrete values in DSE},bookmark={1.2.{\hspace{0.5em}}Leveraging concrete values in DSE}]{%mdk-data-line={215}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{1.2}.{\hspace{0.5em}}}%mdk-data-line={215}
{}Leveraging concrete values in DSE}\begin{mdP}[data-line={217}]%
%mdk-data-line={217}
{}We now consider several situations where we can make use of concrete
values in DSE. In the realm of (unbounded-precision) integer arithmetic 
(e.g., bignum integer arithmetic, as in Python 3.0 onwards),
it is easy  to come up with  tiny programs that will be %mdk-data-line={220}
{}\mdEm{very difficult}%mdk-data-line={220}
{},
if not %mdk-data-line={221}
{}\mdEm{impossible}%mdk-data-line={221}
{}, 
for any symbolic execution tool to deal with, such as the function %mdk-data-line={222}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{fermat3}}%mdk-data-line={222}
{}
in Figure%mdk-data-line={223}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-fermat3}{}{\mdSpan[class={figure-label}]{3}}%mdk-data-line={223}
{}.%mdk-data-line={223}
{} %mdk-data-line={223}
{}%
\end{mdP}%
\begin{mdDiv}[class={figure,floating,align-center},id=fig-fermat3,label={[3]\{.figure-label\}},elem={figure},toc-line={[3]\{.figure-label\}. Hard example for symbolic execution},toc={tof},float-env={figure},float-name={Figure},caption={Hard example for symbolic execution},data-line={226}]%
\begin{mdPre}[class={para-block,pre-fenced,pre-fenced3,language-python,lang-python,python,highlighted},language={python},data-line={227},data-line-code={228}]%
\mdPrecode[data-line={228}]{\mdToken{Keyword,Python}{def}{\prespace{1}}\mdToken{Identifier,Python}{fermat3}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{y}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{z}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{3}}\mdToken{Keyword,Python}{if}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}{\prespace{1}}\mdToken{Operator,Python}{{\textgreater}}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{y}{\prespace{1}}\mdToken{Operator,Python}{{\textgreater}}{\prespace{1}}\mdToken{Number,Python}{0}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Identifier,Python}{z}{\prespace{1}}\mdToken{Operator,Python}{{\textgreater}}{\prespace{1}}\mdToken{Number,Python}{0}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{6}}\mdToken{Keyword,Python}{if}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{x}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{x}{\prespace{1}}\mdToken{Operator,Python}{+}{\prespace{1}}\mdToken{Identifier,Python}{y}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{y}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{y}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{z}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{z}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{z}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{10}}\mdToken{Keyword,Python}{return}{\prespace{1}}\mdToken{String,Delim,Python,BracketOpen}{{"}}\mdToken{String,Python}{Fermat\prespace{1}and\prespace{1}Wiles\prespace{1}were\prespace{1}wrong!?!}\mdToken{String,Delim,Python,BracketClose}{{"}}\prebr{}
{\preindent{3}}\mdToken{Keyword,Python}{return}{\prespace{1}}\mdToken{Number,Python}{0}}%
\end{mdPre}%
\mdHr[class={figureline,madoko},data-line={234}]{}\begin{mdDiv}[data-line={235}]%
%mdk-data-line={235}
{}\mdSpan[class={figure-caption}]{\mdSpan[class={caption-before}]{\mdStrong{Figure{\mdNbsp}\mdSpan[class={figure-label}]{3}.} }Hard example for symbolic execution}%mdk-data-line={235}
{}%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[class={indent},data-line={237}]%
%mdk-data-line={237}
{}Fermat%mdk-data-line={237}
{}{'}%mdk-data-line={237}
{}s Last Theorem, proved
by Andrew Wiles in the late 20th century, states that no 
three positive integers %mdk-data-line={239}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x$}%mdk-data-line={239}
{}, %mdk-data-line={239}
{}\mdSpan[class={math-inline},elem={math-inline}]{$y$}%mdk-data-line={239}
{}, and %mdk-data-line={239}
{}\mdSpan[class={math-inline},elem={math-inline}]{$z$}%mdk-data-line={239}
{} can satisfy the equation
%mdk-data-line={240}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x^n + y^n = z^n$}%mdk-data-line={240}
{} for any integer value of %mdk-data-line={240}
{}\mdSpan[class={math-inline},elem={math-inline}]{$n$}%mdk-data-line={240}
{} greater than two.
The function %mdk-data-line={241}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{fermat3}}%mdk-data-line={241}
{} encodes this statement for %mdk-data-line={241}
{}\mdSpan[class={math-inline},elem={math-inline}]{$n=3$}%mdk-data-line={241}
{}.   It
is not reasonable to have a computer waste time trying to find
a solution that would cause %mdk-data-line={243}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{fermat3}}%mdk-data-line={243}
{} to print the string 
%mdk-data-line={244}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{String,Delim,Python,BracketOpen}{{"}}\mdToken{String,Python}{Fermat\prespace{1}and\prespace{1}Wiles\prespace{1}were\prespace{1}wrong!?!}\mdToken{String,Delim,Python,BracketClose}{{"}}}%mdk-data-line={244}
{}.  In cases of complex (non-linear)
arithmetic operations,
such as %mdk-data-line={246}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{x}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{x}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{x}}%mdk-data-line={246}
{}, we might choose to handle the operation concretely.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={248}]%
%mdk-data-line={248}
{}There are a number of ways to deal with the above issue: one is 
to recognize all non-linear terms in a symbolic expression and replace
them with their concrete counterparts during execution. For the %mdk-data-line={250}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{fermat3}}%mdk-data-line={250}
{} 
example, this would mean that during DSE the symbolic expression 
%mdk-data-line={252}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{x}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{x}{\prespace{1}}\mdToken{Operator,Python}{+}{\prespace{1}}\mdToken{Identifier,Python}{y}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{y}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{y}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{z}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{z}\mdToken{Operator,Python}{*}\mdToken{Identifier,Python}{z}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={252}
{} would be reduced to the constant %mdk-data-line={252}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{False}}%mdk-data-line={252}
{}
by evaluation on the concrete values of variables %mdk-data-line={253}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{x}}%mdk-data-line={253}
{}, %mdk-data-line={253}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{y}}%mdk-data-line={253}
{} and %mdk-data-line={253}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{z}}%mdk-data-line={253}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={255}]%
%mdk-data-line={255}
{}Besides difficult operations (such as non-linear arithmetic),
other examples of code that we might treat
concretely instead of symbolically include
functions that are hard to invert, such as cryptographic hash functions,
or low-level functions that we do not wish to test (such as 
operating system functions).  Consider
the code in Figure%mdk-data-line={261}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-hash}{}{\mdSpan[class={figure-label}]{4}}%mdk-data-line={261}
{}, which applies the function
%mdk-data-line={262}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{unknown}}%mdk-data-line={262}
{} to argument %mdk-data-line={262}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{x}}%mdk-data-line={262}
{} and compares it to argument %mdk-data-line={262}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{y}}%mdk-data-line={262}
{}.
By using the name %mdk-data-line={263}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{unknown}}%mdk-data-line={263}
{} we simply mean to say that we 
wish to model this function as a black box, with no knowledge
of how it operates internally.%
\end{mdP}%
\begin{mdDiv}[class={figure,floating,align-center},id=fig-hash,label={[4]\{.figure-label\}},elem={figure},toc-line={[4]\{.figure-label\}. Another hard example for symbolic execution},toc={tof},float-env={figure},float-name={Figure},caption={Another hard example for symbolic execution},data-line={267}]%
\begin{mdPre}[class={para-block,pre-fenced,pre-fenced3,language-python,lang-python,python,highlighted},language={python},data-line={268},data-line-code={269}]%
\mdPrecode[data-line={269}]{\mdToken{Keyword,Python}{def}{\prespace{1}}\mdToken{Identifier,Python}{dart}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}\mdToken{Delimiter,Python}{,}\mdToken{Identifier,Python}{y}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{2}}\mdToken{Keyword,Python}{if}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{unknown}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{y}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}\mdToken{Keyword,Python,BracketOpen}{:}\prebr{}
{\preindent{5}}\mdToken{Keyword,Python}{return}{\prespace{1}}\mdToken{Number,Python}{1}\prebr{}
{\preindent{2}}\mdToken{Keyword,Python}{return}{\prespace{1}}\mdToken{Number,Python}{0}}%
\end{mdPre}%
\mdHr[class={figureline,madoko},data-line={274}]{}\begin{mdDiv}[data-line={275}]%
%mdk-data-line={275}
{}\mdSpan[class={figure-caption}]{\mdSpan[class={caption-before}]{\mdStrong{Figure{\mdNbsp}\mdSpan[class={figure-label}]{4}.} }Another hard example for symbolic execution}%mdk-data-line={275}
{}%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[class={indent},data-line={276}]%
%mdk-data-line={276}
{}In such a case, we can use DSE to execute the function %mdk-data-line={276}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{unknown}}%mdk-data-line={276}
{}
on a specific input (say %mdk-data-line={277}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Number,Python}{5013}}%mdk-data-line={277}
{}) and observe its output
(say %mdk-data-line={278}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Number,Python}{42}}%mdk-data-line={278}
{}). That is, rather than execute %mdk-data-line={278}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{unknown}}%mdk-data-line={278}
{} symbolically
and invoke an ATP to invert the function%mdk-data-line={279}
{}{'}%mdk-data-line={279}
{}s path-condition, we
simply treat the call to %mdk-data-line={280}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{unknown}}%mdk-data-line={280}
{} concretely, substituting
its return value (in this case %mdk-data-line={281}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Number,Python}{42}}%mdk-data-line={281}
{}) for the specialized expression 
%mdk-data-line={282}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{unknown}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Number,Python}{5013}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{y}}%mdk-data-line={282}
{} to get the predicate %mdk-data-line={282}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Number,Python}{42}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{y}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={282}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={284}]%
%mdk-data-line={284}
{}Adding the constraint %mdk-data-line={284}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{5013}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={284}
{} yields the sound but
rather specific path-condition 
%mdk-data-line={286}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Number,Python}{5013}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Keyword,Python}{and}{\prespace{1}}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Number,Python}{42}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{y}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={286}
{}.
Note that the path-condition %mdk-data-line={287}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Number,Python}{42}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{y}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={287}
{} is not sound, as it admits
any value for the variable %mdk-data-line={288}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{x}}%mdk-data-line={288}
{}, which likely includes many values
for which %mdk-data-line={289}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{unknown}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{x}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}{\prespace{1}}\mdToken{Operator,Python}{==}{\prespace{1}}\mdToken{Identifier,Python}{y}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={289}
{} is false.%
\end{mdP}%
\mdHxxx[id=sec-overview,label={[1.3]\{.heading-label\}},toc={},data-line={291},caption={[[1.3]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Overview},bookmark={1.3.{\hspace{0.5em}}Overview}]{%mdk-data-line={291}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{1.3}.{\hspace{0.5em}}}%mdk-data-line={291}
{}Overview}\begin{mdP}[class={para-continue},data-line={293}]%
%mdk-data-line={293}
{}This introduction elides many important 
issues that arise in implementing DSE for a real language, which we will 
focus on in the remainder of the paper. These include how to:%
\end{mdP}%
\begin{mdUl}[class={ul,list-star,compact},elem={ul},data-line={297}]%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(1)]\{.ul-li-label\}},elem={li},data-line={297}]%
%mdk-data-line={297}
{}Identify the code under test %mdk-data-line={297}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={297}
{} and the symbolic inputs to %mdk-data-line={297}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={297}
{};%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(2)]\{.ul-li-label\}},elem={li},data-line={298}]%
%mdk-data-line={298}
{}Trace the control flow path %mdk-data-line={298}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={298}
{} taken by execution %mdk-data-line={298}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P(i)$}%mdk-data-line={298}
{};%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(3)]\{.ul-li-label\}},elem={li},data-line={299}]%
%mdk-data-line={299}
{}Reinterpret program operations to compute symbolic expressions;%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(4)]\{.ul-li-label\}},elem={li},data-line={300}]%
%mdk-data-line={300}
{}Generate a path-condition from %mdk-data-line={300}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={300}
{} and the symbolic expressions;%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(5)]\{.ul-li-label\}},elem={li},data-line={301}]%
%mdk-data-line={301}
{}Generate a new input %mdk-data-line={301}
{}\mdSpan[class={math-inline},elem={math-inline}]{$i'$}%mdk-data-line={301}
{} by negating (part of) the path-condition, translating
the path-condition to the input language of an ATP, invoking the ATP, and
lifting a satisfying model (if any) back up to the source level;%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,compact-li},label={[(6)]\{.ul-li-label\}},elem={li},data-line={304}]%
%mdk-data-line={304}
{}Guide the search to expose new paths.%
\end{mdLi}%%
\end{mdUl}%
\begin{mdP}[data-line={306}]%
%mdk-data-line={306}
{}The rest of this paper is organized as follows. Section%mdk-data-line={306}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-semantics}{}{\mdSpan[class={heading-label}]{2}}%mdk-data-line={306}
{} 
describes an instrumented typing discipline where we lift each type (representing 
a set of concrete values) to a symbolic type (representing
a set of pairs of concrete and symbolic values).
Section%mdk-data-line={310}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-sp2dse}{}{\mdSpan[class={heading-label}]{3}}%mdk-data-line={310}
{} shows how strongest postconditions defines a symbolic
semantics for a small programming language and how strongest postconditions
can be refined to model DSE.
Section%mdk-data-line={313}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-impl}{}{\mdSpan[class={heading-label}]{4}}%mdk-data-line={313}
{} describes an implementation of DSE for the Python language
in the Python language that follows the instrumented semantics pattern closely
(full implementation and tests available at%mdk-data-line={315}
{}{\mdNbsp}\mdA[data-linkid={pyexz3}]{https://github.com/thomasjball/PyExZ3/}{}{PyExZ3}%mdk-data-line={315}
{}, tagged %mdk-data-line={315}
{}{\textquotedblleft}v1.0{\textquotedblright}%mdk-data-line={315}
{}).
Section%mdk-data-line={316}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-int2z3}{}{\mdSpan[class={heading-label}]{5}}%mdk-data-line={316}
{} describes the symbolic encoding of Python integer 
operations using two decision procedures of Z3: linear arithmetic with
uninterpreted functions in place of non-linear operations;
fixed-width bit-vectors with precise encodings of most operations.
Section%mdk-data-line={320}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-extensions}{}{\mdSpan[class={heading-label}]{6}}%mdk-data-line={320}
{} offers a number of ideas for projects
to extend the capabilities of%mdk-data-line={321}
{}{\mdNbsp}\mdA[data-linkid={pyexz3}]{https://github.com/thomasjball/PyExZ3/}{}{PyExZ3}%mdk-data-line={321}
{}.%
\end{mdP}%
\mdHxx[id=sec-semantics,label={[2]\{.heading-label\}},toc={},data-line={323},caption={[[2]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Instrumented Types},bookmark={2.{\hspace{0.5em}}Instrumented Types}]{%mdk-data-line={323}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{2}.{\hspace{0.5em}}}%mdk-data-line={323}
{}Instrumented Types}\begin{mdP}[data-line={325}]%
%mdk-data-line={325}
{}We are given a universe of classes/types %mdk-data-line={325}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U$}%mdk-data-line={325}
{}; a type %mdk-data-line={325}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T \in U$}%mdk-data-line={325}
{} carries
along a  set of operations that apply to values of type %mdk-data-line={326}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={326}
{},
where an operation %mdk-data-line={327}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T$}%mdk-data-line={327}
{}  takes an argument list of typed 
values as input (the first being of type %mdk-data-line={328}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={328}
{}) and produces a single 
typed value as output. Nullary (static) operations of type %mdk-data-line={329}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={329}
{} can be 
used to create values of type %mdk-data-line={330}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={330}
{} (such as constants, objects, etc.)%
\end{mdP}%
\begin{mdP}[class={indent,para-continue},data-line={332}]%
%mdk-data-line={332}
{}A program %mdk-data-line={332}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={332}
{} has typed input variables
%mdk-data-line={333}
{}\mdSpan[class={math-inline},elem={math-inline}]{$v_1 : T_1 \ldots v_k : T_k$}%mdk-data-line={333}
{} and a body from the language of statements %mdk-data-line={333}
{}\mdSpan[class={math-inline},elem={math-inline}]{$S$}%mdk-data-line={333}
{}:%
\end{mdP}%
\begin{mdDiv}[class={mathpre,para-block,input-mathpre},elem={mathpre},data-line={335}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={336}
\begin{mdMathprearray}%mdk
\mathid{S}\mdMathspace{1}\rightarrow   &\mdMathspace{1}\mathid{v}\mdMathspace{1}:=\mdMathspace{1}\mathid{E}\mdMathbr{}
\mdMathindent{3}|\mdMathspace{1}&\mdMathspace{1}\mathkw{skip}\mdMathspace{1}\mdMathbr{}
\mdMathindent{3}|\mdMathspace{1}&\mdMathspace{1}\mathid{S}_1\mdMathspace{1};\mdMathspace{1}\mathid{S}_2\mdMathspace{1}\mdMathbr{}
\mdMathindent{3}|\mdMathspace{1}&\mdMathspace{1}\mathkw{if}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{S}_1\mdMathspace{1}\mathkw{else}\mdMathspace{1}\mathid{S}_2\mdMathspace{1}\mathkw{end}\mdMathbr{}
\mdMathindent{3}|\mdMathspace{1}&\mdMathspace{1}\mathkw{while}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{do}\mdMathspace{1}\mathid{S}\mdMathspace{1}\mathkw{end}
\end{mdMathprearray}%mdk
\]%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[data-line={343}]%
%mdk-data-line={343}
{}The language of expressions (%mdk-data-line={343}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={343}
{}) is defined by the application of operations
to values, where constants (nullary operations) and 
program variables form the leaves 
of the expression tree and non-nullary operators 
form the interior nodes of the tree.
For now, we will consider all values to be immutable.
That is, the only source of mutation in the language is the 
assignment statement.%
\end{mdP}%
\begin{mdP}[class={indent,para-continue},data-line={352}]%
%mdk-data-line={352}
{}To introduce symbolic execution into the picture,
we can imagine that a type %mdk-data-line={353}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T \in U$}%mdk-data-line={353}
{} has
(one or more) counterparts in a symbolic universe %mdk-data-line={354}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={354}
{}. A type %mdk-data-line={354}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T' \in U'$}%mdk-data-line={354}
{}
is a subtype of %mdk-data-line={355}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T \in U$}%mdk-data-line={355}
{} with two purposes:%
\end{mdP}%
\begin{mdUl}[class={ul,list-star,loose},elem={ul},data-line={357}]%
\begin{mdLi}[class={li,ul-li,list-star-li,loose-li},label={[(1)]\{.ul-li-label\}},elem={li},data-line={357}]%
\begin{mdP}[data-line={357}]%
%mdk-data-line={357}
{}First, a value of type %mdk-data-line={357}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'$}%mdk-data-line={357}
{} represents a pair of values: 
a concrete value %mdk-data-line={358}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={358}
{} of (super)type %mdk-data-line={358}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={358}
{} and a symbolic expression %mdk-data-line={358}
{}\mdSpan[class={math-inline},elem={math-inline}]{$e$}%mdk-data-line={358}
{}. 
A symbolic expression is a tree
whose leaves are either nullary operators (i.e., constants) of a type in %mdk-data-line={360}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U$}%mdk-data-line={360}
{}
or are Skolem constants representing the (symbolic) inputs (%mdk-data-line={361}
{}\mdSpan[class={math-inline},elem={math-inline}]{$v_1 \ldots v_k$}%mdk-data-line={361}
{})
to the program %mdk-data-line={362}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={362}
{}, and whose interior nodes represent operations 
from types in %mdk-data-line={363}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U$}%mdk-data-line={363}
{}. We refer to Skolem constants as %mdk-data-line={363}
{}{\textquotedblleft}symbolic constants{\textquotedblright}%mdk-data-line={363}
{}
from this point on. Note that symbolic expressions do not contain
references to program variables.%
\end{mdP}%%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,loose-li},label={[(2)]\{.ul-li-label\}},elem={li},data-line={367}]%
\begin{mdP}[data-line={367}]%
%mdk-data-line={367}
{}Second, the type %mdk-data-line={367}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'$}%mdk-data-line={367}
{} redefines some of the operations %mdk-data-line={367}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T$}%mdk-data-line={367}
{},
namely those for which we wish to compute symbolic expressions.
An operation %mdk-data-line={369}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T'$}%mdk-data-line={369}
{} has the same parameter list as %mdk-data-line={369}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T$}%mdk-data-line={369}
{}, allowing it
to take inputs with types from both %mdk-data-line={370}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U$}%mdk-data-line={370}
{} and %mdk-data-line={370}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={370}
{}. The return type
of %mdk-data-line={371}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T'$}%mdk-data-line={371}
{} generally is from %mdk-data-line={371}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={371}
{} (though it can be from %mdk-data-line={371}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U$}%mdk-data-line={371}
{}). 
Thus, %mdk-data-line={372}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T'$}%mdk-data-line={372}
{} is a proper function subtype of %mdk-data-line={372}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T$}%mdk-data-line={372}
{}. 
The purpose of %mdk-data-line={373}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T'$}%mdk-data-line={373}
{} is to:
(1) perform operation %mdk-data-line={374}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o \in T$}%mdk-data-line={374}
{} on the concrete 
values associated with its inputs; 
(2) build a symbolic expression tree rooted at operation %mdk-data-line={376}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o$}%mdk-data-line={376}
{} 
whose children are the trees associated with the inputs to %mdk-data-line={377}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o$}%mdk-data-line={377}
{}.%
\end{mdP}%%
\end{mdLi}%%
\end{mdUl}%
\begin{mdP}[data-line={379}]%
%mdk-data-line={379}
{}Figure%mdk-data-line={379}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-subtype}{}{\mdSpan[class={figure-label}]{5}}%mdk-data-line={379}
{} presents pseudo code for the instrumentation
of a type %mdk-data-line={380}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={380}
{} via a type %mdk-data-line={380}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'$}%mdk-data-line={380}
{}.
The class %mdk-data-line={381}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdToken{Type,Identifier,Cpp}{Symbolic}}%mdk-data-line={381}
{} is used to hold an expression tree (%mdk-data-line={381}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdToken{Type,Identifier,Cpp}{Expr}}%mdk-data-line={381}
{}).
Given a class %mdk-data-line={382}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T \in U$}%mdk-data-line={382}
{}, a symbolic type %mdk-data-line={382}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T' \in U'$}%mdk-data-line={382}
{} is defined by inheriting 
from both %mdk-data-line={383}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={383}
{} and %mdk-data-line={383}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdToken{Type,Identifier,Cpp}{Symbolic}}%mdk-data-line={383}
{}. This ensures that a %mdk-data-line={383}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'$}%mdk-data-line={383}
{} can be used
wherever a %mdk-data-line={384}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={384}
{} is expected.%
\end{mdP}%
\begin{mdDiv}[class={figure,floating,align-center},id=fig-subtype,label={[5]\{.figure-label\}},elem={figure},toc-line={[5]\{.figure-label\}. Type instrumentation to carry both concrete values and symbolic expressions.},toc={tof},float-env={figure},float-name={Figure},caption={Type instrumentation to carry both concrete values and symbolic expressions.},data-line={386}]%
\begin{mdPre}[class={para-block,pre-fenced,pre-fenced3,language-cpp2,lang-cpp2,cpp2,highlighted},data-line={387},data-line-code={388},language={cpp2}]%
\mdPrecode[data-line={388}]{{\preindent{2}}\mdToken{Keyword,Cpp}{class}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T'$}}}{\prespace{1}}\mdToken{Operator,Cpp}{:}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T$}}}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{Symbolic}{\prespace{1}}\mdToken{Delimiter,Curly,Cpp,BracketOpen}{\{}\prebr{}
{\preindent{4}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T'$}}}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{c}\mdToken{Operator,Cpp}{:}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T$}}}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Identifier,Cpp}{e}\mdToken{Operator,Cpp}{:}\mdToken{Type,Identifier,Cpp}{Expr}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}{\prespace{1}}\mdToken{Operator,Cpp}{:}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T$}}}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{c}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Source,Cpp}{S}\mdToken{Identifier,Cpp}{ymbolic}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{e}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}{\prespace{1}}\mdToken{Delimiter,Curly,Cpp,BracketOpen}{\{}\mdToken{Delimiter,Curly,Cpp,BracketClose}{\}}\prebr{}
\prebr{}
{\preindent{4}}\mdToken{Keyword,Extra,Cpp}{override}{\prespace{1}}\mdToken{Identifier,Cpp}{o}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Keyword,Cpp}{this}\mdToken{Operator,Cpp}{:}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T$}}}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Identifier,Cpp}{f1}\mdToken{Operator,Cpp}{:}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T_1$}}}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}{\prespace{1}}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Identifier,Cpp}{fk}\mdToken{Operator,Cpp}{:}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T_k$}}}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}{\prespace{1}}\mdToken{Operator,Cpp}{:}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$R'$}}}{\prespace{1}}\mdToken{Delimiter,Curly,Cpp,BracketOpen}{\{}\prebr{}
{\preindent{6}}\mdToken{Keyword,Extra,Cpp}{var}{\prespace{1}}\mdToken{Identifier,Cpp}{c}{\prespace{1}}:={\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T$}}}\mdToken{Delimiter,Cpp}{.}\mdToken{Identifier,Cpp}{o}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Keyword,Cpp}{this}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Identifier,Cpp}{f1}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}{\prespace{1}}\mdToken{Delimiter,Cpp}{,}\mdToken{Identifier,Cpp}{fk}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}\prebr{}
{\preindent{6}}\mdToken{Keyword,Extra,Cpp}{var}{\prespace{1}}\mdToken{Identifier,Cpp}{e}{\prespace{1}}:={\prespace{1}}\mdToken{Keyword,Cpp}{new}{\prespace{1}}\mdToken{Source,Cpp}{E}\mdToken{Identifier,Cpp}{xpr}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$T$}}}\mdToken{Delimiter,Cpp}{.}\mdToken{Identifier,Cpp}{o}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Identifier,Cpp}{expr}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{self}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Identifier,Cpp}{expr}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{f1}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Identifier,Cpp}{expr}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{fk}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}\prebr{}
{\preindent{6}}\mdToken{Keyword,Cpp}{return}{\prespace{1}}\mdToken{Keyword,Cpp}{new}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$R'$}}}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{c}\mdToken{Delimiter,Cpp}{,}\mdToken{Identifier,Cpp}{e}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}{\prespace{1}}\prebr{}
{\preindent{4}}\mdToken{Delimiter,Curly,Cpp,BracketClose}{\}}\prebr{}
{\preindent{4}}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}\prebr{}
{\preindent{2}}\mdToken{Delimiter,Curly,Cpp,BracketClose}{\}}\prebr{}
{\preindent{2}}\prebr{}
{\preindent{2}}\mdToken{Keyword,Cpp}{class}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$R'$}}}{\prespace{1}}\mdToken{Operator,Cpp}{:}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$R$}}}\mdToken{Delimiter,Cpp}{,}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{Symbolic}{\prespace{1}}\mdToken{Delimiter,Curly,Cpp,BracketOpen}{\{}{\prespace{1}}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}\mdToken{Delimiter,Cpp}{.}{\prespace{1}}\mdToken{Delimiter,Curly,Cpp,BracketClose}{\}}\prebr{}
{\preindent{2}}\prebr{}
{\preindent{2}}\mdToken{Keyword,Extra,Cpp}{function}{\prespace{1}}\mdToken{Identifier,Cpp}{expr}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{v}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}{\prespace{1}}\mdToken{Operator,Cpp}{=}{\prespace{1}}\mdToken{Identifier,Cpp}{v}{\prespace{1}}\mdToken{Keyword,Extra,Cpp}{instanceof}{\prespace{1}}\mdToken{Type,Identifier,Cpp}{Symbolic}{\prespace{1}}\mdToken{Operator,Cpp}{?}{\prespace{1}}\mdToken{Identifier,Cpp}{v}\mdToken{Delimiter,Cpp}{.}\mdToken{Identifier,Cpp}{getExpr}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}{\prespace{1}}\mdToken{Operator,Cpp}{:}{\prespace{1}}\mdToken{Identifier,Cpp}{v}}%
\end{mdPre}%
\mdHr[class={figureline,madoko},data-line={403}]{}\begin{mdDiv}[data-line={404}]%
%mdk-data-line={404}
{}\mdSpan[class={figure-caption}]{\mdSpan[class={caption-before}]{\mdStrong{Figure{\mdNbsp}\mdSpan[class={figure-label}]{5}.} }Type instrumentation to carry both concrete values and symbolic expressions.}%mdk-data-line={404}
{}%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[class={indent,para-continue},data-line={405}]%
%mdk-data-line={405}
{}A type such as %mdk-data-line={405}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'$}%mdk-data-line={405}
{}  only can be constructed by providing a concrete value %mdk-data-line={405}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={405}
{} of 
type %mdk-data-line={406}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={406}
{} and a symbolic expression %mdk-data-line={406}
{}\mdSpan[class={math-inline},elem={math-inline}]{$e$}%mdk-data-line={406}
{} to the constructor for %mdk-data-line={406}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'$}%mdk-data-line={406}
{}.
This will be done in exactly two places:%
\end{mdP}%
\begin{mdUl}[class={ul,list-star,loose},elem={ul},data-line={409}]%
\begin{mdLi}[class={li,ul-li,list-star-li,loose-li},label={[(1)]\{.ul-li-label\}},elem={li},data-line={409}]%
\begin{mdP}[data-line={409}]%
%mdk-data-line={409}
{}by the creation of symbolic constants associated with the primary
inputs (%mdk-data-line={410}
{}\mdSpan[class={math-inline},elem={math-inline}]{$v_1 \ldots v_k$}%mdk-data-line={410}
{}) to the program;%
\end{mdP}%%
\end{mdLi}%
\begin{mdLi}[class={li,ul-li,list-star-li,loose-li},label={[(2)]\{.ul-li-label\}},elem={li},data-line={412}]%
\begin{mdP}[data-line={412}]%
%mdk-data-line={412}
{}by the instrumented operations as shown  in Figure%mdk-data-line={412}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-subtype}{}{\mdSpan[class={figure-label}]{5}}%mdk-data-line={412}
{}.%
\end{mdP}%%
\end{mdLi}%%
\end{mdUl}%
\begin{mdP}[data-line={414}]%
%mdk-data-line={414}
{}An instrumented operation %mdk-data-line={414}
{}\mdSpan[class={math-inline},elem={math-inline}]{$o$}%mdk-data-line={414}
{} on arguments (%mdk-data-line={414}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdToken{Keyword,Cpp}{this}}%mdk-data-line={414}
{}, %mdk-data-line={414}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{f1}}%mdk-data-line={414}
{}, %mdk-data-line={414}
{}{\dots}%mdk-data-line={414}
{}, %mdk-data-line={414}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{fk}}%mdk-data-line={414}
{})
first invokes its corresponding underlying
operator %mdk-data-line={416}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T.o$}%mdk-data-line={416}
{} on arguments (%mdk-data-line={416}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdToken{Keyword,Cpp}{this}}%mdk-data-line={416}
{}, %mdk-data-line={416}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{f1}}%mdk-data-line={416}
{}, %mdk-data-line={416}
{}{\dots}%mdk-data-line={416}
{}, %mdk-data-line={416}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{fk}}%mdk-data-line={416}
{}) to get concrete value %mdk-data-line={416}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{c}}%mdk-data-line={416}
{}.
It then constructs a new expression tree %mdk-data-line={417}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{e}}%mdk-data-line={417}
{}
rooted at operator %mdk-data-line={418}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T.o$}%mdk-data-line={418}
{}, whose children are the result of
mapping the function %mdk-data-line={419}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{expr}}%mdk-data-line={419}
{} over (%mdk-data-line={419}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdToken{Keyword,Cpp}{this}}%mdk-data-line={419}
{}, %mdk-data-line={419}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{f1}}%mdk-data-line={419}
{}, %mdk-data-line={419}
{}{\dots}%mdk-data-line={419}
{}, %mdk-data-line={419}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{fk}}%mdk-data-line={419}
{}). 
The helper function %mdk-data-line={420}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{expr}\mdToken{Delimiter,Parenthesis,Python,BracketOpen}{(}\mdToken{Identifier,Python}{v}\mdToken{Delimiter,Parenthesis,Python,BracketClose}{)}}%mdk-data-line={420}
{}
evaluates to an expression tree in the case that %mdk-data-line={421}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{v}}%mdk-data-line={421}
{} is of %mdk-data-line={421}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdToken{Type,Identifier,Cpp}{Symbolic}}%mdk-data-line={421}
{} type
(representing a type in %mdk-data-line={422}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={422}
{}) and evaluates to %mdk-data-line={422}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{v}}%mdk-data-line={422}
{} itself, a concrete value
of some type in %mdk-data-line={423}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U$}%mdk-data-line={423}
{}, otherwise.
Finally, having computed the values %mdk-data-line={424}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{c}}%mdk-data-line={424}
{} and %mdk-data-line={424}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{e}}%mdk-data-line={424}
{}, the instrumented operator 
returns %mdk-data-line={425}
{}\mdCode[class={code,code2,language-cpp2,lang-cpp2,cpp2,highlighted},language={cpp2}]{\mdSpan[class={code-escaped}]{\mdSpan[class={math-inline},elem={math-inline}]{$R'$}}\mdToken{Delimiter,Parenthesis,Cpp,BracketOpen}{(}\mdToken{Identifier,Cpp}{c}\mdToken{Delimiter,Cpp}{,}\mdToken{Identifier,Cpp}{e}\mdToken{Delimiter,Parenthesis,Cpp,BracketClose}{)}}%mdk-data-line={425}
{}, where %mdk-data-line={425}
{}\mdSpan[class={math-inline},elem={math-inline}]{$R$}%mdk-data-line={425}
{} is the return type of operator %mdk-data-line={425}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T.o$}%mdk-data-line={425}
{},
and %mdk-data-line={426}
{}\mdSpan[class={math-inline},elem={math-inline}]{$R'$}%mdk-data-line={426}
{} is a subtype of %mdk-data-line={426}
{}\mdSpan[class={math-inline},elem={math-inline}]{$R$}%mdk-data-line={426}
{} from universe %mdk-data-line={426}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={426}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={428}]%
%mdk-data-line={428}
{}Looked at another way, the universe %mdk-data-line={428}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={428}
{} represents the %mdk-data-line={428}
{}{\textquotedblleft}tainting{\textquotedblright}%mdk-data-line={428}
{} of
types from %mdk-data-line={429}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U$}%mdk-data-line={429}
{}. Tainted values flow from program inputs to the 
operands of operators. If an operator has been redefined
(as above) then the taint propagates from its inputs to its outputs.
On the other hand, if the operator has not been redefined, then it will
not propagate the taint. In the context of DSE, %mdk-data-line={433}
{}{\textquotedblleft}taint{\textquotedblright}%mdk-data-line={433}
{} means
that the instrumented semantics carries along a symbolic expression tree %mdk-data-line={434}
{}\mdSpan[class={math-inline},elem={math-inline}]{$e$}%mdk-data-line={434}
{}
along with a concrete value %mdk-data-line={435}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={435}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={437}]%
%mdk-data-line={437}
{}The choice of types from the universe %mdk-data-line={437}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={437}
{} determines how symbolic
expressions are constructed. For each %mdk-data-line={438}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T \in U$}%mdk-data-line={438}
{}, the %mdk-data-line={438}
{}{\textquotedblleft}most symbolic{\textquotedblright}%mdk-data-line={438}
{}
(least concrete) choice is the %mdk-data-line={439}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'$}%mdk-data-line={439}
{} that redefines every operator of %mdk-data-line={439}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={439}
{}
(as shown in Figure%mdk-data-line={440}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-subtype}{}{\mdSpan[class={figure-label}]{5}}%mdk-data-line={440}
{}).
The %mdk-data-line={441}
{}{\textquotedblleft}least symbolic{\textquotedblright}%mdk-data-line={441}
{} (most concrete) choice is %mdk-data-line={441}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T' = T$}%mdk-data-line={441}
{} which
redefines no operators.  Let %mdk-data-line={442}
{}\mdSpan[class={math-inline},elem={math-inline}]{$symbolic(T)$}%mdk-data-line={442}
{} be the
set of types in %mdk-data-line={443}
{}\mdSpan[class={math-inline},elem={math-inline}]{$U'$}%mdk-data-line={443}
{} that are subtypes of %mdk-data-line={443}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={443}
{}. The types
in %mdk-data-line={444}
{}\mdSpan[class={math-inline},elem={math-inline}]{$symbolic(T)$}%mdk-data-line={444}
{} are partially ordered by subset inclusion on the 
set of operators from %mdk-data-line={445}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T$}%mdk-data-line={445}
{} they redefine.%
\end{mdP}%

\mdHxx[id=sec-sp2dse,label={[3]\{.heading-label\}},toc={},data-line={449},caption={[[3]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}From Strongest Postconditions to DSE},bookmark={3.{\hspace{0.5em}}From Strongest Postconditions to DSE}]{%mdk-data-line={449}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{3}.{\hspace{0.5em}}}%mdk-data-line={449}
{}From Strongest Postconditions to DSE}\begin{mdP}[data-line={451}]%
%mdk-data-line={451}
{}The previous section showed how symbolic expressions can be computed via a
set of instrumented types, where the expressions are computed as a side-effect 
of the execution of program operations.
This section shows how these symbolic expressions can be used to form a 
%mdk-data-line={455}
{}\mdEm{path-condition}%mdk-data-line={455}
{} (which then can be compiled into a logic formula and 
passed to an automated theorem prover to find new inputs to drive a 
program%mdk-data-line={457}
{}{'}%mdk-data-line={457}
{}s execution along new paths). We derive a %mdk-data-line={457}
{}\mdEm{path-condition}%mdk-data-line={457}
{}
directly from the %mdk-data-line={458}
{}\mdEm{strongest postcondition}%mdk-data-line={458}
{} (symbolic) semantics of our
programming language, refining it to model the basic operations
of an interpreter.%
\end{mdP}%
\mdHxxx[id=sec-strongest-postconditions,label={[3.1]\{.heading-label\}},toc={},data-line={462},caption={[[3.1]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Strongest Postconditions},bookmark={3.1.{\hspace{0.5em}}Strongest Postconditions}]{%mdk-data-line={462}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{3.1}.{\hspace{0.5em}}}%mdk-data-line={462}
{}Strongest Postconditions}\begin{mdP}[class={para-continue},data-line={464}]%
%mdk-data-line={464}
{}The strongest postcondition transformer %mdk-data-line={464}
{}\mdSpan[class={math-inline},elem={math-inline}]{$SP$}%mdk-data-line={464}
{}{\mdNbsp}\mdSpan[class={citations},target-element={bibitem}]{[\mdA[class={bibref,localref},target-element={bibitem}]{dijkstra76}{}{\mdSpan[class={bibitem-label}]{6}}]}%mdk-data-line={464}
{} is defined over
a predicate %mdk-data-line={465}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={465}
{} representing a set of 
pre-states and a statement %mdk-data-line={466}
{}\mdSpan[class={math-inline},elem={math-inline}]{$S$}%mdk-data-line={466}
{} from our language. The transformer %mdk-data-line={466}
{}\mdSpan[class={math-inline},elem={math-inline}]{$SP(P,S)$}%mdk-data-line={466}
{}
yields a predicate %mdk-data-line={467}
{}\mdSpan[class={math-inline},elem={math-inline}]{$Q$}%mdk-data-line={467}
{} such that for any state %mdk-data-line={467}
{}\mdSpan[class={math-inline},elem={math-inline}]{$s$}%mdk-data-line={467}
{} satisfying
predicate %mdk-data-line={468}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={468}
{}, the execution of statement %mdk-data-line={468}
{}\mdSpan[class={math-inline},elem={math-inline}]{$S$}%mdk-data-line={468}
{} from state %mdk-data-line={468}
{}\mdSpan[class={math-inline},elem={math-inline}]{$s$}%mdk-data-line={468}
{},
if it does not go wrong or diverge, yields a state %mdk-data-line={469}
{}\mdSpan[class={math-inline},elem={math-inline}]{$s'$}%mdk-data-line={469}
{} satisfying predicate %mdk-data-line={469}
{}\mdSpan[class={math-inline},elem={math-inline}]{$Q$}%mdk-data-line={469}
{}. 
The strongest postcondition for the statements in our language
is defined by the following five rules:%
\end{mdP}%
\begin{mdDiv}[class={mathpre,para-block,input-mathpre},elem={mathpre},data-line={473}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={474}
\begin{mdMathprearray}%mdk
1.\mdMathspace{2}&\mdMathspace{1}\mathid{SP}(\mathid{P},\mdMathspace{1}\mathid{x}\mdMathspace{1}:=\mdMathspace{1}\mathid{E})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{1}\exists \mathid{y}\mdMathspace{1}.\mdMathspace{1}(\mathid{x}\mdMathspace{1}=\mdMathspace{1}\mathid{E}\mdMathspace{1}[\mdMathspace{1}\mathid{x}\mdMathspace{1}\rightarrow \mathid{y}\mdMathspace{1}])\mdMathspace{1}\wedge \mathid{P}\mdMathspace{1}[\mdMathspace{1}\mathid{x}\mdMathspace{1}\rightarrow \mathid{y}\mdMathspace{1}]\mdMathbr{}
2.\mdMathspace{2}&\mdMathspace{1}\mathid{SP}(\mathid{P},\mdMathspace{1}\mathkw{skip})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{1}\mathid{P}\mdMathbr{}
3.\mdMathspace{2}&\mdMathspace{1}\mathid{SP}(\mathid{P},\mathid{S}_{1};\mathid{S}_{2})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{1}\mathid{SP}(\mathid{SP}(\mathid{P},\mathid{S}_{1}),\mdMathspace{1}\mathid{S}_{2})\mdMathbr{}
4.\mdMathspace{2}&\mdMathspace{1}\mathid{SP}(\mathid{P},\mathkw{if}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{S}_1\mdMathspace{1}\mathkw{else}\mdMathspace{1}\mathid{S}_2\mdMathspace{1}\mathkw{end})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathbr{}
\mdMathindent{4}&\mdMathspace{7}\mathid{SP}(\mathid{P}\wedge \mathid{E},\mathid{S}_1)\mdMathspace{1}\vee  \mathid{SP}(\mathid{P}\mdMathspace{1}\wedge \neg \mathid{E},\mathid{S}_2)\mdMathbr{}
5.\mdMathspace{2}&\mdMathspace{1}\mathid{SP}(\mathid{P},\mathkw{while}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{do}\mdMathspace{1}\mathid{S}\mdMathspace{1}\mathkw{end})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathbr{}
\mdMathindent{4}&\mdMathspace{6}\mathid{SP}(\mathid{P},\mathkw{if}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{S};\mdMathspace{1}\mathkw{while}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{do}\mdMathspace{1}\mathid{S}\mdMathspace{1}\mathkw{end}\mdMathspace{1}\mathkw{else}\mdMathspace{1}\mathkw{skip}\mdMathspace{1}\mathkw{end})
\end{mdMathprearray}%mdk
\]%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[data-line={483}]%
%mdk-data-line={483}
{}Rule (1) defines the strongest postcondition for 
the assignment statement. The assignment is modeled
logically by the equality %mdk-data-line={485}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x = E$}%mdk-data-line={485}
{} where any free occurrence of %mdk-data-line={485}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x$}%mdk-data-line={485}
{} in %mdk-data-line={485}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={485}
{}
is replaced by the existentially quantified variable %mdk-data-line={486}
{}\mdSpan[class={math-inline},elem={math-inline}]{$y$}%mdk-data-line={486}
{}, which represents
the value of %mdk-data-line={487}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x$}%mdk-data-line={487}
{} in the pre-state. The same substitution (%mdk-data-line={487}
{}\mdSpan[class={math-inline},elem={math-inline}]{$[x \rightarrow y ]$}%mdk-data-line={487}
{})
is applied to the pre-state predicate %mdk-data-line={488}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={488}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={490}]%
%mdk-data-line={490}
{}Rules (2)-(5) define the strongest postcondition for the four control-flow
statements. The rules for the %mdk-data-line={491}
{}\mdStrong{skip}%mdk-data-line={491}
{} statement and sequencing (;) are
straightforward. 
Of particular interest, note that the rule for the %mdk-data-line={493}
{}\mdStrong{if-then-else}%mdk-data-line={493}
{} 
statement splits cases on the expression %mdk-data-line={494}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={494}
{}. 
It is here that DSE will choose one of the cases for us, as the concrete
execution will evaluate %mdk-data-line={496}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={496}
{} either to be true or false. This gives rise
to the path-condition (either %mdk-data-line={497}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P \wedge E$}%mdk-data-line={497}
{} or %mdk-data-line={497}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P \wedge \neg E$}%mdk-data-line={497}
{}). The
recursive rule for the %mdk-data-line={498}
{}\mdStrong{while}%mdk-data-line={498}
{} loop unfolds as many times as the
expression %mdk-data-line={499}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={499}
{} evaluates true, adding to the path-condition.%
\end{mdP}%
\mdHxxx[id=sp-refined,label={[3.2]\{.heading-label\}},toc={},data-line={501},caption={[[3.2]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}From \$SP\$ to DSE},bookmark={3.2.{\hspace{0.5em}}From \$SP\$ to DSE}]{%mdk-data-line={501}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{3.2}.{\hspace{0.5em}}}%mdk-data-line={501}
{}From %mdk-data-line={501}
{}\mdSpan[class={math-inline},elem={math-inline}]{$SP$}%mdk-data-line={501}
{} to DSE}\begin{mdP}[data-line={503}]%
%mdk-data-line={503}
{}Assume that an execution begins with the assignment of initial values %mdk-data-line={503}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c_1 \ldots c_k$}%mdk-data-line={503}
{} to the program %mdk-data-line={503}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={503}
{}{'}%mdk-data-line={503}
{}s inputs
%mdk-data-line={504}
{}\mdSpan[class={math-inline},elem={math-inline}]{$V = \{ v_1 : T_1 \ldots v_k : T_k \}$}%mdk-data-line={504}
{}.  To seed symbolic execution, some of the types %mdk-data-line={504}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T_i$}%mdk-data-line={504}
{} are
replaced by symbolic counterparts %mdk-data-line={505}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T'_i$}%mdk-data-line={505}
{}, in which case
%mdk-data-line={506}
{}\mdSpan[class={math-inline},elem={math-inline}]{$v_i$}%mdk-data-line={506}
{} is initialized to the value %mdk-data-line={506}
{}\mdSpan[class={math-inline},elem={math-inline}]{$sc_i = T'_i (c_i,SC(v_i))$}%mdk-data-line={506}
{} instead of the value %mdk-data-line={506}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c_i$}%mdk-data-line={506}
{},
where %mdk-data-line={507}
{}\mdSpan[class={math-inline},elem={math-inline}]{$SC(v_i)$}%mdk-data-line={507}
{} is the symbolic constant representing the initial value of variable %mdk-data-line={507}
{}\mdSpan[class={math-inline},elem={math-inline}]{$v_i$}%mdk-data-line={507}
{}.
The symbolic constant %mdk-data-line={508}
{}\mdSpan[class={math-inline},elem={math-inline}]{$SC(v_i)$}%mdk-data-line={508}
{} can be thought of as representing any value of
type %mdk-data-line={509}
{}\mdSpan[class={math-inline},elem={math-inline}]{$T_i$}%mdk-data-line={509}
{}, which includes the value %mdk-data-line={509}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c_i$}%mdk-data-line={509}
{}.%mdk-data-line={509}
{} %mdk-data-line={509}
{}%
\end{mdP}%
\begin{mdP}[class={indent,para-continue},data-line={511}]%
%mdk-data-line={511}
{}Let %mdk-data-line={511}
{}\mdSpan[class={math-inline},elem={math-inline}]{$V_s$}%mdk-data-line={511}
{} and %mdk-data-line={511}
{}\mdSpan[class={math-inline},elem={math-inline}]{$V_c$}%mdk-data-line={511}
{} partition the variables of %mdk-data-line={511}
{}\mdSpan[class={math-inline},elem={math-inline}]{$V$}%mdk-data-line={511}
{} into those variables
that are treated symbolically (%mdk-data-line={512}
{}\mdSpan[class={math-inline},elem={math-inline}]{$V_s$}%mdk-data-line={512}
{}) and those that are treated concretely 
(%mdk-data-line={513}
{}\mdSpan[class={math-inline},elem={math-inline}]{$V_c$}%mdk-data-line={513}
{}). The initial state of the program is characterized by the formula%
\end{mdP}%
\begin{mdDiv}[class={equation,para-block},label={[(1)]\{.equation-label\}},elem={equation},line-adjust={0},data-line={515}]%
%mdk-data-line={515}
{}\mdSpan[class={equation-before}]{\mdSpan[class={equation-label}]{(1)}}%mdk-data-line={515}
{}
\begin{mdDiv}[class={mathdisplay,para-block,input-math},elem={mathdisplay},color={},math-needpdf={},line-adjust={0},data-line={516}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={516}
Init = (\bigwedge_{v_i \in V_s} v_i = sc_i) ~\wedge~ (~\bigwedge_{v_i \in V_c} v_i = c_i)
\]%
\end{mdDiv}%%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[data-line={519}]%
%mdk-data-line={519}
{}Thus, we see that the initial value of every input variable is characterized by 
a symbolic constant %mdk-data-line={520}
{}\mdSpan[class={math-inline},elem={math-inline}]{$sc_i$}%mdk-data-line={520}
{} or constant %mdk-data-line={520}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c_i$}%mdk-data-line={520}
{}.  We assume that every non-input
variable in the program is initialized before being used.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={523}]%
%mdk-data-line={523}
{}The strongest postcondition is formulated to deal with open programs,
programs in which some variables are used before being assigned to. 
This surfaces in Rule (1) for assignment, which uses existential quantification
to refer to the value of variable %mdk-data-line={526}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x$}%mdk-data-line={526}
{} in the pre-state.%
\end{mdP}%
\begin{mdP}[class={indent,para-continue},data-line={528}]%
%mdk-data-line={528}
{}By construction,
we have that every variable is defined before being used.  This means
that the precondition %mdk-data-line={530}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P$}%mdk-data-line={530}
{} can be reformulated as a pair %mdk-data-line={530}
{}\mdSpan[class={math-inline},elem={math-inline}]{$<\sigma,P_c>$}%mdk-data-line={530}
{},
where %mdk-data-line={531}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma$}%mdk-data-line={531}
{} is a store mapping variables to values and %mdk-data-line={531}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P_c$}%mdk-data-line={531}
{} is
the path-condition, a list of symbolic expressions (predicates) 
corresponding
to the expressions %mdk-data-line={534}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={534}
{} evaluated in the context of an %mdk-data-line={534}
{}\mdStrong{if-then-else}%mdk-data-line={534}
{} 
statement. Initially, we have that :%
\end{mdP}%
\begin{mdDiv}[class={equation,para-block},label={[(2)]\{.equation-label\}},elem={equation},line-adjust={0},data-line={537}]%
%mdk-data-line={537}
{}\mdSpan[class={equation-before}]{\mdSpan[class={equation-label}]{(2)}}%mdk-data-line={537}
{}
\begin{mdDiv}[class={mathdisplay,para-block,input-math},elem={mathdisplay},color={},math-needpdf={},line-adjust={0},data-line={538}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={538}
\sigma = \{ (v_i,sc_i) | v_i \in V_s \} \cup \{ (v_i,c_i) | v_i \in V_c \}
\]%
\end{mdDiv}%%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[class={para-continue},data-line={541}]%
%mdk-data-line={541}
{}representing the initial condition %mdk-data-line={541}
{}\mdSpan[class={math-inline},elem={math-inline}]{$Init$}%mdk-data-line={541}
{}, and %mdk-data-line={541}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P_c = []$}%mdk-data-line={541}
{}, the empty list.
We use %mdk-data-line={542}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma'$}%mdk-data-line={542}
{} to refer to the formula that the store %mdk-data-line={542}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma$}%mdk-data-line={542}
{}
induces:%
\end{mdP}%
\begin{mdDiv}[class={equation,para-block},label={[(3)]\{.equation-label\}},elem={equation},line-adjust={0},data-line={545}]%
%mdk-data-line={545}
{}\mdSpan[class={equation-before}]{\mdSpan[class={equation-label}]{(3)}}%mdk-data-line={545}
{}
\begin{mdDiv}[class={mathdisplay,para-block,input-math},elem={mathdisplay},color={},math-needpdf={},line-adjust={0},data-line={546}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={546}
\sigma ' =  \bigwedge_{(v,V) \in \sigma} (v = V)
\]%
\end{mdDiv}%%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[data-line={549}]%
%mdk-data-line={549}
{}Thus, the pair %mdk-data-line={549}
{}\mdSpan[class={math-inline},elem={math-inline}]{$<\sigma,P_c>$}%mdk-data-line={549}
{} represents the predicate 
%mdk-data-line={550}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P = \sigma' \wedge (\bigwedge_{c \in P_c} c)$}%mdk-data-line={550}
{}.
A store %mdk-data-line={551}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma$}%mdk-data-line={551}
{} supports two operations: %mdk-data-line={551}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma[x]$}%mdk-data-line={551}
{} which denotes the
value that %mdk-data-line={552}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x$}%mdk-data-line={552}
{} maps to under %mdk-data-line={552}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma$}%mdk-data-line={552}
{}; %mdk-data-line={552}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma[x \mapsto V]$}%mdk-data-line={552}
{}, which 
produces a new store in which %mdk-data-line={553}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x$}%mdk-data-line={553}
{} maps to value %mdk-data-line={553}
{}\mdSpan[class={math-inline},elem={math-inline}]{$V$}%mdk-data-line={553}
{} and is everywhere 
else the same as %mdk-data-line={554}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma$}%mdk-data-line={554}
{}.%
\end{mdP}%
\begin{mdP}[class={indent,para-continue},data-line={556}]%
%mdk-data-line={556}
{}Now, we can redefine strongest postcondition for assignment to eliminate the
use of existential quantification and model the operation of an interpreter,
by separating out the notion of the store:%
\end{mdP}%
\begin{mdDiv}[class={mathpre,para-block,input-mathpre},elem={mathpre},data-line={560}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={561}
\begin{mdMathprearray}%mdk
1.\mdMathspace{1}&\mdMathspace{1}\mathid{SP}(<\sigma,\mdMathspace{1}\mathid{P}_\mathid{c}>,\mdMathspace{1}\mathid{x}\mdMathspace{1}:=\mdMathspace{1}\mathid{E})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{1}<\sigma[\mathid{x}\mdMathspace{1}\mapsto \mathid{eval}(\sigma,\mathid{E})],\mdMathspace{1}\mathid{P}_\mathid{c}>\\
\end{mdMathprearray}%mdk
\]%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[data-line={564}]%
%mdk-data-line={564}
{}where %mdk-data-line={564}
{}\mdSpan[class={math-inline},elem={math-inline}]{$eval(\sigma,E)$}%mdk-data-line={564}
{} evaluates expression %mdk-data-line={564}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={564}
{} under the store %mdk-data-line={564}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma$}%mdk-data-line={564}
{}
(where every occurrence of a free variable
%mdk-data-line={566}
{}\mdSpan[class={math-inline},elem={math-inline}]{$v$}%mdk-data-line={566}
{} in %mdk-data-line={566}
{}\mdSpan[class={math-inline},elem={math-inline}]{$E$}%mdk-data-line={566}
{} is replaced by the value %mdk-data-line={566}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\sigma[v]$}%mdk-data-line={566}
{}). 
This is the standard substitution rule of a standard operational semantics.%
\end{mdP}%
\begin{mdP}[class={indent,para-continue},data-line={569}]%
%mdk-data-line={569}
{}We also redefine the rule for the %mdk-data-line={569}
{}\mdStrong{if-then-else}%mdk-data-line={569}
{} statement so
that it chooses which branch to take and appends the appropriate
symbolic expression (predicate) to the path-condition %mdk-data-line={571}
{}\mdSpan[class={math-inline},elem={math-inline}]{$P_c$}%mdk-data-line={571}
{}:%
\end{mdP}%
\begin{mdDiv}[class={mathpre,para-block,input-mathpre},elem={mathpre},data-line={573}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={574}
\begin{mdMathprearray}%mdk
4.\mdMathspace{1}&\mdMathspace{1}\mathid{SP}(<\sigma,\mdMathspace{1}\mathid{P}_\mathid{c}>,\mdMathspace{1}\mathkw{if}\mdMathspace{1}\mathid{E}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{S}_1\mdMathspace{1}\mathkw{else}\mdMathspace{1}\mathid{S}_2\mdMathspace{1}\mathkw{end})\mdMathspace{1}{~\buildrel\triangle\over=~}\mdMathspace{2}\mdMathbr{}
\mdMathindent{3}&\mdMathspace{3}\mathkw{let}\mdMathspace{1}\mathid{choice}\mdMathspace{1}=\mdMathspace{1}\mathid{eval}(\sigma,\mathid{E})\mdMathspace{1}\mathkw{in}\mdMathbr{}
\mdMathindent{3}&\mdMathspace{3}\mathkw{if}\mdMathspace{1}\mathid{choice}\mdMathspace{1}\mathkw{then}\mdMathspace{1}\mathid{SP}(<\sigma,\mdMathspace{1}\mathid{P}_\mathid{c}\mdMathspace{1}::\mdMathspace{1}\mathid{expr}(\mathid{choice})\mdMathspace{1}>,\mathid{S}_1)\mdMathspace{1}\mdMathbr{}
\mdMathindent{3}&\mdMathspace{3}\mathkw{else}\mdMathspace{1}\mathid{SP}(<\sigma,\mdMathspace{1}\mathid{P}_\mathid{c}\mdMathspace{1}::\mdMathspace{1}\neg \mathid{expr}(\mathid{choice})\mdMathspace{1}>,\mathid{S}_2)
\end{mdMathprearray}%mdk
\]%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[data-line={580}]%
%mdk-data-line={580}
{}The other strongest postcondition rules remain unchanged.%
\end{mdP}%
\mdHxxx[id=sec-summing-it-up,label={[3.3]\{.heading-label\}},toc={},data-line={582},caption={[[3.3]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Summing it up},bookmark={3.3.{\hspace{0.5em}}Summing it up}]{%mdk-data-line={582}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{3.3}.{\hspace{0.5em}}}%mdk-data-line={582}
{}Summing it up}\begin{mdP}[data-line={584}]%
%mdk-data-line={584}
{}We have shown how the symbolic predicate transformer %mdk-data-line={584}
{}\mdSpan[class={math-inline},elem={math-inline}]{$SP$}%mdk-data-line={584}
{} can 
be refined into a symbolic interpreter operating over the
symbolic types defined in the previous section.
In the case when every input variable is symbolic and every
operator is redefined, the path-condition is equivalent to the
%mdk-data-line={589}
{}\mdEm{strongest postcondition}%mdk-data-line={589}
{} of the execution path %mdk-data-line={589}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={589}
{}. 
This guarantees that the path-condition for %mdk-data-line={590}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={590}
{} is %mdk-data-line={590}
{}\mdEm{sound}%mdk-data-line={590}
{}.
In the case where a subset of the input variables are symbolic
and/or not all operators are redefined, the path-condition of %mdk-data-line={592}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p$}%mdk-data-line={592}
{} 
is not guaranteed to be sound. We leave it as an exercise to the
reader to establish sufficient conditions under which the 
use of concrete values in place of symbolic expressions is 
guaranteed to result in sound path-conditions.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={598}]%
%mdk-data-line={598}
{}This section does not address the compilation of a symbolic
expression to the (logic) language of an underlying ATP, nor the
lifting of a satisfying assignment to a formula back to the
level of the source language. This is best done for a particular
source language and ATP, as detailed in the next section.%
\end{mdP}%
\mdHxx[id=sec-impl,label={[4]\{.heading-label\}},toc={},data-line={605},caption={[[4]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Architecture of PyExZ3},bookmark={4.{\hspace{0.5em}}Architecture of PyExZ3}]{%mdk-data-line={605}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{4}.{\hspace{0.5em}}}%mdk-data-line={605}
{}Architecture of PyExZ3}\begin{mdP}[data-line={607}]%
%mdk-data-line={607}
{}In this section we present the high-level architecture
of a simple DSE tool for the Python language, written in Python, called%mdk-data-line={608}
{}{\mdNbsp}\mdA[data-linkid={pyexz3}]{https://github.com/thomasjball/PyExZ3/}{}{PyExZ3}%mdk-data-line={608}
{}. 
Figure%mdk-data-line={609}
{}{\mdNbsp}\mdA[class={localref},target-element={figure}]{fig-arch}{}{\mdSpan[class={figure-label}]{6}}%mdk-data-line={609}
{}
shows the class diagram (dashed edges are %mdk-data-line={610}
{}{\textquotedblleft}has-a{\textquotedblright}%mdk-data-line={610}
{} relationships; solid edges
are %mdk-data-line={611}
{}{\textquotedblleft}is-a{\textquotedblright}%mdk-data-line={611}
{} relationships) of the tool.%
\end{mdP}%
\begin{mdDiv}[class={figure,floating,align-center},id=fig-arch,label={[6]\{.figure-label\}},elem={figure},toc-line={[6]\{.figure-label\}. Classes in PyExZ3},toc={tof},float-env={figure},float-name={Figure},caption={Classes in PyExZ3},page-align={here},data-line={613}]%
\begin{mdP}[data-line={614}]%
%mdk-data-line={614}
{}\mdImg[width={1.00\linewidth},data-linkid={arch}]{arch.png}%mdk-data-line={614}
{}%
\end{mdP}%
\mdHr[class={figureline,madoko},data-line={615}]{}\begin{mdDiv}[data-line={616}]%
%mdk-data-line={616}
{}\mdSpan[class={figure-caption}]{\mdSpan[class={caption-before}]{\mdStrong{Figure{\mdNbsp}\mdSpan[class={figure-label}]{6}.} }Classes in PyExZ3}%mdk-data-line={616}
{}%
\end{mdDiv}%%
\end{mdDiv}%
\mdHxxx[id=sec-loading-the-code-under-test,label={[4.1]\{.heading-label\}},toc={},data-line={619},caption={[[4.1]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Loading the code under test},bookmark={4.1.{\hspace{0.5em}}Loading the code under test}]{%mdk-data-line={619}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{4.1}.{\hspace{0.5em}}}%mdk-data-line={619}
{}Loading the code under test}\begin{mdP}[data-line={621}]%
%mdk-data-line={621}
{}The %mdk-data-line={621}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Loader}}%mdk-data-line={621}
{} class takes as input the name of a Python file (e.g., %mdk-data-line={621}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}\mdToken{Delimiter,Python}{.}\mdToken{Identifier,Python}{py}}%mdk-data-line={621}
{}) 
to import. The loader expects to find a function named
%mdk-data-line={623}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}}%mdk-data-line={623}
{} inside the file %mdk-data-line={623}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}\mdToken{Delimiter,Python}{.}\mdToken{Identifier,Python}{py}}%mdk-data-line={623}
{}, which will serve as the starting point
for symbolic execution. The %mdk-data-line={624}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{FunctionInvocation}}%mdk-data-line={624}
{} class
wraps this starting point. By default, each parameter to %mdk-data-line={625}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}}%mdk-data-line={625}
{} is
a %mdk-data-line={626}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicInteger}}%mdk-data-line={626}
{} unless there is decorator %mdk-data-line={626}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Delimiter,Python}{@}\mdToken{Identifier,Python}{symbolic}}%mdk-data-line={626}
{} specifying
the type to use for a particular argument.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={629}]%
%mdk-data-line={629}
{}The loader provides the capability to reload the
module %mdk-data-line={630}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}\mdToken{Delimiter,Python}{.}\mdToken{Identifier,Python}{py}}%mdk-data-line={630}
{} so that the function %mdk-data-line={630}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}}%mdk-data-line={630}
{} can be 
reexecuted within the same process from the same initial
state with different inputs (see the class %mdk-data-line={632}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{ExplorationEngine}}%mdk-data-line={632}
{})
via the %mdk-data-line={633}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{FunctionInvocation}}%mdk-data-line={633}
{} class.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={635}]%
%mdk-data-line={635}
{}Finally, the loader looks for specially named functions %mdk-data-line={635}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{expected\_result}}%mdk-data-line={635}
{}
(%mdk-data-line={636}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{expected\_result\_set}}%mdk-data-line={636}
{}) in file %mdk-data-line={636}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}\mdToken{Delimiter,Python}{.}\mdToken{Identifier,Python}{py}}%mdk-data-line={636}
{} to use as a test oracle after
the path exploration (by %mdk-data-line={637}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{ExplorationEngine}}%mdk-data-line={637}
{}) has completed. These
functions are expected to return a list of values to check
against the list of return values collected from the executions of 
the %mdk-data-line={640}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{foo}}%mdk-data-line={640}
{} function.
The presence of the function %mdk-data-line={641}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{expected\_result}}%mdk-data-line={641}
{} (%mdk-data-line={641}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{expected\_result\_set}}%mdk-data-line={641}
{}) 
yields a comparison of the two lists as bags (sets). We use such weaker
tests, rather than list equality, because the order in which paths
are explored by the %mdk-data-line={644}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{ExplorationEngine}}%mdk-data-line={644}
{} can easily change due to small
differences in the input programs.%
\end{mdP}%
\mdHxxx[id=sec-symbolic-types,label={[4.2]\{.heading-label\}},toc={},data-line={647},caption={[[4.2]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Symbolic types},bookmark={4.2.{\hspace{0.5em}}Symbolic types}]{%mdk-data-line={647}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{4.2}.{\hspace{0.5em}}}%mdk-data-line={647}
{}Symbolic types}\begin{mdP}[data-line={649}]%
%mdk-data-line={649}
{}Python supports multiple inheritance and, more importantly,
allows user-defined classes to inherit 
from its built-in types (such as %mdk-data-line={651}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{object}}%mdk-data-line={651}
{} and %mdk-data-line={651}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{int}}%mdk-data-line={651}
{}).
We use these two features two implement
symbolic versions of Python objects and integers, 
following the instrumented type approach defined in Section%mdk-data-line={654}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-semantics}{}{\mdSpan[class={heading-label}]{2}}%mdk-data-line={654}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={656}]%
%mdk-data-line={656}
{}The abstract class %mdk-data-line={656}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicType}}%mdk-data-line={656}
{} contains the 
symbolic expression tree and provides basic functions for constructing 
and accessing the tree.  This class does double duty, as it is used
to represent the (typed) symbolic constants associated with the parameters to the 
function, as well as the expression trees (per Section%mdk-data-line={660}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-semantics}{}{\mdSpan[class={heading-label}]{2}}%mdk-data-line={660}
{}). Recall
that the symbolic constants only appear as leaves of expression trees.
This means that the expression tree stored in a %mdk-data-line={662}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicType}}%mdk-data-line={662}
{} will
have instances of a %mdk-data-line={663}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicType}}%mdk-data-line={663}
{} as some of its leaves, namely
those leaves representing the symbolic constants.
%mdk-data-line={665}
{}%mdk-data-line={665}
{}
The abstract class provides an %mdk-data-line={666}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{unwrap}}%mdk-data-line={666}
{} method which returns
the pair of concrete value and expression tree associated with
the %mdk-data-line={668}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicType}}%mdk-data-line={668}
{}, as well as a %mdk-data-line={668}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{wrap}}%mdk-data-line={668}
{} method that takes a 
pair of concrete value and expression tree and creates a %mdk-data-line={669}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicType}}%mdk-data-line={669}
{}
encapsulating them.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={672}]%
%mdk-data-line={672}
{}The class %mdk-data-line={672}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicObject}}%mdk-data-line={672}
{} inherits from both %mdk-data-line={672}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{object}}%mdk-data-line={672}
{} and %mdk-data-line={672}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicType}}%mdk-data-line={672}
{} and
overrides the basic comparison operations (%mdk-data-line={673}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_eq\_\_}}%mdk-data-line={673}
{}, %mdk-data-line={673}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_neq\_\_}}%mdk-data-line={673}
{}, %mdk-data-line={673}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_lt\_\_}}%mdk-data-line={673}
{}, %mdk-data-line={673}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_le\_\_}}%mdk-data-line={673}
{},
%mdk-data-line={674}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_gt\_\_}}%mdk-data-line={674}
{}, and %mdk-data-line={674}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_ge\_\_}}%mdk-data-line={674}
{}).
The class %mdk-data-line={675}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicInteger}}%mdk-data-line={675}
{} inherits from both %mdk-data-line={675}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{int}}%mdk-data-line={675}
{} and %mdk-data-line={675}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicObject}}%mdk-data-line={675}
{}
and overrides a number of %mdk-data-line={676}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{int}}%mdk-data-line={676}
{}{'}%mdk-data-line={676}
{}s arithmetic methods
(%mdk-data-line={677}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_add\_\_}}%mdk-data-line={677}
{}, %mdk-data-line={677}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_sub\_\_}}%mdk-data-line={677}
{}, %mdk-data-line={677}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_mul\_\_}}%mdk-data-line={677}
{}, %mdk-data-line={677}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_mod\_\_}}%mdk-data-line={677}
{}, %mdk-data-line={677}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_floordiv\_}}%mdk-data-line={677}
{})
and bitwise methods
(%mdk-data-line={679}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_and\_\_}}%mdk-data-line={679}
{}, %mdk-data-line={679}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_or\_\_}}%mdk-data-line={679}
{}, %mdk-data-line={679}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_xor\_\_}}%mdk-data-line={679}
{}, %mdk-data-line={679}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_lshift\_\_}}%mdk-data-line={679}
{}, %mdk-data-line={679}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_rshift\_\_}}%mdk-data-line={679}
{}).%
\end{mdP}%
\mdHxxx[id=sec-tracing-control-flow,label={[4.3]\{.heading-label\}},toc={},data-line={682},caption={[[4.3]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Tracing control-flow},bookmark={4.3.{\hspace{0.5em}}Tracing control-flow}]{%mdk-data-line={682}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{4.3}.{\hspace{0.5em}}}%mdk-data-line={682}
{}Tracing control-flow}\begin{mdP}[data-line={684}]%
%mdk-data-line={684}
{}As Python interprets a program, it will evaluate expressions, 
substituting the value of a variable in its place in an 
expression, applying operators (methods) to 
parameter values and assigning the return values of methods
to variables. Value of type %mdk-data-line={688}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicInteger}}%mdk-data-line={688}
{} will simply flow
through this interpretation, without necessitating any change 
to the program or the interpreter. This takes care
of the case of the strongest-postcondition rule for assignment,
as elaborated in Section%mdk-data-line={692}
{}{\mdNbsp}\mdA[class={localref},target-element={h2}]{sp-refined}{}{\mdSpan[class={heading-label}]{3.2}}%mdk-data-line={692}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={694}]%
%mdk-data-line={694}
{}The strong-postcondition rule for a conditional test requires
a little more work. In Python, any object can be tested in
an %mdk-data-line={696}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Keyword,Python}{if}}%mdk-data-line={696}
{} or %mdk-data-line={696}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Keyword,Python}{while}}%mdk-data-line={696}
{} condition or as the operand of a Boolean operation
(%mdk-data-line={697}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Keyword,Python}{and}}%mdk-data-line={697}
{}, %mdk-data-line={697}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Keyword,Python}{or}}%mdk-data-line={697}
{}, %mdk-data-line={697}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Keyword,Python}{not}}%mdk-data-line={697}
{})
The Python base class %mdk-data-line={698}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{object}}%mdk-data-line={698}
{} provides a method named %mdk-data-line={698}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_bool\_\_}}%mdk-data-line={698}
{} that
the Python runtime calls whenever it needs to perform such a conditional test.
This hook provides us what we need to trace the conditional
control-flow of a Python execution.  We override this method in the class
%mdk-data-line={702}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicObject}}%mdk-data-line={702}
{} in order to inform the %mdk-data-line={702}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{PathToConstraint}}%mdk-data-line={702}
{} object (defined
later) of the symbolic expression for the conditional (as captured by
the %mdk-data-line={704}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicInteger}}%mdk-data-line={704}
{} subclass).%
\end{mdP}%
\begin{mdP}[class={indent},data-line={706}]%
%mdk-data-line={706}
{}Note that the use of this hook in combination with the
tainted types will only trace those conditionals
in a Python execution whose values inherit from %mdk-data-line={708}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicObject}}%mdk-data-line={708}
{}; 
by definition, %mdk-data-line={709}
{}{\textquotedblleft}untainted{\textquotedblright}%mdk-data-line={709}
{} conditionals do not depend on symbolic 
inputs so there is no value in adding them to the path-condition.%
\end{mdP}%
\mdHxxx[id=sec-recording-path-conditions,label={[4.4]\{.heading-label\}},toc={},data-line={712},caption={[[4.4]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Recording path-conditions},bookmark={4.4.{\hspace{0.5em}}Recording path-conditions}]{%mdk-data-line={712}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{4.4}.{\hspace{0.5em}}}%mdk-data-line={712}
{}Recording path-conditions}\begin{mdP}[data-line={714}]%
%mdk-data-line={714}
{}A %mdk-data-line={714}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Predicate}}%mdk-data-line={714}
{} records a conditional (more precisely the symbolic expression
found in %mdk-data-line={715}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicInteger}}%mdk-data-line={715}
{}) and
which way it evaluated in an execution.  A %mdk-data-line={716}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={716}
{}
has a %mdk-data-line={717}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Predicate}}%mdk-data-line={717}
{}, a parent %mdk-data-line={717}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={717}
{} and a set
of %mdk-data-line={718}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={718}
{} children. %mdk-data-line={718}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraints}}%mdk-data-line={718}
{} form a tree, where
each path starting from the root of the tree represents
a path-condition. The tree represents all path-conditions that have
been explored so far.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={723}]%
%mdk-data-line={723}
{}The class %mdk-data-line={723}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{PathToConstraint}}%mdk-data-line={723}
{} has a reference to the root of 
the tree of %mdk-data-line={724}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={724}
{}s
and is responsible for installing a new %mdk-data-line={725}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={725}
{} in the tree
when notified by the overridden %mdk-data-line={726}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Predefined,Python}{\_\_bool\_\_}}%mdk-data-line={726}
{} method of %mdk-data-line={726}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicObject}}%mdk-data-line={726}
{}.
%mdk-data-line={727}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{PathToConstraint}}%mdk-data-line={727}
{} also tracks whether or not the current execution
is following an existing path in the tree and grows the
tree as needed. In fact, it actually
tracks whether or not the current execution follows a particular
%mdk-data-line={731}
{}\mdEm{expected path}%mdk-data-line={731}
{} in the tree.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={733}]%
%mdk-data-line={733}
{}The expected path is the result
of the %mdk-data-line={734}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{ExplorationEngine}}%mdk-data-line={734}
{} picking a constraint %mdk-data-line={734}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={734}
{} in the tree,
and asking the ATP if the path-condition consisting of the prefix
of predicates up to but not including %mdk-data-line={736}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={736}
{} in the tree, 
followed by the negation of %mdk-data-line={737}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={737}
{}{'}%mdk-data-line={737}
{}s predicate is satisfiable. If the 
ATP returns %mdk-data-line={738}
{}{\textquotedblleft}satisfiable{\textquotedblright}%mdk-data-line={738}
{} (with a new input %mdk-data-line={738}
{}\mdSpan[class={math-inline},elem={math-inline}]{$i$}%mdk-data-line={738}
{}), then the assumption
is that path-condition prefix is sound (that is, the execution of
the program on input %mdk-data-line={740}
{}\mdSpan[class={math-inline},elem={math-inline}]{$i$}%mdk-data-line={740}
{} will follow the prefix).%
\end{mdP}%
\begin{mdP}[class={indent},data-line={742}]%
%mdk-data-line={742}
{}However, it is possible 
for the path-condition to be unsound and for 
the executed path to diverge early 
from the expected path, due to the fact that not every operation
has a symbolic encoding.  The tool simply reports the divergence
and continues to process the execution as usual (as a diverging
path may lead to some other interesting part of the code).%
\end{mdP}%
\mdHxxx[id=sec-from-symbolic-types-to-z3,label={[4.5]\{.heading-label\}},toc={},data-line={750},caption={[[4.5]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}From symbolic types to Z3},bookmark={4.5.{\hspace{0.5em}}From symbolic types to Z3}]{%mdk-data-line={750}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{4.5}.{\hspace{0.5em}}}%mdk-data-line={750}
{}From symbolic types to Z3}\begin{mdP}[data-line={752}]%
%mdk-data-line={752}
{}As we have explained DSE, the symbolic expressions are 
represented at the level of the source language. As detailed later
in Section%mdk-data-line={754}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-int2z3}{}{\mdSpan[class={heading-label}]{5}}%mdk-data-line={754}
{}, we must translate 
from the source language to the input language of an
automated theorem prover (ATP), in this case%mdk-data-line={756}
{}{\mdNbsp}\mdA[data-linkid={z3}]{http://z3.codeplex.org/}{}{Z3}%mdk-data-line={756}
{}.  This
separation of languages is quite useful, as we may have
the need to translate a given symbolic expression
to the ATP%mdk-data-line={759}
{}{'}%mdk-data-line={759}
{}s language multiple times, to make use of different
features of the underlying ATP. 
Furthermore, this separation
of concerns allows us to easily retarget the DSE tool to a
different ATP.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={765}]%
%mdk-data-line={765}
{}The base class %mdk-data-line={765}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3Expression}}%mdk-data-line={765}
{} represents a Z3 formula. The two 
subclasses %mdk-data-line={766}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3Integer}}%mdk-data-line={766}
{} and %mdk-data-line={766}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3BitVector}}%mdk-data-line={766}
{} represent different ways 
to model arithmetic reasoning about integers in Z3. We will describe
the details of these encodings in Section%mdk-data-line={768}
{}{\mdNbsp}\mdA[class={localref},target-element={h1}]{sec-int2z3}{}{\mdSpan[class={heading-label}]{5}}%mdk-data-line={768}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={770}]%
%mdk-data-line={770}
{}The class %mdk-data-line={770}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3Wrapper}}%mdk-data-line={770}
{} is responsible for performing the
translation from the source language (Python) to Z3%mdk-data-line={771}
{}{'}%mdk-data-line={771}
{}s input language, 
invoking Z3, and lifting a Z3 answer back to the level of Python. 
The %mdk-data-line={773}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{findCounterexample}}%mdk-data-line={773}
{} method does all the work, taking as
input a list of %mdk-data-line={774}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Predicate}}%mdk-data-line={774}
{}s (called %mdk-data-line={774}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{assertions}}%mdk-data-line={774}
{}) 
as well as a single %mdk-data-line={775}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Predicate}}%mdk-data-line={775}
{} (called
the %mdk-data-line={776}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{query}}%mdk-data-line={776}
{}). The %mdk-data-line={776}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{assertions}}%mdk-data-line={776}
{} represent a path-condition
prefix derived from the %mdk-data-line={777}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={777}
{} tree that we wish the next
execution to follow, while %mdk-data-line={778}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{query}}%mdk-data-line={778}
{} represents the predicate
following the prefix in the tree that we will negate.%
\end{mdP}%
\begin{mdP}[class={indent,para-continue},data-line={781}]%
%mdk-data-line={781}
{}The method constructs the formula%
\end{mdP}%
\begin{mdDiv}[class={equation,para-block},label={[(4)]\{.equation-label\}},elem={equation},line-adjust={0},data-line={783}]%
%mdk-data-line={783}
{}\mdSpan[class={equation-before}]{\mdSpan[class={equation-label}]{(4)}}%mdk-data-line={783}
{}
\begin{mdDiv}[class={mathdisplay,para-block,input-math},elem={mathdisplay},color={},math-needpdf={},line-adjust={0},data-line={784}]%
\begin{mdDiv}[class={math-display}]%
\[%mdk-data-line={784}
(\bigwedge_{a \in asserts} a) \wedge \neg query
\]%
\end{mdDiv}%%
\end{mdDiv}%%
\end{mdDiv}%
\begin{mdP}[data-line={787}]%
%mdk-data-line={787}
{}and asks Z3 if it is satisfiable. The method performs
a standard syntactic %mdk-data-line={788}
{}{\textquotedblleft}cone of influence{\textquotedblright}%mdk-data-line={788}
{} (CIF)
reduction on the %mdk-data-line={789}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{asserts}}%mdk-data-line={789}
{} with respect to the 
%mdk-data-line={790}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{query}}%mdk-data-line={790}
{} to shrink the size of the formula. For example,
if %mdk-data-line={791}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{asserts}}%mdk-data-line={791}
{} is the set of predicates %mdk-data-line={791}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\{ (x<a), (a<0), (y>0) \}$}%mdk-data-line={791}
{} and
the query is %mdk-data-line={792}
{}\mdSpan[class={math-inline},elem={math-inline}]{$(x=0)$}%mdk-data-line={792}
{}, then the CIF yields the
set  %mdk-data-line={793}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\{ (x<a), (a<0) \}$}%mdk-data-line={793}
{}, which does not include the predicate %mdk-data-line={793}
{}\mdSpan[class={math-inline},elem={math-inline}]{$(y>0)$}%mdk-data-line={793}
{},
as the variable %mdk-data-line={794}
{}\mdSpan[class={math-inline},elem={math-inline}]{$y$}%mdk-data-line={794}
{} is not in the set of variables (transitively)
related to variable %mdk-data-line={795}
{}\mdSpan[class={math-inline},elem={math-inline}]{$x$}%mdk-data-line={795}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={797}]%
%mdk-data-line={797}
{}If the formula is satisfiable a model is requested
from Z3 and lifted back to Python%mdk-data-line={798}
{}{'}%mdk-data-line={798}
{}s type universe.  Note that
because of the CIF reduction, the model may not mention certain
input variables, in which case we simply keep their values from
the execution from which the %mdk-data-line={801}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{asserts}}%mdk-data-line={801}
{} and %mdk-data-line={801}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Identifier,Python}{query}}%mdk-data-line={801}
{} were derived.%
\end{mdP}%
\mdHxxx[id=sec-putting-it-all-together,label={[4.6]\{.heading-label\}},toc={},data-line={803},caption={[[4.6]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Putting it all together},bookmark={4.6.{\hspace{0.5em}}Putting it all together}]{%mdk-data-line={803}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{4.6}.{\hspace{0.5em}}}%mdk-data-line={803}
{}Putting it all together}\begin{mdP}[data-line={805}]%
%mdk-data-line={805}
{}The class %mdk-data-line={805}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{ExplorationEngine}}%mdk-data-line={805}
{} ties everything together. It kicks off
an execution of the Python code under test using %mdk-data-line={806}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{FunctionInvocation}}%mdk-data-line={806}
{}.
As the Python code executes, building symbolic expressions via %mdk-data-line={807}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{SymbolicType}}%mdk-data-line={807}
{}
and its subclasses, callbacks to %mdk-data-line={808}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{PathToConstraint}}%mdk-data-line={808}
{} create
a path-condition, represented by %mdk-data-line={809}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={809}
{} and %mdk-data-line={809}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Predicate}}%mdk-data-line={809}
{}. 
Newly discovered %mdk-data-line={810}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraints}}%mdk-data-line={810}
{} are added to the end of a deque maintained by
%mdk-data-line={811}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{ExplorationEngine}}%mdk-data-line={811}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={813}]%
%mdk-data-line={813}
{}Given the first seed execution, %mdk-data-line={813}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{ExplorationEngine}}%mdk-data-line={813}
{} starts the work of 
exploring paths in a breadth-first fashion. It removes a %mdk-data-line={814}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={814}
{} %mdk-data-line={814}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={814}
{}
from the front of its deque and, if %mdk-data-line={815}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={815}
{} has not been already %mdk-data-line={815}
{}{\textquotedblleft}processed{\textquotedblright}%mdk-data-line={815}
{}, 
uses %mdk-data-line={816}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3Wrapper}}%mdk-data-line={816}
{} to find a new input (as discussed in the previous section)
where %mdk-data-line={817}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={817}
{} is the query (to be negated) and the path to %mdk-data-line={817}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={817}
{} in the 
%mdk-data-line={818}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={818}
{} tree forms the assertions.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={820}]%
%mdk-data-line={820}
{}A %mdk-data-line={820}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Constraint}}%mdk-data-line={820}
{} %mdk-data-line={820}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={820}
{} in the tree is considered %mdk-data-line={820}
{}{\textquotedblleft}processed{\textquotedblright}%mdk-data-line={820}
{} if an execution 
has covered %mdk-data-line={821}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c'$}%mdk-data-line={821}
{}, a sibling of %mdk-data-line={821}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={821}
{} in the tree that represents
the negation of the predicate associated with %mdk-data-line={822}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={822}
{}, or if constraint %mdk-data-line={822}
{}\mdSpan[class={math-inline},elem={math-inline}]{$c$}%mdk-data-line={822}
{}
has been removed from the deque.%
\end{mdP}%
\mdHxx[id=sec-int2z3,label={[5]\{.heading-label\}},toc={},data-line={825},caption={[[5]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}From Python Integers to Z3 Arithmetic},bookmark={5.{\hspace{0.5em}}From Python Integers to Z3 Arithmetic}]{%mdk-data-line={825}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{5}.{\hspace{0.5em}}}%mdk-data-line={825}
{}From Python Integers to Z3 Arithmetic}\begin{mdP}[data-line={827}]%
%mdk-data-line={827}
{}In languages such as C and Java, integers are finite-precision,
generally limited to the size of a machine word (32 or 64 bits, for example).
For such languages, satisfiability of finite-precision integer arithmetic
is decidable and can be reduced to Z3%mdk-data-line={830}
{}{'}%mdk-data-line={830}
{}s theory of bit-vectors, where
each arithmetic operation is encoded by a circuit. This translation permits 
reasoning about non-linear arithmetic problems, such as 
%mdk-data-line={833}
{}\mdSpan[class={math-inline},elem={math-inline}]{$\exists x,y,z : x*z + y \leq (z/y)+5$}%mdk-data-line={833}
{}.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={835}]%
%mdk-data-line={835}
{}Python (3.0) integers, however, are not finite-precision. They are only
limited by the size of machine memory. This means, for example, that
Python integers don%mdk-data-line={837}
{}{'}%mdk-data-line={837}
{}t overflow or underflow. It also means that
we can%mdk-data-line={838}
{}{'}%mdk-data-line={838}
{}t hope to decide algorithmically whether or not a given
equation over integer variables has a solution in general. Hilbert%mdk-data-line={839}
{}{'}%mdk-data-line={839}
{}s famous
10th problem and its solution by Matiyasevich tells us that it is
undecidable whether or not a polynomial
equation of the form %mdk-data-line={842}
{}\mdSpan[class={math-inline},elem={math-inline}]{$p(x_1, \ldots, x_n) = 0$}%mdk-data-line={842}
{} with integer coefficients
has an solution in the integers.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={845}]%
%mdk-data-line={845}
{}This means that we will resort to heuristic approaches in our use
of the%mdk-data-line={846}
{}{\mdNbsp}\mdA[data-linkid={z3}]{http://z3.codeplex.org/}{}{Z3}%mdk-data-line={846}
{} ATP.  The special case of linear integer arithmetic (LIA)
is decidable and supported by Z3. In order to deal with non-linear operations,
we use uninterpreted functions (UF). Thus, if Z3 returns
%mdk-data-line={849}
{}{\textquotedblleft}unsatisfiable{\textquotedblright}%mdk-data-line={849}
{} we know that there is no solution, but if the
Z3 %mdk-data-line={850}
{}{\textquotedblleft}satisfiable{\textquotedblright}%mdk-data-line={850}
{}, we must treat the answer as a %mdk-data-line={850}
{}{\textquotedblleft}don{'}t know{\textquotedblright}%mdk-data-line={850}
{}. 
The class %mdk-data-line={851}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3Integer}}%mdk-data-line={851}
{} is used to translate a symbolic expression
into the theory LIA+UF and check for unsatisfiability. We leave it as an
implementation exercise to check if a symbolic expression can
be converted to LIA (without the use of UF) in order to make
use of %mdk-data-line={855}
{}{\textquotedblleft}satisfiable{\textquotedblright}%mdk-data-line={855}
{} answers from the LIA solver.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={857}]%
%mdk-data-line={857}
{}If the translation to %mdk-data-line={857}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3Integer}}%mdk-data-line={857}
{} does not return %mdk-data-line={857}
{}{\textquotedblleft}unsatisfiable{\textquotedblright}%mdk-data-line={857}
{}, we
use Z3%mdk-data-line={858}
{}{'}%mdk-data-line={858}
{}s bit-vector decision procedure (via the class
%mdk-data-line={859}
{}\mdCode[class={code,code1,language-python,lang-python,python,highlighted},language={python}]{\mdToken{Namespace,Identifier,Python}{Z3BitVector}}%mdk-data-line={859}
{}) to heuristically
try to find satisfiable answers, even in the presence of non-linear 
arithmetic. We start with bit-vectors of size %mdk-data-line={861}
{}\mdSpan[class={math-inline},elem={math-inline}]{$N=32$}%mdk-data-line={861}
{} and %mdk-data-line={861}
{}\mdEm{bound}%mdk-data-line={861}
{} the values
of the symbolic constants to fit within 8 bits in order to find 
satisfiable solutions
with small values. Also, because Python integers do not overflow/underflow, 
the bound helps us reserve space in the bit-vector to allow the
results of operations to exceed the bound while not overflowing
the bit-vector. As long as Z3 returns %mdk-data-line={867}
{}{\textquotedblleft}unsatisfiable{\textquotedblright}%mdk-data-line={867}
{} we increase
the bound. If the bound reaches %mdk-data-line={868}
{}\mdSpan[class={math-inline},elem={math-inline}]{$N$}%mdk-data-line={868}
{}, we increase %mdk-data-line={868}
{}\mdSpan[class={math-inline},elem={math-inline}]{$N$}%mdk-data-line={868}
{} by 8 bits,
leaving the bound where it is and continue.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={871}]%
%mdk-data-line={871}
{}If Z3 returns
%mdk-data-line={872}
{}{\textquotedblleft}satisfiable{\textquotedblright}%mdk-data-line={872}
{}, it may be the case that Z3 found a solution
that involved overflow in the bit-vector world of arithmetic
(modulo %mdk-data-line={874}
{}\mdSpan[class={math-inline},elem={math-inline}]{$2^N-1$}%mdk-data-line={874}
{}). Therefore,
the solution is validated back in the
Python world by evaluating the formula under that solution
using Python semantics. 
If the formula does not evaluate to the same
value in both worlds, then we increase %mdk-data-line={879}
{}\mdSpan[class={math-inline},elem={math-inline}]{$N$}%mdk-data-line={879}
{} by 8 bits (to 
create a gap between the bound and %mdk-data-line={880}
{}\mdSpan[class={math-inline},elem={math-inline}]{$N$}%mdk-data-line={880}
{}) and continue to search
for a solution.%
\end{mdP}%
\begin{mdP}[class={indent},data-line={883}]%
%mdk-data-line={883}
{}The process terminates when we find a valid satisfying solution 
or %mdk-data-line={884}
{}\mdSpan[class={math-inline},elem={math-inline}]{$N=64$}%mdk-data-line={884}
{} and the bound reaches 64 (in which case, we return %mdk-data-line={884}
{}{\textquotedblleft}don{'}t know{\textquotedblright}%mdk-data-line={884}
{}).%
\end{mdP}%
\mdHxx[id=sec-extensions,label={[6]\{.heading-label\}},toc={},data-line={886},caption={[[6]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Extensions},bookmark={6.{\hspace{0.5em}}Extensions}]{%mdk-data-line={886}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{6}.{\hspace{0.5em}}}%mdk-data-line={886}
{}Extensions}\begin{mdP}[data-line={888}]%
%mdk-data-line={888}
{}We have presented the basics of dynamic symbolic execution 
(for Python).
A more thorough treatment would deal with other data types besides
integers, such as Python dictionaries, strings and lists, each
of which presents their own challenges for symbolic reasoning. 
There are many other interesting challenges in DSE, such
as dealing with user-defined classes (rather than built-in types
as done here) and multi-threaded execution.%
\end{mdP}%
\mdHxx[id=sec-acknowledgements,label={[7]\{.heading-label\}},toc={},data-line={897},caption={[[7]\{.heading-label\}.{\hspace{0.5em}}]\{.heading-before\}Acknowledgements},bookmark={7.{\hspace{0.5em}}Acknowledgements}]{%mdk-data-line={897}
{}\mdSpan[class={heading-before}]{\mdSpan[class={heading-label}]{7}.{\hspace{0.5em}}}%mdk-data-line={897}
{}Acknowledgements}\begin{mdP}[data-line={899}]%
%mdk-data-line={899}
{}Many thanks to the students of the 2014 Marktoberdorf Summer School
on Dependable Software Systems Engineering
for their questions and feedback about the first author%mdk-data-line={901}
{}{'}%mdk-data-line={901}
{}s lectures on dynamic
symbolic execution. The following students of the summer school
helpfully provided tests for the%mdk-data-line={903}
{}{\mdNbsp}\mdA[data-linkid={pyexz3}]{https://github.com/thomasjball/PyExZ3/}{}{PyExZ3}%mdk-data-line={903}
{} tool: Daniel Darvas,
Damien Rusinek, Christian Dehnert and Thomas Pani. Thanks also to Peter
Chapman for his contributions.%
\end{mdP}%

\mdHxx[id=sec-references,label={8},toc={},data-line={963},caption={References},bookmark={References}]{%mdk-data-line={963}
{}References}\begin{mdBibliography}[class={bibliography,bib-numeric},elem={bibliography},bibstyle={plainnat},bibdata={dse},caption={14},data-line={964;out{\textbackslash}DSE-bib.bbl:2}]%
\begin{mdBibitem}[class={bibitem},id=cadare05,label={[1]\{.bibitem-label\}},elem={bibitem},cite-label={Cadar and Engler(2005)},caption={Cristian Cadar and Dawson{\textbackslash} R. Engler. \\Execution generated test cases: How to make systems code crash itself. \\In \_Proceedings of 12th International SPIN Workshop\_{\textbackslash}/, pages 2--23, 2005.},searchterm={Cristian+Cadar+Dawson+Engler+Execution+generated+test+cases+make+systems+code+crash+itself+\_Proceedings+International+SPIN+Workshop\_+pages++},data-line={964;out{\textbackslash}DSE-bib.bbl:5}]%
%mdk-data-line={964;out\DSE-bib.bbl:6}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{1}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:6}
{}Cristian Cadar and Dawson%mdk-data-line={964;out\DSE-bib.bbl:6}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:6}
{}R. Engler.
%mdk-data-line={964;out\DSE-bib.bbl:7}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:7}
{} Execution generated test cases: How to make systems code crash
  itself.
%mdk-data-line={964;out\DSE-bib.bbl:9}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:9}
{} In %mdk-data-line={964;out\DSE-bib.bbl:9}
{}\mdEm{Proceedings of 12th International SPIN Workshop}%mdk-data-line={964;out\DSE-bib.bbl:9}
{}%mdk-data-line={964;out\DSE-bib.bbl:9}
{}, pages
  2%mdk-data-line={964;out\DSE-bib.bbl:10}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:10}
{}23, 2005.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=cadars13,label={[2]\{.bibitem-label\}},elem={bibitem},cite-label={Cadar and Sen(2013)},caption={Cristian Cadar and Koushik Sen. \\Symbolic execution for software testing: three decades later.},searchterm={Symbolic+execution+software+testing+three+decades+later++Cristian+Cadar+Koushik+},data-line={964;out{\textbackslash}DSE-bib.bbl:13}]%
%mdk-data-line={964;out\DSE-bib.bbl:14}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{2}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:14}
{}Cristian Cadar and Koushik Sen.
%mdk-data-line={964;out\DSE-bib.bbl:15}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:15}
{} Symbolic execution for software testing: three decades later.
%mdk-data-line={964;out\DSE-bib.bbl:16}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:16}
{} %mdk-data-line={964;out\DSE-bib.bbl:16}
{}\mdEm{Communications of the ACM}%mdk-data-line={964;out\DSE-bib.bbl:16}
{}%mdk-data-line={964;out\DSE-bib.bbl:16}
{}, 56%mdk-data-line={964;out\DSE-bib.bbl:16}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:16}
{} (2):%mdk-data-line={964;out\DSE-bib.bbl:16}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:16}
{} 82%mdk-data-line={964;out\DSE-bib.bbl:16}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:16}
{}90,
  2013.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=cadargpde06,label={[3]\{.bibitem-label\}},elem={bibitem},cite-label={Cadar et{\textbackslash} al.(2006)Cadar, Ganesh, Pawlowski, Dill, and\\  Engler},caption={Cristian Cadar, Vijay Ganesh, Peter{\textbackslash} M. Pawlowski, David{\textbackslash} L. Dill, and Dawson{\textbackslash} R. Engler. \\EXE: automatically generating inputs of death. \\In \_Proceedings of the 13th ACM Conference on Computer and Communications Security\_{\textbackslash}/, pages 322--335, 2006.},searchterm={Cristian+Cadar+Vijay+Ganesh+Peter+Pawlowski+David+Dill+Dawson+Engler+automatically+generating+inputs+death+\_Proceedings+Conference+Computer+Communications+Security\_+pages++},data-line={964;out{\textbackslash}DSE-bib.bbl:20}]%
%mdk-data-line={964;out\DSE-bib.bbl:21}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{3}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:21}
{}Cristian Cadar, Vijay Ganesh, Peter%mdk-data-line={964;out\DSE-bib.bbl:21}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:21}
{}M. Pawlowski, David%mdk-data-line={964;out\DSE-bib.bbl:21}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:21}
{}L. Dill, and Dawson%mdk-data-line={964;out\DSE-bib.bbl:21}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:21}
{}R.
  Engler.
%mdk-data-line={964;out\DSE-bib.bbl:23}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:23}
{} EXE: automatically generating inputs of death.
%mdk-data-line={964;out\DSE-bib.bbl:24}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:24}
{} In %mdk-data-line={964;out\DSE-bib.bbl:24}
{}\mdEm{Proceedings of the 13th ACM Conference on Computer and
  Communications Security}%mdk-data-line={964;out\DSE-bib.bbl:25}
{}%mdk-data-line={964;out\DSE-bib.bbl:25}
{}, pages 322%mdk-data-line={964;out\DSE-bib.bbl:25}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:25}
{}335, 2006.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=clarke76,label={[4]\{.bibitem-label\}},elem={bibitem},cite-label={Clarke(1976)},caption={Lori{\textbackslash} A. Clarke. \\A system to generate test data and symbolically execute programs.},searchterm={+system+generate+test+data+symbolically+execute+programs++Lori+Clarke+},data-line={964;out{\textbackslash}DSE-bib.bbl:28}]%
%mdk-data-line={964;out\DSE-bib.bbl:29}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{4}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:29}
{}Lori%mdk-data-line={964;out\DSE-bib.bbl:29}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:29}
{}A. Clarke.
%mdk-data-line={964;out\DSE-bib.bbl:30}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:30}
{} A system to generate test data and symbolically execute programs.
%mdk-data-line={964;out\DSE-bib.bbl:31}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:31}
{} %mdk-data-line={964;out\DSE-bib.bbl:31}
{}\mdEm{IEEE Transactions on Software Engineering}%mdk-data-line={964;out\DSE-bib.bbl:31}
{}%mdk-data-line={964;out\DSE-bib.bbl:31}
{}, 2%mdk-data-line={964;out\DSE-bib.bbl:31}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:31}
{}
  (3):%mdk-data-line={964;out\DSE-bib.bbl:32}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:32}
{} 215%mdk-data-line={964;out\DSE-bib.bbl:32}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:32}
{}222, 1976.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=demourab08,label={[5]\{.bibitem-label\}},elem={bibitem},cite-label={de{\textbackslash} Moura and Bj{\o}rner(2008)},caption={Leonardo{\textbackslash} Mendon{\c{c}}a de{\textbackslash} Moura and Nikolaj Bj{\o}rner. \\Z3: an efficient SMT solver.},searchterm={+efficient+solver++Leonardo+Mendon+Moura+Nikolaj+rner+},data-line={964;out{\textbackslash}DSE-bib.bbl:35}]%
%mdk-data-line={964;out\DSE-bib.bbl:36}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{5}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:36}
{}Leonardo%mdk-data-line={964;out\DSE-bib.bbl:36}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:36}
{}Mendon%mdk-data-line={964;out\DSE-bib.bbl:36}
{}{\c{c}}%mdk-data-line={964;out\DSE-bib.bbl:36}
{}a de%mdk-data-line={964;out\DSE-bib.bbl:36}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:36}
{}Moura and Nikolaj Bj%mdk-data-line={964;out\DSE-bib.bbl:36}
{}{\o}%mdk-data-line={964;out\DSE-bib.bbl:36}
{}rner.
%mdk-data-line={964;out\DSE-bib.bbl:37}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:37}
{} Z3: an efficient SMT solver.
%mdk-data-line={964;out\DSE-bib.bbl:38}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:38}
{} In %mdk-data-line={964;out\DSE-bib.bbl:38}
{}\mdEm{Proceedings of the 14th International Conference of Tools
  and Algorithms for the Construction and Analysis of Systems}%mdk-data-line={964;out\DSE-bib.bbl:39}
{}%mdk-data-line={964;out\DSE-bib.bbl:39}
{}, pages 337%mdk-data-line={964;out\DSE-bib.bbl:39}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:39}
{}340,
  2008.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=dijkstra76,label={[6]\{.bibitem-label\}},elem={bibitem},cite-label={Dijkstra(1976)},caption={Edsger{\textbackslash} W. Dijkstra. \\\_A Discipline of Programming\_{\textbackslash}/.},searchterm={+Discipline+Programming\_++Edsger+Dijkstra+},data-line={964;out{\textbackslash}DSE-bib.bbl:43}]%
%mdk-data-line={964;out\DSE-bib.bbl:44}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{6}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:44}
{}Edsger%mdk-data-line={964;out\DSE-bib.bbl:44}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:44}
{}W. Dijkstra.
%mdk-data-line={964;out\DSE-bib.bbl:45}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:45}
{} %mdk-data-line={964;out\DSE-bib.bbl:45}
{}\mdEm{A Discipline of Programming}%mdk-data-line={964;out\DSE-bib.bbl:45}
{}%mdk-data-line={964;out\DSE-bib.bbl:45}
{}.
%mdk-data-line={964;out\DSE-bib.bbl:46}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:46}
{} Prentice-Hall, 1976.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=godefroid11,label={[7]\{.bibitem-label\}},elem={bibitem},cite-label={Godefroid(2011)},caption={Patrice Godefroid. \\Higher-order test generation.},searchterm={Higher+order+test+generation++Patrice+Godefroid+},data-line={964;out{\textbackslash}DSE-bib.bbl:49}]%
%mdk-data-line={964;out\DSE-bib.bbl:50}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{7}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:50}
{}Patrice Godefroid.
%mdk-data-line={964;out\DSE-bib.bbl:51}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:51}
{} Higher-order test generation.
%mdk-data-line={964;out\DSE-bib.bbl:52}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:52}
{} In %mdk-data-line={964;out\DSE-bib.bbl:52}
{}\mdEm{Proceedings of the ACM SIGPLAN Conference on Programming
  Language Design and Implementation}%mdk-data-line={964;out\DSE-bib.bbl:53}
{}%mdk-data-line={964;out\DSE-bib.bbl:53}
{}, pages 258%mdk-data-line={964;out\DSE-bib.bbl:53}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:53}
{}269, 2011.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=godefroidks05,label={[8]\{.bibitem-label\}},elem={bibitem},cite-label={Godefroid et{\textbackslash} al.(2005)Godefroid, Klarlund, and Sen},caption={Patrice Godefroid, Nils Klarlund, and Koushik Sen. \\DART: directed automated random testing.},searchterm={DART+directed+automated+random+testing++Patrice+Godefroid+Nils+Klarlund+Koushik+},data-line={964;out{\textbackslash}DSE-bib.bbl:56}]%
%mdk-data-line={964;out\DSE-bib.bbl:57}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{8}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:57}
{}Patrice Godefroid, Nils Klarlund, and Koushik Sen.
%mdk-data-line={964;out\DSE-bib.bbl:58}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:58}
{} DART: directed automated random testing.
%mdk-data-line={964;out\DSE-bib.bbl:59}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:59}
{} In %mdk-data-line={964;out\DSE-bib.bbl:59}
{}\mdEm{Proceedings of the ACM SIGPLAN Conference on Programming
  Language Design and Implementation}%mdk-data-line={964;out\DSE-bib.bbl:60}
{}%mdk-data-line={964;out\DSE-bib.bbl:60}
{}, pages 213%mdk-data-line={964;out\DSE-bib.bbl:60}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:60}
{}223, 2005.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=godefroidlm12,label={[9]\{.bibitem-label\}},elem={bibitem},cite-label={Godefroid et{\textbackslash} al.(2012)Godefroid, Levin, and Molnar},caption={Patrice Godefroid, Michael{\textbackslash} Y. Levin, and David{\textbackslash} A. Molnar. \\SAGE: whitebox fuzzing for security testing.},searchterm={SAGE+whitebox+fuzzing+security+testing++Patrice+Godefroid+Michael+Levin+David+Molnar+},data-line={964;out{\textbackslash}DSE-bib.bbl:63}]%
%mdk-data-line={964;out\DSE-bib.bbl:64}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{9}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:64}
{}Patrice Godefroid, Michael%mdk-data-line={964;out\DSE-bib.bbl:64}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:64}
{}Y. Levin, and David%mdk-data-line={964;out\DSE-bib.bbl:64}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:64}
{}A. Molnar.
%mdk-data-line={964;out\DSE-bib.bbl:65}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:65}
{} SAGE: whitebox fuzzing for security testing.
%mdk-data-line={964;out\DSE-bib.bbl:66}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:66}
{} %mdk-data-line={964;out\DSE-bib.bbl:66}
{}\mdEm{Communications of the ACM}%mdk-data-line={964;out\DSE-bib.bbl:66}
{}%mdk-data-line={964;out\DSE-bib.bbl:66}
{}, 55%mdk-data-line={964;out\DSE-bib.bbl:66}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:66}
{} (3):%mdk-data-line={964;out\DSE-bib.bbl:66}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:66}
{} 40%mdk-data-line={964;out\DSE-bib.bbl:66}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:66}
{}44,
  2012.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=gupta00,label={[10]\{.bibitem-label\}},elem={bibitem},cite-label={Gupta et{\textbackslash} al.(2000)Gupta, Mathur, and Soffa},caption={Neelam Gupta, Aditya{\textbackslash} P. Mathur, and Mary{\textbackslash} Lou Soffa. \\Generating test data for branch coverage.},searchterm={Generating+test+data+branch+coverage++Neelam+Gupta+Aditya+Mathur+Mary+Soffa+},data-line={964;out{\textbackslash}DSE-bib.bbl:70}]%
%mdk-data-line={964;out\DSE-bib.bbl:71}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{10}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:71}
{}Neelam Gupta, Aditya%mdk-data-line={964;out\DSE-bib.bbl:71}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:71}
{}P. Mathur, and Mary%mdk-data-line={964;out\DSE-bib.bbl:71}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:71}
{}Lou Soffa.
%mdk-data-line={964;out\DSE-bib.bbl:72}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:72}
{} Generating test data for branch coverage.
%mdk-data-line={964;out\DSE-bib.bbl:73}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:73}
{} In %mdk-data-line={964;out\DSE-bib.bbl:73}
{}\mdEm{Proceedings of the Automate Software Engineering
  Conference}%mdk-data-line={964;out\DSE-bib.bbl:74}
{}%mdk-data-line={964;out\DSE-bib.bbl:74}
{}, pages 219%mdk-data-line={964;out\DSE-bib.bbl:74}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:74}
{}228, 2000.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=king76,label={[11]\{.bibitem-label\}},elem={bibitem},cite-label={King(1976)},caption={James{\textbackslash} C. King. \\Symbolic execution and program testing.},searchterm={Symbolic+execution+program+testing++James+King+},data-line={964;out{\textbackslash}DSE-bib.bbl:77}]%
%mdk-data-line={964;out\DSE-bib.bbl:78}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{11}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:78}
{}James%mdk-data-line={964;out\DSE-bib.bbl:78}
{}{\mdNbsp}%mdk-data-line={964;out\DSE-bib.bbl:78}
{}C. King.
%mdk-data-line={964;out\DSE-bib.bbl:79}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:79}
{} Symbolic execution and program testing.
%mdk-data-line={964;out\DSE-bib.bbl:80}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:80}
{} %mdk-data-line={964;out\DSE-bib.bbl:80}
{}\mdEm{Communications of the ACM}%mdk-data-line={964;out\DSE-bib.bbl:80}
{}%mdk-data-line={964;out\DSE-bib.bbl:80}
{}, 19%mdk-data-line={964;out\DSE-bib.bbl:80}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:80}
{} (7):%mdk-data-line={964;out\DSE-bib.bbl:80}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:80}
{}
  385–394, 1976.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=korel90,label={[12]\{.bibitem-label\}},elem={bibitem},cite-label={Korel(1990)},caption={Bogdan Korel. \\Automated software test data generation.},searchterm={Automated+software+test+data+generation++Bogdan+Korel+},data-line={964;out{\textbackslash}DSE-bib.bbl:84}]%
%mdk-data-line={964;out\DSE-bib.bbl:85}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{12}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:85}
{}Bogdan Korel.
%mdk-data-line={964;out\DSE-bib.bbl:86}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:86}
{} Automated software test data generation.
%mdk-data-line={964;out\DSE-bib.bbl:87}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:87}
{} %mdk-data-line={964;out\DSE-bib.bbl:87}
{}\mdEm{IEEE Transactions on Software Engineering}%mdk-data-line={964;out\DSE-bib.bbl:87}
{}%mdk-data-line={964;out\DSE-bib.bbl:87}
{}, 16%mdk-data-line={964;out\DSE-bib.bbl:87}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:87}
{}
  (8):%mdk-data-line={964;out\DSE-bib.bbl:88}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:88}
{} 870%mdk-data-line={964;out\DSE-bib.bbl:88}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:88}
{}879, 1990.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=korel92,label={[13]\{.bibitem-label\}},elem={bibitem},cite-label={Korel(1992)},caption={Bogdan Korel. \\Dynamic method of software test data generation.},searchterm={Dynamic+method+software+test+data+generation++Bogdan+Korel+},data-line={964;out{\textbackslash}DSE-bib.bbl:91}]%
%mdk-data-line={964;out\DSE-bib.bbl:92}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{13}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:92}
{}Bogdan Korel.
%mdk-data-line={964;out\DSE-bib.bbl:93}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:93}
{} Dynamic method of software test data generation.
%mdk-data-line={964;out\DSE-bib.bbl:94}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:94}
{} %mdk-data-line={964;out\DSE-bib.bbl:94}
{}\mdEm{Journal of Software Testing, Verification and Reliability}%mdk-data-line={964;out\DSE-bib.bbl:94}
{}%mdk-data-line={964;out\DSE-bib.bbl:94}
{},
  2%mdk-data-line={964;out\DSE-bib.bbl:95}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:95}
{} (4):%mdk-data-line={964;out\DSE-bib.bbl:95}
{}\mdSpan[penalty={0}]{}%mdk-data-line={964;out\DSE-bib.bbl:95}
{} 203%mdk-data-line={964;out\DSE-bib.bbl:95}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:95}
{}213, 1992.%
\end{mdBibitem}%
\begin{mdBibitem}[class={bibitem},id=senacav06,label={[14]\{.bibitem-label\}},elem={bibitem},cite-label={Sen and Agha(2006)},caption={Koushik Sen and Gul Agha. \\CUTE and jcute: Concolic unit testing and explicit path model-checking tools. \\In \_Proceedings of 18th Computer Aided Verification Conference\_{\textbackslash}/, pages 419--423, 2006.},searchterm={Koushik+Agha+CUTE+jcute+Concolic+unit+testing+explicit+path+model+checking+tools+\_Proceedings+Computer+Aided+Verification+Conference\_+pages++},data-line={964;out{\textbackslash}DSE-bib.bbl:98}]%
%mdk-data-line={964;out\DSE-bib.bbl:99}
{}\mdSpan[class={bibitem-before}]{[\mdSpan[class={bibitem-label}]{14}]{\mdNbsp}{\mdNbsp}}%mdk-data-line={964;out\DSE-bib.bbl:99}
{}Koushik Sen and Gul Agha.
%mdk-data-line={964;out\DSE-bib.bbl:100}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:100}
{} CUTE and jcute: Concolic unit testing and explicit path
  model-checking tools.
%mdk-data-line={964;out\DSE-bib.bbl:102}
{}\mdSpan[class={newblock}]{}%mdk-data-line={964;out\DSE-bib.bbl:102}
{} In %mdk-data-line={964;out\DSE-bib.bbl:102}
{}\mdEm{Proceedings of 18th Computer Aided Verification Conference}%mdk-data-line={964;out\DSE-bib.bbl:102}
{}%mdk-data-line={964;out\DSE-bib.bbl:102}
{},
  pages 419%mdk-data-line={964;out\DSE-bib.bbl:103}
{}{\textendash}%mdk-data-line={964;out\DSE-bib.bbl:103}
{}423, 2006.%
\end{mdBibitem}%%
\end{mdBibliography}%



\end{document}


================================================
FILE: marktoberdorf_paper/forPublisher/madoko.sty
================================================
%---------------------------------------------------------------------------
%  Copyright 2013 Microsoft Corporation.
% 
%  This is free software; you can redistribute it and/or modify it under the
%  terms of the Apache License, Version 2.0. A copy of the License can be
%  found in the file "license.txt" at the root of this distribution.
%---------------------------------------------------------------------------
\NeedsTeXFormat{LaTeX2e}[1995/12/01]

\RequirePackage{css}
\RequirePackage{array}
\RequirePackage{longtable}
\RequirePackage{enumitem}
\RequirePackage{booktabs}
\RequirePackage{pdfcomment}
%\RequirePackage[bookmarks=true]{hyperref} % loaded by pdfcomment
\RequirePackage{amsmath}
\RequirePackage{amsfonts}
\RequirePackage{amssymb}
\RequirePackage{stmaryrd}
\RequirePackage{textcomp}
\RequirePackage{pifont}
\RequirePackage{wrapfig}


%-------------------------------------------------------------
% Process options 
%-------------------------------------------------------------
\newcommand{\mdHeadingBase}{1}
\DeclareOptionX{heading-base}[1]{\gdef\mdHeadingBase{#1}}
\ProcessOptionsX

%-------------------------------------------------------------
% Conditionals
%-------------------------------------------------------------
% conditionals
\newif\ifmathmode
\newif\ifbeamer

\@ifclassloaded{beamer}{\beamertrue}{\beamerfalse}
\ifdef\mathmode{\mathmodetrue}{\mathmodefalse}


%-------------------------------------------------------------
% Setup packages 
%-------------------------------------------------------------


% hyperref
\hypersetup{
  colorlinks=true,linkcolor=Navy,urlcolor=Blue,filecolor=Maroon,bookmarksdepth=3,bookmarksopenlevel=1
}

% booktabs
\setlength{\aboverulesep}{0pt}
\setlength{\belowrulesep}{0pt}
\setlength{\doublerulesep}{\heavyrulewidth}


%-------------------------------------------------------------
% Character commands 
%-------------------------------------------------------------

\providecommand{\lt}{\ensuremath{<}}
\providecommand{\gt}{\ensuremath{>}}
\providecommand{\abs}[1]{\ensuremath{\left\vert #1\right\vert}}

%\providecommand{\bigstrut}{-0.5\baselineskip}{0pt}{1.5\baselineskip}
%\providecommand{\deepstrut}{-0.5\baselineskip}{0pt}{0.5\baselineskip}
%\providecommand{\highstrut}{0pt}{0pt}{\baselineskip}


% inserted for unknown html entities
\newcommand{\mdUnknownEntity}[1]{\&#1;}
\newcommand{\mdEntity}[1]{\protect\mdUnknownEntity{#1}}

% allow the definition of new entities: \mdDefineEntity{bar}{\|}
\newcommand{\mdDefineEntity}[2]{%
  \protected@edef\mdEntity##1{\protect\eifstrequal{##1}{#1}{#2}{\mdEntity{##1}}}%
}


% inserted for unknown unicode entities
\newcommand{\mdUnicodeUnknown}[1]{%
  \ifXeTeX\mdUnicodeChar{#1}\else%
  \ifLuaTeX\mdUnicodeChar{#1}\else%
  \&\##1;\fi\fi
}
\newcommand{\mdUnicodeChar}[1]{\char#1} % directly insert the unicode glyph
\newcommand{\mdUnicode}[1]{\protect\mdUnicodeUnknown{#1}}

% allow the definition of new unicode entities: \mdDefineUnicode{10214}{\ensuremath{\llbracket}}
\newcommand{\mdDefineUnicode}[2]{%
  \protected@edef\mdUnicode##1{\protect\ifnum##1=#1{#2}\protect\else{\mdUnicode{##1}}\protect\fi}%
}

% ballot boxes
\mdDefineUnicode{9745}{\rlap{$\square$}\protect\raisebox{.15ex}{\kern 0.1em\ding{51}}}
\mdDefineUnicode{9746}{\rlap{$\square$}{\kern 0.1em\ding{55}}}
% magnifying glass
\mdDefineUnicode{128270}{\kern -0.75ex\protect\raisebox{-0.25ex}{$\arrownot$}\kern 1.05ex\protect\raisebox{0.5ex}{$\circ$}\hspace{-0.25ex}}
% short underscore
\mdDefineUnicode{818}{\leavevmode\kern 0.06em\vbox{\hrule width 0.3em}}

% qed
\providecommand{\qedsymbol}{\ensuremath{\Box}}
\providecommand{\qed}{\hfill\qedsymbol}

% break and nbsp
\newcommand{\mdBr}{\ifvmode\leavevmode\fi\\{}}
\newcommand{\mdNbsp}{\nobreak\rule{0pt}{0pt}~}

\newcommand{\mdBrSep}[2]{%
  \expandafter\ifx#1\relax\relax #2\else
  \expandafter\ifx#2\relax\relax #1\else
  #1\mdBr #2\fi\fi
}

% fix nobreakspace in case the user loads a T1 encoding in LaTeX
\DeclareTextCommandDefault{\nobreakspace}{\leavevmode\nobreak\ }


% logo
\cssClassRuleDoBefore{madokologo}{\vfill}


% We need to call \mdLabeltarget for any structure that can set label
\newcounter{@mdTargetCount}
\newcommand{\mdLabeltarget}{\refstepcounter{@mdTargetCount}}


%-------------------------------------------------------------
% Title and subtitle 
%-------------------------------------------------------------

\providecommand{\@doi}{?}

\ifdef\titlerunning%
  {\newcommand{\mdTitlerunning}[1]{\titlerunning{#1}}}% llncs
  {\newcommand{\mdTitlerunning}[1]{\global\def\titlerunning{#1}}}% eptcs

\ifdef\authorrunning%
  {\newcommand{\mdAuthorrunning}[1]{\authorrunning{#1}}}% llncs
  {\newcommand{\mdAuthorrunning}[1]{\global\def\authorrunning{#1}}}% eptcs

% LLNCS: \author{ \and ...}, \institute{ \email \and ...}
% EPTCS: \author{ \institute \email \and ... }
% LATEX: \author{ ... } \date

\ifdef\date{\date{}}{}
\providecommand{\email}[1]{\normalsize\textsf{#1}}%
\providecommand{\affaddr}[1]{\normalsize{#1}}%
\providecommand{\alignauthor}{\\[2ex]}
\providecommand{\aufnt}[1]{{\large #1}}
\providecommand{\numberofauthors}[1]{}

\ifbeamer\providecommand{\inst}[1]{$^{\mbox{#1}}$}\fi%

% If there is no \authorinfo, we provide a simple one that works
% with some other common styles
\newcounter{mdAuthorCount}
\newcommand{\@mdauthors}{}   % fancy list of authors
\newcommand{\@mdinsts}{}
\providerobustcmd{\@and}{\and}
\providerobustcmd{\authorinfo}[3]{%
  \stepcounter{mdAuthorCount}%
  \ifdef{\institute}{%  
    \ifnum\value{mdAuthorCount}>1%
     \gappto\@mdauthors{\@and}%
     \ifx\relax#2\relax\else\gappto\@mdinsts{\@and}\fi%
    \fi%    
    \ifdef{\inst}%
    {%LLNCS, Beamer
      \gappto\@mdauthors{#1}%
      \ifx\relax#2\relax\else\gappto\@mdinsts{#2}\fi%
      \ifx\relax#3\relax\else\gappto\@mdinsts{\mdBr\email{#3}}\fi
    }%
    {% EPTCS
      \gappto\@mdauthors{#1%
        \ifx\relax#2\relax\else\protect\institute{#2}\fi%
        \ifx\relax#3\relax\else\protect\email{#3}\fi}%
    }%
  }%
  {% Our own simple style (similar to sigplanconf)
   \ifnum\value{mdAuthorCount}>1%
     \gappto\@mdauthors{\alignauthor}%
   \fi%
   \gappto\@mdauthors{\aufnt{#1}}%
   \protected@edef\@more{#2#3}%
   \expandafter\ifx\@more\relax\relax \else
     \gappto\@mdauthors{\\[0.25ex]\mdBrSep{#2}{#3}}%
   \fi   
  }%
  \ifnum\value{mdAuthorCount}>1%
    \gappto\@mdauthorsx{, #1}%
  \else
    \global\def\@mdauthorsx{#1}%
  \fi
  \mdAuthorrunning{\@mdauthorsx}%
}

% support \inst
\newcommand{\mdInst}[1]{%
  \ifdef{\inst}{\inst{#1}}{\ensuremath{^{\mbox{#1}}}}%
}
\cssClassRuleCmd{inst}{\mdInst}

\newcommand{\mdTitle}[1]{\gdef\@mdTitle{#1}\title{\@mdTitle}\mdTitlerunning{#1}}
\newcommand{\mdSubtitle}[1]{\gappto\@mdTitle{\\{\Large #1}}\title{\@mdTitle}}

% legacy
\newcommand{\mdAuthor}[4]{%
  \authorinfo{#1}{\mdBrSep{#2}{#4}}{#3}%
}

% and finally maketitle
\newcommand{\mdMaketitle}[1]{%  
  \ifnum\value{mdAuthorCount}>0%
    \expandnext{\numberofauthors}{\arabic{mdAuthorCount}}%
    \author{\@mdauthors}%
    \ifdef\inst{\ifdef\institute{\institute{\@mdinsts}}{}}{}%
  \fi
  \ifx#1\relax\else%
    %\ifdef\titlenote% some styles disregard the date command...
    {%\gappto\@mdTitle{\titlenote{#1}}\title{\@mdTitle}}
     \mdSubtitle{\normalfont\normalsize #1}}%
     % {\date{#1}}%
  \fi%  
  \maketitle%
}

% Use the pre-defined abstract environment
\cssElemRuleEnv{abstract}{abstract}

% and define it if not yet defined
\ifdef{\abstract}{}{
  \newenvironment{abstract}%
    {\list{}{\small
      \leftmargin=2.65em%
      \labelwidth=0em%
      \listparindent=0em%
      \itemindent\listparindent
      \rightmargin\leftmargin}\item[\hskip\labelsep\bfseries Abstract.]}
    {\endlist}
}


%-------------------------------------------------------------
% Hooks to use maketitle from standard title blocks
%-------------------------------------------------------------

\def\@mdTitleNote{}
\newcounter{mdxAuthorCount} 
\defcommand{\mdxTitle}[2][]{\mdTitle{\mdSpan[#1]{#2}}}
\defcommand{\mdxTitleNote}[2][]{\gdef\@mdTitleNote{\mdSpan[#1]{#2}}}
\defcommand{\mdxTitleFooter}[2][]{\gappto{\@mdauthors}{\\[1ex]\mdSpan[#1]{#2}}}
\defcommand{\mdxSubTitle}[2][]{\mdSubtitle{\mdSpan[#1]{#2}}}    
\defcommand{\mdxAuthorName}[2][]{\csgdef{@mdAuthorName\the\value{mdxAuthorCount}}{\mdSpan[#1]{#2}}}
\defcommand{\mdxAuthorAddress}[2][]{\csgdef{@mdAuthorAff\the\value{mdxAuthorCount}}{\mdSpan[#1]{#2}}}
\defcommand{\mdxAuthorEmail}[2][]{\csgdef{@mdAuthorEmail\the\value{mdxAuthorCount}}{\mdSpan[#1]{\email{#2}}}}
\defcommand{\mdxAuthorNote}[2][]{%
  \ifcsdef{@mdAuthorAff\the\value{mdxAuthorCount}}%
    {\csgappto{@mdAuthorAff\the\value{mdxAuthorCount}}{\mdBr\mdSpan[#1]{#2}}}
    {\csgdef{@mdAuthorAff\the\value{mdxAuthorCount}}{\mdSpan[#1]{#2}}}
 }
\cssClassRuleDoBefore{titleblockmaketitle}{%
  \setcounter{mdxAuthorCount}{0}%
}
\cssClassRuleDoBefore{authormaketitle}{%
  \global\stepcounter{mdxAuthorCount}%
}
\cssClassRuleDoAfter{authormaketitle}{%
  \providecsgdef{@mdAuthorName\the\value{mdxAuthorCount}}{}%
  \providecsgdef{@mdAuthorAff\the\value{mdxAuthorCount}}{}%
  \providecsgdef{@mdAuthorEmail\the\value{mdxAuthorCount}}{}%
  \expandnextiii{\authorinfo}%
      {\csname @mdAuthorName\the\value{mdxAuthorCount}\endcsname}%
      {\csname @mdAuthorAff\the\value{mdxAuthorCount}\endcsname}%
      {\csname @mdAuthorEmail\the\value{mdxAuthorCount}\endcsname}%
}
\cssClassRuleDoAfter{titleblockmaketitle}{%
  \mdMaketitle{\@mdTitleNote}%
}


%-------------------------------------------------------------
% Paragraphs and indentation 
%-------------------------------------------------------------
\newcommand{\mdParIndent}{\parindent}
\cssClassRule{indent}{text-indent=\mdParIndent}
\cssClassRule{para-block}{text-indent=0pt}

\cssNewBlockElem{mdP}{p}{}

\cssParentClassRule{align-center}{text-align=center,margin-left=auto,margin-right=auto}

\cssClassRule{hidden}{display=hidden}

%-------------------------------------------------------------
% Common Inline elements 
%-------------------------------------------------------------
\cssNewInlineElem{\mdEm}{em}{font-style=italic}
\cssNewInlineElem{\mdStrong}{strong}{font-weight=bold}
\cssNewInlineElem{\mdDel}{del}{color=gray}  % not great but strike-out is just not well supported on LaTeX...

\cssNewKey{css}{label}{\cssLabel}{}

\newcommand{\mdFootnote}[2][]{%
  \mdSpan[#1]{\gdef\@thefnmark{\cssLabel}\@footnotemark}\@footnotetext{#2}%  
  %\footnote{#2}} % no cssInline since footnotes can contain block elements
}
\newcommand{\mdSub}[2][]{\ensuremath{_{\mbox{\scriptsize\cssInline[elem=sub,#1]{#2}}}}}
\newcommand{\mdSup}[2][]{\ensuremath{^{\mbox{\scriptsize\cssInline[elem=sup,#1]{#2}}}}}

\cssClassRule{footnote-backref}{display=hidden}
\cssClassRule{footnote-before}{display=hidden}

\newcommand{\mdTooltip}[2]{%
  #2%
  \eifstrequal{#1}{}{}{%
    \hbox to 0pt{\raisebox{1ex}{\tiny%
      \pdfmarkupcomment[color=White,author=Title]{}{#1}%
    }}%
  }%
}

\newcommand{\@mdHyperref}[2]{\hyperref[#1]{#2}}
\newcommand{\@mdMakeA}[2]{%
  \cssIfHasClass{localref}%
    {\@mdHyperref{#1}{#2}%
     \cssIfHasClass{bibref}{\write\@mainaux{\string\citation{#1}}}{}}%
    {\href{#1}{#2}}%
}

\newcommand{\mdA}[4][]{\mdTooltip{#3}{\cssInlineCmd[#1]{\@mdMakeA{#2}}{#4}}}

%-------------------------------------------------------------
% Headers
%-------------------------------------------------------------
\cssNewKey{css}{bookmark}{\cssBookmark}{}
\newcommand{\mdBookmark}[3]{\eifstrequal{#2}{}{}{\pdfbookmark[#1]{#2}{#3}}}
\newcommand{\mdHBookmark}[2]{%
  \ifnum#1<\mdHeadingBase\edef\@mdlevel{#1}\else\edef\@mdlevel{\the\numexpr#1-\mdHeadingBase}\fi%
  \cssInitKeys{#2}\mdBookmark{\@mdlevel}{\cssBookmark}{\cssId}%
}

\cssNewKey{css}{starform}{\cssStarForm}{}
\newcommand{\mdCommandStar}[3][]{%
  \cssInitKeys{#1}%
  \eifstrequal{\cssStarForm}{true}{\csname #2\endcsname*{#3}}{\csname #2\endcsname{#3}}%
}
\newcommand{\mdCommandUnStar}[3][]{%
  \cssInitKeys{#1}%
  \eifstrequal{\cssStarForm}{false}{\csname #2\endcsname{#3}}{\csname #2\endcsname*{#3}}%
}

\newcommand{\mdH}[2][]{\mdHBookmark{0}{#1}\mdCommandUnStar[#1]{part}{\cssInline[elem=h0,#1]{#2}}}
\newcommand{\mdHx}[2][]{\mdHBookmark{1}{#1}\mdCommandUnStar[#1]{chapter}{\cssInline[elem=h1,#1]{#2}}}
\newcommand{\mdHxx}[2][]{\mdHBookmark{2}{#1}\mdCommandUnStar[#1]{section}{\cssInline[elem=h2,#1]{#2}}}
\newcommand{\mdHxxx}[2][]{\mdHBookmark{3}{#1}\mdCommandUnStar[#1]{subsection}{\cssInline[elem=h3,#1]{#2}}}
\newcommand{\mdHxxxx}[2][]{\mdHBookmark{4}{#1}\mdCommandUnStar[#1]{subsubsection}{\cssInline[elem=h4,#1]{#2}}}
\newcommand{\mdHxxxxx}[2][]{\mdCommandUnStar[#1]{paragraph}{\cssInline[elem=h5,#1]{#2}}}
\newcommand{\mdHxxxxxx}[2][]{\mdCommandUnStar[#1]{paragraph}{\cssInline[elem=h6,#1]{#2}}}
\newenvironment{mdSection}[1][]{\mdHBookmark{2}{#1}\begin{mdDiv}[#1]}{\end{mdDiv}}

%\patchcmd{\@startsection}%
% {\@ssect{#3}{#4}{#5}{#6}}%
% {\@dblarg{\@sect{#1}{\@m}{#3}{#4}{#5}{#6}}}%
% {}%
% {\PackageError{madoko}{Unable to patch \string\@startsection}\@ehd}

%-------------------------------------------------------------
% Common block elements
%-------------------------------------------------------------
\cssNewInlineElem{\mdSpan}{span}{}
\cssNewBlockElem{mdDiv}{div}{}
\cssNewBlockElem{mdDivInline}{divinline}{display=block-inline}
\newenvironment{mdBlockquote}[1][]%
  {\begin{mdDiv}[#1]\begin{quote}}%
  {\end{quote}\end{mdDiv}}

%-------------------------------------------------------------
% Images 
%-------------------------------------------------------------

\newcommand{\@imgInclude}[4]{%
  \begin{minipage}[#1]{#2}%
  \eifstrequal{#1}{c}%
    {$\vcenter{\hbox{\protect\includegraphics[#4]{#3}}}$}%
    {\eifstrequal{#1}{t}{\vspace{-0.7\baselineskip}}{}%
     \protect\includegraphics[#4]{#3}}%
  \end{minipage}%
}
\newcommand{\@imgArgs}{}

\newcommand{\mdImg}[2][]{%
  \begingroup%  
  \cssNewLengthKey{csspre}{width}{\cssImageWidth}    % capture width and height
  \cssNewLengthKey{csspre}{height}{\cssImageHeight}
  \cssInline[elem=img,#1]{%   
    \renewcommand{\@imgArgs}{keepaspectratio=true}%
    \ifdim\cssImageWidth=2sp\def\cssImageWidth{\linewidth}\fi%
    \ifdim\cssImageWidth<3sp\else\appto{\@imgArgs}{,width=\cssImageWidth}\fi%
    \ifdim\cssImageHeight<3sp\else\appto{\@imgArgs}{,height=\cssImageHeight}\fi
    \eifstrequal{\@imgArgs}{}%
      {\includegraphics{#2}}%
    {\eifstrequal{\cssVerticalAlign}{top}%
      {\expandnext{\@imgInclude{t}{\cssImageWidth}{#2}}{\@imgArgs}}%
    {\eifstrequal{\cssVerticalAlign}{middle}%
      {\expandnext{\@imgInclude{c}{\cssImageWidth}{#2}}{\@imgArgs}}%
      {\expandnext{\@imgInclude{b}{\cssImageWidth}{#2}}{\@imgArgs}}}%
    }%
  }%
  \endgroup%
}%

%-------------------------------------------------------------
% Math
%-------------------------------------------------------------

\newenvironment{mdMathprearray}%
  {\setlength{\arraycolsep}{0pt}\begin {array}{llllllll}}%
  {\end{array}\hspace*{\linewidth minus \linewidth}} % flush left

\defcommand{\mathkw}[1]{\mathsf{{#1}}}
\defcommand{\mathid}[1]{\mathit{#1}}

\defcommand{\smallstrut}{\mbox{\rule{0ex}{1ex}}}

\newcommand{\mdMathspace}[1]{\mskip\numexpr4*#1\relax mu plus #1mu minus #1mu\smallstrut}
\newcommand{\mdMathindent}[1]{\mskip\numexpr8*#1\relax mu\smallstrut}
\newcommand{\mdMathbr}{\\}

% Equation tags are stored in mdTag (which resets automatically after each math display)
\newcommand{\mdTag}{}
\preto{\]}{\mdTag\global\def\mdTag{}}  % hookup in math displays

\newcommand{\mdEquationbefore}[1]{%
  \global\def\mdTag{\tag*{#1}}% use the amsmath tag command to set the label
  \mdLabeltarget%
}
\cssClassRuleCmd{equation-before}{\mdEquationbefore}


%-------------------------------------------------------------
% Helper to allow use of standard math environments
%-------------------------------------------------------------

\cssNewKey{css}{env}{\cssEnv}{theorem}
\newsavebox{\mdThmBox}
\newenvironment{mdThmCaption}[1][]
  {\global\setbox\mdThmBox\hbox\bgroup\ignorespaces}
  {\egroup}
\newenvironment{mdThm}[1][]%
  {\cssInitKeys{#1}\begin{\cssEnv}%
   \global\setbox\mdThmBox\hbox{}}%
  {\end{\cssEnv}}


%-------------------------------------------------------------
% Lists
%-------------------------------------------------------------


\newlength{\xtopsep}
\newenvironment{mdUl}[1][]%
  {\begin{mdDiv}[#1]%
   \setlength{\xtopsep}{\topsep}%
   \addtolength{\topsep}{-\cssMarginTop}%
   \eifstrequal{\cssListStyleType}{}%
     {\def\@endlist{\end{itemize}}\begin{itemize}[topsep=\xtopsep]}%
     {\@mdSetListLabel%
      \def\@endlist{\end{enumerate}}\expandnext{\begin{enumerate}[topsep=\xtopsep,start=\cssStart,}{\@label}]}%
   \cssIfHasClass{compact}{\setlength{\itemsep}{0pt}\setlength{\parskip}{0pt}}{}%
  }%
  {\strut\@endlist\end{mdDiv}}

\cssNewKey{css}{start}{\cssStart}{1}
\cssNewKey{css}{list-style-type}{\cssListStyleType}{}

\newcommand{\@mdSetListLabel}{%
  \cssIfHasClass{list-sep-paren}%
    {\def\@labelsep{)}%
     \eifstrequal{\cssListStyleType}{}{\def\cssListStyleType{decimal}}{}}%
    {\def\@labelsep{.}}
  \eifstrequal{\cssListStyleType}{lower-roman}%
    {\def\@label{label=\roman*\@labelsep}}%
  {\eifstrequal{\cssListStyleType}{upper-roman}%
    {\def\@label{label=\Roman*\@labelsep}}%
  {\eifstrequal{\cssListStyleType}{lower-alpha}%
    {\def\@label{label=\alph*\@labelsep}}%
  {\eifstrequal{\cssListStyleType}{upper-alpha}%
    {\def\@label{label=\Alph*\@labelsep}}%
  {\eifstrequal{\cssListStyleType}{decimal}%
    {\def\@label{label=\arabic*\@labelsep}}%
  {\eifstrequal{\cssListStyleType}{disc}%
    {\def\@label{label=\textbullet}}%
  {\eifstrequal{\cssListStyleType}{circle}%
    {\def\@label{label=$\circ$}}%
  {\eifstrequal{\cssListStyleType}{square}%
    {\def\@label{label=$\blacksquare$}}%
  {\eifstrequal{\cssListStyleType}{dash}%
    {\def\@label{label={--}}}%
  {\eifstrequal{\cssListStyleType}{none}%
    {\def\@label{label=}}%
    {\def\@label{}}}}}}}}}}}%
}

\newenvironment{mdOl}[1][]%
  {\ifdef\@enhook{\PackageError{madoko}{You cannot use the package "enumerate" in madoko;\MessageBreak use the "enumitem" package instead\MessageBreak (which is available by default)}{}}{}%
  \begin{mdDiv}[#1]%
  \setlength{\xtopsep}{\topsep}%
  \addtolength{\topsep}{-\cssMarginTop}%
  \@mdSetListLabel%
  \expandnext{\begin{enumerate}[topsep=\xtopsep,start=\cssStart,}{\@label}]%
  \cssIfHasClass{compact}{\setlength{\itemsep}{0pt}\setlength{\parskip}{0pt}}{}%
  }%
  {\strut\end{enumerate}\end{mdDiv}}

\newenvironment{mdLi}[1][]{\item\mdLabeltarget\begin{mdDivInline}[#1]}{\end{mdDivInline}}

\newenvironment{mdDl}[1][]%
  {\begin{mdDiv}[#1]%
   \setlength{\xtopsep}{\topsep}%
   \addtolength{\topsep}{-\cssMarginTop}%
   \begin{itemize}[leftmargin=0pt,topsep=\xtopsep]%
   \vspace{-\itemsep}%
   \cssIfHasClass{compact}{\setlength{\itemsep}{0pt}\setlength{\parskip}{0pt}}{}%
  }%
  {\end{itemize}\end{mdDiv}}%

\newenvironment{mdDt}[1][]%
  {\item[]\begin{mdDiv}[#1]}%
  {\end{mdDiv}}%

\newenvironment{mdDd}[1][]%
  {\begin{mdDiv}[#1]}%
  {\end{mdDiv}}%


% ---------------------------------------------------
% Bibliography
% ---------------------------------------------------


\cssNewKey{css}{caption}{\cssCaption}{?}
\newKey{css}{bibstyle}{%
  \eifstrequal{#1}{}%
    {\write\@mainaux{\string\bibstyle{plain}}}%
    {\write\@mainaux{\string\bibstyle{#1}}}
}
\newKey{css}{bibdata}{\write\@mainaux{\string\bibdata{#1}}}


\newcommand{\mdBibDisplay}{inline}
\newcommand{\mdBibBefore}{\ifdef\inst{\vspace{-4ex}}{}}
\newcommand{\@ignore}[2][]{} % ignore argument (and optional argument)

\newenvironment{mdBibliography}[1][]{%
  \begin{mdDiv}[#1]%
  \ifdef\section{\def\section{\@ifstar\@ignore\@ignore}}{}% suppress bibliography header
  \ifdef\chapter{\def\chapter{\@ifstar\@ignore\@ignore}}{}% suppress bibliography header
  \providecommand{\markboth}[2]{}%
  \cssIfHasClass{bib-authoryear}{\def\mdBibDisplay{hidden}}{}%
  \begin{thebibliography}{\cssCaption}\setlength{\topsep}{0pt}\mdBibBefore}%
  {\markboth{}{}\end{thebibliography}\end{mdDiv}}


\cssNewKey{css}{cite-label}{\cssCiteLabel}{}

\newenvironment{mdBibitem}[1][]{%
  \item[]\mdLabeltarget\begin{mdDivInline}[#1]\hspace*{-\leftmargin}}%  
  {\end{mdDivInline}\par}

\cssClassRule{bibitem-before}{display=\mdBibDisplay,width=\leftmargin,text-align=right}
\providecommand{\newblock}{\hskip .11em plus .33em minus .07em}
\cssClassRuleDoBefore{newblock}{\protect\newblock}

% ---------------------------------------------------
% Table of contents
% ---------------------------------------------------

% until this level, the entry is bold
\newcommand{\mdTocLevelBold}{1}
% until this level, no dots are used
\newcommand{\mdTocLevelNodots}{1}
\newlength{\mdTocIndent}
\setlength{\mdTocIndent}{1.3em}

\cssNewKeyNoReset{css}{toclevel}{\cssTocLevel}{1}
\cssNewKeyNoReset{css}{toctarget}{\cssTocTarget}{no-toc-target}

\cssElemRule{tocitem}{display=block-inline}
\cssClassRuleDoBefore{tocitem}{%
   \ifnum\cssTocLevel>\mdTocLevelBold\relax\else\bfseries\fi%
   \noindent\hspace*{-\mdTocIndent}\hspace*{\cssTocLevel\mdTocIndent}}%
\cssClassRuleDoAfter{tocitem}{%   
   \hspace{1ex}%
   \ifnum\cssTocLevel>\mdTocLevelNodots\dotfill\else\hfill\fi%
   \hspace{1ex}\pageref{\cssTocTarget}}%



% ---------------------------------------------------
% Tables
% ---------------------------------------------------

\newcommand{\mdCellstrut}{}%\mbox{\rule{-0.1ex}{1.8ex}}}
\newlength{\mdLineWidth}
\setlength{\mdLineWidth}{\linewidth}
\newlength{\mdDefaultColumnWidth}

\newcommand{\mdTableInit}[1]{%
  \setlength{\tabcolsep}{0.5ex}%
  \setlength{\mdLineWidth}{\dimexpr\linewidth-\tabcolsep*2*#1-\tabcolsep\relax}% the line length minus table spacing
  \setlength{\mdDefaultColumnWidth}{\dimexpr\mdLineWidth/#1\relax}%
  \setlength{\linewidth}{\mdLineWidth}
}

\newenvironment{mdTable}[3][]{% [attributes]{column-count}{column-specifiers}
  \begin{mdDiv}[#1]%
  \mdTableInit{#2}%
  \begin{tabular}{#3}}{\end{tabular}\end{mdDiv}}


\newenvironment{mdLongTable}[3][]{% [attributes]{column-count}{column-specifiers}
  \begin{mdDiv}[#1]%
  \mdTableInit{#2}%
  \begin{longtable}{#3}}{\end{longtable}\end{mdDiv}}


\newenvironment{mdThead}[1][]{}{}
\newenvironment{mdTbody}[1][]{}{}
\cssNewBlockElem{mdColumn}{column}{width=\mdDefaultColumnWidth}

\newcommand{\mdTr}[2][]{\mdSpan[#1]{#2}}
\newcommand{\mdTd}[2][]{\mdSpan[#1]{\mdCellstrut #2}}
\newcommand{\mdTh}[2][]{\mdSpan[font-weight=bold,#1]{#2}}

\newlength{\mdTablelineskip}
\setlength{\mdTablelineskip}{2.4ex}


% ---------------------------------------------------
% Figures
% ---------------------------------------------------
\cssNewKey{css}{page-align}{\cssPageAlign}{}
\cssNewKey{css}{float-env}{\cssFloatEnv}{figure}
\newcommand{\mdFloating}{%
  \eifstrequal{\cssPageAlign}{top}%
    {\def\@pagealign{t}}%
  {\eifstrequal{\cssPageAlign}{bottom}%
    {\def\@pagealign{b}}%
  {\eifstrequal{\cssPageAlign}{here}%
    {\def\@pagealign{ht}}%
  {\eifstrequal{\cssPageAlign}{page}%
    {\def\@pagealign{p}}%
  {\eifstrequal{\cssPageAlign}{forcehere}%
    {\def\@pagealign{!ht}}%
    {\def\@pagealign{tbp}}}}}}% default tbp
  %\cssDoAfter{\cssRestoreFootnotes}%
  \eifstrequal{\cssFloat}{left}%
    {}%
  {\eifstrequal{\cssFloat}{right}%
    {}%
  {\cssIfHasClass{wide}%
    {\cssDoBefore{\expandnext{\begin{\cssFloatEnv*}[}{\@pagealign}]}\cssDoAfter{\end{\cssFloatEnv*}}}%
    {\cssDoBefore{\expandnext{\begin{\cssFloatEnv}[}{\@pagealign}]}\cssDoAfter{\end{\cssFloatEnv}}}%
  }}%
  %\cssDoBefore{\cssSaveFootnotes}%
}
\cssElemRuleDo{floating}{\mdFloating}

\newlength{\mdCaptionlen}
\newcommand{\mdCaption}[1]{%
  \settowidth{\mdCaptionlen}{#1}%
  \ifnum\mdCaptionlen<\linewidth%
    \parbox{\linewidth}{\noindent\centering #1}%
  \else%
    \parbox{\linewidth}{\noindent #1}%
  \fi%
}

\cssClassRuleCmd{figure-caption}{\mdCaption}
\cssClassRule{figure-caption}{text-align=justify}% prevents insertion of hspace{\fill} due to outer align-center

% participate in listoffigures and listoftables
\newcommand{\mdCaptionText}[1]{%
  \addcontentsline{\csname ext@\@captype\endcsname}{\@captype}%
    {\protect\numberline{\@mdCaptionLabel}{\ignorespaces #1}}%
  #1    
}
\cssClassRuleCmd{caption-text}{\mdCaptionText}

\newcommand{\mdCaptionLabel}[1]{%
  \global\gdef\@mdCaptionLabel{#1}%
  #1
}
\cssClassRuleCmd{figure-label}{\mdCaptionLabel}
\cssClassRuleCmd{table-label}{\mdCaptionLabel}


\newcommand{\mdHr}[2][]{%
  \begingroup%  
  \cssNewLengthKey{csspre}{width}{\cssHrWidth}% capture width 
  %\relax\ifhmode\par\fi%
  \begin{mdDiv}[height=1ex,vertical-align=center,text-align=center,#1]{%
    \ifdim\cssHrWidth=0pt\setlength{\cssHrWidth}{\linewidth}\fi%
    \rule{\cssHrWidth}{\cssPixel}#2}%
  \end{mdDiv}%
  \endgroup}

\cssClassRule{block}{margin-top=\topsep,margin-bottom=\topsep}


%-------------------------------------------------------------
% Float boxes  (should this be in css.sty?)
%-------------------------------------------------------------
\newlength{\@sideheight}
\newsavebox{\@sidebox}
\newcommand{\mdFloatBox}[3]{
  \savebox{\@sidebox}{#3}%
  \ifdim\ht\@sidebox>0pt\relax%
    \savebox{\@sidebox}{\raisebox{-\ht\@sidebox}{\usebox{\@sidebox}}}% top-align the box
  \fi%
  \ifnum 0=0#2\relax%
    \setlength{\@sideheight}{\dp\@sidebox}%
    \addtolength{\@sideheight}{\ht\@sidebox}%
    \def\@hangafter{\the\numexpr(0 - \@sideheight - \baselineskip/2)/\baselineskip\relax}%  
  \else%
    \def\@hangafter{-#2}%
  \fi%
  \eifstrequal{#1}{right}%
      {\hangindent=-\wd\@sidebox%
       \hangafter=\@hangafter%
       \smash{\hspace*{\dimexpr\textwidth - \wd\@sidebox}\usebox{\@sidebox}}%
    }%
   {\hangindent=\wd\@sidebox%
       \hangafter=\@hangafter%
       \smash{\usebox{\@sidebox}}%
    }%  
}


%-------------------------------------------------------------
% Code and syntax highlighting 
%-------------------------------------------------------------
\newcommand{\mdPrettyFont}{serif}

\newenvironment{mdPre}[1][]%
  {\begin{cssBlockX}{elem=pre,margin-top=1ex,margin-bottom=1ex,text-indent=0pt,font-family=monospace}{text-align=left,#1}}% text-align must come after defaults due to parent rules..
  {\end{cssBlockX}}%

\cssNewInlineElem{\mdCode}{code}{font-family=monospace}
\cssNewInlineElem{\mdPrecode}{precode}{}
\cssClassRule{pretty}{font-family=\mdPrettyFont}
\cssClassRuleDo{pretty}{\def\@tokenPostfix{Pretty}}

\newlength{\presp}
\settowidth{\presp}{\texttt{ }}
\newcommand{\prespace}[1]{\hspace*{#1\presp}}
\newcommand{\preindent}[1]{\hspace*{#1\presp}}
\newcommand{\prebr}{\strut\\}



% pretty layout
\newenvironment{mdCodeTable}[3][]{% [attributes]{column-count}{column-specifiers}
  \begin{mdDiv}[#1]%
  \mdTableInit{#2}%
  \mdPrettyInit%
  \begin{tabular}{#3}}{\end{tabular}\end{mdDiv}}

\newenvironment{mdCodeLongTable}[3][]{% [attributes]{column-count}{column-specifiers}
  \begin{mdDiv}[#1]%
  \mdTableInit{#2}%
  \mdPrettyInit%
  \begin{longtable}{#3}}{\end{longtable}\end{mdDiv}}

\newcommand\mdPrettyInit{%
  \setlength{\tabcolsep}{0pt}%
  \def\prespace{\pprespace}%
  \def\preindent{\ppreindent}%
  \def\prebr{\pprebr}%
}

\newlength{\ppresp}
\setlength{\ppresp}{0.5ex}
\newcommand{\ppreindent}[1]{\hspace*{3\ppresp}}%{\hspace*{#1\ppresp}}
\newcommand{\pprespace}[1]{\hspace*{\ppresp}}
\newcommand{\pprebr}[1]{ }


% Tokens for highlighting

\cssNewKey{css}{language}{\cssLanguage}{}

\newcommand{\@tokenPostfix}{}
\newcommand{\@tokencmd}[1]{#1}
\newcommand{\mdToken}[2]{%
  \renewcommand{\@tokencmd}[1]{##1}%
  \@for\@tname:=#1\do{%
    \ifcsdef{mdToken\@tokenPostfix\@tname}{\apptox{\@tokencmd}{\csname mdToken\@tokenPostfix\@tname\endcsname}}{}%
  }%
  \@tokencmd{#2}%
}

%-------------------------------------------------------------
% Standard token classes for syntax highlighting 
%-------------------------------------------------------------

\newcommand{\mdTokenIdentifier}[1]{#1}
\newcommand{\mdTokenKeyword}[1]{\textcolor{Navy}{#1}}
\newcommand{\mdTokenPredefined}[1]{\textcolor{Navy}{#1}}
\newcommand{\mdTokenString}[1]{\textcolor{Maroon}{#1}}
\newcommand{\mdTokenStringEscape}[1]{\textcolor{Gray}{#1}}
\newcommand{\mdTokenComment}[1]{\textcolor{Green}{#1}}
\newcommand{\mdTokenSpecial}[1]{\textcolor{Navy}{#1}}
\newcommand{\mdTokenDoc}[1]{\textcolor{Gray}{#1}}
\newcommand{\mdTokenConstant}[1]{\textcolor{Purple}{#1}}
\newcommand{\mdTokenTag}[1]{\textcolor{Navy}{#1}}
\newcommand{\mdTokenError}[1]{\textcolor{Red}{#1}}
\newcommand{\mdTokenAttribute}[1]{\textcolor{Purple}{#1}}
\newcommand{\mdTokenConstructor}[1]{\textcolor{Purple}{#1}}
\newcommand{\mdTokenNamespace}[1]{\textcolor{Navy}{#1}}
\newcommand{\mdTokenType}[1]{\textcolor{Teal}{#1}}
\newcommand{\mdTokenEmphasis}[1]{\itshape #1}
\newcommand{\mdTokenStrong}[1]{\bfseries #1}
\newcommand{\mdTokenTitle}[1]{\bfseries #1}
\newcommand{\mdTokenMeta}[1]{\textcolor{Gray}{#1}}
\newcommand{\mdTokenEntity}[1]{{#1}}
\newcommand{\mdTokenDelimiter}[1]{{#1}}

\newcommand{\mdTokenNumber}[1]{\mdTokenConstant{#1}}
\newcommand{\mdTokenLiteral}[1]{\mdTokenConstant{#1}}
\newcommand{\mdTokenItalic}[1]{\mdTokenEmphasis{#1}}
\newcommand{\mdTokenBold}[1]{\mdTokenStrong{#1}}
\newcommand{\mdTokenRegexp}[1]{\mdTokenString{#1}}
\newcommand{\mdTokenInvalid}[1]{\mdTokenError{#1}}
\newcommand{\mdTokenValue}[1]{\mdTokenString{#1}}

% Pretty tokens

\newcommand{\mdTokenPrettyIdentifier}[1]{\textit{#1}}
\newcommand{\mdTokenPrettyConstructor}[1]{\textit{#1}}
\newcommand{\mdTokenPrettyKeyword}[1]{\textsf{#1}}
\newcommand{\mdTokenPrettyOperator}[1]{\,#1\,}

% ---------------------------------------------------
% Support the Beamer class
% ---------------------------------------------------


\ifbeamer%
  \renewcommand{\@mdHyperref}[2]{\hyperlink{#1}{#2}}%
  \renewcommand{\mdH}[2][]{\frametitle{\cssInline[elem=h0,#1]{#2}}}%
  \renewcommand{\mdHx}[2][]{\frametitle{\cssInline[elem=h1,#1]{#2}}}%
  \renewcommand{\mdHxx}[2][]{\frametitle{\cssInline[elem=h2,#1]{#2}}}%
  \renewenvironment{mdSection}[1][]{\begin{mdDiv}[#1]\begin{frame}\stepcounter{beamerpauses}}{\end{frame}\end{mdDiv}}%
  % handle fragments
  \cssClassRuleDo{fragment}{%
    \eifstrequal{\cssDisplay}{inline}%
    {\cssWrapCmd{\only<+->}}%
    {\cssDoBefore{\begin{onlyenv}<+->}\cssDoAfter{\end{onlyenv}}}%
  }
  \cssClassRuleDoBefore{pause}{\pause{}}%
  % item appearance on a list defined with a fragmented class
  \let\old@mdLi\mdLi%
  \let\old@endmdLi\endmdLi%
  \def\mdLi{%
    \begingroup\def\@fragmentend{}% use fragmented class from the parent (ie. ul or ol)
    \cssIfHasClass{fragmented}{\def\@fragmentend{\end{onlyenv}}\begin{onlyenv}<+->}{}%
    \old@mdLi}%
  \def\endmdLi{%
    \old@endmdLi\@fragmentend\endgroup%
  }%
\fi

% ---------------------------------------------------
% Math snippets for static image generation
% ---------------------------------------------------

% re-define some symbols
\renewcommand{\notin}{\not\in}  %turns out the baseline for 'notin' is wrong

% boxes and lengths
\newsavebox{\@snippetBox}
\newlength{\@snippetWidth}
\newlength{\@snippetHeight}
\newlength{\@snippetDepth}

\newcounter{snippets}

\newcommand{\@savedepth}{%
  \setlength{\@snippetWidth}{\wd\@snippetBox}%
  \setlength{\@snippetHeight}{\ht\@snippetBox}%
  \setlength{\@snippetDepth}{\dp\@snippetBox}%
  \addtolength{\@snippetHeight}{\@snippetDepth}%
  \immediate\write\foo{\arabic{snippets},\@snippetName,\the\@snippetWidth,\the\@snippetHeight,\the\@snippetDepth}%
  \noindent\usebox\@snippetBox%
}

\newenvironment{mdDisplaySnippet}[1][\arabic{snippets}]%
  {\stepcounter{snippets}\edef\@snippetName{#1}%
   \begin{lrbox}{\@snippetBox}\vbox\bgroup}%
  {\egroup\end{lrbox}\@savedepth\newpage}

\newenvironment{mdInlineSnippet}[1][\arabic{snippets}]%
  {\stepcounter{snippets}\def\@snippetName{#1}%
   \begin{lrbox}{\@snippetBox}}%
  {\end{lrbox}\@savedepth\newpage}

\newenvironment{mdSnippets}%
    {\pagestyle{empty}%
     \abovedisplayskip=0pt%
     \belowdisplayskip=0pt%
     \abovedisplayshortskip=0pt%
     \belowdisplayshortskip=0pt%
     \newwrite\foo\immediate\openout\foo=\jobname.dim%
     \immediate\write\foo{\%ordinal,(hash)name,width,(total) height,depth,image width,image height,dpi,base64 encoding}%
    }%
    {\closeout\foo}


================================================
FILE: marktoberdorf_slides/collatz.py
================================================
def collatz(n):
    if n <= 1:
        return 1
    else:
        if n % 2 == 0:
            return collatz(n // 2)
        else:
            return collatz(3 * n + 1)

def max_iters():
    return 10

def expected_result_set():
    return [1]


================================================
FILE: marktoberdorf_slides/examples/adder.py
================================================
from z3 import *

def add1(x0,y0,c0):
	return (simplify(Xor(Xor(x0,y0),c0)), 
                simplify(Or(And(x0,y0),And(x0,c0),And(y0,c0))))

def addN(xN,yN,cin):
	res = []
	cout = cin
	for (x,y) in zip(xN,yN):
		(new_res,cout) = add1(x,y,cout)
		res.append(new_res)
	return (res,cout)



================================================
FILE: marktoberdorf_slides/examples/automata.py
================================================
from z3 import *

Char = BitVecSort(8)
List = Datatype('List')
List.declare('cons', ('head', Char), ('tail', List))
List.declare('nil')
List = List.create()

# abbreviations
cons = List.cons
head = List.head
tail = List.tail
nil = List.nil
Bool = BoolSort()

# don't use model-based quantifier instantiation here
set_param('smt.mbqi', False)
solver = SimpleSolver()

# we will set up axioms to solve for the regular expression 
# [0-9]+|[a-z]

q0 = Function('q0',List,Bool)
q1 = Function('q1',List,Bool)
q2 = Function('q2',List,Bool)
q3 = Function('q3',List,Bool)
q4 = Function('q4',List,Bool)

y = Const('y',List)

# qo -[e]-> q1, qo -[e]-> q3 
def q0axiom():
	body = q0(y) == Or(q1(y),q3(y))
	return ForAll(y, body, patterns = [q0(y)])

# q1 -[0..9]-> q2
def q1axiom():
	body = q1(y) == And(y!=nil,ULE(ord('0'),head(y)),ULE(head(y),ord('9')),\
                            q2(tail(y)))
	return ForAll(y, body, patterns = [q1(y)])

# q2 -[0..9] -> q2  (q2 is final) 
def q2axiom():
	body = q2(y) == Or(y==nil,And(y!=nil,ULE(ord('0'),head(y)),ULE(head(y),ord('9')),q2(tail(y))))
	return ForAll(y, body, patterns = [q2(y)])

# q3 -[a-z]-> q4
def q3axiom():
	body = q3(y) == And(y!=nil,ULE(ord('a'),head(y)),ULE(head(y),ord('z')),q4(tail(y)))
	return ForAll(y, body, patterns = [q3(y)])

# (q4 is final)
def q4axiom():
	body = q4(y) == (y==nil)
	return ForAll(y, body, patterns = [q4(y)])

#to generate longer results
def lengthGE(x,k):
  axiom = BoolVal(True)
  for i in range(k):
    axiom = And(axiom,Not(x == nil))
    x = tail(x)
  return axiom

def test():
  solver.add(q0axiom(),q1axiom(),q2axiom(),q3axiom(),q4axiom())
  y = Const('y',List)
  solver.add(lengthGE(y,4))
  solver.add(q0(y))
  print(solver.assertions())
  ok = solver.check()
  assert(ok != unsat)
  print(solver.model())
  yVal = solver.model().evaluate(y,True)
  print(yVal)
  
test()


================================================
FILE: marktoberdorf_slides/examples/check_adder.py
================================================
from adder import *

N = 128

# now prove that adder is equal to bitvector add 

xN = BoolVector("x",N)
yN = BoolVector("y",N)

x_bv = BitVec("x_bv",N)
y_bv = BitVec("y_bv",N)

# need to equate the inputs (Extract(lo,hi,bv)

def eq_bool(bv, i, b):
	return (Extract(i,i,bv) == 1) == b

def eq_bitvec_boolvec(bitvec,boolvec):
	return [ eq_bool(bitvec,i,boolvec[i]) for i in range(bitvec.size())  ]

inputs_equal = eq_bitvec_boolvec(x_bv,xN) + eq_bitvec_boolvec(y_bv,yN)

res,cout = addN(xN,yN,BoolVal(False))

res_bv = x_bv + y_bv

outputs_equal = eq_bitvec_boolvec(res_bv,res)

s = Solver()
s.add(And(inputs_equal))
s.add(Not(And(outputs_equal)))
#print(s.assertions())
result = s.check()
if result == sat:
	print(s.model())
else:
	print(result)


================================================
FILE: marktoberdorf_slides/examples/check_mult.py
================================================
from mult import *

# now prove that adder is equal to bitvector add 

N = 16

xN = BoolVector("x",N)
yN = BoolVector("y",N)

x_bv = BitVec("x_bv",N)
y_bv = BitVec("y_bv",N)

# need to equate the inputs (Extract(lo,hi,bv)

def eq_bool(bv, i, b):
	return (Extract(i,i,bv) == 1) == b

def eq_bitvec_boolvec(bitvec,boolvec):
	return [ eq_bool(bitvec,i,boolvec[i]) for i in range(bitvec.size())  ]

inputs_equal = eq_bitvec_boolvec(x_bv,xN) + eq_bitvec_boolvec(y_bv,yN)

res,cout = multN(xN,yN)

res_bv = x_bv * y_bv

outputs_equal = eq_bitvec_boolvec(res_bv,res)

s = Solver()
s.add(And(inputs_equal))
s.add(Not(And(outputs_equal)))
result = s.check()
print(result)


================================================
FILE: marktoberdorf_slides/examples/first.py
================================================
from z3 import *

x = BitVec("x",8)
y = BitVec("y",8)
z = BitVec("z",8)

s = Solver()
s.add(x > 0,y > 0,z==x+y)
s.add(Not(z > 0))

result = s.check()
if result == sat:
	print(s.model())
else:
	print(result)



================================================
FILE: marktoberdorf_slides/examples/hats.py
================================================
from z3 import *

N = 7

# set up the bit vectors for the hats and what each person will guess
hat    = [ BitVec("Hat"+str(i),10) for i in range(N) ]
guess  = [ BitVec("Guess"+str(i),10) for i in range(N) ]

# compute the sum of each person i's guess and the hats numbers for all j != i
sum    = [ sum([guess[i]]+[ hat[j] for j in range(N) if j!=i]) for i in range(N) ]

# the program for each person i
prog   = [ (sum[i] % N) == i for i in range(N) ]

s = Solver()

def bounded(x):
	return And(0<=x,x<N)
s.add([ bounded(hat[i]) for i in range(N) ])
s.add([ bounded(guess[i]) for i in range(N) ])

s.add([ prog[i] for i in range(N) ])

# at least one person's guess is their own hat number
s.add(Not(Or([ guess[i] == hat[i] for i in range(N) ])))

print(s.check())


================================================
FILE: marktoberdorf_slides/examples/mult.py
================================================
from adder import *

#  x2 x1 x0
#  y2 y1 y0
  
#  And(x2,y0) And(x1,y0) And(x0,y0)
#  And(x1,y1) And(x0,y1) False
#  And(x0,y2) False      False

def multN(xN,yN):
	i = 0
	intermediate = []
	N = len(xN)

	# create N vectors
	while(i<N):
		false_prefix = [ BoolVal(False) for j in range(i) ]
		suffix = [ And(xN[i],yN[j-i]) for j in range(i,N) ]
		vec = false_prefix + suffix
		intermediate.append(vec)
		i = i + 1

	# now add them up
	res = intermediate[0]
	for j in intermediate[1:]:
		(res,cout) = addN(res,j,BoolVal(False))

	return (res,cout)

================================================
FILE: marktoberdorf_slides/examples/mult2.py
================================================
from z3 import *

N = 13
zerosN = [BoolVal(False)] * N

def multcell(a,b,c,s):
	# I have to admit it is based on http://www.xilinx.com/univ/teaching_materials/dsp_primer/sample/lecture_notes/FPGAArithmetic_mult.pdf , slide 3.
	y = And(a,b)
	(sout,cout) = add1(s,y,c)
	return (cout,sout)
	
def multN(xN,yN):
	# to sum up the columns
	sums = zerosN
	
	for row in range(N):
		b = yN[row] # yN is not shifted
		# initialise carry to 0
		c = BoolVal(False)
		
		for col in range(row,N): # note that col<row cells are skipped!
			# collect the inputs
			
			# xN is shifted in each row
			a = xN[col-row]
			# sum up the columns
			s = sums[col]
			
			# make a multiplication cell
			(co,so) = multcell(a,b,c,s)
			
			# outputs
			c = co
			sums[col] = so
	return sums
	
def add1(x0,y0,c0):
	return (simplify(Xor(Xor(x0,y0),c0)) , simplify(Or(And(x0,y0),And(x0,c0),And(y0,c0))))

================================================
FILE: pyexz3.py
================================================
# Copyright: see copyright.txt

import os
import sys
import logging
import traceback
from optparse import OptionParser

from symbolic.loader import *
from symbolic.explore import ExplorationEngine

print("PyExZ3 (Python Exploration with Z3)")

sys.path = [os.path.abspath(os.path.join(os.path.dirname(__file__)))] + sys.path

usage = "usage: %prog [options] <path to a *.py file>"
parser = OptionParser(usage=usage)

parser.add_option("-l", "--log", dest="logfile", action="store", help="Save log output to a file", default="")
parser.add_option("-s", "--start", dest="entry", action="store", help="Specify entry point", default="")
parser.add_option("-g", "--graph", dest="dot_graph", action="store_true", help="Generate a DOT graph of execution tree")
parser.add_option("-m", "--max-iters", dest="max_iters", type="int", help="Run specified number of iterations", default=0)
parser.add_option("--cvc", dest="cvc", action="store_true", help="Use the CVC SMT solver instead of Z3", default=False)
parser.add_option("--z3", dest="cvc", action="store_false", help="Use the Z3 SMT solver")

(options, args) = parser.parse_args()

if not (options.logfile == ""):
	logging.basicConfig(filename=options.logfile,level=logging.DEBUG)

if len(args) == 0 or not os.path.exists(args[0]):
	parser.error("Missing app to execute")
	sys.exit(1)

solver = "cvc" if options.cvc else "z3"

filename = os.path.abspath(args[0])
	
# Get the object describing the application
app = loaderFactory(filename,options.entry)
if app == None:
	sys.exit(1)

print ("Exploring " + app.getFile() + "." + app.getEntry())

result = None
try:
	engine = ExplorationEngine(app.createInvocation(), solver=solver)
	generatedInputs, returnVals, path = engine.explore(options.max_iters)
	# check the result
	result = app.executionComplete(returnVals)

	# output DOT graph
	if (options.dot_graph):
		file = open(filename+".dot","w")
		file.write(path.toDot())	
		file.close()

except ImportError as e:
	# createInvocation can raise this
	logging.error(e)
	sys.exit(1)

if result == None or result == True:
	sys.exit(0);
else:
	sys.exit(1);	


================================================
FILE: run_tests.py
================================================
import os
import re
import sys
import subprocess
from optparse import OptionParser
from sys import platform as _platform

class bcolors:
    SUCCESS = '\033[32m'
    WARNING = '\033[33m'
    FAIL = '\033[31m'
    ENDC = '\033[0m'

def myprint(color, s, *args):
  if _platform != "win32" and sys.stdout.isatty():
    print(color, s, bcolors.ENDC, *args)
  else:
    print(*args)

usage = "usage: %prog [options] <test directory>"
parser = OptionParser()
parser.add_option("--cvc", dest="cvc", action="store_true", help="Use the CVC SMT solver instead of Z3", default=False)
parser.add_option("--z3", dest="cvc", action="store_false", help="Use the Z3 SMT solver")
(options, args) = parser.parse_args()

if len(args) == 0 or not os.path.exists(args[0]):
    parser.error("Please supply directory of tests")
    sys.exit(1)
    
test_dir = os.path.abspath(args[0])

if not os.path.isdir(test_dir):
    print("Please provide a directory of test scripts.")
    sys.exit(1)

files = [ f for f in os.listdir(test_dir) if re.search(".py$",f) ]

failed = []
for f in files:
	# execute the python runner for this test
        full = os.path.join(test_dir, f)
        with open(os.devnull, 'w') as devnull:
            solver = "--cvc" if options.cvc else "--z3"
            ret = subprocess.call([sys.executable, "pyexz3.py", "--m=25", solver, full], stdout=devnull)
        if (ret == 0):
            myprint(bcolors.SUCCESS, "✓", "Test " + f + " passed.")
        else:
            failed.append(f)
            myprint(bcolors.FAIL, "✗", "Test " + f + " failed.")

if failed != []:
	print("RUN FAILED")
	print(failed)
	sys.exit(1)
else:
	sys.exit(0)

================================================
FILE: setup.bat
================================================
set Z3HOME=c:\z3\bin
set PYTHONHOME=c:\Python34
set GRAPHVIZHOME="c:\Program Files (x86)\Graphviz2.38\bin"
set PATH=%PATH%;%PYTHONHOME%;%Z3HOME%;%GRAPHVIZHOME%
set PYTHONPATH=%PYTHONPATH%;%Z3HOME%



================================================
FILE: setup.sh
================================================
#!/bin/bash

# Homebrew default locations (both for python and z3)
export PYTHONMODS="usr/local/lib/python2.7/site-packages:/Library/Python/2.7/site-packages:~/Library/Python/2.7/lib/python/site-packages" 
export Z3HOME="/usr/local/Cellar/z3/4.3.1/lib/python2.7/site-packages/"
export Z3BIN="/usr/local/Cellar/z3/4.3.1/bin"


# Python setup
export PYTHONPATH=$PYTHONMODS:$Z3HOME

# Path setup
export PATH=$PATH:$Z3BIN




================================================
FILE: symbolic/__init__.py
================================================


================================================
FILE: symbolic/args.py
================================================
def symbolic(**arg_types):
	def decorator(f):
		f.symbolic_args = arg_types
		return f
	return decorator

def concrete(**arg_types):
	def decorator(f):
		f.concrete_args = arg_types
		return f
	return decorator


================================================
FILE: symbolic/constraint.py
================================================
# Copyright: see copyright.txt

import logging

log = logging.getLogger("se.constraint")

class Constraint:
	cnt = 0
	"""A constraint is a list of predicates leading to some specific
	   position in the code."""
	def __init__(self, parent, last_predicate):
		self.inputs = None
		self.predicate = last_predicate
		self.processed = False
		self.parent = parent
		self.children = []
		self.id = self.__class__.cnt
		self.__class__.cnt += 1

	def __eq__(self, other):
		"""Two Constraints are equal iff they have the same chain of predicates"""
		if isinstance(other, Constraint):
			if not self.predicate == other.predicate:
				return False
			return self.parent is other.parent
		else:
			return False

	def getAssertsAndQuery(self):
		self.processed = True

		# collect the assertions
		asserts = []
		tmp = self.parent
		while tmp.predicate is not None:
			asserts.append(tmp.predicate)
			tmp = tmp.parent

		return asserts, self.predicate	       

	def getLength(self):
		if self.parent == None:
			return 0
		return 1 + self.parent.getLength()

	def __str__(self):
		return str(self.predicate) + "  (processed: %s, path_len: %d)" % (self.processed,self.getLength())

	def __repr__(self):
		s = repr(self.predicate) + " (processed: %s)" % (self.processed)
		if self.parent is not None:
			s += "\n  path: %s" % repr(self.parent)
		return s

	def findChild(self, predicate):
		for c in self.children:
			if predicate == c.predicate:
				return c
		return None

	def addChild(self, predicate):
		assert(self.findChild(predicate) is None)
		c = Constraint(self, predicate)
		self.children.append(c)
		return c



================================================
FILE: symbolic/cvc_expr/__init__.py
================================================


================================================
FILE: symbolic/cvc_expr/exprbuilder.py
================================================
import logging

from symbolic.cvc_expr.integer import CVCInteger
from symbolic.cvc_expr.string import CVCString
from symbolic.symbolic_types import SymbolicInteger, SymbolicStr
from symbolic.symbolic_types.symbolic_type import SymbolicObject
import utils

log = logging.getLogger("se.cvc_expr.exprbuilder")


class ExprBuilder(object):
    def __init__(self, asserts, query, solver):
        self.solver = solver
        self.solver.guards = []
        self.em = self.solver.getExprManager()
        self.cvc_vars = {}
        self.query = self._toCVC(asserts, query)

    def _toCVC(self, asserts, query):
        smt_query = self._predToCVC(query).not_op()
        for p in asserts:
            smt_query &= self._predToCVC(p)
        for guard in self.solver.guards:
            smt_query &= guard
        return smt_query

    def _predToCVC(self, pred, env=None):
        sym_expr = self._astToCVCExpr(pred.symtype, env)
        if env is None:
            if not sym_expr.cvc_expr.getType().isBoolean():
                sym_expr = (sym_expr == CVCInteger.constant(0, self.solver)).not_op()
            if not pred.result:
                sym_expr = sym_expr.not_op()
        else:
            if not pred.result:
                sym_expr = sym_expr.not_op()
        return sym_expr

    def _getVariable(self, symbolic_var):
        name = symbolic_var.name
        if name in self.cvc_vars:
            return self.cvc_vars[name]
        variable = None
        if isinstance(symbolic_var, SymbolicInteger):
            variable = CVCInteger.variable(name, self.solver)
        elif isinstance(symbolic_var, SymbolicStr):
            variable = CVCString.variable(name, self.solver)
        self.cvc_vars[name] = variable
        return variable

    def _wrapIf(self, expr, env):
        if env is None:
            return expr.ite(CVCInteger.constant(1, self.solver), CVCInteger.constant(0, self.solver))
        else:
            return expr

    def _astToCVCExpr(self, expr, env=None):
        if isinstance(expr, list):
            op = expr[0]
            args = [self._astToCVCExpr(a, env) for a in expr[1:]]
            cvc_l = args[0]
            cvc_r = args[1] if len(args) > 1 else None
            cvc_3 = args[2] if len(args) > 2 else None

            # arithmetical operations
            if op == "+":
                return cvc_l + cvc_r
            elif op == "-":
                return cvc_l - cvc_r
            elif op == "*":
                return cvc_l * cvc_r
            elif op == "//":
                return cvc_l / cvc_r
            elif op == "%":
                return cvc_l % cvc_r

            # bitwise
            elif op == "<<":
                return cvc_l << cvc_r
            elif op == ">>":
                return cvc_l >> cvc_r
            elif op == "^":
                return cvc_l ^ cvc_r
            elif op == "|":
                return cvc_l | cvc_l
            elif op == "&":
                return cvc_l & cvc_r

            # string
            elif op == "str.len":
                return cvc_l.len()
            elif op == "str.find":
                return cvc_l.find(cvc_r, cvc_3)
            elif op == "str.replace":
                return cvc_l.replace(cvc_r, cvc_3)
            elif op == "str.startswith":
                return self._wrapIf(cvc_l.startswith(cvc_r), env)

            # collection operators
            elif op == "getitem":
                return cvc_l[cvc_r]
            elif op == "slice":
                return cvc_l[cvc_r:cvc_3]
            # equality gets coerced to integer
            elif op == "==":
                if cvc_l is None or cvc_r is None:
                    # forces false condition no model contains None
                    return self._wrapIf(self._astToCVCExpr(0, env) !=
                                        self._astToCVCExpr(0, env), env)
                else:
                    return self._wrapIf((cvc_l == cvc_r), env)
            elif op == "!=":
                if cvc_l is None or cvc_r is None:
                    return self._wrapIf(self._astToCVCExpr(0, env) == self._astToCVCExpr(0, env), env)
                else:
                    return self._wrapIf((cvc_l != cvc_r), env)
            elif op == "<":
                return self._wrapIf((cvc_l < cvc_r), env)
            elif op == ">":
                return self._wrapIf((cvc_l > cvc_r), env)
            elif op == "<=":
                return self._wrapIf((cvc_l <= cvc_r), env)
            elif op == ">=":
                return self._wrapIf((cvc_l >= cvc_r), env)
            elif op == "in":
                return self._wrapIf((cvc_l.__contains__(cvc_r)), env)
            else:
                utils.crash("Unknown BinOp during conversion from ast to CVC (expressions): %s" % op)

        elif isinstance(expr, SymbolicObject):
            if expr.isVariable():
                if env is None:
                    variable = self._getVariable(expr)
                    return variable
                else:
                    return env[expr.name]
            else:
                return self._astToCVCExpr(expr.expr, env)

        elif isinstance(expr, int) | isinstance(expr, str):
            if env is None:
                if isinstance(expr, int):
                    return CVCInteger.constant(expr, self.solver)
                elif isinstance(expr, str):
                    return CVCString.constant(expr, self.solver)
            else:
                return expr
        elif expr is None:
            return None
        else:
            utils.crash("Unknown node during conversion from ast to CVC (expressions): %s" % expr)
    


================================================
FILE: symbolic/cvc_expr/expression.py
================================================
import logging

import CVC4


log = logging.getLogger("se.cvc_expr.expr")


class CVCExpression(object):
    CVC_TYPE = 'Bool'

    def __init__(self, cvc_expr, solver):
        self.cvc_expr = cvc_expr
        self.solver = solver
        self.em = self.solver.getExprManager()

    @classmethod
    def variable(cls, name, solver):
        raise NotImplementedError

    @classmethod
    def constant(cls, v, solver):
        raise NotImplementedError

    def getvalue(self):
        raise NotImplementedError

    def ite(self, th, el):
        assert th.cvc_expr.getType().toString() == el.cvc_expr.getType().toString()
        return th.__class__(self.em.mkExpr(CVC4.ITE, self.cvc_expr,
                                           th.cvc_expr, el.cvc_expr), self.solver)

    def __and__(self, other):
        return CVCExpression(self.em.mkExpr(CVC4.AND, self.cvc_expr, other.cvc_expr), self.solver)

    def __xor__(self, other):
        return CVCExpression(self.em.mkExpr(CVC4.XOR, self.cvc_expr, other.cvc_expr), self.solver)

    def __or__(self, other):
        return CVCExpression(self.em.mkExpr(CVC4.OR, self.cvc_expr, other.cvc_expr), self.solver)

    def not_op(self):
        return CVCExpression(self.em.mkExpr(CVC4.NOT, self.cvc_expr), self.solver)

    def __ne__(self, other):
        return CVCExpression(self.em.mkExpr(CVC4.NOT, self.em.mkExpr(CVC4.EQUAL, self.cvc_expr, other.cvc_expr)),
                             self.solver)

    def __eq__(self, other):
        return CVCExpression(self.em.mkExpr(CVC4.EQUAL, self.cvc_expr, other.cvc_expr), self.solver)

    def __lt__(self, other):
        return CVCExpression(self.em.mkExpr(CVC4.LT, self.cvc_expr, other.cvc_expr), self.solver)

    def __gt__(self, other):
        return CVCExpression(self.em.mkExpr(CVC4.GT, self.cvc_expr, other.cvc_expr), self.solver)

    def __ge__(self, other):
        return CVCExpression(self.em.mkExpr(CVC4.GEQ, self.cvc_expr, other.cvc_expr), self.solver)

    def __le__(self, other):
        return CVCExpression(self.em.mkExpr(CVC4.LEQ, self.cvc_expr, other.cvc_expr), self.solver)

    def __str__(self):
        return self.cvc_expr.toString()

================================================
FILE: symbolic/cvc_expr/integer.py
================================================
import logging

import CVC4
from CVC4 import Rational, Integer

from .expression import CVCExpression

log = logging.getLogger("se.cvc.integer")


class CVCInteger(CVCExpression):
    """Python numbers are represented as integers in the CVC path expression. For bitwise operations, integers are
    transformed into bit vectors of size _bv_size and then converted back to a natural number using CVC's
    BITVECTOR_TO_NAT operator. In order to maintain sound reasoning of the behavior of generated inputs, all inputs to
    bit vector operations are asserted positive through _assert_bvsanity as well as the outputs through
    _assert_bvbounds. These assumptions restrict the symbolic execution from finding valid solutions to path formulas
    in order to avoid generating path expressions with solutions that do not match program behavior. For example, x = -1
    is a valid solution to x != CVC4.BITVECTOR_TO_NAT(CVC4.INT_TO_BITVECTOR(x)) since the output of the right-hand side
    of the equation will be positive (natural numbers are >= 0).

    Possible improvements:

    1) _bv_size is currently fixed at a low number. The Z3 integration starts with small bit vectors and gradually
    increases the size until a solution is found. Match that functionality in CVCInteger.

    2) Create an alternative implementation of CVCInteger that uses bit vectors for all operations. In the presence of
    bitwise operations, the conversion between bit vectors and integers is expensive.

    3) Encode in the formula a BITVECTOR_TO_INT conversion that performs two's complement arithmetic."""

    CVC_TYPE = 'Int'

    _bv_size = 8

    @classmethod
    def variable(cls, name, solver):
        em = solver.getExprManager()
        expr = em.mkVar(name, em.integerType())
        return cls(expr, solver)

    @classmethod
    def constant(cls, v, solver):
        em = solver.getExprManager()
        return cls(em.mkConst(Rational(Integer(str(v)))), solver)

    def getvalue(self):
        """In order to mitigate the limited accuracy of the C-type values returned by the CVC getters, strings are parsed
        into Python numbers. This fix was added to pass the PyExZ3/test/bignum.py test case."""
        ce = self.solver.getValue(self.cvc_expr)
        rational = ce.getConstRational()
        numerator = int(rational.getNumerator().toString())
        denominator = int(rational.getDenominator().toString())
        if rational.isIntegral():
            return numerator // denominator
        else:
            return numerator / denominator

    def __add__(self, other):
        return CVCInteger(self.em.mkExpr(CVC4.PLUS, self.cvc_expr, other.cvc_expr), self.solver)

    def __sub__(self, other):
        return CVCInteger(self.em.mkExpr(CVC4.MINUS, self.cvc_expr, other.cvc_expr), self.solver)

    def __mul__(self, other):
        return CVCInteger(self.em.mkExpr(CVC4.MULT, self.cvc_expr, other.cvc_expr), self.solver)

    def __truediv__(self, other):
        return CVCInteger(self.em.mkExpr(CVC4.DIVISION, self.cvc_expr, other.cvc_expr), self.solver)

    def __mod__(self, other):
        return CVCInteger(self.em.mkExpr(CVC4.INTS_MODULUS, self.cvc_expr, other.cvc_expr), self.solver)

    def __or__(self, other):
        return self._bvhelper(other, CVC4.BITVECTOR_OR)

    def __and__(self, other):
        return self._bvhelper(other, CVC4.BITVECTOR_AND)

    def __xor__(self, other):
        return self._bvhelper(other, CVC4.BITVECTOR_XOR)

    def __lshift__(self, other):
        return self._bvhelper(other, CVC4.BITVECTOR_SHL)

    def __rshift__(self, other):
        return self._bvhelper(other, CVC4.BITVECTOR_ASHR)

    def tobv(self):
        bvconversion = self.em.mkConst(CVC4.IntToBitVector(self._bv_size))
        return self.em.mkExpr(bvconversion, self.cvc_expr)

    def bvsanity(self):
        return self == CVCExpression(self.em.mkExpr(CVC4.BITVECTOR_TO_NAT, self.tobv()), self.solver)

    def _bvhelper(self, other, op):
        calculation = self.em.mkExpr(op, self.tobv(), other.tobv())
        self.solver.guards.append(self.bvsanity() & other.bvsanity())
        self._assert_bvbounds(calculation)
        return CVCInteger(self.em.mkExpr(CVC4.BITVECTOR_TO_NAT, calculation), self.solver)

    def _assert_bvbounds(self, bvexpr):
        bitextract = self.em.mkConst(CVC4.BitVectorExtract(0, 0))
        self.solver.guards.append((CVCExpression(
            self.em.mkExpr(CVC4.EQUAL, self.em.mkExpr(bitextract, bvexpr),
                           self.em.mkConst(CVC4.BitVector(1, 0))),
            self.solver)))


================================================
FILE: symbolic/cvc_expr/string.py
================================================
import logging

import CVC4

from .expression import CVCExpression
from .integer import CVCInteger

log = logging.getLogger("se.cvc.string")


class CVCString(CVCExpression):
    CVC_TYPE = 'String'

    @classmethod
    def variable(cls, name, solver):
        em = solver.getExprManager()
        expr = em.mkVar(name, em.stringType())
        return cls(expr, solver)

    @classmethod
    def constant(cls, v, solver):
        em = solver.getExprManager()

        chararray = [CVC4.CVC4String_convertCharToUnsignedInt(c)
                     for c in bytes(v, 'UTF-8')]
        cvcstr = CVC4.CVC4String(chararray)
        assert cvcstr.size() == len(v)
        return cls(em.mkConst(cvcstr), solver)

    def getvalue(self):
        ce = self.solver.getValue(self.cvc_expr)
        chararray = [CVC4.CVC4String_convertUnsignedIntToChar(c)
                     for c in ce.getConstString().getVec()]
        v = bytes(chararray).decode()
        assert len(v) == ce.getConstString().size()
        return v

    def len(self):
        return CVCInteger(self.em.mkExpr(CVC4.STRING_LENGTH, self.cvc_expr), self.solver)

    def __add__(self, other):
        return CVCString(self.em.mkExpr(CVC4.STRING_CONCAT,
            self.cvc_expr, other.cvc_expr), self.solver)

    def __contains__(self, item):
        return CVCExpression(self.em.mkExpr(CVC4.STRING_STRCTN,
            self.cvc_expr, item.cvc_expr), self.solver)

    def __getitem__(self, item):
        if isinstance(item, slice):
            offset = item.stop - item.start
            self.solver.guards.append(item.start
                                      >= CVCInteger.constant(0, self.solver))
            self.solver.guards.append(offset
                                      >= CVCInteger.constant(0, self.solver))
            # Adding these forms of guards globally
            # can limit the number of solutions generated
            # but restructuring to avoid reducing the
            # solution space is a significant undertaking.
            self.solver.guards.append(self.len() > item.start)
            self.solver.guards.append(self.len() >= item.stop)
            return CVCString(self.em.mkExpr(CVC4.STRING_SUBSTR, self.cvc_expr,
                                            item.start.cvc_expr, offset.cvc_expr),
                             self.solver)
        return CVCString(self.em.mkExpr(CVC4.STRING_CHARAT, self.cvc_expr,
                                        item.cvc_expr), self.solver)

    def find(self, findstr, beg):
        """CVC4's String IndexOf functionality is capable of specifying
        an index to begin the search. However, the current
        implementation searches from the beginning of the string."""
        return CVCInteger(
            self.em.mkExpr(CVC4.STRING_STRIDOF, self.cvc_expr,
                           findstr.cvc_expr, beg.cvc_expr),
            self.solver)

    def replace(self, old, new):
        return CVCString(self.em.mkExpr(CVC4.STRING_STRREPL, self.cvc_expr, old.cvc_expr, new.cvc_expr), self.solver)

    def startswith(self, prefix):
        return CVCExpression(self.em.mkExpr(CVC4.STRING_PREFIX,
                                            prefix.cvc_expr,
                                            self.cvc_expr), self.solver)


================================================
FILE: symbolic/cvc_wrap.py
================================================
import logging

import utils

import CVC4
from CVC4 import ExprManager, SmtEngine, SExpr

from symbolic.cvc_expr.exprbuilder import ExprBuilder

log = logging.getLogger("se.cvc")


class CVCWrapper(object):
    options = {'produce-models': 'true',
               # Enable experimental string support
               'strings-exp': 'true',
               # Enable modular arithmetic with constant modulus
               'rewrite-divk': 'true',
               # Per Query timeout of 5 seconds
               'tlimit-per': 5000,
               'output-language': 'smt2',
               'input-language': 'smt2'}
    logic = 'ALL_SUPPORTED'

    def __init__(self):
        self.asserts = None
        self.query = None
        self.em = None
        self.solver = None

    def findCounterexample(self, asserts, query):
        """Tries to find a counterexample to the query while
           asserts remains valid."""
        self.em = ExprManager()
        self.solver = SmtEngine(self.em)
        for name, value in CVCWrapper.options.items():
            self.solver.setOption(name, SExpr(str(value)))
        self.solver.setLogic(CVCWrapper.logic)
        self.query = query
        self.asserts = self._coneOfInfluence(asserts, query)
        result = self._findModel()
        log.debug("Query -- %s" % self.query)
        log.debug("Asserts -- %s" % asserts)
        log.debug("Cone -- %s" % self.asserts)
        log.debug("Result -- %s" % result)
        return result

    def _findModel(self):
        self.solver.push()
        exprbuilder = ExprBuilder(self.asserts, self.query, self.solver)
        self.solver.assertFormula(exprbuilder.query.cvc_expr)
        try:
            result = self.solver.checkSat()
            log.debug("Solver returned %s" % result.toString())
            if not result.isSat():
                ret = None
            elif result.isUnknown():
                ret = None
            elif result.isSat():
                ret = self._getModel(exprbuilder.cvc_vars)
            else:
                raise Exception("Unexpected SMT result")
        except RuntimeError as r:
            log.debug("CVC exception %s" % r)
            ret = None
        self.solver.pop()
        return ret

    @staticmethod
    def _getModel(variables):
        """Retrieve the model generated for the path expression."""
        return {name: cvc_var.getvalue() for (name, cvc_var) in variables.items()}

    @staticmethod
    def _coneOfInfluence(asserts, query):
        cone = []
        cone_vars = set(query.getVars())
        ws = [a for a in asserts if len(set(a.getVars()) & cone_vars) > 0]
        remaining = [a for a in asserts if a not in ws]
        while len(ws) > 0:
            a = ws.pop()
            a_vars = set(a.getVars())
            cone_vars = cone_vars.union(a_vars)
            cone.append(a)
            new_ws = [a for a in remaining if len(set(a.getVars()) & cone_vars) > 0]
            remaining = [a for a in remaining if a not in new_ws]
            ws = ws + new_ws
        return cone


================================================
FILE: symbolic/explore.py
================================================
# Copyright: see copyright.txt

from collections import deque
import logging
import os

from .z3_wrap import Z3Wrapper
from .path_to_constraint import PathToConstraint
from .invocation import FunctionInvocation
from .symbolic_types import symbolic_type, SymbolicType

log = logging.getLogger("se.conc")

class ExplorationEngine:
	def __init__(self, funcinv, solver="z3"):
		self.invocation = funcinv
		# the input to the function
		self.symbolic_inputs = {}  # string -> SymbolicType
		# initialize
		for n in funcinv.getNames():
			self.symbolic_inputs[n] = funcinv.createArgumentValue(n)

		self.constraints_to_solve = deque([])
		self.num_processed_constraints = 0

		self.path = PathToConstraint(lambda c : self.addConstraint(c))
		# link up SymbolicObject to PathToConstraint in order to intercept control-flow
		symbolic_type.SymbolicObject.SI = self.path

		if solver == "z3":
			self.solver = Z3Wrapper()
		elif solver == "cvc":
			from .cvc_wrap import CVCWrapper
			self.solver = CVCWrapper()
		else:
			raise Exception("Unknown solver %s" % solver)

		# outputs
		self.generated_inputs = []
		self.execution_return_values = []

	def addConstraint(self, constraint):
		self.constraints_to_solve.append(constraint)
		# make sure to remember the input that led to this constraint
		constraint.inputs = self._getInputs()

	def explore(self, max_iterations=0):
		self._oneExecution()
		
		iterations = 1
		if max_iterations != 0 and iterations >= max_iterations:
			log.debug("Maximum number of iterations reached, terminating")
			return self.execution_return_values

		while not self._isExplorationComplete():
			selected = self.constraints_to_solve.popleft()
			if selected.processed:
				continue
			self._setInputs(selected.inputs)			

			log.info("Selected constraint %s" % selected)
			asserts, query = selected.getAssertsAndQuery()
			model = self.solver.findCounterexample(asserts, query)

			if model == None:
				continue
			else:
				for name in model.keys():
					self._updateSymbolicParameter(name,model[name])

			self._oneExecution(selected)

			iterations += 1			
			self.num_processed_constraints += 1

			if max_iterations != 0 and iterations >= max_iterations:
				log.info("Maximum number of iterations reached, terminating")
				break

		return self.generated_inputs, self.execution_return_values, self.path

	# private

	def _updateSymbolicParameter(self, name, val):
		self.symbolic_inputs[name] = self.invocation.createArgumentValue(name,val)

	def _getInputs(self):
		return self.symbolic_inputs.copy()

	def _setInputs(self,d):
		self.symbolic_inputs = d

	def _isExplorationComplete(self):
		num_constr = len(self.constraints_to_solve)
		if num_constr == 0:
			log.info("Exploration complete")
			return True
		else:
			log.info("%d constraints yet to solve (total: %d, already solved: %d)" % (num_constr, self.num_processed_constraints + num_constr, self.num_processed_constraints))
			return False

	def _getConcrValue(self,v):
		if isinstance(v,SymbolicType):
			return v.getConcrValue()
		else:
			return v

	def _recordInputs(self):
		args = self.symbolic_inputs
		inputs = [ (k,self._getConcrValue(args[k])) for k in args ]
		self.generated_inputs.append(inputs)
		print(inputs)
		
	def _oneExecution(self,expected_path=None):
		self._recordInputs()
		self.path.reset(expected_path)
		ret = self.invocation.callFunction(self.symbolic_inputs)
		print(ret)
		self.execution_return_values.append(ret)



================================================
FILE: symbolic/invocation.py
================================================
# Copyright: see copyright.txt

class FunctionInvocation:
	def __init__(self, function, reset):
		self.function = function
		self.reset = reset
		self.arg_constructor = {}
		self.initial_value = {}

	def callFunction(self,args):
		self.reset()
		return self.function(**args)

	def addArgumentConstructor(self, name, init, constructor):
		self.initial_value[name] = init
		self.arg_constructor[name] = constructor

	def getNames(self):
		return self.arg_constructor.keys()

	def createArgumentValue(self,name,val=None):
		if val == None:
			val = self.initial_value[name]
		return self.arg_constructor[name](name,val)

	



================================================
FILE: symbolic/loader.py
================================================
# Copyright: copyright.txt

import inspect
import re
import os
import sys
from .invocation import FunctionInvocation
from .symbolic_types import SymbolicInteger, getSymbolic

# The built-in definition of len wraps the return value in an int() constructor, destroying any symbolic types.
# By redefining len here we can preserve symbolic integer types.
import builtins
builtins.len = (lambda x : x.__len__())

class Loader:
	def __init__(self, filename, entry):
		self._fileName = os.path.basename(filename)
		self._fileName = self._fileName[:-3]
		if (entry == ""):
			self._entryPoint = self._fileName
		else:
			self._entryPoint = entry;
		self._resetCallback(True)

	def getFile(self):
		return self._fileName

	def getEntry(self):
		return self._entryPoint
	
	def createInvocation(self):
		inv = FunctionInvocation(self._execute,self._resetCallback)
		func = self.app.__dict__[self._entryPoint]
		argspec = inspect.getargspec(func)
		# check to see if user specified initial values of arguments
		if "concrete_args" in func.__dict__:
			for (f,v) in func.concrete_args.items():
				if not f in argspec.args:
					print("Error in @concrete: " +  self._entryPoint + " has no argument named " + f)
					raise ImportError()
				else:
					Loader._initializeArgumentConcrete(inv,f,v)
		if "symbolic_args" in func.__dict__:
			for (f,v) in func.symbolic_args.items():
				if not f in argspec.args:
					print("Error (@symbolic): " +  self._entryPoint + " has no argument named " + f)
					raise ImportError()
				elif f in inv.getNames():
					print("Argument " + f + " defined in both @concrete and @symbolic")
					raise ImportError()
				else:
					s = getSymbolic(v)
					if (s == None):
						print("Error at argument " + f + " of entry point " + self._entryPoint + " : no corresponding symbolic type found for type " + str(type(v)))
						raise ImportError()
					Loader._initializeArgumentSymbolic(inv, f, v, s)
		for a in argspec.args:
			if not a in inv.getNames():
				Loader._initializeArgumentSymbolic(inv, a, 0, SymbolicInteger)
		return inv

	# need these here (rather than inline above) to correctly capture values in lambda
	def _initializeArgumentConcrete(inv,f,val):
		inv.addArgumentConstructor(f, val, lambda n,v: val)

	def _initializeArgumentSymbolic(inv,f,val,st):
		inv.addArgumentConstructor(f, val, lambda n,v: st(n,v))

	def executionComplete(self, return_vals):
		if "expected_result" in self.app.__dict__:
			return self._check(return_vals, self.app.__dict__["expected_result"]())
		if "expected_result_set" in self.app.__dict__:
			return self._check(return_vals, self.app.__dict__["expected_result_set"](),False)
		else:
			print(self._fileName + ".py contains no expected_result function")
			return None

	# -- private

	def _resetCallback(self,firstpass=False):
		self.app = None
		if firstpass and self._fileName in sys.modules:
			print("There already is a module loaded named " + self._fileName)
			raise ImportError()
		try:
			if (not firstpass and self._fileName in sys.modules):
				del(sys.modules[self._fileName])
			self.app =__import__(self._fileName)
			if not self._entryPoint in self.app.__dict__ or not callable(self.app.__dict__[self._entryPoint]):
				print("File " +  self._fileName + ".py doesn't contain a function named " + self._entryPoint)
				raise ImportError()
		except Exception as arg:
			print("Couldn't import " + self._fileName)
			print(arg)
			raise ImportError()

	def _execute(self, **args):
		return self.app.__dict__[self._entryPoint](**args)

	def _toBag(self,l):
		bag = {}
		for i in l:
			if i in bag:
				bag[i] += 1
			else:
				bag[i] = 1
		return bag

	def _check(self, computed, expected, as_bag=True):
		b_c = self._toBag(computed)
		b_e = self._toBag(expected)
		if as_bag and b_c != b_e or not as_bag and set(computed) != set(expected):
			print("-------------------> %s test failed <---------------------" % self._fileName)
			print("Expected: %s, found: %s" % (b_e, b_c))
			return False
		else:
			print("%s test passed <---" % self._fileName)
			return True
	
def loaderFactory(filename,entry):
	if not os.path.isfile(filename) or not re.search(".py$",filename):
		print("Please provide a Python file to load")
		return None
	try: 
		dir = os.path.dirname(filename)
		sys.path = [ dir ] + sys.path
		ret = Loader(filename,entry)
		return ret
	except ImportError:
		sys.path = sys.path[1:]
		return None




================================================
FILE: symbolic/path_to_constraint.py
================================================
# Copyright: see copyright.txt

import logging

from .predicate import Predicate
from .constraint import Constraint

log = logging.getLogger("se.pathconstraint")

class PathToConstraint:
	def __init__(self, add):
		self.constraints = {}
		self.add = add
		self.root_constraint = Constraint(None, None)
		self.current_constraint = self.root_constraint
		self.expected_path = None

	def reset(self,expected):
		self.current_constraint = self.root_constraint
		if expected==None:
			self.expected_path = None
		else:
			self.expected_path = []
			tmp = expected
			while tmp.predicate is not None:
				self.expected_path.append(tmp.predicate)
				tmp = tmp.parent

	def whichBranch(self, branch, symbolic_type):
		""" This function acts as instrumentation.
		Branch can be either True or False."""

		# add both possible predicate outcomes to constraint (tree)
		p = Predicate(symbolic_type, branch)
		p.negate()
		cneg = self.current_constraint.findChild(p)
		p.negate()
		c = self.current_constraint.findChild(p)

		if c is None:
			c = self.current_constraint.addChild(p)

			# we add the new constraint to the queue of the engine for later processing
			log.debug("New constraint: %s" % c)
			self.add(c)
			
		# check for path mismatch
		# IMPORTANT: note that we don't actually check the predicate is the
		# same one, just that the direction taken is the same
		if self.expected_path != None and self.expected_path != []:
			expected = self.expected_path.pop()
			# while not at the end of the path, we expect the same predicate result
			# at the end of the path, we expect a different predicate result
			done = self.expected_path == []
			if ( not done and expected.result != c.predicate.result or \
				done and expected.result == c.predicate.result ):
				print("Replay mismatch (done=",done,")")
				print(expected)
				print(c.predicate)

		if cneg is not None:
			# We've already processed both
			cneg.processed = True
			c.processed = True
			log.debug("Processed constraint: %s" % c)

		self.current_constraint = c

	def toDot(self):
		# print the thing into DOT format
		header = "digraph {\n"
		footer = "\n}\n"
		return header + self._toDot(self.root_constraint) + footer

	def _toDot(self,c):
		if (c.parent == None):
			label = "root"
		else:
			label = c.predicate.symtype.toString()
			if not c.predicate.result:
				label = "Not("+label+")"
		node = "C" + str(c.id) + " [ label=\"" + label + "\" ];\n"
		edges = [ "C" + str(c.id) + " -> " + "C" + str(child.id) + ";\n" for child in c.children ]
		return node + "".join(edges) + "".join([ self._toDot(child) for child in c.children ])
		


================================================
FILE: symbolic/predicate.py
================================================
# Copyright - see copyright.txt

class Predicate:
	"""Predicate is one specific ``if'' encountered during the program execution.
	   """
	def __init__(self, st, result):
		self.symtype = st
		self.result = result

	def getVars(self):
		return self.symtype.getVars()

	def __eq__(self, other):
		if isinstance(other, Predicate):
			res = self.result == other.result and self.symtype.symbolicEq(other.symtype)
			return res
		else:
			return False

	def __hash__(self):
		return hash(self.symtype)

	def __str__(self):
		return self.symtype.toString() + " (%s)" % (self.result)

	def __repr__(self):
		return self.__str__()

	def negate(self):
		"""Negates the current predicate"""
		assert(self.result is not None)
		self.result = not self.result



================================================
FILE: symbolic/symbolic_types/__init__.py
================================================
# Copyright: see copyright.txt

from .symbolic_int import SymbolicInteger as SymInt
from .symbolic_int import SymbolicObject as SymObj
from .symbolic_dict import SymbolicDict as SymD
from .symbolic_str import SymbolicStr as SymS
from .symbolic_type import SymbolicType as SymType

SymObj.wrap = lambda conc, sym : SymbolicInteger("se",conc,sym)
SymbolicInteger = SymInt
SymbolicDict = SymD
SymbolicStr = SymS
SymbolicType = SymType

def getSymbolic(v):
	exported = [(int,SymbolicInteger),(dict,SymbolicDict),(str,SymbolicStr)]
	for (t,s) in exported:
		if isinstance(v,t):
			return s
	return None





================================================
FILE: symbolic/symbolic_types/symbolic_dict.py
================================================
import ast
import sys
from . symbolic_type import SymbolicObject

# SymbolicDict: the key and values will both be SymbolicType for full generality

# keys of dictionary must be immutable
# values in dictionary may be mutable


# TODO: big simplification: can only initialize with
# an empty dictionary
class SymbolicDict(SymbolicObject,dict):
	def __new__(cls, name, *args, **kwargs):
		self = dict.__new__(cls,args,kwargs)
		return self

	def __init__(self, name, kwargs):
		SymbolicObject.__init__(self,name,None)
		dict.__init__(self,kwargs)

	def getConcrValue(self):
		return self
		
	def __bool__(self):
		return bool(len(self))

#	def wrap(conc,sym):
#		pass # TODO

#	def __getitem__(self,key):
#		val = super.__getitem__(key)
#		if isinstance(val,SymbolicType):
#			wrap = val.wrap
#		else:
#			wrap = lambda c,s : c
#		return self._do_bin_op(key, lambda d, k: val, ast.Index, wrap)

#	def __setitem__(self,key,value):
#		# update the expression (this is a triple - not binary)
#		concrete, symbolic =\
#			self._do_sexpr([self,key,value], lambda d, k, v : d.super.__setitem__(k,v), ast.Store,\
#					lambda c, s: c, s)
#		# note that we do an in place update of 
#                self.expr = symbolic

#	def __contains__(self,key):
#		for k in self.keys():
#			if k == key:
#				return True
#		return False

#	def __delitem__(self,key)
#		if dict.__contains(self,key):
#			pass
#			# self.expr = Delete(self.expr,key)
#		dict.__delitem__(self,key)



================================================
FILE: symbolic/symbolic_types/symbolic_int.py
================================================
# Copyright: copyright.txt

from . symbolic_type import SymbolicObject

# we use multiple inheritance to achieve concrete execution for any
# operation for which we don't have a symbolic representation. As
# we can see a SymbolicInteger is both symbolic (SymbolicObject) and 
# concrete (int)

class SymbolicInteger(SymbolicObject,int):
	# since we are inheriting from int, we need to use new
	# to perform construction correctly
	def __new__(cls, name, v, expr=None):
		return int.__new__(cls, v)

	def __init__(self, name, v, expr=None):
		SymbolicObject.__init__(self, name, expr)
		self.val = v

	def getConcrValue(self):
		return self.val

	def wrap(conc,sym):
		return SymbolicInteger("se",conc,sym)

	def __hash__(self):
		return hash(self.val)

	def _op_worker(self,args,fun,op):
		return self._do_sexpr(args, fun, op, SymbolicInteger.wrap)

# now update the SymbolicInteger class for operations we
# will build symbolic terms for

ops =  [("add",    "+"  ),\
	("sub",    "-"  ),\
	("mul",    "*"  ),\
	("mod",    "%"  ),\
	("floordiv", "//" ),\
	("and",    "&"  ),\
	("or",     "|"  ),\
	("xor",    "^"  ),\
	("lshift", "<<" ),\
	("rshift", ">>" ) ]

def make_method(method,op,a):
	code  = "def %s(self,other):\n" % method
	code += "   return self._op_worker(%s,lambda x,y : x %s y, \"%s\")" % (a,op,op)
	locals_dict = {}
	exec(code, globals(), locals_dict)
	setattr(SymbolicInteger,method,locals_dict[method])

for (name,op) in ops:
	method  = "__%s__" % name
	make_method(method,op,"[self,other]")
	rmethod  = "__r%s__" % name
	make_method(rmethod,op,"[other,self]")



================================================
FILE: symbolic/symbolic_types/symbolic_str.py
================================================
from . symbolic_type import SymbolicObject
from symbolic.symbolic_types.symbolic_int import SymbolicInteger
from string import whitespace

class SymbolicStr(SymbolicObject, str):

    def __new__(cls, name, v, expr=None):
        return str.__new__(cls, v)

    def __init__(self, name, v, expr=None):
        SymbolicObject.__init__(self, name, expr)
        self.val = v

    def getConcrValue(self):
        return self.val

    def wrap(conc, sym):
        return SymbolicStr("se", conc, sym)

    def __hash__(self):
        return hash(self.val)

    def _op_worker(self, args, fun, op):
        return self._do_sexpr(args, fun, op, SymbolicStr.wrap)

    def __bool__(self):
        return SymbolicObject.__bool__(self.__len__() != 0)

    def __len__(self):
        return self._do_sexpr([self], lambda x: len(x),
                                "str.len", SymbolicInteger.wrap)

    def __contains__(self, item):
        return self._do_sexpr([self, item], lambda x, y: str.__contains__(x, y),
                                "in", SymbolicInteger.wrap)

    def __getitem__(self, key):
        """Negative indexes, out of bound slices, and slice skips are not currently supported."""
        if isinstance(key, slice):
            start = key.start if key.start is not None else 0
            stop = key.stop if key.stop is not None else self.__len__()
            return self._do_sexpr([self, start, stop],
                                  lambda x, y, z: str.__getitem__(x, slice(y, z)), "slice", SymbolicStr.wrap)
        return self._do_sexpr([self, key], lambda x, y: str.__getitem__(x, y),
                              "getitem", SymbolicStr.wrap)

    def find(self, findstr, beg=0):
        return self._do_sexpr([self, findstr, beg],
                              lambda x, y, z: str.find(x, y, z),
                              "str.find", SymbolicInteger.wrap)

    def startswith(self, prefix):
        return self._do_sexpr([self, prefix],
                              lambda x, y: str.startswith(x, y),
                              "str.startswith", SymbolicInteger.wrap)

    def split(self, sep=None, maxsplit=None):
        if sep is None:
            sep = " "
        if len(self) == 0:
            return []
        elif maxsplit == 0 or sep not in self:
            return [self]
        else:
            sep_idx = self.find(sep)
            maxsplit = None if maxsplit is None else maxsplit - 1
            return [self[0:sep_idx]] + \
                   self[sep_idx + 1:].split(sep, maxsplit)

    def count(self, sub):
        """String count is not a native function of the SMT solver. Instead, we implement count as a recursive series of
        find operations. Note that not all of the functionality of count is supported at this time, such as the start
        index."""
        if sub not in self:
            ret = 0
        elif sub == "":
            ret = self.__len__() + 1
        else:
            find_idx = self.find(sub)
            reststr = self[find_idx + sub.__len__():]
            ret = reststr.count(sub) + 1
        assert int(ret) == str.count(str(self), str(sub))
        return ret

    def _replace(self, old, new):
        return self._do_sexpr([self, old, new], lambda x, y, z: str.replace(x, y, z),
                              "str.replace", SymbolicStr.wrap)

    def replace(self, old, new, maxreplace=-1):
        """CVC only replaces the first occurrence of old with new
        (maxreplace=1). For this reason, SymbolicStr's replace is implemented
        as a recurrence of single replaces."""
        if maxreplace == 0 or old not in self:
            ret = self
        else:
            pivot_point = self.find(old) + old.__len__()
            first_half = self[:pivot_point]
            first_half = first_half._replace(old, new)
            second_half = self[pivot_point:]
            ret = first_half + second_half.replace(old, new, maxreplace-1)
        assert str(ret) == str.replace(str(self), str(old), str(new), int(maxreplace))
        return ret

    def strip(self, chars=None):
        if chars is None:
            chars = whitespace
        if self.__len__() == 0:
            return self
        for char in chars:
            if self[0] == char:
                return self[1:].strip(chars)
        for char in chars:
            if self[self.__len__() - 1] == char:
                return self[:self.__len__() - 1].strip(chars)
        return self

# Currently only a subset of string operations are supported.
ops = [("add", "+")]

def make_method(method,op,a):
    code  = "def %s(self,other):\n" % method
    code += "   return self._op_worker(%s,lambda x,y : x %s y, \"%s\")" % (a,op,op)
    locals_dict = {}
    exec(code, globals(), locals_dict)
    setattr(SymbolicStr, method, locals_dict[method])

for (name,op) in ops:
    method  = "__%s__" % name
    make_method(method,op,"[self,other]")
    rmethod  = "__r%s__" % name
    make_method(rmethod,op,"[other,self]")



================================================
FILE: symbolic/symbolic_types/symbolic_type.py
================================================
# Copyright: see copyright.txt

import utils
import inspect
import functools

# the ABSTRACT base class for representing any expression that depends on a symbolic input
# it also tracks the corresponding concrete value for the expression (aka concolic execution)

class SymbolicType(object):
	def __init__(self, name, expr=None):
		self.name = name
		self.expr = expr

	# to be provided by subclass

	def getConcrValue(self):
		raise NotImplemented()

	def wrap(conc,sym):
		raise NotImplemented()

	# public funs

	def isVariable(self):
		return self.expr == None

	def unwrap(self):
		if self.isVariable():
			return (self.getConcrValue(),self)
		else:
			return (self.getConcrValue(),self.expr)

	def getVars(self):
		if self.isVariable():
			return [self.name]
		elif isinstance(self.expr,list):
			return self._getVarsLeaves(self.expr)
		else:
			return []

	def _getVarsLeaves(self,l):
		if isinstance(l,list):
			return functools.reduce(lambda a, x: self._getVarsLeaves(x) + a,l,[])
		elif isinstance(l,SymbolicType):
			return [l.name]
		else:
			return []

	# creating the expression tree
	def _do_sexpr(self,args,fun,op,wrap):
		unwrapped = [ (a.unwrap() if isinstance(a,SymbolicType) else (a,a)) for a in args ]
		args = zip(inspect.getargspec(fun).args, [ c for (c,s) in unwrapped ])
		concrete = fun(**dict([a for a in args]))
		symbolic = [ op ] + [ s for c,s in unwrapped ]
		return wrap(concrete,symbolic)

	def symbolicEq(self, other):
		if not isinstance(other,SymbolicType):
			return False
		if self.isVariable() or other.isVariable():
			return self.name == other.name
		return self._eq_worker(self.expr,other.expr)

	def _eq_worker(self, expr1, expr2):
		if type(expr1) != type(expr2):
			return False
		if isinstance(expr1, list):
			return len(expr1) == len(expr2) and\
			       type(expr1[0]) == type(expr2[0]) and\
                               all([ self._eq_worker(x,y) for x,y in zip(expr1[1:],expr2[1:]) ])
		elif isinstance(expr1, SymbolicType):
			return expr1.name == expr2.name
		else:
			return expr1 == expr2

	def toString(self):
		if self.isVariable():
			return self.name + "#" + str(self.getConcrValue())
		else:
			return self._toString(self.expr)

	def _toString(self,expr):
		if isinstance(expr,list):
			return "(" + expr[0] + " " + ", ".join([ self._toString(a) for a in expr[1:] ]) + ")"
		elif isinstance(expr,SymbolicType):
			return expr.toString()
		else:
			return str(expr)

# this class is also ABSTRACT although __init__.py does
# initialize wrap to return SymbolicInteger for the 
# relational comparison operators

class SymbolicObject(SymbolicType,object): 
	def __init__(self, name, expr=None):
		SymbolicType.__init__(self,name,expr)

	SI = None    # this is set up by ConcolicEngine to link __bool__ to PathConstraint

	def wrap(conc,sym):
		# see __init__.py
		raise NotImplemented()

	# this is a critical interception point: the __bool__
	# method is called whenever a predicate is evaluated in
	# Python execution (if, while, and, or). This allows us
	# to capture the path condition

	def __bool__(self):
		ret = bool(self.getConcrValue())
		if SymbolicObject.SI != None:
			SymbolicObject.SI.whichBranch(ret,self)
		return ret

	# compute both the symbolic and concrete image of operator
	def _do_bin_op(self, other, fun, op, wrap):
		return self._do_sexpr([self,other], fun, op, wrap)

	def __eq__(self, other):
		# TODO: what it self is not symbolic and other is???
		return self._do_bin_op(other, lambda x, y: x == y, "==", SymbolicObject.wrap)

	def __ne__(self, other):
		return self._do_bin_op(other, lambda x, y: x != y, "!=", SymbolicObject.wrap)

	def __lt__(self, other):
		return self._do_bin_op(other, lambda x, y: x < y, "<", SymbolicObject.wrap)

	def __le__(self, other):
		return self._do_bin_op(other, lambda x, y: x <= y, "<=", SymbolicObject.wrap)

	def __gt__(self, other):
		return self._do_bin_op(other, lambda x, y: x > y, ">", SymbolicObject.wrap)

	def __ge__(self, other):
		return self._do_bin_op(other, lambda x, y: x >= y, ">=", SymbolicObject.wrap)




================================================
FILE: symbolic/z3_expr/__init__.py
================================================


================================================
FILE: symbolic/z3_expr/bitvector.py
================================================
from z3 import *
from .expression import Z3Expression

class Z3BitVector(Z3Expression):
	def __init__(self,N):
		Z3Expression.__init__(self)
		self.N = N

	def _isIntVar(self,v):
		return isinstance(v,BitVecRef)

	def _variable(self,name,solver):
		return BitVec(name,self.N,solver.ctx)

	def _constant(self,v,solver):
		return BitVecVal(v,self.N,solver.ctx)


================================================
FILE: symbolic/z3_expr/expression.py
================================================
import utils

from symbolic.symbolic_types.symbolic_int import SymbolicInteger
from symbolic.symbolic_types.symbolic_type import SymbolicType
from z3 import *

class Z3Expression(object):
	def __init__(self):
		self.z3_vars = {}

	def toZ3(self,solver,asserts,query):
		self.z3_vars = {}
		solver.assert_exprs([self.predToZ3(p,solver) for p in asserts])
		solver.assert_exprs(Not(self.predToZ3(query,solver)))

	def predToZ3(self,pred,solver,env=None):
		sym_expr = self._astToZ3Expr(pred.symtype,solver,env)
		if env == None:
			if not is_bool(sym_expr):
				sym_expr = sym_expr != self._constant(0,solver)
			if not pred.result:
				sym_expr = Not(sym_expr)
		else:
			if not pred.result:
				sym_expr = not sym_expr
		return sym_expr

	def getIntVars(self):
		return [ v[1] for v in self.z3_vars.items() if self._isIntVar(v[1]) ]

	# ----------- private ---------------

	def _isIntVar(self, v):
		raise NotImplementedException

	def _getIntegerVariable(self,name,solver):
		if name not in self.z3_vars:
			self.z3_vars[name] = self._variable(name,solver)
		return self.z3_vars[name]

	def _variable(self,name,solver):
		raise NotImplementedException

	def _constant(self,v,solver):
		raise NotImplementedException

	def _wrapIf(self,e,solver,env):
		if env == None:
			return If(e,self._constant(1,solver),self._constant(0,solver))
		else:
			return e

	# add concrete evaluation to this, to check
	def _astToZ3Expr(self,expr,solver,env=None):
		if isinstance(expr, list):
			op = expr[0]
			args = [ self._astToZ3Expr(a,solver,env) for a in expr[1:] ]
			z3_l,z3_r = args[0],args[1]

			# arithmetical operations
			if op == "+":
				return self._add(z3_l, z3_r, solver)
			elif op == "-":
				return self._sub(z3_l, z3_r, solver)
			elif op == "*":
				return self._mul(z3_l, z3_r, solver)
			elif op == "//":
				return self._div(z3_l, z3_r, solver)
			elif op == "%":
				return self._mod(z3_l, z3_r, solver)

			# bitwise
			elif op == "<<":
				return self._lsh(z3_l, z3_r, solver)
			elif op == ">>":
				return self._rsh(z3_l, z3_r, solver)
			elif op == "^":
				return self._xor(z3_l, z3_r, solver)
			elif op == "|":
				return self._or(z3_l, z3_r, solver)
			elif op == "&":
				return self._and(z3_l, z3_r, solver)

			# equality gets coerced to integer
			elif op == "==":
				return self._wrapIf(z3_l == z3_r,solver,env)
			elif op == "!=":
				return self._wrapIf(z3_l != z3_r,solver,env)
			elif op == "<":
				return self._wrapIf(z3_l < z3_r,solver,env)
			elif op == ">":
				return self._wrapIf(z3_l > z3_r,solver,env)
			elif op == "<=":
				return self._wrapIf(z3_l <= z3_r,solver,env)
			elif op == ">=":
				return self._wrapIf(z3_l >= z3_r,solver,env)
			else:
				utils.crash("Unknown BinOp during conversion from ast to Z3 (expressions): %s" % op)

		elif isinstance(expr, SymbolicInteger):
			if expr.isVariable():
				if env == None:
					return self._getIntegerVariable(expr.name,solver)
				else:
					return env[expr.name]
			else:
				return self._astToZ3Expr(expr.expr,solver,env)

		elif isinstance(expr, SymbolicType):
			utils.crash("{} is an unsupported SymbolicType of {}".
						format(expr, type(expr)))

		elif isinstance(expr, int):
			if env == None:
				return self._constant(expr,solver)
			else:
				return expr
		else:
			utils.crash("Unknown node during conversion from ast to Z3 (expressions): %s" % expr)

	def _add(self, l, r, solver):
		return l + r

	def _sub(self, l, r, solver):
		return l - r

	def _mul(self, l, r, solver):
		return l * r

	def _div(self, l, r, solver):
		return l / r

	def _mod(self, l, r, solver):
		return l % r

	def _lsh(self, l, r, solver):
		return l << r

	def _rsh(self, l, r, solver):
		return l >> r

	def _xor(self, l, r, solver):
		return l ^ r

	def _or(self, l, r, solver):
		return l | r

	def _and(self, l, r, solver):
		return l & r


================================================
FILE: symbolic/z3_expr/integer.py
================================================
from z3 import *
from .expression import Z3Expression

class Z3Integer(Z3Expression):
	def _isIntVar(self,v):
		return isinstance(v,IntRef)

	def _variable(self,name,solver):
		return Int(name,solver.ctx)

	def _constant(self,v,solver):
		return IntVal(v,solver.ctx)

	def _mod(self, l, r, solver):
		mod_fun = Function('int_mod', IntSort(), IntSort(), IntSort())
		return mod_fun(l, r)

	def _lsh(self, l, r, solver):
		lsh_fun = Function('int_lsh', IntSort(), IntSort(), IntSort())
		return lsh_fun(l, r)

	def _rsh(self, l, r, solver):
		rsh_fun = Function('int_rsh', IntSort(), IntSort(), IntSort())
		return rsh_fun(l, r)

	def _xor(self, l, r, solver):
		xor_fun = Function('int_xor', IntSort(), IntSort(), IntSort())
		return xor_fun(l, r)

	def _or(self, l, r, solver):
		or_fun = Function('int_or', IntSort(), IntSort(), IntSort())
		return or_fun(l, r)

	def _and(self, l, r, solver):
		and_fun = Function('int_and', IntSort(), IntSort(), IntSort())
		return and_fun(l, r)


================================================
FILE: symbolic/z3_wrap.py
================================================
# Copyright: see copyright.txt

import sys
import ast
import logging

from z3 import *
from .z3_expr.integer import Z3Integer
from .z3_expr.bitvector import Z3BitVector

log = logging.getLogger("se.z3")

class Z3Wrapper(object):
	def __init__(self):
		self.N = 32
		self.asserts = None
		self.query = None
		self.use_lia = True
		self.z3_expr = None

	def findCounterexample(self, asserts, query):
		"""Tries to find a counterexample to the query while
	  	 asserts remains valid."""
		self.solver = Solver()
		self.query = query
		self.asserts = self._coneOfInfluence(asserts,query)
		res = self._findModel()
		log.debug("Query -- %s" % self.query)
		log.debug("Asserts -- %s" % asserts)
		log.debug("Cone -- %s" % self.asserts)
		log.debug("Result -- %s" % res)
		return res

	# private

	# this is very inefficient
	def _coneOfInfluence(self,asserts,query):
		cone = []
		cone_vars = set(query.getVars())
		ws = [ a for a in asserts if len(set(a.getVars()) & cone_vars) > 0 ]
		remaining = [ a for a in asserts if a not in ws ]
		while len(ws) > 0:
			a = ws.pop()
			a_vars = set(a.getVars())
			cone_vars = cone_vars.union(a_vars)
			cone.append(a)
			new_ws = [ a for a in remaining if len(set(a.getVars()) & cone_vars) > 0 ]
			remaining = [ a for a in remaining if a not in new_ws ]
			ws = ws + new_ws
		return cone

	def _findModel(self):
		# Try QF_LIA first (as it may fairly easily recognize unsat instances)
		if self.use_lia:
			self.solver.push()
			self.z3_expr = Z3Integer()
			self.z3_expr.toZ3(self.solver,self.asserts,self.query)
			res = self.solver.check()
			#print(self.solver.assertions)
			self.solver.pop()
			if res == unsat:
				return None

		# now, go for SAT with bounds
		self.N = 32
		self.bound = (1 << 4) - 1
		while self.N <= 64:
			self.solver.push()
			(ret,mismatch) = self._findModel2()
			if (not mismatch):
				break
			self.solver.pop()
			self.N = self.N+8
			if self.N <= 64: print("expanded bit width to "+str(self.N)) 
		#print("Assertions")
		#print(self.solver.assertions())
		if ret == unsat:
			res = None
		elif ret == unknown:
			res = None
		elif not mismatch:
			res = self._getModel()
		else:
			res = None
		if self.N<=64: self.solver.pop()
		return res

	def _setAssertsQuery(self):
		self.z3_expr = Z3BitVector(self.N)
		self.z3_expr.toZ3(self.solver,self.asserts,self.query)

	def _findModel2(self):
		self._setAssertsQuery()
		int_vars = self.z3_expr.getIntVars()
		res = unsat
		while res == unsat and self.bound <= (1 << (self.N-1))-1:
			self.solver.push()
			constraints = self._boundIntegers(int_vars,self.bound)
			self.solver.assert_exprs(constraints)
			res = self.solver.check()
			if res == unsat:
				self.bound = (self.bound << 1)+1
				self.solver.pop()
		if res == sat:
			# Does concolic agree with Z3? If not, it may be due to overflow
			model = self._getModel()
			#print("Match?")
			#print(self.solver.assertions)
			self.solver.pop()
			mismatch = False
			for a in self.asserts:
				eval = self.z3_expr.predToZ3(a,self.solver,model)
				if (not eval):
					mismatch = True
					break
			if (not mismatch):
				mismatch = not (not self.z3_expr.predToZ3(self.query,self.solver,model))
			#print(mismatch)
			return (res,mismatch)
		elif res == unknown:
			self.solver.pop()
		return (res,False)

	def _getModel(self):
		res = {}
		model = self.solver.model()
		for name in self.z3_expr.z3_vars.keys():
			try:
				ce = model.eval(self.z3_expr.z3_vars[name])
				res[name] = ce.as_signed_long()
			except:
				pass
		return res
	
	def _boundIntegers(self,vars,val):
		bval = BitVecVal(val,self.N,self.solver.ctx)
		bval_neg = BitVecVal(-val-1,self.N,self.solver.ctx)
		return And([ v <= bval for v in vars]+[ bval_neg <= v for v in vars])



================================================
FILE: test/abs_test.py
================================================
def abs_test(a,b):
	if (a < 0):
		if (abs(a) == b):
			return 0
		return 1
	return 2

def expected_result():
	return [0,1,2]



================================================
FILE: test/andor.py
================================================
def andor(x,y):
	if(x or y):
		return 1
	else:
		return 2

def expected_result():
	return [1,1,2]


================================================
FILE: test/arrayindex2.py
================================================
A = [0, 1, 0, 0, 1, 0, 1]

def arrayindex2(i):

 if i in [ j for j in range(len(A)) if A[j] ]:
   return i
 else:
   return "OTHER"

def expected_result():
  return [ 1,4,6, "OTHER" ]


================================================
FILE: test/bad_eq.py
================================================
def bad_eq(i):
	if (0 == i):
		return 0
	return 1

def expected_result():
	return [0,1]


================================================
FILE: test/bignum.py
================================================
import sys

def bignum(a):
  if a == sys.maxsize:
    return "bv"
  if a == sys.maxsize+1:
    return "bignum"
  return "other"

def expected_result():
  return [ "other", "bv", "bignum" ]


================================================
FILE: test/binary_search.py
================================================
from lib.bsearch import *

array = [ 0, 4, 6, 95, 430, 4944, 119101 ]

def binary_search(k):
	i = bsearch(array,k)
	if(i>=0):
		if (not array[i]==k):
			return "ERROR"
		else:
			return str(k)
	else:
		if (k in array):
			return "ERROR"
		else:
			return "NOT_FOUND"

def expected_result(): 
	return [str(i) for i in array] + [ "NOT_FOUND" for i in range(len(array)+1) ]



================================================
FILE: test/bitwidth.py
================================================
def bitwidth(a):
	if (a + 1 < a):
		return 0
	else:
		return 1

def expected_result():
	return [1]


================================================
FILE: test/complex.py
================================================
def complex(x,y):
  if (y >= 1<<32):
    h = hash(y)
    print("hash(",y,") =",h)
    if (x == h):
      if (y == (1<<32) + 203):
        return 0
      else:
        return 1
    else:
      return 2

def expected_result_set():
	return [0,1,2,None]




================================================
FILE: test/cseppento1.py
================================================
def cseppento1(x,y):
    # based on B2a_IfElse by Lajos Cseppento
    # see: L. Cseppento: Comparison of Symbolic Execution Based Test Generation Tools, B.Sc. Thesis, Budapest University of Technology and Economics, 2013.
    if (x > 0 and y > 0):
        return 1
    elif (x < 0 and y > 0):
        return 2
    elif (x < 0 and y < 0):
        return 3
    elif (x > 0 and y < 0):
        return 4
    elif (x > 0 and y < 0):
        # impossible branch , because the previous is the same
        return -1
    elif (x == 0 or y == 0):
        return 0
    else:
        # impossible branch
        return -2

def expected_result():
    return [0,0,0,1,2,3,4] # should it be [0,1,2,3,4] instead?

================================================
FILE: test/cseppento2.py
================================================
def cseppento2(a,b):
    # based on B2c_NonLinear by Lajos Cseppento
    # see: L. Cseppento: Comparison of Symbolic Execution Based Test Generation Tools, B.Sc. Thesis, Budapest University of Technology and Economics, 2013.
    if (2 * a * a - 5 * a + 3 == 0 and 2 * b * b - 5 * b + 3 == 0 and a != b):
        return 1
    else:
        return 2

def expected_result():
    return [2,2,2] # should it be [2] ?

================================================
FILE: test/cseppento3.py
================================================
def cseppento3(x):
    # based on B3c_DoWhile by Lajos Cseppento
    # see: L. Cseppento: Comparison of Symbolic Execution Based Test Generation Tools, B.Sc. Thesis, Budapest University of Technology and Economics, 2013.
   
# Sum of the positive integers <= min (x, 100)
# 1+2+4+5+7+8+...[+98+100]
    i = 1
    sum = 0
    while (i<=x):
        i = i + 1
        if (i % 3 == 0):
            continue
        if (i > 100):
            break
        sum = sum + i
    return sum

#def expected_result():
#    return []
    

================================================
FILE: test/cvc/effectivebool.py
================================================
"""Tests strings and integers used as a branch condition. The
interpreter calls the bool constructor with the contents of the branch
condition passed in as the argument. If a __bool__ function does not
exist, __len__ is called and compared to zero."""
from symbolic.args import symbolic


@symbolic(string="foo", num=1)
def effectivebool(string, num):
    if string:
        return 0
    elif num:
        return 1
    else:
        return 2


def expected_result():
    return [0, 1, 2]


================================================
FILE: test/cvc/emptystr.py
================================================
from symbolic.args import symbolic


@symbolic(s="foo")
def emptystr(s):
    if s != '':
        return 0
    else:
        return 1


def expected_result():
    return [0, 1]


================================================
FILE: test/cvc/escape.py
================================================
from symbolic.args import symbolic


@symbolic(string="foo")
def escape(string):
    if string and '\\' not in string and string.find(':') > 0:
        return 0
    else:
        return 1


def expected_result_set():
    return {0, 1}


================================================
FILE: test/cvc/none.py
================================================
from symbolic.args import *


@symbolic(c=3)
def none(c):
    if c == None:
        return 1
    elif c != None:
        return 0


def expected_result_set():
    return {0}

================================================
FILE: test/cvc/strcontains.py
================================================
from symbolic.args import symbolic


@symbolic(s="foo")
def strcontains(s):
    if "bar" in s:
        return 0
    else:
        return 1


def expected_result():
    return [0, 1]


================================================
FILE: test/cvc/strcount.py
================================================
from symbolic.args import symbolic


@symbolic(s="foo")
def strcount(s):
    if s.count("x") == 2:
        return 1
    elif s.count("xy") == 1:
        return 2
    elif s.count("") == 3:
        return 3
    else:
        return 0


def expected_result_set():
    return {0, 1, 2, 3}


================================================
FILE: test/cvc/strfind.py
================================================
from symbolic.args import symbolic


@symbolic(s="foo")
def strfind(s):
    find_idx = s.find("bar")
    if find_idx == 3:
        return 0
    elif find_idx == -1:
        return 1
    else:
        return 2


def expected_result():
    return [0, 1, 2]


================================================
FILE: test/cvc/strfindbeg.py
================================================
from symbolic.args import symbolic


@symbolic(s="foo")
def strfindbeg(s):
    find_idx = s.find("bar", 1)
    if find_idx == 3:
        return 0
    elif find_idx == -1:
        return 1
    else:
        return 2


def expected_result():
    return [0, 1, 2]


================================================
FILE: test/cvc/strindex.py
================================================
from symbolic.args import symbolic


@symbolic(s="foobar")
def strindex(s):
    """Test case does not currently test negative indexes.
    It is also currently unclear how we want to handle concrete
    executions that raise errors. Currently the error stops
    execution and prevents a branch predicate from forming."""
    if s[4] == 'Q':
        return 0
    else:
        return 1


def expected_result():
    return [0, 1]


================================================
FILE: test/cvc/stringadd.py
================================================
from symbolic.args import symbolic


@symbolic(s="foo")
def stringadd(s):
    x = s + "bar"
    if x == "nobar":
        return 0
    return 1


def expected_result():
    return [0, 1]


================================================
FILE: test/cvc/stringtest.py
================================================
from symbolic.args import symbolic


@symbolic(s="foo")
def stringtest(s):
    if (s == "bar"):
        return 0
    elif (s == '\\'):
        return 2
    else:
        return 1


def expected_result_set():
    return {0, 1, 2}


================================================
FILE: test/cvc/strmiddle.py
================================================
from symbolic.args import symbolic


@symbolic(s="x")
def strmiddle(s):
    x = "A"+s+"C"
    if "B" in x:
        return 0
    else:
        return 1


def expected_result():
    return [0, 1]


================================================
FILE: test/cvc/strreplace.py
================================================
from symbolic.args import symbolic


@symbolic(s="bar")
def strreplace(s):
    if "faa" == s.replace("o", "a"):
        return 0
    else:
        return 1


def expected_result_set():
    return {0, 1}


================================================
FILE: test/cvc/strslice.py
================================================
from symbolic.args import symbolic


@symbolic(s="foo")
def strslice(s):
    if '\\' not in s and s[0:2] == "//":
        return 0
    return 1


def expected_result_set():
    return {0, 1}


================================================
FILE: test/cvc/strsplit.py
================================================
from symbolic.args import symbolic


@symbolic(s="foo")
def strsplit(s):
    if ['a', 'b'] == s.split("&"):
        return 0
    return 1


def expected_result_set():
    return {0, 1}


================================================
FILE: test/cvc/strstartswith.py
================================================
from symbolic.args import symbolic


@symbolic(s="foo")
def strstartswith(s):
    if s.startswith('abc'):
        return 0
    return 1


def expected_result_set():
    return {0, 1}


================================================
FILE: test/cvc/strstrip.py
================================================
from symbolic.args import symbolic


@symbolic(s="foo")
def strstrip(s):
    if " " in s and "abc" == s.strip():
        return 0
    return 1


def expected_result_set():
    return {0, 1}


================================================
FILE: test/cvc/strsubstring.py
================================================
from symbolic.args import symbolic


@symbolic(s="foo")
def strsubstring(s):
    """Test case for Python slicing, negative
    indices and steps are not currently tested."""
    if s[2:] == "obar":
        return 0
    elif s[:2] == "bb":
        return 1
    elif s[1:3] == "bb":
        return 2
    else:
        return 3


def expected_result():
    return [0, 1, 2, 3]


================================================
FILE: test/decorator.py
================================================
from symbolic.args import *

@concrete(a=1,b=2)
@symbolic(c=3)
def decorator(a,b,c):
	if a+b+c == 6:
		return 0
	else:
		return 1

def expected_result():
	return [0,1]

================================================
FILE: test/decorator_dict.py
================================================
from symbolic.args import *

@symbolic(d=dict([(42,6)]))
def decorator_dict(d):
	if d[42] == 6:
		return 0
	else:
		return 1

def expected_result():
	return [0]

================================================
FILE: test/diamond.py
================================================
def diamond(x,y,z):
	ret = 0
	if (x):
		ret = ret + 1
	if (y):
		ret = ret + 1
	if (z):
		ret = ret + 1
	return ret

def expected_result():
	return [ 0, 1, 1, 1, 2, 2, 2, 3]

================================================
FILE: test/dict.py
================================================
D =  dict({ (101,2), (1,3), (4,9) })

def dict(x):
    # if x in D.keys():
    if x in [ j for j in D.keys() ]:
       return D[x]
    else:
       return "NONE"

def expected_result():
    return [2,3,9,"NONE"]


================================================
FILE: test/dictionary.py
================================================
# Copyright: see copyright.txt

# Test if engine explores all paths

from lib.se_dict import SymbolicDictionary

def dictionary(in1):
    d = SymbolicDictionary({})
    d[3] = 10

    if d.has_key(in1):
        return 1
    else:
        return 2

def expected_result():
	return [1,2]

================================================
FILE: test/elseif.py
================================================
# Copyright: see copyright.txt

# Test if engine explores all paths

def elseif(in1):
    if in1 ==  0:
        return 0
    elif in1 == 1:
        return 1
    elif in1 == 2:
        return 2
    elif in1 == 3:
        return 3
    elif in1 == 4:
        return 4
    elif in1 == 5:
        return 5
    elif in1 == 6:
        return 6
    elif in1 == 7:
        return 7
    elif in1 == 8:
        return 8
    else:
        return 9
    return 10

def expected_result():
	return [0, 1, 2, 3, 4, 5, 6, 7, 8, 9]

================================================
FILE: test/expand.py
================================================
def expand(in1, in2):
    if (in1 + in2 >= 1 << 32): 
        return 0
    else:
        return 1

def expected_result():
	return [0,1]


================================================
FILE: test/expressions.py
================================================
# Copyright: see copyright.txt

def expressions(in1, in2):
    a = in1
    b = in2 + 47
    c = a * b
    # only solution should be a==1, b==6 (assuming Python actually uses 32-bit integers)
    if c==53: # a > 0 and a < 20 and b < 100 and c == 53:
        d = -1
    else:
        d = 0

    return d

def expected_result():
	return [-1,0]


================================================
FILE: test/filesys.py
================================================
import os
import sys

def filesys(x):
	# if file doesn't exist, create it and 
	g = 1
	if (os.path.exists("tmp.txt")):
		file = open("tmp.txt","r")
		g = int(file.readline())
		g = g + 3
		file.close()

	file = open("tmp.txt","w")
	file.write(str(g))
	file.close()

	if (x == g):
		return 0
	elif (x == g+1):
		return 1	
	else:
		return 2		

def expected_result_set():
	return [2]


================================================
FILE: test/fp.py
================================================
def fp(a):
	if a % 2 == 0:
		# The next condition basically checks whether a is zero (in a weird way, though).
		if a == int(a / 2):
			return 0
		else:
			return 1
	else:
		return 2

def expected_result():
    return [0, 1, 2]

================================================
FILE: test/gcd.py
================================================
def rec_gcd(u,v):
  if (u == v):
    return u

  if (u == 0):
    return v

  if (v == 0):
    return u
 
  if not (u & 1):  # u is even
    if v & 1:      #v is odd
      return rec_gcd(u >> 1, v)
    else:            # both u and v are even
      return rec_gcd(u >> 1, v >> 1) << 1
  else:
    if not (v & 1):  # u is odd, v is even
      return rec_gcd(u, v >> 1)
 
    # reduce larger argument
    if (u > v):
      return rec_gcd((u - v) >> 1, v)

    return rec_gcd((v - u) >> 1, u)

def iter_gcd(u,v):
  # GCD(0,v) == v; GCD(u,0) == u, GCD(0,0) == 0
  if (u == 0): 
    return v
  if (v == 0):
    return u
 
  # Let shift := lg K, where K is the greatest power of 2
  # dividing both u and v.
  shift = 0
  while ((u | v) & 1) == 0:
    u = u >> 1
    v = v >> 1
    shift = shift + 1

  while ((u & 1) == 0):
    u = u >> 1
 
  # From here on, u is always odd.
  while (True):
    # remove all factors of 2 in v -- they are not common
    # note: v is not zero, so while will terminate
    while ((v & 1) == 0):
      v = v >> 1
 
    # Now u and v are both odd. Swap if necessary so u <= v,
    # then set v = v - u (which is even). For bignums, the
    # swapping is just pointer movement, and the subtraction
    # can be done in-place.
    if (u > v):
       u, v = v, u
    v = v - u     # Here v >= u.
    if (v == 0):
      break
 
  # restore common factors of 2
  return u << shift

def gcd(x,y):
  if (x>=0 and y>=0):
     rec_result = rec_gcd(x,y)
     iter_result = iter_gcd(x,y)
     if (rec_result != iter_result):
       return "ERROR"
     else:
       return "OK"
  else:
     return "PRE"

def expected_result_set(): 
  return ["PRE","OK"]




================================================
FILE: test/hashval.py
================================================
# Created by Thomas Ball (2014)

def compute(x):
	res = x
	res = res + (res << 10)
	res = res ^ (res >> 6)
	return res
	
def hashval(key):
	hv = compute(key)
	if (hv == key + 1):
		return 0
	else:
		return 1

def expected_result():
	return [1]



================================================
FILE: test/len_test.py
================================================
from symbolic.args import *

class Foo():
    def __init__(self, var):
        self.var = var

    def __len__(self):
        return self.var

@symbolic(a=0)
def len_test(a):
    f = Foo(a)
    if len(f) == 2:
        return 1
    else:
        return 0

def expected_result():
    return [0, 1]



================================================
FILE: test/lib/__init__.py
================================================
# hello there1


================================================
FILE: test/lib/bsearch.py
================================================

def bsearch(a,k):
	lo, hi = 0, len(a)-1
	while(lo <= hi):
		mid = (lo+hi) >> 1
		if (a[mid] == k):
			return mid
		elif (a[mid] < k):
			lo = mid+1
		else:
			hi = mid-1
	return -1


================================================
FILE: test/lib/se_dict.py
================================================
# Copyright: see copyright.txt

class SymbolicDictionary(dict):
	def __init__(self, *args, **kwargs):
		dict.__init__(self)
		self.update(*args, **kwargs)

	def has_key(self, key):
		for k in self.keys():
			if k == key:
				return True
		return False



================================================
FILE: test/list.py
================================================
def list(a,b):
   if ([a,b] == [1,2]):
      return 1
   else:
      return 2

def expected_result_set():
   return [1,2]

================================================
FILE: test/logical_op.py
================================================
# Copyright: see copyright.txt

def logical_op(in1, in2):
    if (in1 & in2) == 1:
        if (in1 & in2) == 7:
            return 1
        else:
            return 2
    else:
        return 3

    return 0

def expected_result():
	return [2,3]

================================================
FILE: test/loop.py
================================================
def loop(in1,in2):
    if in1 > in2:
        i = 0
        while i < in1 and False:
            i = i+1
        return 1
    else:
        return 0
        
def expected_result():
    return [0,1,1]

================================================
FILE: test/many_branches.py
================================================
# Copyright: see copyright.txt

# Test if engine explores all paths

def many_branches(in1, in2, in3):
    if in1 == 0:
        if in2 == 5:
            if in3 == 10:
                return 1
            else:
                return 2
        else:
            if in3 <= 3:
                return 3
            else:
                return 4
    else:
        if in1 == 1:
            if in2 == 7:
                return 5
            else:
                return 6
        else:
            if in2 == 9:
                return 7
            else:
                return 8

    return 0

def expected_result():
	return [1, 2, 3, 4, 5, 6, 7, 8]

================================================
FILE: test/maxtest.py
================================================
# Created by Thomas Ball (2014)
#

def max2(s,t):
	if (s < t):
		return t
	else:
		return s

def max4(x,y,x2,y2):
	return max2(max2(x,y),max2(x2,y2))

def maxtest(a,b,c,d):
	m = max4(a,b,c,d)
	if (m < a or m < b or m < c or m < d):
		return "ERROR"
	else:
		return "OK"

def expected_result():
	return [ "OK" for i in range(8) ]

================================================
FILE: test/mod.py
================================================
def mod(x,y):
	if 0 < y < 10 and x % (y+1) == 3:
		return 0
	else:
		return 1

def expected_result():
	return [0,1,1,1]



================================================
FILE: test/modulo.py
================================================
def modulo(in1):
    if in1 % 3 != 0:
        return 1
    elif in1 % 5 != 0:
        return 2
    return 0
    
def expected_result():
    return [0,1,2]

================================================
FILE: test/modulo2.py
================================================
def modulo2(in1):
    if (in1 <= 0):
        return -1

    if in1 % 3 != 0:
        return 1
    elif in1 % 5 != 0:
        return 2
    return 0
    
def expected_result():
    return [-1,0,1,2]

================================================
FILE: test/mult_assmt.py
================================================

def mult_assmt(in1,in2,in3):
    v = in1
    if v == in2:
        if in3 > 0:
            v = v + 1
        
        if v != in2:
            return 1
        else:
            return 2
    
    return 0

def expected_result():
    return [0,1,2]

================================================
FILE: test/polyspace.py
================================================
def where_are_the_errors(input):
	k = input // 100
	x = 2
	y = k + 5
	while x < 10:
		x = x + 1
		y = y + 3
	if (3*k + 100) > 43:
		y = y + 1
		# x == 10, y == k+30
		if x - y == 0:
			# unreachable
			return "DIVZERO"
		x = x // (x - y)
	return x

def polyspace(i):
	ret = where_are_the_errors(i)
	return ret
	
def expected_result():
	return [-1,10]

================================================
FILE: test/power.py
================================================
# currently, we don't handle the power operator symbolically,
# so this test is not expected to cover the else branch. The
# initial (concrete) value of x is zero, so we expect only to
# cover the then branch.

def power(x):
	if (x+2) ** 2 == 4:
		return 0
	else:
		return 1

def expected_result():
	return [0]



================================================
FILE: test/power2.py
================================================
def power2(x):
	b = x * x;
	if b > 0:
		return 0
	elif b == 0:
		return 1
	else:
		# This path is not possible if it is guaranteed that overflows do not occur.
		return 2

def expected_result():
	return [0, 1]



================================================
FILE: test/powtest.py
================================================
def powtest(in1):
    if in1*in1 == 0:
        return 1
    elif in1*in1 > 0:
        return 2
    return 0

def expected_result():
    return [1,2]

================================================
FILE: test/reverse.py
================================================
# check that sub and rsub are modelled properly

def reverse(x):
	if (x - 5 == 0):
		return 0
	return 1

def expected_result():
	return [0,1]
	

================================================
FILE: test/set.py
================================================
S =  { 1, 3, 9, 12, 15, 19 }

def set(x):
    if x in [ j for j in S]:
       return x
    else:
       return "NONE"

def expected_result():
    return [1,3,9,12,15,19,"NONE"]


================================================
FILE: test/shallow_branches.py
================================================
# Copyright: see copyright.txt

# Test if engine explores all paths

def shallow_branches(in1, in2, in3, in4, in5):
    if in1 ==  0:
        return 1

    if in2 ==  0:
        return 3

    if in3 ==  0:
        return 5

    if in4 ==  0:
        return 7

    if in5 ==  0:
        return 9

    return 0

def expected_result():
	return [0, 1, 3, 5, 7, 9]

================================================
FILE: test/simple.py
================================================
def simple(x):
	if (x+1 > 10):
		return 42
	else:
		return 43

def expected_result():
	return [ 42, 43]

================================================
FILE: test/swap.py
================================================
def swap(in1,in2):
    if in1 > in2:
        # swap in1 and in2
        in1 = in1 ^ in2;
        in2 = in1 ^ in2;
        in1 = in1 ^ in2;
        
        if in1 > in2:
            # impossible
            return 1
        else:
            return 2
    else:
        return 0
        
def expected_result():
    return [0,2]

================================================
FILE: test/tmp
================================================


================================================
FILE: test/tuplecmp.py
================================================
def tuplelt(a, b):
  a0, a1 = a
  b0, b1 = b

  if a0 < b0:
    return True
  elif a1 < b1:
    return True
  return False

def tuplecmp(a0, a1, b0, b1):
  return tuplelt((a0, a1), (b0, b1))

def expected_result():
  return [True, True, False]


================================================
FILE: test/unnecessary_condition.py
================================================
def unnecessary_condition(in1,in2):
    if in1 > in2:
        unnec = in1 < in2 and False
        if unnec:
            return 2
        return 1
    else:
        return 0
        
def expected_result():
    return [0,1]

================================================
FILE: test/unnecessary_condition2.py
================================================
def unnecessary_condition2(in1,in2):
    if in1 > in2:
        # unnec always false
        unnec = in1 < 5 and False # this is a branching point because of (in1 < 5)
        if unnec: # this is not a real branching point
            return 2
        return 1
    else:
        return 0
        
def expected_result():
    return [0,1,1]

================================================
FILE: test/unnecessary_condition3.py
================================================
def unnecessary_condition3(in1):
    if in1 > 0:
        # in1 > 0
        return op(in1) + 10
    else:
        return op(in1) + 20
        
def op(in1):
    if in1 < -10:
        return 1
    if in1 < -5:
        return 2
    if in1 < -3:
        return 3
    if in1 < 0:
        return 4
        
    return 0
    
def expected_result():
    return [10,20,21,22,23,24]

================================================
FILE: test/unnecessary_condition4.py
================================================
def unnecessary_condition4(in1):
    v = op(in1)

    if in1 > 0:
        # in1 > 0
        return v + 10
    else:
        return v + 20
        
def op(in1):
    if in1 < -10:
        return 1
    if in1 < -5:
        return 2
    if in1 < -3:
        return 3
    if in1 < 0:
        return 4
        
    return 0
    
def expected_result():
    return [10,20,21,22,23,24]

================================================
FILE: test/weird.py
================================================
def weird(x,y):
	if (x < y) + x == 1:
		return 0
	else:
		return 1

def expected_result():
	return [0,1]

#print weird(0,1)
#print weird(2,3)


================================================
FILE: test/whileloop.py
================================================
def whileloop(x):
	y = 1
	while (0 <= x < 10 and y<=x):
		y = y + 1



================================================
FILE: tools/symbolic_int_subtype.py
================================================
# Check if SymbolicInteger is a subtype of `int' modulo concolic execution.
#
# To run:
# $ python sym_exec.py examples/symbolic_int_subtype.py

from inspect import signature

from symbolic.symbolic_types.symbolic_int import SymbolicInteger

# Collect integer methods to test.
INT_FUNCS = []
for fname in dir(int):
  # TODO for some functions signature lookup fails, maybe hardcode arity
  try:
    if fname in ('__delattr__', '__getattribute__', '__setattr__',
                 '__new__', '__init__'):
      continue
    INT_FUNCS.append((fname, len(signature(getattr(int, fname)).parameters)))
  except:
    pass

# NOTE Uncomment this to have a restricted set of (correctly modelled) functions
# INT_FUNCS = [ ('__add__', 2), ('__sub__', 2), ('__and__', 2), ('__or__', 2) ]

def symbolic_int_subtype(func_index, a, b, c):
  # make concolic execution branch on elements of INT_FUNCS
  if func_index in [ i for i, fname in enumerate(INT_FUNCS) if INT_FUNCS[i] ]:
    name, arity = INT_FUNCS[func_index]
    print("%s/%d" % (name, arity))

    assert(0 <= arity <= 3)

    int_params = [ int(a), int(b), int(c) ]
    sym_params = [ a, b, c ]

    int_func = getattr(int, name)
    sym_func = getattr(SymbolicInteger, name)

    try:
      int_return = int_func(*int_params[:arity])
    except ValueError as e:
      int_return = e
    except ZeroDivisionError as e:
      int_return = e

    try:
      sym_return = sym_func(*sym_params[:arity])
    except ValueError as e:
      sym_return = e
    except ZeroDivisionError as e:
      sym_return = e

    same = ((isinstance(int_return, Exception) and
             isinstance(sym_return, Exception) and
             type(int_return) == type(sym_return)
            ) or int_return == sym_return)

    if not same:
      s = ("\nint %s(%s): %r,\nsym %s(%s): %r" %
           (name, ','.join(str(i) for i in int_params), int_return,
           name, ','.join(str(i) for i in sym_params), sym_return))
      raise Exception(s)

    return (name, same)

  else:
    return "OUTSIDE"

# TODO Implement oracle.
#      How to predict the number of paths for a given int method?


================================================
FILE: utils.py
================================================
# Copyright: see copyright.txt

import sys
import traceback

def traceback():
	stack = traceback.format_stack()
	rest = stack[:-2]
	return "\n"+"".join(rest)

def crash(msg):
	#stack = _traceback()
	print(msg)
	sys.exit(-1)


================================================
FILE: vagrant.sh
================================================
# Configuration
INSTALLDIR=/home/vagrant/pyex

# System Maintenance 
apt-get update
apt-get -y upgrade

# Dependencies
apt-get -y install python3
apt-get -y install graphviz graphviz-dev

## Z3
apt-get -y install g++
apt-get -y install python3-examples
cd /tmp
git clone https://github.com/Z3Prover/z3.git
cd z3
git checkout -b unstable origin/unstable
python scripts/mk_make.py
cd build
make
make install
cp libz3.so /usr/lib/python3/dist-packages
python3 /usr/share/doc/python3.2/examples/scripts/reindent.py z3*.py
cp z3*.py /usr/lib/python3/dist-packages
cp z3*.pyc /usr/lib/python3/dist-packages
cd

## CVC4
apt-get install -y libgmp-dev
apt-get install -y libboost-all-dev
apt-get install -y openjdk-7-jre openjdk-7-jdk
apt-get install -y swig
apt-get install -y python3-dev
cd /tmp
git clone https://github.com/CVC4/CVC4.git
cd CVC4
./autogen.sh
contrib/get-antlr-3.4
export PYTHON_CONFIG=/usr/bin/python3.2-config
./configure --enable-optimized --with-antlr-dir=/tmp/CVC4/antlr-3.4 ANTLR=/tmp/CVC4/antlr-3.4/bin/antlr3 --enable-language-bindings=python
echo "python_cpp_SWIGFLAGS = -py3" >> src/bindings/Makefile.am
autoreconf
make
make doc
make install
echo "/usr/local/lib" > /etc/ld.so.conf.d/cvc4.conf
/sbin/ldconfig
cp builds/src/bindings/python/CVC4.py /usr/lib/python3/dist-packages/CVC4.py
cp builds/src/bindings/python/.libs/CVC4.so /usr/lib/python3/dist-packages/_CVC4.so
cd

# Installation
ln -s /vagrant $INSTALLDIR
ln -s $INSTALLDIR/symbolic /usr/lib/python3/dist-packages/
cat > /usr/bin/pyex <<EOF
#/bin/sh
PYTHONPATH=\$PYTHONPATH:"\$(pwd)" python3 $INSTALLDIR/pyexz3.py \$*
EOF
chmod a+x /usr/bin/pyex

# Tests
cd $INSTALLDIR
python3 run_tests.py test